Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 6: Security, Associate (JNCIA-SEC)

Full screen (f)
exit full mode
Question
Which two statements are true about virtualized SRX Series devices? (Choose two.)

A) vSRX cannot be deployed in transparent mode.
B) cSRX can be deployed in routed mode.
C) cSRX cannot be deployed in routed mode.
D) vSRX can be deployed in transparent mode.
Use Space or
up arrow
down arrow
to flip the card.
Question
What are two valid JIMS event log sources? (Choose two.)

A) Microsoft Windows Server 2012 audit logs
B) Microsoft Active Directory server event logs
C) Microsoft Exchange Server event logs
D) Microsoft Active Directory audit logs
Question
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements are true about the configuration shown in the exhibit? (Choose two.)</strong> A) The session is removed from the session table after 10 seconds of inactivity. B) The session is removed from the session table after 10 milliseconds of inactivity. C) Aggressive aging is triggered if the session table reaches 95% capacity. D) Aggressive aging is triggered if the session table reaches 80% capacity. <div style=padding-top: 35px> Which two statements are true about the configuration shown in the exhibit? (Choose two.)

A) The session is removed from the session table after 10 seconds of inactivity.
B) The session is removed from the session table after 10 milliseconds of inactivity.
C) Aggressive aging is triggered if the session table reaches 95% capacity.
D) Aggressive aging is triggered if the session table reaches 80% capacity.
Question
Which statement describes the AppTrack module in AppSecure?

A) The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
B) The AppTrack module provides control by the routing of traffic, based on the application.
C) The AppTrack module identifies the applications that are present in network traffic.
D) The AppTrack module provides visibility and volumetric reporting of application usage on the network.
Question
You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs). Which two statements are true in this scenario? (Choose two.)

A) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.
B) MPLS LSPs can be used to connect vSRXs in different VPCs.
C) IPsec tunnels can be used to connect vSRX in different VPCs.
D) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.
Question
Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

A) Cluster nodes require an upgrade to HA compliant Routing Engines.
B) Cluster nodes must be connected through a Layer 2 switch.
C) There can be active/passive or active/active clusters.
D) HA clusters must use NAT to prevent overlapping subnets between the nodes.
Question
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements describe the output shown in the exhibit? (Choose two.)</strong> A) Node 0 is passing traffic for redundancy group 1. B) Redundancy group 1 experienced an operational failure. C) Redundancy group 1 was administratively failed over. D) Node 1 is passing traffic for redundancy group1. <div style=padding-top: 35px> Which two statements describe the output shown in the exhibit? (Choose two.)

A) Node 0 is passing traffic for redundancy group 1.
B) Redundancy group 1 experienced an operational failure.
C) Redundancy group 1 was administratively failed over.
D) Node 1 is passing traffic for redundancy group1.
Question
Which two statements describe application-layer gateways (ALGs)? (Choose two.)

A) ALGs are designed for specific protocols that require multiple sessions.
B) ALGs are used with protocols that use multiple ports.
C) ALGs can only be configured using Security Director.
D) ALGs are designed for specific protocols that use a single TCP session.
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, you want to deploy Sky ATP with Policy Enforcer to block infected hosts at the access layer. To complete this task, where should you configure the default gateway for the User-1 device?</strong> A) the irb interface on QFX-2 B) the irb interface on QFX-1 C) the interface of QFX-1 that connects to User-1 D) the interface on SRX-1 that connects to QFX-2 <div style=padding-top: 35px> Referring to the exhibit, you want to deploy Sky ATP with Policy Enforcer to block infected hosts at the access layer. To complete this task, where should you configure the default gateway for the User-1 device?

A) the irb interface on QFX-2
B) the irb interface on QFX-1
C) the interface of QFX-1 that connects to User-1
D) the interface on SRX-1 that connects to QFX-2
Question
What are two types of attack objects used by IPS on SRX Series devices? (Choose two.)

A) protocol anomaly-based attacks
B) spam-based attacks
C) signature-based attacks
D) DDoS-based attacks
Question
What information does JIMS collect from domain event log sources? (Choose two.)

A) For user login events, JIMS collects the username and group membership information.
B) For device login events. JIMS collects the devide IP address and operating system version.
C) For device login events, JIMS collects the device IP address and machine name information.
D) For user login events, JIMS collects the login source IP address and username information.
Question
What are two elements of a custom IDP/IPS attack object? (Choose two.)

A) the attack signature
B) the severity of the attack
C) the destination zone
D) the exempt rulebase
Question
Which statement is true about JATP incidents?

A) Incidents have an associated threat number assigned to them.
B) Incidents are sorted by category, followed by severity.
C) Incidents consist of all the events associated with a single threat.
D) Incidents are always automatically mitigated.
Question
Which two statements describe how rules are used with Juniper Secure Analytics? (Choose two.)

A) When a rule is triggered, JSA can respond by sending an e-mail to JSA administrators.
B) Rules are defined on Junos Space Security Director, and then pushed to JSA log collectors.
C) A rule defines matching criteria and actions that should be taken when an events matches the rule.
D) When a rule is triggered, JSA can respond by blocking all traffic from a specific source address.
Question
What are two examples of RTOs? (Choose two.)

A) IPsec SA entries
B) session table entries
C) fabric link probes
D) control link heartbeats
Question
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)

A) AppQoE
B) APBR
C) Secure Application Manager
D) AppQoS
E) AppFormix
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the configuration shown in the exhibit, which two statements are true? (Choose two.)</strong> A) The log is being stored on the local Routing Engine. B) The log is being sent to a remote server. C) The syslog is configured for a user facility. The syslog is configured for a user facility. D) The syslog is configured for an info facility. The syslog is configured for an info <div style=padding-top: 35px> Referring to the configuration shown in the exhibit, which two statements are true? (Choose two.)

A) The log is being stored on the local Routing Engine.
B) The log is being sent to a remote server.
C) The syslog is configured for a user facility. The syslog is configured for a user facility.
D) The syslog is configured for an info facility. The syslog is configured for an info
Question
You must ensure that all encrypted traffic passing through your SRX device uses strong protocols and ciphers. Which feature should you implement to satisfy this requirement?

A) SSL proxy
B) AppSecure
C) JIMS
D) JATP
Question
You are asked to improve resiliency for individual redundancy groups in an SRX4600 chassis cluster. Which two features would accomplish this task? (Choose two.)

