Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

Click the Exhibit button.
— Exhibit —
CID-0:RT: flow process pak fast ifl 71 in_ifp ge-0/0/5.0
CID-0:RT: ge-0/0/5.0:10.0.0.2/55892->192.168.1.2/80, tcp, flag 2 synCID-0:RT: find flow: table 0x5a386c90, hash 50728(0xffff), sa 10.0.0.2, da 192.168.1.2, sp 55892, dp 80, proto
6, tok 7
CID-0:RT: no session found, start first path. in_tunnel – 0x0, from_cp_flag – 0
CID-0:RT: flow_first_create_session
CID-0:RT: flow_first_in_dst_nat: in <ge-0/0/5.0>, out <N/A> dst_adr 192.168.1.2, sp 55892, dp 80
CID-0:RT: chose interface ge-0/0/5.0 as incoming nat if.
CID-0:RT:flow_first_rule_dst_xlatE. DST no-xlatE. 0.0.0.0(0) to 192.168.1.2(80)
CID-0:RT:flow_first_routinG. vr_id 0, call flow_route_lookup(): src_ip 10.0.0.2, x_dst_ip 192.168.1.2, in ifp ge-
0/0/5.0, out ifp N/A sp 55892, dp 80, ip_proto 6, tos 10
CID-0:RT:Doing DESTINATION addr route-lookup
CID-0:RT: routed (x_dst_ip 192.168.1.2) from LAN (ge-0/0/5.0 in 0) to ge-0/0/1.0, Next-hop: 172.16.32.1
CID-0:RT:flow_first_policy_searcH. policy search from zone LAN-> zone WAN (0x0,0xda540050,0x50)
CID-0:RT:Policy lkup: vsys 0 zone(7:LAN) -> zone(6:WAN) scope:0
CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6
CID-0:RT:Policy lkup: vsys 0 zone(5:Unknown) -> zone(5:Unknown) scope:0
CID-0:RT: 10.0.0.2/55892 -> 192.168.1.2/80 proto 6
CID-0:RT: app 6, timeout 1800s, curr ageout 20s
CID-0:RT: packet dropped, denied by policy
CID-0:RT: denied by policy default-policy-00(2), dropping pkt
CID-0:RT: packet dropped, policy deny.
CID-0:RT: flow find session returns error.
CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1)
CID-0:RT:jsf sess close notify
CID-0:RT:flow_ipv4_del_flow: sess , in hash 32
— Exhibit —
A host is not able to communicate with a Web server. Based on the logs shown in the exhibit, what is the
problem?

Click the Exhibit button.

Host traffic is traversing through an IPsec tunnel. Users are complaining of intermittent issues with their
connection.
Referring to the exhibit, what is the problem?

— Exhibit —
user@srx# show security datapath-debug
capture-file pkt-cap-file format pcap size 5m;
action-profile {
pkt-cap-profile {
event np-ingress {
packet-dump;
}
}
}
packet-filter pkt-filter {action-profile pkt-capture;
source-prefix 1.2.3.4/32;
}
— Exhibit —
You want to capture transit traffic passing through your SRX3600. You add the configuration shown in the
exhibit but do not see entries added to the capture file.
What is causing the problem?

Click the Exhibit button.

Referring to the exhibit, a pair of SRX3600s is in an active/passive chassis cluster configured for transparent
mode. Which type of traffic would traverse the secondary SRX3600 (node 1)?

Click the Exhibit button.

In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able
to ping each other. What is causing this behavior?

Click the Exhibit button.

You receive complaints from users that their Web browsing sessions keep dropping prematurely. Upon
investigation, you find that the IDP policy shown in the exhibit is detecting the users’ sessions as HTTP:WINCMD:WIN-CMD-EXE attacks, even though their sessions are not actual attacks. You must allow these
sessions but still inspect for all other relevant attacks.
How would you configure your SRX device to meet this goal?

— Exhibit —
[edit security idp]
user@srx# show | no-more
idp-policy basic {
rulebase-ips {
rule 1 {
match {
from-zone untrust;
source-address any;
to-zone trust;
destination-address any;
application default;
attacks {
custom-attacks data-inject;
}
}
then {
action {
recommended;
}
notification {
log-attacks;
}
}
}
}
}
active-policy basic;
custom-attack data-inject {
recommended-action close;
severity critical;
attack-type {
signature {
context mssql-query;
pattern “SELECT * FROM accounts”;
direction client-to-server;
}
}
}
— Exhibit —
You have configured the custom attack signature shown in the exhibit. This configuration is valid, but you want
to improve the efficiency and performance of your IDP.
Which two commands should you use? (Choose two.)

— Exhibit —
[edit security idp]
user@srx# show
security-package {
url https://services.netscreen.com/cgi-bin/index.cgi;
automatic {
start-time “2012-12-11.01:00:00 +0000”;
interval 120;
enable;
}
}
— Exhibit —
You have configured your SRX device to download and install attack signature updates as shown in the exhibit.
You discover that updates are not being downloaded. What are two reasons for this behavior? (Choose two.)

— Exhibit —
[edit security]
user@srx# show
idp {
idp-policy NewPolicy {
rulebase-exempt {
rule 1 {
description AllowExternalRule;
match {
source-address any;
destination-address
}
}
}
}
}
— Exhibit —
You are performing the initial IDP installation on your new SRX device. You have configured the IDP exempt
rulebase as shown in the exhibit, but the commit is not successful.
Referring to the exhibit, what solves the issue?