NEW QUESTION 1
Click the Exhibit button.

Referring to the exhibit, which action will be taken for traffic coming from the untrust zone going to the trust zone?

• A. Source address 2001:db8::8 will be translated to 10.1.1.5.
• B. Source address 2001:db8::8 will be translated to 10.1.1.8.
• C. Source address 10.1.1.8 will be translated to 2001:db8::8.
• D. Source address 10.1.1.5 will be translated to 2001:db8::8.

Answer: B

NEW QUESTION 2
Click the Exhibit button.
You are configuring an OSPF session between two SRX Series devices. The session will not come up. Referring to the exhibit, which configuration change will solve this problem?

• A. Configure a loopback interface and add it to the trust zone.
• B. Configure the host-inbound-traffic protocols ospf parameter in the trust security zone.
• C. Configure the application junos-ospf parameter in the allow-trusted-traffic security policy.
• D. Configure the host-inbound-traffic system-services any-service parameter in the trust security zone.

Answer: A

NEW QUESTION 3
You want to trigger failover of redundancy group 1 currently running on node 0 and make node 1 the primary node the redundancy group 1.
Which command would be used accomplish this task?

• A. user@host# set chassis cluster redundancy-group 1 node 1
• B. user@host> request chassis cluster failover redundancy-group 1 node 1
• C. user@host# set chassis cluster redundancy-group 1 preempt
• D. user@host> request chassis cluster failover reset redundancy-group 1

Answer: B

NEW QUESTION 4
Which two statements are true when implementing source NAT on an SRX Series device? (Choose two.)

• A. Source NAT is applied before the security policy search.
• B. Source NAT is applied after the route table lookup.
• C. Source NAT is applied before the route table lookup.
• D. Source NAT is applied after the security policy search.

Answer: BD

NEW QUESTION 5
What are three defined zone types on an SRX Series device?

• A. dynamic
• B. junos-host
• C. null
• D. functional
• E. routing

Answer: BCD

NEW QUESTION 6
Click to the Exhibit button.

Referring to the exhibit, what does proxy ARP allow?

• A. the internal network to ARP for the internal address of the server
• B. the external network to ARP for the internal address of the server
• C. the internal network to ARP for the public address of the server
• D. the external network to ARP for the public address of the server

Answer: A

NEW QUESTION 7
Click the Exhibit button.

Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.3 using HTTP?

• A. The client will be denied by policy p2.
• B. The client will be permitted by the global policy.
• C. The client will be permitted by policy p1.
• D. The client will be denied by policy p3.

Answer: C

NEW QUESTION 8
After an SRX Series device processes the first packet of a session, how are subsequent packets for the same session processed?

• A. They are processed using fast-path processing.
• B. They are forwarded to the control plane for deep packet inspection.
• C. All packets are processed in the same manner.
• D. They are queued on the outbound interface until a matching security policy is found.

Answer: A

NEW QUESTION 9
Which feature is used when you want to permit traffic on an SRX Series device only at specific times?

• A. scheduler
• B. pass-through authentication
• C. ALGs
• D. counters

Answer: A

NEW QUESTION 10
Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic to connect to the webserver.
Which two actions would accomplish this task? (Choose two.)

• A. Create a custom application for port 8088 and create a security policy that permits the custom-http application.
• B. Remap port 80 to port 8088 in the junos-http application and create a security policy that permits the junos-http application.
• C. Use destination NAT to remap incoming traffic from port 80 to port 8088.
• D. Create an Application Layer Gateway to permit HTTP traffic on port 8088.

Answer: AC

NEW QUESTION 11
You need to configure an IPsec tunnel between a remote site and a hub site. The SRX Series device at the remote site receives a dynamic IP address on the external interface that you will use for IPsec.
Which feature would you need to configure in this scenario?

• A. NAT-T
• B. crypto suite B
• C. aggressive mode
• D. IKEv2

Answer: C

NEW QUESTION 12
What are two valid zones available on an SRX Series device? (Choose two.)

• A. security zones
• B. policy zones
• C. transit zones
• D. functional zones

Answer: AD

NEW QUESTION 13
Which statement describes the function of NAT?

• A. NAT encrypts transit traffic in a tunnel.
• B. NAT detects various attacks on traffic entering a security device.
• C. NAT translates a public address to a private address.
• D. NAT restricts or permits users individually or in a group.

Answer: C

NEW QUESTION 14
Which SRX5400 component is responsible for performing first pass security policy inspection?

• A. Routing Engine
• B. Switch Control Board
• C. Services Processing Unit
• D. Modular Port Concentrator

Answer: C

NEW QUESTION 15
Which host-inbound-traffic security zone parameter would allow access to the REST API configured to listen on custom TCP port 5080?

• A. http
• B. all
• C. xnm-clear-text
• D. any-service

Answer: D

NEW QUESTION 16
Which three elements does AH provide in an IPsec implementation? (Choose three.)

• A. confidentiality
• B. authentication
• C. integrity
• D. availability
• E. replay attack protection

Answer: BCE

NEW QUESTION 17
What are three valid virtual interface types for a vSRX? (Choose three.)

• A. SR-IOV
• B. fxp0
• C. eth0
• D. VMXNET 3
• E. virtio

Answer: ABD

NEW QUESTION 18
What are two supported hypervisors for hosting a vSRX? (Choose two.)

• A. VMware ESXi
• B. Solaris Zones
• C. KVM
• D. Docker

Answer: AC

NEW QUESTION 19
You want to implement IPsec on your SRX Series devices, but you do not want to use a preshared key. Which IPsec implementation should you use?

• A. public key infrastructure
• B. next-hop tunnel binding
• C. tunnel mode
• D. aggressive mode

Answer: A

NEW QUESTION 20
Click the exhibit button.

You are configuring security policies with Junos Space Security Director. Referring to the exhibit, which two statements are true? (Choose two.)

• A. The host device has three rules assigned to it.
• B. The policy assigned to the host device is published.
• C. The policy assigned to the host device requires publishing.
• D. The host device has two rules assigned to it.

Answer: BD

NEW QUESTION 21
You are asked to support source NAT for an application that requires that its original source port not be changed.
Which configuration would satisfy the requirement?

• A. Configure a source NAT rule that references an IP address pool with interface proxy ARP enabled.
• B. Configure the egress interface to source NAT fixed-port status.
• C. Configure a source NAT rule that references an IP address pool with the port no-translation parameter enabled.
• D. Configure a source NAT rule that sets the egress interface to the overload status.

Answer: C

NEW QUESTION 22
What is the function of redundancy group 0 in a chassis cluster?

• A. Redundancy group 0 identifies the node controlling the cluster management interface IP addresses.
• B. The primary node for redundancy group 0 identifies the first member node in a chassis cluster.
• C. The primary node for redundancy group 0 determines the interface naming for all chassis cluster nodes.
• D. The node on which redundancy group 0 is primary determines which Routing Engine is active in the cluster.

Answer: D

NEW QUESTION 23
......