NEW QUESTION 1
You are implementing user authentication on your network using an SRX Series device and want to ensure that there are redundant forms of authentication for users to access the network. You have configured the device with the integrated user firewall and user role firewall features. You are testing failover methods using the default priority values.
In this scenario, which two statements are true? (Choose two.)

• A. If the user fails local authentication, then the Junos OS will attempt to authenticate the user with a user role firewall.
• B. If the user fails user role firewall authentication, then the Junos OS will attempt to authenticate the user with an integrated user firewall.
• C. If the user fails integrated user firewall authentication, then the Junos OS will attempt toauthenticate with a user role firewall.
• D. If the user fails local authentication, then the Junos OS will attempt to authenticate the user with an integrated user firewall.

Answer: CD

NEW QUESTION 2
Click the Exhibit button.

Your organization requests that you direct Facebook traffic out a different link to ensure that the bandwidth for critical applications is protected.
Referring to the exhibit, which forwarding instance will be used on your SRX Series device?

• A. R3
• B. R1
• C. R2
• D. inet.0

Answer: C

NEW QUESTION 3
You are creating an IPS policy with multiple rules. You want traffic that matches rule 5 to silently be dropped, along with any future packets that match the appropriate attributes of the incoming traffic.
In this scenario, which ip-action parameter should you use?

• A. ip-block
• B. ip-close
• C. log-create
• D. timeout

Answer: A

NEW QUESTION 4
Which statement about transparent mode on an SRX340 is true?

• A. You must reboot the device after configuring transparent mode.
• B. Security policies applied to transparent mode zones require Layer 2 address matching.
• C. Screens are not supported in transparent mode security zones.
• D. All interfaces on the device must be configured with the ethernet-switching protocol family.

Answer: A

NEW QUESTION 5
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

• A. You can secure inter-VLAN traffic with a security policy on this device.
• B. You can secure intra-VLAN traffic with a security policy on this device.
• C. The device can pass Layer 2 and Layer 3 traffic at the same time.
• D. The device cannot pass Layer 2 and Layer 3 traffic at the same time.

Answer: AC

NEW QUESTION 6
What is a function of UTM?

• A. AppFW
• B. IPsec
• C. content filtering
• D. bridge mode

Answer: C

NEW QUESTION 7
You have implemented APBR on your SRX Series device and are verifying that your changes are working properly. You notice that when you start the application for the first time, it does not follow the expected path.
What are two reasons that would cause this behavior? (Choose two.)

• A. The application system cache does not have an entry for the first session.
• B. The application system cache has been disabled.
• C. The application system cache already has an entry for this application.
• D. The advanced policy-based routing is applied to the ingress zone and must be moved to the egress zone.

Answer: AB

NEW QUESTION 8
Click the Exhibit button.

Security Director is reporting the events shown in the exhibit.
If the fallback parameter is set to pass traffic, what would cause the events?

• A. The files are too large for the antivirus engine to process.
• B. The files are not scanned because they were permitted by a security policy.
• C. The files are not scanned because they are the wrong file format.
• D. The antivirus engine is unable to re-encrypt the files.

Answer: A

NEW QUESTION 9
Your network includes SRX Series devices configured with AppSecure.
Which two statements regarding the application identification engine are true? (Choose two.)

• A. Applications are only matched in traffic flows associated with client-to-server sessions.
• B. Applications are matched in traffic flows associated with client-to-server and server-to- client sessions.
• C. If the packets entering the engine match a known application, then processing continues.
• D. If the packets entering the engine match a known application, then processing stops.

Answer: BD

NEW QUESTION 10
Using the Policy Controller API, which configuration would post Sky ATP with PE mode to the Policy Enforcer controller configuration?

• A. “configs”: {“sdsn”: false“cloudonly”: true}
• B. “configs”: {“sdsn”: false“cloud”: false}
• C. “configs”: {“sdsn”: true“cloudonly”: false}
• D. “configs”: {“sdsn”: false“cloud”: true}

Answer: C

NEW QUESTION 11
Click the Exhibit button.

Referring to the exhibit, the host has been automatically blocked from communicating on the network because a malicious file was downloaded. You cleaned the infected host and changed the investigation status to Resolved – Fixed.
What does Sky ATP do if the host then attempts to download a malicious file that would result in a threat score of 10?

• A. Sky ATP does not log the connection attempt and an SRX Series device does not allow the host to communicate on the network.
• B. Sky ATP logs the connection attempt and an SRX Series device does not allow the host to communicate on the network.
• C. Sky ATP logs the connection attempt and an SRX Series device allows the host to communicate on the network.
• D. Sky ATP does not log the connection attempt and an SRX Series device allows the host to communicate on the network.

Answer: C

NEW QUESTION 12
Which browser is supported by Security Director with Logging and Reporting?

• A. Firefox
• B. Agora
• C. PowerBrowser
• D. Mosaic

Answer: A

NEW QUESTION 13
Click the Exhibit button.

