Which three tools would you use to troubleshoot the issue?
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping
at the SRX240 in your network. Which three tools would you use to troubleshoot the issue?
(Choose three.)
Which two commands allow you to view these associations?
Somebody has inadvertently configured several security policies with application firewall rule sets
on an SRX device. These security policies are now dropping traffic that should be allowed. You
must find and remove the application firewall rule sets that are associated with these policies.
Which two commands allow you to view these associations? (Choose two.)
What are two reasons for this behavior?
Refer to the Exhibit.
— Exhibit –[edit security]
user@srx# show idp
…
application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
}
}
— Exhibit –You are using AppDoS to protect your network against a bot attack, but noticed an approved
application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS
configuration as shown in the exhibit. However, the approved traffic is still dropped.
What are two reasons for this behavior? (Choose two.)
What is causing this behavior?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
Referring to the exhibit, AppTrack is only logging the session closure messages for sessions that
last 1 to 3 minutes.
What is causing this behavior?
What must be modified to correct the problem?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
You have been asked to block YouTube video streaming for internal users. You have implemented
the configuration shown in the exhibit, however users are still able to stream videos.
What must be modified to correct the problem?
Why did the session close?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
Referring to the exhibit, the session close log was generated by the application firewall rule set
HTTP.
Why did the session close?
What must you do to allow the configuration to commit?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
Referring to the exhibit, the application firewall configuration fails to commit.
What must you do to allow the configuration to commit?
how many user-configured routing instances have active routes?
Refer to the Exhibit.
— Exhibit —
user@srx240< show route summary
Router ID.
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active
StatiC. 1 routes, 1 active
customer-A.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active
StatiC. 1 routes, 1 active
customer-B.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Direct: 1 routes, 1 active
Local: 1 routes, 1 active
OSPF. 1 routes, 1 active
StatiC. 1 routes, 1 active
customer-B.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
Direct: 2 routes, 2 active
Local: 2 routes, 2 active
StatiC. 1 routes, 1 active
— Exhibit —
In the output, how many user-configured routing instances have active routes?
Which action will resolve the issue?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
TCP traffic sourced from Host A destined for Host B is being redirected using filter-based
forwarding to use the Red network. However, return traffic from Host B destined for Host A is
using the Blue network and getting dropped by the SRX device.
Which action will resolve the issue?
which feature allows the hosts in the Trust and DMZ zones to route to either ISP, based on source address?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route to
either ISP, based on source address?