Security, Specialist (JNCIS-SEC) 試験
Question No : 1
You are asked to support source NAT for an application that requires that its original source port not be changed.
Which configuration would satisfy the requirement?
Question No : 2
You want to trigger failover of redundancy group 1 currently running on node 0 and make node 1 the primary node the redundancy group 1.
Which command would be used accomplish this task?
Question No : 3
In a chassis cluster, which two characteristics are true regarding reth interfaces? (Choose two.)
Question No : 4
What are two fields that an SRX Series device examines to determine if a packet is associated with an existing flow? (Choose two.)
Question No : 5
Which statement is true about Perfect Forward Secrecy (PFS)?
Question No : 6
Which type of VPN provides a secure method of transporting encrypted IP traffic?
Question No : 7
Your internal webserver uses port 8088 for inbound connections. You want to allow external HTTP traffic to connect to the webserver.
Which two actions would accomplish this task? (Choose two.)
Question No : 8
Click the Exhibit button.
You notice that your SRX Series device is not blocking HTTP traffic as expected.
Referring to the exhibit, what should you do to solve the problem?
Question No : 9
Which action will restrict SSH access to an SRX Series device from a specific IP address which is connected to a security zone named trust?
Question No : 10
You are changing the default vCPU allocation on a vSRX.
How are the additional vCPUs allocated in this scenario?
Question No : 11
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase 1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)
Question No : 12
Your network includes IPsec tunnels. One IPsec tunnel transits an SRX Series device with NAT configured. You must ensure that the IPsec tunnels function properly.
Which statement is correct in this scenario?
Question No : 13
You want to implement IPsec on your SRX Series devices, but you do not want to use a preshared key.
Which IPsec implementation should you use?
Question No : 14
A session token on an SRX Series device is derived from what information? (Choose two.)
Question No : 15
Which host-inbound-traffic security zone parameter would allow access to the REST API configured to listen on custom TCP port 5080?