Your management has a specific set of Web-based applications that certain employees are allowed to use.
Which two SRX Series device features would be used to accomplish this task? (Choose two.)
A. firewall filter
B. AppFW
C. IDP
D. UserFW
正解:B
質問 2:
Click the Exhibit button.
user@host# run show security flow session ... Session ID: 28, Policy name: allow/5, Timeout: 2, Valid In: 172.168.1.2/24800 --> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 --> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40
Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.
Referring to the exhibit, what is causing this problem?
A. The traffic is originated with the incorrect port number from the customer.
B. The traffic is originated with incorrect IP address from the customer.
C. The traffic is translated with the incorrect IP address for the HTTP server.
D. The traffic is translated with the incorrect port number for the HTTP server.
正解:D
質問 3:
Click the Exhibit button.
[edit security application-firewall]
user@host# show
rule-sets web {
rule one {
match {
dynamic-application junos:HTTP;
}
then {
permit;
}
}
default-rule {
reject;
}
}
What will happen to non-HTTP traffic that matches the application-firewall policy shown in the exhibit?
A. It will be allowed because this is a whitelist policy.
B. It will be denied because this is a blacklist policy.
C. It will be dropped and an error will be sent to the source.
D. It will be silently dropped.
正解:D
質問 4:
Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over SSH?
A. Use a logical interface.
B. Use the loopback interface.
C. Use a VLAN interface.
D. Use an irb interface.
正解:D
質問 5:
Click the Exhibit button. -- Exhibit-
-- Exhibit -You must configure two SRX devices to enable bidirectional communications between the two networks shown in the exhibit. You have been allocated the 172.16.1.0/24 and 172.16.2.0/24 networks to use for this purpose.
Which configuration will accomplish this task?
A. Using static NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
B. Using destination NAT, translate traffic destined to 172.16.1.0/24 to Site1's addresses, and translate traffic destined to 172.16.2.0/24 to Site2's addresses.
C. Using source NAT, translate traffic from Site1's addresses to 172.16.1.0/24, and translate traffic from Site2's addresses to 172.16.2.0/24.
D. Use an IPsec VPN to connect the two networks and hide the addresses from the Internet.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Given the following session output:
Session ID., Policy namE.default-policy-00/2, StatE.Active, Timeout: 1794, Valid
In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/80;tcp, IF.reth0.0, Pkts: 4, Bytes: 574
Out: 192.168.203.10/80 --> 192.168.203.1/24770;tcp, IF.reth1.0, Pkts: 3, Bytes:
Which statement is correct about the security flow session output?
A. NAT64 is used.
B. This session is about to expire.
C. The IPv4 Web server runs services on TCP port 24770.
D. Proxy NDP is used for this session.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Your company provides managed services for two customers. Each customer has been segregated within its own routing instance on your SRX device. Customer A and customer B inform you that they need to be able to reach certain hosts on each other's network.
Which two configuration settings would be used to share routes between these routing instances? (Choose two.)
A. import-rib
B. routing-group
C. next-table
D. instance-import
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
You have recently deployed a dynamic VPN. Some remote users are complaining that they
cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN.What are two reasons for this problem? (Choose two.)
A. The supported number of users has been exceeded for the applied license.
B. The users are connecting to the portal using Windows Vista.
C. The SRX device does not have the required user account definitions.
D. The SRX device does not have the required access profile definitions.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 9:
Which configurable SRX Series device feature allows you to capture transit traffic?
A. syslog
B. traceoptions
C. archival
D. packet-capture
正解:B