Juniper Security Support, Professional (JNCSP-SEC) - JN0-696 Exam Practice Test
Question 1
-- Exhibit --
Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to routing
Apr 27 19:11:09 company-fw /kernel: KERNEL_MEMORY_CRITICAL: System low on free memory, notifying init (#4).
Apr 27 19:11:09 company-fw rpd[1268]: Processing low memory signal
Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to idp-policy
Apr 27 19:11:09 company-fw idpd[1295]: Processing low memory signal
Apr 27 19:11:10 company-fw idpd[1987]: IDP_SECURITY_INSTALL_RESULT: security package install result
Done;Install aborted due to system reaching low memory condition!)
-- Exhibit -
Click the Exhibit button.
You are troubleshooting a problem where the IDP signature database update on your Junos device has failed.
Referring to the exhibit, which action will resolve this problem?
Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to routing
Apr 27 19:11:09 company-fw /kernel: KERNEL_MEMORY_CRITICAL: System low on free memory, notifying init (#4).
Apr 27 19:11:09 company-fw rpd[1268]: Processing low memory signal
Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to idp-policy
Apr 27 19:11:09 company-fw idpd[1295]: Processing low memory signal
Apr 27 19:11:10 company-fw idpd[1987]: IDP_SECURITY_INSTALL_RESULT: security package install result
Done;Install aborted due to system reaching low memory condition!)
-- Exhibit -
Click the Exhibit button.
You are troubleshooting a problem where the IDP signature database update on your Junos device has failed.
Referring to the exhibit, which action will resolve this problem?
Correct Answer: B
Question 2
-- Exhibit -user@host> show log ike-test ... Jun 13 10:36:52 ike_st_i_cr: Start Jun 13 10:36:52 ike_st_i_cert: Start Jun 13 10:36:52 ike_st_i_private: Start Jun 13 10:36:52 ike_st_o_iD. Start Jun 13 10:36:52 ike_st_o_hash: Start Jun 13 10:36:52 ike_find_pre_shared_key: Find pre shared key key for 172.168.100.2:500, id =
ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id = No Id Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true Jun 13 10:36:52 ike_st_o_status_n: Start Jun 13 10:36:52 ike_st_o_private: Start Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c - c6c3a771 f0475656 } /
00000000, nego = -1
Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c - c6c3a771 f0475656},
nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500, routing table id = 0
Jun 13 10:36:52 ike_get_sA. Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 } / 4cb03305,
remote = 192.168.101.2:500
Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 }
Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656}
Jun 13 10:36:52 ike_decode_packet: Start
Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656} /
4cb03305, nego = 0
Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16]
= 86b8160b 93a10c7c ..., data[0..113] = 800c0001 80030081 ...
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has attribute list
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message version = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload type = 129
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload data offset = 1 Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect pre-shared key (Reserved not 0)
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message id = 0x00000000 Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err = Payload malformed (16) to isakmp sa, delete it
...
Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db - 00000000
00000000}, nego = -1 Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db
00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst = 192.168.103.3:500, routing table id = 0 ... Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0 Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0 Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 - 00000000 00000000 } / 00000000,
remote = 192.168.103.2:500 Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d } Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0 Jun 13 10:37:19 ike_decode_packet: Start Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d} /
00000000, nego = -1 Jun 13 10:37:19 ike_decode_payload_sA. Start Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2 Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 ... Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f ...
Jun 13 10:37:19 ike_st_i_sa_proposal: Start
Jun 13 10:37:19 ike_isakmp_sa_reply: Start
Jun 13 10:37:19 ike_st_i_cr: Start
Jun 13 10:37:19 ike_st_i_cert: Start
Jun 13 10:37:19 ike_st_i_private: Start
Jun 13 10:37:19 ike_st_o_sa_values: Start
Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 -
a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d}
Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 - a8307123 9c0e1f9d } /
1a8c665d, nego = 0
Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d}, nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500, routing table id = 0 Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d},
nego = 0 -- Exhibit -
Click the Exhibit button.
You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the configuration, you notice in the show security ike security-associations output that the destination stays in a down state.
Referring to exhibit, what is causing the problem?
ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id = No Id Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true Jun 13 10:36:52 ike_st_o_status_n: Start Jun 13 10:36:52 ike_st_o_private: Start Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c - c6c3a771 f0475656 } /
00000000, nego = -1
Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c - c6c3a771 f0475656},
nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500, routing table id = 0
Jun 13 10:36:52 ike_get_sA. Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 } / 4cb03305,
remote = 192.168.101.2:500
Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 }
Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656}
Jun 13 10:36:52 ike_decode_packet: Start
Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656} /
4cb03305, nego = 0
Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16]
= 86b8160b 93a10c7c ..., data[0..113] = 800c0001 80030081 ...
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has attribute list
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message version = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c -
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload type = 129
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload data offset = 1 Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect pre-shared key (Reserved not 0)
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message id = 0x00000000 Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err = Payload malformed (16) to isakmp sa, delete it
...
Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db - 00000000
00000000}, nego = -1 Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db
00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst = 192.168.103.3:500, routing table id = 0 ... Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0 Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0 Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 - 00000000 00000000 } / 00000000,
remote = 192.168.103.2:500 Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d } Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0 Jun 13 10:37:19 ike_decode_packet: Start Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d} /
00000000, nego = -1 Jun 13 10:37:19 ike_decode_payload_sA. Start Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2 Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 ... Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e ...
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f ...
Jun 13 10:37:19 ike_st_i_sa_proposal: Start
Jun 13 10:37:19 ike_isakmp_sa_reply: Start
Jun 13 10:37:19 ike_st_i_cr: Start
Jun 13 10:37:19 ike_st_i_cert: Start
Jun 13 10:37:19 ike_st_i_private: Start
Jun 13 10:37:19 ike_st_o_sa_values: Start
Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 -
a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d}
Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 - a8307123 9c0e1f9d } /
1a8c665d, nego = 0
Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d}, nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500, routing table id = 0 Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 - a8307123 9c0e1f9d},
nego = 0 -- Exhibit -
Click the Exhibit button.
You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the configuration, you notice in the show security ike security-associations output that the destination stays in a down state.
Referring to exhibit, what is causing the problem?
Correct Answer: B
Question 3
Your SRX Series device has the following configuration:
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any Destination addresses: any
Applications: snmp
Action: reject
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?
user@host> show security policies
...
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any Destination addresses: any
Applications: snmp
Action: reject
From zone: trust, To zone: untrust
...
When traffic matches my-policy, you want the device to silently drop the traffic; however, you notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?
Correct Answer: A
Question 4
You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)
What are two explanations for this problem? (Choose two.)
Correct Answer: A,B
