[Pdf Dump] Latest JPR-960 Dump

Juniper Networks Certified Internet Expert (JNCIE-SP): JPR-960 Exam

  • JPR-960 Questions & Answers
  • Exam Code: JPR-960
  • Exam Name: Juniper Networks Certified Internet Expert (JNCIE-SP)
  • Updated: February 14, 2012
  • Q & A: 149 Q&As

1: Which model does not support clustering?
A.SA700
B.SA2000
C.SA4000
D.SA6000
Correct Answers: A

2: What is a disadvantage of using Core Access?
A.has limited auditing
B.has no kiosk access
C.has limited resource access
D.requires administrator privileges on user machines to function
Correct Answers: C

3: Which three statements are true about the configuration of an LDAP Authentication Server on the IVE? (Choose three.)
A.LDAP can be used for both authentication and authorization purposes.
B.LDAP Authentication Server cannot provide password management capabilities like AD/NT.
C.You can use an LDAP Authentication Server to do LDAP accounting as well as authentication.
D.To use the password management feature you must select the appropriate LDAP server type from the pull down menu.
E.If you want to enable password management on any LDAP server, you need to provide an administrator account (with write privileges to the directory) for the Admin DN.
Correct Answers: A D E

4: Which two Web Resource Policy features provide you with the capability to configure the IVE to work with corporate Proxy Servers? (Choose two.)
A.Cache Policies
B.Selective Rewriting
C.Web Proxy Policies
D.Web Proxy Servers
Correct Answers: C D

5: When can the Host Checker feature be invoked by the IVE? (Choose three.)
A.when the user logs out of the IVE
B.before the login page is presented
C.when assigning users to a Realm
D.only after the sign-in page is displayed
E.before allowing access to a particular resource
Correct Answers: B C E

6: Which three statements are true about the Host Checker feature? (Choose three.)
A.Host Checker can be used to check the age of a file on a client system.
B.Host Checker can be invoked before a user is allowed to sign in to the IVE.
C.Host Checker can be used to check the presence of a particular file on a client system.
D.Host Checker can verify the client certificate being offered by the client system via a Certificate Revocation List (CRL) check.
Correct Answers: A B C

7: When creating Web bookmarks for a User Role, what two are examples of URL variables that can provide personalization based on user attributes? (Choose two.)
A.http://*.golf.local/*
B.http://intranet/<USER>
C.http://intranet/<userAttr.dept>
D.http://erp.golf.local/<GROUPNAME>
Correct Answers: B C

8: Which two types of Digital Certificates are used by the IVE? (Choose two.)
A.Client Certificates
B.LDAP Certificates
C.Server Certificates
D.RADIUS Certificates
Correct Answers: A C

9: You want your users to be able to browse to any SSL-enabled Web site behind the IVE. All necessary certificates have been loaded.
What do you need to do to accomplish this? (Choose three.)
A.set the ewrite file:// URLs option in the resource policy
B.set the “Allow users to type URLs” option in the User Role
C.set the “Allow browsing untrusted SSL servers” option in the User Role
D.configure a resource policy to allow access to all addresses using port 443
E.configure a resource policy to allow access to all addresses using protocol SSL
Correct Answers: B C D

10: Which two combinations of Authentication Servers and Directory Servers are valid? (Choose two.)
A.Authentication Server: IVE
Directory Server: LDAP
B.Authentication Server: LDAP
Directory Server: AD/NT
C.Authentication Server: RADIUS
Directory Server: LDAP
D.Authentication Server: AD/NT
Directory Server: RADIUS
Correct Answers: A C

11: Two resource policies cover the same resource. The first policy resource definition is not as specific as the second policy.
Which resource policy takes precedence and why?
A.The first policy takes precedence because it is the first match in the rule list and first match stops processing.
B.The second policy takes precedence because it is most specific and the system works on longest match.
C.The second policy takes precedence because all rules are always evaluated and the last match it finds controls the action.
D.The second policy takes precedence. Unless you specify that the first rule is marked to stop processing, the system continues to check for matches until it reaches the last match and it takes that rule’s action.
Correct Answers: A

12: What makes RADIUS unique from the other Authentication Servers that the IVE can utilize?
A.It can be used to obtain User attributes.
B.It can be used to obtain Group information.
C.It can be used to do Accounting as well as Authentication.
D.It can be used as both a Directory Server and an Authentication Server.
Correct Answers: C

13: Cache Cleaner is enabled in the default configuration.
What will it clear from the users system when the IVE session is over?
A.nothing
B.all temporary Internet files
C.all content downloaded through the IVE’s rewriter engine
D.all cached usernames and passwords from the browser
Correct Answers: C

14: You are configuring J-SAM for customer access to a client/server application. The user has administrative access to his workstation. You have properly configured the SAM access control policy.
Which additional option must be turned on under User > Roles> [ROLE] > for J-SAM to work properly?
A.Session Start Script
B.Automatic Host-mapping
C.User Can Add Applications
D.Prompt for Username and Password for Intranet Sites
Correct Answers: B

15: You are using LDAP as your Directory Server.
Which two options are available for creating role mapping rules? (Choose two.)
A.User Attribute
B.LDAP Attributes
C.Group Membership
D.CA Certificate Attributes
Correct Answers: A C