Deck 5: Automation and DevOps, Associate

A) Security Director supports creation and maintenance of metadata-based policies.
B) Security Director can deploy enforcement policies automatically to firewalls and switches.
C) Security Director can perform deep-packet analysis.
D) Security Director is preinstalled on SRX Series devices.

A) IPsec VPN traffic is always authenticated.
B) IPsec VPNs are dedicated physical connections between two private networks.
C) IPsec VPN traffic is always encrypted.
D) IPsec VPNs use security measures to secure traffic over a public network between two remote sites.

A) Change the source address for the Block-Facebook-Access rule to the prefix of the users.
B) Change the Block-Facebook-Access rule from a zone policy to a global policy.
C) Move the Block-Facebook-Access rule before the Internet-Access rule.
D) Change the Internet-Access rule from a zone policy to a global policy.

A) source NAT
B) destination NAT
C) NAT without PAT
D) static NAT

A) IMAP
B) POP3
C) SMTP
D) HTTP

A) a collection of one or more network segments sharing similar security requirements
B) an individual logical interface with a public IP address
C) a collection of one or more network segments with different security requirements
D) an individual logical interface with a private IP address

A) You failed to position the policy before the policy that denies access to the webserver.
B) You failed to position the policy after the policy that denies access to the webserver.
C) You failed to commit the policy change.
D) You failed to change the source zone to include any source zone.

A) Junos Space Network Director
B) Juniper Sky Enterprise
C) Juniper SKY ATP
D) Juniper Advanced Threat Prevention

A) proxy ARP
B) destination NAT
C) port forwarding
D) reverse static NAT

A) super-user
B) operator
C) jtac
D) admin

A) application firewall
B) IDP
C) Sky ATP
D) antivirus

A) integrity
B) authentication
C) encryption
D) NAT-T

A) destination NAT > policy lookup > source NAT > static NAT
B) policy lookup > source NAT > static NAT > destination NAT
C) source NAT > static NAT > destination NAT > policy lookup
D) static NAT > destination NAT > policy lookup > source NAT

A) junos-trust
B) untrust
C) trust
D) null

A) content filtering
B) antispam
C) Web filtering
D) URL filtering

A) Address sets can contain addresses from different security zones.
B) A zone can only use one address book at a time.
C) NAT rules can use address objects only from the global address book.
D) Addresses in the global address book are preferred over addresses in a zone-based address book.

A) With global-based policies, you do not need to specify a source address in the match criteria.
B) With global-based policies, you do not need to specify a destination zone in the match criteria.
C) With global-based policies, you do not need to specify a destination address in the match criteria.
D) With global-based policies, you do not need to specify a source zone in the match criteria.

A) User-defined security zones must contain at least one interface.
B) Logical interfaces are added to user-defined security zones.
C) Security policies are referenced within a user-defined security zone.
D) User-defined security zones must contain the key word "zone".

A) junos host
B) null
C) trust
D) management

A) You must enable security logging that uses the TLS transport mode.
B) You must enable security logging that uses the SD-Syslog format.
C) You must enable stream mode security logging on the SRX Series device.
D) You must enable event mode security logging on the SRX Series device.

A) security policy evaluation
B) service ALG processing
C) screens processing
D) zones processing

A) main mode
B) aggressive mode
C) IPsec
D) Diffie-Hellman

A) Security zones use address books to link usernames to IP addresses.
B) Security zones use a stateful firewall to provide secure network connections.
C) Security zones use packet filters to prevent communication between management ports.
D) Security zones use security policies that enforce rules for the transit traffic.

A) RSS feeds
B) C&C feeds
C) ACL feeds
D) malware feeds

A) The Shadow Policies workspace shows unused security policies due to policy overlap.
B) The Shadow Policies workspace shows used security policies due to policy overlap.
C) The Shadow Policies workspace shows unused IPS policies due to policy overlap.
D) The Shadow Policies workspace shows used IPS policies due to policy overlap.

