JNCIS

Regarding static attack object groups, which two statements are true? (Choose two.). Matching attack objects are automatically added to a custom group. Group membership automatically changes when Juniper updates the IPS signature database. Group membership does not automatically change when Juniper updates the IPS signature database. You must manually add matching attack objects to a custom group.

You are deploying a new SRX Series device and you need to log denied traffic. In this scenario, which two policy parameters are required to accomplish this task? (Choose two.). session-init. session-close. deny. count.

You are asked to reduce the load that the JIMS server places on your corporate domain controller. Which action should you take in this situation?. Connect JIMS to the RADIUS server. Connect JIMS to the domain Exchange server. Connect JIMS to the domain SQL server. Connect JIMS to another SRX Series device.

Which two statements about unified security policies are correct? (Choose two.). Unified security policies require an advanced feature license. Unified security policies are evaluated after global security policies. Traffic can initially match multiple unified security policies. APPID results are used to determine the final security policy match.

Click the Exhibit button. Referring to the exhibit, which two statements describe the type of proxy used? (Choose two.). forward proxy. client protection proxy. server protection proxy. reverse proxy.

You have deployed an SRX300 Series device and determined that files have stopped being scanned. In this scenario, what is a reason for this problem?. The software license is a free model and only scans executable type files. The infected host communicated with a command-and-control server, but it did not download malware. The file is too small to have a virus. You have exceeded the maximum files submission for your SRX platform size.

Which three statements about SRX Series device chassis clusters are true? (Choose three.). Chassis cluster control links must be configured using RFC 1918 IP addresses. Chassis cluster member devices synchronize configuration using the control link. A control link failure causes the secondary cluster node to be disabled. Recovery from a control link failure requires that the secondary member device be rebooted. Heartbeat messages verify that the chassis cluster control link is working.

Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.). When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped. When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.

You are asked to block malicious applications regardless of the port number being used. In this scenario, which two application security features should be used? (Choose two.). AppFW. AppQoE. APPID. AppTrack.

A client has attempted communication with a known command-and-control server and it has reached the configured threat level threshold. Which feed will the client's IP address be automatically added in this situation?. The command-and-control cloud feed. the allowlist and blocklist feed. the custom cloud feed. the infected host cloud feed.

When a security policy is deleted, which statement is correct about the default behavior for active sessions allowed by that policy?. The active sessions allowed by the policy will be dropped. The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded. The active sessions allowed by the policy will be reevaluated by the cached policy rules. The active sessions allowed by the policy will continue unchanged.

You are asked to determine how much traffic a popular gaming application is generating on your network. Which action will you perform to accomplish this task?. Enable AppQoS on the proper security zones. Enable APBR on the proper security zones. Enable screen options on the proper security zones. Enable AppTrack on the proper security zones.

How does the SSL proxy detect if encryption is being used?. It uses application identity services. It verifies the length of the packet. It queries the client device. It looks at the destination port number.

Which two statements are correct when considering IPS rule base evaluation? (Choose two.). IPS evaluates rules concurrently. IPS applies the most severe action to traffic matching multiple rules. IPS evaluates rules sequentially. IPS applies the least severe action to traffic matching multiple rules.

You have implemented a vSRX in your VMware environment. You want to implement a second vSRX Series device and enable chassis clustering. Which two statements are correct in this scenario about the control-link settings. (Choose two.). In the vSwitch security settings, accept promiscuous mode. In the vSwitch properties settings, set the VLAN ID to None. In the vSwitch security settings, reject forged transmits. In the vSwitch security settings, reject MAC address changes.

Which two statements are true about the vSRX? (Choose two.). It does not have VMXNET3 vNIC support. It has VMXNET3 vNIC support. UNIX is the base OS. Linux is the base OS.

Click the Exhibit button. Using the information from the exhibit, which statement is correct?. Redundancy group 1 is in an ineligible state. Node1 is the active node for the control plane. There are no issues with the cluster. Redundancy group 0 is in an ineligible state.

