A.  

ADVPN

B.  

Group VPN

C.  

Secure Connect VPN

D.  

AutoVPN

A.  

Softwire concentrator

B.  

STUN server

C.  

STUN client

D.  

Softwire initiator

A.  

[edit security nat source]

user@OfficeA# show rule-set OfficeBtoA {

from zone OfficeB;

to zone OfficeA;

rule 1 {

match {

source-address 192.168.210.0/24;

destination-address 192.168.200.0/24;

}

then {

source-nat {

interface;

}

}

}

}

B.  

[edit security nat static]

user@OfficeA# show rule-set From-Office-B {

from interface ge-0/0/0.0;

rule 1 {

match {

destination-address 192.168.200.0/24;

}

then {

static-nat {

prefix 192.168.100.0/24;

}

}

}

}

C.  

[edit security nat static]

user@OfficeB# show rule-set From-Office-A {

from interface ge-0/0/0.0;

rule 1 {

match {

destination-address 192.168.210.0/24;

}

then {

static-nat {

prefix 192.168.100.0/24;

}

}

}

}

D.  

[edit security nat source]

user@OfficeB# show rule-set OfficeAtoB {

from zone OfficeA;

to zone OfficeB;

rule 1 {

match {

source-address 192.168.200.0/24;

destination-address 192.168.210.0/24;

}

then {

source-nat {

interface;

}

}

}

}

A.  

Main mode on both the gateways

B.  

Aggressive mode on both the gateways

C.  

Main mode on the HQ-Gateway and aggressive mode on the Subsidiary-Gateway

D.  

Aggressive mode on the HQ-Gateway and main mode on the Subsidiary-Gateway

A.  

In Ethernet switching mode, Layer 2 interfaces must be placed in a security zone.

B.  

In Ethernet switching mode, IRB interfaces must be placed in a security zone.

C.  

In transparent mode, Layer 2 interfaces must be placed in a security zone.

D.  

In transparent mode, IRB interfaces must be placed in a security zone.

A.  

Forescout

B.  

Policy Enforcer

C.  

Juniper ATP Cloud

D.  

SRX Series device

A.  

Address persistence

B.  

Persistent NAT with any remote host

C.  

Persistent NAT with target host

D.  

Static NAT

A.  

You must change the loss priorities of the forwarding classes to low.

B.  

You must change the code point for the DB-data forwarding class to 10000.

C.  

You must use inet precedence instead of DSCP.

D.  

You must delete one forwarding class.

A.  

IDP disable is not configured on the APBR rule.

B.  

The application services bypass is not configured on the APBR rule.

C.  

The APBR rule does a match on the first packet.

D.  

The session did not properly reclassify midstream to the correct APBR rule.

A.  

You can dynamically secure traffic between the clouds by using user identities in the security policies.

B.  

You can dynamically secure traffic between the clouds by using advanced connection tracking in the security policies.

C.  

You can dynamically secure traffic between the clouds by using security tags in the security policies.

D.  

You can dynamically secure traffic between the clouds by using URL filtering in the security policies.

A.  

If nothing is specified for a resource, a default reserved resource is set for a specific logical system.

B.  

If you do not specify anything for a resource, no resource is reserved for a specific logical system, but the entire system can compete for resources up to the maximum available.

C.  

One security profile can only be applied to one logical system.

D.  

One security profile can be applied to multiple logical systems.

A.  

Enable next-hop tunnel binding.

B.  

Create a firewall filter that identifies VoIP traffic and associates it with the correct forwarding class.

C.  

Configure CoS forwarding classes and scheduling parameters.

D.  

Enable the copy-outer-dscp parameter so that DSCP header values are copied to the tunneled packets.

E.  

Enable the multi-sa parameter to enable two separate IPsec SAs for the VoIP and data traffic.

A.  

Use an external router.

B.  

Use an interconnect VPLS switch.

C.  

Use a secure wire.

D.  

Use a point-to-point logical tunnel.

A.  

IKE needs to be added for the host-inbound traffic on the VPN zone.

B.  

The screen configuration on the untrust zone needs to be modified.

C.  

IKE needs to be added to the host-inbound traffic directly on the ge-0/0/0 interface.

D.  

Application tracking on the untrust zone needs to be removed.

A.  

Two services redundancy groups are available.

B.  

IP monitoring has failed for the services redundancy group.

C.  

Node 1 will host services redundancy group 1 unless it is unavailable.

D.  

Session state is synchronized on both nodes.

E.  

Node 2 will process transit traffic that it receives for services redundancy group 1.

