[Free] Download New Latest (November) Juniper JN0-532 Actual Tests 71-80

Ensurepass

QUESTION 71

You are creating a DIP pool of 30 addresses. You would like to see how addresses are being allocated to different traffic streams.

 

Which command will you use to view this information?

 

A.

snoop

B.

get dip all

 

 

 

 

C.

get session

D.

get address xlate

 

Answer: C

 

 

QUESTION 72

Which two statements are correct regarding NHTB? (Choose two.)

 

A.

The NHTB table can be viewed with the command get nhtb.

B.

The NHTB table can be viewed with the command get interface <tunnel interface>.

C.

The NHTB table can be viewed with the command get interface <physical interface>.

D.

NHTB is enabled automatically when multiple VPNs are bound to a single tunnel interface.

 

Answer: BD

 

 

QUESTION 73

You have configured NSRP Active/Passive using the default vsd-group. You are using BGP to learn routes from adjacent network devices. You want each firewall to establish a BGP peer to different upstream routers. You also want the backup device to learn dynamic routes.

 

Which configuration would ensure you can establish a BGP peer to two different routers?

 

A.

Configure two BGP peers on the same VSI interface, but use a different virtual router on each device.

B.

Use the unset vr <vr-name> nsrp-config-sync command and configure BGP peers on the VSI interface.

C.

Use the unset nsrp vsd-group id 0 and set nsrp vsd-group id 1 commands for VSI interfaces, then configure BGP peers on the local interfaces, then unset vr untrust-vr nsrp- config-sync.

D.

Use the unset nsrp vsd-group id 0 and set nsrp vsd-group id 1 commands for the VSI interfaces, then configure BGP peers on the local interfaces, then unset vr <vr-name> nsrp- config-sync.

< span lang="EN-US" style="font-family: ; mso-font-kerning: 0pt; mso-no-proof: yes"> 

Answer: D

 

 

 

 

 

QUESTION 74

Click the Exibit button.

 

clip_image002

 

In the exhibit, the route-based VPN on the SSG 5 needs to be configured to allow access from your PC to Server G at corporate. Corporate has a policy-based VPN set up from Server G to only your PC’s address. Assume the gateways are static.

 

Which proxy-id must be configured?

 

A.

Local: 10.0.0.5/24 RemotE.20.0.0.5/24

B.

Local: 10.0.0.5/32 RemotE.20.0.0.5/32

C.

Local: 1.1.1.250/32 RemotE.4.4.4.250/32

D.

Local: 1.1.1.250/24 RemotE.4.4.4.250/24

 

Answer: B

 

 

QUESTION 75

Click the Exhibit button.

 

clip_image004

 

In the exhibit, which two can be determined about the VPN? (Choose two.)

 

A.

This is a policy-based VPN.

B.

The VPN tunnel is active but the VPN monitor shows the tunnel is down.

C.

The VPN is active and has 3288 more seconds until reaching its 3600 second timeout.

 

 

 

 

D.

The VPN is active and has 312 more seconds until reaching its 3600 second timeout.

 

Answer: BC

 

 

QUESTION 76

To which three ScreenOS components can a policy-based routing policy be bound? (Choose three.)

 

A.

zone

B.

policy

C.

interface

D.

virtual router

E.

virtual system

 

Answer: ACD

 

 

QUESTION 77

You create a policy-based VPN, and select an address group for the source address.

 

What will be the source compo
nent of the proxy-id seen by the remote security gateway?

 

A.

the default 0.0.0.0/0

B.

the last member of the address group

C.

the first member of the address group

D.

the subnet that contains all addresses in the address group

 

Answer: A

 

 

QUESTION 78

You enable run time object (RTO) sync on the NSRP cluster.

 

Which command will provide RTO m
essage sync counters?

 

 

 

 

 

A.

get nsrp rto

B.

get count stat

C.

get rto counter

D.

get nsrp counter

 

Answer: D

 

 

QUESTION 79

Click the Exhibit button.

 

clip_image006

 

Users are having difficulties reaching 10.1.1.25. You execute a get route command and find the results shown in the exhibit.

 

What can you determine from this routing table?

 

A.

The problem is probably at the next hop.

B.

A gateway must be assigned to ethernet0/1.

C.

The preference on route ID 2 must be configured to a higher value.

D.

The ethernet0/1 physical link may be down and needs troubleshooting.

 

Answer: D

 

 

QUESTION 80

 

Which statement about source-based routing is true?

 

A.

You cannot redistribute source-based routes.

B.

You can only specify an interface as the next hop.

C.

You cannot configure source-based routing in the untrust-vr.

D.

Destination-based routes take precedence over source-based routes.

 

Answer: A

 

Free VCE & PDF File for Juniper JN0-532 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-532 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.