A) IP address monitoring
B) control link recovery
C) interface monitoring
D) dual fabric links
Question
A routing change occurs on an SRX Series device that involves choosing a new egress interface. In this scenario, which statement is true for all affected current sessions?

A) The current session are torn dowm only if the policy-rematch option has been enabled. The current session are torn dowm only if the policy-rematch option has been enabled.
B) The current sessions do not change.
C) The current sessions are torn down and go through first path processing based on the new route.
D) The current sessions might change based on the corresponding security policy.
Question
The DNS ALG performs which three functions? (Choose three.)

A) The DNS ALG performs the IPv4 and IPV6 address transformations.
B) The DNS ALG performs DNS doctoring.
C) The DNS ALG modifies the DNS payload in NAT mode.
D) The DNS ALG performs DNSSEC.
E) The DNS ALG performs DNS load balancing.
Question
Which two settings must be enabled on the hypervisor in a vSRX deployment to ensure proper chassis cluster operation? (Choose two.)

A) Control links must operate in promiscuous mode.
B) Control links must have an MTU of 9000.
C) Fabric links must operate in promiscuous mode.
D) Fabric links must have an MTU of 9000.
Question
What is the default timeout period for a TCP session in the session table of a Junos security device?

A) 1 minute
B) 60 minutes
C) 15 minutes
D) 30 minutes
Question
What are two management methods for cSRX? (Choose two.)

A) Network Director
B) J-Web
C) CLI
D) Contrail
Question
You want to collect events and flows from third-party vendors. Which solution should you deploy to accomplish this task?

A) Log Director
B) JSA
C) Policy Enforcer
D) Contrail
Question
When referencing a SSL proxy profile in a security policy, which two statements are correct? (Choose two.)

A) A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.
B) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.
C) A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.
D) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.
Question
In an Active/Active chassis cluster deployment, which chassis cluster component is responsible for RG0 traffic?

A) the backup routing engine of the primary node
B) the master routing engine of the secondary node
C) the primary node
D) the secondary node
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) IDP blocks root users. IDP blocks root users. B) IDP closes the connection on matched sessions. C) IDP ignores the connection on matched sessions. D) IDP blocks all users. <div style=padding-top: 35px> Referring to the exhibit, which statement is true?

A) IDP blocks root users. IDP blocks root users.
B) IDP closes the connection on matched sessions.
C) IDP ignores the connection on matched sessions.
D) IDP blocks all users.
Question
Your manager asks you to find employees that are watching YouTube during office hours. Which AppSecure component would you configure to accomplish this task?

A) AppQoE
B) AppFW
C) AppTrack
D) AppQoS
Question
Click the Exhibit button. <strong>Click the Exhibit button. The output shown in the exhibit is displayed in which format?</strong> A) syslog B) sd-syslog C) binary D) WELF <div style=padding-top: 35px> The output shown in the exhibit is displayed in which format?

A) syslog
B) sd-syslog
C) binary
D) WELF
Question
Which two statements describe JSA? (Choose two.)

A) Security Director must be used to view third-party events rom JSA flow collectors.
B) JSA supports events and flows from Junos devices, including third-party devices.
C) JSA events must be manually imported into Security Directory using an SSH connection.
D) JSA can be used as a log node with Security Director or as a standalone solution.
Question
Which two protocols are supported for Sky ATP advanced anti-malware scanning? (Choose two.)

A) POP3
B) MAPI
C) IMAP
D) SMTP
Question
You want to use Sky ATP to protect your network; however, company policy does not allow you to send any files to the cloud. Which Sky ATP feature should you use in this situation?

A) Only use on-premises local Sky ATP server anti-malware file scanning.
B) Only use cloud-based Sky ATP file hash lookups.
C) Only use on-box SRX anti-malware file scanning.
D) Only use cloud-based Sky ATP file blacklists.
Question
You are asked to enable AppTrack to monitor application traffic from hosts in the User zone destined to hosts in the Internet zone. In this scenario, which statement is true?

A) You must enable the AppTrack feature within the Internet zone configuration.
B) You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.
C) You must enable the AppTrack feature within the interface configuration associated with the User zone.
D) You must enable the AppTrack feature within the User zone configuration.
Question
Which two functions are performed by Juniper Identity Management Service (JIMS)? (Choose two.)

A) JIMS synchronizes Active Directory authentication information between a primary and secondary JIMS server.
B) JIMS forwards Active Directory authentication information to SRX Series client devices.
C) JIMS collects and maintains a database of authentication information from Active Directory domains.
D) JIMS replicates Active Directory authentication information to non-trusted Active Directory domain controllers.
Question
You are deploying the Junos application firewall feature in your network. In this scenario, which two elements are mapped to applications in the application system cache? (Choose two.)

A) destination port
B) source port
C) destination IP address
D) source IP address
Question
What are two examples of RTOs? (Choose two.)

A) IPsec SA entries
B) session table entries
C) fabric link probes
D) control link heartbeats
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?</strong> A) Forwarding Lookup B) Services ALGs C) Screens D) Security Policy <div style=padding-top: 35px> Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?

A) Forwarding Lookup
B) Services ALGs
C) Screens
D) Security Policy
Question
You must configure JSA to accept events from an unsupported third-party log source. In this scenario, what should you do?

A) Separate event collection and flow collection on separate collectors.
B) Configure an RPM for a third-party device service module.
C) Configure JSA to silently discard unsupported log types.
D) Configure a universal device service module.
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which two devices are considered to be part of the secure fabric site with Policy Enforcer? (Choose two.)</strong> A) Server-2 B) SRX-1 C) Server-1 D) QFX-1 <div style=padding-top: 35px> Referring to the exhibit, which two devices are considered to be part of the secure fabric site with Policy Enforcer? (Choose two.)

A) Server-2
B) SRX-1
C) Server-1
D) QFX-1
Question
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)

A) AppQoE
B) APBR
C) Secure Application Manager
D) AppQoS
E) AppFormix
Question
Click the Exhibit button. <strong>Click the Exhibit button. The output shown in the exhibit is displayed in which format?</strong> A) syslog B) WELF C) binary D) sd-syslog <div style=padding-top: 35px> The output shown in the exhibit is displayed in which format?

A) syslog
B) WELF
C) binary
D) sd-syslog
Question
Click the Exhibit button. <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) <div style=padding-top: 35px> You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?

A) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
Which two statements are true about virtualized SRX Series devices? (Choose two.)

A) vSRX cannot be deployed in transparent mode.
B) cSRX can be deployed in routed mode.
C) cSRX cannot be deployed in routed mode.
D) vSRX can be deployed in transparent mode.
Question
The AppQoE module of AppSecure provides which function?

A) The AppQoE module provides application-based routing.
B) The AppQoE module prioritizes important applications.
C) The AppQoE module provides routing, based on network conditions.
D) The AppQoE module blocks access to risky applications.
Question
Which statement is true about JATP incidents?

A) Incidents have an associated threat number assigned to them.
B) Incidents are sorted by category, followed by severity.
C) Incidents consist of all the events associated with a single threat.
D) Incidents are always automatically mitigated.
Question
Which two solutions provide a sandboxing feature for finding zero-day malware threats? (Choose two.)

A) Sky ATP
B) UTM
C) JATP
D) IPS
Question
Which two statements describe client-protection SSL proxy on an SRX Series device? (Choose two.)

A) The server-protection SSL proxy intercepts the server certificate.
B) The server-protection SSL proxy is also known as SSL reverse proxy.
C) The server-protection SSL proxy forwards the server certificate after modification.
D) The server-protection SSL proxy acts as the server from the client's perspective.
Question
You are configuring a client-protection SSL proxy profile. Which statement is correct in this scenario?

A) A server certificate is not used but a root certificate authority is used.
B) A server certificate and root certificate authority are not used.
C) A server certificate is used but a root certificate authority is not used.
D) A server certificate and a root certificate authority are both used.
Question
Your network uses a remote e-mail server that is used to send and receive e-mails for your users. In this scenario, what should you do to protect users from receiving malicious files through e-mail?

A) Deploy Sky ATP IMAP e-mail protection
B) Deploy Sky ATP MAPI e-mail protection
C) Deploy Sky ATP SMTP e-mail protection
D) Deploy Sky ATP POP3 e-mail protection
Question
What are two elements of a custom IDP/IPS attack object? (Choose two.)

A) the attack signature
B) the severity of the attack
C) the destination zone
D) the exempt rulebase
Question
Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

A) Cluster nodes require an upgrade to HA compliant Routing Engines.
B) Cluster nodes must be connected through a Layer 2 switch.
C) There can be active/passive or active/active clusters.
D) HA clusters must use NAT to prevent overlapping subnets between the nodes.
Question
Which statement describes the AppTrack module in AppSecure?

A) The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
B) The AppTrack module provides control by the routing of traffic, based on the application.
C) The AppTrack module identifies the applications that are present in network traffic.
D) The AppTrack module provides visibility and volumetric reporting of application usage on the network.
Question
You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs). Which two statements are true in this scenario? (Choose two.)

A) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.
B) MPLS LSPs can be used to connect vSRXs in different VPCs.
C) IPsec tunnels can be used to connect vSRX in different VPCs.
D) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.
Question
You must ensure that all encrypted traffic passing through your SRX device uses strong protocols and ciphers. Which feature should you implement to satisfy this requirement?

A) SSL proxy
B) AppSecure
C) JIMS
D) JATP
Question
Click the Exhibit button. <strong>Click the Exhibit button. You need to have the JATP solution analyzer .jar, .xls, and .doc files. Referring to the exhibit, which two file types must be selected to accomplish this task? (Choose two.)</strong> A) Java B) library C) document D) executable <div style=padding-top: 35px> You need to have the JATP solution analyzer .jar, .xls, and .doc files. Referring to the exhibit, which two file types must be selected to accomplish this task? (Choose two.)

A) Java
B) library
C) document
D) executable
Question
You must configure JSA to accept events from an unsupported third-party log source. In this scenario, what should you do?

A) Separate event collection and flow collection on separate collectors.
B) Configure an RPM for a third-party device service module.
C) Configure JSA to silently discard unsupported log types.
D) Configure a universal device service module.
Question
Which two statements describe application-layer gateways (ALGs)? (Choose two.)

A) ALGs are designed for specific protocols that require multiple sessions.
B) ALGs are used with protocols that use multiple ports.
C) ALGs can only be configured using Security Director.
D) ALGs are designed for specific protocols that use a single TCP session.
Question
What are two types of attack objects used by IPS on SRX Series devices? (Choose two.)

A) protocol anomaly-based attacks
B) spam-based attacks
C) signature-based attacks
D) DDoS-based attacks
Question
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements describe the output shown in the exhibit? (Choose two.)</strong> A) Node 0 is passing traffic for redundancy group 1. B) Redundancy group 1 experienced an operational failure. C) Redundancy group 1 was administratively failed over. D) Node 1 is passing traffic for redundancy group1. <div style=padding-top: 35px> Which two statements describe the output shown in the exhibit? (Choose two.)

A) Node 0 is passing traffic for redundancy group 1.
B) Redundancy group 1 experienced an operational failure.
C) Redundancy group 1 was administratively failed over.
D) Node 1 is passing traffic for redundancy group1.
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed. B) Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score. C) Malicious HTTP file downloads are never blocked. D) Malicious HTTP file downloads are always blocked. <div style=padding-top: 35px> Referring to the exhibit, which statement is true?

A) Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed.
B) Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score.
C) Malicious HTTP file downloads are never blocked.
D) Malicious HTTP file downloads are always blocked.
Question
What is the default timeout period for a TCP session in the session table of a Junos security device?

A) 1 minute
B) 60 minutes
C) 15 minutes
D) 30 minutes
Question
Which feature is used when you want to permit traffic on an SRX Series device only at specific times?

A) scheduler
B) pass-through authentication
C) ALGs
D) counters
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) IDP blocks root users. IDP blocks root users. B) IDP closes the connection on matched sessions. C) IDP ignores the connection on matched sessions. D) IDP blocks all users. <div style=padding-top: 35px> Referring to the exhibit, which statement is true?

A) IDP blocks root users. IDP blocks root users.
B) IDP closes the connection on matched sessions.
C) IDP ignores the connection on matched sessions.
D) IDP blocks all users.
Question
How many nodes are configurable in a chassis cluster using SRX Series devices?

A) 2
B) 4
C) 6
D) 8
Question
When referencing a SSL proxy profile in a security policy, which two statements are correct? (Choose two.)

