Click the Exhibit button.

Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination

192.168.150.111 using HTTP?

A. The client will be denied by policy p2.

B. The client will be denied by policy p1.

C. The client will be permitted by policy p2.

D. The client will be permitted by policy p1.

Click the Exhibit button.

You have configured NAT on your network so that Host A can communicate with Server B. You want to ensure that Host C can initiate communication with Host A using Host A's reflexive address.

Referring to the exhibit, which parameter should you configure on the SRX Series device to satisfy this requirement?

A. Configure persistent NAT with the target-host parameter.

B. Configure persistent NAT with the target-host-port parameter.

C. Configure persistent NAT with the any-remote-host parameter.

D. Configure persistent NAT with the port-overloading parameter.

You must verify if destination NAT is actively being used by users connecting to an internal server from the

Internet.

Which action will accomplish this task on an SRX Series device?

A. Examine the destination NAT translations table.

B. Examine the installed routes in the packet forwarding engine.

C. Examine the NAT translation table.

D. Examine the active security flow sessions.

Click the Exhibit button.

Users at a remote office are unable to access an FTP server located at the remote corporate data center as expected. The remote FTP server is listening on the non-standard TCP port 2121.

Referring to the exhibit, what is causing the problem?

A. The FTP clients must be configured to listen on non-standard client ports for the FTP data channel negotiations to succeed.

B. Two custom FTP applications must be defined to allow bidirectional FTP communication through the SRX Series device.

C. The custom FTP application definition does not have the FTP ALG enabled.

D. A new security policy must be defined between the untrust and trust zones.

You need to configure an IPsec tunnel between a remote site and a hub site. The SRX Series device at the remote site receives a dynamic IP address on the external interface that you will use for IPsec. Which feature would you need to configure in this scenario?

A. NAT-T

B. crypto suite B

C. aggressive mode

D. IKEv2

Click the Exhibit button.

Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination

192.168.150.3 using HTTP?

A. The client will be denied by policy p2.

B. The client will be permitted by the global policy.

C. The client will be permitted by policy p1.

D. The client will be denied by policy p3.

You are asked to support source NAT for an application that requires that its original source port not be changed.

Which configuration would satisfy the requirement?

A. Configure a source NAT rule that references an IP address pool with interface proxy ARP enabled.

B. Configure the egress interface to source NAT fixed-port status.

C. Configure a source NAT rule that references an IP address pool with the port no-translation parameter enabled.

D. Configure a source NAT rule that sets the egress interface to the overload status.

Click the Exhibit button.

A customer would like to monitor their VPN using dead peer detection.

Referring to the exhibit, for how many minutes was the peer down before the customer was notified?

A. 5

B. 3

C. 4

D. 2

You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase 1 negotiation succeeds and the Phase 2 negotiation fails.

Which two configuration parameters should you verify are correct? (Choose two.)

A. Verify that the IKE gateway proposals on the initiator and responder are the same.

B. Verify that the VPN tunnel configuration references the correct IKE gateway.

C. Verify that the IPsec policy references the correct IKE proposals.

D. Verify that the IKE initiator is configured for main mode.

Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic to connect to the webserver.

Which two actions would accomplish this task? (Choose two.)

A. Create a custom application for port 8088 and create a security policy that permits the custom-http application.

B. Remap port 80 to port 8088 in the junos-http application and create a security policy that permits the junos-http application.

C. Use destination NAT to remap incoming traffic from port 80 to port 8088.

D. Create an Application Layer Gateway to permit HTTP traffic on port 8088.