NEW QUESTION 1
You have implemented APBR on your SRX Series device and are verifying that your changes are working properly. You notice that when you start the application for the first time, it does not follow the expected path.
What are two reasons that would cause this behavior? (Choose two.)

• A. The application system cache does not have an entry for the first session.
• B. The application system cache has been disabled.
• C. The application system cache already has an entry for this application.
• D. The advanced policy-based routing is applied to the ingress zone and must be moved to the egress zone.

Answer: AB

NEW QUESTION 2
You are creating an IPS policy with multiple rules. You want traffic that matches rule 5 to silently be dropped, along with any future packets that match the appropriate attributes of the incoming traffic.
In this scenario, which ip-action parameter should you use?

• A. ip-block
• B. ip-close
• C. log-create
• D. timeout

Answer: A

NEW QUESTION 3
Click the Exhibit button.

Security Director is reporting the events shown in the exhibit.
If the fallback parameter is set to pass traffic, what would cause the events?

• A. The files are too large for the antivirus engine to process.
• B. The files are not scanned because they were permitted by a security policy.
• C. The files are not scanned because they are the wrong file format.
• D. The antivirus engine is unable to re-encrypt the files.

Answer: A

NEW QUESTION 4
Click the Exhibit button.

Two hosts on the same subnet are connected to an SRX340 using interfaces ge-0/0/4 and
ge-0/0/5. The two hosts can communicate with each other, but they cannot communicate with hosts outside of their subnet.
Referring to the exhibit, which three actions would you take to solve this problem? (Choose three.)

• A. Add the ge-0/0/4 and ge-0/0/5 interfaces to the L2 zone.
• B. Remove the irb.0 interface from the L2 zone.
• C. Set the SRX340 to Ethernet switching mode.
• D. Configure a security policy to permit the traffic.
• E. Reboot the SRX340.

Answer: CDE

NEW QUESTION 5
Click the Exhibit button.

You have recently committed the IPS policy shown in the exhibit. When evaluating the expected behavior, you notice that you have a session that matches all of the rules in your IPS policy.
In this scenario, which action would be taken?

• A. ignore-connection
• B. drop packet
• C. no-action
• D. close-client-and-server

Answer: C

NEW QUESTION 6
Click the Exhibit button.

Referring to the exhibit, you have configured a Sky ATP policy to inspect user traffic. However, you have noticed that encrypted traffic is not being inspected.
In this scenario, what must you do to solve this issue?

• A. Change the policy to inspect HTTPS traffic.
• B. Configure the PKI feature.
• C. Configure the SSL forward proxy feature.
• D. Change the policy to inspect TLS traffic.

Answer: C

NEW QUESTION 7
What is the correct application mapping sequence when a user goes to Facebook for the first time through an SRX Series device?

• A. first packet > process packet > check application system cache > classify application > process packet > match and identify application
• B. first packet > check application system cache > process packet > classify application > match and identify application
• C. first packet > check application system cache > classify application > process packet > match and identify application
• D. first packet > process packet > check application system cache > classify application > match and identify application

Answer: D

NEW QUESTION 8
You want to review AppTrack statistics to determine the characteristics of the traffic being monitored.
Which operational mode command would accomplish this task on an SRX Series device?

• A. show services application-identification statistics applications
• B. show services application-identification application detail
• C. show security application-tracking counters
• D. show services security-intelligence statistics

Answer: A

NEW QUESTION 9
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

• A. The application firewall rule is not inspecting encrypted traffic.
• B. There are two rules configured in the rule set.
• C. The rule set uses application definitions from the predefined library.
• D. The configured rule set matches most analyzed applications.

Answer: AC

NEW QUESTION 10
You have been notified by your colocation provider that your infrastructure racks will no longer be adjacent to each other.
In this scenario, which technology would you use to secure all Layer 2 and Layer 3 traffic between racks?

• A. IPsec
• B. GRE
• C. 802.1BR
• D. MACsec

Answer: D

NEW QUESTION 11
Which AppSecure feature identifies applications that are present in traffic?

• A. AppID
• B. AppTrack
• C. AppFW
• D. AppQoS

Answer: A

NEW QUESTION 12
What are three components of Software-Defined Secure Networks? (Choose three.)

• A. Contrail
• B. Sky ATP
• C. SRX Series device
• D. Security Director
• E. Network Director

Answer: BCD

NEW QUESTION 13
You are scanning files that are being transferred from the Internet to hosts on your internal network with Sky ATP. However, you notice that files that are 1 GB in size are not being scanned by Sky ATP.
In this scenario, which two statements are true? (Choose two.)

• A. The Sky ATP failback option is set to permit.
• B. The Sky ATP engine or the SRX Series device is too busy.
• C. The 1 GB file size is larger than the scan size limit for Sky ATP.
• D. The Sky ATP policy on the SRX Series device is misconfigured.

Answer: CD

NEW QUESTION 14
While reviewing the Log and Reporting portion of Security Director, you find that multiple objects reference the same address. You want to use a standardized name for all of the objects.
In this scenario, how would you create a standardized object name without searching the entire policy?

• A. Remove the duplicate objects.
• B. Merge the duplicate objects.
• C. Rename the duplicate objects.
• D. Replace the duplicate objects.

Answer: B

NEW QUESTION 15
Click the Exhibit button.

The UTM policy shown in the exhibit has been applied to a security policy on a branch SRX Series device.
In this scenario, which statement is true?

• A. HTTP downloads of ZIP files will be blocked.
• B. FTP downloads of ZIP files will be blocked.
• C. E-mail downloads of ZIP files will be blocked.
• D. ZIP files can be renamed with a new extension to pass through the filter.

Answer: A

NEW QUESTION 16
You have set up Sky ATP with the SRX Series devices in your network. However, your SRX Series devices are unable to communicate with the Sky ATP cloud because the communication is being blocked by a gateway network device.
Which two actions should you take to solve the problem? (Choose two.)

• A. Open destination port 443 inbound from the Internet on the gateway network device.
• B. Open destination port 8080 outbound from the Internet on the gateway network device.
• C. Open destination port 443 outbound from the Internet on the gateway network device.
• D. Open destination port 8080 inbound from the Internet on the gateway network device.

Answer: CD