Unified Threat Management (UTM) services are typically performed after network address translation (NAT). This sequence ensures that the final destination addresses and ports are used for security inspection, which reduces false positives and ensures accurate threat detection.

When configuring antispam, local lists such as blacklists or whitelists need to be applied within the antispam UTM policy. The UTM (Unified Threat Management) policy specifies how the system should handle spam, including the application of these local lists to manage email filtering rules effectively.

Screens on an SRX Series device protect against IP spoofing and ICMP flooding. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source, which can be prevented by SRX device screens. ICMP flooding, or an ICMP flood attack, happens when ICMP echo requests overwhelm the network resources, and SRX device screens can set thresholds to reject excessive ICMP packets, thus protecting against this type of flood attack.

The same IP address from a source NAT pool is not guaranteed to be assigned for all sessions from a given host. In a typical source NAT configuration, the address assigned to a host can vary depending on the implementation and the availability of addresses in the NAT pool. Persistence of the same IP address is not assured without specific configurations like session persistence mechanisms.

IKE security associations are established during IKE Phase 1 negotiations, making option A correct. Additionally, IKE security associations are bidirectional, meaning communication can occur in both directions with the same SA, which makes option D correct.