Pass4Test는 Juniper JN0-530 (Juniper networks Certified internet specialist(jncis-fwv)) 시험문제가 변경되면 Juniper JN0-530 (Juniper networks Certified internet specialist(jncis-fwv)) 덤프업데이트를 시도합니다. 업데이트가능하면 바로 업데이트하여 업데이트된 최신버전을 무료로 제공해드리는데 시간은 1년동안입니다.Juniper JN0-530 (Juniper networks Certified internet specialist(jncis-fwv)) 시험을 패스하여 자격증을 취득하고 싶은 분들은 Pass4Test제품을 추천해드립니다.온라인서비스를 찾아주시면 할인해드릴게요.
NO.1 You need to configure your NetScreen device for management from a remote network. Which two of
the following configuration elements would be the minimum required elements? (The other three
elements are valid but optional.)
A.Default route
B.Manage IP address
C.Manager IP address
D.Interface IP address
E.Creating an administrator
Answer: AD
NO.2 What is the maximum number of ports that can be added to an aggregate interface group on a 24 FE
card?
A.2
B.4
C.5
D.8
E.16
Answer: D
NO.3 Which component is responsible for performing both the forwarding lookup and policy evaluation on
the first packet in a session received by an NS-500?
A.RAM
B.CPU
C.ASIC on system board
D.ASIC on interface card
Answer: B
NO.4 Which two (2) port groups represent an allowed aggregate interface configuration on a NetScreen
5400?
A.E2/1 and E3/1
B.E2/2 and E2/3
C.E3/1 and E3/3
D.E3/1 and E3/2
E.E4/5 and E4/6
Answer: DE
NO.5 What formula does NetScreen use to determine which policies will be checked when traffic enters the
device?
A.NetScreen builds an index on source IP and searches only those policies matching the source IP of the
ingress packet
B.NetScreen checks all policies that have been created with a special algorithm that checks all policies
with fewer CPU cycles
C.NetScreen builds an index on destination IP and searches only those policies matching the destination
IP of the ingress packet
D.NetScreen checks a subset of all policies based on the ingress zone of the packet combined with the
egress zone of the packet
Answer: D
NO.6 Which two commands would be necessary to set up a default route on a NetScreen device using two
virtual routers? The default path is connected to vr-untrust, with a next-hop address of 1.1.8.1.
A.set route 0.0.0.0/0 vrouter untrust-vr
B.set vrouter trust-vr route 0.0.0.0/0 gate 1.1.8.1
C.set vrouter untrust-vr route 0.0.0.0/0 int untrust
D.set route 0.0.0.0/0 int untrust gateway 1.1.8.1
E.set vrouter untrust-vr route 0.0.0.0/0 gate 1.1.8.1
Answer: AE
NO.7 What is the recommended order for a basic policy-based VPN configuration?
A.1,4,3,5,2
B.2,1,4,3,5
C.2,3,5,1,4
D.3,5,1,3,2
Answer: C
NO.8 You are trying to configure VLANs on your NetScreen device. You cannot find the option to add a VLAN
tag to the interface.
Which two (2) of the following could be the reason?
A.The interface is in transparent mode
B.The primary interface is in NAT mode
C.The primary interface is in route mode
D.You have bound the interface to the untrust zone
E.You are trying to create the VLAN off of a physical interface
Answer: AE
NO.9 What is the correct method to reference a sub-interface?
A.Ethernet 2/1/1
B.Ethernet 2/1:1
C.Ethernet 2/1-1
D.Ethernet 2/1.1
Answer: D
NO.10 Which two (2) route-based VPN configurations would still require a policy?
A.A policy is never needed to get traffic to a route-based VPN
B.The tunnel interface is in a different zone than the traffic source interface
C.The tunnel interface is in a different zone than the traffic destination interface
D.The tunnel interface is in the same zone as the traffic source interface and intra-zone blocking is turned
off
Answer: BC
NO.11 How can you view the value of a Phase 1 pre-shared key on a device running ScreenOS 5.0 or later?
A.get ike gateway
B.get ike pre-share
C.get conf | inc gateway
D.You cannot retrieve the pre-shared key value. It is encrypted and cannot be viewed.
Answer: D
NO.12 What are the minimum configuration requirements for configuring a NetScreen device for
administrative access? (select the best two (2) answers)
A.Policies
B.Adding routes
C.SNMP configuration
D.Interface addressing
E.Creating an administrator
Answer: BD
NO.13 Which messages exchange certificates during IKE Main Mode negotiations?
A.Messages 1 & 2
B.Messages 2 & 3
C.Messages 3 & 4
D.Messages 5 & 6
E.Certificates are not exchanged in main mode.
Answer: D
NO.14 You are a read/write VSYS administrator. Your configuration requires the use of a DIP. Which statement
correctly describes this situation?