A) A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.
B) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.
C) A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.
D) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.
Question
Click the Exhibit button. <strong>Click the Exhibit button. You have implemented SSL proxy client protection. After implementing this feature, your users are complaining about the warning message shown in the exhibit. Which action must you perform to eliminate the warning message?</strong> A) Configure the SRX Series device as a trusted site in the client Web browsers. B) Regenerate the SRX self-signed CA certificate and include the correct organization name. C) Import the SRX self-signed CA certificate into the client Web browsers. D) Import the SRX self-signed CA certificate into the SRX certificate public store. <div style=padding-top: 35px> You have implemented SSL proxy client protection. After implementing this feature, your users are complaining about the warning message shown in the exhibit. Which action must you perform to eliminate the warning message?

A) Configure the SRX Series device as a trusted site in the client Web browsers.
B) Regenerate the SRX self-signed CA certificate and include the correct organization name.
C) Import the SRX self-signed CA certificate into the client Web browsers.
D) Import the SRX self-signed CA certificate into the SRX certificate public store.
Question
What are two management methods for cSRX? (Choose two.)

A) Network Director
B) J-Web
C) CLI
D) Contrail
Question
After a software upgrade on an SRX5800 chassis cluster, you notice that both node0 and node1 are in the primary state, when node1 should be secondary. All control and fabric links are operating normally. In this scenario, which step must you perform to recover the cluster?

A) Execute the request system reboot command on node1. Execute the request system reboot command on node1.
B) Execute the request system software rollback command on node0. request system software rollback command on node0.
C) Execute the request system software add command on node1. request system software add
D) Execute the request system reboot command on node0.
Question
You have deployed JSA and you need to view events and network activity that match rule criteria. You must view this data using a single interface. Which JSA feature should you use in this scenario?

A) Log Collector
B) Assets
C) Network Activity
D) Offense Manager
Question
You are using the JIMS Administrator user interface to add multiple SRX client devices. You must share common configuration attributes across the SRX clients without having to re-enter those attributes for each SRX client instance. Which JIMS Administrator feature would be used to accomplish this task?

A) JIMS automation
B) JIMS templates
C) JIMS client profiles
D) JIMS client defaults
Question
You must block the lateral spread of Remote Administration Tools (RATs) that use SMB to propagate within the network, using the JATP solution. Which action would accomplish this task?

A) Configure a new anti-virus configuration rule.
B) Configure whitelist rules
C) Configure YARA rules.
D) Configure the SAML settings.
Question
What is the maximum number of supported interfaces on a vSRX hosted in a VMware environment?

A) 4
B) 10
C) 3
D) 12
Question
You are asked to enable AppTrack to monitor application traffic from hosts in the User zone destined to hosts in the Internet zone. In this scenario, which statement is true?

A) You must enable the AppTrack feature within the Internet zone configuration.
B) You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.
C) You must enable the AppTrack feature within the interface configuration associated with the User zone.
D) You must enable the AppTrack feature within the User zone configuration.
Question
You must fine tune an IPS security policy to eliminate false positives. You want to create exemptions to the normal traffic examination for specific traffic. Which two parameters are required to accomplish this task? (Choose two.)

A) source IP address
B) destination IP address
C) destination port
D) source port
Question
The DNS ALG performs which three functions? (Choose three.)

A) The DNS ALG performs the IPv4 and IPv6 address transformations.
B) The DNS ALG performs DNS doctoring.
C) The DNS ALG modifies the DNS payload in NAT mode.
D) The DNS ALG performs DNSSEC.
E) The DNS ALG performs DNS load balancing.
Question
Which three statements are true about the difference between cSRX-based virtual security deployments and vSRX-based virtual security deployments? (Choose three.)

A) vSRX provides Layer 2 to Layer 7 secure services and cSRX provides Layer 4 to Layer 7 secure services.
B) cSRX requires less storage and memory space for a given deployment than vSRX-based solutions.
C) cSRX-based solutions are more scalable than vSRX-based solutions.
D) vSRX and cSRX both provide Layer 2 to Layer 7 secure services.
E) vSRX provides faster deployment time and faster reboots compared to cSRX.
Question
Click the Exhibit button. <strong>Click the Exhibit button. You have configured the scheduler shown in the exhibit to prevent users from accessing certain websites from 1:00 PM to 3:00 PM Monday through Friday. This policy will remain in place until further notice. When testing the policy, you determine that the websites are still accessible during the restricted times. In this scenario, which two actions should you perform to solve the problem? (Choose two.)</strong> A) Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. B) Use the 13:00 parameter and the 15:00 parameter when specifying the time. Use the 13:00 15:00 parameter when specifying the time. C) Use the start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. D) Use the PM parameter when specifying the time in the schedule. PM parameter when specifying the time in the schedule. <div style=padding-top: 35px> You have configured the scheduler shown in the exhibit to prevent users from accessing certain websites from 1:00 PM to 3:00 PM Monday through Friday. This policy will remain in place until further notice. When testing the policy, you determine that the websites are still accessible during the restricted times. In this scenario, which two actions should you perform to solve the problem? (Choose two.)

A) Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule.
B) Use the 13:00 parameter and the 15:00 parameter when specifying the time. Use the 13:00 15:00 parameter when specifying the time.
C) Use the start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday.
D) Use the PM parameter when specifying the time in the schedule. PM parameter when specifying the time in the schedule.
Question
You want to collect events and flows from third-party vendors. Which solution should you deploy to accomplish this task?

A) Log Director
B) JSA
C) Policy Enforcer
D) Contrail
Question
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?</strong> A) Forwarding Lookup B) Services ALGs C) Screens D) Security Policy <div style=padding-top: 35px> Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?

A) Forwarding Lookup
B) Services ALGs
C) Screens
D) Security Policy
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/93
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 6: Security, Associate (JNCIA-SEC)
1
Which two statements are true about virtualized SRX Series devices? (Choose two.)

A) vSRX cannot be deployed in transparent mode.
B) cSRX can be deployed in routed mode.
C) cSRX cannot be deployed in routed mode.
D) vSRX can be deployed in transparent mode.
cSRX can be deployed in routed mode.
vSRX can be deployed in transparent mode.
2
What are two valid JIMS event log sources? (Choose two.)

