Click the Exhibit button. Which two statements are true regarding the output shown in the
exhibit? (Choose two.)
A.
The packet does not match any user-configured security policies.
B.
The user has configured a security policy to allow the packet.
C.
The log is showing the first path packet flow.
D.
The log shows the reverse flow of the session.
I would say B and C.
B = because the default action for default-policy is to drop packets. Since packet passed user has altered default-policy config
C = policy is done on first path
0
0
if BC then question – which USER-CONFIGURED policy packet matches? default-policy not a USER-CONFIGURED, mo matter explicitly stated (permit-all or deny-all) or implicitly (deny-all). So, I suggest AC.
0
0
I suggest AC.
0
0
Badly worded… Default is not user configured but default is to deny… Therefore user has altered default -aka- made a configuration change to the default… But I don’t think that’s what they mean.
I would go for A but could be argued that it was B…
(Agreed on C)
0
0
Passed JN0-633 exam recently!
65 multiple choice questions, a little difficult to pass.
Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.
I learned valid JN0-633 dumps here:
http://www.passleader.com/jn0-633.html (209Q VCE and PDF)
Recommend to you!
0
0
P.S.
You can download that 209Q dumps for free, here:
https://doc.co/Tek7cT
Good Luck!
0
0
BC
User has configured a policy called default-policy-00
0
0
It s B and C.
Look how it looks like when no Policy (/Default Policy) is matched:
## Policy lookup shows that the SRX does not find a match and the traffic is dropped due to no matching policy.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: packet dropped, denied by policy
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: packet dropped, policy deny.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: flow find session returns error.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1)
The trick in this Question is that the user have configured a Policy with the name default-policy-00.
https://kb.juniper.net/InfoCenter/index?page=content&id=kb16110&actp=search
0
0
Thread is incorrect, but fear not strawberry eaters I am here.
A & C
People have shown the traceoptions of flows that match the default policy when it’s set to deny.
In order to verify this you first need to set the global policy to permit:
set security policies default-policy permit-all
Then running traceoptions on the latest junos version (no user configured policies, obviously):
…
Apr 27 16:21:52 16:21:52.741310:CID-0:RT:Policy lkup: vsys 0 zone(5:global) -> zone(5:global) scope:0
…
Apr 27 16:21:52 16:21:52.741310:CID-0:RT: app 0, timeout 1800s, curr ageout 20s
Apr 27 16:21:52 16:21:52.741310:CID-0:RT: permitted by policy default-policy-logical-system-00(2)
Apr 27 16:21:52 16:21:52.741310:CID-0:RT: packet passed, Permitted by policy.
Since it outputs:
“default-policy-logical-system-00(2)”
I’m sure it outputs exactly as is in the question in some earlier junos version.
0
0
deny-all—Deny all traffic. Packets are dropped. This is the default.
permit-all—Permit all traffic that does not match a policy.
The user change the default action, but no create some user-policy.
Answers: A & C
0
0
ATTENTION!!! Updated!!!
The JN0-633 exam End of Life (EOL) on July 1, 2017, now the new exam is JN0-634.
The newest JN0-634 dumps are available here FYI:
http://www.juniperbraindumps.com/category/juniper-junos-security-certification/jn0-634-dumps
Good Luck!!!
0
0