01. Your company wants to scale to 200 branches across the globe. Dynamic routing over the VPNs is required and you want to minimize the chance of compromising the keys.
Which type of VPN implementation should you use?
a) policy-based VPN with preshared key authentication
b) route-based VPN with preshared key authentication
c) policy-based VPN with certificate-based authentication
d) route-based VPN with certificate-based authentication
02. You installed the IPS license on the SRX Series device and need to download the IPS signature database. What must you do?
a) Run the request security idp security-package install command; the signature database will be downloaded from Juniper Networks and installed.
b) Run the request security idp security-package download command followed by the request security idp security-package install command.
c) Run the request security idp security-package download command; the signature database will be downloaded from Juniper Networks and installed.
d) Download the signature database from Juniper Networks and run the request security idp security-package download <IP address> to use TFTP to transfer the file from your laptop and install it on the SRX Series device.
03. A large company with different partners wants to establish a VPN among the various sites using certificates. One partner receives a certificate from a different CA server than does corporate headquarters.
Which type of certificate format is used on the SRX Series device to establish this VPN?
04. You want to configure system security resources for logical systems on SRX devices. Which statement is true regarding the system behavior of security profiles?
a) They are defined by user administrators within an LSYS.
b) Up to 512 profiles can be configured.
c) One security profile can be applied to multiple LSYSs.
d) Configured limitations of type maximum guarantees system resources.
05. You have configured DNS doctoring on your SRX device to allow your internal Web server traffic to respond to www.targethost.com. You now want to verify proper DNS doctoring behavior.
Which action allows you to perform this task?
a) Initiate a ping from an internal host to www.targethost.com.
b) Initiate a ping from an external host to www.targethost.com.
c) Initiate a ping from the internal Web server to an external host.
d) Verify that the DNS ALG is enabled.
06. A security administrator wants to establish a certificate-based VPN between SRXA and SRXB. SRXA receives a certificate from certificate authority CA-A and SRXB receives a certificate from certificate authority CA-B.
Which type of certificates are needed on SRXA to establish the VPN tunnel?
a) SRXA's local certificate, and SRXA's CA certificate issued by CA-A
b) SRXA's local certificate, and SRXB's CA certificate issued by CA-B
c) SRXA's local certificate, and SRXB's local certificate
d) SRXB's local certificate, SRXA's CA certificate issued by CA-A, and SRXB's CA certificate issued by CA-B
07. You want to add the IDP attack database to your SRX device. Which two tasks are required to complete this goal?
a) Download the IDP security package.
b) Download the IDP sensor database.
c) Install the IDP sensor database.
d) Install the IDP security package.
08. You are asked to separate several remote branch locations by attaching them to separate SRX Series devices.
You have only one SRX Series device and must accomplish this objective virtually. You are required to have separate routing tables, and each interface must be in different logical devices.
Which type of routing-instance must you use to accomplish this objective?
09. Your enterprise requires a remote access solution and wants the installation of the VPN client software to be automated and linked to users as they log in to the VPN server.
Which client VPN feature meets this requirement?
a) Purchase SSL VPN feature licenses and add them to the SRX Series device
b) Install the Junos Pulse client on the Windows devices at login
c) Deploy the group VPN SRX Series device feature 1
d) Deploy the dynamic VPN on the SRX Series device
10. Which two methods can be categorized under the reconnaissance phase?
a) using information from the target company website
b) Xmas attack
c) ping of death
d) war dialing scan