FXV,Associate (JNCIA-FWV): JN0-522 Exam
- JN0-522 Questions & Answers
- Exam Code: JN0-522
- Exam Name: FXV,Associate (JNCIA-FWV)
- Q & A: 132 Q&As
1: Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A.routes
B.Phase 1 configuration options
C.Phase 2 configuration options
D.selected quick mode encryption algorithms
Correct Answers: A B
2: Which ScreenOS CLI commands would be used to enable traffic logging in policy edit mode?
A.set log
B.set logging
C.set traffic-log
D.set policy traffic-log
Correct Answers: A
3: What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?
A.2
B.3
C.4
D.6
Correct Answers: C
4: Which statement is correct regarding administrator privileges?
A.Any administrator can change their privileges on an as-needed basis.
B.Administrator privileges can only be established and changed by the root administrator.
C.Administrator privileges can be established and changed by the root and all-privilege administrator.
D.Administrator privileges can only be established by the root and can be changed by the root and all-privilege administrator.
Correct Answers: B
5: A ScreenOS firewall has one interface in the user zone and one interface in the servers zone. Both interfaces are addressed and active. The configured policy allows user traffic from the user zone to the FTP server in the servers zone, but the traffic does not cross the firewall from the client to the server. What is the most likely problem with the firewall?
A.The ScreenOS firewall has no physical connection to the FTP server.
B.The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C.The ScreenOS firewall does not have a route defined to the FTP server’s subnet.
D.The ScreenOS firewall does not have a route defined to the FTP client’s subnet.
Correct Answers: C
6: While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this?
A.The policy is currently inactive.
B.The policy is configured to support a MIP.
C.The policy is configured for unidirectional NAT.
D.The policy is currently passing traffic beyond its traffic limits and is in alarm state.
Correct Answers: C
7: Which two steps are required for MIP configuration? (Choose two.)
A.Define the MIP.
B.Define the MIP ports.
C.Configure the MIP policy.
D.Configure the MIP interface.
Correct Answers: A C
8: Which three commands are used to verify that routing is correctly configured? (Choose three.)
A.ping
B.get route
C.trace-route
D.get session
E.get interface
Correct Answers: A B C
9: You are trying to remove an address book entry by going to the Objects > Addresses > List display of the WebUI, but you cannot find the remove option. What would cause this problem?
A.An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B.The address book entry is misconfigured. You need to correct the address book entry before it will allow you to delete it.
C.You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D.The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it can be deleted.
Correct Answers: D
10: Which ScreenOS CLI policy statement keyword would enable a policy only during specified times, days, and/or dates?
A.at
B.calendar
C.schedule
D.scheduler
Correct Answers: C
11: Click the Exhibit button.
Traffic from the Internet to the partner servers must use a VIP.
In the exhibit, what is true about the configuration of this feature?
A.You cannot use a VIP in this environment.
B.The VIP can be configured on the e0/4 interface.
C.The VIP can be configured in the Corporate or Internet zone using a different subnet than the physical interface.
D.The VIP will work only if the destination ports in the incoming packet headers are mapped to the same ports in the Corporate zone.
Correct Answers: A
12: You enter the following command:
set int e8 dip 5 shift-from 10.1.1.5 1.1.10.2 1.1.10.40
What will be the source IP address of the egress packet for the second user requesting an address from the DIP pool, if the source address of that user is 10.1.1.7?
A.1.1.10.2
B.1.1.10.3
C.1.1.10.4
D.1.1.10.40
Correct Answers: C
13: Click the Exhibit button.
In the exhibit, why is the packet dropped?
A.interface down
B.route not configured
C.policy not configured
D.denied by policy 1005
Correct Answers: C
14: By default, from which hardware component is the startup copy of the ScreenOS loaded?
A.NVRAM
B.TFTP server
C.internal flash
D.PCMCIA card
Correct Answers: C
15: What is the default mode for an interface in the trust zone?
A.NAT
B.route
C.Layer 2
D.Layer 3
E.transparent
Correct Answers: A
16: Click the Exhibit button.
In the exhibit, which interface would be used to forward traffic to host 1.1.7.5?
A.e0/1
B.e0/2
C.e0/3
D.e0/4
Correct Answers: C
17: Click the Exhibit button.
In the exhibit, which routing command would allow host A to communicate with host D? (Note: Assume a route from the SSG 20 to host A’s subnet already exists.)
A.set route 200.5.5.0/24 interface e0/4
B.set route 143.45.56.0/24 interface e0/4
C.set route 0.0.0.0/0 int e0/4 gateway 143.45.56.254
D.set route 200.5.5.0/24 gateway 143.45.56.254 int e0/4
Correct Answers: C
18: Which ScreenOS CLI command would be used to add services to an existing multi-cell policy?
A.set service <x>
B.set multiple service < x>
C.set service <x> multiple
D.set policy from trust to untrust any any <AnotherService> permit
Correct Answers: A
19: Telnet management has been enabled on an interface in the untrust zone. What else should be configured to limit telnet access to the ScreenOS device from trusted management PCs?
A.Define a permitted IP address.
B.Define a policy from trust to untrust.
C.Define a trusted IP in the address table.
D.Define a manage IP address on this interface.
Correct Answers: A
20: You are looking at the event log of the responding device and it says, “Rejected an initial Phase 1 packet from an unrecognized peer gateway” What are three likely reasons for the failure? (Choose three.)
A.The peer ID is misconfigured.
B.The default gateway is missing.
C.The preshare keys are mismatched.
D.The gateway address is misconfigured.
E.The outgoing interface is misconfigured.
Correct Answers: A D E
http://www.lead2pass.com/jn0-522.html