A new SRX Series device has been delivered to your location. The device has the factory-default configuration loaded. You have powered on the device and connected to the console port.
What would you use to log into the device to begin the initial configuration? A. Admin with password B. Admin with a password ''juniper'' C. Root with a password of juniper'' D. Root with no password.
You want to generate reports from the l-Web on an SRX Series device.
Which logging mode would you use in this scenario? A. Stream B. Syslog C. local D. Event.
Which management software supports metadata-based security policies that are ideal for cloud deployments? A. Security Director B. Sky Enterprise C. Network Director D. J-Web.
Which statement about IPsec is correct? A. IPsec can provide encapsulation but not encryption B. IPsec is used to provide data replication C. IPsec is a standards-based protocol. D. IPsec can be used to transport native Layer 2 packets.
Which statements is correct about global security policies? A. Global security require you to identify a source and destination zone. B. Traffic matching global is not added to the session table. C. Global policies eliminate the need to assign interface to security zones. D. Global policies allow you to regulate traffic with addresses and applications, regardless of their security zones.
Which two statements are correct about using global-based policies over zone-based policies? (Choose two.) A. With global-based policies, you do not need to specify a source zone in the match criteria. B. With global-based policies, you do not need to specify a destination address in the match criteria. C. With global-based policies, you do not need to specify a destination zone in the match criteria. D. With global-based policies, you do not need to specify a source address in the match criteria.
Which security object defines a source or destination IP address that is used for an employee Workstation? A. scheduler B. Address book entry C. Screen D. Zone.
Which two feature on the SRX Series device are common across all Junos devices? (Choose two.) A. screens B. UTM services C. Stateless firewall filters D. The separation of control and forwarding planes.
Firewall filters define which type of security? A. Stateless B. Dynamic enforcement C. NGFW D. Stateful.
Which two statements are true about UTM on an SRX340? (Choose two.) A. A default UTM policy is created. B. A default UTM profile is created C. No default profile is created. D. No default UTM policy is created.
What are two characteristic of static NAT SRX Series devices? (Choose two.) A. Static NAT rule take precedence over source and destination NAT rules. B. Static rules cannot coexist with destination NAT rules on the same SRX Series device configuration. C. Source and destination NAT rules take precedence over static NAT rules. D. A reverse mapping rule is automatically created for the source translation.
Which UTM feature should you use to protect users from visiting certain blacklisted websites? A. antispam B. Antivirus C. Content filtering D. Web filtering.
Which two elements are needed on an SRX Series device to set up a remote syslog server? (Choose two.) A. Data throughput B. Data size C. Data type D. IP address.
What are configuring the antispam UTM feature on an SRX Series device.
Which two actions would be performed by the SRX Series device for e-mail that is identified as spam?
(Choose two.) A. Block the e-mail B. Tag the e-mail C. Queue the e-mail D. Quarantine e-mail.
Which two match conditions would be used in both static NAT and destination NAT rule sets? (Choose two.) A. Destination zone B. Source interface C. Source zone D. Destination interface.
What are the valid actions for a source NAT rule in J-Web? (choose three.) A. On B. Off C. Pool D. Source E. interface.
What is the correct order of processing when configuring NAT rules and security policies? A. Policy lookup > source NAT > static NAT > destination NAT B. Static NAT > destination NAT> policy lookup > source NAT C. Source NAT > static NAT > destination NAT > policy lookup D. Destination NAT > policy lookup > source NAT > static NAT.
You are concerned that unauthorized traffic is using non-standardized ports on your network.
In this scenario, which type of security feature should you implement? A. Firewall filters B. Sky ATP C. Zone-based policies D. Application firewall.
Which statement is correct about IKE? A. IKE phase 1 is used to establish the data path B. IKE phase 1 only support aggressive mode. C. IKE phase 1 negotiates a secure channel between gateways. D. IKE phase 1 establishes the tunnel between devices.
Which three actions would be performed on traffic traversing an IPsec VPAN? (Choose three.) A. Deep inspection B. Payload verification C. Port forwarding D. Encryption E. Authentication.
What must you do first to use the Monitor/Events workspace in the j-Web interface? A. You must enable security logging that uses the TLS transport mode. B. You must enable security logging that uses the SD-Syslog format. C. You must enable stream mode security logging on the SRX Series device D. You must enable event mode security logging on the SRX Series device.
