What are two supported hypervisors for hosting a vSRX? (Choose two.)
A. VMware ESXi
B. Solaris Zones
C. KVM
D. Docker
Click the Exhibit button.
Which feature is enabled with destination NAT as shown in the exhibit?
A. NAT overload
B. block allocation
C. port translation
D. NAT hairpinning
Which feature is used when you want to permit traffic on an SRX Series device only at specific times?
A. scheduler
B. pass-through authentication
C. ALGs
D. counters
Which statement describes the function of screen options?
A. Screen options encrypt transit traffic in a tunnel.
B. Screen options protect against various attacks on traffic entering a security device.
C. Screen options translate a private address to a public address.
D. Screen options restrict or permit users individually or in a group.
Which interface is used exclusively to forward Ethernet-switching traffic between two chassis cluster nodes?
A. swfab0
B. fxp0
C. fab0
D. me0
You want to trigger failover of redundancy group 1 currently running on node 0 and make node 1 the primary node the redundancy group 1.
Which command would be used accomplish this task?
A. user@host# set chassis cluster redundancy-group 1 node 1
B. user@host> request chassis cluster failover redundancy-group 1 node 1
C. user@host# set chassis cluster redundancy-group 1 preempt
D. user@host> request chassis cluster failover reset redundancy-group 1
Which statement is true about high availability (HA) chassis clusters for the SRX Series device?
A. Cluster nodes require an upgrade to HA compliant Routing Engines.
B. Cluster nodes must be connected through a Layer 2 switch.
C. There can be active/passive or active/active clusters.
D. HA clusters must use NAT to prevent overlapping subnets between the nodes.
Screens help prevent which three attack types? (Choose three.)
A. SYN flood
B. port scan
C. NTP amplification
D. ICMP fragmentation
E. SQL injection
Which three elements does AH provide in an IPsec implementation? (Choose three.)
A. confidentiality
B. authentication
C. integrity
D. availability
E. replay attack protection
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)
A. Verify that the IKE gateway proposals on the initiator and responder are the same.
B. Verify that the VPN tunnel configuration references the correct IKE gateway.
C. Verify that the IKE initiator is configured for main mode.
D. Verify that the IPsec policy references the correct IKE proposals.
