Juniper JN0-632 Exam

Free JN0-632 Sample Questions:

1.You want to implement an IPS rule base action in which matching traffic is dropped. Which configuration parameter meets this requirement?
A. no-action
B. drop-packet
C. accept
D. notification
Answer: C

2.You are asked to set up a multi-tenant configuration on your SRX Series device. Several remote branch locations are connected to the device. You will connect each remote site to a separate logical interface.
You want to implement segmentation between the branch locations using security zones and routing-instances.Which two statements are true.? (Choose two.)
A. Multiple branch locations can be assigned to the same zone but different routing -instances.
B. Multiple branch locations can be assigned to the same routing -instance but different zones.
C. If you use the interfaces all configuration option under a zone, diff erent interfaces in the same zone can be assigned to multiple routing instances.
D. If you use the interfaces all configuration option under a zone, different interfaces must be assigned to the same routing instance.
Answer: B, C

3.You are working at a service provider that offers only residential access to DSL subscribers. Your company has decided to make customer traffic subject to further inspection. When you install a new IPS machine in the network, where should you place it?
A. as close as possible to the server farm that runs the company's Web and DNS servers
B. between the dual-homed upstream routers and the firewalls
C. as close to the B-RAS devices as possible
D. in the middle of the network
Answer: C

4.You want to deploy an SRX Series cluster for a distributed data center between two remote locations.
The carrier will provide you with dark fiber capable of the following: a 100 km reach, 125 ms propagation delay, and a packet loss of 1 out of 10,000,000 packets. You plan to connect the fiber di rectly to the SRX Series devices without any switches in between, and you plan to configure the SRX Series devices with a straightforward cluster configuration. One of the NOC engineers expresses doubts that this design will work. How do you respond?
A. You explain that everything will work as expected.
B. You agree to install switches in between the SRX Series clusters in both sites for increased availability of the network.
C. You agree with the argument that dark fiber is not the best choice and choos e a managed SDH/SONET solution, running Ethernet over SDH/SONET.
D. You agree with the NOC engineer that the heartbeat interval timers for the cluster must be adjusted to accommodate the 125 ms delay.
Answer: D

5.In a group VPN topology, you have three members A, B, and C. You want A to communicate with B using a different encryption key from the one it uses to communicate with C.How do you achieve this?
A. You put A, B, and C in three different groups.
B. You put A, B, and C in the same group, but you define a different match-policy for communication between A and B and for communication between A and C.
C. You define a different SA and a different match -policy for communication between A and B and for communication between A and C.
D. In a group VPN, all members of a group must use the same key to communicate with each other.
Answer: C

6.You have set up a chassis cluster in an active-active state. While monitoring the fabric link during a failover scenario, you noticed the utilization is higher than e xpected.What are two possible causes of the higher utilization? (Choose two.)
A. An upstream link failure has resulted in Internet -bound traffic ingressing the primary node and egressing the secondary node.
B. The failover from the primary node to the secondary node has resulted in increased heartbeat and RTO traffic.
C. A LAN interface failure has resulted in Internet -bound traffic ingressing the secondary node and egressing the primary node.
D. The failover from the primary node to the secondary node has resulted in a graceful restart scenario in which all traffic must use the fabric link.
Answer: A, C

7.You have implemented a chassis cluster that spans a Layer 2 network between two office campuses.
You are using dual fabric links. Some of the RTOs are getting lost.What are two reasons why this happens? (Choose two.)
A. The switches interconnecting the fabric links do not support jumbo frames.
B. The switches are not configured with the proper VLAN tags used by RTO traffic.
C. The Layer 2 network contains 10 Gigabit links.
D. There is a 500 millisecond latency between the SRX Series devices.
Answer: A, D

8.You have been asked to configure a signature to block an attack released by a security vulnerability reporting agency.Which two characteristics of the attack must you understand to configure the attack object? (Choose two.)
A. the source IP address of the attacker
B. the protocol the attack is transported in
C. a string or regular expression that occurs within the attack
D. IPv4 routing header
Answer: B, C

