NEW QUESTION 1
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

• A. The application firewall rule is not inspecting encrypted traffic.
• B. There are two rules configured in the rule set.
• C. The rule set uses application definitions from the predefined library.
• D. The configured rule set matches most analyzed applications.

Answer: AC

NEW QUESTION 2
Click the Exhibit button.

Security Director is reporting the events shown in the exhibit.
If the fallback parameter is set to pass traffic, what would cause the events?

• A. The files are too large for the antivirus engine to process.
• B. The files are not scanned because they were permitted by a security policy.
• C. The files are not scanned because they are the wrong file format.
• D. The antivirus engine is unable to re-encrypt the files.

Answer: A

NEW QUESTION 3
Click the Exhibit button.

Referring to the exhibit, you have expanded the disk storage size in ESXi for your log collector from 500 GB to 600 GB. However, your log collector’s disk size has not changed.
Given the scenario, which two statements are true? (Choose two.)

• A. You must run a script from the console to expand the disk size.
• B. The ESXi storage parameter is not associated with the Elasticsearch disk size parameter.
• C. You must reboot the log collector for storage settings to be updated
• D. You must re-run the log collector setup script to update the storage settings.

Answer: AC

NEW QUESTION 4
Your network includes SRX Series devices at all headquarter, data center, and branch locations. The headquarter and data center locations use high-end SRX Series devices, and the branch locations use branch SRX Series devices. You are asked to deploy IPS on the SRX Series devices using one of the available IPS deployment modes.
In this scenario, which two statements are true? (Choose two.)

• A. Inline tap mode provides enforcement.
• B. Inline tap mode can be used at all locations.
• C. Integrated mode can be used at all locations.
• D. Integrated mode provides enforcement.

Answer: CD

NEW QUESTION 5
Your manager has identified that employees are spending too much time posting on a social media site. You are asked to block user from posting on this site, but they should still be able to access any other site on the Internet.
In this scenario, which AppSecure feature will accomplish this task?

• A. AppQoS
• B. AppTrack
• C. APpFW
• D. APBR

Answer: C

NEW QUESTION 6
Click the Exhibit button.

Referring to the exhibit, which statement is true?

• A. E-mails from the user@example.com address are marked with SPAM in the subject line by the spam block list server.
• B. E-mails from the user@example.com address are blocked by the spam list server.
• C. E-mails from the user@example.com address are blocked by the reject blacklist.
• D. E-mails from the user@example.com address are allowed by the allow whitelist.

Answer: D

NEW QUESTION 7
You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restarted to the VLANs from which they originate.
Which configuration accomplishes these objectives?

• A. bridge {block-non-ip-all;bpdu-vlan-flooding;}
• B. bridge {block-non-ip-all;bypass-non-ip-unicast;no-packet-flooding;}
• C. bridge {bypass-non-ip-unicast;bpdu-vlan-flooding;}
• D. bridge {block-non-ip-all;bypass-non-ip-unicast;bpdu-vlan-flooding;}

Answer: A

NEW QUESTION 8
Which IDP rule configuration will send an RST to any new session that meets the action criteria?

• A. ip-action block
• B. action close-client-and-server
• C. ip-action close
• D. action drop-connection

Answer: C

NEW QUESTION 9
Click the Exhibit button.

You have enabled mixed mode on an SRX Series device. You are unable to commit the configuration shown in the exhibit.
What is the problem in this scenario?

• A. A Layer 3 interface has not been configured on VLAN v10.
• B. The trust zone cannot contain both Layer 2 and Layer 3 interfaces.
• C. STP is not enabled under the host-inbound-traffic system services hierarchy on the trust and protected security zones.
• D. An IRB interface has not been configured.

Answer: B

NEW QUESTION 10
What is the correct application mapping sequence when a user goes to Facebook for the first time through an SRX Series device?

• A. first packet > process packet > check application system cache > classify application > process packet > match and identify application
• B. first packet > check application system cache > process packet > classify application > match and identify application
• C. first packet > check application system cache > classify application > process packet > match and identify application
• D. first packet > process packet > check application system cache > classify application > match and identify application

Answer: D

NEW QUESTION 11
What are three components of Software-Defined Secure Networks? (Choose three.)

• A. Contrail
• B. Sky ATP
• C. SRX Series device
• D. Security Director
• E. Network Director

Answer: BCD

NEW QUESTION 12
You have been notified by your colocation provider that your infrastructure racks will no longer be adjacent to each other.
In this scenario, which technology would you use to secure all Layer 2 and Layer 3 traffic between racks?

