Juniper JN0-696 Exam Practice Questions (P. 2)
- Full Access (71 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
Users at a branch office report that they cannot reach an internal Web server. The users connect through a single SRX Series device to reach the Web server. A security policy has been configured on the device that allows traffic to flow between interfaces in the Trust zone.
What is causing this problem?
What is causing this problem?
- AThe interface on the device that connects to the Web server is not in the Trust zone.
- BThe IPsec VPN connection between the users and the Web server is down.
- CThere is a host inbound traffic configuration problem.
- DThere is an antispam configuration problem.
Correct Answer:
A
Host inbound traffic configuration is ignored as this is not destined to the device (SRX) itself.
A
Host inbound traffic configuration is ignored as this is not destined to the device (SRX) itself.
send
light_mode
delete
Question #7
You are asked to troubleshoot a user communication problem. Users connected to the Trust zone cannot communicate with other devices connected to the same zone. These users are able to communicate with other devices in all other zones.
How should you resolve this problem?
How should you resolve this problem?
- AYou must put each device in a separate subzone to allow internal communication.
- BYou must configure a security policy to allow intrazone communication.
- CYou must enable the allow-internal parameter under the Trust security zone.
- DYou must enable the all parameter for host inbound traffic for the zone.
Correct Answer:
B
References:
http://www.juniper.net/documentation/en_US/junos12.1×46/topics/example/security-srx-device-zone-and-policy-configuring.html
B
References:
http://www.juniper.net/documentation/en_US/junos12.1×46/topics/example/security-srx-device-zone-and-policy-configuring.html
send
light_mode
delete
Question #8
You have implemented AppTrack on your SRX Series device to track YouTube streaming video usage in your network. However, many of the YouTube videos that your users are watching are shorter than five minutes. You notice that the statistics for starting these short YouTube videos are not being recorded by
AppTrack.
Which two actions would allow AppTrack to record the statistics for these sessions? (Choose two.)
AppTrack.
Which two actions would allow AppTrack to record the statistics for these sessions? (Choose two.)
- AChange AppTrack to collect session information during shorter intervals.
- BChange AppTrack to collect session information when the session is first created.
- CChange AppTrack to collect session information for nested applications only.
- DChange AppTrack to collect session information for applications only.
Correct Answer:
AB
You need to change the interval to be a smaller window and you need to log at session creation.
References:
http://www.juniper.net/documentation/en_US/junos12.1/topics/example/app-track-configuring-cli.html
AB
You need to change the interval to be a smaller window and you need to log at session creation.
References:
http://www.juniper.net/documentation/en_US/junos12.1/topics/example/app-track-configuring-cli.html
send
light_mode
delete
Question #9
While attempting to set up IDP on an SRX Series device, the IDP attack database fails to download.
What is one reason for this behavior?
What is one reason for this behavior?
- AThe device's Untrust zone to Trust zone security policy does not allow this traffic.
- BThe device's configuration does not include the URL from which to retrieve the attack database.
- CA firewall filter applied to the loopback interface is preventing the download of the attack database.
- DThe host inbound traffic has not been configured correctly.
Correct Answer:
B
Note: The scenarios, which might cause the above error, can be broadly classified as follows:
The SRX device does not have Internet connectivity.
The DNS server is not configured on the SRX device.
The SRX device does not have access to the SIG DB server.
Storage space in the Compact Flash is full.
References:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23359
B
Note: The scenarios, which might cause the above error, can be broadly classified as follows:
The SRX device does not have Internet connectivity.
The DNS server is not configured on the SRX device.
The SRX device does not have access to the SIG DB server.
Storage space in the Compact Flash is full.
References:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23359
send
light_mode
delete
Question #10
When attempting to delete IDP policies and configurations from an SRX Series device, a user enters these configuration commands:
Delete security idp -
Commit -
However, after the commit has completed, the configuration is still present under the [edit security idp] hierarchy.
What should the user do to permanently remove the configuration?
Delete security idp -
Commit -
However, after the commit has completed, the configuration is still present under the [edit security idp] hierarchy.
What should the user do to permanently remove the configuration?
- ADelete the /var/db/scripts/commit/templates.xsl file and reboot the device.
- BDelete the [edit security idp] hierarchy, commit the change, and immediately reboot the device.
- CStop the idpd process using the set system processes idp-policy disable configuration command, commit the change, delete the [edit security idp] hierarchy, and then commit that change.
- DDelete the IDP templates commit script from the [edit system scripts commit] hierarchy, delete the [edit security idp] hierarchy, and then commit the change.
Correct Answer:
D
References:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB27182&actp=search
D
References:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB27182&actp=search
send
light_mode
delete
All Pages