Juniper
JN0-636 · Question #64
JN0-636 Question #64: Real Exam Question with Answer & Explanation
Sign in or unlock JN0-636 to reveal the answer and full explanation for question #64. The question stem and answer options stay visible for context.
Question
Click the Exhibit button.
The exhibit shows a snippet of a security flow trace. A user cannot open an SSH session to a server. Which action will solve the problem?
Exhibit:
user@srx> show log flow-trace
Apr 3 02:10:28 02:10:28.045090 CID-0-THREAD_ID-01:RT: <10.10.101.10/60858->
10.10.10.10/22;tcp> 8806 Retransmitted filter: filter:1:
Apr 3 02:10:28 02:10:28.045100 CID-0-THREAD_ID-01:RT: no session found, start
first path. In tunnel-0x0, from_cp_flag-0
Apr 3 02:10:28 02:10:28.045104 CID-0-THREAD_ID-01:RT: flow first create session
...
Apr 3 02:10:28 02:10:28.045143 CID-0-THREAD_ID-01:RT: routed (x_dst_ip
10.10.10.10) from trust (ge-0/0/4.0 in 0) to ge-0/0/5.0, Next-hop: 10.10.102.10
(st0.0)
Apr 3 02:10:28 02:10:28.045158 CID-0-THREAD_ID-01:RT: flow_first_policy_search:
policy search from zone trust--> zone dmz (0X0 0xedba0016,0x16)
Apr 3 02:10:28 02:10:28.045191 CID-0-THREAD_ID-01:RT: packet dropped, denied by
policy
Apr 3 02:10:28 02:10:28.045192 CID-0-THREAD_ID-01:RT: denied by policy default-
policy-logical-system-00(2), dropping Pkt
Apr 3 02:10:28 02:10:28.0451 92:CID-0-THREAD_ID-01:RT: packet dropped, policy
deny
Options
- ACreate a security policy that matches the traffic parameters
- BEdit the source NAT to correct the translated address
- CCreate a route entry to direct traffic into the configured tunnel
- DCreate a route to the desired server
Unlock JN0-636 to see the answer
You've previewed enough free JN0-636 questions. Unlock JN0-636 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.