You want to manually failover the primary Routing Engine in an SRX Series high availability cluster pair. Which step is necessary to accomplish this task?. Issue the set chassis cluster disable reboot command on the primary node. Implement the control link recovery solution before adjusting the priorities. Manually request the failover and identify the secondary node. Adjust the priority in the configuration on the secondary node.

You want to permit access to an application but block application sub-features that enable users to upload content. Which two security policy features provide this capability? (Choose two.). URL filtering. micro application detection. content filtering. APPID.

Which statement regarding Juniper Identity Management Service (JIMS) domain PC probes is true?. JIMS domain PC probes analyze domain controller security event logs at 60-minute intervals by default. JIMS domain PC probes are triggered if no username to IP address mapping is found in the domain security event log. JIMS domain PC probes are triggered to map usernames to group membership information. JIMS domain PC probes are initiated by an SRX Series device to verify authentication table information.

Your manager asks you to provide firewall and NAT services in a private cloud. Which two solutions will fulfill the minimum requirements for this deployment? (Choose two.) A. a single vSRX. a vSRX for firewall services and a separate vSRX for NAT services. a cSRX for firewall services and a separate cSRX for NAT services. a single cSRX.

Which two statements are true about mixing traditional and unified security policies? (Choose two.). When a packet matches a unified security policy, the evaluation process terminates. Traditional security policies must come before unified security policies. Unified security policies must come before traditional security policies. When a packet matches a traditional security policy, the evaluation process terminates.

Referring to the exhibit, what do you determine about the status of the cluster?. Both nodes determine that they are in a primary state. Node 1 is down. Node 2 is down. There are no issues with the cluster.

Which two features are configurable on Juniper Secure Analytics (JSA) to ensure that alerts are triggered when matching certain criteria? (Choose two.). building blocks. assets. events. tests.

You are asked to implement IPS on your SRX Series device. In this scenario, which two tasks must be completed before a configuration will work? (Choose two.). Download the IPS signature database. Enroll the SRX Series device with Juniper ATP Cloud. Install the IPS signature database. Reboot the SRX Series device.

Which two statements are correct about Juniper ATP Cloud? (Choose two.). Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 5 minutes. Once the target threshold is met, Juniper ATP Cloud continues looking for threats from 0 to 10 minutes. The threat levels range from 0-10. The threat levels range from 0-100.

You just finished setting up your command-and-control (C&C) category with Juniper ATP Cloud. You notice that all of the feeds have zero objects in them. Which statement is correct in this scenario?. The security intelligence policy must be configured on a unified security policy. Use the commit full command to start the download. No action is required, the feeds take a few minutes to download. Set the maximum C&C entries within the Juniper ATP Cloud GUI.

Your network uses a single JSA host and you want to implement a cluster. In this scenario, which two statements are correct? (Choose two.). The software versions on both primary and secondary hosts must match. The secondary host can backup multiple JSA primary hosts. The primary and secondary hosts must be configured with the same external storage devices. The cluster virtual IP will need an unused IP address assigned.

You enable chassis clustering on two devices and assign a cluster ID and a node ID to each device. In this scenario, what is the correct order for rebooting the devices?. Reboot the secondary device, then the primary device. Reboot only the secondary device since the primary will assign itself the correct cluster and node ID. Reboot the primary device, then the secondary device. Reboot only the primary device since the secondary will assign itself the correct cluster and node ID.

Which two statements about SRX chassis clustering are correct? (Choose two.). SRX chassis clustering supports active/passive and active/active for the data plane. SRX chassis clustering only supports active/passive for the data plane. SRX chassis clustering supports active/passive for the control plane. SRX chassis clustering supports active/active for the control plane.

Referring to the SRX Series flow module diagram shown in the exhibit, where is application security processed?. Forwarding Lookup. Services ALGs. Security Policy. Screens.

