Category: Juniper

WX,Associate (JNCIA-WX): JN0-311 Exam

• JN0-311 Questions & Answers
• Exam Code: JN0-311
• Exam Name: WX,Associate (JNCIA-WX)
• Q & A: 102 Q&As

JN0-311 exam is an important Juniper Certification which can test your professional skills. Candidates want to pass the exam successfully to prove their competence. Lead2Pass Juniper technical experts have collected and certified 102 questions and answers of WX,Associate (JNCIA-WX) which are designed to cover the knowledge points of the Planning and Designing Juniper Superdome Server Solutions and enhance candidates’ abilities. With Lead2Pass JN0-311 preparation tests you can pass the WX,Associate (JNCIA-WX) easily, get the Juniper and go further on Juniper career path.

1: Which two configurations are made using the QoS Setup Wizard? (Choose two.)
A.Assign applications to traffic classes.
B.Use ToS/DSCP values for traffic classes.
C.Exclude subnets from QoS management.
D.Select dedicated vs. over-subscribed circuits.
Correct Answers: A D

2: What is NSC’s functionality?
A.Web caching
B.sequence caching
C.memory-based compression
D.next-generation compression
Correct Answers: B

3: Which statement is true about compression subnets?
A.Compression subnets are turned on by default.
B.Compression subnets advertise remote routes.
C.Compression subnets are usually LAN-side subnets.
D.Compression subnets are usually WAN-side subnets.
Correct Answers: C

4: Which two statements describe the criteria bandwidth detection uses to dynamically alter bandwidth allocation? (Choose two.)
A.Throughput is raised as latency decreases.
B.Throughput is based on available bandwidth.
C.Throughput is lowered as latency decreases.
D.Latency is measured by SYNs returned for each metapacket.
Correct Answers: A B

5: Which two patented or patent-pending compression and caching technologies are used for WX/WXC devices? (Choose two.)
A.Network Sequence Caching (NSC)
B.Molecular Sequence Caching (MSC)
C.Network Sequence Reduction (NSR)
D.Molecular Sequence Reduction (MSR)
Correct Answers: A D

6: Which two secure remote access methods are available on the WX platforms? (Choose two.)
A.SSL
B.SSH
C.Telnet
D.HTTP
Correct Answers: A B

7: Which two environments would take advantage of TCP Acceleration (AFP)? (Choose two.)
A.satellite networks
B.low-latency networks
C.long-haul link with 95% compressibility.
D.long-haul link with 10% compressibility.
Correct Answers: A C

8: Which three statistics does the Executive report summarize? (Choose three.)
A.latency and loss
B.compression results
C.traffic (by application)
D.CRC and alignment errors
E.user access (by username)
Correct Answers: A B C

9: What are two ways to view the system log files on a WX device? (Choose two.)
A.Use the CLI and enter show log.
B.Use the CLI and enter show all.
C.Use the CLI and enter show logging.
D.In WebView, choose Admin > Tools > Display System Log.
Correct Answers: A D

10: Which three locations in WebView allow you to confirm that the endpoints are configured properly? (Choose three.)
A.Monitor > Endpoints
B.Acceleration > Endpoints
C.Device Setup > Endpoints
D.Compression > Endpoints
E.Admin > Maintenance > Display Configuration
Correct Answers: A D E

http://www.lead2pass.com/jn0-311.html

Certified Internet Associate (JNCIA-SSL) 562 Exam: JN0-562 Exam

• JN0-562 Questions & Answers
• Exam Code: JN0-562
• Exam Name: Certified Internet Associate (JNCIA-SSL) 562 Exam
• Q & A: 132 Q&As

Once there is some changes on JN0-562 exam, we will update the study materials timely to make them be consistent with the current exam. We devote to giving our customers the best and latest Juniper JN0-562 dumps. Besides, the product you buy will be updated in time within 100 Days for free.

1: You want to configure Network Connect to allow users to connect through a tunnel, connect to hosts on the same subnet as their local adapter, and shut down any attempt to extend the network boundaries. How do you proceed?
A.Enable split tunneling.
B.Disable split tunneling.
C.Enable split tunneling with route change monitor.
D.Allow access to local subnet with route change monitor.
Correct Answers: D

2: Which three authentication servers are included with a baseline license? (Choose three.)
A.NIS
B.ACE
C.SAML
D.LDAP
E.SiteMinder
Correct Answers: A B D

