Page: 1
/ 5
Total 68 questions
Your SRX Series device does not see the SYN packet.
What is the default action in this scenario?
- A. The device will forward the subsequent packets and the session will be established
- B. The device will forward the subsequent packets and the session will not be established
- C. The device will drop the subsequent packets and the session will not be established
- D. The device will drop the subsequent packets and the session will be established
Answer : C
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-tcp-session-checks.html
Click the Exhibit button.
Referring to the exhibit, you are attempting to enable IPsec power mode to improve IPsec VPN performance. However, you are unable to use IPsec power mode.
What is the problem?
- A. IPsec power mode cannot be used with IPsec performance acceleration
- B. IPsec power mode cannot be used with high IPsec maximum segment size values
- C. IPsec power mode cannot be used with advanced services
- D. IPsec power mode requires that you configure a policy-based VPN
Answer : C
Reference:
https://www.juniper.net/documentation//en_US/junos/topics/reference/configuration-statement/security-flow-power-mode-ipsec.html
Click the Exhibit button.
Referring to the exhibit, which IPS deployment mode is running on the SRX5800 device?
- A. sniffer mode
- B. integrated mode
- C. monitor mode
- D. in-line tap mode
Answer : B
In a Juniper ATP Appliance, what would be a reason for the mitigation rule to be in the failed-remove state?
- A. The Juniper ATP Appliance received a commit error message from the SRX Series device
- B. The Juniper ATP Appliance received an unknown error message from the SRX Series device
- C. The Juniper ATP Appliance was not able to communicate with the SRX Series device
- D. The Juniper ATP Appliance was not able to obtain the config lock
Answer : D
Reference:
https://www.juniper.net/documentation/en_US/release-independent/jatp/topics/topic-map/jatp-mitigation-and-reporting.html
An administrator wants to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, with the internal resource having previously sent packets to the external hosts.
Which configuration setting is used to accomplish this goal?
- A. persistent-nat permit any-remote-host
- B. persistent-nat permit target-host-port
- C. address-persistent
- D. persistent-nat permit target-host
Answer : A
How does secure wire mode differ from transparent mode?
- A. In secure wire mode, no switching lookup takes place to forward traffic
- B. In secure wire mode, traffic can be modified using source NAT
- C. In secure wire mode, IRB interfaces can be configured to route inter-VLAN traffic
- D. In secure wire mode, security policies cannot be used to secure intra-VLAN traffic
Answer : A
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-secure-wire.html
What are two important functions of the Juniper Networks ATP Appliance solution? (Choose two.)
- A. filtration
- B. detection
- C. statistics
- D. analytics
Answer : BD
Reference:
https://www.juniper.net/us/en/products-services/security/advanced-threat-prevention/
Click the Exhibit button.
You have two hosts on the same subnet connecting to an SRX340 on interfaces ge-0/0/4 and ge-0/0/5. However, the two hosts cannot communicate with each other.
Referring to the exhibit, what are two actions that would solve this problem? (Choose two.)
- A. Set the SRX340 to Ethernet switching mode and reboot
- B. Add an IRB interface to the VLAN
- C. Put the ge-0/0/4 and ge-0/0/5 interfaces in different VLANs
- D. Remove the ge-0/0/4 and ge-0/0/5 interfaces from the L2 security zone
Answer : AD
You have downloaded and initiated the installation of the application package for the JATP Appliance on an SRX1500. You must confirm that the installation of the application package has completed successfully.
In this scenario, which command would you use to accomplish this task?
- A. show services application-identification version
- B. show services application-identification application detail
- C. show services application-identification application version
- D. show services application-identification status
Answer : A
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-application-identification-predefined-signatures.html
You have a remote access VPN where the remote users are using the NCP client. The remote users can access the internal corporate resources as intended; however, traffic that is destined to all other Internet sites is going through the remote access VPN. You want to ensure that only traffic that is destined to the internal corporate resources use the remote access VPN.
Which two actions should you take to accomplish this task? (Choose two.)
- A. Enable the split tunneling feature within the VPN configuration on the SRX Series device
- B. Enable IKEv2 within the VPN configuration on the SRX Series device
- C. Configure the necessary traffic selectors within the VPN configuration on the SRX Series device
- D. Configure split tunneling on the NCP profile on the remote client
Answer : CD
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-remote-access-vpns-with-ncp-exclusive-remote-access-client.html
Click the Exhibit button.
Referring to the exhibit, which two statements are true? (Choose two.)
- A. Events based on this third-party feed will not affect a hostג€™s threat score
- B. SRX Series devices will block traffic based on this third-party feed
- C. SRX Series devices will not block traffic based on this third-party feed
- D. Events based on this third-party feed will affect a hostג€™s threat score
Answer : AB
Reference:
https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-integrated-feeds.html
Click the Exhibit button.
You have configured an ADVPN that is operational. However, OSPF will not establish correctly across the ADVPN tunnels.
Referring to the exhibit, which two commands will solve the problem? (Choose two.)
- A. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 dynamic-neighbors
- B. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 topology advpn
- C. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 interface-type nbma
- D. [edit protocols ospf area 0.0.0.0] user@srx# set interface st0.0 demand-circuit
Answer : AD
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html
Which two modes are supported on Juniper Sky ATP? (Choose two.)
- A. private mode
- B. global mode
- C. tap mode
- D. secure wire mode
Answer : CD
Reference:
https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-about.html
You configured a security policy permitting traffic from the trust zone to the DMZ zone, inserted the new policy at the top of the list, and successfully committed it to the SRX Series device. Upon monitoring, you notice that the hit count does not increase on the newly configured policy.
In this scenario, which two commands would help you to identify the problem? (Choose two.)
- A. user@srx> show security zones trust detail
- B. user@srx> show security shadow-policies from zone trust to zone DMZ
- C. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port 443
- D. user@srx> show security match-policies from-zone trust to-zone DMZ source-ip 192.168.10.100/32 destination-ip 10.10.10.80/32 protocol tcp source-port 5806 destination-port 443 result-count 10
Answer : BD
Reference:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/monitoring-troubleshooting-security-policy.html
A user is unable to reach a necessary resource. You discover the path through the SRX Series device includes several security features. The traffic is not being evaluated by any security policies.
In this scenario, which two components within the flow module would affect the traffic? (Choose two.)
- A. services/ALG
- B. destination NAT
- C. source NAT
- D. route lookup
Answer : AC
30 days access 