You have an existing group VPN established in your internal network using the group-id 1. You
have been asked to configure a second group using the group-id 2. You must ensure that the key
server for group 1 participates in group 2 but is not the key server for that group. Which statement
is correct regarding the group configuration on the current key server for group 1?

What are the three types of attack objects used in an IPS engine? (Choose three.)

At which two times does the IPS rulebase inspect traffic on an SRX device? (Choose two.)

Which three match condition objects are required when creating IPS rules? (Choose three.)

Which problem is introduced by setting the terminal parameter on an IPS rule?

You have installed a new IPS license on your SRX device and successfully downloaded the attack
signature database. However, when you run the command to install the database, the database
fails to install. What are two reasons for the failure? (Choose two.)

You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have
the exact string that identifies the attack. Which two additional elements do you need to define
your custom signature? (Choose two.)

An external host is attacking your network. The host sends an HTTP request to a Web server, but
does not include the version of HTTP in the request.
Which type of attack is being performed?

You configured a custom signature attack object to match specific components of an attack:
HTTP-request

Pattern .*\x90 90 90 … 90
Direction: client-to-server
Which client traffic would be identified as an attack?

You are deploying a standalone SRX650 in transparent mode for evaluation purposes in a
potential client’s network. The client will need to access the device to modify security policies and
perform other various configurations. Where would you configure a Layer 3 interface to meet this
requirement?