3: You create a set of role mapping rules. You select “Merge settings for all assigned roles.” The second role mapping rule has the “Stop processing rules when this rule matches” option selected. A user logs in that matches the first three rules. What happens?
A.This is not a valid combination. The system displays an error message and does not update the configuration.
B.The merge settings override the stop processing option. The user matches all three roles and merging follows the standard merging criteria.
C.The Stop rule prevents any more rule matching after checking the second rule. The merge option only merges the roles of the first two rules following the IVE’s built-in permissive merging rules.
D.The Stop rule prevents any more rule matching after checking the second rule. The user now just matches the second rule. The merge option is overridden and the user is given only the privileges defined by the second role.
Correct Answers: C

4: When using the J-SAM, where on a client machine would you look to verify that the loopback addresses are assigned correctly?
A.HOSTS file
B.ARP cache
C.LMHOSTS file
D.local route table
Correct Answers: A

5: What is Cache Cleaner used for?
A.to prevent users from signing in from insecure machines
B.to remove content downloaded during the IVE session
C.to remove Web content cached by the IVE on behalf of the user
D.to determine which files should be cached between remote access sessions
Correct Answers: B

6: Which role-based session option would an administrator configure to allow a user to connect from different source IP addresses within the same user session?
A.roaming session
B.persistent session
C.persistent password caching
D.browser request follow-through
Correct Answers: A

7: Which two Web Resource Policy features provide you with the capability to configure the IVE to work with corporate Proxy Servers? (Choose two.)
A.Web Proxy Policies
B.Web Proxy Servers
C.Web Cache Policies
D.Web Passthrough Proxy
Correct Answers: A B

8: Which two statements about SSL VPNs are true? (Choose two.)
A.SSL VPNs provide better security than IPSEC.
B.SSL VPNs provide a dedicated, point to point connection.
C.SSL VPNs provide high performance for individual connections.
D.SSL VPNs use well-known technologies for secure individual connections.
Correct Answers: C D

9: You are using RADIUS as your authorization server. Other than username, which two attributes are available for creating role mapping rules? (Choose two.)
A.Certificate
B.User Attribute
C.RSA Attributes
D.Group Membership
Correct Answers: A B

10: Where is the IVE typically deployed in the network?
A.behind the Internet firewall
B.internally with all clients directly cabled to the IVE
C.both interfaces on the outside of the Internet firewall
D.parallel to the Internet firewall with one interface on the outside and one on the inside
Correct Answers: A

11: What are two reasons for using Network Connect? (Choose two.)
A.When the ability to disable split tunneling is required.
B.When the client will need to redirect traffic based on process name.
C.When the client will use applications with server-initiated connections.
D.When the client will not have administrator privileges on their machines.
Correct Answers: A C

12: What is the minimum information that must be configured by an administrator to create a resource policy? (Choose two.)
A.resource
B.username
C.policy name
D.session timeout
Correct Answers: A C

13: What are two possible reasons for W-SAM not starting on the client? (Choose two.)
A.Java is disabled in the Sign-in policy.
B.ActiveX autoinstall is disabled in the role.
C.A popup blocker is installed on the client machine.
D.The user does not have administrator privileges on the machine.
Correct Answers: C D

14: Which User Role session option provides you with the capability to cache basic authentication information so users are not challenged repeatedly for the same credentials?
A.roaming session
B.persistent session
C.persistent password caching
D.browser request follow-through
Correct Answers: C

15: What does a sign-in policy map users to when browsing a specified URL?
A.A list of possible user roles.
B.Specific resources as stated in resource policies.
C.The URL presents one or more authentication realms to the user for authentication.
D.The login is passed to an authentication server for verification, and an authorization server for user attribute information.
Correct Answers: C

http://www.lead2pass.com/jn0-562.html

FXV,Associate (JNCIA-FWV): JN0-522 Exam

• JN0-522 Questions & Answers
• Exam Code: JN0-522
• Exam Name: FXV,Associate (JNCIA-FWV)
• Q & A: 132 Q&As

Once there is some changes on JN0-522 exam, we will update the study materials timely to make them be consistent with the current exam. We devote to giving our customers the best and latest Juniper JN0-522 dumps. Besides, the product you buy will be updated in time within 150 Days for free.

