Which of the following are supported Mini-Physical Interface Modules (Mini-PIMs) on an SRX

Series Services Gateways? (Choose three.)

DOCSIS
8-Port Gigabit Ethernet SFP XPIM
1-Port Gigabit Ethernet PoE
Serial
1-Port Gigabit Ethernet Small Form-Factor Pluggable (SFP)

Which two SRX Series devices support PoE? (Choose two.)

SRX320
SRX300
SRX650
SRX5600

Which two of the following does a default configuration on an SRX300 include? (Choose two.)

a default gateway
an untrust security zone
a DHCP client on ge-0/0/0
a DHCP client on ge-0/0/1

What match criteria does an SRX Series device’s network processing unit (NPU) use to
determine if a flow already exists for a packet? (Choose three.)

MAC address
inbound interface
source port
unique session token number for a given zone and virtual router
protocol

The vSRX is available for which two of the following hypervisors? (Choose two.)

Hyper-V
Xen
OpenVZ
KVM
When traffic has met match criteria, what options are available to be performed on the traffic?
(Choose three.)

permit
reject
deny
discard
redirect

After a packet is not able to be matched to an existing session, what is the next service to inspect
the packet?

screens
zones
policy
static NAT

In the context of SRX Series devices, what services does fast-path processing skip? (Choose
two.)

zones
screens
services ALG
policy

Which is the correct syntax representation of a wildcard address for an address book entry?

192.168.*.7/23
192.168.0.7/0.0.255.0
192.168.0.7/255.255.0.255
192.168.0.7/ 00000000.00000000.00000001.11111111

What security component is a collection of one of more network segments sharing identical
security requirements?

screen
zone
policy
filter
What are two security policy components? (Choose two.)

user-defined address object

IKE security association
application
filter

Which two statements are true regarding unified security policies? (Choose two.)

A unified policy cannot be a global-based policy.

A unified policy cannot be a zone-based policy.
A unified policy can be a global-based policy.
A unified policy can be a zone-based policy.

What is a set of rules that tells a Junos security device how to treat transit traffic?

zone
screen
policy
filter

Which order do Junos security devices examine policies for transit traffic?

default policy, zone policies, global policies

zone policies, global policies, default policy
global policies, zone policies, default policy
default policy, global policies, zone policies

Which two criteria are correct when considering security policy rule ordering? (Choose two.)

Rules with more specific match criteria should be listed higher.

Rules with more specific match criteria should be listed lower.
By default, new rules go to the end of the list.
By default, new rules go to the beginning of the list.
Which two statements describe the GeoIP feature of Sky ATP? (Choose two.)

GeoIP uses dynamic address entries.

GeoIP uses static address entries.
The SRX Series device does not need connectivity with the Sky ATP cloud for GeoIP to function
properly.
The SRX Series device needs connectivity with the Sky ATP cloud for GeoIP to function
properly.

Which two statements describe the C&C threat prevention feature of Sky ATP? (Choose two.)

C&C threat prevention stops compromised hosts in your network from communicating
with known C&C servers.
C&C threat prevention stops the users in your network from downloading malicious software
from webservers.
C&C threat prevention can stop hosts in your network from unwillingly participating in a
DDoS attack.
C&C threat prevention stops users in your network from downloading malicious software from
an e-mail server.

Which two statements are true about Sky ATP e-mail protection? (Choose two.)

Sky ATP e-mail protection inspects SMTP traffic.

Sky ATP e-mail protection inspects IMAP traffic.
Sky ATP e-mail protection inspects POP3 traffic.
Sky ATP e-mail protection inspects MAPI traffic.

If you need to protect against malicious files that might be download through Web-based e-mail,
which Sky ATP protection mechanism should you use?

SMTP file inspection

IMAP file inspection
POP3 file inspection
HTTP file inspection
Which statement is correct about interface-based NAT?

Interface-based NAT is used to translate the destination address of outgoing packets.

Interface-based NAT uses the outbound interface IP address to translate the source
address of outgoing packets.
Interface-based NAT uses a pool of IP addresses to translate the destination address of outgoing
packets.
Interface-based NAT uses a pool of IP addresses to translate the source address of outgoing
packets.

When does a Junos security device implement NAT?

first path processing only

fast path processing only
both first path and fast path processing
neither first path nor fast path processing

Bidirectional initiation of translation is classified as which type of NAT?

source
destination
dynamic
static

What are two types of source NAT? (Choose two.)

interface-based
pool-based
zone-based
policy-based

In the J-Web user interface, which feature is used to facilitate building IPsec VPN tunnels?

the VPN Wizard

an IPsec template
an automation protocol
a machine learning algorithm
You are configuring an SRX Series device to inter-operate with a third-party IPsec VPN
endpoint that uses policies to create the VPN. In this scenario, what must be configured for the
VPN to work?

perfect forward secrecy

VPN monitoring
re-keying
proxy IDs

When considering secure VPNs, what are three major security concerns? (Choose three.)

integrity
reliability
source authentication
confidentiality
high availability

Hashed Message Authentication Code (HMAC) is a source authentication method based on

which three procedures? (Choose three.)

adds a certificate to the hashing process

pre-shared key must be known by both sides
adds a pre-shared key (PSK) to the hashing process
validates data integrity and verifies that the data came from the proper source
pre-shared key must be a minimum of 16 alphanumeric characters

What is the correct order for processing UTM traffic within the Junos flow module services?

interface I/O, security policy, application proxy, TCP proxy

interface I/O, security policy, TCP proxy, application proxy
interface I/O, TCP proxy, application proxy, security policy
interface I/O, application proxy, security policy, TCP proxy
A security administrator wants to deploy application control policies to allow or deny traffic
based on dynamic applications in the organization's Amazon Web Services (AWS) deployment.
Which action would accomplish this task?

Deploy a vSRX with the UTM suite in AWS and configure Web filtering.
Deploy a vSRX with the AppSecure suite in AWS and configure the AppFW.
Deploy a vSRX with IPS in the AWS deployment.
Deploy a vSRX in AWS and configure a new security policy with the respective IP address and
port numbers.

Which statement is correct about the antivirus feature on SRX Series devices?

The Sophos antivirus feature is less CPU intensive than the full file-based antivirus feature.
The full file-based antivirus feature is less CPU intensive than the Sophos antivirus feature.
The full file-based antivirus feature allows you to create local whitelists and blacklists.
The Sophos antivirus feature supports a different set of protocols than the full file-based antivirus
feature.

Which three features are does Unified Threat Management (UTM) include? (Choose three.)

IDP/IPS
antispam
antivirus
content filtering
screen filtration

You are installing a Junos Space Log Collector VM for a large-scale deployment. What are two
valid node types for this deployment? (Choose two.)

All-in-One node
Log Receiver node
Log Storage node
Chassis Cluster node
You have downloaded the package “junos-srxme-19.1R1.6-domestic.tgz”. Based on the naming
convention, which two things are true about this release? (Choose two.)

It is a service release.
It is FIPS compliant.
It supports strong encryption.
It is a standard release.

Prior to creating reports by the routing engines, what must be enabled on an SRX Series device?

SNMP
security logging
root user access
packet capture

On an SRX Series device, which two troubleshooting utilities are available within the J-Web
interface? (Choose two.)

Ping Host
Traceroute
Netstat
Finger