Which two statements are correct about global policies? (Choose two.)

A. Global policies are evaluated after default policies.

B. Global policies do not have to reference zone context.

C. Global policies are evaluated before default policies.

D. Global policies must reference zone contexts.

Your company is adding IP cameras to your facility to increase physical security. You are asked to help protect these IoT devices from becoming zombies in a DDoS attack.
Which Juniper ATP feature should you configure to accomplish this task?

A. IPsec

B. static NAT

C. allowlists

D. C&C feeds

What are two features of the Juniper ATP Cloud service? (Choose two.)

A. sandbox

B. malware detection

C. EX Series device integration

D. honeypot

When configuring antispam, where do you apply any local lists that are configured?

A. custom objects

B. advanced security policy

C. antispam feature-profile

D. antispam UTM policy

Which two traffic types are considered exception traffic and require some form of special handling by the PFE? (Choose two.)

A. SSH sessions

B. ICMP reply messages

C. HTTP sessions

D. traceroute packets

You want to prevent other users from modifying or discarding your changes while you are also editing the configuration file.
In this scenario, which command would accomplish this task?

A. configure master

B. cli privileged

C. configure exclusive

D. configure

An application firewall processes the first packet in a session for which the application has not yet been identified.
In this scenario, which action does the application firewall take on the packet?

A. It allows the first packet.

B. It denies the first packet and sends an error message to the user.

C. It denies the first packet.

D. It holds the first packet until the application is identified.

What must be enabled on an SRX Series device for the reporting engine to create reports?

A. packet capture

B. security logging

C. system logging

D. SNMP

What are two valid address books? (Choose two.)

A. 66.129.239.128/25

B. 66.129.239.154/24

C. 66.129.239.0/24

D. 66.129.239.50/25

Click the Exhibit button.

What is the purpose of the host-inbound-traffic configuration shown in the exhibit?

A. to permit host inbound HTTP traffic and deny all other traffic on the internal security zone

B. to deny and log all host inbound traffic on the internal security zone, except for HTTP traffic

C. to permit all host inbound traffic on the internal security zone, but deny HTTP traffic

D. to permit host inbound HTTP traffic on the internal security zone

Which two user authentication methods are supported when using a Juniper Secure Connect VPN? (Choose two.)

A. certificate-based

B. multi-factor authentication

C. local authentication

D. active directory

What are three primary match criteria used in a Junos security policy? (Choose three.)

A. application

B. source address

C. source port

D. class

E. destination address

The UTM features are performed during which process of the SRX Series device’s packet flow?

A. security policies

B. services

C. zones

D. screens

Which two addresses are valid address book entries? (Choose two.)

A. 173.145.5.21/255.255.255.0

B. 153.146.0.145/255.255.0.255

C. 203.150.108.10/24

D. 191.168.203.0/24

SRX Series devices have a maximum of how many rollback configurations?

A. 40

B. 60

C. 50

D. 10

Which two statements are correct about the null zone on an SRX Series device? (Choose two.)

A. The null zone is created by default.

B. The null zone is a functional security zone.

C. Traffic sent or received by an interface in the null zone is discarded.

D. You must enable the null zone before you can place interfaces into it.

Click the Exhibit button.

Referring to the exhibit, which three statements about the ge-0/0/1 interface are correct? (Choose three.)

A. The interface has not been placed in a zone.

B. The interface is located on Slot1.

C. IPv4 and IPv6 have been configured.

D. The physical and logical units are up.

E. Logical unit0 has been configured.

Which order is correct for Junos security devices that examine policies for transit traffic?

A. 1. zone policies2. global policies3. default policies

B. 1. default policies2. zone policies3. global policies

C. 1. default policies2. global policies3. zone policies

D. 1. global policies2. zone policies3. default policies

Which statement about global NAT address persistence is correct?

A. The same IP address from a source NAT pool will be assigned for all sessions from a given host.

B. The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host.

C. The same IP address from a destination NAT pool will be assigned for all sessions for a given host.

D. The same IP address from a destination NAT pool is not guaranteed to be assigned for all sessions for a given host.

Which three operating systems are supported for installing and running Juniper Secure Connect client software? (Choose three.)

A. Windows 7

B. Android

C. Windows 10

D. Linux

E. macOS

You have configured a UTM feature profile.
Which two additional configuration steps are required for your UTM feature profile to take effect? (Choose two.)

A. Associate the UTM policy with an address book.

B. Associate the UTM policy with a firewall filter.

C. Associate the UTM policy with a security policy.

D. Associate the UTM feature profile with a UTM policy.

Which statement is correct about unified security policies on an SRX Series device?

A. A zone-based policy is always evaluated first.

B. The most restrictive policy is applied regardless of the policy level.

C. A global policy is always evaluated first.

D. The first policy rule is applied regardless of the policy level.

Which statement is correct about Junos security policies?

A. Security policies enforce rules that should be applied to traffic transiting an SRX Series device.

B. Security policies determine which users are allowed to access an SRX Series device.

C. Security policies control the flow of internal traffic within an SRX Series device.

D. Security policies identify groups of users that have access to different features on an SRX Series device.

You are investigating a communication problem between two hosts and have opened a session on the SRX Series device closest to one of the hosts and entered the show security flow session command.
What information will this command provide? (Choose two.)

A. The total active time of the session.

B. The end-to-end data path that the packets are taking.

C. The IP address of the host that initiates the session.

D. The security policy name that is controlling the session.

When transit traffic matches a security policy, which three actions are available? (Choose three.)

A. Allow

B. Discard

C. Deny

D. Reject

E. Permit

You want to provide remote access to an internal development environment for 10 remote developers.
Which two components are required to implement Juniper Secure Connect to satisfy this requirement? (Choose two.)

