Nov 2021 updated: Actualtests Juniper JN0-696 simulations 11-20

Proper study guides for Leading Juniper Security Support, Professional (JNCSP-SEC) certified begins with Juniper JN0-696 preparation products which designed to deliver the 100% Guarantee JN0-696 questions by making you pass the JN0-696 test at your first time. Try the free JN0-696 demo right now.

2021 Nov JN0-696 exam answers

Q11. -- Exhibit --

Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to routing

Apr 27 19:11:09 company-fw /kernel: KERNEL_MEMORY_CRITICAL: System low on free memory, notifying init (#4).

Apr 27 19:11:09 company-fw rpd[1268]: Processing low memory signal

Apr 27 19:11:09 company-fw init: low_mem_signal_processes: send signal 16 to idp-policy

Apr 27 19:11:09 company-fw idpd[1295]: Processing low memory signal

Apr 27 19:11:10 company-fw idpd[1987]: IDP_SECURITY_INSTALL_RESULT: security package install result

Done;Install aborted due to system reaching low memory condition!)

-- Exhibit --

Click the Exhibit button.

You are troubleshooting a problem where the IDP signature database update on your Junos device has failed.

Referring to the exhibit, which action will resolve this problem?

A. Perform a manual update of the IDP signature database by issuing the command request security idp security-package download.

B. Clear the control plane memory used by IDP by issuing the command clear security idp status.

C. Increase the amount of control plane memory by issuing the command set security advanced- services data-plane memory low.

D. Download the IDP signature database on the control plane without updating the data plane detector engine by issuing the command request security idp security-package install update- attack-database-only.

Answer: C

Q12. -- Exhibit – -- Exhibit --

Click the Exhibit button.

Your company has a Web server in the trust zone. You configure a NAT rule to allow Internet users from the untrust zone to access this Web server. Internet users use the public IP address

70.1.1.1 to access this Web server, but they report that the server is not accessible.

Referring to the exhibit, which configuration change would resolve this problem?

A. set security nat proxy-arp interface fe-0/0/2 address 70.1.1.0/24

B. set security zones security-zone untrust host-inbound-traffic system-services http

C. set security nat destination rule-set http rule 1 match source-address 0.0.0.0/0

D. set security address-book global address web-server 192.168.1.11/32

Answer: D

Q13. What are two explanations for this problem? (Choose two.)

A. proposal mismatch

B. antivirus configuration

C. preshared key mismatch

D. TCP MSS clamping is disabled

Answer: B,D

Q14. Users at a branch office report that they cannot reach an internal Web server. The users connect through a single SRX Series device to reach the Web server. A security policy has been configured on the device that allows traffic to flow between interfaces in the Trust zone.

What is causing this problem?

A. The interface on the device that connects to the Web server is not in the Trust zone.

B. The IPsec VPN connection between the users and the Web server is down.

C. There is a host inbound traffic configuration problem.

D. There is an antispam configuration problem.

Answer: C

Q15. You have implemented AppTrack on your SRX Series device to track YouTube streaming video usage in your network. However, many of the YouTube videos that your users are watching are shorter than five minutes. You notice that the statistics for starting these short YouTube videos are not being recorded by AppTrack.

Which two actions would allow AppTrack to record the statistics for these sessions? (Choose two.)

A. Change AppTrack to collect session information during shorter intervals.

B. Change AppTrack to collect session information when the session is first created.

C. Change AppTrack to collect session information for nested applications only.

D. Change AppTrack to collect session information for applications only.

Answer: A,B

Latest JN0-696 study guide:

Q16. You are troubleshooting a problem on your Junos device where the antispam SBL server is no longer filtering known spam hosts. You notice that local list antispam filtering is still working for known spam hosts.

What would cause this problem?

A. You have configured the sbl-default-server parameter in the antispam feature profile.

B. DNS has stopped working on your Junos device.

C. The antispam license has expired on your Junos device.

D. The default spam-action parameter has been set to permit.

Answer: C

Q17. You are asked to troubleshoot a user communication problem. Users connected to the Trust zone cannot communicate with other devices connected to the same zone. These users are able to communicate with other devices in all other zones.

How should you resolve this problem?

A. You must put each device in a separate subzone to allow internal communication.

B. You must configure a security policy to allow intrazone communication.

C. You must enable the allow-internal parameter under the Trust security zone.

D. You must enable the all parameter for host inbound traffic for the zone.

Answer: B

Q18. -- Exhibit –

-- Exhibit --

Click the Exhibit button.

Referring to the exhibit, PC-1 is unable to ping Server-1. Traffic from PC-1 to Server-1 arrives on interface fe-0/0/3 but return traffic from Server-1 to PC-1 should be sent out from interface fe- 0/0/2.

Referring to the exhibit, which configuration change on SRX-1 would resolve this problem?What would you change on SRX-1 to resolve this problem?

A. Configure a security policy to allow traffic from the DMZ zone to the untrust-1 zone.

B. Configure a security policy to allow traffic from the DMZ zone to the untrust-2 zone.

C. Move both interface fe-0/0/2 and fe-0/0/3 to the same security zone.

D. Disable TCP SYN check and TCP sequence check.

Answer: C

Q19. -- Exhibit -- user@host> show log ike-test ... Jun 13 10:36:52 ike_st_i_cr: Start

Jun 13 10:36:52 ike_st_i_cert: Start

Jun 13 10:36:52 ike_st_i_private: Start

Jun 13 10:36:52 ike_st_o_iD. Start

Jun 13 10:36:52 ike_st_o_hash: Start

Jun 13 10:36:52 ike_find_pre_shared_key: Find pre shared key key for 172.168.100.2:500, id =

ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id = No Id

Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start

Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true

Jun 13 10:36:52 ike_st_o_status_n: Start

Jun 13 10:36:52 ike_st_o_private: Start

Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start

Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet

Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c - c6c3a771 f0475656 } /

00000000, nego = -1

Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c - c6c3a771 f0475656},

nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500, routing table id = 0

Jun 13 10:36:52 ike_get_sA. Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 } / 4cb03305,

remote = 192.168.101.2:500

Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c - c6c3a771 f0475656 }

Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656}

Jun 13 10:36:52 ike_decode_packet: Start

Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c - c6c3a771 f0475656} /

4cb03305, nego = 0

Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16]

= 86b8160b 93a10c7c ..., data[0..113] = 800c0001 80030081 ...