You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority. Regarding this scenario, which statement is correct?
A. You can use SCEP to accomplish this behavior.
B. You can use OCSP to accomplish this behavior.
C. You can use CRL to accomplish this behavior.
D. You can use SPKI to accomplish this behavior.
You have recently deployed a dynamic VPN. Some remote users are complaining that they cannot authenticate through the SRX device at the corporate network. The SRX device serves as the tunnel endpoint for the dynamic VPN. What are two reasons for this problem? (Choose two.)
A. The supported number of users has been exceeded for the applied license.
B. The users are connecting to the portal using Windows Vista.
C. The SRX device does not have the required user account definitions.
D. The SRX device does not have the required access profile definitions.
Which feature is used for layer 2 bridging on an SRX Series device?
A. route mode
B. packet mode
C. transparent mode
D. MPLS mode
You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network. Which two statements are true in this scenario? (Choose two.)
A. You must add at least one PKI certificate.
B. Junos does not support more than 5000 sessions in this scenario.
C. You must enable SSL decoding.
D. You must enable SSL inspection.
You want requests from the same internal transport address to be mapped to the same external transport address. Only internal hosts can initialize the session. Which Junos configuration setting supports the requirements?
Your company has added a connection to a new ISP and you have been asked to send specific traffic to the new ISP. You have decided to implement filter-based forwarding. You have configured new routing instances with type forwarding. You must direct traffic into each instance. Which step would accomplish this goal?
A. Add a firewall filter to the ingress interface that specifies the intended routing instance as the action.
B. Create a routing policy to direct the traffic to the required forwarding instances.
C. Configure the ingress and egress interfaces in each forwarding instance.
D. Create a static default route for each ISP in inet.0, each pointing to a different forwarding instance.
You are using logical systems to segregate customers. You have a requirement to enable communication between the logical systems. What are two ways to accomplish this goal? (Choose two.)
A. Use a shared DMZ zone to connect the logical systems together.
B. Use a virtual tunnel (vt-) interface to connect the logical systems together.
C. Use an external cable to connect the ports from the two logical systems.
D. Use an interconnect LSYS to connect the logical systems together.
You are asked to merge the corporate network with the network from a recently acquired company. Both networks use the same private IPv4 address space (172.25.126.0/24). An SRX device serves as the gateway for each network. Which solution allows you to merge the two networks without adjusting the current address assignments?
A. source NAT
B. persistent NAT
C. double NAT
Which statement is true regarding dual-stack lite?
A. The softwire is an IPv4 tunnel over an IPv6 network.
B. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.
C. The softwire concentrator (SC) decapsulates softwire packets.
D. SRX devices support the softwire concentrator and softwire initiator functionality.
You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your customer’s network. Which two statements are true about this scenario? (Choose two.)
A. The SRX device will serve as the softwire initiator and the customer CPE device will serve as the softwire concentrator.
B. The SRX device will serve as the softwire concentrator and the customer CPE device will serve as the softwire initiator.
C. The infrastructure network supporting the tunnel will be based on IPv4.
D. The infrastructure network supporting the tunnel will be based on IPv6.