Referring to the exhibit, which statement is true?

• A. E-mails from the user@example.com address are marked with SPAM in the subject line by the spam block list server.
• B. E-mails from the user@example.com address are blocked by the spam list server.
• C. E-mails from the user@example.com address are blocked by the reject blacklist.
• D. E-mails from the user@example.com address are allowed by the allow whitelist.

Answer: D

NEW QUESTION 14
You have set up Sky ATP with the SRX Series devices in your network. However, your SRX Series devices are unable to communicate with the Sky ATP cloud because the communication is being blocked by a gateway network device.
Which two actions should you take to solve the problem? (Choose two.)

• A. Open destination port 443 inbound from the Internet on the gateway network device.
• B. Open destination port 8080 outbound from the Internet on the gateway network device.
• C. Open destination port 443 outbound from the Internet on the gateway network device.
• D. Open destination port 8080 inbound from the Internet on the gateway network device.

Answer: CD

NEW QUESTION 15
After using Security Director to add a new firewall policy rule on an SRX Series device, you notice that the hit count on the policy is not increasing. Upon further investigation, you find that the devices listed in the new rule are able to communicate as expected. Your firewall policy consists of hundreds of rules.
Using only Security Director, how do you find the rule that is allowing the communication to occur in this scenario?

• A. Generate a Top Firewall Rules report.
• B. Generate a Policy Analysis report.
• C. Generate a Top Source IPs report.
• D. Generate a Top Firewall Events report.

Answer: D

NEW QUESTION 16
Which IDP rule configuration will send an RST to any new session that meets the action criteria?

• A. ip-action block
• B. action close-client-and-server
• C. ip-action close
• D. action drop-connection

Answer: C

NEW QUESTION 17
You have been notified by your colocation provider that your infrastructure racks will no longer be adjacent to each other.
In this scenario, which technology would you use to secure all Layer 2 and Layer 3 traffic between racks?

• A. IPsec
• B. GRE
• C. 802.1BR
• D. MACsec

Answer: D

NEW QUESTION 18
Your network includes SRX Series devices at the headquarters location. The SRX Series devices at this location are part of a high availability chassis cluster and are expected to support several UTM features.
Which two statements related to this environment are true? (Choose two.)

• A. UTM features can be configured on either of the nodes within the cluster.
• B. The chassis cluster must be configured for active/active mode.
• C. UTM features must be configured on the primary node within the cluster.
• D. The chassis cluster must be configured for active/backup mode.

Answer: AD

NEW QUESTION 19
You are using IDP on your SRX Series device and are asked to ensure that the SRX Series device has the latest IDP database, as well as the latest application signature database.
In this scenario, which statement is true?

• A. The application signature database cannot be updated on a device with the IDP database installed.
• B. You must download each database separately.
• C. The IDP database includes the latest application signature database.
• D. You must download the application signature database before installing the IDP database.

Answer: C

NEW QUESTION 20
Which two parameters are required to match in an IDP rule for the terminal option to take effect? (Choose two.)

• A. attacks custom-attacks
• B. attacks predefined-attacks
• C. application
• D. source-address

Answer: AB

NEW QUESTION 21
Click the Exhibit button.

Referring to the exhibit, a user with IP address 10.1.1.85 generates a request that triggers the HTTP:EXT:DOT-LNK IDP signature that is a member of the “HTTP – All” predefined attack group.
In this scenario, which statement is true?

• A. The session will be closed and a reset sent to the client and server.
• B. A Differentiated Services code point value of 8 will be applied.
• C. No action will be taken and the attack information will be logged.
• D. The session will be dropped with no reset sent to the client or server.

Answer: D

NEW QUESTION 22
Click the Exhibit button.

Referring to the exhibit, how many AppTrack logs will be generated for an HTTP session lasting 12 minutes?

• A. 4
• B. 2
• C. 1
• D. 3

Answer: A

NEW QUESTION 23
What is the required when deploying a log collector in Junos Space?

• A. root user access to the log collector
• B. a shared log file directory on the log collector
• C. the IP address of interface eth1 on the log collector
• D. a distributed deployment of the log collector nodes

Answer: A

NEW QUESTION 24
The Software-Defined Secure Networks Policy Enforcer contains which two components? (Choose two.)

• A. SRX Series device
• B. Sky ATP
• C. Policy Controller
• D. Feed Connector

Answer: CD

NEW QUESTION 25
Click the Exhibit button.

The UTM policy shown in the exhibit has been applied to a security policy on a branch SRX Series device.
In this scenario, which statement is true?

• A. HTTP downloads of ZIP files will be blocked.
• B. FTP downloads of ZIP files will be blocked.
• C. E-mail downloads of ZIP files will be blocked.
• D. ZIP files can be renamed with a new extension to pass through the filter.

Answer: A

NEW QUESTION 26
......