EMT Practice Test

1. Question Content...


Question List

Question1: Exhibit.

Referring to the exhibit, which two statements are true? (Choose two.)

Question2: In Juniper ATP Cloud, what are two different actions available in a threat prevention policy to deal with an infected host? (Choose two.)

Question3: Exhibit

You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?

Question4: The monitor traffic interface command is being used to capture the packets destined to and the from the SRX Series device.
In this scenario, which two statements related to the feature are true? (Choose two.)

Question5: Which two statements are correct regarding tenant systems on SRX Series devices? (Choose two.)

Question6: Exhibit

Which statement is true about the output shown in the exhibit?

Question7: You are asked to allocate security profile resources to the interconnect logical system for it to work properly.
In this scenario, which statement is correct?

Question8: What are two valid modes for the Juniper ATP Appliance? (Choose two.)

Question9: Exhibit

Which two statements are correct about the output shown in the exhibit. (Choose two.)

Question10: Which method does an SRX Series device in transparent mode use to learn about unknown devices in a network?

Question11: Exhibit

Referring to the exhibit, which three protocols will be allowed on the ge-0/0/5.0 interface? (Choose three.)

Question12: Click the Exhibit button.

Which type of NAT is shown in the exhibit?

Question13: You are connecting two remote sites to your corporate headquarters site; you must ensure that all traffic is secured and only uses a single Phase 2 SA for both sites.
In this scenario, which VPN should be used?

Question14: SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security-intelligence url
https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml
and receives the following output:
What is the problem in this scenario?

Question15: Exhibit

Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)

Question16: Your IPsec VPN configuration uses two CoS forwarding classes to separate voice and data traffic. How many IKE security associations are required between the IPsec peers in this scenario?

Question17: Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

Question18: You want to configure a threat prevention policy.
Which three profiles are configurable in this scenario? (Choose three.)

Question19: Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?

Question20: According to the log shown in the exhibit, you notice the IPsec session is not establishing.
What is the reason for this behavior?

Question21: Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

Question22: your company wants to take your juniper ATP appliance into private mode. You must give them a list of impacted features for this request.
Which two features are impacted in this scenario? (Choose two)

Question23: Refer to the Exhibit.

Referring to the exhibit, which three topologies are supported by Policy Enforcer? (Choose three.)

Question24: You are required to secure a network against malware. You must ensure that in the event that a compromised host is identified within the network. In this scenario after a threat has been identified, which two components are responsible for enforcing MAC-level infected host ?

Question25: Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

Question26: You are asked to configure a security policy on the SRX Series device. After committing the policy, you receive the "Policy is out of sync between RE and PFE <SPU-name(s)>." error.
Which command would be used to solve the problem?

Question27: you configured a security policy permitting traffic from the trust zone to the untrust zone but your traffic not hitting the policy.
In this scenario, which cli command allows you to troubleshoot traffic problem using the match criteria?

Question28: A company wants to par􀆟􀆟on their physical SRX series firewall into multiple logical units and assign each unit (tenant) to a department within the organization. You are the primary administrator of firewall and a colleague is the administrator for one of the departments.
Which two statements are correct about your colleague? (Choose two)

Question29: Exhibit

Which two statements are correct about the output shown in the exhibit? (Choose two.)

Question30: Which two log format types are supported by the JATP appliance? (Choose two.)

Question31: Exhibit

You are implementing filter-based forwarding to send traffic from the 172.25.0.0/24 network through ISP-1 while sending all other traffic through your connection to ISP-2. Your ge-0/0/1 interface connects to two networks, including the 172.25.0.0/24 network. You have implemented the configuration shown in the exhibit. The traffic from the 172.25.0.0/24 network is being forwarded as expected to 172.20.0.2, however traffic from the other network (172.25.1.0/24) is not being forwarded to the upstream 172.21.0.2 neighbor.
In this scenario, which action will solve this problem?

Question32: Exhibit

Referring to the exhibit, which three statements are true? (Choose three.)

Question33: Your Source NAT implementation uses an address pool that contains multiple IPv4 addresses Your users report that when they establish more than one session with an external application, they are prompted to authenticate multiple times External hosts must not be able to establish sessions with internal network hosts What will solve this problem?

Question34: You are asked to download and install the IPS signature database to a device operating in chassis cluster mode. Which statement is correct in this scenario?

Question35: Exhibit

An administrator wants to configure an SRX Series device to log binary security events for tenant systems.
Referring to the exhibit, which statement would complete the configuration?

Question36: You are asked to look at a configuration that is designed to take all traffic with a specific source ip address and forward the traffic to a traffic analysis server for further evaluation. The configuration is no longer working as intended.
Referring to the exhibit which change must be made to correct the configuration?

Question37: You are deploying a virtualization solution with the security devices in your network Each SRX Series device must support at least 100 virtualized instances and each virtualized instance must have its own discrete administrative domain.
In this scenario, which solution would you choose?

Question38: What is the purpose of the Switch Microservice of Policy Enforcer?

Question39: You want to enable inter-tenant communica􀆟on with tenant system.
In this Scenario, Which two solutions will accomplish this task?

Question40: You are configuring transparent mode on an SRX Series device. You must permit IP-based traffic only, and BPDUs must be restricted to the VLANs from which they originate.
Which configuration accomplishes these objectives?

Question41: Which two security intelligence feed types are supported?

Question42: You are asked to detect domain generation algorithms
Which two steps will accomplish this goal on an SRX Series firewall? (Choose two.)

Question43: Exhibit

Your company recently acquired a competitor. You want to use using the same IPv4 address space as your company.
Referring to the exhibit, which two actions solve this problem? (Choose two)

Question44: Exhibit

Referring to the exhibit, which type of NAT is being performed?

Question45: You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance.
What would be a cause of this problem?

Question46: You are required to deploy a security policy on an SRX Series device that blocks all known Tor network IP addresses. Which two steps will fulfill this requirement? (Choose two.)

Question47: You have the NAT rule, shown in the exhibit, applied to allow communication across an IPsec tunnel between your two sites with identical networks. Which statement is correct in this scenario?

Question48: which security feature bypasses routing or switching lookup?

Question49: You configured a chassis cluster for high availability on an SRX Series device and enrolled this HA cluster with the Juniper ATP Cloud. Which two statements are correct in this scenario? (Choose two.)

Question50: Exhibit

You are not able to ping the default gateway of 192.168 100 1 (or your network that is located on your SRX Series firewall.
Referring to the exhibit, which two commands would correct the configuration of your SRX Series device? (Choose two.)

Question51: Which two types of source NAT translations are supported in this scenario? (Choose two.)

Question52: You are asked to share threat intelligence from your environment with third party tools so that those tools can be identify and block lateral threat propagation from compromised hosts.
Which two steps accomplish this goal? (Choose Two)

Question53: You are asked to deploy filter-based forwarding on your SRX Series device for incoming traffic sourced from the 10.10 100 0/24 network in this scenario, which three statements are correct? (Choose three.)

Question54: Your company uses non-Juniper firewalls and you are asked to provide a Juniper solution for zero-day malware protection. Which solution would work in this scenario?

Question55: You have a webserver and a DNS server residing in the same internal DMZ subnet. The public Static NAT addresses for the servers are in the same subnet as the SRX Series devices internet-facing interface. You implement DNS doctoring to ensure remote users can access the webserver.Which two statements are true in this scenario? (Choose two.)