Q1. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Referring to the topology shown in the exhibit, which two configuration tasks will allow Host A to telnet to the public IP address associated with Server B? (Choose two.)

A. Configure transparent mode to bypass the NAT processing of Server B's public IP address.

B. Configure a stateless filter redirecting local traffic destined to Server B's public IP address.

C. Configure a destination NAT rule that matches local traffic destined to Server B's public IP address.

D. Configure a source NAT rule that matches local traffic destined to Server B's public IP address.

View Answer

Q2. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. While troubleshooting, you change your filter to forward all traffic to ISP1. However, no traffic is sent to ISP1.

What is causing this behavior?

A. The filter is applied to the wrong interface.

B. The filter should use the next-hop action instead of the routing-instance action.

C. The filter term does not have a required from statement.

D. The filter term does not have the accept statement.

View Answer

Q3. Given the following session output:

Session ID., Policy namE.default-policy-00/2, StatE.Active, Timeout: 1794, Valid

In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/80;tcp, IF.reth0.0, Pkts: 4,

Bytes: 574

Out: 192.168.203.10/80 --> 192.168.203.1/24770;tcp, IF.reth1.0, Pkts: 3, Bytes:

Which statement is correct about the security flow session output?

A. This session is about to expire.

B. NAT64 is used.

C. Proxy NDP is used for this session.

D. The IPv4 Web server runs services on TCP port 24770.

View Answer

Q4. You are asked to deploy a group VPN between various sites associated with your company. The gateway devices at the remote locations are SRX240 devices.

Which two statements about the new deployment are true? (Choose two.)

A. The networks at the various sites must use NAT.

B. The participating endpoints in the group VPN can belong to a chassis cluster.

C. The networks at the various sites cannot use NAT.

D. The participating endpoints in the group VPN cannot be part of a chassis cluster.

View Answer

Q5. Click the Exhibit button.

-- Exhibit–

-- Exhibit --

Based on the output shown in the exhibit, what are two results? (Choose two.)

A. The output shows source NAT.

B. The output shows destination NAT.

C. The port information is changed.

D. The port information is unchanged.

View Answer

Q6. You have recently deployed a dynamic VPN. Some remote users are complaining that they

cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN.What are two reasons for this problem? (Choose two.)

A. The supported number of users has been exceeded for the applied license.

B. The users are connecting to the portal using Windows Vista.

C. The SRX device does not have the required user account definitions.

D. The SRX device does not have the required access profile definitions.

View Answer

Q7. Click the Exhibit button.

-- Exhibit --

[edit forwarding-options] user@srx240# show packet-capture {

file filename my-packet-capture; maximum-capture-size 1500;

}

-- Exhibit --

Referring to the exhibit, you are attempting to perform a packet capture on an SRX240 to troubleshoot an SSH issue in your network. However, no information appears in the packet capture file.

Which firewall filter must you apply to the necessary interface to collect data for the packet

capture?

A. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then packet-mode;

}

term allow-all { then accept;

}

}

[edit firewall family inet]

B. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then {

count packet-capture;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

C. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then {

routing-instance packet-capture;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

D. user@srx240# show filter pkt-capture {

term pkt-capture-term { from {

protocol tcp; port ssh;

}

then { sample; accept;

}

}

term allow-all { then accept;

}

}

[edit firewall family inet]

View Answer

Q8. Which two configuration statements are used to share interface routes between routing instances? (Choose two.)

A. export-rib

B. static rib-group

C. interface-routes rib-group

D. import-rib

View Answer

Q9. An SRX Series device is configured for inline tap mode. What will occur if Drop Packet is selected?

A. The SRX Series device drops a matching packet before it can reach its destination but does not close the connection.

B. The SRX Series device will ignore the action Drop Packet.

C. The SRX Series device closes the connection and sends an RST packet to both the client and the server.

D. The SRX Series device drops a matching packet associated with the connection, preventing traffic for the connection from reaching its destination.

View Answer

Q10. Which statement is true about Layer 2 zones when implementing transparent mode security?

A. All interfaces in the zone must be configured with the protocol family mpls.

B. All interfaces in the zone must be configured with the protocol family inet.

C. All interfaces in the zone must be configured with the protocol family bridge.

D. All interfaces in the zone must be configured with the protocol family inet6.

View Answer