A) a host-inbound-traffic setting on the incoming zone
B) an MTU value larger than the default value
C) a screen on the internal interface
D) a security policy allowing SSH traffic

A) JPG
B) HTML
C) xls
D) CSV

A) source NAT
B) destination NAT
C) content filtering
D) Security Director

A) vSRX cannot be deployed in transparent mode.
B) cSRX can be deployed in routed mode.
C) cSRX cannot be deployed in routed mode.
D) vSRX can be deployed in transparent mode.

A) source NAT without PAT
B) destination NAT without PAT
C) source NAT with PAT
D) destination NAT with PAT

A) All traffic from the trust zone to the untrust zone is allowed.
B) All interzone traffic is denied.
C) All interzone traffic is allowed.
D) All traffic from the untrust zone to the trust zone is denied.

A) Log the session initiations.
B) Enable a reject action.
C) Log the session closures.
D) Enable a deny action.

A) IKE phase 1 is used to establish the data path.
B) IKE phase 1 only supports aggressive mode.
C) IKE phase 1 establishes the tunnel between devices.
D) IKE phase 1 negotiates a secure channel between gateways.

A) antispam
B) antivirus
C) Web filtering
D) content filtering

A) Configure the IPsec policy to use MD5 authentication.
B) Configure the IKE policy to use aggressive mode.
C) Configure the IPsec policy to use aggressive mode.
D) Configure the IKE policy to use a static IP address.

A) availability
B) encryption
C) redundancy
D) integrity

A) The UTM policy must be configured as a routing next hop.
B) The UTM policy must be linked to an ingress interface.
C) The UTM policy must be linked to an egress interface.
D) The UTM policy must be linked to a security policy.

A) Global policies eliminate the need to assign logical interfaces to security zones.
B) Global security policies require you to identify a source and destination zone.
C) Traffic matching global policies is not added to the session table.
D) Global policies allow you to regulate traffic with addresses and applications, regardless of their security zones.

A) Each packet is analyzed based on source zone.
B) Each packet is analyzed based on Application Layer security.
C) Each packet is analyzed as part of a session.
D) Each packet is analyzed by firewall filters.

A) The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
B) The AppTrack module provides control by the routing of traffic, based on the application.
C) The AppTrack module identifies the applications that are present in network traffic.
D) The AppTrack module provides visibility and volumetric reporting of application usage on the network.

A) Sky ATP
B) SSL proxy
C) ALGs
D) high availability

A) 30 seconds
B) 30 minutes
C) 60 seconds
D) 5 minutes

A) A server certificate is not used but a root certificate authority is used.
B) A server certificate and root certificate authority are not used.
C) A server certificate is used but a root certificate authority is not used.
D) A server certificate and a root certificate authority are both used.

A) The AppQoE module provides application-based routing.
B) The AppQoE module prioritizes important applications.
C) The AppQoE module provides routing, based on network conditions.
D) The AppQoE module blocks access to risky applications.

A) 1 minute
B) 60 minutes
C) 15 minutes
D) 30 minutes

A) For user login events, JIMS collects the username and group membership information.
B) For device login events. JIMS collects the devide IP address and operating system version.
C) For device login events, JIMS collects the device IP address and machine name information.
D) For user login events, JIMS collects the login source IP address and username information.

A) Node 0 is passing traffic for redundancy group 1.
B) Redundancy group 1 experienced an operational failure.
C) Redundancy group 1 was administratively failed over.
D) Node 1 is passing traffic for redundancy group1.

A) WELF
B) BSD syslog
C) binary
D) structured syslog

A) When a rule is triggered, JSA can respond by sending an e-mail to JSA administrators.
B) Rules are defined on Junos Space Security Director, and then pushed to JSA log collectors.
C) A rule defines matching criteria and actions that should be taken when an events matches the rule.
D) When a rule is triggered, JSA can respond by blocking all traffic from a specific source address.

A) Microsoft Windows Server 2012 audit logs
B) Microsoft Active Directory server event logs
C) Microsoft Exchange Server event logs
D) Microsoft Active Directory audit logs

A) ALGs are designed for specific protocols that require multiple sessions.
B) ALGs are used with protocols that use multiple ports.
C) ALGs can only be configured using Security Director.
D) ALGs are designed for specific protocols that use a single TCP session.

