[Free] Download New Latest (November) Juniper JN0-696 Actual Tests 1-10

Ensurepass

QUESTION 1  

 

user@host> show log ike-test

 

 

Jun 13 10:36:52 ike_st_i_cr: Start

 

Jun 13 10:36:52 ike_st_i_cert: Start

 

Jun 13 10:36:52 ike_st_i_private: Start

 

Jun 13 10:36:52 ike_st_o_iD. Start

 

Jun 13 10:36:52 ike_st_o_hash: Start

 

Jun 13 10:36:52 ike_find_pre_shared_key: Find pre shared key key for 172.168.100.2:500, id = ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id = No Id

 

Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start

 

Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true

 

Jun 13 10:36:52 ike_st_o_status_n: Start

 

Jun 13 10:36:52 ike_st_o_private: Start

 

Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start

 

Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet

 

Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c – c6c3a771 f0475656 } / 00000000, nego = -1

 

Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}, nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500, routing table id = Jun 13 10:36:52 ike_get_sA. Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 } / 4cb03305, remote = 192.168.101.2:500

 

Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 }

 

Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}

 

Jun 13 10:36:52 ike_decode_packet: Start

 

 

 

 

Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656} / 4cb03305, nego = 0

 

Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16] = 86b8160b 93a10c7c …, data[0..113] = 800c0001 80030081 …

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has attribute list

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message version = 1

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload type = 129

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload data offset = 1

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect pre-shared key (Reserved not 0)

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message id = 0x00000000

 

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err = Payload malformed (16) to isakmp sa, delete it

 

 

Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0

 

Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0

 

Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db – 00000000 00000000}, nego = -1

 

Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db – 00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst =

Q1

168.103.3:500, routing table id = 0

 

 

Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0

 

Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0

 

Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 – 00000000 00000000 } /

 

 

 

 

00000000, remote = 192.168.103.2:500

 

Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d }

 

Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0

 

Jun 13 10:37:19 ike_decode_packet: Start

 

Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d} / 00000000, nego = -1

 

Jun 13 10:37:19 ike_decode_payload_sA. Start

 

Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …

 

Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca
6f …

 

Jun 13 10:37:19 ike_st_i_sa_proposal: Start

 

Jun 13 10:37:19 ike_isakmp_sa_reply: Start

 

Jun 13 10:37:19 ike_st_i_cr: Start

 

Jun 13 10:37:19 ike_st_i_cert: Start

 

Jun 13 10:37:19 ike_st_i_private: Start

 

Jun 13 10:37:19 ike_st_o_sa_values: Start

 

Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 – a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

 

Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}

 

Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 – a8307123 9c0e1f9d } / 1a8c665d, nego = 0

 

 

 

 

Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}, nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500,
routing table id = Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}, nego = 0

 

 

Click the Exhibit button.

 

You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the configuration, you notice in the show security ike security-associations output that the destination stays in a down state.

 

Referring to exhibit, what is causing the problem?

 

A.

The preshared key is incorrect.

B.

The proposal does not match.

C.

The gateway is incorrect.

D.

The IKE policy does not match.

 

Answer: C

 

 

QUESTION 2  

 

user@R1> show log ike-trace

 

Jun 13 07:45:10 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library

 

Jun 13 07:45:10 ike_get_sA. Start, SA = { 7fd86fbe 8a99c1f6 – 00000000 00000000 } / 00000000, remote = 184.0.15.2:500

 

Jun 13 07:45:10 ike_sa_allocate: Start, SA = { 7fd86fbe 8a99c1f6 – a1bc3f1d e2a45308 }

 

Jun 13 07:45:10 ike_init_isakmp_sA. Start, remote = 184.0.15.2:500, initiator = 0

 

Jun 13 07:45:10 ike_decode_packet: Start

 

Jun 13 07:45:10 ike_decode_packet: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733} / 00000000, nego = -1

 

 

 

 

Jun 13 07:45:10 ike_decode_payload_sA. Start

 

Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1

 

Jun 13 07:45:10 ike_decode_payload_t: Start, # trans = 1

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..16] = 4a131c81 07035845 …

 

Jun 13 07:45:10 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …

 

Jun 13 07:45:10 ike_st_i_sa_proposal: Start

 

Jun 13 07:45:10 P1 SA payload match failed for sa-cfg to-R2. Abortingnegotiation for tunnel type 2 local:184.0.15.1 remote:184.0.15.2 IKEv1.

 

Jun 13 07:45:10 iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen

 

Jun 13 07:45:10 ikev2_fb_spd_select_sa_cB. IKEv2 SA select failed with error No proposal chosen (neg a7e800)

 

Jun 13 07:45:10 ike_isakmp_sa_reply: Start

 

Jun 13 07:45:10 ike_state_restart_packet: Start, restart packet SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}, nego = -1

 

Jun 13 07:45:10 ike_st_i_sa_proposal: Start

 

Jun 13 07:45:10 ike_st_i_cr: Start

 

Jun 13 07:45:10 ike_st_i_cert: Start

 

Jun 13 07:45:10 ike_st_i_private: Start

 

Jun 13 07:45:10 ike_st_o_sa_values: Start

 

Jun 13 07:45:10 184.0.15.1:500 (Responder) -> 184.0.15.2:500 { 7fd86fbe 8a99c1f6 –

 

 

 

 

b8f95b2e f92ca733 [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

 

Jun 13 07:45:10 ike_alloc_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}

 

Jun 13 07:45:10 ike_encode_packet: Start, SA = { 0x7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 } / b20d590c, nego = 0

 

Jun 13 07:45:10 ike_send_packet: Start, send SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}, nego = 0, dst = 184.0.15.2:500, routing table id = 0

 

Jun 13 07:45:10 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}, nego = 0

 

Jun 13 07:45:10 ike_free_negotiation_info: Start, nego = 0

 

Jun 13 07:45:10 ike_free_negotiation: Start, nego = 0

 

Jun 13 07:45:10 IKE negotiation fail for local:184.0.15.1, remote:184.0.15.2 IKEv1 with status: No proposal chosen

 

Jun 13 07:45:10 IKEv1 Error : No proposal chosen

 

Jun 13 07:45:40 P1 SA 3770105 timer expiry. ref cnt 1, timer reason Force delete timer expired (1), flags 0x330.

 

Jun 13 07:45:40 iked_pm_ike_sa_delete_done_cB. For p1 sa index 3770105, ref cnt 1, status: Error ok

 

Jun 13 07:45:40 ike_remove_callback: Start, delete SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}, nego = -1

 

Jun 13 07:45:40 ike_delete_negotiation: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733}, nego = -1

 

Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_iD. 0 from IKE tunnel table

 

Jun 13 07:45:40 ssh_ike_tunnel_table_entry_delete: The tunnel iD. 0 doesn’t exist in IKE tunnel table

 

Jun 13 07:45:40 ike_sa_delete: Start, SA = { 7fd86fbe 8a99c1f6 – b8f95b2e f92ca733 }

 

Jun 13 07:45:40 ike_free_negotiation_isakmp: Start, nego = -1

 

Jun 13 07:45:40 ike_free_negotiation: Start, nego = -1

 

Jun 13 07:45:40 IKE SA delete called for p1 sa 3770105 (ref cnt 1) local:184.0.15.1, remote:184.0.15.2, IKEv1

 

 

 

 

Jun 13 07:45:40 iked_pm_p1_sa_destroy: p1 sa 3770105 (ref cnt 0), waiting_for_del 0x0

 

Jun 13 07:45:40 ike_free_sA. Start

 

 

Click the Exhibit button.

 

You are asked to troubleshoot a new IPsec VPN between R1 and R2 that is not coming up. You have captured the traceoptions output shown in the exhibit.

 

What is the reason for the problem?

 

A.

IKE Phase 2 proposal mismatch

B.

IKE preshared key mismatch

C.

IKE Phase 1 proposal mismatch

D.

IKE Phase 1 mode mismatch

 

Answer: C

 

 

QUESTION 3

You recently configured the antivirus feature profile on your Junos device. The security policy is sending traffic for antivirus scanning. However, the traffic is being blocked and you repeatedly receive the system log message that the scan engine is not ready. You must not allow the traffic to be dropped when the scan engine is not ready.

 

Which action will resolve this problem?

 

A.

Configure antivirus trickling to prevent the scan engine from timing out.

B.

Configure an antivirus file scanning extension list to reduce the number of files for scanning.

C.

Configure an antivirus fallback option to permit the traffic when the scan engine is not ready.

D.

Configure an antivirus content size limit to minimize the scanning of large files.

 

Answer: C

 

 

 

 

 

QUESTION 4 – Exhibit?

 

clip_image002

 

 

Click the Exhibit button.

 

You are asked to troubleshoot a new IPsec VPN that is not establishing. You do not receive any output from the show security ike security-associations command.

