Download Jn0-333 Tutorials 2021

NEW QUESTION 1
What is the function of redundancy group 0 in a chassis cluster?

• A. Redundancy group 0 identifies the node controlling the cluster management interface IP addresses.
• B. The primary node for redundancy group 0 identifies the first member node in a chassis cluster.
• C. The primary node for redundancy group 0 determines the interface naming for all chassis cluster nodes.
• D. The node on which redundancy group 0 is primary determines which Routing Engine is active in the cluster.

Answer: D

NEW QUESTION 2
Click the Exhibit button.

Which two statements describe the output shown in the exhibit? (Choose two.)

• A. Node 0 is controlling traffic for redundancy group 1.
• B. Node 1 is controlling traffic for redundancy group 1.
• C. Redundancy group 1 experienced an operational failure.
• D. Redundancy group 1 was administratively failed over.

Answer: BD

NEW QUESTION 3
Click the Exhibit button.

Host A is attempting to connect to Host B using the domain name, which is tied to a public IP address. All attempts to connect to Host B have failed. You have examined the configuration on your SRX340 and determined that a NAT policy is required.
Referring to the exhibit, which two NAT types will allow Host A to connect to Host B? (Choose two.)

• A. source NAT
• B. NAT-T
• C. destination NAT
• D. static NAT

Answer: CD

NEW QUESTION 4
What are three defined zone types on an SRX Series device?

• A. dynamic
• B. junos-host
• C. null
• D. functional
• E. routing

Answer: BCD

NEW QUESTION 5
A session token on an SRX Series device is derived from what information? (Choose two.)

• A. routing instance
• B. zone
• C. screen
• D. MAC address

Answer: AB

NEW QUESTION 6
Which two statements about security policy actions are true? (Choose two.)

• A. The log action implies an accept action.
• B. The log action requires an additional terminating action.
• C. The count action implies an accept action.
• D. The count action requires an additional terminating action.

Answer: BD

NEW QUESTION 7
Click the Exhibit button.

Referring to the exhibit, which statement is true?

• A. TCP packets entering the interface are failing the TCP sequence check.
• B. Packets entering the interface are being dropped due to a stateless filter.
• C. Packets entering the interface are getting dropped because there is no route to the destination.
• D. Packets entering the interface matching an ALG are getting dropped.

Answer: C

NEW QUESTION 8
Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?

• A. Implement a firewall filter on the security zone trust.
• B. Implement a security policy from security zone junos-host to security zone trust.
• C. Implement host-inbound-traffic system-services to allow SSH.
• D. Implement a security policy from security zone trust to security zone junos-host.

Answer: D

NEW QUESTION 9
You are asked to change when your SRX high availability failover occurs. One network interface is considered more important than others in the high availability configuration. You want to prioritize failover based on the state of that interface.
Which configuration would accomplish this task?

• A. Create a VRRP group configuration that lists the reth’s IP address as the VIP while using each physical interface that make up the reth definition of each SRX HA pair.
• B. Configure IP monitoring of the important interface’s IP address and adjust the heartbeat interval and heartbeat threshold to the shortest settings.
• C. Create a separate redundancy group to isolate the important interface; set the priority of the new redundancy group to 255.
• D. Configure interface monitor inside the redundancy group that contains the important physical interface; adjust the weight associated with the monitored interface to 255.

Answer: D

NEW QUESTION 10
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)

• A. Verify that the IKE gateway proposals on the initiator and responder are the same.
• B. Verify that the VPN tunnel configuration references the correct IKE gateway.
• C. Verify that the IKE initiator is configured for main mode.
• D. Verify that the IPsec policy references the correct IKE proposals.

Answer: AB

NEW QUESTION 11
Which two modes are supported during the Phase 1 IKE negotiations used to establish an IPsec tunnel? (Choose two.)

• A. transport mode
• B. aggressive mode
• C. main mode
• D. tunnel mode

Answer: BC

NEW QUESTION 12
A link from the branch SRX Series device chassis cluster to the Internet requires more bandwidth. In this scenario, which command would you issue to begin provisioning a second link?

• A. set chassis cluster reth-count 2
• B. set interfaces fab0 fabric-options member-interfaces ge-0/0/1
• C. set interfaces ge-0/0/1 gigether-options redundant-parent reth1
• D. set chassis cluster redundancy-group 1 node 1 priority 1

Answer: B

NEW QUESTION 13
Which statement describes the function of screen options?

• A. Screen options encrypt transit traffic in a tunnel.
• B. Screen options protect against various attacks on traffic entering a security device.
• C. Screen options translate a private address to a public address.
• D. Screen options restrict or permit users individually or in a group.

Answer: B

NEW QUESTION 14
Which interface is used exclusively to forward Ethernet-switching traffic between two chassis cluster nodes?

• A. swfab0
• B. fxp0
• C. fab0
• D. me0

Answer: A

NEW QUESTION 15
Click the Exhibit button.

You have an IPsec tunnel between two devices. You clear the IKE security associations, but traffic continues to flow across the tunnel.
Referring to the exhibit, which statement is correct in this scenario?

• A. The IPsec security association is independent from the IKE security association
• B. The traffic is no longer encrypted
• C. The IKE security association immediately reestablishes
• D. The traffic is using an alternate path

Answer: AB

NEW QUESTION 16
You want to trigger failover of redundancy group 1 currently running on node 0 and make node 1 the primary node the redundancy group 1.
Which command would be used accomplish this task?

• A. user@host# set chassis cluster redundancy-group 1 node 1
• B. user@host> request chassis cluster failover redundancy-group 1 node 1
• C. user@host# set chassis cluster redundancy-group 1 preempt
• D. user@host> request chassis cluster failover reset redundancy-group 1

Answer: B

NEW QUESTION 17
Which host-inbound-traffic security zone parameter would allow access to the REST API configured to listen on custom TCP port 5080?

• A. http
• B. all
• C. xnm-clear-text
• D. any-service

Answer: D

NEW QUESTION 18
Click the Exhibit button.

You are monitoring traffic, on your SRX300 that was configured using the factory default security parameters. You notice that the SRX300 is not blocking traffic between Host A and Host B as expected.
Referring to the exhibit, what is causing this issue?

• A. Host B was not assigned to the Untrust zone.
• B. You have not created address book entries for Host A and Host B.
• C. The default policy has not been committed.
• D. The default policy permits intrazone traffic within the Trust zone.

Answer: D

NEW QUESTION 19
Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic to connect to the webserver.
Which two actions would accomplish this task? (Choose two.)

• A. Create a custom application for port 8088 and create a security policy that permits the custom-http application.
• B. Remap port 80 to port 8088 in the junos-http application and create a security policy that permits the junos-http application.
• C. Use destination NAT to remap incoming traffic from port 80 to port 8088.
• D. Create an Application Layer Gateway to permit HTTP traffic on port 8088.

Answer: AC

NEW QUESTION 20
Which statement describes the function of NAT?

• A. NAT encrypts transit traffic in a tunnel.
• B. NAT detects various attacks on traffic entering a security device.
• C. NAT translates a public address to a private address.
• D. NAT restricts or permits users individually or in a group.

Answer: C

NEW QUESTION 21
......