Online Access Free JN0-633 Exam Questions

A local user complains that they cannot connect to an FTP server on the DMZ network. You investigate and confirm that the security policy allows FTP traffic from the trust zone to the DMZ zone.
What are two reasons for this problem? (Choose two.)

• A.The FTP server has no route back to the local network.
• B.No security policy exists for traffic from the DMZ zone to the trust zone.
• C.No route is configured to the DMZ network.
• D.The FTP ALG is disabled.

An SRX Series device is configured for inline tap mode.
What will occur if Drop Packet is selected?

• A.The SRX Series device closes the connection and sends an RST packet to both the client and the server.
• B.The SRX Series device will ignore the action Drop Packet.
• C.The SRX Series device drops a matching packet before it can reach its destination but does not close the connection.
• D.The SRX Series device drops a matching packet associated with the connection, preventing traffic for the connection from reaching its destination.

Click the Exhibit button.
[edit protocols ospf area 0.0.0.0] user@host# run show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 3289542 UP 48d928408940de28 e418fc7702fe483b Main 172.31.50.1 3289543 UP eb45940484082b14 428086b100427326 Main 10.10.50.1
[edit protocols ospf area 0.0.0.0] user@host# run show security ipsec; security-associations Total active tunnels: 2 ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway <131073 ESP:des/ shal 6d40899b 1360/ unlim - root 500 10.10.50.1
>131073 ESP:des/ shal 5a89400e 1360/ unlim - root 500 10.10.50.1
<131074 ESP:des/ shal c04046f 1359/ unlim - root 500 172.31.50.1
>131074 ESP:des/ shal 5508946c 1359/ unlim - root 500 172.31.50.1
[edit protocols ospf area 0.0.0.0] user@host# run show ospf neighbor Address Interface State ID Pri Dead 10.40.60.1 st0.0 Init 10.30.50.1 128 35
10.40.60.2 st0.0 Full 10.30.50.1 128 31
[edit protocols ospf area 0.0.0.0]
user@host# show
interface st0.0;
You have already configured a hub-and-spoke VPN with one hub device and two spoke devices. However, the hub device has one neighbor in the Init state and one neighbor in the Full state.
What would you do to resolve this problem?

• A.Configure the st0.0 interface under OSPF as a point-to-multipoint interface.
• B.Configure the st0.0 interface under OSPF as an unnumbered interface.
• C.Configure the st0.0 interface under OSPF as a point-to-point interface.
• D.Configure the st0.0 interface under OSPF as a nonbroadcast multiple access interface.

Which configurable SRX Series device feature allows you to capture transit traffic?

• A.archival
• B.traceoptions
• C.syslog
• D.packet-capture

You are asked to allow access to an external application for an internal host subject to address translation. The application requires multiple sessions initiated from the internal host and expects all the sessions to originate from the same source IP address.
Which Junos feature meets this objective?

• A.static NAT with port translation
• B.source NAT with address persistence
• C.destination NAT with address persistence
• D.interface-based persistent NAT