What are three characteristics of session-based forwarding, compared to packet-based forwarding, on an SRX Series device? (Choose three.)
A. Session-based forwarding uses stateful packet processing.
B. Session-based forwarding requires less memory.
C. Session-based forwarding performs faster processing of existing session.
D. Session-based forwarding uses stateless packet processing,
E. Session-based forwarding uses six tuples of information.
Click the Exhibit button.

Referring to the exhibit, what will happen if client 172.16.128.50 tries to connect to destination
192.168.150.111 using HTTP?
A. The client will be denied by policy p2.
B. The client will be denied by policy p1.
C. The client will be permitted by policy p2.
D. The client will be permitted by policy p1.
Which two statements about security policy actions are true? (Choose two.)
A. The log action implies an accept action.
B. The log action requires an additional terminating action.
C. The count action implies an accept action.
D. The count action requires an additional terminating action.
Which statement describes the function of NAT?
A. NAT encrypts transit traffic in a tunnel.
B. NAT detects various attacks on traffic entering a security device.
C. NAT translates a public address to a private address.
D. NAT restricts or permits users individually or in a group.
Clients at a remote office are accessing a website that is against your company Internet policy. You change the action of the security policy that controls HTTP access from permit to deny on the remote office SRX Series device. After committing the policy change, you notice that new users cannot access the website but users that have existing sessions on the device still have access. You want to block all user sessions immediately.
Which change would you make on the SRX Series device to accomplish this task?
A. Add the set security flow tcp-session rst-invalidate-session option to the configuration and commit the change.
B. Add the set security policies policy-rematch parameter to the configuration and commit the change.
C. Add the security flow tcp-session strict-syn-check option to the configuration and commit the change.
D. Issue the commit full command from the top of the configuration hierarchy.
Which three elements does AH provide in an IPsec implementation? (Choose three.)
A. confidentiality
B. authentication
C. integrity
D. availability
E. replay attack protection
Click the exhibit button.

You are configuring security policies with Junos Space Security Director. Referring to the exhibit, which two statements are true? (Choose two.)
A. The host device has three rules assigned to it.
B. The policy assigned to the host device is published.
C. The policy assigned to the host device requires publishing.
D. The host device has two rules assigned to it.
Which process describes the implementation of screen options on an SRX Series device?
A. Configured screen options are only applied when traffic does not match a valid route.
B. Configured screen options are applied only to the first packet that is processed in a stateful session.
C. Configured screen options are applied to all packets that are processed by the stateful session firewall processor.
D. Configured screen options are only applied when traffic does not match a valid policy.
Which statement is true when destination NAT is performed?
A. The source IP address is translated according to the configured destination NAT rules and then the security policies are applied.
B. The destination IP address is translated according to the configured source NAT rules and then the security policies are applied.
C. The destination IP address is translated according to the configured security policies and then the security destination NAT rules are applied.
D. The destination IP address is translated according to the configured destination NAT rules and then the security policies are applied.
Click the Exhibit button.

Which two statements describe the output shown in the exhibit? (Choose two.)
A. Node 0 is controlling traffic for redundancy group 1.
B. Node 1 is controlling traffic for redundancy group 1.
C. Redundancy group 1 experienced an operational failure.
D. Redundancy group 1 was administratively failed over.