A. an additional license for an SRX Series device

B. Juniper Secure Connect client software

C. an SRX Series device with an SPC3 services card

D. Marvis virtual network assistant

Which two statements are correct about screens? (Choose two.)

A. Screens process inbound packets.

B. Screens are processed on the routing engine.

C. Screens process outbound packets.

D. Screens are processed on the flow module.

You are assigned a project to configure SRX Series devices to allow connections to your webservers. The webservers have a private IP address, and the packets must use NAT to be accessible from the Internet. The webservers must use the same address for both connections from the Internet and communication with update servers.
Which NAT type must be used to complete this project?

A. source NAT

B. destination NAT

C. static NAT

D. hairpin NAT

Screens on an SRX Series device protect against which two types of threats? (Choose two.)

A. IP spoofing

B. ICMP flooding

C. zero-day outbreaks

D. malicious e-mail attachments

What is the order in which malware is detected and analyzed?

A. antivirus scanning –> cache lookup –> dynamic analysis –> static analysis

B. cache lookup –> antivirus scanning –> static analysis –> dynamic analysis

C. antivirus scanning –> cache lookup –> static analysis –> dynamic analysis

D. cache lookup –> static analysis –> dynamic analysis –> antivirus scanning

Which two security features inspect traffic at Layer 7? (Choose two.)

A. IPS/IDP

B. security zones

C. application firewall

D. integrated user firewall

What information does the show chassis routing-engine command provide?

A. chassis serial number

B. resource utilization

C. system version

D. routing tables

You want to verify the peer before IPsec tunnel establishment.
What would be used as a final check in this scenario?

A. traffic selector

B. perfect forward secrecy

C. st0 interfaces

D. proxy ID

Click the Exhibit button.

Referring to the exhibit, a user is placed in which hierarchy when the exit command is run?

A. [edit security policies from-zone trust to-zone dmz]user@vSRX-1#

B. [edit]user@vSRX-1#

C. [edit security policies]user@vSRX-1#

D. user@vSRX-1>

What does the number “2” indicate in interface ge-0/1/2?

A. the physical interface card (PIC)

B. the flexible PIC concentrator (FPC)

C. the interface logical number

D. the port number

You want to block executable files (*.exe) from being downloaded onto your network.
Which UTM feature would you use in this scenario?

A. IPS

B. Web filtering

C. content filtering

D. antivirus

Which two statements are correct about IKE security associations? (Choose two.)

A. IKE security associations are established during IKE Phase 1 negotiations.

B. IKE security associations are unidirectional.

C. IKE security associations are established during IKE Phase 2 negotiations.

D. IKE security associations are bidirectional.

You are asked to verify that a license for AppSecure is installed on an SRX Series device.
In this scenario, which command will provide you with the required information?

A. user@srx> show system license

B. user@srx> show services accounting

C. user@srx> show configuration system

D. user@srx> show chassis firmware

Click the Exhibit button.

When creating a site-to-site VPN using the J-Web screen shown in the exhibit, which statement is correct?

A. The remote gateway is configured automatically based on the local gateway settings.

B. RIP, OSPF, and BGP are supported under Routing mode.

C. The authentication method is pre-shared key or certificate based.

D. Privately routable IP addresses are required.

Corporate security requests that you implement a policy to block all POP3 traffic from traversing the Internet firewall.
In this scenario, which security feature would you use to satisfy this request?

A. antivirus

B. Web filtering

C. content filtering

D. antispam

You want to enable the minimum Juniper ATP services on a branch SRX Series device.
In this scenario, what are two requirements to accomplish this task? (Choose two.)

A. Install a basic Juniper ATP license on the branch device.

B. Configure the juniper-atp user account on the branch device.

C. Register for a Juniper ATP account on https://sky.junipersecurity.net.

D. Execute the Juniper ATP script on the branch device.

Unified threat management (UTM) inspects traffic from which three protocols? (Choose three.)

A. FTP

B. SMTP

C. SNMP

D. HTTP

E. SSH

What is the correct order in which interface names should be identified?

A. system slot number –> interface media type –> port number –> line card slot number

B. system slot number –> port number –> interface media type –> line card slot number

C. interface media type –> system slot number –> line card slot number –> port number

D. interface media type –> port number –> system slot number –> line card slot number

Which two UTM features should be used for tracking productivity and corporate user behavior? (Choose two.)

A. the content filtering UTM feature

B. the antivirus UTM feature

C. the Web filtering UTM feature

D. the antispam UTM feature

What are two Juniper ATP Cloud feed analysis components? (Choose two.)

A. IDP signature feed

B. C&C cloud feed

C. infected host cloud feed

D. US CERT threat feed

What are two functions of Juniper ATP Cloud? (Choose two.)

A. malware inspection

B. Web content filtering

C. DDoS protection

D. Geo IP feeds

Which statement about service objects is correct?

A. All applications are predefined by Junos.

B. All applications are custom defined by the administrator.

C. All applications are either custom or Junos defined.

D. All applications in service objects are not available on the vSRX Series device.

Which Juniper Networks solution uses static and dynamic analysis to search for day-zero malware threats?

A. firewall filters

B. UTM

C. Juniper ATP Cloud

D. IPS

You have an FTP server and a webserver on the inside of your network that you want to make available to users outside of the network. You are allocated a single public IP address.
In this scenario, which two NAT elements should you configure? (Choose two.)

A. destination NAT

B. NAT pool

C. source NAT

D. static NAT

You want to implement user-based enforcement of security policies without the requirement of certificates and supplicant software.
Which security feature should you implement in this scenario?

A. integrated user firewall

B. screens

C. 802.1X

D. Juniper ATP