Click the Exhibit button.

Which two statements are correct about the partial policies shown in the exhibit? (Choose two.)

1. A. UDP traffic matched by the deny-all policy will be silently dropped.
2. B. TCP traffic matched by the reject-all policy will have a TCP RST sent.
3. C. TCP traffic matched from the zone trust is allowed by the permit-all policy.
4. D. UDP traffic matched by the reject-all policy will be silently dropped.

Correct Answer: AB

Which Web filtering solution uses a direct Internet-based service for URL categorization?

1. A. Juniper ATP Cloud
2. B. Websense Redirect
3. C. Juniper Enhanced Web Filtering
4. D. local blocklist

Correct Answer: C
Juniper Enhanced Web Filtering is a web filtering solution that uses a direct Internet-based service for URL categorization. This service allows Enhanced Web Filtering to quickly and accurately categorize URLs and other web content, providing real-time protection against malicious content. Additionally, Enhanced Web Filtering is able to provide detailed reporting on web usage, as well as the ability to define and enforce acceptable use policies.
References:
https://www.juniper.net/documentation/en_US/junos-space-security-director/topics/task/configuration/security-s https://www.juniper.net/documentation/en_US/junos-space-security-director/topics/task/configuration/security-s

Screens on an SRX Series device protect against which two types of threats? (Choose two.)

1. A. IP spoofing
2. B. ICMP flooding
3. C. zero-day outbreaks
4. D. malicious e-mail attachments

Correct Answer: AB
ICMP flood
Use the ICMP flood IDS option to protect against ICMP flood attacks. An ICMP flood attack typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.
The threshold value defines the number of ICMP packets per second (pps) allowed to be send to the same destination address before the device rejects further ICMP packets.
IP spoofing
Use the IP address spoofing IDS option to prevent spoofing attacks. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.
https://www.juniper.net/documentation/us/en/software/junos/denial-of-service/topics/topic-map/security-introdu

Which IPsec protocol is used to encrypt the data payload?

1. A. ESP
2. B. IKE
3. C. AH
4. D. TCP

Correct Answer: A

What are two valid address books? (Choose two.)

1. A. 66.129.239.128/25
2. B. 66.129.239.154/24
3. C. 66.129.239.0/24
4. D. 66.129.239.50/25

Correct Answer: AC
Network Prefixes in Address Books
You can specify addresses as network prefixes in the prefix/length format. For example, 203.0.113.0/24 is an acceptable address book address because it translates to a network prefix. However, 203.0.113.4/24 is not acceptable for an address book because it exceeds the subnet length of 24 bits. Everything beyond the subnet length must be entered as 0 (zero). In special scenarios, you can enter a hostname because it can use the full 32-bit address length.
https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-address