[Free] Download New Latest (November) Juniper JN0-314 Actual Tests 31-40

Ensurepass

QUESTION 31

What are three necessary steps for enabling 802.1X access when configuring Layer 2 enforcement? (Choose three.)

 

A.

Configure a location group

B.

Createan authentication protocol set

C.

Configure the RADIUS AV pair list

D.

Configure RADIUS clients

E.

Configure role and role-mapping rules

 

Answer: ADE

 

 

QUESTION 32

You navigate to “UAC” > “Infranet Enforcer” > “Auth Table Mapping” in the admin GUI. You see one policy, which is the unmodified, original default policy.

 

Which statement is true?

 

A.

Dynamic auth table mapping is not enabled.

B.

A successful authentication attempt will result in a new authentication table entry, which will be delivered only to the Junos enforcer protecting the network from which the user has authenticated.

C.

To create a static auth table mapping, you must delete the default policy.

D.

The default policy applies only to the factory-default role User.

 

Answer: A

 

 

 

 

 

QUESTION 33

You are an administrator of an active/passive cluster of MAG Series devices running in mixed-mode configuration (IF-MAP server and authenticating users). The active user count is quickly approaching the maximum limit of the cluster. You have been directed to reconfigure the cluster to an active/active cluster and add a new license to increase the total number of active users the cluster can support.

 

What must you do before changing the cluster configuration?

 

A.

Apply the new license to the passive node of the cluster.

B.

Configure an external load balancer to hold the VIP.

C.

Disable the active node in the cluster.

D.

Remove the IF-MAP server configuration.

 

Answer: D

 

 

QUESTION 34

You are the administrator of a Junos Pulse Access Control Service implementation. You must restrict authenticated users connected from the branch offices to a few specific resources within the data center. However, when the authenticated users are connected at the corporate office, they are allowed more access to the data center resources. You have created two roles with different levels of access and are trying to determine the best way of controlling when a user is mapped to a specific role. Having the user prompted to manually select their role is possible, but you want to automate the process.

 

Which configuration solves this problem?

 

A.

Implement a RADIUS request attribute policy to assist with realm selection and create different role-mapping rules for the user in each realm.

B.

Implement a directory/attribute server on the realm and set up this server to determine by group membership the proper role to which a user should be mapped.

C.

Reorder the role-mapping rules to allow for the more open role to be mapped first and then enable the “stop processing rules when this rule matches” function on this role.

D.

Implement a Host Checker policy on the realm that determines the geographic location of the device and restricts the user based on the results of the policy.

 

Answer: A

 

 

 

 

 

QUESTION 35

You are configuring an LDAP authentication server, and you want to configure role- mapping rules based on group membership. When you attempt to search for groups in the server catalog, no groups appear.

 

Assuming the LDAP server is reachable and functioning properly, in the admin GUI. Which two parts of the configuration should you verify are correct? (Choose two.)

 

A.

Finding user entries

B.

Authentication required?

C.

LDAP Server Type

D.

Determining group membership

 

Answer: BD

 

 

QUESTION 36

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users. Which two parameters must you configure on the SRX210? (Choose two.)

 

A.

access profile

B.

IKE parameters

C.

tunneled interface

D.

redirect policy

 

Answer: AB

 

 

QUESTION 37

A customer is trying to decide which 802.1X inner protocol to use on their network. The customer requires that no passwords be sent across the network in plain text, that the protocol be supported by the Windows native supplicant, and that the protocol supports password changes at Layer 2.

 

Which protocol would meet the customer’s needs?

 

 

 

 

 

A.

EAP-TLS

B.

EAP-MD5

C.

PAP

D.

EAP-MSCHAPv2

 

Answer: D

 

 

QUESTION 38

Click the Exhibit button.

 

clip_image002

 

What is the cause of the error shown in the exhibit?

 

A.

A RADIUS request is being received from a device that is not configured on the RADIUS Client page.

B.

A user entered an incorrect password during RADIUS authentication.

C.

A RADIUS proxy attempt failed to reach the configured proxy server.

D.

The RADIUS shared secret is incorrect.

 

Answer: A

 

 

QUESTION 39

What is the function of Host Checker?

 

A.

To allow clientless access to the network

B.

To restrict access to protected resources on the network

C.

To scan an endpointfor compliance with security policies

D.

To push a firewall policy to the endpoint’s local firewall application

 

Answer: B

 

 

 

 

 

QUESTION 40

You have an SRX Series Layer 2 enforcer providing 802.1X authentication for connected endpoints. Your security policy requires that users who fail their authentication be placed in a specific VLAN.

 

On the Layer 2 enforcer, at the [edit protocols dot1x authenticator interface] hierarchy for each participating interface, what provides this functionality?

 

A.

guest-vlan

B.

auth-fail-vlan

C.

server-reject-vlan

D.

server-fail-vlan

 

Answer: C

 

Free VCE & PDF File for Juniper JN0-314 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-314 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.