JN0-333 Braindumps | You need to configure an…

Questions: 18

You need to configure an IPsec tunnel between a remote site and a hub site. The SRX Series device at the remote site receives a dynamic IP address on the external interface that you will use for IPsec.
Which feature would you need to configure in this scenario?

A. NAT-T
B. crypto suite B
C. aggressive mode
D. IKEv2

Answer: C

JN0-333 Braindumps | You want to trigger failover…

Questions: 17

You want to trigger failover of redundancy group 1 currently running on node 0 and make node 1 the primary node the redundancy group 1.

Which command would be used accomplish this task?

A. user@host# set chassis cluster redundancy-group 1 node 1
B. user@host> request chassis cluster failover redundancy-group 1 node 1
C. user@host# set chassis cluster redundancy-group 1 preempt
D. user@host> request chassis cluster failover reset redundancy-group 1

Answer: B

JN0-333 Test Questions | After an SRX Series device…

Questions: 16

After an SRX Series device processes the first packet of a session, how are subsequent packets for the same session processed?

A. They are processed using fast-path processing.
B. They are forwarded to the control plane for deep packet inspection.
C. All packets are processed in the same manner.

D. They are queued on the outbound interface until a matching security policy is found.

Answer: A

JN0-333 Practice Test | You want to protect your SRX Series device…

Question: 12

You want to protect your SRX Series device from the ping-of-death attack coming from the untrust security zone. How would you accomplish this task?

A. Configure the host-inbound-traffic system-services ping except parameter in the untrust security zone.
B. Configure the application tracking parameter in the untrust security zone.
C. Configure a from-zone untrust to-zone trust security policy that blocks ICMP traffic.
D. Configure the appropriate screen and apply it to the [edit security zone security-zone untrust] hierarchy.

Answer: D

JN0-333 Practice Test | Clients at a remote office are accessing…

Question: 11

Clients at a remote office are accessing a website that is against your company Internet policy. You change the action of the security policy that controls HTTP access from permit to deny on the remote office SRX Series device.

After committing the policy change, you notice that new users cannot access the website but users that have existing sessions on the device still have access.

You want to block all user sessions immediately. Which change would you make on the SRX Series device to accomplish this task?

A. Add the set security flow tcp-session rst-invalidate-session option to the configuration and commit the change.
B. Add the set security policies policy-rematch parameter to the configuration and commit the change.
C. Add the security flow tcp-session strict-syn-check option to the configuration and commit the change.
D. Issue the commit full command from the top of the configuration hierarchy.

Answer: B

JN0-333 | Which statement is true about functional…

Question: 1

Which statement is true about functional zones?

A. Functional zones are a collection of regulated transit network segments.
B. Functional zones provide a means of distinguishing groups of hosts and their resources from one another.
C. Functional zones are used for management.
D. Functional zones are the building blocks for security policies.

Answer: C