[Free] Download New Latest (November) Juniper JN0-521 Actual Tests Topic 1 part 04

Ensurepass

QUESTION 91  (Topic 1)

 

Click the Exhibit button.

 

In the exhibit, what is the correct command to configure a default route on the SSG 20?

 

clip_image002

 

A.

set route 0.0.0.0/0 vrouter untrust

B.

set route 0.0.0.0/0 interface e0/4 gateway 143.45.56.254

C.

set route 0.0.0.0/0 interface e0/4 next-hop 143.45.56.254

D.

set route 0.0.0.0/0 interface 143.45.56.1 gate 143.45.56.254

 

Answer: B

 

 

 

 

 

QUESTION 92  (Topic 1)

 

Click the Exhibit button.

 

In the exhibit, which routing command would allow host A to communicate with host C? (Note: Assume a route from the SSG 20 to host A’s subnet already exists.)

 

clip_image004

 

A.

set route 0.0.0.0/0 int e0/3 gateway 177.11.56.254

B.

set route 1.1.70.0 interface e0/3 gateway 177.11.56.254

C.

configure route 1.1.70.0/24 gateway 177.11.56.254 int e0/3

D.

set route 1.1.70.0/24 interface e0/3 gateway 177.11.56.254

 

Answer: D

 

 

QUESTION 93  (Topic 1)

 

Telnet management has been enabled on an interface in the untrust zone. What else should be completed to limit telnet access to the ScreenOS device from trusted management PCs?

 

A.

Define a permitted IP address.

B.

Define a policy from trust to untrust.

 

 

 

 

C.

Define a trusted IP in the address table.

D.

Define a manage IP address on this interface.

 

Answer: A

 

 

QUESTION 94  (Topic 1)

 

What is the purpose of the “Manage-IP” address on a ScreenOS device?

 

A.

It defines a list of addresses that are trusted to perform management on the ScreenOS device.

B.

It is used in policy rules to determine which device is allowed to manage the ScreenOS device.

C.

It is the address that an external device uses to gain management access to a ScreenOS device.

D.

It defines a list of device addresses that can manage the ScreenOS device without being authenticated prior to session establishment.

 

Answer: C

 

 

QUESTION 95  (Topic 1)

 

Your security policy requires you to block DNS zone transfers (TCP port 53) while permitting DNS queries (UDP port 53). Which step must you complete before creating the policy?

 

A.

Modify the predefined DNS service to remove TCP port 53.

B.

Modify the predefined DNS application to remove TCP port 53.

C.

Create a custom service using UDP port 53 as the source port.

D.

Create a custom service using TCP port 53 as the destination port.

 

Answer: D

 

 

QUESTION 96  (Topic 1)

 

When configuring a firewall in a critical environment where a local backup configuration is quickly needed, what should be completed on a periodic basis?

 

A.

Execute exec config rollback.

 

 

 

 

B.

Execute save config to last-known-good.

C.

Execute save regularly or create a script that does this.

D.

Execute save software from flash to pcmcia <filename>.

 

Answer: B

 

 

QUESTION 97  (Topic 1)

 

What is the default mode for an interface in the untrust zone?

 

A.

NAT

B.

route

C.

Layer 2

D.

Layer 3

E.

transparent

 

Answer: B

 

 

QUESTION 98  (Topic 1)

 

Click the Exhibit button.

 

Which command generated the output shown in the exhibit?

 

clip_image006

 

A.

get route

B.

trace-route

C.

get route ip

D.

get interface

 

Answer: C

 

 

QUESTION 99  (Topic 1)

 

 

 

 

Which ScreenOS CLI command would be used to verify WebAuth authentication?

 

A.

get webauth

B.

get auth users

C.

get auth table

D.

get webauth users

 

Answer: C

 

 

QUESTION 100  (Topic 1)

 

Which number is used by get event <number> to view all VPN events?

 

A.

356

B.

536

C.

563

D.

634

 

Answer: B

 

Free VCE & PDF File for Juniper JN0-521 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-521 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.