[Free] Download New Latest (November) Juniper JN0-533 Actual Tests 61-70

Ensurepass

 

QUESTION 61

What are three valid states for an NSRP member? (Choose three.)

 

A.

backup

B.

feasible successor

C.

ineligible

D.

master

E.

standby

 

Answer: ACD

 

 

QUESTION 62

Policy-based routing (PBR) policies can be bound to which three ScreenOS objects? (Choose three.)

 

 

 

 

 

A.

virtual routers

B.

interfaces

C.

zones

D.

security policies

E.

virtual system

 

Answer: ABC

 

 

QUESTION 63 – Exhibit —

 

NS5200(M)-> get nsrp

 

nsrp version: 2.0

 

cluster info:

 

cluster iD.1, namE.5200

 

local unit iD.8000208

 

active units discovereD.

 

index: 0, unit iD.8014208, ctrl maC.0010db000085, data maC.0010db000086

 

index: 1, unit iD.8337344, ctrl maC.0010db0000c5, data maC.0010db0000c6

 

total number of units: 2

 

VSD group info:

 

init hold timE.5

 

heartbeat lost thresholD.3

 

heartbeat interval: 200(ms)

 

master always exist: enabled

 

group priority preempt holddown inelig master PB other members

 

0 50 yes 45 no myself 8330044

 

total number of vsd groups: 1

 

Total iteration= ,time=878546093,max=4900,min=170,average=18

 

 

 

 

RTO mirror info:

 

run time object synC.enabled

 

ping session synC.enabled

 

coldstart sync done

 

nsrp data packet forwarding is enabled

 

nsrp link info:

 

control channel: ha1 (ifnum: 5) maC.0010db000085 statE.up

 

data channel: ha2 (ifnum: 6) maC.0010db000086 statE.up

 

ha secondary path link not available

 

NSRP encryption: disabled

 

NSRP authentication: disabled

 

device based nsrp monitoring thresholD.255, weighted sum: 0, not failed

 

device based nsrp monitor interfacE.ethernet2/1(weight 255, UP) ethernet2/3(weight 255, UP) ethernet2/4(weight 255, UP) ethernet2/5(weight 255, UP) ethernet2/2(weight 255, UP)

 

device based nsrp monitor zonE.

 

device based nsrp track ip: (weight: 255, disabled)

 

number of gratuitous arps: 4 (default)

 

config synC.enabled

 

track ip: disabled

 – Exhibit —

 

Referring to the exhibit, which three statements are true? (Choose three.)

 

A.

This cluster is configured as an active/active cluster.

B.

RTO sync is enabled.

C.

No secondary path is configured.

D.

master-always-exists is enabled.

E.

Only one interface is used for both the control and data links.

 

Answer: BCD

 

 

 

QUESTION 64

You have configured deep-packet inspection on a ScreenOS device. You have not modified the default threshold values. The device detects a single session that matches an attack.

 

Which two actions can you configure the device to take? (Choose two.)

 

A.

Close the connection and disallow further connections from the client to the server.

B.

Close the connection and rate-limit further connections to the server.

C.

Discard all additional packets related to the session.

D.

Send a TCP RST message to both the client and server.

 

Answer: CD

 

 

QUESTION 65

You want to know the username and IP address of users who logged in to the WebUI.

 

In which log would you find this information?

 

A.

admin log

B.

event log

C.

traffic log

D.

self log

 

Answer: B

 

 

QUESTION 66

Which two authentication algorithms does AutoKey IKE use during Phase 1 negotiations? (Choose two.)

 

A.

AES-256

B.

SHA2-256

C.

MD5

D.

3DES

 

Answer: BC

 

 

 

QUESTION 67

You must translate a range of public IP addresses to a range of internal IP addresses.

 

Which two mechanisms would you use to accomplish your objective? (Choose two.)

 

A.

MIP using masks

B.

VIP using masks

C.

policy-based NAT-dst

D.

policy-based NAT-src

 

Answer: AC

 

 

QUESTION 68

A routing table contains an IBGP route, a RIP route, an OSPF external Type 2 route, and an EBGP route for 192.168.0.0/16.When the routerreceives traffic destined for,which route will the router use by default?

 

A.

the EBGP route

B.

the IBGP route

C.

the OSPF route

D.

the RIP route

 

Answer: A

 

 

QUESTION 69

Which ScreenOS security feature helps protect against port scans and denial of service attacks?

 

A.

session-based stateful firewall

B.

IPsec VPNs

C.

security policies

D.

Screen options

 

 

 

 

 

Answer: B

 

 

QUESTION 70

Click the Exhibit button.

 

clip_image002

 

Network traffic with a source IP of 192.168.100.60, destination IP of 8.8.8.8, and a destination port of 80 is sent through the ScreenOS device. The inbound zone is Trust, the outbound zone is Untrust.

 

Based on the policy configuration shown in the exhibit, what happens to this traffic?

 

A.

The traffic is denied by default policy.

B.

Traffic is denied by policy ID 3.

C.

Traffic is permitted by the global policy.

D.

Traffic is permitted by policy ID 2.

 

Answer: C

 

Free VCE & PDF File for Juniper JN0-533 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-533 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.