[Free] Download New Latest (November) Juniper JN0-314 Actual Tests 1-10

Ensurepass

QUESTION 1

A new software engineer has been hired. As part of the normal hiring process, the user was added to the Active Directory and placed into the Domain Users group and the SW_DEV group. The Domain Users group has access to the company’s intranet website and time card system. The SW_DEV group has access to the source code library server. You have created roles that correspond to each Active Directory group. The user calls the help desk stating that they cannot access the source code library server.

 

Which two troubleshooting tools would you use on the Junos Pulse Access Control Service to resolve the issue? (Choose two.)

 

A.

Perform a policy trace for the specific user and review the output to isolate the problem.

B.

Review the Events log.

C.

Review the Admin Access log to verify that the user has the correct permissions to access the SVVJDEV resource.

D.

Review the User Access log to verify that the user is getting mapped to both the Domain User role and the SW_DEV role.

 

Answer: AD

 

 

QUESTION 2

You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.

 

Which statement is true?

 

A.

You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

B.

No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.

C.

You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.

D.

You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.

 

Answer: A

 

 

 

 

 

QUESTION 3

A user is successfully authenticating to the network but is unable to access protected resources behind a ScreenOS enforcer. You log in to the ScreenOS enforcer and issue the command get auth table infranet and you do not see the user listed.

 

Which two event log settings on the Junos Pulse Access Control Service must you enable to troubleshootthis issue? (Choose two.)

 

A.

Connection Requests

B.

System Errors

C.

Enforcer Events

D.

Enforcer Command Trace

 

Answer: CD

 

 

QUESTION 4

You must configure access to the corporate network for employees using a client access method. Users require IPsec tunneling to protected resources and an 802.1X supplicant. Users will access the network using Windows platforms.

 

Which two client access methods would support these requirements? (Choose two.)

 

A.

Junos Pulse

B.

Java Agent

C.

Odyssey Access Client

D.

Native 802.1X supplicant

 

Answer: AC

 

 

QUESTION 5

You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos Pulse Secure Access Service provisions a remote access session for that user.

 

 

 

 

What happens next?

 

A.

The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access Service for authentication

B.

The Junos Pulse Access Control Service provisions enforcement points to enable resource access for that user.

C.

The Junos Pulse Secure Access Service publishes user session and role information to the IF-MAP Federation server,

D.

The Junos Pulse Secure Access Service provisions enforcement points to enable resource access for that user.

 

Answer: C

 

 

QUESTION 6

You have multiple realms configured on a MAG Series device. A user is authenticating with a non-Junos Pulse Access Control Service client. The username does not contain a realm suffix.

 

Which behavior will the user experience?

 

A.

The user will not be able to log-in, as the Junos Pulse Access Control Service device cannot map the user to a realm when the realm value is empty.

B.

The user will be mapped to all realms available to the user.

C.

The Junos Pulse Access Control Service device displays a page where the user must choose from a list of realms.

D.

The endpoint is assigned to the first realm in the list whose authentication server is a match with the endpoints software.

 

Answer: D

 

 

QUESTION 7

What is a Host Enforcer policy?

 

A.

A policy that is defined on the endpoint that permits or denies inbound or outbound traffic.

B.

A policy that is sent to the endpoint that permits or denies inbound or outbound traffic.

C.

A policy that is sent to the protected resource that permits or denies inbound or outbound traffic.

 

 

 

 

D.

A policy that is defined on the protected resource that permits or denies inbound or outbound traffic.

 

Answer: B

 

 

QUESTION 8

You have a firewall enforcer protecting sensitive internal resources in a data center. The network traversed by endpoint traffic is semi-trusted, so you need to encrypt the traffic between the endpoints accessing the resources and the firewall enforcer.

 

Which type of policies provide this level of protection?

 

A.

resource access policies

B.

Host Enforcer policies

C.

source IP enforcement policies

D.

IPsec enforcement policies

 

Answer: D

 

 

QUESTION 9

You are installing a new deployment of the Junos Pulse Access Control Service. You have an existing RADIUS server that has a populated user file. You are considering using the RADIUS proxy feature.

 

Which consideration must you take into account?

 

A.

Your RADIUS server database must be replicated onto another device for redundancy.

B.

Inner proxy creates a tunnel between the supplicant and the external server.

C.

RADIUS proxy causes the role assignment process to be skipped.

D.

Outer proxy configuration passes authentication data to the external RADIUS server in clear text.

 

Answer: C

 

 

QUESTION 10

 

You are setting up a Junos Pulse Access Control Service. You cannot obtain a device certificate from an external certificate authority.

 

Which tool should you use to generate a device certificate?

 

A.

OpenSSL

B.

OpenSSH

C.

OpenLDAP

D.

OpenRADIUS

 

Answer: A

 

Free VCE & PDF File for Juniper JN0-314 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-314 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.