A) Microsoft Windows Server 2012 audit logs
B) Microsoft Active Directory server event logs
C) Microsoft Exchange Server event logs
D) Microsoft Active Directory audit logs
Microsoft Active Directory server event logs
Microsoft Exchange Server event logs
3
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements are true about the configuration shown in the exhibit? (Choose two.)</strong> A) The session is removed from the session table after 10 seconds of inactivity. B) The session is removed from the session table after 10 milliseconds of inactivity. C) Aggressive aging is triggered if the session table reaches 95% capacity. D) Aggressive aging is triggered if the session table reaches 80% capacity. Which two statements are true about the configuration shown in the exhibit? (Choose two.)

A) The session is removed from the session table after 10 seconds of inactivity.
B) The session is removed from the session table after 10 milliseconds of inactivity.
C) Aggressive aging is triggered if the session table reaches 95% capacity.
D) Aggressive aging is triggered if the session table reaches 80% capacity.
The session is removed from the session table after 10 seconds of inactivity.
Aggressive aging is triggered if the session table reaches 95% capacity.
4
Which statement describes the AppTrack module in AppSecure?

A) The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
B) The AppTrack module provides control by the routing of traffic, based on the application.
C) The AppTrack module identifies the applications that are present in network traffic.
D) The AppTrack module provides visibility and volumetric reporting of application usage on the network.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
5
You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs). Which two statements are true in this scenario? (Choose two.)

A) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.
B) MPLS LSPs can be used to connect vSRXs in different VPCs.
C) IPsec tunnels can be used to connect vSRX in different VPCs.
D) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
6
Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

A) Cluster nodes require an upgrade to HA compliant Routing Engines.
B) Cluster nodes must be connected through a Layer 2 switch.
C) There can be active/passive or active/active clusters.
D) HA clusters must use NAT to prevent overlapping subnets between the nodes.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
7
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements describe the output shown in the exhibit? (Choose two.)</strong> A) Node 0 is passing traffic for redundancy group 1. B) Redundancy group 1 experienced an operational failure. C) Redundancy group 1 was administratively failed over. D) Node 1 is passing traffic for redundancy group1. Which two statements describe the output shown in the exhibit? (Choose two.)

A) Node 0 is passing traffic for redundancy group 1.
B) Redundancy group 1 experienced an operational failure.
C) Redundancy group 1 was administratively failed over.
D) Node 1 is passing traffic for redundancy group1.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
8
Which two statements describe application-layer gateways (ALGs)? (Choose two.)

A) ALGs are designed for specific protocols that require multiple sessions.
B) ALGs are used with protocols that use multiple ports.
C) ALGs can only be configured using Security Director.
D) ALGs are designed for specific protocols that use a single TCP session.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
9
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, you want to deploy Sky ATP with Policy Enforcer to block infected hosts at the access layer. To complete this task, where should you configure the default gateway for the User-1 device?</strong> A) the irb interface on QFX-2 B) the irb interface on QFX-1 C) the interface of QFX-1 that connects to User-1 D) the interface on SRX-1 that connects to QFX-2 Referring to the exhibit, you want to deploy Sky ATP with Policy Enforcer to block infected hosts at the access layer. To complete this task, where should you configure the default gateway for the User-1 device?

A) the irb interface on QFX-2
B) the irb interface on QFX-1
C) the interface of QFX-1 that connects to User-1
D) the interface on SRX-1 that connects to QFX-2
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
10
What are two types of attack objects used by IPS on SRX Series devices? (Choose two.)

A) protocol anomaly-based attacks
B) spam-based attacks
C) signature-based attacks
D) DDoS-based attacks
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
11
What information does JIMS collect from domain event log sources? (Choose two.)

A) For user login events, JIMS collects the username and group membership information.
B) For device login events. JIMS collects the devide IP address and operating system version.
C) For device login events, JIMS collects the device IP address and machine name information.
D) For user login events, JIMS collects the login source IP address and username information.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
12
What are two elements of a custom IDP/IPS attack object? (Choose two.)

A) the attack signature
B) the severity of the attack
C) the destination zone
D) the exempt rulebase
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
13
Which statement is true about JATP incidents?

A) Incidents have an associated threat number assigned to them.
B) Incidents are sorted by category, followed by severity.
C) Incidents consist of all the events associated with a single threat.
D) Incidents are always automatically mitigated.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
14
Which two statements describe how rules are used with Juniper Secure Analytics? (Choose two.)

A) When a rule is triggered, JSA can respond by sending an e-mail to JSA administrators.
B) Rules are defined on Junos Space Security Director, and then pushed to JSA log collectors.
C) A rule defines matching criteria and actions that should be taken when an events matches the rule.
D) When a rule is triggered, JSA can respond by blocking all traffic from a specific source address.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
15
What are two examples of RTOs? (Choose two.)

A) IPsec SA entries
B) session table entries
C) fabric link probes
D) control link heartbeats
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
16
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)

A) AppQoE
B) APBR
C) Secure Application Manager
D) AppQoS
E) AppFormix
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
17
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the configuration shown in the exhibit, which two statements are true? (Choose two.)</strong> A) The log is being stored on the local Routing Engine. B) The log is being sent to a remote server. C) The syslog is configured for a user facility. The syslog is configured for a user facility. D) The syslog is configured for an info facility. The syslog is configured for an info Referring to the configuration shown in the exhibit, which two statements are true? (Choose two.)

A) The log is being stored on the local Routing Engine.
B) The log is being sent to a remote server.
C) The syslog is configured for a user facility. The syslog is configured for a user facility.
D) The syslog is configured for an info facility. The syslog is configured for an info
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
18
You must ensure that all encrypted traffic passing through your SRX device uses strong protocols and ciphers. Which feature should you implement to satisfy this requirement?

A) SSL proxy
B) AppSecure
C) JIMS
D) JATP
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
19
You are asked to improve resiliency for individual redundancy groups in an SRX4600 chassis cluster. Which two features would accomplish this task? (Choose two.)

A) IP address monitoring
B) control link recovery
C) interface monitoring
D) dual fabric links
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
20
A routing change occurs on an SRX Series device that involves choosing a new egress interface. In this scenario, which statement is true for all affected current sessions?

A) The current session are torn dowm only if the policy-rematch option has been enabled. The current session are torn dowm only if the policy-rematch option has been enabled.
B) The current sessions do not change.
C) The current sessions are torn down and go through first path processing based on the new route.
D) The current sessions might change based on the corresponding security policy.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
21
The DNS ALG performs which three functions? (Choose three.)

