Which QoS function is supported in transparent mode?
Which QoS function is supported in transparent mode?
Which command would you use?
You are asked to configure class of service (CoS) on an SRX device running in transparent mode.
Which command would you use?
Which action would resolve this issue?
A security administrator has configured an IPsec tunnel between two SRX devices. The devices
are configured with OSPF on the st0 interface and an external interface destined to the IPsec
endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and
down. Which action would resolve this issue?
which two statements are true?
You are asked to troubleshoot ongoing problems with IPsec tunnels and security policy
processing. Your network consists of SRX240s and SRX5600s.
Regarding this scenario, which two statements are true? (Choose two.)
What are two reasons for this behavior?
You are troubleshooting an IPsec session and see the following IPsec security associations:
ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys
< 192.168.224.1 500 ESP:aes-256/sha1 d6393645 26/ unlim – 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec235 26/ unlim – 0
< 192.168.224.1 500 ESP:aes-256/sha1 f9a2db9a 3011/ unlim – 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec236 3011/ unlim – 0
What are two reasons for this behavior? (Choose two.)
Which configuration would you use to enable this capture?
HostA (1.1.1.1) is sending TCP traffic to HostB (2.2.2.2). You need to capture the TCP packets
locally on the SRX240. Which configuration would you use to enable this capture?
Which three tools would you use to troubleshoot the issue?
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping
at the SRX240 in your network. Which three tools would you use to troubleshoot the issue?
(Choose three.)
Which two commands allow you to view these associations?
Somebody has inadvertently configured several security policies with application firewall rule sets
on an SRX device. These security policies are now dropping traffic that should be allowed. You
must find and remove the application firewall rule sets that are associated with these policies.
Which two commands allow you to view these associations? (Choose two.)
What are two reasons for this behavior?
Refer to the Exhibit.
— Exhibit –[edit security]
user@srx# show idp
…
application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
}
}
— Exhibit –You are using AppDoS to protect your network against a bot attack, but noticed an approved
application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS
configuration as shown in the exhibit. However, the approved traffic is still dropped.
What are two reasons for this behavior? (Choose two.)
What is causing this behavior?
Refer to the Exhibit.
— Exhibit –
— Exhibit —
Referring to the exhibit, AppTrack is only logging the session closure messages for sessions that
last 1 to 3 minutes.
What is causing this behavior?