JN0-633 Security, Professional (JNCIP-SEC) Exam

JN0-633 Security, Professional (JNCIP-SEC) Exam

Application-Aware Security Services
Describe the concepts, operation and functionality of AppSecure
AppSecure traffic processing
AppID
AppTrack
User FW
SSL proxy
AppFW
AppQoS
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules

Virtualization
Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways
Routing instances
RIB groups
Routing between instances
Logical systems (LSYS)
Intra-LSYS and Inter-LSYS communication
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
Given a scenario, describe and implement filter-based forwarding (FBF)

Advanced NAT
Describe the concepts, operation and functionality of various types of NAT
NAT traffic processing
Destination NAT
Source NAT
Persistent NAT
Static NAT
Double NAT
NAT traversal
DNS doctoring
IPv6 NAT (Carrier-grade NAT) – NAT64, NAT46, NAT444, DS-Lite
Routing
NAT and FBF
NAT and security policy
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations

Advanced IPSec VPNs
Describe the concepts, operation and functionality of various IPSec VPN implementations
IPSec traffic processing
Site-to-site VPNs
Hub-and-spoke VPNs
Group VPNs
Dynamic VPNs
Routing over VPNs
VPNs and NAT
Public key infrastructure (PKI) for IPSec VPNs
Traffic Selectors
VPNs and dynamic gateways
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations

Intrusion Prevention
Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways
IPS packet inspection process
IPS rules and rulebases
Signature-based attack detection
Reconnaissance scans and fingerprinting
Flooding, attacks and spoofing
Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality
IPS deployment options and considerations
Network settings
Attack database
Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
Custom signatures
Scan prevention

Transparent Mode
Describe the concepts, operation and functionality of various transparent mode implementations
High Availability
VLAN translation
Layer 2 security
IRB
Bridge groups
Spanning tree traffic processing
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations

Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
Flow analysis
SNMP
show commands
Logging and syslog
Tracing, including flow traceoptions
Policy flow
Packet capture

QUESTION 1
Which AppSecure module provides Quality of Service?

A. AppTrack
B. AppFW
C. AppID
D. AppQoS

Answer: D


QUESTION 2
You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent https: sessions to a server within your network.
Which two statements are true in this scenario? (Choose two.)

A. You must add at least one PKI certificate.
B. Junos does not support more than 5000 sessions in this scenario.
C. You must enable SSL decoding.
D. You must enable SSL inspection.

Answer: C,D


QUESTION 3
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)

A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic

Answer: A,B,C
Reference: https:://kb.juniper.net/InfoCenter/index?page=content&id=KB16110


QUESTION 4
You are asked to establish a baseline for your company’s network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together.What are two ways to accomplish this goal? (Choose two.)

A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.
B. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.
C. Send SNMP traps with bandwidth usage to a central SNMP server.
D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

Answer: A,D

Explanation:
AppTrack is used for visibility for application usage and bandwidth
Reference:https:://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

 

Click here to view complete Q&A of JN0-633 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Juniper JN0-633 Certification, Juniper JN0-633 Training at certkingdom.com

 

JN0-633 Security, Professional (JNCIP-SEC) Exam

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top