Security, Associate (JNCIA-SEC) v1.0
Question 1
You want to verify the effectiveness of Web filtering on the SRX Series Firewall.
How would you accomplish this task?
- A. by examining the content filtering policies
- B. by checking the file extensions of blocked content
- C. by installing a local NGWF server
- D. by attempting to access permitted or blocked URLs
Answer : D
Question 2
A new packet arrives on an interface on your SRX Series Firewall that is assigned to the trust security zone.
In this scenario, how does the SRX Series Firewall determine the egress security zone?
- A. by examining the destination port
- B. by performing a route lookup
- C. by examining the ingress security zone properties
- D. by performing a session lookup
Answer : B
Question 3
Which two statements are correct about security zones on an SRX Series device? (Choose two.)
- A. Security zones can be shared between routing instances.
- B. Multiple security zones cannot be configured on an SRX Series device.
- C. Security zones cannot be shared between routing instances.
- D. Intrazone and interzone traffic both require security policies.
Answer : CD
Question 4
Which two statements are correct about the content filter shown in the exhibit? (Choose two.)
- A. .exe files will not be allowed to be downloaded over HTTP.
- B. There will be an e-mail sent to the user about why the SRX is blocking the file.
- C. There will be a notice added to the SRX log file about the file being blocked.
- D. .exe files will not be allowed to be uploaded over HTTP.
Answer : AC
Question 5
Referring to the exhibit, which action would you take to permit the traffic shown in the exhibit?
- A. Assign the ge-0/0/1.0 interface to a security zone.
- B. Assign the fxp0.0 interface to a security zone.
- C. Enable flow-mode processing for family mpls.
- D. Enable flow-mode processing for family inet.
Answer : A
Question 6
Referring to the exhibit, which two statements are correct? (Choose two.)
- A. The SRX Series Firewall is performing destination NAT.
- B. The SRX Series Firewall is performing source NAT.
- C. The SRX Series Firewall is not performing PAT.
- D. The SRX Series Firewall is performing PAT.
Answer : AD
Question 7
Which two security features are applied in a security policy? (Choose two.)
- A. SSL proxy
- B. firewall authentication
- C. captive portal authentication
- D. MAC bypass
Answer : AB
Question 8
What are two system-defined zones created on the SRX Series Firewalls? (Choose two.)
- A. junos-host
- B. null
- C. DMZ
- D. management
Answer : AB
Question 9
Which two statements about functional zones are correct? (Choose two.)
- A. You create only one functional zone called management.
- B. Functional zones consist of logical interfaces belonging to multiple zones.
- C. You reference the management functional zone in a security policy.
- D. The management functional zone controls management access to the firewall.
Answer : CD
Question 10
Which two characteristics of destination NAT and static NAT are correct? (Choose two.)
- A. Destination NAT requires address range sizes that match the devices being translated.
- B. Destination NAT supports port forwarding.
- C. Static NAT automatically creates a matching rule for the opposite direction.
- D. Static NAT uses Port Address Translation.
Answer : BC
Question 11
You just made a configuration change to a security policy on your SRX Series Firewall. Your users alert you that an application that uses FTP is no longer working.
Referring to the exhibit, what are two ways to solve this problem? (Choose two.)
- A. Enter the rollback 1 command followed by a commit command.
- B. Activate the ftp security policy and commit the configuration.
- C. Insert the ftp security policy before the web-smtp security policy.
- D. Change the destination address in the ftp security policy to any and commit the configuration.
Answer : AB
Question 12
You are troubleshooting first path traffic not passing through an SRX Series Firewall. You have determined that the traffic is ingressing and egressing the correct interfaces using a route lookup.
In this scenario, what is the next step in troubleshooting why the device may be dropping the traffic?
- A. Verify that the correct ALG is being used.
- B. Verify that the interfaces are in the correct security zones.
- C. Verify that source NAT is occurring.
- D. Verify the routing protocol being used.
Answer : B
Question 13
Referring to the exhibit, which two statements are correct? (Choose two.)
- A. Traffic does not match this NAT rule.
- B. All traffic that ingresses the trust security zone and egresses the untrust security zone matches this NAT rule.
- C. Only traffic that matches the default route matches this NAT rule.
- D. This is the first NAT rule in the rule set.
Answer : BD
Question 14
Which two statements are true about content filtering on SRX Series devices? (Choose two.)
- A. Content filtering requires a license.
- B. Content filtering examines the file extension to determine the file type.
- C. Content filtering does not require a license.
- D. Content filtering examines the file contents to determine the file type.
Answer : AB
Question 15
Which two statements are correct about unified security policies on SRX Series Firewalls? (Choose two.)
- A. Unified security policies with multiple matches use the most restrictive match.
- B. Unified security policies match applications before processing policy statements.
- C. Unified security policies can be zone-based or global.
- D. Unified security policies use the application identification (AppID) engine.
Answer : CD