JN0-633 Security, Professional (JNCIP-SEC) Exam
Application-Aware Security Services
Describe the concepts, operation and functionality of AppSecure
AppSecure traffic processing
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules
Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways
Routing between instances
Logical systems (LSYS)
Intra-LSYS and Inter-LSYS communication
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
Given a scenario, describe and implement filter-based forwarding (FBF)
Describe the concepts, operation and functionality of various types of NAT
NAT traffic processing
IPv6 NAT (Carrier-grade NAT) – NAT64, NAT46, NAT444, DS-Lite
NAT and FBF
NAT and security policy
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations
Advanced IPSec VPNs
Describe the concepts, operation and functionality of various IPSec VPN implementations
IPSec traffic processing
Routing over VPNs
VPNs and NAT
Public key infrastructure (PKI) for IPSec VPNs
VPNs and dynamic gateways
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations
Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways
IPS packet inspection process
IPS rules and rulebases
Signature-based attack detection
Reconnaissance scans and fingerprinting
Flooding, attacks and spoofing
Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality
IPS deployment options and considerations
Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
Describe the concepts, operation and functionality of various transparent mode implementations
Layer 2 security
Spanning tree traffic processing
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations
Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
Logging and syslog
Tracing, including flow traceoptions
Which AppSecure module provides Quality of Service?
You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network.
Which two statements are true in this scenario? (Choose two.)
A. You must add at least one PKI certificate.
B. Junos does not support more than 5000 sessions in this scenario.
C. You must enable SSL decoding.
D. You must enable SSL inspection.
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)
A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic
You are asked to establish a baseline for your company’s network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together.What are two ways to accomplish this goal? (Choose two.)
A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.
B. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.
C. Send SNMP traps with bandwidth usage to a central SNMP server.
D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.
AppTrack is used for visibility for application usage and bandwidth