JNCSP-SEC Exam Objectives (Exam: JN0-696)
Security Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot security policy evaluation issues on Junos devices
Transit traffic issues
To-the-device traffic issues
Default and global policy issues
Address book issues
IPSec VPN Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot IPSec VPN issues on Junos device
Route-based VPN issues
Policy-based VPN issues
IKE phase 1 issues
IKE phase 2 issues
Application-Aware Security Services Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos AppSecure issues
Intrusion Prevention Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos Intrusion Prevention System (IPS) issues
Licensing and platform issues
Signature database issues
IPS and security policy issues
Unified Threat Management (UTM) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot UTM issues on Junos devices
Licensing and platform issues
UTM and security policy issues
High Availability (HA) Clustering Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot chassis cluster issues on Junos devices
Cluster architecture issues
Cluster component issues
Cluster mode issues
You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)
A. proposal mismatch
B. antivirus configuration
C. preshared key mismatch
D. TCP MSS clamping is disabled
Two SRX Series devices are having problems establishing an IPsec VPN session. One of the
devices has a firewall filter applied to its gateway interface that rejects UDP traffic.
What would resolve the problem?
A. Disable the IKE Phase 1 part of the session establishment.
B. Disable the IKE Phase 2 part of the session establishment.
C. Change the configuration so that session establishment uses TCP.
D. Edit the firewall filter to allow UDP port 500.
Your SRX Series device has the following configuration:
user@host> show security policies
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any
Destination addresses: any
From zone: trust, To zone: untrust
When traffic matches my-policy, you want the device to silently drop the traffic; however, you
notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?
A. the snmp application
B. the reject action
C. the trust zone
D. the untrust zone
You want to allow remote users using PCs running Windows 7 to access the network using an
IPsec VPN. You implement a route-based hub-and-spoke VPN; however, users report that they
are not able to access the network.
What is causing this problem?
A. The remote clients do not have proper licensing.
B. Hub-and-spoke VPNs cannot be route-based; they must be policy-based.
C. The remote clients’ OS is not supported.
D. Hub-and-spoke VPNs do not support remote client access; a dynamic VPN must be