1.
Which statement is true about NAT?
2.
You have configured static NAT for a Web server in your DMZ. Both internal and external users can reach the Web server using its IP address. However, only internal users are able to reach the Web server using its DNS name. External users receive an error message from their browser. Which action would solve this problem?
3.
You want to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, without the internal resource having previously sent packets to the external hosts. Which configuration setting will accomplish this goal?
4.
Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts to be able to reach the internal resource using the DNS name of the resource. How do you accomplish this goal?
5.
You are asked to provide access for an external VoIP server to VoIP phones in your network using private addresses. However, due to security concerns, the VoIP server should only be able to initiate connections to each phone once the phone has logged into the VoIP server. The VoIP server requires access to the phones using multiple ports. Which type of persistent NAT is required?
6.
You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500. How would you resolve this problem?
7.
Given the following session output:
Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid
In: 2001:660:1000:8c00::b/1053 --> 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4, Bytes: 574
Out: 192.168.203.10/80 --> 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:
Which statement is correct about the security flow session output?
8.
Which statement is true regarding the dynamic VPN feature for Junos devices?
9.
You are asked to design a solution to verify IPsec peer reachability with data path forwarding. Which feature would meet the design requirements?
10.
You want to implement an IPsec VPN on an SRX device using PKI certificates for authentication. As part of the implementation, you are required to ensure that the certificate submission, renewal, and retrieval processes are handled automatically from the certificate authority. Regarding this scenario, which statement is correct?