Policy Enforcer provides which benefit?
A. log management
B. command and control protection
C. centralized management of security devices
D. IPsec encryption
You have multiple SRX chassis clusters on a single broadcast domain. Why must you assign different cluster IDs in this scenario?
A. to avoid MAC address conflicts
B. to avoid control link conflicts
C. to avoid node numbering conflicts
D. to avoid redundancy group conflicts
Your customer needs help designing a single solution to protect their combination of various Junos network devices from unauthorized management access.
Which Junos OS feature will provide this protection?
A. Use a firewall filter applied to the fxp0 interface
B. Use a security policy with the destination of the junos-host zone
C. Use the management zone host-inbound-traffic feature
D. Use a firewall filter applied to the lo0 interface
Your company has outgrown its existing secure enterprise WAN that is configured to use OSPF, AutoVPN, and IKE version 1. You are asked if it is possible to make a design change to improve the WAN performance without purchasing new hardware.
Which two design changes satisfy these requirements? (Choose two.)
A. Modify the IPsec proposal from AES-128 to AES-256
B. Change the IGP from OSPF to IS-IS
C. Migrate to IKE version 2
D. Implement Auto Discovery VPN
You are working with a customer to create a design proposal using SRX Series devices. As part of the design, you must consider the requirements shown below:
1.
You must ensure that every packet entering your device is independently inspected against a set of rules.
2.
You must provide a way to protect the device from undesired access attempts.
3.
You must ensure that you can apply a different set of rules for traffic leaving the device than are in use for traffic entering the device.
In this scenario, what do you recommend using to accomplish these requirements?
A. firewall filters
B. intrusion prevention system
C. unified threat management
D. screens
Which two steps should be included in your security design process? (Choose two.)
A. Identify external attackers
B. Define safety requirements for the customer's organization
C. Identify the firewall enforcement points
D. Define overall security policies
You are deploying a data center Clos architecture and require secure data transfers within the switching fabric.
In this scenario, what will accomplish this task?
A. MACsec encryption
B. LAG Layer 2 hashing
C. IRB VLAN routing between hosts D. stacked VLAN tagging on the core switches
In a data center, what are two characteristics of access tier VLAN termination on the aggregation tier? (Choose two.)
A. Multiple VLANs can be part of one security zone
B. A security zone is limited to a single VLAN
C. Inter-VLAN traffic within a zone can bypass firewall services
D. Inter-VLAN traffic is secured through firewall services
You are concerned about users attacking the publicly accessible servers in your data center through encrypted channels. You want to block these attacks using your SRX Series devices.
In this scenario, which two features should you use? (Choose two.)
A. Sky ATP
B. IPS
C. SSL forward proxy
D. SSL reverse proxy
You are designing a data center interconnect between two sites across a service provider Layer 3 VPN service. The sites require Layer 2 connectivity between hosts, and the connection must be secure.
In this scenario, what will accomplish this task?
A. EVPN over IPsec
B. MACsec encryption
C. SSL VPN encryption
D. stacked VLAN tagging