You have configured static NAT for a webserver in your DMZ. Both internal and external users can reach the webserver using the webserver's IP address. However, only internal users can reach the webserver using the webserver's DNS name. When external users attempt to reach the webserver using the webserver's DNS name, an error message is received.
Which action would solve this problem?
A. Disable Web filtering
B. Use DNS doctoring
C. Modify the security policy
D. Use destination NAT instead of static NAT
You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)
A. Host inbound traffic must not be processed by the flow module
B. Host inbound traffic must be processed by the flow module
C. The SRX Series device can process both MPLS and IPsec with default traffic handling
D. A firewall filter must be configured to enable packet mode forwarding
You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed.
Which specific traceoption flag will help you troubleshoot this problem?
A. lookup
B. configuration
C. routing-socket
D. rules
Click the Exhibit button.
You are asked to look at a configuration that is designed to take all traffic with a specific source IP address and forward the traffic to a traffic analysis server for further evaluation. The configuration is not working as intended.
Referring to the exhibit, which change must be made to correct the configuration?
A. Apply the filter as an input filter on interface xe-0/2/1.0
B. Create a routing instance named default
C. Apply the filter as an input filter on interface xe-0/0/1.0
D. Apply the filter as an output filter on interface xe-0/1/0.0
You are asked to configure an IPsec VPN between two SRX Series devices that allows for processing of
CoS on the intermediate routers.
What will satisfy this requirement?
A. route-based VPN
B. OpenVPN
C. remote access VPN
D. policy-based VPN
Click the Exhibit button.
A user reports trouble when using SSH to a server outside your organization. The traffic traverses an SRX Series device that is performing NAT and applying security policies.
Referring to the exhibit, which configuration will allow you to see the bidirectional flow through the SRX Series device?
A. Option A
B. Option B
C. Option C
D. Option D
Click the Exhibit button.
Branch 1 and Branch 2 have an active VPN tunnel configured, but internal hosts cannot communicate with each other.
Referring to the exhibit, which type of configuration should be applied to solve the problem?
A. Configure destination NAT on both Branch 1 and Branch 2
B. Configure source NAT on Branch 1
C. Configure destination NAT on Branch 2 only
D. Configure static NAT on both Branch 1 and Branch 2
What are two important functions of the Juniper Networks ATP Appliance solution? (Choose two.)
A. filtration
B. detection
C. statistics
D. analytics
You have a remote access VPN where the remote users are using the NCP client. The remote users can access the internal corporate resources as intended; however, traffic that is destined to all other Internet sites is going through the remote access VPN. You want to ensure that only traffic that is destined to the internal corporate resources use the remote access VPN.
Which two actions should you take to accomplish this task? (Choose two.)
A. Enable the split tunneling feature within the VPN configuration on the SRX Series device
B. Enable IKEv2 within the VPN configuration on the SRX Series device
C. Configure the necessary traffic selectors within the VPN configuration on the SRX Series device
D. Configure split tunneling on the NCP profile on the remote client
Click the Exhibit button.
Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)
A. Topology 3
B. Topology 5
C. Topology 2
D. Topology 4
E. Topology 1
