Which rib-group configuration will accomplish this?
You want to allow users from routing-instance Juniper1 to route to the destination 2.2.2.2, reached through routing-instance Juniper2 without sharing all the routes between the two instances. You have configured policy-statement move_routes with a route-filter to accept the 2 2.2.2 route. You have created rib-group Group1, and applied it under routing-instance Juniper2.
Which rib-group configuration will accomplish this?
What will help throttle the attack?
An attacker from IP address 1.1.1.2 is filling your SRX Series device’s session table with TCP sessions that have all completed a legitimate three-way handshake.
What will help throttle the attack?
Which two actions should you take to ensure that the SRX Series device renegotiates the VPN faster?
A site-to-site VPN is configured between satellite offices and headquarters using a digital certificate from a neutral party. Once the VPN is up and stable, the certificate issued by the neutral party is revoked. The next-update time is not contained in the CRL.
Which two actions should you take to ensure that the SRX Series device renegotiates the VPN faster? (Choose two.)
how should you upgrade the SRX cluster?
In planning for your core data center’s SRX5800 cluster software upgrade, minimal downtime is requested by your management team.
With a goal to achieve maximum uptime, how should you upgrade the SRX cluster?
Which two statements are true?
You are asked to set up a multi-tenant configuration on your SRX Series device. Several remote branch locations are connected to the device. You will connect each remote site to a separate logical interface. You want to implement segmentation between the branch locations using security zones and routing-instances.
Which two statements are true? (Choose two.)
Which VPN technique can you use on your remote office SRX device?
Your company is bringing a remote office online and is using an IPSec VPN lo establishes secure communication between the offices. The remote SRX Series device is receiving its IP address dynamically from the service provider.
Which VPN technique can you use on your remote office SRX device?
which all device certificates will be derived. You have been asked to automate certification enrollment, re-en
Your company plans to increase the security level for VPNs in its network by using certificates instead of preshared keys The company wants to introduce its own centrally administered certificate authority from which all device certificates will be derived. You have been asked to automate certification enrollment, re-enrollment, and revocation.
How can you implement this?
How do you enforce this set of criteria on the SRX Series device?
You want to source NAT all traffic initiated from Host A behind an SRX Series device to Server B. The internal transport address must be mapped to the same external transport address. Also, the external Server B must not communicate with the internal Host A using the NAT IP address/port unless the internal Host A has already communicated with the external Server B.
How do you enforce this set of criteria on the SRX Series device?
Which action will help identify the problem?
You have correctly implemented a SIP Application Layer Gateway (ALG) on your company’s SRX Series device to support SIP traffic on the network. However, after committing the configuration, users report that they are having problems making calls. Other traffic is property flowing through the device, and calls that do not pass through the SRX Series device have no issues.
Which action will help identify the problem?
where should you place it?
You are working at a service provider that offers only residential access to DSL subscribers. Your company has decided to make customer traffic subject to further inspection.
When you install a new IPS machine in the network, where should you place it?