EMT Practice Test

1. Question Content...


Question List

Question1: Which three methods secure the payload across the WAN? (Choose three.)

Question2: You are designing an IPsec VPN solution for a customer with the requirements shown below:
-It must be scalable
-It must support VoIP traffic with minimal latency
-It must allow remote locations to be added to the VPN topology with minimal effort and in a secure way Which solution meets these requirements?

Question3: Spotlight Secure provides which benefit?

Question4: You are asked to implement port-based authentication on your access switches. Security and ease of access are the two primary requirements.
Which authentication solution satisfies these requirements?

Question5: Your customer is purchasing another company. They must establish communication between the two corporate networks, which use an overlapping IPv4 address space. The customer knows they must deploy some of Network Address Translation (NAT).
Which type of NAT should you use?

Question6: Which three actions are part of an in-depth network defense strategy? (Choose three.)

Question7: You are designing a network for a customer who has given you specific requirements for the Internet gateway:
-The device must validate BGP peers, and
-Administrators must be able to verify that packet filters on the loopback interfaces are working as expected.
What are two features on the Internet gateway that address the customer's requirements? (Choose two.)

Question8: You are designing a Log Director deployment that must be able to handle 6,500 sustained events per second.
What is the minimum deployment scenario?

Question9: Your customer is planning to secure a data center with webservers reachable through two ISP connections terminating on each node of an active/passive SRX Series chassis cluster. ISP-1 is the preferred connection because it provides higher bandwidth than ISP-2.
Which two must you include in your design proposal to meet this requirement? (Choose two.)

Question10: Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support dual stack. They have decided against using a dynamic routing protocol. They are concerned about the difficulty of managing configurations and operations at the hub location as they deploy branch routers.
In this scenario, what are three reasons for selecting route-based VPNs with traffic selectors? (Choose three.)

Question11: In the data center, what are two characteristics of access tier VLAN termination at the firewall? (Choose two.)

Question12: Click the Exhibit button.

The data center shown in the exhibit is running an active/active SRX Series chassis cluster and an active/ active network infrastructure. Customer A needs to communicate with customer D, and customer B needs to communicate with customer C.
In this scenario. Which two steps avoid Z-mode traffic? (Choose two.)

Question13: What is one way to increase the security of a site-to-site IPsec VPN tunnel?

Question14: You are asked to provide user-based network access through an SRX Series device. The implementation must use Active Directory credentials for user account validation.
Which two solutions satisfy these requirements? (Choose two.)

Question15: Your company must enable high-speed Layer 2 connectivity between two data centers connected by private fiber. Your security policy mandates that all company data is encrypted between sites.
Which technology would you use to meet these requirements?

Question16: Click the exhibit button.

You are asked to provide a proposal for security elements in the service provider network shown in the exhibit. You must provide DDoS protection for Customer A from potential upstream attackers.
Which statements is correct in this scenario?

Question17: You are asked to implement network segmentation to increase security within your internal network.
Which three statements are correct in this scenario? (Choose three.)

Question18: What are two design requirements for deploying a chassis cluster across a Layer 2 network? (Choose two.)

Question19: Which two components are required to implement a Contrail service chain? (Choose two.)

Question20: Which solution centralizes the management of security devices in your data center?

Question21: You are designing a network management solution for a customer's data center. Your design must include a solution that supports the collection of events from SRX Series devices, as well as events from various third-party devices.
In this scenario, which solution should you recommend?

Question22: You need to provide wireless access to the user community without reducing security.
Which action accomplishes this task?

Question23: You are designing the security improvements needed to protect an application that your company is about to deploy. The only traffic that the application can receive is valid HTTP traffic on TCP port 8080 that was inspected for Application Layer attacks.
Which three SRX Series device features will satisfy the requirements? (Choose three.)

Question24: Which three functions are licensed UTM features? (Choose three.)

Question25: Click the Exhibit button.

Your customer needs to make Server's HTTP service and Server2's SMTP service available to the Internet behind a single public IP address.
Referring to the exhibit, which type of NAT will satisfy the customer requirement?

Question26: You are designing a Log Director deployment that must be able to handle 9,500 sustained events per second.
In this scenario, what is the minimum deployment solution?

Question27: Which statements about IPsec tunnels is true?

Question28: Which three statements about Sky Advanced Threat Prevention are true? (Choose three.)

Question29: You are designing a WAN solution for a small service provider. The service provider has asked you to include ways to mitigate potential DDoS attacks against their customers.
Which two solutions should you include in your proposal? (Choose two.)

Question30: As part of your branch office security design, you are asked to include the necessary features to address these requirements:
-stop spam and phishing,
-stop viruses, Trojans, and spyware,
-control website access, and
-control content
Which security feature set meets these requirements?

Question31: Your company's data center uses multiple routing instances on shared hardware, but needs to share routing information between routing instances.
In this scenario, what are three ways to share routes between routing instances? (Choose three.)

Question32: Due to changes in security requirements you must place a firewall between an existing Web server farm and a database server farm residing in the same subnet.
In this scenario, why would you choose transparent mode as your operating mode?

Question33: Click the Exhibit button.

Given the data center topology shown in the exhibit, what are two designs that enable the SRX Series devices to inspect all traffic between the webserver and database server? (Choose two.)

Question34: You are designing an enterprise WAN network that must connect multiple sites. You must provide a design proposal for the security elements needed to encrypt traffic between the remote sites.
Which feature will secure the traffic?

