Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)

A. Windows 7

B. Android

C. Windows 10

D. Linux

E. macOS

Your company is adding IP cameras to your facility to increase physical security. You are asked to help protect these IoT devices from becoming zombies in a DDoS attack.
Which Juniper ATP feature should you configure to accomplish this task?

A. IPsec

B. static NAT

C. allowlists

D. C&C feeds

You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?

A. user@srx> show system license

B. user@srx> show services accounting

C. user@srx> show configuration system

D. user@srx> show chassis firmware

When configuring antispam, where do you apply any local lists that are configured?

A. custom objects

B. advanced security policy

C. antispam feature-profile

D. antispam UTM policy

Which statement is correct about unified security policies on an SRX Series device?

A. A zone-based policy is always evaluated first.

B. The most restrictive policy is applied regardless of the policy level.

C. A global policy is always evaluated first.

D. The first policy rule is applied regardless of the policy level.

You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)

A. Install a basic Juniper ATP license on the branch device.

B. Configure the juniper-atp user account on the branch device.

C. Register for a Juniper ATP account on https://sky.junipersecurity.net.

D. Execute the Juniper ATP script on the branch device.

When are Unified Threat Management services performed in a packet flow?

A. before security policies are evaluated

B. as the packet enters an SRX Series device

C. only during the first path process

D. after network address translation

Your ISP gives you an IP address of 203.0.113.0/27 and informs you that your default gateway is 203.0.113.1. You configure destination NAT to your internal server, but the requests sent to the webserver at 203.0.113.5 are not arriving at the server.
In this scenario, which two configuration features need to be added? (Choose two.)

A. firewall filter

B. security policy

C. proxy-ARP

D. UTM policy

You want to block executable files (*.exe) from being downloaded onto your network.
Which UTM feature would you use in this scenario?

A. IPS

B. Web filtering

C. content filtering

D. antivirus

Which two services does Juniper Connected Security provide? (Choose two.)

A. protection against zero-day threats

B. IPsec VPNs

C. Layer 2 VPN tunnels

D. inline malware blocking

Which two IKE Phase 1 configuration options must match on both peers to successfully establish a tunnel? (Choose two.)

A. VPN name

B. gateway interfaces

C. IKE mode

D. Diffie-Hellman group

When transit traffic matches a security policy, which three actions are available? (Choose three.)

A. Allow

B. Discard

C. Deny

D. Reject

E. Permit

Which statement is correct about Web filtering?

A. The Juniper Enhanced Web Filtering solution requires a locally managed server.

B. The decision to permit or deny is based on the body content of an HTTP packet.

C. The decision to permit or deny is based on the category to which a URL belongs.

D. The client can receive an e-mail notification when traffic is blocked.

What is the default value of the dead peer detection (DPD) interval for an IPsec VPN tunnel?

A. 20 seconds

B. 5 seconds

C. 10 seconds

D. 40 seconds

A security zone is configured with the source IP address 192.168.0.12/255.255.0.255 wildcard match.
In this scenario, which two IP packets will match the criteria? (Choose two.)

A. 192.168.1.21

B. 192.168.0.1

C. 192.168.1.12

D. 192.168.22.12
–

Click the Exhibit button.

What is the purpose of the host-inbound-traffic configuration shown in the exhibit?

A. to permit host inbound HTTP traffic and deny all other traffic on the internal security zone

B. to deny and log all host inbound traffic on the internal security zone, except for HTTP traffic

C. to permit all host inbound traffic on the internal security zone, but deny HTTP traffic

D. to permit host inbound HTTP traffic on the internal security zone

You are creating Ipsec connections.
In this scenario, which two statements are correct about proxy IDs? (Choose two.)

A. Proxy IDs are used to configure traffic selectors.

B. Proxy IDs are optional for Phase 2 session establishment.

C. Proxy IDs must match for Phase 2 session establishment.

D. Proxy IDs default to 0.0.0.0/0 for policy-based VPNs.

You want to provide remote access to an internal development environment for 10 remote developers.
Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

A. an additional license for an SRX Series device

B. Juniper Secure Connect client software

C. an SRX Series device with an SPC3 services card

D. Marvis virtual network assistant

Which two statements are correct about IKE security associations? (Choose two.)

A. IKE security associations are established during IKE Phase 1 negotiations.

B. IKE security associations are unidirectional.

C. IKE security associations are established during IKE Phase 2 negotiations.

D. IKE security associations are bidirectional.

You need to collect the serial number of an SRX Series device to replace it.
Which command will accomplish this task?

A. show chassis hardware

B. show system information

C. show chassis firmware

D. show chassis environment

Which statement about NAT is correct?

A. Destination NAT takes precedence over static NAT.

B. Source NAT is processed before security policy lookup.

C. Static NAT is processed after forwarding lookup.

D. Static NAT takes precedence over destination NAT.

Which Web filtering solution uses a direct Internet-based service for URL categorization?

A. Juniper ATP Cloud

B. Websense Redirect

C. Juniper Enhanced Web Filtering

D. local blocklist

You want to deploy a NAT solution.
In this scenario, which solution would provide a static translation without PAT?

A. interface-based source NAT

B. pool-based NAT with address shifting

C. pool-based NAT with PAT

D. pool-based NAT without PAT

You want to verify the peer before IPsec tunnel establishment.
What would be used as a final check in this scenario?

A. traffic selector

B. perfect forward secrecy

C. st0 interfaces

D. proxy ID

Click the Exhibit button.