A) SSL proxy
B) AppSecure
C) JIMS
D) JATP

A) SSL proxy
B) JIMS
C) IPS
D) ALGs

A) Separate event collection and flow collection on separate collectors.
B) Configure an RPM for a third-party device service module.
C) Configure JSA to silently discard unsupported log types.
D) Configure a universal device service module.

A) The session is removed from the session table after 10 seconds of inactivity.
B) The session is removed from the session table after 10 milliseconds of inactivity.
C) Aggressive aging is triggered if the session table reaches 95% capacity.
D) Aggressive aging is triggered if the session table reaches 80% capacity.

A)
B)
C)
D)

A) Incidents have an associated threat number assigned to them.
B) Incidents are sorted by category, followed by severity.
C) Incidents consist of all the events associated with a single threat.
D) Incidents are always automatically mitigated.

A) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.
B) MPLS LSPs can be used to connect vSRXs in different VPCs.
C) IPsec tunnels can be used to connect vSRX in different VPCs.
D) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.

A) The current session are torn dowm only if the policy-rematch option has been enabled. The current session are torn dowm only if the policy-rematch option has been enabled.
B) The current sessions do not change.
C) The current sessions are torn down and go through first path processing based on the new route.
D) The current sessions might change based on the corresponding security policy.

A) Only use on-premises local Sky ATP server anti-malware file scanning.
B) Only use cloud-based Sky ATP file hash lookups.
C) Only use on-box SRX anti-malware file scanning.
D) Only use cloud-based Sky ATP file blacklists.

A) Forwarding Lookup
B) Services ALGs
C) Screens
D) Security Policy

A) 4
B) 10
C) 3
D) 12

A) The DNS ALG performs the IPv4 and IPV6 address transformations.
B) The DNS ALG performs DNS doctoring.
C) The DNS ALG modifies the DNS payload in NAT mode.
D) The DNS ALG performs DNSSEC.
E) The DNS ALG performs DNS load balancing.

A) JIMS synchronizes Active Directory authentication information between a primary and secondary JIMS server.
B) JIMS forwards Active Directory authentication information to SRX Series client devices.
C) JIMS collects and maintains a database of authentication information from Active Directory domains.
D) JIMS replicates Active Directory authentication information to non-trusted Active Directory domain controllers.

A) Configure the SRX Series device as a trusted site in the client Web browsers.
B) Regenerate the SRX self-signed CA certificate and include the correct organization name.
C) Import the SRX self-signed CA certificate into the client Web browsers.
D) Import the SRX self-signed CA certificate into the SRX certificate public store.

A) Security Director must be used to view third-party events rom JSA flow collectors.
B) JSA supports events and flows from Junos devices, including third-party devices.
C) JSA events must be manually imported into Security Directory using an SSH connection.
D) JSA can be used as a log node with Security Director or as a standalone solution.

A) IDP blocks root users. IDP blocks root users.
B) IDP closes the connection on matched sessions.
C) IDP ignores the connection on matched sessions.
D) IDP blocks all users.

A) Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed.
B) Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score.
C) Malicious HTTP file downloads are never blocked.
D) Malicious HTTP file downloads are always blocked.

A) source IP address
B) destination IP address
C) destination port
D) source port

A) Control links must operate in promiscuous mode.
B) Control links must have an MTU of 9000.
C) Fabric links must operate in promiscuous mode.
D) Fabric links must have an MTU of 9000.

A) You must enable the AppTrack feature within the Internet zone configuration.
B) You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.
C) You must enable the AppTrack feature within the interface configuration associated with the User zone.
D) You must enable the AppTrack feature within the User zone configuration.

A) Log Director
B) JSA
C) Policy Enforcer
D) Contrail

A) scheduler
B) pass-through authentication
C) ALGs
D) counters

A) A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.
B) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.
C) A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.
D) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.

A) 2
B) 4
C) 6
D) 8

A) syslog
B) sd-syslog
C) binary
D) WELF

A) Configure a new anti-virus configuration rule.
B) Configure whitelist rules
C) Configure YARA rules.
D) Configure the SAML settings.

A) Log Collector
B) Assets
C) Network Activity
D) Offense Manager