Question35: Which technology would you use to detect and analyze a denial-of service attack on a service provider network?

Question36: Where are the security policies enforced for next-generation firewalls?

Question37: You are asked to implement a new application to share documents with trusted external organizations while minimizing the risk of an attack that would enable access to other enterprise systems.
In this scenario, which two locations would you recommend to deploy the application? (Choose two.)

Question38: Your network design consists of two chassis clusters with the same cluster ID. The reth0 interfaces of each cluster are connected to the same Layer 2 network.
In this scenario, what will ensure uninterrupted traffic?

Question39: What are three characteristics of the integrated user firewall feature? (Choose three.)

Question40: Which security solution protects against zero-day attacks?

Question41: You are asked to design security policies for your corporate network where policy-based VPNs will be used.
In this scenario, which three statements for a traffic match are true? (Choose three.)

Question42: What are the three activities in the reconnaissance phase of an attack? (Choose three.)

Question43: You are preparing for the initial deployment of 100 SRX Series devices, and you want to leverage the autoinstallation feature.
Which three prerequisites are required before you begin this task? (Choose three.)

Question44: Click the Exhibit button.

Referring to the diagram shown in the exhibit, which three statements are true? (Choose three.)

Question45: Your customer is assessing their network incident response plan. They need to improve their recovery time when a networking issue occurs, especially when involves JTAC support. They have limited internal support staff and little automation experience to develop their own tools.
Which Juniper solution meets these requirements?

Question46: Which three statements are correct about BGP flowspec? (Choose three.)

Question47: You must implement access control lists to protect the control plane of a service provider's core devices.
What are two ways to accomplish this task? (Choose two.)

Question48: You must design a solution to collect logs from a group of SRX Series devices using Junos Space Log Director. You will deploy this solution on virtual machines that will support traffic peaks up to 7,500 events per second.
How would you accomplish this task?

Question49: Which component of the Juniper NFV solution architecture acts as the VNF manager?

Question50: In the ever-changing threat landscape, you are seeking to deploy a dynamic anti-malware solution.
What are three characteristics of the Sky Advanced Threat Prevention public cloud infrastructure? (Choose three.)

Question51: An auditor reviewed your company's firewall configurations and is requiring that IPsec VPN connections must not expose IKE identities during IKE negotiations.
Which two methods satisfy this requirement? (Choose two.)

Question52: You are asked to deploy user access to the Internet, and you want to determine which applications are passing through the firewall.
Which feature accomplishes this task?

Question53: You are asked to design a high availability solution for a customer that wants to use a chassis cluster with two redundancy groups (RG0 and RG1). Their requirements dictate that the Routing Engine does not failover if RG1 fails. RG1 must failover automatically if there is an interface failure.
How would you accomplish this task?

Question54: You are asked to deploy security in your data center with the criteria listed below.
-The deployment must allow for selective firewall redirect.
-The deployment must allow for selective firewall bypass.
Which deployment meets these requirements?

Question55: Your company is establishing a BYOD policy and you are asked to create the appropriate security infrastructure. In the policy, Internet access should only be provided to the BYOD wired and wireless devices.
Which two security features meet these requirements? (Choose two.)

Question56: Your client modifies an event script and needs to update 100 SRX Series devices with this new script.
They want to use the refresh-from parameter to refresh the script from a centralized location.
In this scenario, which three protocols would you use to accomplish this task? (Choose three.)

Question57: Your company is migrating an existing enterprise application to use TLS. The application is written in PHP and must have IPS protection.
Which two actions will ensure that the application is protected on an SRX5400? (Choose two.)

Question58: What is the maximum number of SRX Series devices in a chassis cluster?

Question59: You are asked to provide a design proposal for a campus network. As part of the design, the customer requires that all end user devices must be authenticated before being granted access to their Layer 2 network.
Which feature meets this requirement?

Question60: A client wants to deploy a vSRX chassis cluster across two existing ESXi hosts without changing the external switch configuration.
Which two actions must you perform to meet this requirement? (Choose two.)

Question61: What are two reasons to add Routing Engine protection? (Choose two.)

Question62: Your customer is in the design stage for a new data center. They have historically used the SRX5600. To improve the security of the data center, you will be suggesting they deploy vSRXs and hardware-based firewalls.
In this scenario, what are two reasons for deploying a virtual firewall? (Choose two.)

Question63: A customer is globally expanding their retail stores exponentially. Their IT department is small. The effort to deploy new services is delaying the project. The customer's requirements are shown below.
-New stores must be activated with minimal effort.
-New stores must have IPsec connectivity back to the main data center.
-Some systems must be deployed locally and cannot be hosted in the data center.
-All systems deployed in remote stores must be upgraded at once when needed.
-The solution must allow new services to be included in the remote locations with minimal effort.
Which three Juniper solutions would you recommend in this scenario? (Choose three.)

Question64: Your company's IT policy restricts general access to recruitment websites from within the corporate network. However, the human resources department requires access to these sites.
Which two features accomplish this goal? (Choose two.)

Question65: Click the Exhibit button.

Referring to the network shown in the exhibit, a SYN flood attacks is initiated by an attacker that has a public IP address from ISP B within the 200.200.10.0/24 prefix. The attacker is sending SYN packets to the victim, connected to ISP A, with destination address of 100.100.31.78 using spoofed source addresses at random from the 192.168.0.0/16 prefix.
Which two design best practices would prevent this attack from working? (Choose two.)