What are two reasons for the problem?
You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be
working properly.What are two reasons for the problem? (Choose two.)
which statement is correct?
Click the Exhibit button.
user@host> show log message
Feb 4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast>
Feb 4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 > (null) <Up Broadcast
Multicast>
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up.
Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:
to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:
10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH
username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector
local ID: ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID:
ipv4_subnet(any:11,[0..7]=0.0.0.0/0)
Feb 4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539,
ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up.
Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:
to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:
Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,
XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)
Feb 4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: tospoke-2 Gateway: spoke-2, Local:
192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available, Remote Not-Available, VR-ID: 0
Referring to the exhibit, which statement is correct?
to-spoke-3 VPN is failing.
which two statements are correct?
Click the Exhibit button
[edit security]
user@host# show policies
global {
policy new-policy {
match {
source-address any;
destination-address any;application junos-https;
}
then {
permit {
application-services {
application-firewall {
rule-set appfw;
}
}
}
}
}
}
[edit security]
user@host# show application-firewall
rule-sets appfw {
rule 1 {
match {
dynamic-application junos:SSL;
}
then {
permit;
}
}
rule 2 {
match {
dynamic-application junos:HTTP;
}
then {
reject;
}
}
default-rule {
permit;
}
}
Referring to the exhibit, which two statements are correct? (Choose two.)
Which feature would you use to permit communication bet…
Click the Exhibit button.
Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can only communicate
with IPv4.
Which feature would you use to permit communication between Host-1 and Host-2?
Which action will allow an administrator to connect in …
Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over
SSH?
which two statements are correct regarding VLAN rewrite?
Click the Exhibit button.
user@host# show interfaces
ge-0/0/0 {
unit 1 {
family bridge {
interface-mode trunk;
vlan-id-list 20;
vlan-rewrite {
translate 2 20;
}
}
}
}
Referring to the exhibit, which two statements are correct regarding VLAN rewrite? (Choose two.)
Which two actions are required?
You want to query User Group membership directly using the integrated user firewall services from an ActiveDirectory controller to an SRX Series device.
Which two actions are required? (Choose two.)
Which command would you use to accomplish this task?
As an SRX administrator, you must find all encrypted sessions on an SRX Series device.
Which command would you use to accomplish this task?
What must be considered when accomplishing this task?
You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode.
What must be considered when accomplishing this task?
Which two statements are true about persistent NAT?
Which two statements are true about persistent NAT? (Choose two.)