• A. IPsec
• B. GRE
• C. 802.1BR
• D. MACsec

Answer: D

NEW QUESTION 13
You want to review AppTrack statistics to determine the characteristics of the traffic being monitored.
Which operational mode command would accomplish this task on an SRX Series device?

• A. show services application-identification statistics applications
• B. show services application-identification application detail
• C. show security application-tracking counters
• D. show services security-intelligence statistics

Answer: A

NEW QUESTION 14
Click the Exhibit button.

Referring to the exhibit, the host has been automatically blocked from communicating on the network because a malicious file was downloaded. You cleaned the infected host and changed the investigation status to Resolved – Fixed.
What does Sky ATP do if the host then attempts to download a malicious file that would result in a threat score of 10?

• A. Sky ATP does not log the connection attempt and an SRX Series device does not allow the host to communicate on the network.
• B. Sky ATP logs the connection attempt and an SRX Series device does not allow the host to communicate on the network.
• C. Sky ATP logs the connection attempt and an SRX Series device allows the host to communicate on the network.
• D. Sky ATP does not log the connection attempt and an SRX Series device allows the host to communicate on the network.

Answer: C

NEW QUESTION 15
Which three components are part of the AppSecure services suite? (Choose three.)

• A. IDP
• B. Sky ATP
• C. AppQoS
• D. AppFW
• E. Web filtering

Answer: ACD

NEW QUESTION 16
You have configured a log collector VM and Security Director. System logging is enabled on a branch SRX Series device, but security logs do not appear in the monitor charts.
How would you solve this problem?

• A. Configure a security policy to forward logs to the collector.
• B. Configure application identification on the SRX Series device.
• C. Configure security logging on the SRX Series device.
• D. Configure J-Flow on the SRX Series device.

Answer: C

NEW QUESTION 17
Click the Exhibit button.

Referring to the exhibit, you have configured a Sky ATP policy to inspect user traffic. However, you have noticed that encrypted traffic is not being inspected.
In this scenario, what must you do to solve this issue?

• A. Change the policy to inspect HTTPS traffic.
• B. Configure the PKI feature.
• C. Configure the SSL forward proxy feature.
• D. Change the policy to inspect TLS traffic.

Answer: C

NEW QUESTION 18
You have implemented APBR on your SRX Series device and are verifying that your changes are working properly. You notice that when you start the application for the first time, it does not follow the expected path.
What are two reasons that would cause this behavior? (Choose two.)

• A. The application system cache does not have an entry for the first session.
• B. The application system cache has been disabled.
• C. The application system cache already has an entry for this application.
• D. The advanced policy-based routing is applied to the ingress zone and must be moved to the egress zone.

Answer: AB

NEW QUESTION 19
Click the Exhibit button.

You are trying to implement secure wire on your SRX Series device. However, you are receiving the commit error shown in the exhibit.
What must you do to solve the problem?

• A. Add the correct logical units to the interfaces in the secure wire.
• B. Put the ge-0/0/4 and ge-0/0/5 interfaces in separate secure wires.
• C. Change the Ethernet switching mode from access to trunk for the ge-0/0/4 and ge-0/0/5 interfaces.
• D. Add the ge-0/0/4 and ge-0/0/5 interfaces to the SV VLAN.

Answer: A

NEW QUESTION 20
The Software-Defined Secure Networks Policy Enforcer contains which two components? (Choose two.)

• A. SRX Series device
• B. Sky ATP
• C. Policy Controller
• D. Feed Connector

Answer: CD

NEW QUESTION 21
Which feature of Sky ATP is deployed with Software-Defined Secure Networks?

• A. zero-day threat mitigation
• B. software image snapshot support
• C. device inventory management
• D. service redundancy daemon configuration support

Answer: A

NEW QUESTION 22
After using Security Director to add a new firewall policy rule on an SRX Series device, you notice that the hit count on the policy is not increasing. Upon further investigation, you find that the devices listed in the new rule are able to communicate as expected. Your firewall policy consists of hundreds of rules.
Using only Security Director, how do you find the rule that is allowing the communication to occur in this scenario?

• A. Generate a Top Firewall Rules report.
• B. Generate a Policy Analysis report.
• C. Generate a Top Source IPs report.
• D. Generate a Top Firewall Events report.

Answer: D

NEW QUESTION 23
......