You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified. Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)

A. Enable heuristics to detect the encrypted traffic.

B. Disable the application system cache.

C. Use the junos:UNSPECIFIED-ENCRYPTED application signature.

D. Use the junos:SPECIFIED-ENCRYPTED application signature.

You are asked to establish a baseline for your company's network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together. What are two ways to accomplish this goal? (Choose two.)

A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.

B. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.

C. Send SNMP traps with bandwidth usage to a central SNMP server.

D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

You want to implement a hub-and-spoke VPN topology using a single logical interface on the hub. Which st0 interface configuration is correct for the hub device?

A. [edit interfaces] user@srx# show st0 { multipoint

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

B. [edit interfaces] user@srx# show st0 {

unit 0 {

family inet {

address 10.10.10.1/24;

}

}

}

C. [edit interfaces] user@srx# show st0 {

unit 0 {

point-to-point;

family inet {

address 10.10.10.1/24;

}

}

}

D. [edit interfaces] user@srx# show st0 {

unit 0 {

multipoint;

family inet {

address 10.10.10.1/24;

}

}

}

You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security policies and perform other various configurations. Where would you configure a Layer 3 interface to meet this requirement?

A. fxp0.0

B. vlan.1

C. irb.1

D. ge-0/0/0.0

What is the default action for an SRX device in transparent mode to determine the outgoing interface for an unknown destination MAC address?

A. Perform packet flooding.

B. Send an ARP query.

C. Send an ICMP packet with a TTL of 1.

D. Perform a traceroute request.

You are asked to configure class of service (CoS) on an SRX device running in transparent mode. Which command would you use?

A. set interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

B. set class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp priority-app

C. set class-of-service interfaces ge-0/0/0 unit 0 classifiers ieee-802.1 priority-app

D. set interfaces ge-0/0/0 unit 0 classifiers inet-precedence priority-app

Click the Exhibit button.

TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A is using the Blue network and getting dropped by the SRX device.

Which action will resolve the issue?

Exhibit:

A. Enable asyncronous-routing under the Blue zone.

B. Configure ge-0/0/1 to belong to the Red zone.

C. Disable RPF checking.

D. Disable TCP sequence checking.

You are asked to implement the AppFW feature on an SRX Series device.

Which three tasks must be performed to make the feature work? (Choose three.)

A. Configure a firewall filter that includes the application-firewall policy.

B. Install an IPS license.

C. Install an AppSecure license.

D. Configure a security policy that includes the application-firewall policy.

E. Configure an application-firewall policy.

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.

Referring to the exhibit, which statement is true?

Exhibit:

A. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.

B. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

C. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

D. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.

Which AppSecure module provides Quality of Service?

A. AppTrack

B. AppFW

C. AppID

D. AppQoS