You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds. At which threshold will the bot clients no longer be classified as malicious?
A. 5000 hits in 60 seconds
B. 8000 hits in 60 seconds
C. 7500 hits in 60 seconds
D. 9999 hits in 60 seconds
You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your customer's network. Which two statements are true about this scenario? (Choose two.)
A. The SRX device will serve as the softwire initiator and the customer CPE device will serve as the softwire concentrator.
B. The SRX device will serve as the softwire concentrator and the customer CPE device will serve as the softwire initiator.
C. The infrastructure network supporting the tunnel will be based on IPv4.
D. The infrastructure network supporting the tunnel will be based on IPv6.
In which situation is NAT proxy NDP required?
A. when translated addresses belong to the same subnet as the ingress interface
B. when filter-based forwarding and static NAT are used on the same interface
C. when working with static NAT scenarios
D. when the security device operates in transparent mode
You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a potential client's network. The client will need to access the device to modify security policies and perform other various configurations. Where would you configure a Layer 3 interface to meet this requirement?
A. fxp0.0
B. vlan.1
C. irb.1
D. ge-0/0/0.0
HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets locally on the SRX240. Which configuration would you use to enable this capture?
A. [edit security flow] user@srx# show traceoptions {
file dump;
flag basic-datapath;
}
B. [edit security] user@srx# show application-tracking {
enable;
}
flow {
traceoptions {
file dump;
flag basic-datapath;
}
}
C. [edit firewall filter capture term one] user@srx# show from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
port-mirror;
accept;
}
D. [edit firewall filter capture term one] user@srx# show from {
source-address {
1.1.1.1;
}
destination-address {
2.2.2.2;
}
protocol tcp;
}
then {
sample;
accept;
}
-- Exhibit -[edit security idp]
user@srx# show | no-more
idp-policy basic {
rulebase-ips {
rule 1 {
match {
from-zone untrust;
source-address any;
to-zone trust;
destination-address any;
application default;
attacks {
custom-attacks data-inject;
}
}
then {
action {
recommended;
}
notification {
log-attacks; } } } } }
active-policy basic;
custom-attack data-inject { recommended-action close; severity critical; attack-type {
signature {
context mssql-query;
pattern "SELECT * FROM accounts";
direction client-to-server;
}
} } -- Exhibit -
You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you
want to improve the efficiency and performance of your IDP.
Which two commands should you use? (Choose two.)
A. set custom attack data-inject recommended-action drop
B. set custom-attack data-inject attack-type signature protocol-binding tcp
C. set idp-policy basic rulebase-ips rule 1 match destination-address webserver
D. set idp-policy basic rulebase-ips rule 1 match application any
Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over SSH?
A. Use a VLAN interface.
B. Use the loopback interface.
C. Use a logical interface.
D. Use an irb interface.
Click the Exhibit button.
user@host> show log message
Feb 4 00:04:17 host rpd[4516]: EVENT
Feb 4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 > (null) Multicast> Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector: Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name: to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip: 10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID: ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:11,[0..7]=0.0.0.0/0) Feb 4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539, ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0 Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector: Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector: Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name: to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip: Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet (any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0) Feb 4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local: 192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available, Remote Not-Available, VR-ID: 0 Referring to the exhibit, which statement is correct? to-spoke-3 VPN is failing. A. The phase 1 security association for the to-spoke-3 VPN is failing. B. The phase 2 security association for the to-spoke-1 VPN is failing. C. The phase 2 security association for the to-spoke-3 VPN is failing. D. The phase 1 security association for the to-spoke-2 VPN is failing.
Click the Exhibit button.
[edit security idp-policy test] user@host# show rulebase-ips {
rule R3 {
match {
source-address any;
destination-address any;
attacks {
predefined-attacks FTP:USER:ROOT;
}
}
then {
action {
recommended;
}
}
terminal;
}
rule R4 {
match {
source-address any;
destination-address any;
attacks {
predefined-attacks HTTP:HOTMAIL:FILE-UPLOAD;
}
}
then {
action { recommended; } } } }
You have just committed the new IDP policy shown in the exhibit. However, you notice no action is taken on traffic matching the R4 IDP rule. Which two actions will resolve the problem? (Choose two.)
A. Change the R4 rule to match on a predefined attack group.
B. Insert the R4 rule above the R3 rule.
C. Delete the terminal statement from the R3 rule.
D. Change the IPS rulebase to an exempt rulebase.
Click the Exhibit button.
user@host> show security flow session extensive Session ID: 1173, Status: Normal Flag: Ox0 Policy name: two/6 Source NAT pool: interface, Application: junos-ftp/1 Dynamic application: junos:UNKNOWN, Application traffic control rule-set: INVALID, Rule: INVALID Maximum timeout: 1800, Current timeout: 1756 Session State: Valid Start time: 4859, Duration: 99
In: 172.20.103.10/56457 --> 10.210.14.130/21;tcp,
Interface: vlan.103,
Session token: Ox8, Flag: Ox21
Route: 0x100010, Gateway: 172.20.103.10, Tunnel: 0
Port sequence: 0, FIN sequence: 0, FIN state: 0,
Pkts: 12, Bytes: 549
Out: 10.210.14.130/21 --> 10.210.14.133/18698;tcp,
Interface: ge-0/0/0.0,
Session token: 0x7, Flag: Ox20
Route: Oxf0010, Gateway: 10.210 14.130, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 8, Bytes: 514
Total sessions: 1
A user complains that they are unable to download files using FTP. They are able to connect to the remote site, but cannot download any files. You investigate and execute the show security flow session extensive command to receive the result shown in the exhibit.
What is the cause of the problem?
A. The NAT translation is incorrect.
B. The FTP ALG has been disabled.
C. Passive mode FTP is not enabled.
D. The FTP session is using the wrong port number.
