Braindumps: Dumps for 000-252 Exam Brain Dump

Braindumps for "000-252" Exam

tryy this out pls

 visit itcertkeys is the best one site for all users
thanks

Braindumps: Dumps for JN0-531 Exam Brain Dump

Advertise

Submit Braindumps

Forum

Tell A Friend

Contact Us

Home

Search

Latest Brain Dumps

BrainDump List

Certifications Dumps

Microsoft

CompTIA

Oracle

Cisco

CIW

Novell

Linux

Sun

Certs Notes

How-Tos & Practices

Free Online Demos

Free Online Quizzes

Free Study Guides

Free Online Sims

Material Submission

Test Vouchers

Users Submissions

Site Links

Submit Site

Braindumps for "JN0-531" Exam

Juniper Networks Certified Internet Specialist (JNCIS-FWV)

Question 1.
You have configured the following on your device.
set address trust MyPC 10.1.1.5/32
set address untrust CorpNet 10.10.0.0/16
set policy from trust to untrust MyPC CorpNet any permit
set int tunnel.1 zone untrust
set int tunnel.1 ip unnumbered int bgroup1
set ike gateway GW address 1.1.1.1 outgoing-interface e0/1 preshare Secret sec-level standard
set vpn VPN gateway GW sec-level standard

The VPN is not working properly. What is the problem?

A. The policy needs to have the action tunnel.
B. The VPN needs to be bound to the tunnel interface.
C. The tunnel interface needs to be associated with the interface in the untrust zone.
D. The tunnel interface needs to be placed in the trust zone.

Answer: B

Question 2.
To which three ScreenOS components can a policy-based routing policy be bound? (Choose three.)

A. zone
B. virtual system
C. policy
D. interface
E. virtual router

Answer: A, D, E

Question 3.
Exhibit:

You work as an administrator at ITCertKeys.com. Study the exhibit carefully.

In the exhibit, what are two explanations for the output shown? (Choose two.)

A. The nsp card needs reseating.
B. The routing table requires reconfiguration.
C. Packets will be forwarded using the secondary wing as long as the primary is not ready.
D. The next hop device is failing to respond.

Answer: B, D

Question 4.
How many SNMP communities can be created in a ScreenOS device?

A. 1
B. 2
C. 3
D. 8

Answer: C

Question 5.
You have taken your backup ScreenOS device out of production for some maintenance. The device is brought back online and rejoins the NSRP cluster. You determine that the two devices are out of sync.

Which command will sync the devices and on which device should it be run?

A. set nsrp sync global-config save run on the Backup
B. set nsrp sync global-config save run on the Master
C. exec nsrp sync global-config save run on the Backup
D. exec nsrp sync global-config save run on the Master

Answer: C

Question 6.
What do you need to change in your VPN configuration to use certificates for authentication?

A. Replace the preshared key with the certificate name.
B. Use a custom set of Phase2 proposals, all beginning with rsa-.
C. Select PFS in Phase2, then select the certificate to be used.
D. Use a custom set of Phase1 proposals, all beginning with rsa-.

Answer: D

Question 7.
You have configured set nsrp vsd-group master-always-exist on your ScreenOS device.

What does this do?

A. This device will always be master in the NSRP cluster.
B. The vsd-group will always be homed to the master in the NSRP cluster.
C. There will always be a master device in the NSRP cluster.
D. The NSRP protocol will not initialize without a master.

Answer: C

Question 8.
Exhibit:

You work as an administrator at ITCertKeys.com. Study the exhibit carefully. In the exhibit, the firewall administrator at the Storefront is complaining that when the communication to the DataCenter1 fails, the preexisting transfers and applications are dropped when the traffic is switched to DataCenter2.

Which statement explains this behavior?

A. VPN monitor is misconfigured in the DataCenter2.
B. SYN checking is enabled in the tunnel.
C. Phase 1 and Phase 2 negotiations to DataCenter2 did not occur on time.
D. The weight value for the DataCenter2 is too high.

Answer: B

Question 9.
Which command allows you to verify active connections when Shared IKE ID is in use?

A. get users active
B. get xauth active
C. get ike xauth users
D. get auth table

Answer: B

Question 10.
Exhibit:

You work as an administrator at ITCertKeys.com. Study the exhibit carefully. In the exhibit, your ScreenOS device has a VPN configured using a tunnel interface in the untrust zone. The remote gateway is defined using a FQDN. The tunnel went down and has not reestablished as per the output in the exhibit. Your protected resources reside in the trust zone.

What are two reasons why the tunnel is failing to reestablish? (Choose two.)

A. One of the devices was modified so that the peer ID and local ID no longer match.
B. The Phase 1 preshared key was modified in one of the devices.
C. The policy used by this VPN was deleted.
D. The IP address of the remote peer changed and your DNS table has not updated with the new
address.

Answer: B, D

Privacy Policy Disclaimer Feedback Term & Conditions

ITCertKeys.com