JN0-633 Online Practice Questions and Answers
What are two network scanning methods? (Choose two.)
A. SYN flood
B. ping of death
C. ping sweep
D. UDP scan
You are working as a security administrator and must configure a solution to protect against distributed
botnet attacks on your company's central SRX cluster.
How would you accomplish this goal?
A. Configure AppTrack to inspect and drop traffic from the malicious hosts.
B. Configure AppQoS to block the malicious hosts.
C. Configure AppDoS to rate limit connections from the malicious hosts.
D. Configure AppID with a custom application to block traffic from the malicious hosts.
Your company provides managed services for two customers. Each customer has been segregated within its own routing instance on your SRX device. Customer A and customer B inform you that they need to be able to reach certain hosts on each other's network. Which two configuration settings would be used to share routes between these routing instances? (Choose two.)
A. routing-group
B. instance-import
C. import-rib
D. next-table
You are using logical systems to segregate customers. You have a requirement to enable communication between the logical systems. What are two ways to accomplish this goal? (Choose two.)
A. Use a shared DMZ zone to connect the logical systems together.
B. Use a virtual tunnel (vt-) interface to connect the logical systems together.
C. Use an external cable to connect the ports from the two logical systems.
D. Use an interconnect LSYS to connect the logical systems together.
You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority. Regarding this scenario, which statement is correct?
A. You can use SCEP to accomplish this behavior.
B. You can use OCSP to accomplish this behavior.
C. You can use CRL to accomplish this behavior.
D. You can use SPKI to accomplish this behavior.
You are asked to implement an IPsec VPN between your main office and a new remote office. The remote office receives its IKE gateway address from their ISP dynamically.
Regarding this scenario, which statement is correct?
A. Configure a fully qualified domain name (FQDN) as the IKE identity.
B. Configure the dynamic-host-address option as the IKE identity.
C. Configure the unnumbered option as the IKE identity.
D. Configure a dynamic host configuration name (DHCN) as the IKE identity.
You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub. Which st0 interface configuration is correct for the hub device?
A. [edit interfaces] user@srx# show st0 { multipoint
unit 0 {
family inet {
address 10.10.10.1/24;
}
}
}
B. [edit interfaces] user@srx# show st0 {
unit 0 {
family inet {
address 10.10.10.1/24;
}
}
}
C. [edit interfaces] user@srx# show st0 {
unit 0 {
point-to-point;
family inet {
address 10.10.10.1/24;
}
}
}
D. [edit interfaces] user@srx# show st0 {
unit 0 {
multipoint;
family inet {
address 10.10.10.1/24;
}
}
}
You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security policies and perform other various configurations. Where would you configure a Layer 3 interface to meet this requirement?
A. fxp0.0
B. vlan.1
C. irb.1
D. ge-0/0/0.0
Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS feature.
Which command would you use to accomplish this task?
A. show security idp attack detail
B. show security idp attack table
C. show security idp memory
D. show security idp counters
Which statement is true regarding destination NAT?
A. Destination NAT changes the content of the source IP address field.
B. Destination NAT changes the content of the destination IP address field.
C. Destination NAT matches on the destination IP address and changes the source IP address.
D. Destination NAT matches on the destination IP address and changes the source port.
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.