A) The DNS ALG performs the IPv4 and IPV6 address transformations.
B) The DNS ALG performs DNS doctoring.
C) The DNS ALG modifies the DNS payload in NAT mode.
D) The DNS ALG performs DNSSEC.
E) The DNS ALG performs DNS load balancing.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
22
Which two settings must be enabled on the hypervisor in a vSRX deployment to ensure proper chassis cluster operation? (Choose two.)

A) Control links must operate in promiscuous mode.
B) Control links must have an MTU of 9000.
C) Fabric links must operate in promiscuous mode.
D) Fabric links must have an MTU of 9000.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
23
What is the default timeout period for a TCP session in the session table of a Junos security device?

A) 1 minute
B) 60 minutes
C) 15 minutes
D) 30 minutes
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
24
What are two management methods for cSRX? (Choose two.)

A) Network Director
B) J-Web
C) CLI
D) Contrail
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
25
You want to collect events and flows from third-party vendors. Which solution should you deploy to accomplish this task?

A) Log Director
B) JSA
C) Policy Enforcer
D) Contrail
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
26
When referencing a SSL proxy profile in a security policy, which two statements are correct? (Choose two.)

A) A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.
B) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.
C) A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.
D) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
27
In an Active/Active chassis cluster deployment, which chassis cluster component is responsible for RG0 traffic?

A) the backup routing engine of the primary node
B) the master routing engine of the secondary node
C) the primary node
D) the secondary node
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
28
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) IDP blocks root users. IDP blocks root users. B) IDP closes the connection on matched sessions. C) IDP ignores the connection on matched sessions. D) IDP blocks all users. Referring to the exhibit, which statement is true?

A) IDP blocks root users. IDP blocks root users.
B) IDP closes the connection on matched sessions.
C) IDP ignores the connection on matched sessions.
D) IDP blocks all users.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
29
Your manager asks you to find employees that are watching YouTube during office hours. Which AppSecure component would you configure to accomplish this task?

A) AppQoE
B) AppFW
C) AppTrack
D) AppQoS
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
30
Click the Exhibit button. <strong>Click the Exhibit button. The output shown in the exhibit is displayed in which format?</strong> A) syslog B) sd-syslog C) binary D) WELF The output shown in the exhibit is displayed in which format?

A) syslog
B) sd-syslog
C) binary
D) WELF
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
31
Which two statements describe JSA? (Choose two.)

A) Security Director must be used to view third-party events rom JSA flow collectors.
B) JSA supports events and flows from Junos devices, including third-party devices.
C) JSA events must be manually imported into Security Directory using an SSH connection.
D) JSA can be used as a log node with Security Director or as a standalone solution.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
32
Which two protocols are supported for Sky ATP advanced anti-malware scanning? (Choose two.)

A) POP3
B) MAPI
C) IMAP
D) SMTP
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
33
You want to use Sky ATP to protect your network; however, company policy does not allow you to send any files to the cloud. Which Sky ATP feature should you use in this situation?

A) Only use on-premises local Sky ATP server anti-malware file scanning.
B) Only use cloud-based Sky ATP file hash lookups.
C) Only use on-box SRX anti-malware file scanning.
D) Only use cloud-based Sky ATP file blacklists.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
34
You are asked to enable AppTrack to monitor application traffic from hosts in the User zone destined to hosts in the Internet zone. In this scenario, which statement is true?

A) You must enable the AppTrack feature within the Internet zone configuration.
B) You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.
C) You must enable the AppTrack feature within the interface configuration associated with the User zone.
D) You must enable the AppTrack feature within the User zone configuration.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
35
Which two functions are performed by Juniper Identity Management Service (JIMS)? (Choose two.)

A) JIMS synchronizes Active Directory authentication information between a primary and secondary JIMS server.
B) JIMS forwards Active Directory authentication information to SRX Series client devices.
C) JIMS collects and maintains a database of authentication information from Active Directory domains.
D) JIMS replicates Active Directory authentication information to non-trusted Active Directory domain controllers.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
36
You are deploying the Junos application firewall feature in your network. In this scenario, which two elements are mapped to applications in the application system cache? (Choose two.)

A) destination port
B) source port
C) destination IP address
D) source IP address
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
37
What are two examples of RTOs? (Choose two.)

A) IPsec SA entries
B) session table entries
C) fabric link probes
D) control link heartbeats
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
38
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?</strong> A) Forwarding Lookup B) Services ALGs C) Screens D) Security Policy Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?

A) Forwarding Lookup
B) Services ALGs
C) Screens
D) Security Policy
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
39
You must configure JSA to accept events from an unsupported third-party log source. In this scenario, what should you do?

A) Separate event collection and flow collection on separate collectors.
B) Configure an RPM for a third-party device service module.
C) Configure JSA to silently discard unsupported log types.
D) Configure a universal device service module.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
40
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which two devices are considered to be part of the secure fabric site with Policy Enforcer? (Choose two.)</strong> A) Server-2 B) SRX-1 C) Server-1 D) QFX-1 Referring to the exhibit, which two devices are considered to be part of the secure fabric site with Policy Enforcer? (Choose two.)

A) Server-2
B) SRX-1
C) Server-1
D) QFX-1
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
41
Which three features are parts of Juniper Networks' AppSecure suite? (Choose three.)

A) AppQoE
B) APBR
C) Secure Application Manager
D) AppQoS
E) AppFormix
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
42
Click the Exhibit button. <strong>Click the Exhibit button. The output shown in the exhibit is displayed in which format?</strong> A) syslog B) WELF C) binary D) sd-syslog The output shown in the exhibit is displayed in which format?

A) syslog
B) WELF
C) binary
D) sd-syslog
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
43
Click the Exhibit button. <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D) You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?

A) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D)
B) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D)
C) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D)
D) <strong>Click the Exhibit button. You are configuring an SRX chassis cluster with the node-specific hostname and management address. Referring to the exhibit, which configuration completes this requirement?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
44
Which two statements are true about virtualized SRX Series devices? (Choose two.)

A) vSRX cannot be deployed in transparent mode.
B) cSRX can be deployed in routed mode.
C) cSRX cannot be deployed in routed mode.
D) vSRX can be deployed in transparent mode.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
45
The AppQoE module of AppSecure provides which function?

A) The AppQoE module provides application-based routing.
B) The AppQoE module prioritizes important applications.
C) The AppQoE module provides routing, based on network conditions.
D) The AppQoE module blocks access to risky applications.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
46
Which statement is true about JATP incidents?

