Which two statements are true regarding the output show…
Click the Exhibit button.
[edit] user@host# run show log debug
Feb 3 22:04:31 22:04:31.824294:CID-0:RT:flow_first_policy_search: policy search from zone host-> zone
attacker (Ox0,0xe4089404,0x17)
Feb 3 22:04:31 22:04:31.824297:CID-0:RT:Policy lkup: vsys 0 zone(9:host) -> zone(10:attacker) scope: 0
Feb 3 22:04:31 22:04:31.824770:CID-0:RT: 5.0.0.25/59028 -> 25.0.0.25/23 proto 6
Feb 3 22:04:31 22:04:31.824778:CID-0:RT:Policy lkup: vsys 0 zone(5:Umkmowm) -> zone(5:Umkmowm)
scope: 0
Feb 3 22:04:31 22:04:31.824780:CID-0:RT: 5.0.0.25/59028 -> 25.0.0.25/23 proto 6
Feb 3 22:04:31 22:04:31.824783:CID-0:RT: app 10, timeout 1800s, curr ageout 20s
Feb 3 22:04:31 22:04:31.824785:CID-0:RT: permitted by policy default-policy-00(2)
Feb 3 22:04:31 22:04:31.824787:CID-0:RT: packet passed, Permitted by
policy.
Feb 3 22:04:31 22:04:31.824790:CID-0:RT:flow_first_src_xlate:
nat_src_xlated: False, nat_src_xlate_failed; False
Feb 3 22:04:31 22:04:31.824834:CID-0:RT:flow_first_src_xlate: incoming src port is: 38118
Which two statements are true regarding the output shown in the exhibit? (Choose two.)
what is causing this problem?
Click the Exhibit button.user@host# run show security flow session
…
Session ID: 28, Policy name: allow/5, Timeout: 2, Valid
In: 172.168.1.2/24800 –> 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64
Out: 10.168.100.1/8001 –> 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40
Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP
server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3
with the address 66.168.100.100 on port 8001.
Referring to the exhibit, what is causing this problem?
Which statement is correct?
You are asked to establish a hub-and-spoke IPsec VPN using your SRX Series device as the hub. All of your
spoke devices are third-party devices.
Which statement is correct?
which statement is correct?
Click the Exhibit button.
{primarynode0}[edit security idp idp-policy test-ips-policy]
user@host# show
rulebase-ips {
rule r1 {
match {
source-address any;
attacks {
predefined-attack-groups “HTTP – All”;
}
}
then {
action {
drop-packet;
}
}
terminal;
}
rule r2 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups “FTP – All”;
}
then {
action {
no-action;
}
}
}
rule r3 {
match {
source-address 172.16.0.0/12;
attacks {
predefined-attack-groups “TELNET – All”;
}
}
then {
action {
no-action;
}
}
}
rule r4 {match {
source-address any;
attacks {
predefined-attack-groups “FTP – All”;
}
}
then {
action {
drop-packet;
}
}
}
}
A user with IP address 172.301.100 initiates an FTP session to a host with IP address 10.100.1.50 through an
SRX Series device and is subject to the IPS policy shown in the exhibit.
cd ~root command, which statement is correct?
If the user tries to execute the
Which three tasks must be performed to make the feature…
You are asked to implement the AppFW feature on an SRX Series device.
Which three tasks must be performed to make the feature work? (Choose three.)
Which two statements must be considered when accomplish…
You are asked to implement a Dynamic IPsec VPN on your new SRX240. You are required to facilitate up to 5
simultaneous users.
Which two statements must be considered when accomplishing the task?
Which action resolves the problem?
You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX
Series device. You have decided to implement IDP SSL decryption. Upon enabling the decryption, you notice
sessions are not decrypted.
Which action resolves the problem?
What are two reasons for the problem?
You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be
working properly.What are two reasons for the problem? (Choose two.)
which statement is correct?
Click the Exhibit button.
user@host> show log message
Feb 4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast>
Feb 4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 > (null) <Up Broadcast
Multicast>
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up.
Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:
to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:
10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH
username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector
local ID: ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID:
ipv4_subnet(any:11,[0..7]=0.0.0.0/0)
Feb 4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539,
ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:
192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),
Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type:
dynamic, Traffic-selector:
Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up.
Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:
to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:
Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,
XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,
[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)
Feb 4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: tospoke-2 Gateway: spoke-2, Local:
192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available, Remote Not-Available, VR-ID: 0
Referring to the exhibit, which statement is correct?
to-spoke-3 VPN is failing.
which two statements are correct?
Click the Exhibit button
[edit security]
user@host# show policies
global {
policy new-policy {
match {
source-address any;
destination-address any;application junos-https;
}
then {
permit {
application-services {
application-firewall {
rule-set appfw;
}
}
}
}
}
}
[edit security]
user@host# show application-firewall
rule-sets appfw {
rule 1 {
match {
dynamic-application junos:SSL;
}
then {
permit;
}
}
rule 2 {
match {
dynamic-application junos:HTTP;
}
then {
reject;
}
}
default-rule {
permit;
}
}
Referring to the exhibit, which two statements are correct? (Choose two.)