Which two statements are true regarding the output shown in the exhibit?

Click the Exhibit button. Which two statements are true regarding the output shown in the
exhibit? (Choose two.)

Click the Exhibit button. Which two statements are true regarding the output shown in the
exhibit? (Choose two.)

A.
The packet does not match any user-configured security policies.

B.
The user has configured a security policy to allow the packet.

C.
The log is showing the first path packet flow.

D.
The log shows the reverse flow of the session.

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

lsys

lsys

I would say B and C.

B = because the default action for default-policy is to drop packets. Since packet passed user has altered default-policy config
C = policy is done on first path

Reply

traffikator

traffikator

if BC then question – which USER-CONFIGURED policy packet matches? default-policy not a USER-CONFIGURED, mo matter explicitly stated (permit-all or deny-all) or implicitly (deny-all). So, I suggest AC.

Reply

ati

ati

I suggest AC.

Reply

MacAodh

MacAodh

Badly worded… Default is not user configured but default is to deny… Therefore user has altered default -aka- made a configuration change to the default… But I don’t think that’s what they mean.

I would go for A but could be argued that it was B…

(Agreed on C)

Reply

Tomoaki Abe

Tomoaki Abe

Passed JN0-633 exam recently!

65 multiple choice questions, a little difficult to pass.

Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.

I learned valid JN0-633 dumps here:

http://www.passleader.com/jn0-633.html (209Q VCE and PDF)

Recommend to you!

Reply

gail

gail

BC
User has configured a policy called default-policy-00

Reply

Hassan

Hassan

It s B and C.
Look how it looks like when no Policy (/Default Policy) is matched:

## Policy lookup shows that the SRX does not find a match and the traffic is dropped due to no matching policy.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: packet dropped, denied by policy
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: packet dropped, policy deny.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: flow find session returns error.
Aug 12 16:22:22 16:22:21.1100315:CID-0:RT: —– flow_process_pkt rc 0x7 (fp rc -1)

The trick in this Question is that the user have configured a Policy with the name default-policy-00.

https://kb.juniper.net/InfoCenter/index?page=content&id=kb16110&actp=search

Reply

Tom Brady

Tom Brady

Thread is incorrect, but fear not strawberry eaters I am here.

A & C

People have shown the traceoptions of flows that match the default policy when it’s set to deny.

In order to verify this you first need to set the global policy to permit:
set security policies default-policy permit-all

Then running traceoptions on the latest junos version (no user configured policies, obviously):

Apr 27 16:21:52 16:21:52.741310:CID-0:RT:Policy lkup: vsys 0 zone(5:global) -> zone(5:global) scope:0

Apr 27 16:21:52 16:21:52.741310:CID-0:RT: app 0, timeout 1800s, curr ageout 20s

Apr 27 16:21:52 16:21:52.741310:CID-0:RT: permitted by policy default-policy-logical-system-00(2)

Apr 27 16:21:52 16:21:52.741310:CID-0:RT: packet passed, Permitted by policy.

Since it outputs:
“default-policy-logical-system-00(2)”

I’m sure it outputs exactly as is in the question in some earlier junos version.

Reply

EMS

EMS

deny-all—Deny all traffic. Packets are dropped. This is the default.

permit-all—Permit all traffic that does not match a policy.

The user change the default action, but no create some user-policy.

Answers: A & C

Reply