You are configuring a NetScreen device in transparent mode and want to provide additional administrative security. Which two (2) options would you set?

A.
set int vlan1 ident-reset

B.
set int vlan1 broadcast arp

C.
set int vlan1 broadcast flood

D.
set admin manag-ip <a.b.c.d>

E.
set int vlan1 ip manage-ip <a.b.c.d>

Explanation:
When a host or any kind of network device does not know the MAC address associated with the IP address of another device, it uses the Address Resolution Protocol (ARP) to obtain it. The requestor broadcasts an ARP query (arp-q) to all the other devices on the same subnet.
Only the device with the specified IP address returns an arp-r. After a device matches an IP address with a MAC address, it stores the information in its ARP cache. The situation can arise when a device sends a unicast packet with a destination MAC address, which it has in its ARP cache, but which the NetScreen device does not have in its forwarding table.
When a NetScreen device in Transparent mode receives a unicast packet for which it has no entry in its forwarding table, it can follow one of two courses:
After doing a policy lookup to determine the zones to which traffic from the source address is permitted, flood the initial packet out the interfaces bound to those zones, and then continue using whichever interface receives a reply. This is the Flood option, which is enabled by default.
Drop the initial packet, flood ARP queries (and, optionally, trace-route packets, which are ICMP echo requests with the time-to-live value set to 1) out all interfaces (except the interface at which the packet arrived), and then send subsequent packets through whichever interface receives an ARP (or trace-route) reply from the router or host whose MAC address matches the destination MAC address in the initial packet. The trace-route option allows the NetScreen device to discover the destination MAC address when the destination IP address is in a nonadjacent subnet.