You want to deploy a virtualized SRX in your environment. In this scenario, why would you use a vSRX instead of a cSRX? (Choose two.). The vSRX supports Layer 2 and Layer 3 configurations. Only the vSRX provides clustering. The vSRX has faster boot times. Only the vSRX provides NAT, IPS, and UTM services.

Referring to the exhibit, which two statements are true? (Choose two.). Nancy logged in to the juniper.net Active Directory domain. The IP address of Nancy's client PC is 172.25.11.140. The IP address of the authenticating domain controller is 172.25.11.140. Nancy is a member of the Active Directory sales group.

Which method does the IoT Security feature use to identify traffic sourced from IoT devices?. The SRX Series device streams metadata from the IoT device transit traffic to Juniper ATP Cloud. The SRX Series device streams transit traffic received from the IoT device to Juniper ATP Cloud. The SRX Series device identifies IoT devices using their MAC addresses. The SRX Series device identifies IoT devices from metadata extracted from their transit traffic.

Which two statements are true about the fab interface in a chassis cluster? (Choose two.). The fab link does not support fragmentation. The physical interface for the fab link must be specified in the configuration. The fab link supports traditional interface features. The Junos OS supports only one fab link.

After JSA receives external events and flows, which two steps occurs? (Choose two.). After formatting the data, the data is stored in an asset database. Before formatting the data, the data is analyzed for relevant information. Before the information is filtered, the information is formatted. After the information is filtered, JSA responds with active measures.

Which two statements are correct about SSL proxy server protection? (Choose two.). You do not need to configure the servers to use the SSL proxy function on the SRX Series device. You must load the server certificates on the SRX Series device. The servers must be configured to use the SSL proxy function on the SRX Series device. You must import the root CA on the servers.

Which two statements are correct about chassis clustering? (Choose two.). The node ID value ranges from 1 to 255. The node ID is used to identify each device in the chassis cluster. A system reboot is required to activate changes to the cluster ID. The cluster ID is used to identify each device in the chassis cluster.

You want to use IPS signatures to monitor traffic. Which module in the AppSecure suite will help in this task?. AppTrack. AppQoS. AppFW. APPID.

Which two statements are correct about JSA data collection? (Choose two.). The Event Collector collects information using BGP FlowSpec. The Flow Collector can use statistical sampling. The Flow Collector parses logs. The Event Collector parses logs.

You are asked to find systems running applications that increase the risks on your network. You must ensure these systems are processed through IPS and Juniper ATP Cloud for malware and virus protection. Which Juniper Networks solution will accomplish this task?. JIMS. Encrypted Traffic Insights. UTM. Adaptive Threat Profiling.

Which two statements are correct about the configuration shown in the exhibit? (Choose two.). The session-close parameter is only used when troubleshooting. The others 300 parameter means unidentified traffic flows will be dropped in 300 milliseconds. Every session that enters the SRX Series device will generate an event. Replacing the session-init parameter with session-close will log unidentified flows.

Your company is using the Juniper ATP Cloud free model. The current inspection profile is set at 10 MB. You are asked to configure ATP Cloud so that executable files up to 30 MB can be scanned while at the same time minimizing the change in scan time for other file types. Which configuration should you use in this scenario?. Use the CLI to create a custom profile and increase the scan limit for executable files to 30 MB. Use the ATP Cloud UI to change the default profile to increase the scan limit for all files to 30 MB. Use the CLI to change the default profile to increase the scan limit for all files to 30 MB. Use the ATP Cloud UI to update a custom profile and increase the scan limit for executable files to 30 MB.

You are configuring logging for a security policy. In this scenario, in which two situations would log entries be generated? (Choose two.). every 10 minutes. at session initialization. every 60 seconds. at session close.

