What is the purpose of the Switch Microservice of Policy Enforcer?

A. to isolate infected hosts

B. to enroll SRX Series devices with Juniper ATP Cloud

C. to inspect traffic for malware

D. to synchronize security policies to SRX Series devices

You are asked to look at a configuration that is designed to take all traffic with a specific source ip address and forward the traffic to a traffic analysis server for further evaluation. The configuration is no longer working as intended.

Referring to the exhibit which change must be made to correct the configuration?

A. Apply the filter as in input filter on interface xe-0/2/1.0

B. Apply the filter as in input filter on interface xe-0/0/1.0

C. Create a routing instance named default

D. Apply the filter as in output filter on interface xe-0/1/0.0

You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE ." error.

Which command would be used to solve the problem?

A. request security polices resync

B. request service-deployment

C. request security polices check

D. restart security-intelligence

Exhibit You have recently configured Adaptive Threat Profiling and notice 20 IP address entries in the monitoring section of the Juniper ATP Cloud portal that do not match the number of entries locally on the SRX Series device, as shown in the exhibit.

What is the correct action to solve this problem on the SRX device?

A. You must configure the DAE in a security policy on the SRX device.

B. Refresh the feed in ATP Cloud.

C. Force a manual download of the Proxy__Nodes feed.

D. Flush the DNS cache on the SRX device.

Exhibit

You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit. What is the correct action to solve the problem on the SRX device?

A. Create a firewall filter to accept the BGP traffic

B. Configure destination NAT for BGP traffic.

C. Add BGP to the Allowed host-inbound-traffic for the interface

D. Modify the security policy to allow the BGP traffic.

In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)

A. Send a custom message

B. Close the connection.

C. Drop the connection silently.

D. Quarantine the host.

You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices internet-facing interface.

You implement DNS doctoring to ensure remote users can access the webserver.

Which two statements are true in this scenario? (Choose two.)

A. The DNS doctoring ALG is not enabled by default.

B. The Proxy ARP feature must be configured.

C. The DNS doctoring ALG is enabled by default.

D. The DNS CNAME record is translated.

Exhibit You are using trace options to verity NAT session information on your SRX Series device Referring to the exhibit, which two statements are correct? (Choose two.)

A. This packet is part of an existing session.

B. The SRX device is changing the source address on this packet from

C. This is the first packet in the session

D. The SRX device is changing the destination address on this packet 10.0.1 1 to 172 20.101.10.

Exhibit

Which two statements are correct about the output shown in the exhibit. (Choose two.)

A. The source address is translated.

B. The packet is an SSH packet

C. The packet matches a user-configured policy

D. The destination address is translated.

You want to use selective stateless packet-based forwarding based on the source address.

In this scenario, which command will allow traffic to bypass the SRX Series device flow daemon?

A. set firewall family inet filter bypaa3_flowd term t1 then skip--services accept

B. set firewall family inet filter bypass_flowd term t1 then routing-instance stateless

C. set firewall family inet filter bypas3_flowd term t1 then virtual-channel stateless

D. set firewall family inet filter bypass__f lowd term t1 then packet--mode