What are two valid JIMS event log sources?(Choose two ) - answer-Microsoft active directory server event logs
Microsoft Exchange Server event logs
You want to create an out-of-band management zone and assign interface ge-0/0/0.0 to that zone. Which command would you use to configure this assig...
Juniper SRX
What are two valid JIMS event log sources?(Choose two ) - answer-Microsoft active directory server
event logs
Microsoft Exchange Server event logs
You want to create an out-of-band management zone and assign interface ge-0/0/0.0 to that zone.
Which command would you use to configure this assignment? - answer-set security zones functional-
zone management interfaces ge-0/0/0.0
Which two statements are true about route-based IPsec VPNs on SRX Series devices?(Choose two.) -
answer-Route-based VPNs cannot be used to configure remote access or dialup VPNs.
DSCP bits cannot be re-written on the inner IP header of an ESP packet that was created or forwarded
using a route-based VPN.
Which two statements are true regarding the first-packet path and fast-path processing of an SRX Series
device?(Choose two.) - answer-Screens are applied for both first and consecutive packets of a flow.
Policy lookup is performed only for the first packet of a flow.
Based on the exhibit, client PC 192.168.10.10 cannot ping 1.1.1.2. Which is a potential cause for this
problem? - answer-The security policy from the trust zone to the untrust zone does not permit ping.
The AppQoE module of AppSecure provides which function? - answer-The AppQoE module provides
routing, based on network conditions.
Referring to the exhibit, failover to Node 0 occurred for Redundancy Group 2 because of an interface
failure. The interface has since been restored, but Node 0 is still the primary node for Redundancy
Group 2.
Which two actions will restore Node 1 as the primary node for Redundancy Group 2? - answer-Configure
preempt under Redundancy Group 2 Manually fail over to Redundancy Group 2.
Which statement is true about SurfControl integrated Web filter solution? - answer-The SurfControl
server in the cloud provides the SRX device with only the category of the URL.
Which two statements are true when configuring security zones?(Choose two.) - answer-You can assign
one or more logical interfaces to a zone
You can assign one or more logical interfaces to a routing instance.
Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic
to connect to the webserver. Which two actions would accomplish this task?(Choose two.) - answer-
Create a custom application for port 8088 and create a security policy that permits the custom-http
application.
Use destination NAT to remap incoming traffic from port 80 to port 8088.
, You must configure an IPsec VPN on an SRX Series device. The IPsec VPN will be used for employees to
remotely access the corporate network. Remote employees are assigned a dynamic address. Which type
of VPN should you configure for this scenario? - answer-policy-based VPN
Which three statements are correct regarding a functional zone on SRX Series devices?(Choose three.) -
answer-It can define only one management zone.
It does not forward traffic
It cannot be specified in a policy to control traffic flow.
What are three characteristics of session-based forwarding, compared to packet-based forwarding, on
an SRX Series device? - answer-Session-based forwarding performs faster processing of existing session
Session-based forwarding uses stateful packet processing
Session-based forwarding uses six tuples of information.
You have a chassis cluster established between two SRX Series devices. You re monitoring the status of
the cluster and notice that some redundancy groups show disabled. What are two explanations for this
behavior? - answer-The fab interface is down
The fxp1 interface is down
The output of show security flow sessions is shown in the exhibit. From this output, which type of NAT is
configured? - answer-static source NAT
The DNS ALG performs which three functions?(Choose three) - answer-The DNS ALG performs DNS
doctoring
The DNS ALG performs the IPv4 and IPv6 address transformations
The DNS ALG modifies the DNS payload in NAT mode
Which statement is true about real-time objects in an SRX chassis cluster? - answer-Real-time objects
are exchanged over the fab links to synchronize session table entries.
You want to protect against attacks on interfaces in ZoneA. You create a Junos Screen option called no-
flood and commit the configuration.
In the weeks that follow, the Screen does not appear to be working; whenever you enter the command
show security screen statistics zone ZoneA, all counters show 0. What would solve this problem?
Response: - answer-[edit security zones security-zone ZoneA]user@host# set screen no-flood
Which two statements are correct regarding IPSec security associations on the SRX Series devices?
(Choose two.) - answer-IKE SA is bidirectional.
IPSec SAs are established during Phase 2 negotiations.
After a security policy is applied, which operational command output will display the policy index
number? - answer-show security policies
You want to use Sky ATP to protect your network, however, company policy does not allow you to send
any files to the cloud. Which sky ATP feature should you use in this situation? - answer-Only use cloud-
based Sky ATP file blacklists
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TOPDOCTOR. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
