You are asked to troubleshoot ongoing problems with IPsec tunnels and security policy
processing. Your network consists of SRX240s and SRX5600s. Regarding this scenario,
which two statements are true? (Choose two.)
A.
IPsec logs are written to the kmd log file by default.
B.
IKE logs are written to the kmd log file by default.
C.
You must enable data plane logging on the SRX240 devices to generate security policy
logs.
D.
You must enable data plane logging on the SRX5600 devices to generate security policy
logs.
This Dumps is valid,i took exam today and got 76%.
All the questions are from this only, but there are many answers wrong , please check the comment below for all the question in order to get the correct answers.
thanks for your recommend
By default, if no filename is specified, then all IKE traceoptions are written to the kmd log. However, you can specify a different filename if you wish. If a different filename is specified, then all IKE and IPsec related logs are no longer written to the kmd log.
http://www.juniper.net/techpubs/en_US/junos12.3/topics/example/policy-based-vpn-using-j-series-srx-series-device-configuring.htmlX
In SRX Series branch devices running Junos OS Release 9.6 and later and high-end SRX Series devices running Junos OS Release 10.0 and later, the devices can only send log messages to the data plane or the control plane, but not to both at the same time.
A is right : AJSEC book part 2 chapter 9 page 43:
“IPSEC automatically logs to /var/log/kmd”
D is right : AJSEC book part chapter 9 page 16:
“On branch SRX devices, the junos OS logs locally by default… On high-end SRX devices, data plane logs are not logged by default.”