When trying to set up a server protection SSL proxy, you receive the error shown in the exhibit. What are two reasons for this error? (Choose two.). The SSL proxy certificate ID is part of a blocklist. The SSL proxy certificate ID does not have the correct renegotiation option set. The SSL proxy certificate ID is for a forwarding proxy. The SSL proxy certificate ID does not exist.

Which two statements are true about Juniper ATP Cloud? (Choose two.). Dynamic analysis is always performed to determine if a file contains malware. If the cache lookup determines that a file contains malware, static analysis must be performed to verify the results. Dynamic analysis is not always necessary to determine if a file contains malware. If the cache lookup determines that a file contains malware, static analysis is not performed to verify the results.

Which statement about security policy schedulers is correct?. Multiple policies can use the same scheduler. A policy can have multiple schedulers. When the scheduler is disabled, the policy will still be available. A policy without a defined scheduler will not become active.

You are asked to create an IPS-exempt rule base to eliminate false positives from happening. Which two configuration parameters are available to exclude traffic from being examined? (Choose two.). source port. source IP address. destination IP address. destination port.

What are three capabilities of AppQoS? (Choose three.). re-write DSCP values. assign a forwarding class. re-write the TTL. rate-limit traffic. reserve bandwidth.

You are asked to ensure that if the session table on your SRX Series device gets close to exhausting its resources, that you enforce a more aggressive age-out of existing flows. In this scenario, which two statements are correct? (Choose two.). The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the low-watermark value is met. The early-ageout configuration specifies the timeout value, in seconds, that will be applied once the high-watermark value is met. The high-watermark configuration specifies the percentage of how much of the session table is left before disabling a more aggressive ageout timer. The high-watermark configuration specifies the percentage of how much of the session table can be allocated before applying a more aggressive age-out timer.

Which two sources are used by Juniper Identity Management Service (JIMS) for collecting username and device IP addresses? (Choose two.). Microsoft Exchange Server event logs. DNS. Active Directory domain controller event logs. OpenLDAP service ports.

You are experiencing excessive packet loss on one of your two WAN links, each link coming from a different provider. You want to automatically route traffic from the degraded link to the working link. Which AppSecure component would you use to accomplish this task?. AppFW. AppQoE. AppQoS. APBR.

Which solution enables you to create security policies that include user and group information?. JIMS. ATP Appliance. Network Director. NETCONF.

Which two devices would you use for DDoS protection with Policy Enforcer? (Choose two.). vQFX. MX. vMX. QFX.

What are two benefits of using a vSRX in a software-defined network? (Choose two.). scalability. no required software license. granular security. infinite number of interfaces.

Referring to the exhibit, which statement is true?. SSL proxy functions will ignore the session. SSL proxy leverages post-match results. SSL proxy must wait for return traffic for the final match to occur. SSL proxy leverages pre-match results.

Which two statements about SRX Series device chassis clusters are true? (Choose two.). Redundancy group 0 is only active on the cluster backup node. Each chassis cluster member requires a unique cluster ID value. Each chassis cluster member device can host active redundancy groups. Chassis cluster member devices must be the same model.

Which two statements are correct about the cSRX? (Choose two.). The cSRX supports firewall, NAT, IPS, and UTM services. The cSRX only supports Layer 2 “bump-in-the-wire” deployments. The cSRX supports BGP, OSPF, and IS-IS routing services. The cSRX has three default zones: trust, untrust, and management.

What are two types of system logs that Junos generates? (Choose two.). SQL log files. data plane logs. system core dump files. control plane logs.

You want to set up JSA to collect network traffic flows from network devices on your network. Which two statements are correct when performing this task? (Choose two.). BGP FlowSpec is used to collect traffic flows from Junos OS devices. Statistical sampling increases processor utilization. Statistical sampling decreases event correlation accuracy. Superflows reduce traffic licensing requirements.

What information does encrypted traffic insights (ETI) use to notify SRX Series devices about known malware sites?. certificates. dynamic address groups. MAC addresses. domain names.

