Your management has a specific set of Web-based applications that certain employees are allowed to use.
Which two SRX Series device features would be used to accomplish this task? (Choose two.)

Which feature is used for layer 2 bridging on an SRX Series device?

You are performing AppSecure traffic processing to enforce AppFW.
What happens when traffic matching an established security session is newly detected as a different
application?

Click the Exhibit button.
[edit]
user@host# show interfaces
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 20;
}
}
}
ge-0/0/10 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 20;
}
}
}
[edit]
user@host# show bridge-domains
d1 {
domain-type bridge;
vlan-id 20;}
[edit]
user@host# show security flow bridge
[edit]
user@host# show security zones
security-zone 12 {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/10.0;
}
}
Referring to the exhibit, which statement is true?

How does the SRX5800, in transparent mode, signal failover to the connected switches?

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to
change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 addressfor its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.
Referring to the exhibit, which statement is true?

Which two configuration statements are used to share interface routes between routing instances? (Choose
two.)

Where does the AppSecure suite of functions occur in the security flow process on an SRX Series device?

Click the Exhibit button.

[edit security nat static rule-set 12]
user@SRX2# show
from zone untrust;
rule 1 {
match {
destination-address 192.168.1.1/32;
}
then {
static-nat {
prefix {
10.60.60.1/32;
}
}
}
}
Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.
What is the result of the communication?

Click the Exhibit button.
user@host> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
3271043 UP 7f42284089404673 95fd8408940438d8 Main 172.31.50.2
user@host> show security ipsec security-associations
Total active tunnels: 0
user@host> show log phase2
Feb 2 14:21:18 host kmd[1088]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: vpn-1
Gateway: gate-1, Local: 172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKEID: 172.31.50.2, VR-ID: 0
Feb 2 14:21:18 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1,
Peer Proposed traffic-selector local-ip: ipv4(2.2.2.2), Peer Proposed traffic-selector remote-ip: ipv4 (1.1.1.1)
Feb 2 14:21:54 host kmd[1088]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN:
vpn-1 Gateway: gate-1, Local:
172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKE-ID: 172.31.50.2, VR-ID: 0
Feb 2 14:22:19 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1,
Peer Proposed traffic-selector local-ip:
ipv4 (2.2.
2.2), Peer Proposed traffic-selector remote-ip: ipv4(1.1.1.1)
You have recently configured an IPsec VPN between an SRX Series device and another non- Junos security
device. The phase one tunnel is up but the phase two tunnel is not present.
Referring to the exhibit, what is the cause of this problem?