Thursday 8 December 2016

JN0-696 Security Support, Professional (JNCSP-SEC)

JNCSP-SEC Exam Objectives (Exam: JN0-696)

Security Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot security policy evaluation issues on Junos devices
Transit traffic issues
To-the-device traffic issues
Default and global policy issues
Zone issues
Address book issues
Filter-based forwarding
NAT issues
Configuration issues

IPSec VPN Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot IPSec VPN issues on Junos device
Route-based VPN issues
Policy-based VPN issues
IKE phase 1 issues
IKE phase 2 issues
Configuration issues

Application-Aware Security Services Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos AppSecure issues
AppID issues
AppTrack issues
AppFW issues
AppDoS issues
AppQoS issues
Configuration issues

Intrusion Prevention Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos Intrusion Prevention System (IPS) issues
Licensing and platform issues
Signature database issues
IPS and security policy issues
Configuration issues

Unified Threat Management (UTM) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot UTM issues on Junos devices
Licensing and platform issues
Antivirus issues
Antispam issues
Content-filtering issues
Web-filtering issues
UTM and security policy issues
Configuration issues

High Availability (HA) Clustering Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot chassis cluster issues on Junos devices
Cluster architecture issues
Cluster component issues
Cluster mode issues
Configuration issues


QUESTION 1
You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)

A. proposal mismatch
B. antivirus configuration
C. preshared key mismatch
D. TCP MSS clamping is disabled

Answer: B,D

Explanation:

QUESTION 2
Two SRX Series devices are having problems establishing an IPsec VPN session. One of the
devices has a firewall filter applied to its gateway interface that rejects UDP traffic.
What would resolve the problem?

A. Disable the IKE Phase 1 part of the session establishment.
B. Disable the IKE Phase 2 part of the session establishment.
C. Change the configuration so that session establishment uses TCP.
D. Edit the firewall filter to allow UDP port 500.

Answer: A

Explanation:

QUESTION 3
Your SRX Series device has the following configuration:
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: snmp
Action: reject
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you
notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?

A. the snmp application
B. the reject action
C. the trust zone
D. the untrust zone

Answer: C

Explanation:

QUESTION 4
You want to allow remote users using PCs running Windows 7 to access the network using an
IPsec VPN. You implement a route-based hub-and-spoke VPN; however, users report that they
are not able to access the network.
What is causing this problem?

A. The remote clients do not have proper licensing.
B. Hub-and-spoke VPNs cannot be route-based; they must be policy-based.
C. The remote clients' OS is not supported.
D. Hub-and-spoke VPNs do not support remote client access; a dynamic VPN must be
implemented instead.

Answer: B

Explanation:

No comments:

Post a Comment