You are asked to track BitTorrent traffic on your network. You need to automatically add the workstations to the High_Risk_Workstations feed and the servers to the BitTorrent_Servers feed automatically to help mitigate future threats. Which two commands would add this functionality to the FindThreat policy? (Choose two.). [edit security policies from-zone Trust to-zone Untrust policy FindThreat then permit application- services security-intelligence] user@srx# set add-source-ip-to-feed High_Risk_Workstations. [edit security policies from-zone Trust to-zone Untrust policy FindThreat then permit application- services security-intelligence] user@srx# set add-source-identity-to-feed High_Risk_Workstations. [edit security policies from-zone Trust to-zone Untrust policy FindThreat then permit application- services security-intelligence] user@srx# set add-destination-identity-to-feed BitTorrent_Servers. [edit security policies from-zone Trust to-zone Untrust policy FindThreat then permit application- services security-intelligence] user@srx# set add-destination-ip-to-feed BitTorrent_Servers.

Which two types of SSL proxy are available on SRX Series devices? (Choose two.). Web proxy. client-protection. server-protection. DNS proxy.

You are asked to ensure that servers running the Ubuntu OS will not be able to update automatically by blocking their access at the SRX firewall. You have configured a unified security policy named BlockUbuntu, but it is not blocking the updates to the OS. Referring to the exhibit, which statement will block the Ubuntu OS updates?. Move the BlockUbuntu policy after the AllowWeb policy. Configure the BlockUbuntu policy with the junos-https application parameter. Change the default policy to permit-all. Configure the AllowWeb policy to have a dynamic application of any.

You are trying to create a security policy on your SRX Series device that permits HTTP traffic from your private 172.25.11.0/24 subnet to the Internet. You create a policy named permit-http between the trust and untrust zones that permits HTTP traffic. When you issue a commit command to apply the configuration changes, the commit fails with the error shown in the exhibit. Which two actions would correct the error? (Choose two.). Issue the rollback 1 command from the top of the configuration hierarchy and attempt the commit again. Execute the Junos commit full command to override the error and apply the configuration. Create a custom application named http at the [edit applications] hierarchy. Modify the security policy to use the built-in junos-http application.

Which two statements are correct about AppTrack? (Choose two.). AppTrack can be configured for any defined logical system on an SRX Series device. AppTrack identifies and blocks traffic flows that might be malicious regardless of the ports being used. AppTrack collects traffic flow information including byte, packet, and duration statistics. AppTrack can only be configured in the main logical system on an SRX Series device.

You have implemented SSL client protection proxy. Employees are receiving the error shown in the exhibit. How do you solve this problem?. Load a known good, but expired, CA certificate onto the SRX Series device. Install a new SRX Series device to act as the client proxy. Reboot the SRX Series device. Import the existing certificate to each client device.

When a security policy is modified, which statement is correct about the default behavior for active sessions allowed by that policy?. The active sessions allowed by the policy will be dropped. Only policy changes that involve modification of the action field will cause the active sessions affected by the change to be dropped. Only policy changes that involve modification of the application will cause the active sessions affected by the change to be dropped. The active sessions allowed by the policy will continue unchanged.

On an SRX Series firewall, what are two ways that Encrypted Traffic Insights assess the threat of the traffic? (Choose two.). It decrypts the file in a sandbox. It validates the certificates used. It decrypts the data to validate the hash. It reviews the timing and frequency of the connections.

You are validating the configuration template for device access. The commands in the exhibit have been entered to secure IP access to an SRX Series device. Referring to the exhibit, which two statements are true? (Choose two.). The device manager can access the device from 192.168.11.248. The loopback interface blocks invalid traffic on its entry into the device. The loopback interface blocks invalid traffic on its exit from the device. The device manager can access the device from 10.253.1.2.

