[Free] Download New Latest (November) Juniper JN0-533 Actual Tests 41-50

Ensurepass

 

QUESTION 41

How is the maximum bandwidth pool allocated when all policies share the same priority?

 

A.

first come first served

B.

round robin

C.

packet DSCP value

D.

policy order number

 

Answer: B

 

 

QUESTION 42 – Exhibit —

 

ns5gt-> get int eth2

 

 

 

 

Interface ethernet2:

 

description ethernet2

 

number 8, if_info 704, if_index 0, mode route

 

link up, phy-link up/full-duplex

 

status change:7, last change:09/26/2012 23:08:22

 

vsys Root, zone Untrust, vr trust-vr

 

dhcp client disabled

 

PPPoE disabled

 

admin mtu 0, operating mtu 1500, default mtu 1500

 

*ip 171.211.111.111/30 mac 0014.f693.edc8

 

*manage ip 171.211.111.111, mac 0014.f693.edc8

 

route-deny disable

 

pmtu-v4 disabled

 

ping disabled, telnet enabled, SSH disabled, SNMP disabled

 

web enabled, ident-reset disabled, SSL disabled

 

DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0

 

OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled

 

PIM: not configured IGMP not configured

 

MLD not configured

 

NHRP disabled

 

bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

 

configured ingress mbw 0kbps, current bw 0kbps

 

total allocated gbw 0kbps

 

DHCP-Relay disabled at interface level

 

DHCP-server disabled

 – Exhibit —

 

 

 

 

You are the administrator of a NetScreen 5GT. For troubleshooting purposes, you must be able to ping untrusted interfaces.

 

Referring to the exhibit, how do you enable ping for interface eth2?

 

A.

ns5gt-> unset int eth2 manage-ip ping

B.

ns5gt-> set int eth2 manage ping

C.

ns5gt-> enable int eth2 manage ping

D.

ns5gt-> set int eth2 manage-ip ping

 

Answer: B

 

 

QUESTION 43

Click the Exhibit button.

 

clip_image002

 

Which two statements are true about the exhibit? (Choose two.)

 

A.

It contains information regarding Phase 1 of IPsec.

B.

It contains information regarding Phase 2 of IPsec.

C.

The VPN is using certificates.

D.

The VPN is using preshared keys.

 

 

 

 

 

Answer: AD

 

 

QUESTION 44

Traffic is not passing the ScreenOS device due to an incorrectly configured policy. You must determine exactly which security policy the traffic is using.

 

Which two CLI commands should be used? (Choose two.)

 

A.

snoop

B.

get session

C.

debug flow basic

D.

get counter stats

 

Answer: BC

 

 

QUESTION 45

You are troubleshooting telnet traffic destined to IP address 10.10.10.1. You decide to run debug and want to set the flow filter. Which command will show only the telnet traffic going to the 10.10.10.1 address?

 

A.

ssg5-serial-> set ffilter dst-ip 10.10.10.1

ssg5-serial-> set ffilter dst-port 23

B.

ssg5-serial-> set ffilter dst-ip 10.10.10.1 dst-port 23

C.

ssg5-serial-> set ffilter dst-port 23

D.

ssg5-serial-> set ffilter dst-ip 10.10.10.1

 

Answer: B

 

 

QUESTION 46 – Exhibit —

 

Date Time Module Level Type Description

 

2012-11-30 12:49:41 system warn 00528 SSH: Password authentication failed

 

 

 

 

for admin user ‘firewall-user’ at host

Q4

210.62.67.

 

2012-11-30 12:49:41 system warn 00518 ADM: Local admin authentication failed

 

for login name firewall-user: invalid

 

login name

 

2012-11-30 12:49:28 system info 00536 IKE 66.129.232.26 Phase 1:

 

Retransmission limit has been reached.

 

2012-11-30 12:42:23 system notif 00531 The system clock was updated from

 

primary NTP server type 209.244.0.5

 

with an adjustment of 234 ms.

 

Authentication was None. Update mode

 

was Automatic

 – Exhibit —

 

Based on the output shown in the exhibit, in which log were these events displayed?

 

A.

event

B.

self

C.

login

D.

traffic

 

Answer: A

 

 

QUESTION 47

What is the default timeout for a fully established TCP session?

 

A.

10 minutes

B.

30 seconds

C.

30 minutes

D.

300 seconds

 

Answer: C

 

 

 

QUESTION 48 – Exhibit —

 

NSPROD1(M)-> get nsrp ha-link

 

total_ha_port = 2

 

probe on ha-link is disabled

 

unused channel: ethernet8 (ifnum: 11) maC.0010db1d1e8b statE.down

 

unused channel: ethernet7 (ifnum: 10) maC.0010db1d1e8a statE.down

 

ha control link not available

 

ha data link not available

 

ha secondary path link not available

 – Exhibit —

 

Referring to the exhibit, both clustered devices are in a master state.

 

What is the cause of this situation?

 

A.

The cluster is not configured for NSRP.

B.

The cluster is in the process of failing over from the primary node to the secondary node.

C.

Probes on the HA links have been disabled, causing the HA links to go down.

D.

The control and the data link is down.

 

Answer: D

 

 

QUESTION 49

Which two protocols are used for NSRP IP tracking? (Choose two.)

 

A.

ARP

B.

TCP

 

 

 

 

C.

UDP

D.

ICMP

 

Answer: AD

 

 

QUESTION 50

Click the Exhibit button.

 

clip_image004

 

Which two statements are true regarding the route shown in the exhibit? (Choose two.)

 

A.

5.5.5.0/24 was configured as a source route with a next-hop IP address of 1.1.1.1 in the trust-vr.

B.

5.5.5.0/24 was configured as a destination route with a next-hop IP address of 1.1.1.1 in the trust-vr.

C.

5.5.5.0/24 was configured as a SIBR route with a next-hop IP address of 1.1.1.1 in the trust-vr.

D.

5.5.5.0/24 was configured as a permanent source route.

 

Answer: AD

 

Free VCE & PDF File for Juniper JN0-533 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in JN0-533 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.