Refer to the Exhibit.

You are asked to configure a hub-and-spoke VPN. All the VPN components have been
configured, and you are able to ping the remote tunnel interfaces at Site 1 and Site 2 from the Hub
site as shown in the exhibit. The Hub site’s external interface is in security zone untrust and the
st0 interfaces from each site are in security zone DMZ. Users in Site 2 are unable to connect to a
Web server in Site 1.
Which additional step is required at the hub site for users to access the Web server?

Refer to the Exhibit.

Referring to the exhibit, you need to allow FTP traffic from the Internet to the FTP server in the
Trust zone. You have built a custom application so that you can modify the timeout value for FTP
sessions and have configured a policy to allow FTP traffic from Untrust to Trust, but the traffic still
does not flow. The current status of the FTP ALG is disabled.
What is the problem?

Refer to the Exhibit.

A server in the DMZ of your company is under attack. The attacker is opening a large number of
TCP connections to your server which causes resource utilization problems on the server. All of
the connections from the attacker appear to be coming from a single IP address.
Referring to the exhibit, which Junos Screen option should you enable to limit the effects of the
attack while allowing legitimate traffic?

Refer to the Exhibit.

Referring to the exhibit, you want to use source NAT to translate the Web server’s IP address to
the IP address of ge-0/0/2.
Which source NAT type accomplishes this task and always performs PAT?

— Exhibit –-
user@srx> show security flow session

Session ID. 10702, Policy name: default-permit/4, Timeout: 1794, Valid
In: 2.3.4.5/5000 –> 10.1.2.3/22;tcp, IF. fe-0/0/6.0, Pkts: 88444, Bytes: 7009392
Out: 10.1.2.3/22 –> 10.1.1.1/5000;tcp, IF. .local..0, Pkts: 81672, Bytes: 6749337

— Exhibit –-
Refer to the Exhibit.
The output of show security flow sessions is shown in the exhibit.
From this output, which type of NAT is configured?

— Exhibit –-
[edit security nat source]
user@srx# show
pool A {
address {
172.16.52.94/32;
}
}
rule-set 1A {
from zone trust;
to zone untrust;

rule 1 {
match {
source-address 192.168.233.0/24;
}
then {
source-nat {
pool {
A;
}
}
}
}
}

— Exhibit –-
Refer to the Exhibit.
Referring to the exhibit, which two statements are true? (Choose two.)

— Exhibit –-
[edit security nat]
user@host# show source

pool pool-one {
address {
68.183.13.0/24;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule pool-nat {
match {
source-address 10.10.10.1/24;
}
then {
source-nat {
pool {
pool-one;
}
}
}
}
rule no-nat {
match {
destination-address 192.150.2.140/32;
}
then {
source-nat {
off;

}
}
}
}

— Exhibit –-

Refer to the Exhibit.
You have implemented source NAT using a source pool for address translation. However, traffic
destined for 192.150.2.140 should not have NAT applied to it. The configuration shown in the
exhibit is not working correctly.
Which change is needed to correct this problem?

Refer to the Exhibit.

A PC in the trust zone is trying to ping a host in the untrust zone.
Referring to the exhibit, which type of NAT is configured?

— Exhibit –-
[edit security nat source]
user@host# show
pool snat-pool {
address {
10.10.10.10/32;
10.10.10.11/32;
}
}
pool-utilization-alarm raise-threshold 50 clear-threshold 40;
rule-set user-nat {
from zone trust;
to zone untrust;
rule snat {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
pool {

snat-pool;
}
}
}
}
}

— Exhibit –-
Refer to the Exhibit.
Your network management station has generated an alarm regarding NAT utilization based on an
SNMP trap received from an SRX Series device.
Referring to the exhibit, which statement is correct about the alarm?

Refer to the Exhibit.

Referring to the exhibit, which three statements are correct? (Choose three.)