Which two statements describe the output shown in the exhibit? (Choose two.). Redundancy group 1 experienced an operational failure. Redundancy group 1 was administratively failed over. Node 0 is controlling traffic for redundancy group 1. Node 1 is controlling traffic for redundancy group 1.

What are two requirements for enabling AppQoE? (Choose two.). You need two SRX Series device endpoints. You need two SRX Series or MX Series device endpoints. You need an APPID feature license. You need to configure AppQoE for reverse traffic.

How does Juniper ATP Cloud protect a network from zero-day threats?. It uses a cache lookup. It uses antivirus software. It uses dynamic analysis. It uses known virus signatures.

Referring to the exhibit, what will the SRX Series device do in this configuration?. Packets from the infected hosts with a threat level of 8 will be dropped and a log message will be generated. Packets from the infected hosts with a threat level of 8 or above will be dropped and a log message will be generated. Packets from the infected hosts with a threat level of 8 or above will be dropped and no log message will be generated. Packets from the infected hosts with a threat level of 8 will be dropped and no log message will be generated.

You want to control when cluster failovers occur. In this scenario, which two specific parameters would you configure on an SRX Series device? (Choose two.). heartbeat-interval. heartbeat-address. heartbeat-tos. heartbeat-threshold.

You administer a JSA host and want to include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall. Which JSA rule type satisfies this requirement?. common. offense. flow. event.

Which two statements about the DNS ALG are correct? (Choose two.). The DNS ALG supports DDNS. The DNS ALG supports VPN tunnels. The DNS ALG performs DNS doctoring. The DNS ALG does not support NAT.

You are troubleshooting unexpected issues on your JIMS server due to out of order event log timestamps. Which action should you take to solve this issue?. Enable time synchronization on the client devices. Enable time synchronization on the JIMS server. Enable time synchronization on the domain controllers. Enable time synchronization on the SRX Series devices.

Which statement defines the function of an Application Layer Gateway (ALG)?. The ALG uses software processes for permitting or disallowing specific IP address ranges. The ALG uses software that is used by a single TCP session using the same port numbers as the application. The ALG contains protocols that use one application session for each TCP session. The ALG uses software processes for managing specific protocols.

Which two statements are true about Juniper ATP Cloud? (Choose two.). Juniper ATP Cloud only uses one antivirus software package to analyze files. Juniper ATP Cloud uses multiple antivirus software packages to analyze files. Juniper ATP Cloud uses antivirus software packages to protect against zero-day threats. Juniper ATP Cloud does not use antivirus software packages to protect against zero-day threats.

Which two statements about SRX Series device chassis clusters are correct? (Choose two.). The chassis cluster data plane is connected with revenue ports. The chassis cluster can contain a maximum of three devices. The chassis cluster data plane is connected with SPC ports. The chassis cluster can contain a maximum of two devices.

Which two statements are correct about the Junos IPS feature? (Choose two.). IPS is integrated as a security service on SRX Series devices. IPS uses sandboxing to detect unknown attacks. IPS is a standalone platform running on dedicated hardware or as a virtual device. IPS uses protocol anomaly rules to detect unknown attacks.

You are asked to create a security policy that will automatically add infected hosts to the infected hosts feed and block further communication through the SRX Series device. What needs to be added to this configuration to complete this task?. Add a security intelligence policy to the permit portion of the security policy. Add an action to the permit portion of the security policy. Add logging to the permit portion of the security policy. Add a match rule to the security policy with an appropriate threat level.

You are preparing a proposal for a new customer who has submitted the following requirements for a vSRX deployment: -- globally distributed, -- rapid provisioning, -- scale based on demand, -- and low CapEx. Which solution satisfies these requirements?. AWS. Network Director. Juniper ATP Cloud. VMWare ESXi.

On which three Hypervisors is vSRX supported? (Choose three.). VMware ESXi. Citrix Hypervisor. Hyper-V. KVM. Oracle VM.