1: Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A.routes
B.Phase 1 configuration options
C.Phase 2 configuration options
D.selected quick mode encryption algorithms
Correct Answers: A B

2: Which ScreenOS CLI commands would be used to enable traffic logging in policy edit mode?
A.set log
B.set logging
C.set traffic-log
D.set policy traffic-log
Correct Answers: A

3: What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?
A.2
B.3
C.4
D.6
Correct Answers: C

4: Which statement is correct regarding administrator privileges?
A.Any administrator can change their privileges on an as-needed basis.
B.Administrator privileges can only be established and changed by the root administrator.
C.Administrator privileges can  be established and changed by the root and all-privilege administrator.
D.Administrator privileges can only be established by the root and can be changed by the root and all-privilege administrator.
Correct Answers: B

5: A ScreenOS firewall has one interface in the user zone and one interface in the servers zone. Both interfaces are addressed and active. The configured policy allows user traffic from the user zone to the FTP server in the servers zone, but the traffic does not cross the firewall from the client to the server. What is the most likely problem with the firewall?
A.The ScreenOS firewall has no physical connection to the FTP server.
B.The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C.The ScreenOS firewall does not have a route defined to the FTP server’s subnet.
D.The ScreenOS firewall does not have a route defined to the FTP client’s subnet.
Correct Answers: C

6: While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this?
A.The policy is currently inactive.
B.The policy is configured to support a MIP.
C.The policy is configured for unidirectional NAT.
D.The policy is currently passing traffic beyond its traffic limits and is in alarm state.
Correct Answers: C

7: Which two steps are required for MIP configuration? (Choose two.)
A.Define the MIP.
B.Define the MIP ports.
C.Configure the MIP policy.
D.Configure the MIP interface.
Correct Answers: A C

8: Which three commands are used to verify that routing is correctly configured? (Choose three.)
A.ping
B.get route
C.trace-route
D.get session
E.get interface
Correct Answers: A B C

9: You are trying to remove an address book entry by going to the Objects > Addresses > List display of the WebUI, but you cannot find the remove option. What would cause this problem?
A.An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B.The address book entry is misconfigured. You need to correct the address book entry before it will allow you to delete it.
C.You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D.The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it can be deleted.
Correct Answers: D

10: Which ScreenOS CLI policy statement keyword would enable a policy only during specified times, days, and/or dates?
A.at
B.calendar
C.schedule
D.scheduler
Correct Answers: C

11: Click the Exhibit button.
Traffic from the Internet to the partner servers must use a VIP.
In the exhibit, what is true about the configuration of this feature?

A.You cannot use a VIP in this environment.
B.The VIP can be configured on the e0/4 interface.
C.The VIP can be configured in the Corporate or Internet zone using a different subnet than the physical interface.
D.The VIP will work only if the destination ports in the incoming packet headers are mapped to the same ports in the Corporate zone.
Correct Answers: A

12: You enter the following command:
set int e8 dip 5 shift-from 10.1.1.5 1.1.10.2 1.1.10.40
What will be the source IP address of the egress packet for the second user requesting an address from the DIP pool, if the source address of that user is 10.1.1.7?
A.1.1.10.2
B.1.1.10.3
C.1.1.10.4
D.1.1.10.40
Correct Answers: C

13: Click the Exhibit button.
In the exhibit, why is the packet dropped?
A.interface down
B.route not configured
C.policy not configured
D.denied by policy 1005
Correct Answers: C

14: By default, from which hardware component is the startup copy of the ScreenOS loaded?
A.NVRAM
B.TFTP server
C.internal flash
D.PCMCIA card
Correct Answers: C

15: What is the default mode for an interface in the trust zone?
A.NAT
B.route
C.Layer 2
D.Layer 3
E.transparent
Correct Answers: A

http://www.lead2pass.com/jn0-522.html

FXV,Associate (JNCIA-FWV): JN0-522 Exam

• JN0-522 Questions & Answers
• Exam Code: JN0-522
• Exam Name: FXV,Associate (JNCIA-FWV)
• Q & A: 132 Q&As

1: Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A.routes
B.Phase 1 configuration options
C.Phase 2 configuration options
D.selected quick mode encryption algorithms
Correct Answers: A B

2: Which ScreenOS CLI commands would be used to enable traffic logging in policy edit mode?
A.set log
B.set logging
C.set traffic-log
D.set policy traffic-log
Correct Answers: A

3: What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?
A.2
B.3
C.4
D.6
Correct Answers: C

4: Which statement is correct regarding administrator privileges?
A.Any administrator can change their privileges on an as-needed basis.
B.Administrator privileges can only be established and changed by the root administrator.
C.Administrator privileges can  be established and changed by the root and all-privilege administrator.
D.Administrator privileges can only be established by the root and can be changed by the root and all-privilege administrator.
Correct Answers: B

