Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to routing Apr 27
19:11:09 company-fw /kernel: KERNEL_MEMORY_CRITICAL: System low on free memory, notifying
init (#4).
Apr 27 19:11:09 company-fw rpd[1268]: Processing low memory signal
Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to idp-policy
Apr 27 19:11:09 company-fw idpd[1295]: Processing low memory signal
Apr 27 19:11:10 company-fw idpd[1987]: IDP_SECURITY_INSTALL_RESULT: security package
install result Done;Install aborted due to system reaching low memory condition!)
You are troubleshooting a problem where the IDP signature database update on your Junos device
has failed. Which action will resolve this problem?

[edit security utm]
user@host# show
custom-objects {
url-pattern {
blocklist {
value [ http://badsite.com http://blocksite.com ];
}
acceptlist {
value http://juniper.net;
}}
custom-url-category {
blacklist {
value blocklist;
}
whitelist {
value acceptlist;

}}}
feature-profile {
web-filtering {
url-whitelist whitelist;
url-blacklist blacklist;
type juniper-local;
juniper-local {
profile web-filter {
custom-block-message “Site is not allowed”;
fallback-settings {
default log-and-permit;
}}}}}
utm-policy utm1 {
web-filtering {
http-profile web-filter;
}}
You set up Web filtering to allow employees to only access your internal website. You notice that
employees are still able to reach websites outside of the blacklists. Which parameter must be
changed?

user@host> show configuration security utm
custom-objects {
url-pattern {
block-juniper {
value *.spammer.com;
}}
custom-url-category {
blacklist {
value block-juniper;
}

}}
feature-profile {
anti-spam {
address-blacklist block-juniper;
sbl {
profile myprofile {
no-sbl-default-server;
spam-action block;
}}}}
utm-policy wildcard-policy {
anti-spam {
smtp-profile myprofile;
}}
You added a blacklist to your antispam policy to block any e-mails from the spammer.com domain.
However, your users are complaining that they are still receiving spam e-mails from that domain.
You run the utm test-string test and confirm that the blacklist is not working. What is causing this
problem?

{hold:node0}
user@host1> show chassis cluster status
Cluster ID. 1
Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0
node0 1 hold no no
node1 0 lost n/a n/a
{hold:node0}
user@host1> show configuration | no-more
system {
host-name host1;
root-authentication {
encrypted-password “$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1”; ## SECRET-DATA
}
name-server {

172.16.10.100;
}
services {
ssh;
telnet;
web-management {
http;
}}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}}}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.131/26;
}}}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}}}
ge-0/0/9 {
unit 0 {
family inet {
address 172.16.10.1/24;
}}}}
security {
policies {
default-policy {

permit-all;
}}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}}}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service;
}}
interfaces {
ge-0/0/9.0;
}}
security-zone Untrust {
host-inbound-traffic {
system-services {
any-service;
}}
interfaces {
ge-0/0/8.0;
}}}}
—————-
{hold:node1}
user@host2> show chassis cluster status
Cluster ID. 1
Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0
node0 0 lost n/a n/a

node1 1 hold no no
{hold:node1}
user@host2> show configuration | no-more
system {
host-name host2;
root-authentication {
encrypted-password “$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1”; ## SECRET-DATA
}
name-server {
172.16.10.100;
}
services {
ssh;
telnet;
web-management {
http;
}}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}}}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.132/26;
}}}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}}}
ge-0/0/9 {
unit 0 {

family inet {
address 172.16.10.1/24;
}}}}
security {
policies {
default-policy {
permit-all;
}}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}}}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service;
}}
interfaces {
ge-0/0/9.0;
}}
security-zone Untrust {
host-inbound-traffic {
system-services {
any-service;
}}
interfaces {
ge-0/0/8.0;
}}

}}
A user attempted to form a chassis cluster on an SRX240; however, the cluster did not form. While
investigating the problem, you see the output shown in the Above. What is causing the problem?

Click the Exhibit button.

There is an existing chassis cluster connected to the corporate network 192.168.1.0/24. You are
asked to connect another department to this VLAN. To achieve this, you add a new chassis cluster to
the network. After connecting to the network, the cluster experiences traffic problems. You have
verified that the addresses and VLAN IDs are configured correctly. Referring to the exhibit, which
configuration would resolve this problem?

— Exhibit —
{primary:node0}
user@host> show configuration chassis | display inheritance
cluster {
redundancy-group 1 {
node 0 priority 200;
node 1 priority 100;
interface-monitor {
ge-0/0/12 weight 255;
ge-5/0/12 weight 255;
}}}
— Exhibit —
A customer reports that their SRX failover is not working as expected. They expected node1 to
become the primary node for the control plane when interface ge-0/0/12 failed. However, when ge-
0/0/12 failed, node0 remained the primary node. They send you the output shown in the exhibit.
What is causing this problem?