You are working as a security administrator and must configure a solution to protect against distributed

botnet attacks on your company's central SRX cluster.

How would you accomplish this goal?

A. Configure AppTrack to inspect and drop traffic from the malicious hosts.

B. Configure AppQoS to block the malicious hosts.

C. Configure AppDoS to rate limit connections from the malicious hosts.

D. Configure AppID with a custom application to block traffic from the malicious hosts.

You have just created a few hundred application firewall rules on an SRX device and applied them to the appropriate firewall polices. However, you are concerned that the SRX device might become overwhelmed with the increased processing required to process traffic through the application firewall rules.

Which three actions will help reduce the amount of processing required by the application firewall rules? (Choose three.)

A. Use stateless firewall filtering to block the unwanted traffic.

B. Implement AppQoS to drop the unwanted traffic.

C. Implement screen options to block the unwanted traffic.

D. Implement IPS to drop the unwanted traffic.

E. Use security policies to block the unwanted traffic.

Microsoft has altered the way their Web-based Hotmail application works. You want to update your application firewall policy to correctly identify the altered Hotmail application. Which two steps must you take to modify the application? (Choose two.)

A. user@srx> request services application-identification application copy junos:HOTMAIL

B. user@srx> request services application-identification application enable junos:HOTMAIL

C. user@srx# edit services custom application-identification my:HOTMAIL

D. user@srx# edit services application-identification my:HOTMAIL

You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two unique

logical systems (LSYSs) on the same SRX5800.

How would you accomplish this task?

A. Configure a security policy that contains the context from VR1 to VR2 to permit the relevant traffic.

B. Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.

C. Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow relevant traffic between VR1 and VR2 over that link.

D. Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and relevant policies to allow the traffic.

Which two statements are true regarding DNS doctoring? (Choose two.)

A. DNS doctoring translates the DNS CNAME payload.

B. DNS doctoring for IPv4 is supported on SRX devices.

C. DNS doctoring for IPv4 and IPv6 is supported on SRX devices.

D. DNS doctoring translates the DNS A-record.

Which statement is true about NAT?

A. When you implement destination NAT, the router does not apply ALG services.

B. When you implement destination NAT, the router skips source NAT rules for the initiating traffic flow.

C. When you implement static NAT, each packet must go through a route lookup.

D. When you implement static NAT, the router skips destination NAT rules for the initiating traffic flow.

You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports. Which type of persistent NAT is required?

A. any-remote-host

B. target-host

C. target-host-port

D. remote-host

As an SRX administrator, you must find all encrypted sessions on an SRX Series device.

Which command would you use to accomplish this task?

A. show security flow session tunnel

B. show security ike tunnel-map

C. show security ike security-associations

D. show security flow session encrypted

[edit] useu@host# run show log debug Feb 3 22:04:32 22:04:31.983991:CID-0:RT: ge-0/0/1.0:5.0.0.25/59028->25.0.0.25/23, tcp, flag 18

Feb 3 22:04:32 22:04:31.983997:CID-0:RT: find flow: table 0x582738c0, hash

53561(0xffff), sa 5.0.0.25, da 5.0.0.25, sp 59028, dp 23, proto 6, tok 20489 Feb 3 22:04:32 22:04:31.984004:CID-0:RT:Found: session id 0x14f98. sess tok 20489

Feb 3 22:04:32 22:04:31.984005:CID-0:RT: flow got session.

Feb 3 22:04:32 22:04:31.984006:CID-0:RT: flow session id 85912

Feb 3 22:04:32 22:04:31.984009:CID-0:RT: vector bits 0x2 vector 0x53a949e8

Feb 3 22:04:32 22:04:31.984012:CID-0:RT: tcp sec check.

Feb 3 22:04:32 22:04:31.984015:CID-0:RT:mbuf 0x4a82cd80, exit nh 0xa0010

Which two statements are true regarding the output shown in the exhibit? (Choose two.)

A. The outgoing interface is ge-0/0/1.0.

B. The packet is subject to fast-path packet processing.

C. The packet is part of the first-packet path processing.

D. TCP sequence checking is enabled.

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.

Referring to the exhibit, which statement is true?

Exhibit:

A. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.

B. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

C. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

D. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.