5: A ScreenOS firewall has one interface in the user zone and one interface in the servers zone. Both interfaces are addressed and active. The configured policy allows user traffic from the user zone to the FTP server in the servers zone, but the traffic does not cross the firewall from the client to the server. What is the most likely problem with the firewall?
A.The ScreenOS firewall has no physical connection to the FTP server.
B.The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C.The ScreenOS firewall does not have a route defined to the FTP server’s subnet.
D.The ScreenOS firewall does not have a route defined to the FTP client’s subnet.
Correct Answers: C

6: While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this?
A.The policy is currently inactive.
B.The policy is configured to support a MIP.
C.The policy is configured for unidirectional NAT.
D.The policy is currently passing traffic beyond its traffic limits and is in alarm state.
Correct Answers: C

7: Which two steps are required for MIP configuration? (Choose two.)
A.Define the MIP.
B.Define the MIP ports.
C.Configure the MIP policy.
D.Configure the MIP interface.
Correct Answers: A C

8: Which three commands are used to verify that routing is correctly configured? (Choose three.)
A.ping
B.get route
C.trace-route
D.get session
E.get interface
Correct Answers: A B C

9: You are trying to remove an address book entry by going to the Objects > Addresses > List display of the WebUI, but you cannot find the remove option. What would cause this problem?
A.An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B.The address book entry is misconfigured. You need to correct the address book entry before it will allow you to delete it.
C.You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D.The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it can be deleted.
Correct Answers: D

10: Which ScreenOS CLI policy statement keyword would enable a policy only during specified times, days, and/or dates?
A.at
B.calendar
C.schedule
D.scheduler
Correct Answers: C

11: Click the Exhibit button.
Traffic from the Internet to the partner servers must use a VIP.
In the exhibit, what is true about the configuration of this feature?

A.You cannot use a VIP in this environment.
B.The VIP can be configured on the e0/4 interface.
C.The VIP can be configured in the Corporate or Internet zone using a different subnet than the physical interface.
D.The VIP will work only if the destination ports in the incoming packet headers are mapped to the same ports in the Corporate zone.
Correct Answers: A

12: You enter the following command:
set int e8 dip 5 shift-from 10.1.1.5 1.1.10.2 1.1.10.40
What will be the source IP address of the egress packet for the second user requesting an address from the DIP pool, if the source address of that user is 10.1.1.7?
A.1.1.10.2
B.1.1.10.3
C.1.1.10.4
D.1.1.10.40
Correct Answers: C

13: Click the Exhibit button.
In the exhibit, why is the packet dropped?

A.interface down
B.route not configured
C.policy not configured
D.denied by policy 1005
Correct Answers: C

14: By default, from which hardware component is the startup copy of the ScreenOS loaded?
A.NVRAM
B.TFTP server
C.internal flash
D.PCMCIA card
Correct Answers: C

15: What is the default mode for an interface in the trust zone?
A.NAT
B.route
C.Layer 2
D.Layer 3
E.transparent
Correct Answers: A

16: Click the Exhibit button.
In the exhibit, which interface would be used to forward traffic to host 1.1.7.5?

A.e0/1
B.e0/2
C.e0/3
D.e0/4
Correct Answers: C

17: Click the Exhibit button.
In the exhibit, which routing command would allow host A to communicate with host D? (Note: Assume a route from the SSG 20 to host A’s subnet already exists.)

A.set route 200.5.5.0/24 interface e0/4
B.set route 143.45.56.0/24 interface e0/4
C.set route 0.0.0.0/0 int e0/4 gateway 143.45.56.254
D.set route 200.5.5.0/24 gateway 143.45.56.254 int e0/4
Correct Answers: C

18: Which ScreenOS CLI command would be used to add services to an existing multi-cell policy?
A.set service <x>
B.set multiple service < x>
C.set service <x> multiple
D.set policy from trust to untrust any any <AnotherService> permit
Correct Answers: A

19: Telnet management has been enabled on an interface in the untrust zone. What else should be configured to limit telnet access to the ScreenOS device from trusted management PCs?
A.Define a permitted IP address.
B.Define a policy from trust to untrust.
C.Define a trusted IP in the address table.
D.Define a manage IP address on this interface.
Correct Answers: A

20: You are looking at the event log of the responding device and it says, “Rejected an initial Phase 1 packet from an unrecognized peer gateway” What are three likely reasons for the failure? (Choose three.)
A.The peer ID is misconfigured.
B.The default gateway is missing.
C.The preshare keys are mismatched.
D.The gateway address is misconfigured.
E.The outgoing interface is misconfigured.
Correct Answers: A D E

http://www.lead2pass.com/jn0-522.html