Juniper JN0-333 Online Practice Questions and Exam Preparation

Juniper JN0-333 Online Questions & Answers

• Question 1:

  Click the Exhibit button.

  

  Which two statements describe the output shown in the exhibit? (Choose two.)

  A. Node 0 is controlling traffic for redundancy group 1.
  B. Node 1 is controlling traffic for redundancy group 1.
  C. Redundancy group 1 experienced an operational failure.
  D. Redundancy group 1 was administratively failed over.
  B. Node 1 is controlling traffic for redundancy group 1.
  D. Redundancy group 1 was administratively failed over.

• Question 2:

  You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails. Which two configuration parameters should you verify are correct? (Choose two.)

  A. Verify that the IKE gateway proposals on the initiator and responder are the same.
  B. Verify that the VPN tunnel configuration references the correct IKE gateway.
  C. Verify that the IKE initiator is configured for main mode.
  D. Verify that the IPsec policy references the correct IKE proposals.
  A. Verify that the IKE gateway proposals on the initiator and responder are the same.
  B. Verify that the VPN tunnel configuration references the correct IKE gateway.

• Question 3:

  You want to support reth LAG interfaces on a chassis cluster.

  Which setting must be enabled on the interconnecting switch to accomplish this task?

  A. RSTP
  B. 802.3ad
  C. swfab
  D. LLDP
  B. 802.3ad

• Question 4:

  Click the Exhibit button. Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.3 using HTTP?

  

  A. The client will be permitted by policy p1.
  B. The client will be denied by policy p3.
  C. The client will be denied by policy p2.
  D. The client will be permitted by the global policy.
  D. The client will be permitted by the global policy.

• Question 5:

  Click the Exhibit button.

  You are configuring an OSPF session between two SRX Series devices. The session will not come up.

  Referring to the exhibit, which configuration change will solve this problem?

  

  A. Configure a loopback interface and add it to the trust zone.
  B. Configure the host-inbound-traffic protocols ospf parameter in the trust security zone.
  C. Configure the application junos-ospf parameter in the allow-trusted-traffic security policy.
  D. Configure the host-inbound-traffic system-services any-service parameter in the trust security zone.
  A. Configure a loopback interface and add it to the trust zone.

• Question 6:

  Click the Exhibit button.

  You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172.25.11.0/24 subnet to the Internet. You create a policy named permit ?http between the trust and untrust zones that permits

  HTTP traffic.

  When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

  Which two actions would correct the error? (Choose two.)

  

  A. Create a custom application named http at the [edit applications] hierarchy.
  B. Execute the Junos commit full command to override the error and apply the configuration.
  C. Modify the security policy to use the built-in junos-http application.
  D. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.
  B. Execute the Junos commit full command to override the error and apply the configuration.
  C. Modify the security policy to use the built-in junos-http application.

• Question 7:

  What are the maximum number of supported interfaces on a vSRX hosted in a VMware environment?

  A. 12
  B. 3
  C. 10
  D. 4
  A. 12

• Question 8:

  Which UDP port is used in Ipsec tunneling when NAT-T is in use?

  A. 50
  B. 4500
  C. 500
  D. 51
  B. 4500

• Question 9:

  Which statement is true when destination NAT is performed?

  A. The source IP address is translated according to the configured destination NAT rules and then the security policies are applied.
  B. The destination IP address is translated according to the configured source NAT rules and then the security policies are applied.
  C. The destination IP address is translated according to the configured security policies and then the security destination NAT rules are applied.
  D. The destination IP address is translated according to the configured destination NAT rules and then the security policies are applied.
  D. The destination IP address is translated according to the configured destination NAT rules and then the security policies are applied.

• Question 10:

  Click to the Exhibit button.

  Referring to the exhibit, which two statements are true? (Choose two.)

  

  A. Interface ge-0/0/0 will not accept SSH connections.
  B. Interfaces ge-0/0/0.0 and ge-0/0/1.0 will allow SSH connections.
  C. Interface ge-0/0/0.0 will respond to pings.
  D. Interface ge-0/0/1.0 will respond to pings.
  B. Interfaces ge-0/0/0.0 and ge-0/0/1.0 will allow SSH connections.
  D. Interface ge-0/0/1.0 will respond to pings.