A) Incidents have an associated threat number assigned to them.
B) Incidents are sorted by category, followed by severity.
C) Incidents consist of all the events associated with a single threat.
D) Incidents are always automatically mitigated.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
47
Which two solutions provide a sandboxing feature for finding zero-day malware threats? (Choose two.)

A) Sky ATP
B) UTM
C) JATP
D) IPS
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
48
Which two statements describe client-protection SSL proxy on an SRX Series device? (Choose two.)

A) The server-protection SSL proxy intercepts the server certificate.
B) The server-protection SSL proxy is also known as SSL reverse proxy.
C) The server-protection SSL proxy forwards the server certificate after modification.
D) The server-protection SSL proxy acts as the server from the client's perspective.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
49
You are configuring a client-protection SSL proxy profile. Which statement is correct in this scenario?

A) A server certificate is not used but a root certificate authority is used.
B) A server certificate and root certificate authority are not used.
C) A server certificate is used but a root certificate authority is not used.
D) A server certificate and a root certificate authority are both used.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
50
Your network uses a remote e-mail server that is used to send and receive e-mails for your users. In this scenario, what should you do to protect users from receiving malicious files through e-mail?

A) Deploy Sky ATP IMAP e-mail protection
B) Deploy Sky ATP MAPI e-mail protection
C) Deploy Sky ATP SMTP e-mail protection
D) Deploy Sky ATP POP3 e-mail protection
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
51
What are two elements of a custom IDP/IPS attack object? (Choose two.)

A) the attack signature
B) the severity of the attack
C) the destination zone
D) the exempt rulebase
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
52
Which statement is true about high availability (HA) chassis clusters for the SRX Series device?

A) Cluster nodes require an upgrade to HA compliant Routing Engines.
B) Cluster nodes must be connected through a Layer 2 switch.
C) There can be active/passive or active/active clusters.
D) HA clusters must use NAT to prevent overlapping subnets between the nodes.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
53
Which statement describes the AppTrack module in AppSecure?

A) The AppTrack module provides enforcement with the ability to block traffic, based on specific applications.
B) The AppTrack module provides control by the routing of traffic, based on the application.
C) The AppTrack module identifies the applications that are present in network traffic.
D) The AppTrack module provides visibility and volumetric reporting of application usage on the network.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
54
You want to deploy vSRX in Amazon Web Services (AWS) virtual private clouds (VPCs). Which two statements are true in this scenario? (Choose two.)

A) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Network Director instance.
B) MPLS LSPs can be used to connect vSRXs in different VPCs.
C) IPsec tunnels can be used to connect vSRX in different VPCs.
D) The vSRX devices serving as local enforcement points for VPCs can be managed by a centralized Junos Space Security Director instance.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
55
You must ensure that all encrypted traffic passing through your SRX device uses strong protocols and ciphers. Which feature should you implement to satisfy this requirement?

A) SSL proxy
B) AppSecure
C) JIMS
D) JATP
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
56
Click the Exhibit button. <strong>Click the Exhibit button. You need to have the JATP solution analyzer .jar, .xls, and .doc files. Referring to the exhibit, which two file types must be selected to accomplish this task? (Choose two.)</strong> A) Java B) library C) document D) executable You need to have the JATP solution analyzer .jar, .xls, and .doc files. Referring to the exhibit, which two file types must be selected to accomplish this task? (Choose two.)

A) Java
B) library
C) document
D) executable
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
57
You must configure JSA to accept events from an unsupported third-party log source. In this scenario, what should you do?

A) Separate event collection and flow collection on separate collectors.
B) Configure an RPM for a third-party device service module.
C) Configure JSA to silently discard unsupported log types.
D) Configure a universal device service module.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
58
Which two statements describe application-layer gateways (ALGs)? (Choose two.)

A) ALGs are designed for specific protocols that require multiple sessions.
B) ALGs are used with protocols that use multiple ports.
C) ALGs can only be configured using Security Director.
D) ALGs are designed for specific protocols that use a single TCP session.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
59
What are two types of attack objects used by IPS on SRX Series devices? (Choose two.)

A) protocol anomaly-based attacks
B) spam-based attacks
C) signature-based attacks
D) DDoS-based attacks
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
60
Click the Exhibit button. <strong>Click the Exhibit button. Which two statements describe the output shown in the exhibit? (Choose two.)</strong> A) Node 0 is passing traffic for redundancy group 1. B) Redundancy group 1 experienced an operational failure. C) Redundancy group 1 was administratively failed over. D) Node 1 is passing traffic for redundancy group1. Which two statements describe the output shown in the exhibit? (Choose two.)

A) Node 0 is passing traffic for redundancy group 1.
B) Redundancy group 1 experienced an operational failure.
C) Redundancy group 1 was administratively failed over.
D) Node 1 is passing traffic for redundancy group1.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
61
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed. B) Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score. C) Malicious HTTP file downloads are never blocked. D) Malicious HTTP file downloads are always blocked. Referring to the exhibit, which statement is true?

A) Hosts are always able to communicate through the SRX Series device no matter the threat score assigned to them on the infected host feed.
B) Hosts are unable to communicate through the SRX Series device after being placed on the infected host feed with a high enough threat score.
C) Malicious HTTP file downloads are never blocked.
D) Malicious HTTP file downloads are always blocked.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
62
What is the default timeout period for a TCP session in the session table of a Junos security device?

A) 1 minute
B) 60 minutes
C) 15 minutes
D) 30 minutes
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
63
Which feature is used when you want to permit traffic on an SRX Series device only at specific times?

A) scheduler
B) pass-through authentication
C) ALGs
D) counters
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
64
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the exhibit, which statement is true?</strong> A) IDP blocks root users. IDP blocks root users. B) IDP closes the connection on matched sessions. C) IDP ignores the connection on matched sessions. D) IDP blocks all users. Referring to the exhibit, which statement is true?

A) IDP blocks root users. IDP blocks root users.
B) IDP closes the connection on matched sessions.
C) IDP ignores the connection on matched sessions.
D) IDP blocks all users.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
65
How many nodes are configurable in a chassis cluster using SRX Series devices?

A) 2
B) 4
C) 6
D) 8
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
66
When referencing a SSL proxy profile in a security policy, which two statements are correct? (Choose two.)

A) A security policy can reference both a client-protection SSL proxy profile and a server-protection proxy profile.
B) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is not decrypted.
C) A security policy can only reference a client-protection SSL proxy profile or a server-protection SSL proxy profile.
D) If you apply an SSL proxy profile to a security policy and forget to apply any Layer7 services to the security policy, any encrypted traffic that matches the security policy is decrypted.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
67
Click the Exhibit button. <strong>Click the Exhibit button. You have implemented SSL proxy client protection. After implementing this feature, your users are complaining about the warning message shown in the exhibit. Which action must you perform to eliminate the warning message?</strong> A) Configure the SRX Series device as a trusted site in the client Web browsers. B) Regenerate the SRX self-signed CA certificate and include the correct organization name. C) Import the SRX self-signed CA certificate into the client Web browsers. D) Import the SRX self-signed CA certificate into the SRX certificate public store. You have implemented SSL proxy client protection. After implementing this feature, your users are complaining about the warning message shown in the exhibit. Which action must you perform to eliminate the warning message?

A) Configure the SRX Series device as a trusted site in the client Web browsers.
B) Regenerate the SRX self-signed CA certificate and include the correct organization name.
C) Import the SRX self-signed CA certificate into the client Web browsers.
D) Import the SRX self-signed CA certificate into the SRX certificate public store.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
68
What are two management methods for cSRX? (Choose two.)

A) Network Director
B) J-Web
C) CLI
D) Contrail
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
69
After a software upgrade on an SRX5800 chassis cluster, you notice that both node0 and node1 are in the primary state, when node1 should be secondary. All control and fabric links are operating normally. In this scenario, which step must you perform to recover the cluster?

A) Execute the request system reboot command on node1. Execute the request system reboot command on node1.
B) Execute the request system software rollback command on node0. request system software rollback command on node0.
C) Execute the request system software add command on node1. request system software add
D) Execute the request system reboot command on node0.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
70
You have deployed JSA and you need to view events and network activity that match rule criteria. You must view this data using a single interface. Which JSA feature should you use in this scenario?

A) Log Collector
B) Assets
C) Network Activity
D) Offense Manager
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
71
You are using the JIMS Administrator user interface to add multiple SRX client devices. You must share common configuration attributes across the SRX clients without having to re-enter those attributes for each SRX client instance. Which JIMS Administrator feature would be used to accomplish this task?

A) JIMS automation
B) JIMS templates
C) JIMS client profiles
D) JIMS client defaults
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
72
You must block the lateral spread of Remote Administration Tools (RATs) that use SMB to propagate within the network, using the JATP solution. Which action would accomplish this task?

A) Configure a new anti-virus configuration rule.
B) Configure whitelist rules
C) Configure YARA rules.
D) Configure the SAML settings.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
73
What is the maximum number of supported interfaces on a vSRX hosted in a VMware environment?

A) 4
B) 10
C) 3
D) 12
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
74
You are asked to enable AppTrack to monitor application traffic from hosts in the User zone destined to hosts in the Internet zone. In this scenario, which statement is true?

A) You must enable the AppTrack feature within the Internet zone configuration.
B) You must enable the AppTrack feature within the ingress interface configuration associated with the Internet zone.
C) You must enable the AppTrack feature within the interface configuration associated with the User zone.
D) You must enable the AppTrack feature within the User zone configuration.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
75
You must fine tune an IPS security policy to eliminate false positives. You want to create exemptions to the normal traffic examination for specific traffic. Which two parameters are required to accomplish this task? (Choose two.)

A) source IP address
B) destination IP address
C) destination port
D) source port
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
76
The DNS ALG performs which three functions? (Choose three.)

A) The DNS ALG performs the IPv4 and IPv6 address transformations.
B) The DNS ALG performs DNS doctoring.
C) The DNS ALG modifies the DNS payload in NAT mode.
D) The DNS ALG performs DNSSEC.
E) The DNS ALG performs DNS load balancing.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
77
Which three statements are true about the difference between cSRX-based virtual security deployments and vSRX-based virtual security deployments? (Choose three.)

A) vSRX provides Layer 2 to Layer 7 secure services and cSRX provides Layer 4 to Layer 7 secure services.
B) cSRX requires less storage and memory space for a given deployment than vSRX-based solutions.
C) cSRX-based solutions are more scalable than vSRX-based solutions.
D) vSRX and cSRX both provide Layer 2 to Layer 7 secure services.
E) vSRX provides faster deployment time and faster reboots compared to cSRX.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
78
Click the Exhibit button. <strong>Click the Exhibit button. You have configured the scheduler shown in the exhibit to prevent users from accessing certain websites from 1:00 PM to 3:00 PM Monday through Friday. This policy will remain in place until further notice. When testing the policy, you determine that the websites are still accessible during the restricted times. In this scenario, which two actions should you perform to solve the problem? (Choose two.)</strong> A) Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. B) Use the 13:00 parameter and the 15:00 parameter when specifying the time. Use the 13:00 15:00 parameter when specifying the time. C) Use the start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. D) Use the PM parameter when specifying the time in the schedule. PM parameter when specifying the time in the schedule. You have configured the scheduler shown in the exhibit to prevent users from accessing certain websites from 1:00 PM to 3:00 PM Monday through Friday. This policy will remain in place until further notice. When testing the policy, you determine that the websites are still accessible during the restricted times. In this scenario, which two actions should you perform to solve the problem? (Choose two.)

A) Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule. Add the saturday exclude parameter and the sunday exclude parameter to ensure weekends are excluded from the schedule.
B) Use the 13:00 parameter and the 15:00 parameter when specifying the time. Use the 13:00 15:00 parameter when specifying the time.
C) Use the start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday. start-date parameter to specify the date for each Monday and use the stop-date parameter to specify the date for each Friday.
D) Use the PM parameter when specifying the time in the schedule. PM parameter when specifying the time in the schedule.
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
79
You want to collect events and flows from third-party vendors. Which solution should you deploy to accomplish this task?

A) Log Director
B) JSA
C) Policy Enforcer
D) Contrail
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
80
Click the Exhibit button. <strong>Click the Exhibit button. Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?</strong> A) Forwarding Lookup B) Services ALGs C) Screens D) Security Policy Referring to the SRX Series flow module diagram shown in the exhibit, where is IDP/IPS processed?

A) Forwarding Lookup
B) Services ALGs
C) Screens
D) Security Policy
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 93 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree