ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).
Which two security intelligence feed types are supported?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
Exhibit Referring to the exhibit, which three statements are true? (Choose three.)

Question 2 - JN0-636 discussion

Report
Export

Exhibit

You are asked to establish an IBGP peering between the SRX Series device and the router, but the session is not being established. In the security flow trace on the SRX device, packet drops are observed as shown in the exhibit.

What is the correct action to solve the problem on the SRX device?

A.
Create a firewall filter to accept the BGP traffic
Answers
A.
Create a firewall filter to accept the BGP traffic
B.
Configure destination NAT for BGP traffic.
Answers
B.
Configure destination NAT for BGP traffic.
C.
Add BGP to the Allowed host-inbound-traffic for the interface
Answers
C.
Add BGP to the Allowed host-inbound-traffic for the interface
D.
Modify the security policy to allow the BGP traffic.
Answers
D.
Modify the security policy to allow the BGP traffic.
Suggested answer: C

Explanation:

According to the security flow trace in the exhibit, the packets are dropped for self but not interested. This means that the SRX device is receiving packets destined to itself, but it does not have the corresponding service configured in the host-inbound-traffic stanza for the interface1. In this case, the service is BGP, which uses TCP port 179. Therefore, the correct action to solve the problem on the SRX device is to add BGP to the allowed host-inbound-traffic for the interface. This can be done by using the following command:

set security zones security-zone <zone-name> interfaces <interface-name> host-inbound-traffic system-services bgp

This command will allow the SRX device to accept BGP packets on the specified interface and zone. Alternatively, the command can be applied to all interfaces in a zone by using the allinterfaces option2.

Reference: 1: SRX Getting Started - Troubleshoot Security Policy 2: Configuring System Services Allowed for Host Inbound Traffic

Show Answer
asked 18/09/2024
Corey Workman
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms