Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

You want to verify the effectiveness of Web filtering on the SRX Series Firewall.

How would you accomplish this task?

A.

by installing a local NGWF server

B.

by checking the file extensions of blocked content

C.

by examining the content filtering policies

D.

by attempting to access permitted or blocked URLs

Which type of policy is shown in the exhibit?

A.

default policy

B.

intra-zone policy

C.

inter-zone policy

D.

global policy

What is transit traffic in the Junos OS?

A.

It is traffic that is processed solely through the forwarding plane.

B.

It is traffic that is rate-limited to prevent denial-of-service attacks.

C.

It is traffic that is processed by the control plane.

D.

It is traffic that requires special handling by the Routing Engine.

A new packet arrives on an interface on your SRX Series Firewall that is assigned to the trust security zone.

In this scenario, how does the SRX Series Firewall determine the egress security zone?

A.

by performing a session lookup

B.

by examining the destination port

C.

by performing a route lookup

D.

by examining the ingress security zone properties

Which two statements about the host-inbound-traffic parameter in a zone configuration are correct? (Choose two.)

A.

Deleting the host-inbound-traffic parameter blocks console access to the firewall.

B.

Deleting the host-inbound-traffic parameter blocks SSH access to the firewall.

C.

The host-inbound-traffic parameter is implicitly configured in the management zone.

D.

The host-inbound-traffic parameter is explicitly configured in a security zone.

Click the Exhibit button.

Which type of policy is shown in the exhibit?

A.

global policy

B.

inter-zone policy

C.

intra-zone policy

D.

default policy

You are asked to enable trace options to debug the packet flow.

In this scenario, which flag would you configure at the [edit security flow traceoptions] hierarchy?

A.

packet-dump

B.

general

C.

state

D.

basic-datapath

Click the Exhibit button.

Which security policy component is highlighted in the exhibit?

A.

security zone context

B.

unique policy name

C.

match criteria

D.

policy action

You are asked to create a security policy that controls traffic allowed to pass between the Internet and private security zones. You must ensure that this policy is evaluated before all other policy types on your SRX Series device.

In this scenario, which type of security policy should you create?

A.

routing policy

B.

default policy

C.

zone policy

D.

global policy

Which statement is correct about capturing transit packets on an SRX Series Firewall?

A.

You can capture transit packets on the egress interface using a firewall filter.

B.

You can capture transit packets by using a firewall filter on the loopback interface.

C.

You can capture transit packets by using the tcpdump utility in the shell.

D.

You can capture transit packets using sampling and port mirroring.