Page: 1
/ 5
Total 79 questions
Click the Exhibit button.
Referring to the exhibit, which action will be taken for traffic coming from the untrust zone going to the trust zone?
- A. Source address 2001:db8::8 will be translated to 10.1.1.5.
- B. Source address 2001:db8::8 will be translated to 10.1.1.8.
- C. Source address 10.1.1.8 will be translated to 2001:db8::8.
- D. Source address 10.1.1.5 will be translated to 2001:db8::8.
Answer : B
Click the Exhibit button.
Referring to the exhibit, which statement is true?
- A. TCP packets entering the interface are failing the TCP sequence check.
- B. Packets entering the interface are being dropped due to a stateless filter.
- C. Packets entering the interface are getting dropped because there is no route to the destination.
- D. Packets entering the interface matching an ALG are getting dropped.
Answer : C
Click the exhibit button.
You are configuring security policies with Junos Space Security Director.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. The host device has three rules assigned to it.
- B. The policy assigned to the host device is published.
- C. The policy assigned to the host device requires publishing.
- D. The host device has two rules assigned to it.
Answer : BD
Which process describes the implementation of screen options on an SRX Series device?
- A. Configured screen options are only applied when traffic does not match a valid route.
- B. Configured screen options are applied only to the first packet that is processed in a stateful session.
- C. Configured screen options are applied to all packets that are processed by the stateful session firewall processor.
- D. Configured screen options are only applied when traffic does not match a valid policy.
Answer : C
Which two statements are true when implementing source NAT on an SRX Series device? (Choose two.)
- A. Source NAT is applied before the security policy search.
- B. Source NAT is applied after the route table lookup.
- C. Source NAT is applied before the route table lookup.
- D. Source NAT is applied after the security policy search.
Answer : BD
What are three defined zone types on an SRX Series device?
- A. dynamic
- B. junos-host
- C. null
- D. functional
- E. routing
Answer : BCD
Which host-inbound-traffic security zone parameter would allow access to the REST API configured to listen on custom TCP port 5080?
- A. http
- B. all
- C. xnm-clear-text
- D. any-service
Answer : D
A session token on an SRX Series device is derived from what information? (Choose two.)
- A. routing instance
- B. zone
- C. screen
- D. MAC address
Answer : AB
You want to implement IPsec on your SRX Series devices, but you do not want to use a preshared key.
Which IPsec implementation should you use?
- A. public key infrastructure
- B. next-hop tunnel binding
- C. tunnel mode
- D. aggressive mode
Answer : A
Your network includes IPsec tunnels. One IPsec tunnel transits an SRX Series device with NAT configured. You must ensure that the IPsec tunnels function properly.
Which statement is correct in this scenario?
- A. Persistent NAT should be enabled.
- B. NAT-T should be enabled.
- C. Destination NAT should be configured.
- D. A source address pool should be configured.
Answer : B
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase 1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)
- A. Verify that the IKE gateway proposals on the initiator and responder are the same.
- B. Verify that the VPN tunnel configuration references the correct IKE gateway.
- C. Verify that the IPsec policy references the correct IKE proposals.
- D. Verify that the IKE initiator is configured for main mode.
Answer : BC
You are changing the default vCPU allocation on a vSRX.
How are the additional vCPUs allocated in this scenario?
- A. The vCPU are allocated equally across the Junos control plane and packet forwarding engine.
- B. One dedicated vCPU is allocated for the Junos control plane and the remaining vCPUs for the packet forwarding engine.
- C. One dedicated vCPU is allocated for the packet forwarding engine, one for the Junos control plane, and the remaining vCPUs are equally balanced.
- D. One dedicated vCPU is allocated for the packet forwarding engine and the remaining vCPUs for the Junos plane.
Answer : B
Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?
- A. Implement a firewall filter on the security zone trust.
- B. Implement a security policy from security zone junos-host to security zone trust.
- C. Implement host-inbound-traffic system-services to allow SSH.
- D. Implement a security policy from security zone trust to security zone junos-host.
Answer : D
Click the Exhibit button.
You notice that your SRX Series device is not blocking HTTP traffic as expected.
Referring to the exhibit, what should you do to solve the problem?
- A. Commit the configuration.
- B. Reboot the SRX Series device.
- C. Configure the SRX Series device to operate in packet-based mode.
- D. Move the deny-http policy to the bottom of the policy list.
Answer : B
Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic to connect to the webserver.
Which two actions would accomplish this task? (Choose two.)
- A. Create a custom application for port 8088 and create a security policy that permits the custom-http application.
- B. Remap port 80 to port 8088 in the junos-http application and create a security policy that permits the junos-http application.
- C. Use destination NAT to remap incoming traffic from port 80 to port 8088.
- D. Create an Application Layer Gateway to permit HTTP traffic on port 8088.
Answer : AC
30 days access 