Ensurepass

Juniper Enterprise Content Management Sales Mastery Test v3

 

QUESTION 11

You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified. Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)

 

A.

Enable heuristics to detect the encrypted traffic.

B.

Disable the application system cache.

C.

Use the junos:UNSPECIFIED-ENCRYPTED application signature.

D.

Use the junos:SPECIFIED-ENCRYPTED application signature.

 

Correct Answer: AC

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/concept/encrypted-p2p-heuristics-detection.html

 

 

QUESTION 12

You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules. Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)

 

A.

Use stateless firewall filtering to block the unwanted traffic.

B.

Implement AppQoS to drop the unwanted traffic.

C.

Implement screen options to block the unwanted traffic.

D.

Implement IPS to drop the unwanted traffic.

E.

Use security policies to block the unwanted traffic.

 

Correct Answer: ACE

Explanation:

IPS and AppDoS are the most powerful, and thus, the least efficient method of dropping traffic on the SRX, because IPS and AppDoS tend to take up the most processing cycles.

Reference : http://answers.oreilly.com/topic/2036-how-to-protect-your-network-with-security-tools-for-junos/

 

 

 

 

 

 

 

QUESTION 13

Referring to the following output, which command would you enter in the CLI to produce this result?

 

Pic2/1

 

Ruleset Application Client-to-server Rate(bps) Server-to-client Rate(bps)

 

http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200

 

http-App-QoS HTTP ftp-C2S 200 ftp-C2S 200

 

ftp-App-QoS FTP ftp-C2S 100 ftp-C2S 100

 

A.

show class-of-service interface ge-2/1/0

B.

show interface flow-statistics ge-2/1/0

C.

show security flow statistics

D.

show class-of-service applications-traffic-control statistics rate-limiter

 

Correct Answer: D

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/reference/command-summary/show-class-of-service-application-traffic-control-statistics-rate-limiter.html

 

 

QUESTION 14

You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?

 

A.

under the [edit security application-firewall] hierarchy

B.

under the [edit security policies] hierarchy

C.

under the [edit class-of-service] hierarchy

D.

under the [edit firewall policer <policer-name>] hierarchy

 

Correct Answer: D

Explanation:

http://forums.juniper.net/t5/SRX-Services-Gateway/Need-he
lp-with-bandwidth-uploading-downloading-polcier/td-p/146666

 

 

QUESTION 15

You want to verify that all application traffic traversing your SRX device uses standard ports. For example, you need to verify that only DNS traffic runs through port 53, and no other protocols. How would you accomplish this goal?

 

A.

Use an IDP policy to identify the application regardless of the port used.

B.

Use a custom ALG to detect the application regardless of the port used.

C.

Use AppTrack to detect the application regardless of the port used.

D.

Use AppID to detect the application regardless of the port used.

 

Correct Answer: A

Explanati
on:

AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID

Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack-aka-AppID/td- p/63029

 

An Application Layer Gateway (ALG) is a software component that is designed to manage specific protocols

Reference : http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/id-79332.html

 

 

QUESTION 16

You are asked to establish a baseline for your company’s network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together. What are two ways to accomplish this goal? (Choose two.)

 

A.

Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.

B.

Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.

C.

Send SNMP traps with bandwidth usage to a central SNMP server.

D.

Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

 

Correct Answer: AD

Explanation:

AppTrack is used for visibility for application usage and bandwidth

Reference: http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

 

 

QUESTION 17

Microsoft has altered the way their Web-based Hotmail application works. You want to update your application firewall policy to correctly identify the altered Hotmail application. Which two steps must you take to modify the application? (Choose two.)

 

A.

user@srx> request services application-identification application copy junos:HOTMAIL

B.

user@srx> request services application-identification application enable junos:HOTMAIL

< font style="font-size: 10pt" color="#000000">C.

user@srx# edit services custom application-identification my:HOTMAIL

D.

user@srx# edit services application-identification my:HOTMAIL

 

Correct Answer: AD

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/request-services-application-identification-application.html

 

 

QUESTION 18

Two companies, A and B, are connected as separate customers on an SRX5800 residing on two virtual routers (VR-A and VR-B). These companies have recently been merged and now operate under a common IT security policy. You have been asked to facilitate communication between these VRs. Which two methods will accomplish this task? (Choose two.)

 

A.

Use instance-import to share the routes between the two VRs.

B.

Create logica
l tunnel interfaces to interconnect the two VRs.

C.

Use a physical connection between VR-A and VR-B to interconnect them.

D.

Create a static route using the next-table action in both VRs.

 

Correct Answer: AD

Explanation:

Logical or physical connections between instances on the same Junos device and route between the connected instances

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260

 

 

QUESTION 19

You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique logical systems (LSYSs) on the same SRX5800. How would you accomplish this task?

 

A.

Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.

B.

Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.

C.

Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.

D.

Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.

 

Correct Answer: C

Explanation:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260

 

 

QUESTION 20

You are responding to a proposal request from an enterprise with multiple branch offices. All branch offices connect to a single SRX device at a centralized location. The request requires each office to be segregated on the central SRX device with separate IP networks and security considerations. No single office should be able to starve the CPU from other branch offices on the central SRX device due to the number of flow sessions. However, connectivity between offices must be maintained. Which three features are required to accomplish this goal? (Choose three.)

 

A.

Logical Systems

B.

Interconnect Logical System

C.

Virtual Tunnel Interface

D.

Logical Tunnel Interface

E.

Virtual Routing Instance

 

Correct Answer: ABD

Explanation:

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/concept/logical-systems-interfaces.html

http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/logical-systems-config/index.html?topic-57390.html

 

Free VCE & PDF File for Juniper JN0-633 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.