Referring to the exhibit, which two statements are correct about the ping command? (Choose two.)

A. The DMZ routing-instance is the source.

B. The 10.10.102.10 IP address is the source.

C. The 10.10.102.10 IP address is the destination.

D. The DMZ routing-instance is the destination.

What are two functions of Juniper ATP Cloud? (Choose two.)

A. malware inspection

B. Web content filtering

C. DDoS protection

D. Geo IP feeds

Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

A. [edit security policies from-zone trust to-zone dmz]user@vSRX-1#

B. [edit]user@vSRX-1#

C. [edit security policies]user@vSRX-1#

D. user@vSRX-1>

Which Juniper ATP feed provides a dynamic list of known botnet servers and known sources of malware downloads?

A. infected host cloud feed

B. Geo IP feed

C. C&C cloud feed

D. blocklist feed

Which two non-configurable zones exist by default on an SRX Series device? (Choose two.)

A. Junos-host

B. functional

C. null

D. management

An application firewall processes the first packet in a session for which the application has not yet been identified.
In this scenario, which action does the application firewall take on the packet?

A. It allows the first packet.

B. It denies the first packet and sends an error message to the user.

C. It denies the first packet.

D. It holds the first packet until the application is identified.

Which statement is correct about global security policies on SRX Series devices?

A. The to-zone any command configures a global policy.

B. The from-zone any command configures a global policy.

C. Global policies are always evaluated first.

D. Global policies can include zone context.

What are two valid address books? (Choose two.)

A. 66.129.239.128/25

B. 66.129.239.154/24

C. 66.129.239.0/24

D. 66.129.239.50/25

Click the Exhibit button.

You are asked to allow only ping and SSH access to the security policies shown in the exhibit.
Which statement will accomplish this task?

A. Rename policy Rule-2 to policy Rule-0.

B. Insert policy Rule-2 before policy Rule-1.

C. Replace application any with application [junos-ping junos-ssh] in policy Rule-1.

D. Rename policy Rule-1 to policy Rule-3.

Which two security features inspect traffic at Layer 7? (Choose two.)

A. IPS/IDP

B. security zones

C. application firewall

D. integrated user firewall

What is the correct order in which interface names should be identified?

A. system slot number –> interface media type –> port number –> line card slot number

B. system slot number –> port number –> interface media type –> line card slot number

C. interface media type –> system slot number –> line card slot number –> port number

D. interface media type –> port number –> system slot number –> line card slot number

What are two features of the Juniper ATP Cloud service? (Choose two.)

A. sandbox

B. malware detection

C. EX Series device integration

D. honeypot

What are two logical properties of an interface? (Choose two.)

A. link mode

B. IP address

C. VLAN ID

D. link speed

Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.
In this scenario, which security feature would you use to satisfy this request?

A. antivirus

B. Web filtering

C. content filtering

D. antispam

Which order is correct for Junos security devices that examine policies for transit traffic?

A. 1. zone policies2. global policies3. default policies

B. 1. default policies2. zone policies3. global policies

C. 1. default policies2. global policies3. zone policies

D. 1. global policies2. zone policies3. default policies

You want to implement user-based enforcement of security policies without the requirement of certificates and supplicant software.
Which security feature should you implement in this scenario?

A. integrated user firewall

B. screens

C. 802.1X

D. Juniper ATP

Which two IPsec hashing algorithms are supported on an SRX Series device? (Choose two.)

A. SHA-1

B. SHAKE128

C. MD5

D. RIPEMD-256

Click the Exhibit button.

Referring to the exhibit, which three statements about the ge-0/0/1 interface are correct? (Choose three.)

A. The interface has not been placed in a zone.

B. The interface is located on Slot1.

C. IPv4 and IPv6 have been configured.

D. The physical and logical units are up.

E. Logical unit0 has been configured.

Which two statements are correct about the null zone on an SRX Series device? (Choose two.)

A. The null zone is created by default.

B. The null zone is a functional security zone.

C. Traffic sent or received by an interface in the null zone is discarded.

D. You must enable the null zone before you can place interfaces into it.

Which two addresses are valid address book entries? (Choose two.)

A. 173.145.5.21/255.255.255.0

B. 153.146.0.145/255.255.0.255

C. 203.150.108.10/24

D. 191.168.203.0/24

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

A. firewall filters

B. UTM

C. Juniper ATP Cloud

D. IPS

What is the default timeout value for TCP sessions on an SRX Series device?

A. 30 seconds

B. 60 minutes

C. 60 seconds

D. 30 minutes

Which statement about service objects is correct?

A. All applications are predefined by Junos.

B. All applications are custom defined by the administrator.

C. All applications are either custom or Junos defined.

D. All applications in service objects are not available on the vSRX Series device.

Which two statements are correct about IPsec security associations? (Choose two.)

A. IPsec security associations are bidirectional.

B. IPsec security associations are unidirectional.

C. IPsec security associations are established during IKE Phase 1 negotiations.

D. IPsec security associations are established during IKE Phase 2 negotiations.

Which two components are configured for host inbound traffic? (Choose two.)

A. zone

B. logical interface

C. physical interface

D. routing instance

You are installing a new SRX Series device and you are only provided one IP address from your ISP.
In this scenario, which NAT solution would you implement?

A. pool-based NAT with PAT

B. pool-based NAT with address shifting

C. interface-based source NAT

D. pool-based NAT without PAT