You have configured source NAT with port address translation. You also need to guarantee that the same IP address is assigned from the source NAT pool to a specific host for multiple concurrent sessions.
Which NAT parameter would meet this requirement?
A. address-persistent
B. port block-allocation
C. address-pooling paired
D. port range twin-port
正解:C
質問 2:
You recently configured an IPsec VPN between two SRX Series devices. You notice that the Phase1 negotiation succeeds and the Phase 2 negotiation fails.
Which two configuration parameters should you verify are correct? (Choose two.)
A. Verify that the IKE initiator is configured for main mode.
B. Verify that the IPsec policy references the correct IKE proposals.
C. Verify that the VPN tunnel configuration references the correct IKE gateway.
D. Verify that the IKE gateway proposals on the initiator and responder are the same.
正解:C,D
質問 3:
Click the Exhibit button.
Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination 192.168.150.3 using HTTP?
A. The client will be denied by policy p2.
B. The client will be permitted by the global policy.
C. The client will be denied by policy p3.
D. The client will be permitted by policy p1.
正解:D
質問 4:
You must verify if destination NAT is actively being used by users connecting to an internal server from the Internet.
Which action will accomplish this task on an SRX Series device?
A. Examine the destination NAT translations table.
B. Examine the NAT translation table.
C. Examine the active security flow sessions.
D. Examine the installed routes in the packet forwarding engine.
正解:A
質問 5:
Click the Exhibit button.
Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination
192.168.150.111 using HTTP?
A. The client will be permitted by policy p2.
B. The client will be denied by policy p2.
C. The client will be denied by policy p1.
D. The client will be permitted by policy p1.
正解:D