[Free] Download New Latest (November) Juniper JN0-521 Actual Tests Topic 0 part 04

Ensurepass

QUESTION 31  (Topic 0)

 

Which command is used to verify IKE Phase 1 is complete?

 

A.

get sa active

B.

get ike active

C.

get ike cookie

 

 

 

 

D.

get flow active

 

Answer: C

 

 

QUESTION 32  (Topic 0)

 

You are configuring an interface in the untrust zone with an IP address, telnet enabled, and WebUI management. Which sequence of steps must be performed to make the interface operational at the end of the configuration sequence?

 

A.

Assign the interface to a zone, define the IP address, enable Web and telnet services.

B.

Assign the interface to a zone, define the IP address, accept default management services.

C.

Assign the interface to a virtual router, define the IP address, enable Web and telnet services.

D.

Assign the interface to a zone, define the IP address, define a manage IP address, accept default management services.

 

Answer: A

 

 

QUESTION 33  (Topic 0)

 

Which statement about hashing algorithms is correct?

 

A.

They are used to provide data source origin authentication.

B.

The output they generate varies based on the size of the input data.

C.

They can be used instead of encryption algorithms for IPSec-based VPN networks.

D.

The output they generate is reversible provided that the same key is used at both end devices.

 

Answer: A

 

 

QUESTION 34  (Topic 0)

 

Click the Exhibit button.

 

Which ScreenOS CLI command would allow all policies in the exhibit to match traffic?

 

 

 

 

 

clip_image002

 

A.

set policy 4 before 1

B.

exec policy 4 before 1

C.

insert policy 4 before 1

D.

set policy move 4 before 1

 

Answer: D

 

 

QUESTION 35  (Topic 0)

 

Click the Exhibit button.

 

Traffic from the Internet to the partner servers must use a VIP. In the exhibit, what is true about the configuration of this feature?

 

clip_image004

 

A.

You cannot use a VIP in this environment.

B.

The VIP can be configured on the e0/4 interface.

C.

The VIP can be configured in the Corporate or Internet zone using a different subnet than the physical interface.

D.

The VIP will work only if the destination ports in the incoming packet headers are

 

 

 

 

mapped to the same ports in the Corporate zone.

 

Answer: A

 

 

QUESTION 36  (Topic 0)

 

Click the Exhibit button.

 

In the exhibit, which routing command would allow host A to communicate with host D? (Note: Assume a route from the SSG 20 to host A’s subnet already exists.)

 

clip_image006

 

A.

set route 143.45.56.0/24 interface e0/4

B.

set route 0.0.0.0/0 int e0/4 gateway 143.45.56.254

C.

set route 200.5.5.0/24 gateway 143.45.56.254 int e0/4

D.

set route 200.5.5.0/24 interface e0/4 gateway 143.45.56.254

 

Answer: B

 

 

QUESTION 37  (Topic 0)

 

Which type of NAT is performed when you implement interface-based NAT?

 

A.

source IP address translation

B.

destination IP address translation

 

 

 

 

C.

source IP and port address translation

D.

destination IP and port address translation

 

Answer: C

 

 

QUESTION 38  (Topic 0)

 

Which three options allow proper configuration of NAT-dst? (Choose three.)

 

A.

the default address book entry of “any” in the internal zone

B.

the default address book entry of “any” in the external zone

C.

a secondary address on one of the interfaces in the internal zone

D.

an address book entry f
or the address to be translated in the internal zone

E.

a static route to the appropriate subnet using a private interface as the outbound interface

 

Answer: CDE

 

 

QUESTION 39  (Topic 0)

 

What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?

 

A.

2

B.

3

C.

4

D.

6

 

Answer: C

 

 

QUESTION 40  (Topic 0)

 

Which three steps are necessary to configure WebAuth authentication? (Choose three.)

 

A.

Create a user database.

B.

Configure a WebAuth address.

C.

Configure a manage-ip address.

D.

Configure an authentication policy.

E.

Configure a policy permitting port 80 or 443.

 

 

 

 

 

Answer: ABD

 

Free VCE & PDF File for Juniper JN0-521 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-521 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.