Juniper JN0-696 - Juniper Networks Certified Support Professional Security (JNCSP-SEC) Exam

Page:    1 / 15   
Total 71 questions

You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)

  • A. proposal mismatch
  • B. antivirus configuration
  • C. preshared key mismatch
  • D. TCP MSS clamping is disabled


Answer : AC

Incorrect:
B, D: Antivirus and TCP MSS clamping has no relation to IPSec tunnels.

Two SRX Series devices are having problems establishing an IPsec VPN session. One of the devices has a firewall filter applied to its gateway interface that rejects UDP traffic.
What would resolve the problem?

  • A. Disable the IKE Phase 1 part of the session establishment.
  • B. Disable the IKE Phase 2 part of the session establishment.
  • C. Change the configuration so that session establishment uses TCP.
  • D. Edit the firewall filter to allow UDP port 500.


Answer : D

UDP port 500 is used by IKE.

Your SRX Series device has the following configuration:
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1

Source addresses: any -

Destination addresses: any -

Applications: snmp -

Action: reject -
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?

  • A. the snmp application
  • B. the reject action
  • C. the trust zone
  • D. the untrust zone


Answer : B

You want to allow remote users using PCs running Windows 7 to access the network using an IPsec VPN. You implement a route-based hub-and-spoke VPN; however, users report that they are not able to access the network.
What is causing this problem?

  • A. The remote clients do not have proper licensing.
  • B. Hub-and-spoke VPNs cannot be route-based; they must be policy-based.
  • C. The remote clients' OS is not supported.
  • D. Hub-and-spoke VPNs do not support remote client access; a dynamic VPN must be implemented instead.


Answer : D

You notice that the secondary node of a chassis cluster has become disabled.
What caused this behavior?

  • A. The fxp0 interface on the secondary device failed.
  • B. The control link between the devices failed.
  • C. A reth on the secondary device failed.
  • D. An IPsec tunnel between the two devices failed.


Answer : B

Incorrect:
Fxp0, reth or IPsec tunnels are not used by chassis clusters.

Page:    1 / 15   
Total 71 questions