Online Access Free JN0-633 Exam Questions

In the IPS packet processing flow on an SRX Series device, when does application identification occur?

• A.before fragmentation processing
• B.after protocol decoding
• C.before SSL decryption
• D.after attack signature matching

Click the Exhibit button.
-- Exhibit --
security {
nat {
destination {
pool Web-Server {
address 10.0.1.5/32;
}
rule-set From-Internet {
from zone Untrust;
rule To-Web-Server {
match {
source-address 0.0.0.0/0;
destination-address 172.16.1.7/32;
}
then {
destination-nat pool Web-Server;
}
}
}
}
}
zones {
security-zone Untrust {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/0.0;
}
}
security-zone DMZ {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/1.0;
}
}
}
}
-- Exhibit -
You are migrating from one external address block to a different external address block. You want to enable a smooth transition to the new address block. You temporarily want to allow external users to contact the Web server using both the existing external address as well as the new external address 192.168.1.1.
How do you accomplish this goal?

• A.Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].
• B.Change the address Web-Server-Ext objects to be address-set objects that include both addresses.
• C.Create a new rule for the new address in the [edit security nat destination rule-set From-Internet] hierarchy.
• D.Change the destination address under [edit security nat destination rule-set From-Internet rule To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.

-- Exhibit -[edit] user@srx# run show route
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 01:09:08 > to 172.18.1.1 via ge-0/0/3.0 10.210.14.128/27 *[Direct/0] 8w6d 15:43:09 > via ge-0/0/0.0 10.210.14.135/32 *[Local/0] 11w0d 06:43:04 Local via ge-0/0/0.0 172.18.1.0/30 *[Direct/0] 8w6d 15:43:01 > via ge-0/0/3.0 172.18.1.2/32 *[Local/0] 11w0d 06:43:03 Local via ge-0/0/3.0 172.19.1.0/24 *[Direct/0] 03:46:56 > via ge-0/0/1.0 172.19.1.1/32 *[Local/0] 03:46:56 Local via ge-0/0/1.0 172.20.105.0/24 *[Direct/0] 03:46:56 > via ge-0/0/4.105 172.20.105.1/32 *[Local/0] 03:46:56 Local via ge-0/0/4.105 192.168.30.1/32 *[Direct/0] 4d 03:44:41 > via lo0.0
fbf.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:00:11 > to 172.19.1.2 via ge-0/0/1.0 172.19.1.0/24 *[Direct/0] 00:00:11 > via ge-0/0/1.0
[edit]
user@srx# show routing-instances
fbf {
routing-options {
static {
route 0.0.0.0/0 next-hop 172.19.1.2;
}
}
}
[edit]
user@srx# show routing-options
interface-routes {
rib-group inet fbf-int;
}
static {
route 0.0.0.0/0 next-hop 172.18.1.1;
}
rib-groups {
fbf-int {
import-rib [ inet.0 fbf.inet.0 ];
import-policy fbf-pol;
}
}
[edit]
user@srx# show policy-options policy-statement fbf-pol
term 1 {
from interface ge-0/0/1.0;
to rib fbf.inet.0;
then accept;
}
term 2 {
then reject;
}
-- Exhibit -
Referring to the exhibit, you notice that filter-based forwarding is not working.
What is the reason for this behavior?

• A.The routing policy is configured incorrectly.
• B.The routing instance is configured incorrectly.
• C.The RIB group is configured incorrectly.
• D.The default static routes are configured incorrectly.

Click the Exhibit button. -- Exhibit-

-- Exhibit -
TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A is using the Blue network and getting dropped by the SRX device.
Which action will resolve the issue?

• A.Configure ge-0/0/1 to belong to the Red zone.
• B.Enable asyncronous-routing under the Blue zone.
• C.Disable TCP sequence checking.
• D.Disable RPF checking.

Click the Exhibit button.
user@host> show interfaces routing-instance all ge* terse InterfaceAdmin Link Proto LocalInstance ge-0/0/0.0 up up inet 172.16.12.205/24 default ge-0/0/1.0 up up inet 5.0.0.5/24 iso A ge-0/0/2.0 up up inet 25.0.0.5/24 iso B
user@host> show security flow session Session ID: 82274, Policy name: default-policy-00/2, Timeout: 1770, Valid In: 5.0.0.25/61935 --> 25.0.0.25/23;tcp, If: ge-0/0/1.0, Pkts: 31, Bytes: 1781 Out: 25.0.0.25/23 --> 5.0.0.25/61935;tcp, If: ge-0/0/2.0, Pkts: 23, Bytes: 1452 Total sessions: 3
user@host> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, + = Both
0.0.0.0/0 *[Static/5] 04:08:52
> to 172.16.12.1 via ge-0/0/0.0
172.16.12.0/24 *[Direct/0] 04:08:52
via ge-0/0/0.0
172.16.12.205/32 *[Local/0] 4w4d 23:04:29
Loca1 via ge-0/0/0.0
224.0.0.5/32 *[OSPF/10] 14:37:35, metric 1
MultiRecv

• A.Routing instance A's routes are shared with routing instance B.
• B.The routing instances A and B are connected using anltinterface.
• C.The routing instances A and B are connected using avtinterface.
• D.inet.0: 4 destinations, 4 routes {4 active, 0 holddown, 0 hidden)
  +
  = Active Route, - = Last Active, * = Both 5.0.0.0/24 5 *[Direct/0] 00:05:04 > via ge-0/0/1.0 5.0.0.5/32 *[Local/0] 00:05:04 Local via ge-0/0/1.0 25.0.0.0/24 *[Direct/0] 00:02:37 > via ge-0/0/2.0
• E.Routing instance B's routes are shared with routing instance A.
• F.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
  +
  = Active Route, - = Last Active, * = Both 5.0.0.25/32 *[Static/5] 00:02:38 to table A.inet.0 25.0.0.0/24 *[Direct/0] 00:02:37 > via ge-0/0/2.0 25.0.0.5/32 *[Local/0] 00:02:37 Local via ge-0/0/2.0 Which statement is true about the outputs shown in the exhibit?