Questions : 42
You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be working properly.
What are two reasons for the problem? (Choose two.)
A. You are configured a remote address value of 0.0.0.0/0.
B. You are trying to use traffic selectors with policy-based VPNs.
C. You have configured 15 traffic selectors on each SRX Series device.
D. You are trying to use traffic selectors with route-based VPNs.
What are three advantages of group VPNs? (Choose three.)
A. Supports any-to-any member connectivity.
B. Provides redundancy with cooperative key servers.
C. Eliminates the need for full mesh VPNs.
D. Supports translating private to public IP addresses.
E. Preserves original IP source and destination addresses.
You have recently deployed a dynamic VPN. Some remote users are complaining that they cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this problem? (Choose two.)
A. The supported number of users has been exceeded for the applied license.
B. The users are connecting to the portal using Windows Vista.
C. The SRX device does not have the required user account definitions.
D. The SRX device does not have the required access profile definitions.
You are asked to design a solution to verify IPsec peer reachability with data path forwarding. Which feature would meet the design requirements?
A. DPD over Phase 1 SA
B. DPD over Phase 2 SA
C. VPN monitoring over Phase 1 SA
D. VPN monitoring over Phase 2 SA
Which statement is true regarding the dynamic VPN feature for Junos devices?
A. Only route-based VPNs are supported.
B. Aggressive mode is not supported.
C. Preshared keys for Phase 1 must be used.
D. It is supported on all SRX devices.
Your company is using a dynamic VPN configuration on their SRX device. Your manager asks you to enforce password expiration policies for all VPN users. Which authentication method meets the requirement?
A. local password database
You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office consists of a pair of SRX650s in a chassis cluster. Which two statements about the deployment are true? (Choose two.)
A. The SRX650s must be separated as standalone devices to support the dynamic VPNs.
B. The remote clients must install client software to establish a tunnel with the corporate network.
C. The remote clients must reside behind an SRX device configured as the local tunnel endpoint.
D. The SRX650 must have HTTP or HTTPS enabled to aid in the client software distribution process.
Given the following session output:
Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid
In: 2001:660:1000:8c00::b/1053 –> 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4, Bytes:
Out: 192.168.203.10/80 –> 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:
Which statement is correct about the security flow session output?
A. This session is about to expire.
B. NAT64 is used.
C. Proxy NDP is used for this session.
D. The IPv4 Web server runs services on TCP port 24770.
You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the database fails to install. What are two reasons for the failure? (Choose two.)
A. The file system on the SRX device has insufficient free space to install the database.
B. The downloaded signature database is corrupt.
C. The previous version of the database must be uninstalled first.
D. The SRX device does not have the high memory option installed.
You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)
A. virtual routing instance
B. forwarding instance
C. static NAT
D. persistent NAT