Which two statements are correct about a policy scheduler? (Choose two.). A policy scheduler can only be applied when using the policy-rematch feature. A policy scheduler can be dynamically activated based on traffic flow volumes. A policy scheduler can be defined using a daily schedule. A policy scheduler determines the time frame that a security policy is actively evaluated.

Which two statements are true about the vSRX? (Choose two.). AWS is supported as an IaaS solution. AWS is not supported as an IaaS solution. OpenStack is not supported as a cloud orchestration solution. OpenStack is supported as a cloud orchestration solution.

You want to be alerted if the wrong password is used more than three times on a single device within five minutes. Which Juniper Networks solution will accomplish this task?. Adaptive Threat Profiling. Juniper Secure Analytics. Juniper Identity Management Service. Intrusion Prevention System.

While working on an SRX firewall, you execute the show security policies policy-name <name> detail command. Which function does this command accomplish?. It displays details about the default security policy. It identifies the different custom policies enabled. It shows the system log files for the local SRX Series device. It shows policy counters for a configured policy.

Your JIMS server is unable to view event logs. Which two actions would you take to solve this issue? (Choose two.). Enable the correct host-inbound-traffic rules on the SRX Series devices. Enable remote event log management within Windows Firewall on the necessary Exchange servers. Enable remote event log management within Windows Firewall on the necessary domain controllers. Enable remote event log management within Windows Firewall on the JIMS server.

Which two statements are correct about the fab interface in a chassis cluster? (Choose two.). Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization. In an active/active configuration, inter-chassis transit traffic is sent over the fab interface. The fab interface enables configuration synchronization. Heartbeat signals sent on the fab interface monitor the health of the control plane link.

Which two statements are correct about a reth LAG? (Choose two.). Links must have the same speed and duplex setting. Links must use the same cable type. You must have a *minimum-links* statement value of two. You should have two or more interfaces.

Regarding dynamic attack object groups, which two statements are true? (Choose two.). Group membership automatically changes when Juniper updates the IPS signature database. You must manually add matching attack objects to a custom group. Matching attack objects are automatically added to a custom group. Group membership does not automatically change when Juniper updates the IPS signature database.

Which two statements are true about application identification? (Choose two.). Application identification can identify nested applications that are within Layer 7. Application identification cannot identify nested applications that are within Layer 7. Application signatures are the same as IDP signatures. Application signatures are not the same as IDP signatures.

Which sequence does an SRX Series device use when implementing stateful session security policies using Layer 3 routes?. An SRX Series device will perform a security policy search before conducting a longest-match Layer 3 route table lookup. An SRX Series device performs a security policy search before implementing an ALG security check on the longest-match Layer 3 route. An SRX Series device will conduct a longest-match Layer 3 route table lookup before performing a security policy search. An SRX Series device conducts an ALG security check on the longest-match route before performing a security policy search.

You want to show tabular data for operational mode commands. In this scenario, which logging parameter will provide this function?. permit. count. session-init. session-close.

You need to deploy an SRX Series device in your virtual environment. In this scenario, what are two benefits of using a CSRX? (Choose two.). The cSRX supports Layer 2 and Layer 3 deployments. The cSRX default configuration contains three default zones: trust, untrust, and management. The cSRX supports firewall, NAT, IPS, and UTM services. The cSRX has low memory requirements.

You are implementing an SRX Series device at a branch office that has low bandwidth and also uses a cloud-based VoIP solution with an outbound policy that permits all traffic. Which service would you implement at your edge device to prioritize VoIP traffic in this scenario?. AppFW. SIP ALG. AppQoE. AppQoS.

Which two functions does Juniper ATP Cloud perform to reduce delays in the inspection of files? (Choose two.). Juniper ATP Cloud allows the creation of allowlists. Juniper ATP Cloud uses a single antivirus software package to analyze files. Juniper ATP Cloud allows end users to bypass the inspection of files. Juniper ATP Cloud performs a cache lookup on files.