t66

1.

Which management software supports metadata-based security policies that are ideal for cloud deployments?

2.

You are configuring an IPSec VPN tunnel between two locations on your network. Each packet must be encrypted and authenticated.

Which protocol would satisfy these requirements?

3.

Which statement is correct about IKE?

4.

Which two statements describe IPsec VPNs? (Choose two)

5.

What must you do first to use the Monitor/Alarms/Policy Log workspace in J-Web?

6.

The Sky ATP premium or basic Threat Feed license is needed for which two features? (Choose two)

7.

Which type of security policy protects restricted services from running on non-standard ports?

8.

You want to automatically generate the encryption and authentication keys during IPsec VPN establishment.

What would be used to accomplish this task?

9.

What are two characteristics of static NAT on SRX Series devices? (Choose two)

10.

Which two statements are true about security policy actions? (Choose two)

11.

Which statements about NAT are correct? (Choose two)

12.

Which two notifications are available when the antivirus engine detects an infected file? (Choose two)

13.

What should you configure if you want to translate a private source IP address to a single public IP address?

14.

What is the purpose of the Shadow Policies workspace in J-Web?

15.

A new SRX Series device has been delivered to your location. The device has the factory-default configuration loaded. You have powered on the device and connected to the console port.

What would you use to log into the device to begin the initial configuration?

16.

Which two statements are true about UTM on a SRX340? (Choose two)

17.

Which three actions would be performed on traffic traversing an IPsec VPN? (Choose three)

18.

You have created a zone-based security policy that permits traffic to a specific webserver for the marketing team. Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the server they are unable to do so.

What are two reasons for this access failure? (Choose two)

19.

Referring to the exhibit:

user@vSRX-1> show security flow session

Session ID: 30, Policy name: internet-trust / S, Timeout: 1758, Valid

In: 10.10.101.10/63797 --> 203.0.113.6/23; tcp, Conn Tag; 0×0, If: ge – 0/0/4.0,

Pkts: 28, Bytes: 1622,

Out: 203.0.113.6/23 --> 203.0.113.5/30859; tcp, Conn Tag; 0×0, If: ge – 0/0/3.0,

Pkts: 22, Bytes: 1447,

Total sessions: 1

which type of NAT is being performed?

20.

Which statement  is correct about global security policies?

21.

Which two actions are performed on an incoming packet matching an existing session? (Choose two)

22.

You are designing a new security policy on an SRX Series device. You must block an application and log all occurrences of the application access attempts.

In this scenario, which two actions must be enabled in the security policy?

(Choose two)

23.

Which two match conditions would be used in both static NAT and destination NAT rule sets? (Choose two)

24.

Which statement is correct about Sky ATP?

25.

Which method do VPNs use to prevent outside parties from viewing packet in clear text?

26.

You verify that the SSH service is configured correctly on your SRX Series device, yet administrators attempting to connect through a revenue port are not able to connect.

In this scenario, what must be configured to solve this problem?

27.

We are configuring the anti-spam UTM feature on an SRX Series device.

Which two actions would be performed by the SRX Series device for e-mail that is identified as spam? (Choose two)

28.

Your company uses SRX Series devices to secure the edge of the network. You are asked to protect the company from ransomware attacks.

Which solution will satisfy this requirement?

29.

Host-inbound-traffic is configured on the DMZ zone and the ge-0/0/9.0 interface attached to that zone. Referring to the exhibit:

 

Host Inbound Traffic-Zone

Selected

ssh
https
ftp
finger
ike

 

Host Inbound Traffic-Interface

Selected interfaces

ge-0/9/0.0

Selected

dhcp
ssh
http
telnet
ping

 

which two types of management traffic would be performed on the SRX Series device? (Choose two)

30.

You have configured antispam to allow e-mail from example.com. However, in the logs you see that jcart@example.com is blocked.

Referring to the exhibit:

 

Apr 10  14:23:07   vSRX-1  RT_UTM:  ANTISPAM_SPAM_DETECTED_MT:  Antispam: SPAM detected:

name=:”jcart@example.com” source-ip=(172.23.10.100)

profile-name=”block-spam” action=”Deny” reason=”Match local blacklist”

username=”N/A” roles=”N/A”

 

what are two ways to solve this problem?

31.

Which two elements are needed on an SRX Series device to set up a remote syslog server? (Choose two)

32.

What is the correct order of processing when configuring NAT rules and security policies?

  • Destination NAT
  • Source NAT
  • Policy lookup
  • Static NAT
33.

Which flow module component handles processing for UTM?

34.

Which statement about IPsec is correct?

35.

Which two statements are correct about functional zones? (Choose two)

36.

You configured and applied several global policies and some of the policies have overlapping match criteria.

In this scenario, how are these global policies applied?

37.

What are the valid actions for a source NAT rule in J-Web? (Choose three)

38.

Which UTM feature should you use to protect users from visiting certain blacklisted websites?

39.

Which security feature is applied to traffic on an SRX Series device when the device is running on packet mode?

40.

Firewall filters define which type of security?

41.

Which two statements are true about the null zone? (Choose two)

42.

You have configured a Web filtering UTM policy.

Which action must be performed before the Web filtering UTM policy takes effect?

43.

The free licensing model for Sky ATP includes which features? (Choose two)

44.

Which two statements are correct about using global-based policies over zone-based policies? (Choose two)

45.

Which two features on the SRX Series device are common across all Junos devices? (Choose two)

46.

Which statements about IPsec are correct? (Choose two)

47.

Your company has been assigned one public IP address. You want to enable internet traffic to reach multiple servers in your DMZ that are configured with private IP addresses.

In this scenario, which type of NAT would be used to accomplish the task?

48.

By default, revenue interfaces are placed into which system-defined security zone on a SRX series device?

49.

Which security object defines a source or destination IP address that is used for an employee Workstation?

50.

Which statement is correct about Junos security zones?


 

Leave a comment