Refer to the Exhibit.
— Exhibit —
[edit security]
user@srx# show
idp {
idp-policy NewPolicy {
rulebase-exempt {
rule 1 {
description AllowExternalRule;
match {
source-address any;
destination-address
}
}
}
}
}
— Exhibit —
You are performing the initial IDP installation on your new SRX device. You have configured the
IDP exempt rulebase as shown in the exhibit, but the commit is not successful.
Referring to the exhibit, what solves the issue?
A.
You must configure the destination zone match.
B.
You must configure the IPS exempt accept action.
C.
You must configure the IPS rulebase.
D.
You must configure the IPS engine flow action to ignore.
Explanation:
Reference:http://jncie-sec.exactnetworks.net/2013/01/srx-idp-overview-initial-setup.html
The exempt rulebase works in conjunction with the IPS rulebase. Before you can create exempt rules, you must first create rules in the IPS rulebase
http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/config-idp-exempt-rulebase-section.html#config-idp-exempt-rulebase-section
C is correct