Click the Exhibit button.
Which type of NAT is shown in the exhibit?
Answer : B
Regarding IPsec CoS-based VPNs, what is the number of IPsec SAs associated with a peer based upon?
Answer : D
In IPsec CoS-based VPNs, the number of IPsec Security Associations (SAs) associated with a peer is based on the number of forwarding classes configured for the VPN. The forwarding classes are used to classify and prioritize different types of traffic, such as voice and data traffic. Each forwarding class requires a separate IPsec SA to be established between the peers, in order to provide the appropriate level of security and quality of service for each type of traffic.
To analyze and detect malware, Juniper ATP Cloud performs which two functions? (Choose two.)
Answer : A, C
Juniper ATP Cloud performs cache lookup to see if the file is seen already and known to be malicious and dynamic analysis to see what happens if you execute the file in a real environment.
How is Malware Analyzed and Detected? | ATP Cloud | Juniper Networks
Exhibit.
Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.
Which two commands will solve this problem? (Choose two.)
Answer : B, D
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html
You want to enable inter-tenant communicaon with tenant system.
In this Scenario, Which two solutions will accomplish this task?
Answer : C, D
To enable inter-tenant communication with tenant system, you need to use an external router or a logical tunnel interface. The other options are incorrect because:
Therefore, the correct answer is C and D. You need to use an external router or a logical tunnel interface to enable inter-tenant communication with tenant system. To do so, you need to perform the following steps:
Example: Configuring Inter-Tenant Communication Using External Router
Example: Configuring Inter-Tenant Communication Using Logical Tunnel Interface
You are asked to share threat intelligence from your environment with third party tools so that those
tools can be identify and block lateral threat propagation from compromised hosts.
Which two steps accomplish this goal? (Choose Two)
Answer : B, C
To share threat intelligence from your environment with third party tools, you need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. The other options are incorrect because:
Therefore, the correct answer is B and C. You need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. To do so, you need to perform the following steps:
Threat Intelligence Open API Setup Guide
Exhibit
You configure Source NAT using a pool of addresses that are in the same subnet range as the external ge-0/0/0 interface on your vSRX device. Traffic that is exiting the internal network can reach external destinations, but the return traffic is being dropped by the service provider router.
Referring to the exhibit, what must be enabled on the vSRX device to solve this problem?
Answer : B
Proxy ARP is a technique used by routers to answer ARP requests on one network segment on behalf of hosts on another network segment. This is useful in situations where a host on one network segment needs to communicate with a host on another network segment, but the two hosts are not directly connected. In this case, the router acts as a proxy, answering ARP requests on behalf of the other host. In the exhibit, the vSRX device is configured to use a pool of addresses that are in the same subnet as the external interface ge-0/0/0 for source NAT. This means that the vSRX device will translate the source IP address of the internal hosts to one of the addresses in the pool before sending the packets to the external network. However, the external hosts will not know how to reach the NATed addresses, since they are not directly connected to the vSRX device. They will send ARP requests for the NATed addresses, expecting to receive a MAC address from the vSRX device. If proxy ARP is not enabled on the vSRX device, it will not respond to these ARP requests, since it does not have the NATed addresses configured on its interface. The ARP requests will time out and the packets will be dropped by the external hosts or the service provider router. To solve this problem, proxy ARP must be enabled on the vSRX device for the NATed addresses. This will allow the vSRX device to respond to the ARP requests from the external hosts, providing its own MAC address as the destination. The external hosts will then send the packets to the vSRX device, which will reverse the NAT and forward the packets to the internal hosts.Reference:
Configuring Proxy ARP (CLI Procedure)
[SRX] When and how to configure Proxy ARP (https://supportportal.juniper.net/s/article/SRX-Dynamic-VPN-scenario-for-configuring-Proxy-ARP-on-SRX?language=en_US)