Which two criteria should a zone-based security policy include? (Choose two.)
Aa source port
Ba destination port
Czone context
Dan action
Screens on an SRX Series device protect against which two types of threats? (Choose two.)
AIP spoofing
BICMP flooding
Czero-day outbreaks
Dmalicious e-mail attachments
Which statement about global NAT address persistence is correct?
AThe same IP address from a source NAT pool will be assigned for all sessions from a given host.
BThe same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.
CThe same IP address from a destination NAT pool will be assigned for all sessions for a given host.
DThe same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.
You want to deploy a NAT solution.
In this scenario, which solution would provide a static translation without PAT?
Ainterface-based source NAT
Bpool-based NAT with address shifting
Cpool-based NAT with PAT
Dpool-based NAT without PAT
Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?
Afirewall filters
BUTM
CJuniper ATP Cloud
DIPS
You are configuring an SRX Series device. You have a set of servers inside your private network that need one-to-one mappings to public IP addresses.
Which NAT configuration is appropriate in this scenario?
Asource NAT with PAT
Bdestination NAT
CNAT-T
Dstatic NAT
You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)
AInstall a basic Juniper ATP license on the branch device.
BConfigure the juniper-atp user account on the branch device.
CRegister for a Juniper ATP account on https://sky.junipersecurity.net.
DExecute the Juniper ATP script on the branch device.
When are Unified Threat Management services performed in a packet flow?
Abefore security policies are evaluated
Bas the packet enters an SRX Series device
Conly during the first path process
Dafter network address translation
You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are allocated a single public IP address.
In this scenario, which two NAT elements should you configure? (Choose two.)
Adestination NAT
BNAT pool
Csource NAT
Dstatic NAT
You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.
Which NAT type must be used to complete this project?
Asource NAT
Bdestination NAT
Cstatic NAT
Dhairpin NAT
You are monitoring an SRX Series device that has the factory-default configuration applied.
In this scenario, where are log messages sent by default?
AJunos Space Log Director
BJunos Space Security Director
Cto a local syslog server on the management network
Dto a local log file named messages
You want to block executable files (*.exe) from being downloaded onto your network.
Which UTM feature would you use in this scenario?
AIPS
BWeb filtering
Ccontent filtering
Dantivirus
You need to collect the serial number of an SRX Series device to replace it.
Which command will accomplish this task?
Ashow chassis hardware
Bshow system information
Cshow chassis firmware
Dshow chassis environment
What are two Juniper ATP Cloud feed analysis components? (Choose two.)
AIDP signature feed
BC&C cloud feed
Cinfected host cloud feed
DUS CERT threat feed
Which two statements are correct about IPsec security associations? (Choose two.)
AIPsec security associations are bidirectional.
BIPsec security associations are unidirectional.
CIPsec security associations are established during IKE Phase 1 negotiations.
DIPsec security associations are established during IKE Phase 2 negotiations.
Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?
Ainfected host cloud feed
BGeo IP feed
CC&C cloud feed
Dblocklist feed
Which two addresses are valid address book entries? (Choose two.)
