Your company has added a connection to a new ISP and you have been asked to send specific traffic to the new ISP. You have decided to implement filter-based forwarding. You have configured new routing instances with type forwarding. You must direct traffic into each instance. Which step would accomplish this goal?
A. Add a firewall filter to the ingress interface that specifies the intended routing instance as the action.
B. Create a routing policy to direct the traffic to the required forwarding instances.
C. Configure the ingress and egress interfaces in each forwarding instance.
D. Create a static default route for each ISP in inet.0, each pointing to a different forwarding instance.
You want to implement persistent NAT for an internal resource so that external hosts are able to initiate communications to the resource, without the internal resource having previously sent packets to the external hosts. Which configuration setting will accomplish this goal?
A. persistent-nat permit target-host
B. persistent-nat permit any-remote-host
C. persistent-nat permit target-host-port
D. address-persistent
Which QoS function is supported in transparent mode?
A. 802.1p
B. DSCP
C. IP precedence
D. MPLS EXP
Click the Exhibit button.
Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?
Exhibit:

A. source NAT
B. static NAT
C. filter-based forwarding
D. source-based routing
Click the Exhibit button.
Referring to the exhibit, you notice that filter-based forwarding is not working. What is the reason for this behavior?
Exhibit:

A. The RIB group is configured incorrectly.
B. The routing policy is configured incorrectly.
C. The routing instance is configured incorrectly.
D. The default static routes are configured incorrectly.
Click the Exhibit button.
Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A's configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page.
What would cause this behavior on the SRX device in Company B's network?
Exhibit:

A. DNS replication is enabled.
B. DNS doctoring is enabled.
C. DNS replication is disabled.
D. DNS doctoring is disabled.
Click the Exhibit button.
user@host# show interfaces ge-0/0/0 { unit 1 {
family bridge {
interface-mode trunk;
vlan-id-list 20;
vlan-rewrite {
translate 2 20; } } } }
Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)
A. An incoming packet with VLAN tag 20 will be translated to VLAN tag 2.
B. An outgoing packet with VLAN tag 2 will be translated to VLAN tag 20.
C. An incoming packet with VLAN tag 2 will be translated to VLAN tag 20.
D. An outgoing packet with VLAN tag 20 will be translated to VLAN tag 2.
You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be working properly.
What are two reasons for the problem? (Choose two.)
A. You are configured a remote address value of 0.0.0.0/0.
B. You are trying to use traffic selectors with policy-based VPNs.
C. You have configured 15 traffic selectors on each SRX Series device.
D. You are trying to use traffic selectors with route-based VPNs.
Click the Exhibit button.
[edit protocols ospf area 0.0.0.0] user@host# run show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 3289542 UP 48d928408940de28 e418fc7702fe483b Main
172.31.50.1 3289543 UP eb45940484082b14 428086b100427326 Main 10.10.50.1
[edit protocols ospf area 0.0.0.0] user@host# run show security ipsec; security-associations Total active tunnels: 2 ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway <131073 ESP:des/ shal 6d40899b 1360/ unlim -root 500 10.10.50.1
>131073 ESP:des/ shal 5a89400e 1360/ unlim -root 500 10.10.50.1
<131074 ESP:des/ shal c04046f 1359/ unlim -root 500 172.31.50.1
>131074 ESP:des/ shal 5508946c 1359/ unlim -root 500 172.31.50.1
[edit protocols ospf area 0.0.0.0] user@host# run show ospf neighbor Address Interface State ID Pri Dead 10.40.60.1 st0.0 Init 10.30.50.1 128 35
10.40.60.2 st0.0 Full 10.30.50.1 128 31
[edit protocols ospf area 0.0.0.0]
user@host# show
interface st0.0;
You have already configured a hub-and-spoke VPN with one hub device and two spoke devices. However,
the hub device has one neighbor in the Init state and one neighbor in the Full state.
What would you do to resolve this problem?
A. Configure the st0.0 interface under OSPF as a nonbroadcast multiple access interface.
B. Configure the st0.0 interface under OSPF as a point-to-multipoint interface.
C. Configure the st0.0 interface under OSPF as a point-to-point interface.
D. Configure the st0.0 interface under OSPF as an unnumbered interface.
You want to route traffic between two newly created virtual routers without the use of logical systems using the configuration options on the SRX5800.
Which two methods of forwarding, between virtual routers, would you recommend? (Choose two.)
A. Use a static route to forward traffic across virtual routers using the next-table option. Enable the return route by using a RIB group. next-table command.
B. Create static routes in each virtual router using the
C. Use a RIB group to share the internal routing protocol routes from the master routing instance.
D. Connect a direct cable between boo physical interfaces, one in each virtual router and use next-hop command. static routes with the