Click the Exhibit button.

Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination

192.168.150.111 using HTTP?

A. The client will be denied by policy p2.

B. The client will be denied by policy p1.

C. The client will be permitted by policy p2.

D. The client will be permitted by policy p1.

You want to ensure that any certificates used in your IPsec implementation do not expire while in use by your SRX Series devices.

In this scenario, what must be enabled on your devices?

A. RSA

B. TLS

C. SCEP

D. CRL

A link from the branch SRX Series device chassis cluster to the Internet requires more bandwidth. In this scenario, which command would you issue to begin provisioning a second link?

A. set chassis cluster reth-count 2

B. set interfaces fab0 fabric-options member-interfaces ge-0/0/1

C. set interfaces ge-0/0/1 gigether-options redundant-parent reth1

D. set chassis cluster redundancy-group 1 node 1 priority 1

You are asked to support source NAT for an application that requires that its original source port not be changed.

Which configuration would satisfy the requirement?

A. Configure a source NAT rule that references an IP address pool with interface proxy ARP enabled.

B. Configure the egress interface to source NAT fixed-port status.

C. Configure a source NAT rule that references an IP address pool with the port no-translation parameter enabled.

D. Configure a source NAT rule that sets the egress interface to the overload status.

Click the Exhibit button.

Referring to the exhibit, which action will be taken for traffic coming from the untrust zone going to the trust zone?

A. Source address 2001:db8::8 will be translated to 10.1.1.5.

B. Source address 2001:db8::8 will be translated to 10.1.1.8.

C. Source address 10.1.1.8 will be translated to 2001:db8::8.

D. Source address 10.1.1.5 will be translated to 2001:db8::8.

Which two statements are true when implementing source NAT on an SRX Series device? (Choose two.)

A. Source NAT is applied before the security policy search.

B. Source NAT is applied after the route table lookup.

C. Source NAT is applied before the route table lookup.

D. Source NAT is applied after the security policy search.

Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?

A. Implement a firewall filter on the security zone trust.

B. Implement a security policy from security zone junos-host to security zone trust.

C. Implement host-inbound-traffic system-services to allow SSH.

D. Implement a security policy from security zone trust to security zone junos-host.

What are two fields that an SRX Series device examines to determine if a packet is associated with an existing flow? (Choose two.)

A. protocol

B. source IP address

C. source MAC address

D. type of service

Click the Exhibit button.

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172.25.11.0/24 subnet to the Internet. You create a policy named permit ?http between the trust and untrust zones that permits HTTP traffic.

When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit.

Which two actions would correct the error? (Choose two.)

A. Create a custom application named http at the [edit applications] hierarchy.

B. Execute the Junos commit full command to override the error and apply the configuration.

C. Modify the security policy to use the built-in junos-http application.

D. Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again.

You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails.

Which two configuration parameters should you verify are correct? (Choose two.)

A. Verify that the IKE gateway proposals on the initiator and responder are the same.

B. Verify that the VPN tunnel configuration references the correct IKE gateway.

C. Verify that the IKE initiator is configured for main mode.

D. Verify that the IPsec policy references the correct IKE proposals.