Q31. Click the Exhibit button. [edit]

user@host# show interfaces ge-0/0/1 {

unit 0 {

family bridge { interface-mode access; vlan-id 20;

}

}

}

ge-0/0/10 { unit 0 {

family bridge { interface-mode access; vlan-id 20;

}

}

}

[edit]

user@host# show bridge-domains d1 {

domain-type bridge; vlan-id 20;

}

[edit]

user@host# show security flow bridge

[edit]

user@host# show security zones security-zone 12 {

host-inbound-traffic { system-services { any-service;

}

}

interfaces { ge-0/0/1.0; ge-0/0/10.0;

}

}

Referring to the exhibit, which statement is true?

A. Packets sent tom the SRX Series device are sent to the RE.

B. Packets sent to the SRX Series device are discarded.

C. Only frames that have a VLAN ID of 20 are accepted.

D. Only frames that do not have any VLAN tags are accepted.

Answer: C


Q32. Which two are required for the SRX device to perform DNS doctoring? (Choose two.)

A. DNS ALG

B. dns-doctoring stanza

C. name-server

D. static NAT

Answer: A,D

Explanation:

Reference :http://www.juniper.net/techpubs/en_US/junos12.1x44/information-products/pathway-pages/security/security-alg-dns.pdf


Q33. Your company's network has seen an increase in Facebook-related traffic. You have been asked to restrict the amount of Facebook-related traffic to less than 100 Mbps regardless of congestion.

What are three components used to accomplish this task? (Choose three.)

A. IDP policy

B. application traffic control

C. application firewall

A. D. security policy

E. application signature

Answer: B,D,E

Explanation:

An IDP policy defines how your device handles the networktraffic.It will not limit the rate. Reference:http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/idp-policy-overview-section.html)

Application Firewallenforces protocol and policy control at Layer 7. It inspects the actual content of the payload and ensures that it conforms to the policy, rather thanlimiting the rate.

Reference:http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/application-firewall-overview.html


Q34. What are two network scanning methods? (Choose two.)

A. SYN flood

B. ping of death

C. ping sweep

D. UDP scan

Answer: C,D

Explanation:

The question is about the network scanning. So correct answers are ping sweep and UDP scan as both are port scanning types.

Reference:URL:http://althing.cs.dartmouth.edu/local/Network_Scanning_Techniques.pdf


Q35. Which statement is true regarding dual-stack lite?

A. The softwire is an IPv4 tunnel over an IPv6 network.

B. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.

C. The softwire concentrator (SC) decapsulates softwire packets.

D. SRX devices support the softwire concentrator and softwire initiator functionality.

Answer:

Explanation: Reference:http://www.juniper.net/techpubs/en_US/junos/topics/concept/ipv6-ds-lite- overview.html


Q36. In which situation is NAT proxy NDP required?

A. when translated addresses belong to the same subnet as the ingress interface

B. when filter-based forwarding and static NAT are used on the same interface

C. when working with static NAT scenarios

D. when the security device operates in transparent mode

Answer: C

Explanation:

WhenIP addressesarein the same subnet of the ingressinterface,NAT proxy ARPconfigured

Reference :http://www.juniper.net/techpubs/en_US/junos12.1x44/information- products/pathway-pages/security/security-nat.pdf

Reference :http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html


Q37. You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able to reach the Web server using its DNS name. External users receive an error message from their browser.

Which action would solve this problem?

A. Modify the security policy.

B. Disable Web filtering.

C. Use destination NAT instead of static NAT.

D. Use DNS doctoring.

Answer: D

Explanation:

Reference :http://www.networker.co.in/2013/03/dns-doctoring.html


Q38. Which two configuration statements are used to share interface routes between routing instances? (Choose two.)

A. export-rib

B. static rib-group

C. interface-routes rib-group

D. import-rib

Answer: C,D


Q39. Which three match condition objects are required when creating IPS rules? (Choose three.)

A. attack objects

B. address objects

C. terminal objects

D. IP action objects

E. zone objects

Answer: A,B,E

Explanation: Reference: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-42453.html#understand-rule-match- cond-section


Q40. What is a secure key management protocol used by IPsec?

A. AH

B. ESP

C. TCP

D. IKE

Answer: D