Page: 1
/ 5
Total 68 questions
Which statement is correct about IKE?
- A. IKE phase 1 is used to establish the data path.
- B. IKE phase 1 only supports aggressive mode.
- C. IKE phase 1 establishes the tunnel between devices.
- D. IKE phase 1 negotiates a secure channel between gateways.
Answer : D
Which two statements are correct about security zones? (Choose two.)
- A. Security zones use address books to link usernames to IP addresses.
- B. Security zones use a stateful firewall to provide secure network connections.
- C. Security zones use packet filters to prevent communication between management ports.
- D. Security zones use security policies that enforce rules for the transit traffic.
Answer : AC
Click the Exhibit button.
You are configuring an IPsec VPN for the network shown in the exhibit.
Which feature must be enabled for the VPN to establish successfully?
- A. Main mode must be configured on the IKE gateway.
- B. Main mode must be configured on the IPsec VPN.
- C. Aggressive mode must be configured on the IPsec VPN.
- D. Aggressive mode must be configured on the IKE gateway.
Answer : D
When configuring IPsec VPNs, setting a hash algorithm solves which security concern?
- A. availability
- B. encryption
- C. redundancy
- D. integrity
Answer : D
Which security object defines a source or destination IP address that is used for an employee workstation?
- A. zone
- B. screen
- C. address book entry
- D. scheduler
Answer : C
What is a type of security feed that Sky ATP provides to a vSRX Series device by default?
- A. RSS feeds
- B. C&C feeds
- C. ACL feeds
- D. malware feeds
Answer : B
You are designing a new security policy on an SRX Series device. You must block an application silently and log all occurrences of the application access attempts.
In this scenario, which two actions must be enabled in the security policy? (Choose two.)
- A. Log the session initiations.
- B. Enable a reject action.
- C. Log the session closures.
- D. Enable a deny action.
Answer : AD
Which two notifications are available when the antivirus engine detects an infected file? (Choose two.)
- A. e-mail notifications
- B. protocol-only notifications
- C. SNMP notifications
- D. SMS notifications
Answer : AB
What is a characteristic of the Junos Enhanced Web filtering solution?
- A. Junos Enhanced Web filtering allows the SRX Series device to categorize URLs using an on-premises Websense server.
- B. The SRX Series device intercepts HTTP and HTTPS requests and sends the source IP address to the on-premises Websense server.
- C. The Websense Cloud categorizes the URLs and also provides site reputation information.
- D. The Websense Cloud resolves the categorized URLs to IP addresses by performing a DNS reverse lookup.
Answer : C
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.
In this scenario, what must be configured to solve this problem?
- A. a host-inbound-traffic setting on the incoming zone
- B. an MTU value larger than the default value
- C. a screen on the internal interface
- D. a security policy allowing SSH traffic
Answer : A
Which two features on the SRX Series device are common across all Junos devices? (Choose two.)
- A. the separation of control and forwarding planes
- B. screens
- C. stateless firewall filters
- D. UTM services
Answer : AC
Click the Exhibit button.
Referring to the exhibit, which type of NAT is being performed?
- A. source NAT without PAT
- B. destination NAT without PAT
- C. source NAT with PAT
- D. destination NAT with PAT
Answer : C
What is the purpose of the Shadow Policies workspace in J-Web?
- A. The Shadow Policies workspace shows unused security policies due to policy overlap.
- B. The Shadow Policies workspace shows used security policies due to policy overlap.
- C. The Shadow Policies workspace shows unused IPS policies due to policy overlap.
- D. The Shadow Policies workspace shows used IPS policies due to policy overlap.
Answer : A
Which UTM feature uses MIME pattern filters to identify traffic in HTTP and e-mail protocols?
- A. antispam
- B. antivirus
- C. Web filtering
- D. content filtering
Answer : D
Which statement is correct about IKE?
- A. IKE phase 1 supports both main and aggressive mode.
- B. IKE phase 2 is where the encryption algorithm is negotiated between peers.
- C. IKE phase 1 is where the tunnel is established for transit traffic.
- D. IKE phase 2 negotiates the secure channel between gateways.
Answer : A
30 days access 