What is a benefit of using a group VPN?
Answer : B
Explanation:
Reference : Page 4 -
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC kQFjAA&url=http%3A%2F%2Fwww.thomas- krenn.com%2Fredx%2Ftools%2Fmb_download.php%2Fmid.x6d7672335147784949386f3 d%2FManual_Configuring_Group_VPN_Juniper_SRX.pdf%3Futm_source%3Dthomas- krenn.com%26utm_medium%3DRSS-
Feed%26utm_content%3DConfiguring%2520Group%2520VPN%26utm_campaign%3DDo wnloads&ei=C2HrUaSWD8WJrQfXxYGYBA&usg=AFQjCNFgKnv9ZLwqZMmbzAfvGDPvo
Mz7dw&bvm=bv.49478099,d.bmk -
For an SRX chassis cluster in transparent mode, which action occurs to signal a high availability failover to neighboring switches?
Answer : C
Reference:
http://books.google.co.in/books?id=2HSLsTJIgEQC&pg=PA246&lpg=PA246&dq=the+SRX
+chassis+cluster+flaps+the+former+active+interfaces&source=bl&ots=_eDe_vRMyw&sig= x-
Px98kZEi4hZvGflcoybABdMRQ&hl=en&sa=X&ei=iMLzUcDSLcfRrQeQw4CYCA&ved=0CE
AQ6AEwBA#v=onepage&q=flap&f=false
You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote user. Regarding this scenario, which three statements are correct? (Choose three.)
Answer : ABD
Explanation:
Reference :
http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn- appnote-v12.pdf
Click the Exhibit button.
-- Exhibit
Answer : D
You are asked to ensure that your IPS engine blocks attacks. You must ensure that your system continues to drop additional malicious traffic without additional IPS processing for up to 30 minutes. You must ensure that the SRX Series device does send a notification packet when the traffic is dropped.
Which statement is correct?
Answer : D
You are troubleshooting an IPsec session and see the following IPsec security associations:
ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys
< 192.168.224.1 500 ESP:aes-256/sha1 d6393645 26/ unlim - 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec235 26/ unlim - 0
< 192.168.224.1 500 ESP:aes-256/sha1 f9a2db9a 3011/ unlim - 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec236 3011/ unlim - 0
What are two reasons for this behavior? (Choose two.)
Answer : CD
Reference: http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es- swcmdref/show-security-ipsec-security-associations.html
Click the Exhibit button.
-- Exhibit
Answer : A,D
Which feature is used for layer 2 bridging on an SRX Series device?
Answer : C
Click the Exhibit button.
-- Exhibit
Answer : BD
Reference: https://www.juniper.net/techpubs/en_US/idp/topics/example/simple/intrusion- detection-prevention-idp-rulebase-default-service-usage.html
Click the Exhibit button.
-- Exhibit --
[edit security idp]
user@srx# show
security-package {
url https://services.netscreen.com/cgi-bin/index.cgi;
automatic {
start-time "2012-12-11.01:00:00 +0000";
interval 120;
enable;
-- Exhibit --
You have configured your SRX device to download and install attack signature updates as shown in the exhibit. You discover that updates are not being downloaded.
What are two reasons for this behavior? (Choose two.)
Answer : BD
Explanation:
Configuration is correct. Only reason is that SRZ device is not able to connect to definition server.
Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16491
You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption.
Upon enabling the decryption, you notice sessions are not decrypted.
Which action resolves the problem?
Answer : D
You are asked to secure your companys Web presence. This includes using an SRX
Series device to inspect SSL traffic going to the Web servers in your DMZ.
Which two actions are required to accomplish this task? (Choose two.)
Answer : A,D
You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. The tunnel is stable and up, and communications with remote devices on different subnets work without any issues. Which configuration setting would resolve this issue?
Answer : C
Explanation:
Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf
Click the Exhibit button.
-- Exhibit --
[edit security]
user@srx# show idp
application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
-- Exhibit --
You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.
What are two reasons for this behavior? (Choose two.)
Answer : A,D
Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.0/junos-security-swconfig-security/appddos-protection-overview.html http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security- swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against
You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode.
What must be considered when accomplishing this task?
Answer : D
Have any questions or issues ? Please dont hesitate to contact us