NEW QUESTION 1
Refer to the Exhibit.

You are asked to provide a proposal for security elements in the service provider network shown in the exhibit. You must provide DOoS protection for Customer A from potential upstream attackers.
Which statements correct in this scenario?

• A. You should implement DDoS protection to drop offending traffic on the edge devices closest to the destination of the attack.
• B. You should implement DDoS protection to drop offending traffic on the edge devices closest to the source of the attack.
• C. You should implement DDoS protection to drop offending traffic on the core devices.
• D. You should implement DDoS protection to drop offending traffic on the customer edge device.

Answer: C

NEW QUESTION 2
When designing the security for a service provider core router, you are asked to add a firewall fitter on the to0 interface in this scenario, which two protocols would you want to allow through the filter? (Choose two.)

• A. LLDP
• B. SSH
• C. BGP
• D. STP

Answer: AC

NEW QUESTION 3
When considering the data center, which two security aspects must be considered? (Choose two)

• A. theoretical
• B. conceptual
• C. physical
• D. logical

Answer: A

NEW QUESTION 4
As part of a high availably design for interfaces on an SRX chassis cluster, you are asked to deliver a design that provides both link redundancy and node redundancy What would you use to satisfy the requirement?

• A. MC-LAG interfaces
• B. LAG interfaces
• C. reth interfaces
• D. reth LAG interfaces

Answer: B

NEW QUESTION 5
You are asked to provide a security solution to secure corporate traffic across the Internet between sites. This solution must provide data integrity, confidentiality and encryption Which security feature will accomplish this task?

• A. IPsecVPN
• B. IP-IP tunnel
• C. Layer 3 VPN
• D. IGRE tunnel

Answer: A

NEW QUESTION 6
Refer to the exhibit.

The SRX Series devices are decoyed in an off-path active/passive Cluster configuration
What are two advantages of this deployment model over an active-'active duster configuration' (Choose two)

• A. load-balancing of east/west traffic
• B. load-balancing of north/south traffic
• C. reduced latency
• D. reduced fabric link traffic

Answer: CD

NEW QUESTION 7
Refer the Exhibit.

You must ensure that return Web traffic is not dropped by the firewall devices What must be implemented on the link between FW A and FW B?

• A. VRRP
• B. session sync
• C. asymmetric routing
• D. BFO

Answer: A

NEW QUESTION 8
You are designing an IP camera solution for your warehouse You must block command and control servers from communicating with the cameras. In this scenario. which two products would you need to include in your design? (Choose two)

• A. SRX Series device
• B. Security Director
• C. Juniper ATP Cloud
• D. IPS

Answer: CD

NEW QUESTION 9
A new virus is sheading across the Internet, with the potential to affect your customer's network
Which two statements describe how Policy Enforcer interacts with other devices to ensure that the network is protected in this scenario? (Choose two.)

• A. Policy Enforcer pulls security intelligence feeds from Juniper ATP Cloud to apply to SRX Series devices
• B. Policy Enforcer pulls security policies from Juniper ATP cloud and apples them to SRX Series devices
• C. Policy Enforcer automates the enrollment of SRX Series devices with Jumper ATP Cloud
• D. Security Director pulls security intelligence feeds from Juniper ATP Cloud and applies them to Policy Enforcer

Answer: B

NEW QUESTION 10
Which statement about Junos firewall filters is correct?

• A. Firewall filters can be applied as a security policy action
• B. Firewall filters do not operate on stateful flows and they serve no purpose in a next-generation firewall
• C. Firewall filters can be applied as the packet enters the security device, and they are stateless.
• D. Firewall filters are applied to TCP packets onl
• E. and they do not block UDP pockets

Answer: B

NEW QUESTION 11
Which firewall service is used as a first line of defense and often used by a security device to protect itself?

• A. intrusion prevention system
• B. unified Threat management
• C. network address translation
• D. stateless firewall filter

Answer: A

NEW QUESTION 12
Multiple customers use the shared infrastructure of your data center. These customers require isolation for compliance and security reasons.
What would you do to satisfy this requirement?

• A. Isolate each customer by using different physical hard//are
• B. Deploy multiple physical security control points
• C. Deploy a single logical security control point.
• D. Place each customers VLANs separate virtual router

Answer: C

NEW QUESTION 13
Which three statements about Group VPNs #e true? (Choose three.)

• A. The IP pay load is encrypted
• B. Data can flow directly between sites without transiting a central hub
• C. Group VPNs use a client/server architecture
• D. All data transits through a central hub
• E. The IP headers are encrypted

Answer: ACD

NEW QUESTION 14
You are designing a service provider network. As part of your design you must ensure that the OSPF, BGP, and RSVP protocol communications are secured using the same authentication method. Which authentication protocol will accomplish this task?

• A. HMAC-MD5
• B. simple authentication
• C. SHA-RSA
• D. SHA-256

Answer: B

NEW QUESTION 15
You want to reduce the possibility of your data center's server becoming an unwilling participant in a DDoS attack When tvA3 features should you use on your SRX Series devices to satisfy this requirement? (Choose two.)

• A. dynamic IPsec tunnels
• B. Juniper ATP Cloud GeolP
• C. UTMWebtaering
• D. Juniper ATP Cloud CC feeds

Answer: AD

NEW QUESTION 16
You must secure network access by requiring users to log in through an HTTP browser, while also allowing printers to connect to the network using MAC address validation. What will satisfy these requirements?

• A. 802. IX multiple supplicant
• B. MAC RADIUS
• C. captive portal
• D. guest VLAN

Answer: B

NEW QUESTION 17
Physical security devices are ''blind'' to which type of traffic?

• A. bare metal server to VM
• B. private VLAN
• C. intra-server traffic
• D. management

Answer: B

NEW QUESTION 18
......