You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?

• A.An IPsec group VPN with the corporate firewall acting as the hub device.
• B.Full mesh IPsec VPNs with tunnels between all sites.
• C.A hub-and-spoke IPsec VPN with the corporate firewall acting as the hub device.
• D.A full mesh Layer 3 VPN with the corporate firewall acting as the hub device.

Comment: *

Name: *

Email: *

Verification: *

Exhibit:


You are having problems configuring advanced policy-based routing.
What should you do to solve the problem?

• A.Apply a policy to the APBR RIB group to only allow the exact routes you need.
• B.Change the routing instance to a forwarding instance.
• C.Change the routing instance to a virtual router instance.
• D.Remove the default static route from the main instance configuration.

Comment: *

Name: *

Email: *

Verification: *

You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents.
Which security feature achieves this objective?

• A.DNS security
• B.Secure Web Proxy
• C.encrypted traffic insights
• D.infected host feeds

Comment: *

Name: *

Email: *

Verification: *

Exhibit

Referring to the exhibit, which three protocols will be allowed on the ge-0/0/5.0 interface? (Choose three.)

• A.DHCP
• B.IPsec
• C.NTP
• D.IBGP
• E.OSPF

Comment: *

Name: *

Email: *

Verification: *

Exhibit:

Host A shown in the exhibit is attempting to reach the Web1 webserver, but the connection is failing.
Troubleshooting reveals that when Host A attempts to resolve the domain name of the server (web.acme.
com), the request is resolved to the private address of the server rather than its public IP.
Which feature would you configure on the SRX Series device to solve this issue?

• A.Persistent NAT
• B.Double NAT
• C.DNS doctoring
• D.STUN protocol

Comment: *

Name: *

Email: *

Verification: *