 

Referring to the exhibit, which section of the configuration is causing the problem?

 

A.

the IKE proposal

B.

the IKE gateway

C.

the IPsec policy

D.

the st0 interface

 

Answer: B

 

 

 

 

 

QUESTION 5

You have implemented AppTrack on your SRX Series device to track YouTube streaming video usage in your network. However, many of the YouTube videos that your users are watching are shorter than five minutes. You notice that the statistics for starting these short YouTube videos are not being recorded by AppTrack.

 

Which two actions would allow AppTrack to record the statistics for these sessions? (Choose two.)

 

A.

Change AppTrack to collect session information during shorter intervals.

B.

Change AppTrack to collect session information when the session is first created.

C.

Change AppTrack to collect session information for nested applications only.

D.

Change AppTrack to collect session information for applications only.

 

Answer: AB

 

 

QUESTION 6 – Exhibit?

 

clip_image004

 

 

 

 

 

Click the Exhibit button.

 

Referring to the exhibit, PC-1 is unable to ping Server-1. Traffic from PC-1 to Server-1 arrives on interface fe-0/0/3 but return traffic from Server-1 to PC-1 should be sent out from interface fe-0/0/2.

 

What would you change on SRX-1 to resolve this problem?

 

A.

Configure a security policy to allow traffic from the DMZ zone to the untrust-1 zone.

B.

Configure a security policy to allow traffic from the DMZ zone to the untrust-2 zone.

C.

Move both interface fe-0/0/2 and fe-0/0/3 to the same security zone.

D.

Disable TCP SYN check and TCP sequence check.

 

Answer: C

 

 

QUESTION 7

You are troubleshooting a problem on your Junos device where the antispam SBL server is no longer filtering known spam hosts. You notice that local list antispam filtering is still working for known spam hosts.

 

What would cause this problem?

 

A.

You have configured the sbl-default-server parameter in the antispam feature profile.

B.

DNS has stopped working on your Junos device.

C.

The antispam license has expired on your Junos device.

D.

The default spam-action parameter has been set to permit.

 

Answer: C

 

 

QUESTION 8  

 

user@host> show configuration

 

 

security {

 

 

 

 

nat {

 

destination {

 

pool server {

 

address 10.100.100.1/32 port 5555;

 

}

 

rule-set rule1 {

 

from zone UNTRUST;

 

rule 1 {

 

match {

 

destination-address 192.168.100.1/32;

 

destination-port 5000;

 

}

 

then {

 

destination-nat pool server;

 

}

 

}

 

}

 

}

 

proxy-arp {

 

interface ge-0/0/1.0 {

 

address {

Q2

168.100.1/32;

 

}

 

}

 

}

 

}

 

 

 

 

policies {

 

from-zone UNTRUST to-zone TRUST {

 

policy allow {

 

match {

 

source-address any;

 

destination-address any;

 

application [ junos-ping tcp-5000 ];

 

}

 

then {

 

permit;

 

}

 

}

 

}

 

}

 

zones {

 

security-zone TRUST {

 

interfaces {

 

ge-0/0/2.0 {

 

host-inbound-traffic {

 

protocols {

 

all;

 

}

 

}

 

}

 

}

 

}

 

 

 

 

security-zone UNTRUST {

 

interfaces {

 

ge-0/0/1.0 {

 

host-inbound-traffic {

 

system-services {

 

ping;

 

}

 

}

 

}

 

}

 

}

 

}

 

}

 

applications {

 

application tcp-5000 {

 

protocol tcp;

 

destination-port 5000;

 

}

 

}

 

 

Click the Exhibit button.

 

Your customer is attempting to reach a new server that should be accessible publicly using

 

A.

 

B.

 

C.

 

D.

 

 

Answer:

 

 

Q3

168.100.100 on TCP port 5000, and internally using 10.100.100.1 on TCP port 5555. You notice no sessions form when the customer attempts to access the server.

 

Referring to the exhibit, what will resolve this problem?

 

 

 

 

 

 

A.There must be a TRUST-to-UNTRUST security policy to allow return traffic.

 

B.The NAT pool server must use port 5000.

 

C.The UNTRUST-to-TRUST security policy must allow port 5555.

 

D.The NAT rule set rule1 must match on port 5555.

