A local user complains that they cannot connect to an FTP server on the DMZ network. You
investigate and confirm that the security policy allows FTP traffic from the trust zone to the
DMZ zone. What are two reasons for this problem? (Choose two.)
A.
The FTP ALG is disabled.
B.
No security policy exists for traffic from the DMZ zone to the trust zone.
C.
The FTP server has no route back to the local network.
D.
No route is configured to the DMZ network.
CD
AC are correct.
I cannot figure out what the author is trying to see if we know. The FTP ALG being disabled would not stop you from “connect”ing, the ALG would prevent the data portion of the FTP from connecting. The question does not say “file transfers fail”, it says you cannot connect to the FTP server.
If it did say file transfers are failing, then A + B would be plausible because you can make active FTP work with ALG disabled by allowing traffic in the reverse direction albeit the security implications.
For this reason A + B is tempting despite the fact the control connection would actually “connect” which makes A wrong outright imo.
However to answer the question most accurately based on the selections given, certainly the FTP server not having it’s default route, and the SRX not having a route to the FTP server assuming it’s not directly connected would break the connection.
In situations like this I go with what I feel is the best answer and not bet against the authors competence. So I’d go with C,D
TOM,
your answers have been great help for me.
and yes the right answer is C & D not ALG
thx again.
Salute
TOM,
your answers have been great help for me.
and yes the right answer is C & D not ALG
thx again, Salute
NEW EXAM UPDATED!!!
The JN0-633 exam End of Life (EOL) on July 1, 2017, now the new exam is JN0-634.
The newest JN0-634 dumps are available here FYI:
http://www.juniperbraindumps.com/category/juniper-junos-security-certification/jn0-634-dumps
Best Regards!!!