A.  

Add the junos-host zone policy to permit the BGP packets.

B.  

Add a firewall filter to lo0 that permits the BGP packets.

C.  

Modify the security policy to permit the BGP packets.

D.  

Add BGP to the lo0 host-inbound-traffic configuration.

A.  

encapsulation ethernet-bridge

B.  

encapsulation ethernet

C.  

encapsulation ethernet-vpls

D.  

encapsulation vlan-vpls

A.  

set security macsec interfaces ge-0/0/1 connectivity association access-sw

B.  

set protocols 12-learning global mode transpårent-bridge

C.  

set security forwarding-options secure-wire access-sw interface ge-0/0/1.0

D.  

set security macsec connectivity-association access-sw security-mode static-cak

A.  

address persistence

B.  

STUN

C.  

persistent NAT

D.  

double NAT

A.  

The ge-0/0/3.0 and ge-0/0/4.0 interfaces are not active and will not respond to ARP requests to the virtual IP MAC address.

B.  

This device is the backup node for SRG1.

C.  

The ge-0/0/3.0 and ge-0/0/4.0 interfaces are active and will respond to ARP requests to the virtual IP MAC address.

D.  

This device is the active node for SRG1.

A.  

IKE is not an allowed protocol in the external interfaces' security zone.

B.  

IKE is not an allowed protocol in the tunnel endpoints' security zone.

C.  

OSPF is not an allowed protocol in the tunnel endpoints' security zone.

D.  

BGP is not an allowed protocol in the tunnel endpoints' security zone.

A.  

MACsec

B.  

Mixed mode

C.  

Secure wire

D.  

Transparent mode

A.  

The loopback interface requires encapsulation.

B.  

The loopback interface is not assigned to a security zone.

C.  

The incorrect interface index ID is assigned to the loopback interface.

D.  

The IP address on the loopback interface is a private address.

A.  

Services redundancy group 1 (SRG1) is used for services that do not have a control plane state.

B.  

Services redundancy group 0 (SRG0) is used for services that have a control plane state.

C.  

Services redundancy group 0 (SRG0) is used for services that do not have a control plane state.

D.  

Services redundancy group 1 (SRG1) is used for services that have a control plane state.

A.  

Infected hosts are tracked by their IP address.

B.  

Infected hosts are tracked by their chassis serial number.

C.  

Infected hosts are tracked by their MAC address.

D.  

Infected hosts are tracked by their user identity.

A.  

Use RIB groups.

B.  

Use filter-based forwarding.

C.  

Use transparent mode.

D.  

Use policies.

A.  

It works with third-party switches.

B.  

It provides endpoint protection by running a Juniper ATP Cloud agent on the servers.

C.  

It provides endpoint protection by running a Juniper ATP Cloud agent on EX Series devices.

D.  

It works with SRX Series devices.

A.  

Security Director

B.  

Network Director

C.  

Mist

D.  

Security Director Insights

A.  

Each logical system shares the routing protocol process.

B.  

A default routing instance must be manually created for each logical system

C.  

Each logical system has a copy of the routing protocol process.

D.  

A default routing instance is automatically created for each logical system.

A.  

TLS 1.2 traffic will be sent to routing instance R1 but not forwarded to the next hop.

B.  

TLS 1.2 traffic will be sent to routing instance R1 and forwarded to next hop 10.1.0.1.

C.  

TLS 1.2 traffic will be sent to routing instance R2 but not forwarded to the next hop.

D.  

TLS 1.2 traffic will be sent to routing instance R2 and forwarded to next hop 10.2.0.1.

A.  

You must delete one forwarding class.

B.  

You must change the loss priorities of the forwarding classes to low.

C.  

You must use inet precedence instead of DSCP.

D.  

You must change the code point for the DB-data forwarding class to 10000.

A.  

New sessions can only be initiated from a source towards the reflexive address.

B.  

New sessions can be initiated from a destination towards the reflexive address.

C.  

Persistent NAT only applies to source NAT.

D.  

All requests from an internal address are mapped to the same reflexive address.

E.  

Persistent NAT applies to both destination and source NAT.

A.  

The GRE interface must be configured in OSPF Area 0.

B.  

The OSPF interface must be placed in a zone and must have GRE configured

C.  

Overlapping addresses should exist between remote networks.

D.  

The GRE interface must be placed in a zone and must have OSPF configured in is host

E.  

Overlapping addresses should not exist between remote networks.

A.  

target-host

B.  

any-remote-host

C.  

port-overloading

D.  

target-server