Click the Exhibit button.
[edit]
user@host# show interfaces
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 20;
}
}
}
ge-0/0/10 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 20;
}
}
}
[edit]
user@host# show bridge-domains
d1 {
domain-type bridge;
vlan-id 20;}
[edit]
user@host# show security flow bridge
[edit]
user@host# show security zones
security-zone 12 {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/10.0;
}
}
Referring to the exhibit, which statement is true?

How does the SRX5800, in transparent mode, signal failover to the connected switches?

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to
change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 addressfor its tunnel endpoint and SRX-2 uses the 10.10.50.1 address for its tunnel endpoint.
Referring to the exhibit, which statement is true?

Which two configuration statements are used to share interface routes between routing instances? (Choose
two.)

Where does the AppSecure suite of functions occur in the security flow process on an SRX Series device?

Click the Exhibit button.

[edit security nat static rule-set 12]
user@SRX2# show
from zone untrust;
rule 1 {
match {
destination-address 192.168.1.1/32;
}
then {
static-nat {
prefix {
10.60.60.1/32;
}
}
}
}
Host-2 initiates communication with Host-1. All other routing and policies are in place to allow the traffic.
What is the result of the communication?

Click the Exhibit button.
user@host> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
3271043 UP 7f42284089404673 95fd8408940438d8 Main 172.31.50.2
user@host> show security ipsec security-associations
Total active tunnels: 0
user@host> show log phase2
Feb 2 14:21:18 host kmd[1088]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: vpn-1
Gateway: gate-1, Local: 172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKEID: 172.31.50.2, VR-ID: 0
Feb 2 14:21:18 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1,
Peer Proposed traffic-selector local-ip: ipv4(2.2.2.2), Peer Proposed traffic-selector remote-ip: ipv4 (1.1.1.1)
Feb 2 14:21:54 host kmd[1088]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN:
vpn-1 Gateway: gate-1, Local:
172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKE-ID: 172.31.50.2, VR-ID: 0
Feb 2 14:22:19 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1,
Peer Proposed traffic-selector local-ip:
ipv4 (2.2.
2.2), Peer Proposed traffic-selector remote-ip: ipv4(1.1.1.1)
You have recently configured an IPsec VPN between an SRX Series device and another non- Junos security
device. The phase one tunnel is up but the phase two tunnel is not present.
Referring to the exhibit, what is the cause of this problem?

A local user complains that they cannot connect to an FTP server on the DMZ network. You investigate and
confirm that the security policy allows FTP traffic from the trust zone to the DMZ zone.
What are two reasons for this problem? (Choose two.)

Your manager asks you to show which attacks have been detected on your SRX Series device using the IPS
feature.
Which command would you use to accomplish this task?

What is a secure key management protocol used by IPsec?