 

Answer: C

 

 

QUESTION 9  

 

user@host> show configuration security policies from-zone engineering to-zone hr

 

policy new-policy {

 

match {

 

source-address any;

 

destination-address server1;

 

application hr-data-feed;

 

}

 

then {

 

permit;

 

}

 

}

 

policy old-policy {

 

match {

 

source-address pc1;

 

destination-address server1;

 

application any;

 

}

 

then {

 

deny;

 

 

 

 

log {

 

session-init;

 

}

 

}

 

}

 

user@host> show configuration security policies global

 

user@host> show configuration security address-book | match server1 | display set

 

set security address-book book2 address
server1 172.19.55.20/32

 

set security address-book book3 address server1 172.20.11.18/32

 

user@host> show configuration security address-book | match pc1 | display set

 

set security address-book book1 address pc1 172.18.21.213/32

 

user@host> show configuration applications

 

application hr-data-feed {

 

protocol tcp;

 

destination-port 38888;

 

}

 

user@host> run show log flow-traceoptions | no-more

 

Jun 13 15:54:09 host clear-log[2503]: logfile cleared

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:172.18.21.213/38362- >172.19.55.20/38888;17> matched filter filter1:

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:packet [40] ipid = 38364, @423e421c

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:—- flow_process_pkt: (thd 3): flow_ctxt type 15, common flag 0x0, mbuf 0x423e4000, rtbl_idx = 0

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: flow process pak fast ifl 70 in_ifp ge-0/0/8.0

 

 

 

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: find flow: table 0x49175b08, hash 9077(0xffff), sa 172.18.21.213, da 172.19.55.20, sp 38362, dp 38888, proto 17, tok 10

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: flow_first_create_session

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: flow_first_in_dst_nat: in 0/8.0>, out A> dst_adr 172.19.55.20, sp 38362, dp 38888

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: chose interface ge-0/0/8.0 as incoming nat if.

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate:

Q4

0.0.0(0) to 172.19.55.20(38888)

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 172.18.21.213, x_dst_ip 172.19.55.20, in ifp ge-0/0/8.0, out ifp N/A sp 38362, dp 38888, ip_proto 17, tos 0

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:Doing DESTINATION addr route-lookup

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: routed (x_dst_ip 172.19.55.20) from engineering (ge-0/0/8.0 in 0) to ge-0/0/10.0, Next-hop: 172.19.55.20

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT:flow_first_policy_search: policy search from zone engineering-> zone hr (0x0,0x95da97e8,0x97e8)

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: app 0, timeout 60s, curr ageout 60s

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: Error : get sess plugin info 0x4c390388

 

Jun 13 15:54:10 15:54:10.611915:CID-0:RT: Error : get sess plugin info 0x4c390388

 

Jun 13 15:54:10 15:54:10.612416:CID-0:RT: packet dropped, denied by policy

 

Jun 13 15:54:10 15:54:10.612416:CID-0:RT: denied by policy old-policy(6), dropping pkt

 

Jun 13 15:54:10 15:54:10.612416:CID-0:RT: packet dropped, policy deny.

 

Jun 13 15:54:10 15:54:10.612416:CID-0:RT: flow didn’t create session, code=-1.

 

 

 

 

Jun 13 15:54:10 15:54:10.612416:CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1)

 

 

Click the Exhibit button.

 

A user added the new-policy policy to permit traffic. However, they report that the traffic is still not permitted by the device.

 

Using the information in the exhibit, why is the device denying the traffic?

 

A.

The traffic does not match the address book entry used in new-policy.

B.

The traffic does not match the application specified in new-policy.

C.

The traffic is being denied by the more specific old-policy prior to the device evaluating new-policy.

D.

The traffic is the first packet in a flow, but is not a SYN.

 

Answer: B

 

 

QUESTION 10

When attempting to delete IDP policies and configurations from an SRX Series device, a user enters these configuration commands:

 

Delete security idp

 

Commit

 

However, after the commit has completed, the configuration is still present under the [edit security idp] hierarchy.

 

What should the user do to permanently remove the configuration?

 

A.

Delete the /var/db/scripts/commit/templates.xsl file and reboot the device.

B.

Delete the [edit security idp] hierarchy, commit the change, and immediately reboot the device.

C.

Stop the idpd process using the set system processes idp-policy disable configuration command, commit the change, delete the [edit security idp] hierarchy, and then commit that change.

D.

Delete the IDP templates commit script from the [edit system scripts commit] hierarchy,

 

 

 

 

delete the [edit security idp] hierarchy, and then commit the change.

 

Answer: D

 

Free VCE & PDF File for Juniper JN0-696 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-696 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.