NEW QUESTION 1
Which two statements are true about the null zone? (Choose two.)

• A. All interface belong to the bull zone by default.
• B. All traffic to the null zone is dropped.
• C. All traffic to the null zone is allowed
• D. The null zone is a user-defined zone

Answer: AB

NEW QUESTION 2
Which security feature is applied to traffic on an SRX Series device when the device is running n packet mode?

• A. Sky ATP
• B. ALGs
• C. Firewall filters
• D. Unified policies

Answer: C

NEW QUESTION 3
Exhibit.

Which statement is correct regarding the interface configuration shown in the exhibit?

• A. The interface MTU has been increased.
• B. The IP address has an invalid subnet mask.
• C. The IP address is assigned to unit 0.
• D. The interface is assigned to the trust zone by default.

Answer: C

NEW QUESTION 4
BY default, revenue interface are placed into which system-defined security zone on an SRX series device?

• A. Trust
• B. Null
• C. Junos-trust
• D. untrust

Answer: D

NEW QUESTION 5
What must you do first to use the Monitor/Events workspace in the j-Web interface?

• A. You must enable stream mode security logging on the SRX Series device
• B. You must enable event mode security logging on the SRX Series device.
• C. You must enable security logging that uses the SD-Syslog format.
• D. You must enable security logging that uses the TLS transport mode.

Answer: B

NEW QUESTION 6
What are the valid actions for a source NAT rule in J-Web? (choose three.)

• A. On
• B. Off
• C. Pool
• D. Source
• E. interface

Answer: BCE

Explanation:
Explanation
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/nat-security-source-and-source-pool.html

NEW QUESTION 7
Which UTM feature should you use to protect users from visiting certain blacklisted websites?

• A. Content filtering
• B. Web filtering
• C. Antivirus
• D. antispam

Answer: B

NEW QUESTION 8
Which statements is correct about SKY ATP?

• A. Sky ATP is an open-source security solution.
• B. Sky ATP is used to automatically push out changes to the AppSecure suite.
• C. Sky ATP only support sending threat feeds to vSRX Series devices
• D. Sky ATP is a cloud-based security threat analyzer that performs multiple tasks

Answer: D

NEW QUESTION 9
What should you configure if you want to translate private source IP address to a single public IP address?

• A. Source NAT
• B. Destination NAT
• C. Content filtering
• D. Security Director

Answer: A

NEW QUESTION 10
The free licensing model for Sky ATP includes which features? (Choose two.)

• A. C& C feeds
• B. Infected host blocking
• C. Executable file inspection
• D. Compromised endpoint dashboard

Answer: BC

NEW QUESTION 11
The Sky ATP premium or basic-Threat Feed license is needed fort which two features? (Choose two.)

• A. Outbound protection
• B. C&C feeds
• C. Executable inspection
• D. Custom feeds

Answer: BD

NEW QUESTION 12
What is the correct order of processing when configuring NAT rules and security policies?

• A. Policy lookup > source NAT > static NAT > destination NAT
• B. Source NAT > static NAT > destination NAT > policy lookup
• C. Static NAT > destination NAT> policy lookup > source NAT
• D. Destination NAT > policy lookup > source NAT > static NAT

Answer: C

NEW QUESTION 13
Your company has been assigned one public IP address. You want to enable internet traffic to reach multiple servers in your DMZ that are configured with private address.
In this scenario, which type of NAT would be used to accomplish this tasks?

• A. Static NAT
• B. Destination NAT
• C. Source NAT
• D. NAT without PAT

Answer: B

NEW QUESTION 14
You are designing a new security policy on an SRX Series device. You must block an application and log all occurrence of the application access attempts.
In this scenario, which two actions must be enabled in the security policy? (Choose two.)

• A. Log the session initiations
• B. Enable a reject action
• C. Log the session closures
• D. Enable a deny action

Answer: AD

NEW QUESTION 15
Which method do VPNs use to prevent outside parties from viewing packet in clear text?

• A. Integrity
• B. Authentication
• C. Encryption
• D. NAT_T

Answer: C

NEW QUESTION 16
You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.
In this scenario, what must be configured to solve this problem?

• A. A security policy allowing SSH traffic.
• B. A host-inbound-traffic setting on the incoming zone
• C. An MTU value target than the default value
• D. A screen on the internal interface

Answer: B

NEW QUESTION 17
You have configured a Web filtering UTM policy?
Which action must be performed before the Web filtering UTM policy takes effect?

• A. The UTM policy must be linked to an egress interface
• B. The UTM policy be configured as a routing next hop.
• C. The UTM policy must be linked to an ingress interface.
• D. The UTM policy must be linked to a security policy

Answer: D

NEW QUESTION 18
Host-inbound-traffic is configured on the DMZ zone and the ge-0/0/9.0 interface attached to that zone. Referring to the exhibit,

which to types of management traffic would be performed on the SRX Series device? (Choose two.)

• A. HTTPS
• B. SSH
• C. Finger
• D. HTTP

Answer: BD

NEW QUESTION 19
Which two statements are true about UTM on an SRX340? (Choose two.)

• A. A default UTM policy is created.
• B. No default profile is created.
• C. No default UTM policy is created
• D. A default UTM profile is created

Answer: BC

NEW QUESTION 20
Which two segments describes IPsec VPNs? (Choose two.)

• A. IPsec VPN traffic is always authenticated.
• B. IPsec VPN traffic is always encrypted.
• C. IPsec VPNs use security to secure traffic over a public network between two remote sites.
• D. IPsec VPNs are dedicated physical connections between two private networks.

Answer: AC

NEW QUESTION 21
On an SRX Series device, how should you configure your IKE gateway if the remote endpoint is a branch office-using a dynamic IP address?

• A. Configure the IPsec policy to use MDS authentication.
• B. Configure the IKE policy to use aggressive mode.
• C. Configure the IPsec policy to use aggressive mode.
• D. Configure the IKE policy to use a static IP address

Answer: B

NEW QUESTION 22
Which flow module components handles processing for UTM?

• A. Policy
• B. Zones
• C. Services
• D. Screen options

Answer: C

NEW QUESTION 23
Which management software supports metadata-based security policies that are ideal for cloud deployments?

• A. Security Director
• B. J-Web
• C. Network Director
• D. Sky Enterprise

Answer: A

NEW QUESTION 24
......