Online Access Free JN0-696 Practice Test

You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)

• A.TCP MSS clamping is disabled
• B.proposal mismatch
• C.antivirus configuration
• D.preshared key mismatch

-- Exhibit -user@R1> show security ike security-associations
user@R1> show security zones
Security zone: trust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 3
Interfaces:
ge-0/0/0.0
ge-0/0/6.0
lo0.0
Security zone: untrust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 1
Interfaces:
ge-0/0/1.0
Security zone: junos-host
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes Interfaces bounD. 0 Interfaces:
user@R1> show interfaces st0
Physical interface: st0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 503 Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192 Device flags : Present Running Interface flags: Point-To-Point Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps)
Logical interface st0.0 (Index 72) (SNMP ifIndex 546) Flags: Link-Layer-Down Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel Input packets : 3 Output packets: 3 Security: Zone: Null Protocol inet, MTU: 9192 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 172.19.0.0/30, Local: 172.19.0.1
user@R1> show interfaces ge-0/0/1 Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 135, SNMP ifIndex: 508
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, SpeeD. 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: b0:c6:9a:73:27:81, Hardware address: b0:c6:9a:73:27:81 Last flapped : 2013-06-12 15:22:48 UTC (00:59:41 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 541) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 40 Output packets: 27 Security: Zone: untrust Allowed host-inbound traffic : ping Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary Destination: 184.0.15.0/30, Local: 184.0.15.1, Broadcast: 184.0.15.3
user@R1> show log ipsec-trace | match "500|drop"
Jun 12 16:32:10 16:32:10.680034:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:32:54 16:32:54.680399:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:33:00 16:33:00.680794:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500 Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet droppeD. for self but not interested Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
-- Exhibit -
Click the Exhibit button.
You are asked to troubleshoot a new IPsec tunnel that is not establishing between R1 and R2. The remote team has verified that R2's configuration is correct.
Referring to the exhibit, which two actions are required to resolve the problem? (Choose two.)

• A.Add the st0.0 interface to a security zone.
• B.Enable IKE for host inbound traffic in the trust zone.
• C.Change the st0.0 interface MTU to 1400.
• D.Enable IKE for host inbound traffic in the untrust zone.

You have implemented AppTrack on your SRX Series device to track YouTube streaming video usage in your network. However, many of the YouTube videos that your users are watching are shorter than five minutes. You notice that the statistics for starting these short YouTube videos are not being recorded by AppTrack.
Which two actions would allow AppTrack to record the statistics for these sessions? (Choose two.)

• A.Change AppTrack to collect session information for nested applications only.
• B.Change AppTrack to collect session information for applications only.
• C.Change AppTrack to collect session information when the session is first created.
• D.Change AppTrack to collect session information during shorter intervals.

You are asked to troubleshoot a user communication problem. Users connected to the Trust zone cannot communicate with other devices connected to the same zone. These users are able to communicate with other devices in all other zones.
How should you resolve this problem?

• A.You must enable the all parameter for host inbound traffic for the zone.
• B.You must enable the allow-internal parameter under the Trust security zone.
• C.You must configure a security policy to allow intrazone communication.
• D.You must put each device in a separate subzone to allow internal communication.

-- Exhibit -

-- Exhibit -Click the Exhibit button. You have created a new VPN tunnel to your partner's site but IKE Phase 1 is not coming up. You
check the trace log and find the following log message: Jun [IKED 2] iked_pm_id_validate id NOT matched. Considering the topology and the SRX Series device's configuration shown in the exhibit, which modification is needed under [edit security gateway Partner]?

• A.rename address 20.1.1.1 to address 192.168.1.1
• B.set remote-identity inet 192.168.1.1
• C.set local-identity inet 50.1.1.1
• D.set local-identity inet 20.1.1.1