Click the Exhibit button

In the exhibit, two SRX240 devices form a chassis cluster. Node 0 is primary for RG 1, and interface monitoring is configured to fail primacy over to Node 1 in the event interface ge-5/0/3 goes down. However, when interlace ge-5/0/3 goes down, Node 0 retains primary for RG 1.

Which two statements describe why Node 0 retained primacy for RG 1? (Choose two)

Click the Exhibit button.

You are troubleshooting a new IPSec VPN tunnel that is failing to establish an IKE security association between SRX Series devices. You notice the error in the log shown in the exhibit.

What is a possible cause for this problem?

Click the Exhibit button

The exhibit shows a configuration for two IPSec tunnels. The tunnel ipsec-vpn-primary is being used as the primary tunnel, and the tunnel ipsec-vpn-backup is being used as the backup tunnel. The remote device is not a Juniper Networks device. When a link failure occurs in the path that supports the primary tunnel, traffic is black holed for many minutes before the backup tunnel is used.

What can you do to reduce the failover time?

Click the Exhibit button

A user complains that they cannot reach a destination host using Telnet The user expresses concern that the SRX Series device is blocking the connection attempt. You check the security policy log on the SRX device and see the entry shown in the exhibit.

Based on the security policy log entry, which three statements describe why the user is unable to use Telnet to reach the destination host? (Choose three.)

Click the Exhibit button

The client is routed to Server A by default You have just implemented filter-based forwarding to redirect specific traffic from the client to Server B. Server B will then send that traffic to Server A. After finalizing this implementation, you notice reverse traffic from Server A back to the client is being dropped

Which statement describes why the reverse traffic is being dropped?

A SYN packet traverses an SRX Series device and a session is created. When the return SYN- ACK packet arrives at the SRX, the original interface on which the SYN packet arrived is down. However, an alternate route exists through another interface in a different zone no-syn-check is not configured on the device

What will happen to the return packet?

You configure an SRX Series chassis cluster with graceful restart support for the configured routing protocols. When testing your cluster failover in a large, multivendor lab environment, you notice that most of the BGP and OSPF neighbors remain adjacent, whereas a few other neighbors drop the adjacency with your cluster during the cluster failover test. You notice that the OSPF and BGP neighbors that drop the adjacencies are always the same

Why is this happening?

Your company has installed a new transparent proxy server that it wants all employee traffic to traverse before taking the default route to the Internet. The proxy server is within two DMZ zones from the SRX Series device, which means your SRX device must now have two default routes:
one to the proxy DMZ and one to the Internet from the proxy DMZ.

What can you do to get the traffic to flow to the transparent proxy DMZ, and then from the proxy DMZ to the Internet, regardless of the destination or port?

Click the Exhibit button.

In the process of securing your network from network reconnaissance, you notice that a large number of random packets are destined for unused segments on your network.

Referring to the exhibit, how should you secure the borders from these attacks while allowing legitimate traffic to pass through?

Click the Exhibit button

The exhibit shows an IPSec tunnel configuration In an effort to increase the security of the tunnel, you must configure the tunnel to negotiate a new tunnel key during IKE phase 2.

How can the configuration be changed to accommodate this requirement/?