A.DIP creation can only be done by the root administrator, not a VSYS administrator
B.You can create the DIP on any interface imported into your VSYS, but not on shared interfaces
C.You can create DIPs on any interface you can see in your interface list, including both private and
shared interfaces
D.You can create DIPs only on sub-interfaces within your VSYS. All other DIPs need to be created by the
root level VSYS admin
Answer: A
NO.15 When using NSRP, what command will insure uninterrupted communications for VPNs using certificates
for authentication?
A.set hostname
B.set NSRP clustername
C.set NSRP cluster name
D.set NSRP cluster hostname
Answer: C
NO.16 Which is a valid Phase 1 IKE proposal?
A.pre-g1-des-md5
B.g2-esp-des-md5
C.g2-esp-aes128-md5
D.nopfs-esp-des-md5
Answer: A
NO.17 Which parameter is exchanged during Phase 2 negotiations?
A.Proxy-id
B.Certificates
C.Preshared Key
D.NAT-Transversal Data
E.Asymmetric Private Keys
Answer: A
NO.18 What is the maximum number of interfaces available for user traffic on the NetScreen 5400? (Assume
that 5000-FE24 cards are supported)
A.24
B.30
C.72
D.78
E.79
Answer: D
NO.19 Which two (2) processes are able to use certificates on a NetScreen device?
A.IKE Phase 2 VPNS
B.Certify NTP Servers
C.IKE Phase 1 Gateways
D.Management using SNMP
E.Management SSL traffic
Answer: CE
NO.20 Which is a valid Phase 2 IKE proposal?
A.pre-g1-des-md5
B.rsa-g2-3des-sha
C.g2-esp-3des-md5
D.g2-esp-aes120-md5
Answer: C
NO.21 Click the Exhibit button.
You are having problems with traffic getting to destinations out of interface Ethernet 1. You execute a "get
route" command and get the results seen in the exhibit. What can you determine from the this routing
table?
A.The physical link may be down on the interface and that problem has to be corrected
B.Since the preference is 0 it is not being chosen to pass any routes. You must configure the preference
to be a higher value
C.Ethernet 1 does not have a gateway assigned to it so the system does not know where to send the
traffic using that interface
D.You cannot tell why traffic would not be going out Ethernet 1. You will need to try other troubleshooting
commands to find your problem
Answer: A
NO.22 Which three (3) elements are required to build a route-based VPN?
A.create routes
B.create policies
C.create tunnel interfaces
D.Create address book entries
E.bind VPN to tunnel interfaces
Answer: ACE
NO.23 Place the following items in the order most closely matches the NetScreen Packet Flow process.
A.2,1,3,5,4
B.4,2,3,1,5
C.5,2,1,3,4
D.5,3,2,1,4
E.5,4,3,2,1
Answer: D
NO.24 What is the number of interfaces available for user traffic on a NetScreen 500 configured with 2
mini-GBIC cards, 1 regular GBIC Card and 1 10/100 Ethernet card?
A.4
B.7
C.8
D.11
E.16
Answer: B
NO.25 You need to investigate some physical layer problems. Which command will provide you with
information that you can use to analyze these type of problems?
A.get log event
B.get counter screen
C.get counter flow interface
D.get counter statistics interface
Answer: D
NO.26 Which representation of an interface depicts a VSI?
A.e1/1:1
B.e2;2
C.e3/1.2
D.e4:4.1
Answer: A
NO.27 What must be configured differently for a IKE Phase 1 gateway used by a route-based VPN than an
IKE Phase 1 gateway for a policy-based VPN?
A.Proposals
B.Pre-shared key
C.Remote gateway type
D.Binding the tunnel interface
E.There are no differences in building a route based IKE gateway and a Policy based IKE gateway
Answer: E
NO.28 Which two (2) commands would build a valid default gateway to a NetScreen device using 1 virtual
router and having a next hop of 1.1.1.1?
A.set route 0.0.0.0/0 int untrust
B.set route 1.1.1.1 gateway 0.0.0.0/0
C.set route 0.0.0.0/0 interface untrust gateway 1.1.1.1
D.set vr trust-vr route 0.0.0.0/0 gateway 1.1.1.1
E.set route 0.0.0.0/255.255.255.255 gateway 1.1.1.1
Answer: CD
NO.29 When the NetScreen 5200 receives a packet for a session which is already established, which
component is responsible for performing the session match?
A.RAM
B.CPU
C.ASIC on interface card
D.ASIC on management card
Answer: C
NO.30 You create a policy-based VPN, and select an address group for the source address. What will be the
source part of the proxy-id seen by the remote security gateway?
A.0.0.0.0/0
B.The last member of the address group
C.The first member of the address group
D.A string of all of the addresses in the address group
E.The subnet that contains all addresses in the address group
Answer: A
Juniper JN0-530 최신덤프공부
Posted 2013/10/16 6:24:57 | Category: 미분류 | Tag: