[Free] Download New Latest (November) Juniper JN0-531 Actual Tests Topic 1 part 02

Ensurepass

QUESTION 83  (Topic 1)

 

What do you need to change in your IPSec VPN configuration to use certificates for authentication?

 

A.

Replace the preshared key with the certificate name.

B.

Select PFS in Phase 2, then select the certificate to be used.

C.

Use a custom set of Phase 1 proposals, all beginning with rsa-.

D.

Use a custom set of Phase 2 proposals, all beginning with rsa-.

 

Answer: C

 

 

QUESTION 84  (Topic 1)

 

Click the Exhibit button.

 

In the exhibit, the hub and spoke VPN uses route-based VPNs.

 

What is the minimum number of policy rules required to establish full, bi-directional communications between all locations?

 

clip_image002

 

A.

0

B.

3

C.

4

 

 

 

 

D.

6

 

Answer: A

 

 

QUESTION 85  (Topic 1)

 

You suspect that there has been an increase in the number of multiple user authentication failures. In the logs, which severity level would you search to see this event?

 

A.

Alert

B.

Critical

C.

Warning

D.

Notifications

 

Answer: A

 

 

QUESTION 86  (Topic 1)

 

If you configure 5 Mbps of guaranteed bandwidth for a policy, and you have 10 sessions created for that policy, how much bandwidth is reserved for each session?

 

A.

5 Mbps

B.

.5 Mbps

C.

50 Mbps

D.

10 Mbps

 

Answer: A

 

 

QUESTION 87  (Topic 1)

 

You create three policies that will send traffic through an interface configured for 1.544 Mbps. All policies are configured to have 256 Kbps guaranteed bandwidth and 512 Kbps of maximum bandwidth. Each policy has been assigned the following priorities:

 

Policy 1 = priority 4

 

Policy 2 = priority 5

 

Policy 3 = priority 3

 

 

 

 

 

Each policy receives a constant stream of 1 Mbps.

 

How much bandwidth will be available for Policy 2?

 

A.

256 Kbps

B.

512 Kbps

C.

1.544 Mbps

D.

1 Mbps

 

Answer: B

 

 

QUESTION 88  (Topic 1)

 

A VPN tunnel that uses a CA certificate has failed Phase 1 negotiations. The peer’s certificate has been rejected. What would be causing this problem?

 

A.

The CA certificate is not synced with the NTP server.

B.

One of the peering devices is not synced with the NTP server.

C.

The device certificates were generated before the CRL was downloaded, thus making them invalid.

D.

The CRL has been downloaded, but the certificates have a CDP extension, thus making them invalid.

 

Answer: B

 

 

QUESTION 89  (Topic 1)

 

Which three interface types are supported in virtual systems? (Choose three.)

 

A.

subinterfaces

B.

VPN interfaces

C.

shared Interfaces

D.

limited Interfaces

E.

dedicated Interfaces

 

Answer: ACE

 

 

QUESTION 90  (Topic 1)

 

 

 

 

Which two of the following statements regarding SYSLOG are true? (Choose two.)

 

A.

You can specify the source address of SYSLOG traffic.

B.

You can specify the source interface for SYSLOG traffic.

C.

You can encrypt SYSLOG traffic from within the SYSLOG configuration.

D.

You can send SYSLOG messages via TCP on a per-SYSLOG server basis.

 

Answer: BD

 

 

QUESTION 91  (Topic 1)

 

Click the Exhibit button.

 

You have enabled OSPF on a device addressed as shown in the exhibit. You have not configured a router ID.

 

Which address will be used as the router ID?

 

clip_image004

 

A.

1.1.1.1

B.

10.1.1.1

C.

10.50.1.1

D.

192.168.1.1

 

Answer: C

 

 

QUESTION 92  (Topic 1)

 

You suspect you are having encryption problems with an IKE VPN. Which two commands would help you determine if it is an encryption issue? (Choose two.)

 

A.

get counter screen <zone>

B.

get counter flow interface <name>

C.

get counter policy <policy number>

 

 

 

 

D.

get counter statistics interface <name>

 

Answer: BD

 

Free VCE & PDF File for Juniper JN0-531 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-531 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.