Click the Exhibit button. An SRX Series device has been configured for multiple
certificate-based VPNs. The IPsec security association used for data replication is currently
down . The administrator is a contractor and has the permissions on the SPX Series device
as shown in the exhibit Which command set would allow the administrator to troubleshoot
the cause for the VPN being down?
A.
set security ipsec traceoptions file ipsec set security ipsec traceoptions flag
security-associations
B.
set security ike traceoptions file ike set security ike traceoptions flag ike
C.
request security pki verify-integrity-status
D.
request security ike debug-enable local <ip of the local gateway> remote <ip of the
remote gateway›
awkward question !!
how user in the operator mode could establish “request security…” ..
he could establish “request services .. request dhcp ..” but security ! damn NO !
should be D
An operator is allowed to work in operational mode to check the status of the device and the routing protocols, clear statistics, and perform reset operations, including restarting routing processes and rebooting the device.
Only reasonable answers is “C”, because of the “status”
since he did not ask about the certificate and only asked on VPN status and maintenance , so I believe the answer will be D , because debug command :
https://www.juniper.net/documentation/en_US/junos15.1×49/topics/reference/command-summary/request-security-ike-debug-enable.html
if he was asking about the certificate (PKI) the answer sure will be C …..
so answer is D God Willing
C
none of them are correct:
show configuration system login user test
uid 2003;
class operator;
authentication {
encrypted-password “$1$R0dScvOU$QYB3gje5jMFZYyBvOtRcF.”; ## SECRET-DATA
}
login with test:
test> request ?
Possible completions:
chassis Perform chassis-specific operations
dhcp Perform DHCP operations
dhcpv6 Perform DHCPv6 operations
interface Perform interface tasks
lacp Request LACP actions
message Send text message to other users
modem
multicast Perform multicast operations
network-access Request network-access related information
pppoe Perform PPPoE specific operations
routing-engine Log in to Routing Engine
services Service requests
snmp Request actions from the Simple Network Management Protocol daemon
wlan Wireless LAN related requests
test> set ?
Possible completions:
chassis Set chassis properties
cli Set CLI properties
enter to edit mode is not possible with user class operator:
test> edit
^
unknown command.
B correst 100%
A – wrong (impossible to assign a file for ipsec traceoptions)
C,D – wrong (not enough privileges to do that for operator)
After B option in config, opeartor can issue commands like sh log kmd, sh log ike to troubleshoot
all the answer are incorrect . since class is operator so none of the command execute
I agree with ati and bhaskar. No answer is correct.