You want to automatically generate the encryption and authentication keys during IPsec VPN establishment.
What would be used to accomplish this task?
- A . IPsec
- B . Diffie_Hellman
- C . Main mode
- D . Aggregate mode
BY default, revenue interface are placed into which system-defined security zone on an SRX series device?
- A . Trust
- B . Null
- C . Junos-trust
- D . untrust
On an SRX device, you want to regulate traffic base on network segments.
In this scenario, what do you configure to accomplish this task?
- A . Screens
- B . Zones
- C . ALGs
- D . NAT
Which two segments describes IPsec VPNs? (Choose two.)
- A . IPsec VPN traffic is always authenticated.
- B . IPsec VPN traffic is always encrypted.
- C . IPsec VPNs use security to secure traffic over a public network between two remote sites.
- D . IPsec VPNs are dedicated physical connections between two private networks.
Exhibit.
Which statement is correct regarding the interface configuration shown in the exhibit?
- A . The interface MTU has been increased.
- B . The IP address has an invalid subnet mask.
- C . The IP address is assigned to unit 0.
- D . The interface is assigned to the trust zone by default.
Which flow module components handles processing for UTM?
- A . Policy
- B . Zones
- C . Services
- D . Screen options
Which two match conditions would be used in both static NAT and destination NAT rule sets? (Choose two.)
- A . Destination zone
- B . Destination interface
- C . Source interface
- D . Source zone
Which statement about IPsec is correct?
- A . IPsec can be used to transport native Layer 2 packets.
- B . IPsec can provide encapsulation but not encryption
- C . IPsec is a standards-based protocol.
- D . IPsec is used to provide data replication
Which two statements are true about the null zone? (Choose two.)
- A . All interface belong to the bull zone by default.
- B . All traffic to the null zone is dropped.
- C . All traffic to the null zone is allowed
- D . The null zone is a user-defined zone
Which statements is correct about Junos security zones?
- A . User-defined security must contain at least one interface.
- B . Security policies are referenced within a user-defined security zone.
- C . Logical interface are added to user defined security zones
- D . User-defined security must contains the key word ‘’zone’’
What should you configure if you want to translate private source IP address to a single public IP address?
- A . Source NAT
- B . Destination NAT
- C . Content filtering
- D . Security Director
You are configuring an IPsec VPN tunnel between two location on your network. Each packet must be encrypted and authenticated.
Which protocol would satisfy these requirements?
- A . MD5
- B . ESP
- C . AH
- D . SHA
You have created a zones-based security policy that permits traffic to a specific webserver for the marketing team. Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the server they are unable to do so.
What are two reasons for this access failure? (Choose two.)
- A . You failed to change the source zone to include any source zone.
- B . You failed to position the policy after the policy that denies access to the webserver.
- C . You failed to commit the policy change.
- D . You failed to position the policy before the policy that denies access the webserver
Referring to the exhibit.
Users on the network are restricted from accessing Facebook, however, a recent examination of the logs show that users are accessing Facebook.
Why is this problem happening?
- A . Global rules are honored before zone-based rules.
- B . The internet-Access rule has a higher precedence value
- C . The internet-Access rule is listed first
- D . Zone-based rules are honored before global rules
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a dynamic IP address?
- A . Configure the IPsec policy to use MDS authentication.
- B . Configure the IKE policy to use aggressive mode.
- C . Configure the IPsec policy to use aggressive mode.
- D . Configure the IKE policy to use a static IP address
Which statements is correct about SKY ATP?
- A . Sky ATP is an open-source security solution.
- B . Sky ATP is used to automatically push out changes to the AppSecure suite.
- C . Sky ATP only support sending threat feeds to vSRX Series devices
- D . Sky ATP is a cloud-based security threat analyzer that performs multiple tasks
Which type of security policy protect restricted services from running on non-standard ports?
- A . Application firewall
- B . IDP
- C . Sky ATP
- D . antivirus
Referring to the exhibit.
Users should not have access to Facebook, however, a recent examination of the logs security show that users are accessing Facebook.
what should you do to solve this problem?
- A . Change the source address for the Block-Facebook-Access rule to the prefix of the users
- B . Move the Block-Facebook-Access rule before the Internet-Access rule
- C . Move the Block-Facebook-Access rule from a zone policy to a global policy
- D . Change the Internet-Access rule from a zone policy to a global policy
Which statement is correct about IKE?
- A . IKE phase 1 is used to establish the data path
- B . IKE phase 1 only support aggressive mode.
- C . IKE phase 1 negotiates a secure channel between gateways.
- D . IKE phase 1 establishes the tunnel between devices
Which two statements are correct about using global-based policies over zone-based policies? (Choose two.)
- A . With global-based policies, you do not need to specify a destination zone in the match criteria.
- B . With global-based policies, you do not need to specify a source zone in the match criteria.
- C . With global-based policies, you do not need to specify a destination address in the match criteria.
- D . With global-based policies, you do not need to specify a source address in the match criteria.
Which two private cloud solution support vSRX devices? (Choose two.)
- A . Microsoft Azure
- B . Amazon Web Services (AWS)
- C . VMware Web Services (AWS)
- D . VMware NSX
- E . Contrail Cloud
You want to integrate an SRX Series device with SKY ATP.
What is the first action to accomplish task?
- A . Issue the commit script to register the SRX Series device.
- B . Copy the operational script from the Sky ATP Web UI.
- C . Create an account with the Sky ATP Web UI.
- D . Create the SSL VPN tunnel between the SRX Series device and Sky ATP.
What are the valid actions for a source NAT rule in J-Web? (choose three.)
- A . On
- B . Off
- C . Pool
- D . Source
- E . interface
BCE
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/nat-security-source-andsource-pool.html
What must you do first to use the Monitor/Alarms/Policy Log workspace in J-Web?
- A . You must enable logging that uses the SD-Syslog format.
- B . You must enable security logging that uses the TLS transport mode.
- C . You must enable stream mode security logging on the SRX Series device.
- D . You must enable event mode security logging on the SRX Series device.
Which statement about IPsec is correct?
- A . IPsec can provide encryption but not data integrity.
- B . IPsec support packet fragmentation by intermediary devices.
- C . IPsec support both tunnel and transport modes.
- D . IPsec must use certificates to provide data encryption