Click the Exhibit button.
Referring to the exhibit, you need to allow FTP traffic from the Internet to the FTP server in the Trust zone. You
have built a custom application so that you can modify the timeout value for FTP sessions and have configured
a policy to allow FTP traffic from Untrust to Trust, but the traffic still does not flow. The current status of the
FTP ALG is disabled.
What is the problem?

Click the Exhibit button.
A server in the DMZ of your company is under attack. The attacker is opening a large number of TCP
connections to your server which causes resource utilization problems on the server. All of the connections
from the attacker appear to be coming from a single IP address.
Referring to the exhibit, which Junos Screen option should you enable to limit the effects of the attack while
allowing legitimate traffic?

Click the Exhibit button.
Referring to the exhibit, you want to use source NAT to translate the Web server’s IP address to the IP address
of ge-0/0/2.
Which source NAT type accomplishes this task and always performs PAT?

— Exhibit —
user@srx> show security flow session
Session ID. 10702, Policy name: default-permit/4, Timeout: 1794, Valid
In: 2.3.4.5/5000 –> 10.1.2.3/22;tcp, IF. fe-0/0/6.0, Pkts: 88444, Bytes: 7009392
Out: 10.1.2.3/22 –> 10.1.1.1/5000;tcp, IF. .local..0, Pkts: 81672, Bytes: 6749337
— Exhibit —
Click the Exhibit button.
The output of show security flow sessions is shown in the exhibit.
From this output, which type of NAT is configured?

— Exhibit —
[edit security nat source]
user@srx# show
pool A {
address {
172.16.52.94/32;
}
}
rule-set 1A {
from zone trust;
to zone untrust;
rule 1 {
match {
source-address 192.168.233.0/24;
}
then {
source-nat {
pool {
A;
}
}
}
}
}
— Exhibit —
Click the Exhibit button.
Referring to the exhibit, which two statements are true? (Choose two.)

— Exhibit —
[edit security nat]
user@host# show source
pool pool-one {
address {
68.183.13.0/24;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule pool-nat {
match {
source-address 10.10.10.1/24;
}
then {
source-nat {
pool {
pool-one;
}
}
}
}
rule no-nat {
match {
destination-address 192.150.2.140/32;
}
then {
source-nat {
off;
}
}
}
}
— Exhibit —
Click the Exhibit button.
You have implemented source NAT using a source pool for address translation. However, traffic destined for
192.150.2.140 should not have NAT applied to it. The configuration shown in the exhibit is not working
correctly.
Which change is needed to correct this problem?

Click the Exhibit button.
A PC in the trust zone is trying to ping a host in the untrust zone.
Referring to the exhibit, which type of NAT is configured?

— Exhibit —
[edit security nat source]
user@host# show
pool snat-pool {
address {
10.10.10.10/32;
10.10.10.11/32;
}
}
pool-utilization-alarm raise-threshold 50 clear-threshold 40;
rule-set user-nat {
from zone trust;
to zone untrust;
rule snat {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
pool {
snat-pool;
}
}
}
}
}
— Exhibit —
Click the Exhibit button.
Your network management station has generated an alarm regarding NAT utilization based on an SNMP trap
received from an SRX Series device.
Referring to the exhibit, which statement is correct about the alarm?

Click the Exhibit button.
Referring to the exhibit, which three statements are correct? (Choose three.)

Click the Exhibit button.
You are troubleshooting an IPsec VPN connection between a local SRX Series device using IP address
192.168.1.100 and a remote SRX device using IP address 192.168.2.100. A VPN connection cannot be
established. Referring to the exhibit, you examine the kmd log file.
What is the problem?