Which two statements are true with regard to policy ordering? (Choose two.)
A. The last policy is the default policy, which allows all traffic.
B. The order of policies is not important.
C. New policies are placed at the end of the policy list.
D. The insert command can be used to change the order.
What is the proper sequence of evaluation for the SurfControl integrated Web filter solution?
A. whitelists, blacklists, SurfControl categories
B. blacklists, whitelists, SurfControl categories
C. SurfControl categories, whitelists, blacklists
D. SurfControl categories, blacklists, whitelists
You are configuring an SRX Series device with policy rematching disabled. You change a permit policy to have an action of deny and commit the configuration. Which statement is true?
A. All existing sessions are dropped and re-established.
B. Existing sessions matching the policy are dropped and re-established.
C. Existing sessions matching the policy continue uninterrupted.
D. Existing sessions matching the policy are immediately dropped.
Which three firewall user authentication objects can be referenced in a security policy? (Choose three.)
A. access profile
B. client group
D. default profile
Which two statements about the use of SCREEN options are correct? (Choose two.)
A. SCREEN options are deployed at the ingress and egress sides of a packet flow.
B. Although SCREEN options are very useful, their use can result in more session creation.
C. SCREEN options offer protection against various attacks at the ingress zone of a packet flow.
D. SCREEN options examine traffic prior to policy processing, thereby resulting in fewer resources used for malicious packet processing.
Which two statements are true about the relationship between static NAT and proxy ARP? (Choose two.)
A. It is necessary to forward ARP requests to remote hosts.
B. It is necessary when translated traffic belongs to the same subnet as the ingress interface.
C. It is not automatic and you must configure it.
D. It is enabled by default and you do not need to configure it.
Which two UTM features require a license to be activated? (Choose two.)
B. antivirus (full AV)
C. content filtering
D. Web-filtering redirect
Which statement is true regarding the Junos OS for security platforms?
A. SRX Series devices can store sessions in a session table.
B. SRX Series devices accept all traffic by default.
C. SRX Series devices must operate only in packet-based mode.
D. SRX Series devices must operate only in flow-based mode.
Which two statements in a source NAT configuration are true regarding addresses, rule-sets, or rules that overlap? (Choose two.)
A. Addresses used for NAT pools should never overlap.
B. If more than one rule-set matches traffic, the rule-set with the most specific context takes precedence.
C. If traffic matches two rules within the same rule-set, both rules listed in the configuration are applied.
D. Dynamic source NAT rules take precedence over static source NAT rules.
By default, which condition would cause a session to be removed from the session table?
A. Route entry for the session changed.
B. Security policy for the session changed.
C. The ARP table entry for the source IP address timed out.
D. No traffic matched the session during the timeout period.