Juniper JN0-696 Exam Practice Questions (P. 1)
- Full Access (71 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)
What are two explanations for this problem? (Choose two.)
- Aproposal mismatchMost Voted
- Bantivirus configuration
- Cpreshared key mismatchMost Voted
- DTCP MSS clamping is disabled
Correct Answer:
AC
Incorrect:
B, D: Antivirus and TCP MSS clamping has no relation to IPSec tunnels.
AC
Incorrect:
B, D: Antivirus and TCP MSS clamping has no relation to IPSec tunnels.
send
light_mode
delete
Question #2
Two SRX Series devices are having problems establishing an IPsec VPN session. One of the devices has a firewall filter applied to its gateway interface that rejects UDP traffic.
What would resolve the problem?
What would resolve the problem?
- ADisable the IKE Phase 1 part of the session establishment.
- BDisable the IKE Phase 2 part of the session establishment.
- CChange the configuration so that session establishment uses TCP.
- DEdit the firewall filter to allow UDP port 500.
Correct Answer:
D
UDP port 500 is used by IKE.
D
UDP port 500 is used by IKE.
send
light_mode
delete
Question #3
Your SRX Series device has the following configuration:
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any -
Destination addresses: any -
Applications: snmp -
Action: reject -
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any -
Destination addresses: any -
Applications: snmp -
Action: reject -
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?
- Athe snmp application
- Bthe reject action
- Cthe trust zone
- Dthe untrust zone
Correct Answer:
B
B
send
light_mode
delete
Question #4
You want to allow remote users using PCs running Windows 7 to access the network using an IPsec VPN. You implement a route-based hub-and-spoke VPN; however, users report that they are not able to access the network.
What is causing this problem?
What is causing this problem?
- AThe remote clients do not have proper licensing.
- BHub-and-spoke VPNs cannot be route-based; they must be policy-based.
- CThe remote clients' OS is not supported.
- DHub-and-spoke VPNs do not support remote client access; a dynamic VPN must be implemented instead.
Correct Answer:
D
D
send
light_mode
delete
Question #5
You notice that the secondary node of a chassis cluster has become disabled.
What caused this behavior?
What caused this behavior?
- AThe fxp0 interface on the secondary device failed.
- BThe control link between the devices failed.
- CA reth on the secondary device failed.
- DAn IPsec tunnel between the two devices failed.
Correct Answer:
B
Incorrect:
Fxp0, reth or IPsec tunnels are not used by chassis clusters.
B
Incorrect:
Fxp0, reth or IPsec tunnels are not used by chassis clusters.
send
light_mode
delete
All Pages