Online Access Free JN0-633 Practice Test

Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

• A.dns-doctoring stanza
• B.DNS ALG
• C.name-server
• D.static NAT

Which configuration statement would allow the SRX Series device to match a signature only on the first match, and not subsequent signature matches in a connection?

• A.user@host# set security idp idp-policy test rulebase-ips rule 1 then action recommended
• B.user@host# set security idp idp-policy test rulebase-ips rule 1 then action no-action
• C.user@host# set security idp idp-policy test rulebase-ips rule 1 then action drop-
  connection
• D.user@host# set security idp idp-policy test rulebase-ips rule 1 then action ignore-connection

Click the Exhibit button.
user@key-server> show security group-vpn server ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 97 UP bb224408940cc5d 435b9404284083c2 Main 192.168.11.1 98 UP 242c840089404d15 ab19284089408ba8 Main 192.168.11.2
user@key-server> show security group-vpn server ipsec security-associations Group: group-1, Group Id: 1 Total IPsec SAs: 1 IPsec SA Algorithm SPI Lifetime group-l-sa ESP:3des/shal 1343991c 2736 Group: group-2, Group id: 2 Total IPsec SAs: 1 IPsec SA Algorithm SPI Lifetime group-2-sa ESP:3des/shal 13be9e9 2741 Group: group-3, Group Id: 3 Total IPsec SAs: 1 IPsec SA Algorithm SPI Lifetime group-3-sa ESP:3des/shal 20709057 2741 Group: group-4, Group Id: 4 Total IPsec SAs: 1 IPsec SA Algorithm SPI Lifetime group-4-sa ESP:3des/shal 5111c2e1 2741
Which statement is correct regarding the outputs shown in the exhibit?

• A.Two established peers are in the group VPNs.
• B.One established peer is in the group VPNs.
• C.No established peer is in the group VPNs.
• D.Four established peers are in the group VPNs.

Click the Exhibit button. -- Exhibit -
[edit security idp]
user@srx# show | no-more
idp-policy basic {
rulebase-ips {
rule 1 {
match {
from-zone untrust;
source-address any;
to-zone trust;
destination-address any;
application default;
attacks {
custom-attacks data-inject;
}
}
then {
action {
recommended;
}
notification {
log-attacks;
}
}
}
}
}
active-policy basic;
custom-attack data-inject {
recommended-action close;
severity critical;
attack-type {
signature {
context mssql-query;
pattern "SELECT * FROM accounts";
direction client-to-server;
}
}
}
-- Exhibit --
You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you want to improve the efficiency and performance of your IDP.
Which two commands should you use? (Choose two.)

• A.set idp-policy basic rulebase-ips rule 1 match application any
• B.set custom attack data-inject recommended-action drop
• C.set custom-attack data-inject attack-type signature protocol-binding tcp
• D.set idp-policy basic rulebase-ips rule 1 match destination-address webserver

Click the Exhibit button.

-- Exhibit --
Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.
Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE.Policy lookup for Phase-1 [responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)
Feb 8 10:39:40 1.1.1.2:500 (Responder) <-> 2.2.2.2:500 { dbe1d0af - a4d6d829 f9ed3bba [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
-- Exhibit -
According to the log shown in the exhibit, you notice that the IPsec session is not establishing.
What are two reasons for this behavior? (Choose two.)

• A.mismatched peer ID
• B.mismatched proxy ID
• C.incorrect peer address
• D.mismatched preshared key