Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

How does the SSL proxy service identify SSL traffic?

A.

by examining the URL

B.

by using AppID results

C.

by examining the destination port

D.

by reading the server certificate

Which protocol does the SRX Series Firewall use to communicate with a Windows domain controller?

A.

SSH

B.

LDAP

C.

DNS

D.

NETCONF

Your manager asks you to update your SRX Series device’s IDP security package. You perform the required steps; however, when you attempt to install the package, you receive an error.

Referring to the exhibit, which two statements are correct about this error? (Choose two.)

A.

IDP stops inspecting traffic.

B.

The IDP license has expired.

C.

IDP continues to inspect traffic only using the installed signatures.

D.

The IDP license is missing/not installed.

What are two ways to help reduce false positives for an IDP rule? (Choose two.)

A.

Change the rule to a lower severity action.

B.

Remove the attack object from the rule.

C.

Create an exempt rule.

D.

Configure a terminal rule at the end of the rule base.

You are asked to ensure that traffic that matches an IDP policy is not impacted until administrators have a chance to evaluate it.

In this scenario, which IP action should be configured for the policy?

A.

ip-block

B.

ip-notify

C.

ip-connection-rate-limit

D.

ip-close

You are deploying a new SRX Series device and you need to log denied traffic.

In this scenario, which two policy parameters are required to accomplish this task? (Choose two.)

A.

session-init

B.

session-close

C.

deny

D.

count

Which two statements are correct about the security associations of an IPsec VPN? (Choose two.)

A.

IPsec security associations are established during IKEv1 Phase 2 negotiations.

B.

IKEv1 security associations are established during IKEv1 Phase 2 negotiations.

C.

IPsec security associations are established during IKEv1 Phase 1 negotiations.

D.

IKEv1 security associations are established during IKEv1 Phase 1 negotiations.

You need to secure communications from a mobile command center which uses a 5G mobile ISP behind CGNAT to an SRX Series Firewall at headquarters.

Which two actions should be performed on the SRX Series Firewall in this scenario? (Choose two.)

A.

Configure the IPsec VPN to use NAT-T.

B.

Configure the IPsec VPN to use IKEv1 aggressive mode.

C.

Configure the IPsec VPN to use IKEv2 aggressive mode.

D.

Configure the IPsec VPN to use DPD.

You have configured a new site-to-site VPN tunnel. The exhibit shows the security IPsec statistics output for the specific tunnel index from one of the tunnel-end devices.

Which two statements are correct in this scenario? (Choose two.)

A.

AH is incorrectly configured.

B.

The far-end tunnel device is rebooting.

C.

The ESP configuration is not set up correctly.

D.

No traffic passes through this tunnel.

A pair of branch SRX Series devices are booted up in cluster mode.

Referring to the exhibit, which statement is correct?

A.

the devices are not running the same version of Junos.

B.

the devices are not the same hardware.

C.

fxp0 or fxp1 on either device has an existing configuration.

D.

node1 is running a " factory-default config " .