最新なJuniper JN0-696問題集（36題）、真実試験の問題を全部にカバー！

質問 1：
-- Exhibit --
[edit]
user@SRX-1# show security ike traceoptions
file ike-trace;
flag all;
[edit]
user@SRX-1# show security ipsec traceoptions
flag all;
user@SRX-1> show log ike-trace
...
Jun 13 17:00:33 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Invalid protocol_id = 0
Jun 13 17:00:34 Received authenticated notification payload unknown from local:192.168.1.10 remote:192.168.1.11 IKEv1 for P1 SA 3075335 Jun 13 17:00:34 iked_pm_ike_spd_notify_receiveD. Negotiation is already failed. Reason: TS
unacceptable.
Jun 13 17:00:34 QM notification `(null)' (40001) (size 8 bytes) from 192.168.1.11 for protocol
Reserved spi[0...3]=0f f0 ce d3
Jun 13 17:00:34 ike_st_i_private: Start
Jun 13 17:00:34 ike_st_o_qm_hash_2: Start
Jun 13 17:00:34 ike_st_o_qm_sa_values: Start
Jun 13 17:00:34 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Error = No proposal chosen (14)
Jun 13 17:00:34 ike_alloc_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276}
Jun 13 17:00:34 ike_encode_packet: Start, SA = { 0x15276b72 6656c3b6 - 4ea713e7 d2487276 }
/ 65407839, nego = 2
Jun 13 17:00:34 ike_send_packet: Start, send SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2, dst = 192.168.1.11:500, routing table id = 0
Jun 13 17:00:34 ike_delete_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2 Jun 13 17:00:34 ike_free_negotiation_info: Start, nego = 2 Jun 13 17:00:34 ike_free_negotiation: Start, nego = 2 Jun 13 17:00:34 IPSec negotiation failed for SA-CFG Unknown for local:192.168.1.10,
remote:192.168.1.11 IKEv1. status: TS unacceptable Jun 13 17:00:34 P2 ed info: flags 0x0, P2 error: TS unacceptable Jun 13 17:00:34 iked_pm_ipsec_sa_done: Phase2 failed 2/3 times for P1 SA 3075335 -- Exhibit -
Click the Exhibit button.
The IPsec tunnel is not establishing between SRX-1 and a remote device.
Referring to the exhibit, what is causing this problem?
A. IKE Phase 1 proposals mismatch
B. IKE Phase 2 proxy ID mismatch
C. IKE Phase 1 IKE ID mismatch
D. IKE Phase 2 proposals mismatch
正解：B

質問 2：
-- Exhibit -user@SRX-1> show configuration security ike traceoptions {
file ike-trace;
flag all; } policy juniper {
proposal-set standard;
pre-shared-key ascii-text "$ $ znCO hKMXtuMX - gTz "; ## SECRET-DATA } gateway juniper {
ike-policy juniper; address 192.168.1.11; external-interface fe-0/0/7;
} user@SRX-1> show configuration security ipsec traceoptions {
flag all; } policy juniper {
proposal-set standard; } vpn juniper {
bind-interface st0.0; ike { gateway juniper; ipsec-policy juniper; }
}
user@SRX-1> show security ike security-associations
user@SRX-1> show security ipsec security-associations Total active tunnels: 0
user@SRX-1> show log ike-trace
...
Jun 13 16:21:33 ike_st_o_all_done: MESSAGE: Phase 1 { 0x3f669946 90eba0c7 - 0x76bdffab f8770040 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key l Jun 13 16:21:33 192.168.1.10:500 (Responder) -> 192.168.1.11:500 { 3f669946 90eba0c7 76bdffab f8770040 [-1] / 0x00000000 } IP; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key
Jun 13 16:21:33 ike_encode_packet: Start, SA = { 0x3f669946 90eba0c7 - 76bdffab f8770040 } / 00000000, nego = -1
Jun 13 16:21:33 ike_send_packet: Start, send SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1, dst = 192.168.1.11:500, routing table id = 0
Jun 13 16:21:33 ike_send_notify: Connected, SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1
Jun 13 16:21:33 iked_pm_ike_sa_done: local:192.168.1.10, remote:192.168.1.11 IKEv1
Jun 13 16:21:33 iked_pm_id_validate id NOT matched.
Jun 13 16:21:33 P1 SA 3075313 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x331.
Jun 13 16:21:33 iked_pm_ike_sa_delete_notify_done_cB. For p1 sa index 3075313, ref cnt 1, status: Error ok
Jun 13 16:21:33 ike_expire_callback: Start, expire SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1
Jun 13 16:21:33 ike_alloc_negotiation: Start, SA = { 3f669946 90eba0c7 - 76bdffab f8770040}
...
-- Exhibit -
Click the Exhibit button.
You are troubleshooting a new IPsec VPN that is not establishing between SRX-1 and a remote end device.
Referring to the exhibit, what is causing the problem?
A. IKE Phase 1 proposals mismatch
B. IKE Phase 2 proxy ID mismatch
C. IKE Phase 1 IKE ID mismatch
D. Pre-shared key mismatch
正解：C

質問 3：
While attempting to set up IDP on an SRX Series device, the IDP attack database fails to download.
What is one reason for this behavior?
A. The host inbound traffic has not been configured correctly.
B. A firewall filter applied to the loopback interface is preventing the download of the attack database.
C. The device's configuration does not include the URL from which to retrieve the attack database.
D. The device's Untrust zone to Trust zone security policy does not allow this traffic.
正解：B

質問 4：
When attempting to delete IDP policies and configurations from an SRX Series device, a user enters these configuration commands:
Delete security idp
Commit
However, after the commit has completed, the configuration is still present under the [edit security idp] hierarchy.
What should the user do to permanently remove the configuration?
A. Delete the IDP templates commit script from the [edit system scripts commit] hierarchy, delete the [edit security idp] hierarchy, and then commit the change.
B. Delete the /var/db/scripts/commit/templates.xsl file and reboot the device.
C. Stop the idpd process using the set system processes idp-policy disable configuration command, commit the change, delete the [edit security idp] hierarchy, and then commit that change.
D. Delete the [edit security idp] hierarchy, commit the change, and immediately reboot the device.
正解：A