In which order does Junos OS process the various forms of NAT?
Adestination NAT, source NAT, static NAT
Bstatic NAT, destination NAT, source NAT
Csource NAT, static NAT, destination NAT
Dsource NAT, destination NAT, static NAT
Which two statements are correct about the Junos OS? (Choose two.)
AIt is a network operating system.
BIt is supported on physical and virtual devices.
CIt is a network management system for Juniper devices.
DIt is a network operating system for IoT devices.
An SRX Series Firewall operates in which two modes? (Choose two.)
Aflow mode
Bpacket mode
Croute mode
Dwireless mode
You are modifying the NAT rule order and you notice that a new NAT rule has been added to the bottom of the list.
In this situation, which command would you use to reorder NAT rules?
Ainsert
Brun
Ctop
Dup
You are troubleshooting first path traffic not passing through an SRX Series Firewall. You have determined that the traffic is ingressing and egressing the correct interfaces using a route lookup.
In this scenario, what is the next step in troubleshooting why the device may be dropping the traffic?
AVerify that the correct ALG is being used.
BVerify that the interfaces are in the correct security zones.
CVerify that source NAT is occurring.
DVerify the routing protocol being used.
What happens if no match is found in both zone-based and global security policies?
AThe traffic is discarded by the default security policy.
BThe traffic is logged for further analysis.
CThe traffic is allowed by default.
DThe traffic is redirected to a predefined safe zone.
Which two characteristics of destination NAT and static NAT are correct? (Choose two.)
ADestination NAT requires address range sizes that match the devices being translated.
BDestination NAT supports port forwarding.
CStatic NAT automatically creates a matching rule for the opposite direction.
DStatic NAT uses Port Address Translation.
Which statement is correct about security policies?
ASecurity policies are evaluated before screen in first path processing.
BZone-based security policies reference both source and destination zones.
CSecurity policies are evaluated in both first path and fast path processing.
DZone-based security policies only apply to intra-zone traffic.
What are two valid security address objects within Juniper Networks? (Choose two.)
Aglobal address object
Bprefix address object
Crouting address object
DMAC address object
Referring to the exhibit, which two statements are correct? (Choose two.)
AThe SRX Series Firewall is performing destination NAT.
BThe SRX Series Firewall is performing source NAT.
CThe SRX Series Firewall is not performing PAT.
DThe SRX Series Firewall is performing PAT.
Referring to the exhibit, which two statements are correct about the traffic flow shown in the exhibit? (Choose two.)
AThere is no change to the original source IP address.
BThe original destination IP address was translated to a new destination IP address.
CThere is no change to the original destination IP address.
DThe original source IP address was translated to a new source IP address.
Which two security policies are installed by default on SRX 300 Series Firewalls? (Choose two.)
Aa security policy to allow all traffic from the trust zone to the trust zone
Ba security policy to allow all traffic from the trust zone to the untrust zone
Ca security policy to allow all traffic from the untrust zone to the trust zone
Da security policy to allow all traffic from the management zone to the trust zone
Which two statements are true about content filtering on SRX Series devices? (Choose two.)
AContent filtering requires a license.
BContent filtering examines the file extension to determine the file type.
CContent filtering does not require a license.
DContent filtering examines the file contents to determine the file type.
You want to enable NextGen Web Filtering in SRX Series devices.
In this scenario, which two actions will accomplish this task? (Choose two.)
AGenerate a CA-signed certificate.
BGenerate a self-signed certificate.
CConfigure an SSL initiation profile.
DConfigure an SSL proxy profile.
Referring to the exhibit, which action would you take to permit the traffic shown in the exhibit?
AAssign the ge-0/0/1.0 interface to a security zone.
BAssign the fxp0.0 interface to a security zone.
CEnable flow-mode processing for family mpls.
DEnable flow-mode processing for family inet.
You want to verify that your NextGen Web Filtering (NGWF) feature is connected to the Juniper cloud.
Which operational mode command would you use for this task?
Ashow security utm anti-spam status
Bshow security utm content-filtering statistics
Cshow security utm anti-virus status
Dshow security web filtering status
Your manager asks you to ping 192.0.2.128. The ping fails and you do not know why, so you enable a trace option on your SRX Series Firewall.
Referring to the exhibit, what is the reason for this behavior?
AIt is matching a Web filter.
BIt is matching an ALG.
CIt is matching a screen.
DThere is no known route.
Which two statements about the host-inbound-traffic parameter in a zone configuration are correct? (Choose two.)
ADeleting the host-inbound-traffic parameter blocks SSH access to the firewall.
BThe host-inbound-traffic parameter is implicitly configured in the management zone.
CDeleting the host-inbound-traffic parameter blocks console access to the firewall.
DThe host-inbound-traffic parameter is explicitly configured in a security zone.
Which two statements are correct about a Juniper Routing Engine? (Choose two.)
AThe Routing Engine is managed by the Packet Forwarding Engine.
BThe Routing Engine manages the Packet Forwarding Engine.
CThe Routing Engine creates the routing and switching tables.
DThe Routing Engine is responsible for forwarding transit traffic.
Referring to the exhibit, which type of NAT is the SRX Series Firewall performing?
Asource NAT without PAT
Bdestination NAT with PAT
Csource NAT with PAT
Ddestination NAT without PAT
Referring to the exhibit, the top table shows the source and destination IP addresses and also the source and destination ports of the incoming packet. The lower table represents the security policies from the trust zone to the untrust zone.
In this scenario, which two statements are correct? (Choose two.)
AThe incoming packet is permitted by the HTTPS application.
BThe incoming packet is permitted since it does not match any policy listed.
CThe incoming packet is denied by the final security policy.
DThe firewall processes security policies in a top-down manner.
When does screening occur on an SRX Series Firewall for an ingress traffic flow?
Aafter NAT policy processing
Bafter route lookup
Cafter security policy processing
Dafter session lookup
Your company is acquiring a smaller company that uses the same private address range that your company currently uses in its North America division. You have a limited number of public IP addresses to use for the acquisition. You want to allow the new acquisition's users to connect to the existing services in North America.
Which two features would you enable on your SRX Series Firewall to accomplish this task? (Choose two.)
AIDP
BBGP
CNAT
DPAT
Which two statements are correct about a Juniper Packet Forwarding Engine? (Choose two.)
AThe Packet Forwarding Engine is responsible for forwarding transit traffic.
BThe Packet Forwarding Engine is managed by the Routing Engine.
CThe Packet Forwarding Engine manages the Routing Engine.
DThe Packet Forwarding Engine creates the routing and switching tables.
When traffic enters an interface, which two results does a route lookup determine? (Choose two.)
Preview