You configure and applied several global policies and some of the policies have overlapping match criteria. A. The most restrictive that matches is applied. B. The least restrictive policy that matches is applied. C. The first matched policy is the only policy applied. D. In this scenario, how are these global policies applies?.
What should you configure if you want to translate private source IP address to a single public IP address? A. Source NAT B. Destination NAT C. Content filtering D. Security Director.
Which type of security policy protect restricted services from running on non-standard ports? A. Application firewall B. antivirus C. Sky ATP D. IDP.
On an SRX device, you want to regulate traffic base on network segments.
In this scenario, what do you configure to accomplish this task? A. Zones B. NAT C. Screens D. ALGs.
BY default, revenue interface are placed into which system-defined security zone on an SRX series device? A. untrust B. Null C. Trust D. Junos-trust.
Users should not have access to Facebook, however, a recent examination of the logs security show that users are accessing Facebook.
Referring to the exhibit,
what should you do to solve this problem? A. Move the Block-Facebook-Access rule before the Internet-Access rule B. Change the Internet-Access rule from a zone policy to a global policy C. Move the Block-Facebook-Access rule from a zone policy to a global policy D. Change the source address for the Block-Facebook-Access rule to the prefix of the users.
Which method do VPNs use to prevent outside parties from viewing packet in clear text? A. Authentication B. NAT_T C. Encryption D. Integrity.
You are designing a new security policy on an SRX Series device. You must block an application and log all occurrence of the application access attempts.
In this scenario, which two actions must be enabled in the security policy? (Choose two.) A. Log the session closures B. Enable a deny action C. Log the session initiations D. Enable a reject action.
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a dynamic IP address? A. Configure the IKE policy to use aggressive mode. B. Configure the IPsec policy to use aggressive mode. C. Configure the IKE policy to use a static IP address D. Configure the IPsec policy to use MDS authentication.
Which two actions are performed on an incoming packet matching an existing session? (Choose two.) A. Security policy evolution B. Zone processing C. Screens processing D. Service ALG processing.
Which UTM feature should you use to protect users from visiting certain blacklisted websites? A. Content filtering B. Web filtering C. Antivirus D. antispam.
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to
connect through a revenue port are not able to connect. In this scenario, what must be configured to solve this
problem?
A. A security policy allowing SSH traffic. B. A host-inbound-traffic setting on the incoming zone C. An MTU value target than the default value D. A screen on the internal interface.
Your company has been assigned one public IP address. You want to enable internet traffic to reach multiple servers in
your DMZ that are configured with private address. In this scenario, which type of NAT would be used to accomplish
this tasks?
A. Static NAT B. Destination NAT C. Source NAT D. NAT without PAT.
Users in your network are downloading files with file extensions that you consider to be unsafe for your network. You
must prevent files with specific file extensions from entering your network. Which UTM feature should be enable on an
SRX Series device to accomplish this task?
A. Content filtering B. Web filtering C. Antispam D. URL filtering.
Which flow module components handles processing for UTM? A. Policy B. Zones C. Services D. Screen options.
The vSRX is available for which two of the following hypervisors? (Choose two.) A. Hyper-V B. Xen C. OpenVZ D. KVM.
You are configuring an SRX Series device to inter-operate with a third-party IPsec VPN endpoint that uses policies to
create the VPN. In this scenario, what must be configured for the VPN to work?
A. perfect forward secrecy B. VPN monitoring C. re-keying D. proxy IDs.
Which statements is correct about Junos security zones? A. User-defined security must contain at least one interface. B. Security policies are referenced within a user-defined security zone. C. Logical interface are added to user defined security zones D. User-defined security must contains the key word `'zone''.
You are configuring an IPsec VPN tunnel between two location on your network. Each packet must be encrypted and
authenticated.
Which protocol would satisfy these requirements?
A. MD5 B. ESP C. AH D. SHA.
have created a zones-based security policy that permits traffic to a specific webserver for the marketing team.
Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the
server they are unable to do so. What are two reasons for this access failure? (Choose two.)
A. You failed to change the source zone to include any source zone. B. You failed to position the policy after the policy that denies access to the webserver. C. You failed to commit the policy change. D. You failed to position the policy before the policy that denies access the webserver.
What match criteria does an SRX Series device's network processing unit (NPU) use to determine if a flow already
exists for a packet? (Choose three.)
A. MAC address B. inbound interface C. source port D. unique session token number for a given zone and virtual router E. protocol.
After a packet is not able to be matched to an existing session, what is the next service to inspect the packet? A. screens B. zones C. policy D. static NAT.
The Sky ATP premium or basic-Threat Feed license is needed fort which two features? (Choose two.) A. Outbound protection B. C&C feeds C. Executable inspection D. Custom feeds.
Which two notifications are available when the antivirus engine detects and infected file? (Choose two.) A. e-mail notifications B. SNMP notifications C. SMS notifications D. Protocol-only notification.
Which two statements are true about security policy actions? (Choose two.) A. The reject action drops the traffic and sends a message to the source device. B. The deny action silently drop the traffic. C. The deny action drops the traffic and sends a message to the source device. D. The reject action silently drops the traffic.
When traffic has met match criteria, what options are available to be performed on the traffic? (Choose three.) A. permit B. reject C. deny D. discard E. redirect.
In the context of SRX Series devices, what services does fast-path processing skip? (Choose two.) A. zones B. screens C. services ALG policy.
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a
dynamic IP address?
A. Configure the IPsec policy to use MDS authentication. B. Configure the IKE policy to use aggressive mode. C. Configure the IPsec policy to use aggressive mode. D. Configure the IKE policy to use a static IP address.
Which statements is correct about SKY ATP? A. Sky ATP is an open-source security solution. B. Sky ATP is used to automatically push out changes to the AppSecure suite. C. Sky ATP only support sending threat feeds to vSRX Series devices D. Sky ATP is a cloud-based security threat analyzer that performs multiple tasks.
You have configured a Web filtering UTM policy?
Which action must be performed before the Web filtering UTM policy takes effect?
A. The UTM policy must be linked to an egress interface B. The UTM policy be configured as a routing next hop. C. The UTM policy must be linked to an ingress interface. D. The UTM policy must be linked to a security policy.
If you need to protect against malicious files that might be download through Web-based e-mail, which Sky ATP protection mechanism should you use? a) SMTP file inspection b) IMAP file inspection c) POP3 file inspection d) HTTP file inspection.
Which of the following are supported Mini-Physical Interface Modules (Mini-PIMs) on an SRX Series Services Gateways? a) DOCSIS b) 8-Port Gigabit Ethernet SFP XPIM c) 1-Port Gigabit Ethernet PoE d) Serial e) 1-Port Gigabit Ethernet Small Form-Factor Pluggable (SFP).
When does a Junos security device implement NAT? a) first path processing only b) fast path processing only c) both first path and fast path processing d) neither first path nor fast path processing.
Which order do Junos security devices examine policies for transit traffic? a) default policy, zone policies, global policies b) zone policies, global policies, default policy c) global policies, zone policies, default policy d) default policy, global policies, zone policies.
You want to automatically generate the encryption and authentication keys during IPsec VPN establishment.
What would be used to accomplish this task?
A.IPsec B.Diffie_Hellman C.Main mode D.Aggregate mode.
Which two private cloud solution support vSRX devices? (Choose two.) A. VMware Web Services (AWS) B. Amazon Web Services (AWS) C. Contrail Cloud D. VMware NSX E. Microsoft Azure.
Which two statements are correct about functional zones? (Choose two.) A. Functional zones separate groups of users based on their function. B. Traffic received on the management interface in the functional zone cannot transit out other interface. C. A function is used for special purpose, such as management interface D. A functional zone uses security policies to enforce rules for transit traffic.
Which two statements are true about the null zone? (Choose two.) A. All interface belong to the bull zone by default. B. All traffic to the null zone is allowed C. All traffic to the null zone is dropped. D. The null zone is a user-defined zone.
You have configured antispam to allow e-mail from example.com, however the logs you see that jcart@example.com is blocked Referring to the exhibit.
What are two ways to solve this problem? A. Add jcart@exmple.com to the profile antispam address whitelist. B. Delete jcart@example.com from the profile antispam address blacklist C. Verify connectivity with the SBL server. D. Delete jcart@example.com from the profile antispam address whitelist.
|
