|
Question 1.
You are using Cache Cleaner.
What are two methods you can use to remove residual data left on a user's machine after an IVE session? (Choose two.)
A. clearing cached NTLM credentials
B. clearing client side Digital Certificates
C. clearing based on source host/domain/file/folder
D. clearing all cache that has been downloaded through the IVE Content Intermediation Engine
Answer: C, D
Question 2.
What are two functions performed by the Content Intermediation Engine? (Choose two.)
A. Parser: This function processes data streams into chunks that can be manipulated by the
transformers.
B. Authorization: This function verifies the identity of users trying to access the IVE then forwards
requests to the inside server using those credentials.
C. Authentication: This function verifies the identity of users trying to access the IVE and then
intermediates requests to the inside server using those credentials.
D. Transformer: This function modifies the "chunked" data stream before it passes the data to the
request handlers. Transformers modify internal URLs, HTML markup and scripts to refer to
"virtual" URLs/markup/scripts sourced from the IVE appliance.
Answer: A, D
Question 3.
You want to set up W-SAM for a role, but you can only access the J-SAM configuration screen.
What is the cause of this problem?
A. The system only supports one type of SAM support per role at a time.
B. Nothing is wrong. The configurations for J-SAM and W-SAM applications are identical.
C. You are running under the Basic License and you do not have access to the SAM
Configuration screen. You need to ask the IVE administrator to give you access.
D. You cannot configure Windows SAM access here. You must go to Resource Policies->SAM to
access the Windows version of SAM Application Configuration screen.
Answer: A
Question 4.
Which resource file format should you use to define resource access to a UNIX file share? (Brackets] indicate data are optional)
A. server[/path]
B. \\server[\share[\path]]
C. [protocol://]host[:ports]
D. [protocol://]host[:ports][/path]
Answer: A
Question 5.
Which three types of Authentication Servers are supported by a Baseline License?
(Choose three.)
A. SAML
B. RADIUS
C. Integrity
D. Certificate
E. Anonymous
Answer: B, D, E
Question 6.
You are using LDAP as an Authentication Server. When configuring Role Mapping, you select Group Membership from your "Rule based on" dropdown box, but the screen has no group selection options.
What is cause of this problem?
A. You did not populate the IVE Server Catalog.
B. You did not save the rule first. When you come back you will be able to see the group.
C. You cannot match to Group Membership when using LDAP as an Authentication Server.
D. You did not use the Update button after you selected Group Membership as your "Rule based
on" option in the dropdown box.
Answer: D
Question 7.
When configuring a J-SAM custom application, why might you specify the Client Loop back IP address instead of letting the system assign one?
A. Users are running Windows XP-SP2.
B. The user's PC is running a personal firewall.
C. Users do not have permission to modify their local host.
D. J-SAM is being deployed in a heterogeneous environment.
Answer: C
Question 8.
When specifying resources as part of a Network Connect resource policy, which three formats are valid? (Choose three.)
A. tcp://*:1-1024
B. 10.10.10.10/24
C. \\server\share\*
D. udp://10.10.10.10/24.*
E. 10.10.10.10/
Answer: A, B, D
Question 9.
When should Network Connect be used? (Choose two.)
A. when the ability to disable split tunneling is required
B. when the clients will need to redirect traffic based on process name
C. when the clients will use applications with server-initiated connections
D. when the clients will not have administrator privileges on their machines
Answer: A, C
Question 10.
What is the function of Web Options when defined as part of a User Role?
A. Web Options restrict access to specific Web sites.
B. Web Options control the general browsing experience of the user.
C. Web Options define the colors and logos used on the IVE gateway home page where
bookmarks are displayed.
D. Web Options are used to specify whether or not IP matching will be done if a user types in an
IP address rather than a URL.
Answer: B
Question 11.
Two resource policies cover the same resource. The first policy resource definition is not as specific as the second policy.
Which resource policy takes precedence and why?
A. The first policy takes precedence because it is the first match in the rule list and first match
stops processing.
B. The second policy takes precedence because it is most specific and the system works on
longest match.
C. The second policy takes precedence because all rules are always evaluated and the last
match it finds controls the action.
D. The second policy takes precedence. Unless you specify that the first rule is marked to stop
processing, the system continues to check for matches until it reaches the last match and it
takes that rule's action.
Answer: A
Question 12.
What makes RADIUS unique from the other Authentication Servers that the IVE can utilize?
A. It can be used to obtain User attributes.
B. It can be used to obtain Group information.
C. It can be used to do Accounting as well as Authentication.
D. It can be used as both a Directory Server and an Authentication Server.
Answer: C
Question 13.
Cache Cleaner is enabled in the default configuration.
What will it clear from the users system when the IVE session is over?
A. nothing
B. all temporary Internet files
C. all content downloaded through the IVE's rewriter engine
D. all cached usernames and passwords from the browser
Answer: C
Question 14.
You are configuring J-SAM for customer access to a client/server application. The user has administrative access to his workstation. You have properly configured the SAM access control policy.
Which additional option must be turned on under User > Roles> [ROLE] > for J-SAM to work properly?
A. Session Start Script
B. Automatic Host-mapping
C. User Can Add Applications
D. Prompt for Username and Password for Intranet Sites
Answer: B
Question 15.
You are using LDAP as your Directory Server.
Which two options are available for creating role mapping rules? (Choose two.)
A. User Attribute
B. LDAP Attributes
C. Group Membership
D. CA Certificate Attributes
Answer: A, C
Question 16.
What is the function of the Sign-in Policy?
A. It controls whether or not a user can sign-in, based on role membership.
B. It controls which options are available on the login screen, based on the user's permissions.
C. It controls who can access the login page, based on IP address, certificate information, Host
Checker and other criteria.
D. It defines the URLs that users and administrators can use to access the IVE and what Sign-in
Page is associated with those URLs.
Answer: D
Question 17.
Auto Allow is a feature that can be activated when creating which component in the IVE?
A. roles
B. realms
C. bookmarks
D. Authentication Servers
Answer: C
|
Question 1.
Click the Exhibit button.
A user on port ge-0/0/12 fails an 802.1x authentication attempt.
What is the next action of Switch A?
A. It puts the Authenticator in the HELD status where all EAPOL packets are discarded until the
default hold timer expires.
B. It communicates with the RADIUS server to confirm the user's password.
C. It transmits an EAP-Identity-Request packet immediately after it sends out EAP-Failure.
D. It tries to authenticate the user using MAC radius authentication.
Answer: C
Explanation:
Question 2.
Click the Exhibit button.
Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?
A. The drop-profile fill level is set too low.
B. Packets are dropped by a firewall policy.
C. The best-effort queue is being shaped.
D. The scheduler is not being applied correctly.
Answer: C
Explanation:
Question 3.
Click the Exhibit button.
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
A. No interfaces are assigned to VLAN 100.
B. Your MSTI is misconfigured.
C. RSTP is configured in addition to VSTP.
D. No native VLAN is configured.
Answer: A
Explanation:
Question 4.
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)
A. MED
B. origin
C. local preference
D. community
Answer: B, C
Explanation:
Question 5.
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?
A. The authentication sequence is based on the order of the configuration.
B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will
start.
C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS
server, then Captive Portal will start.
D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS
server, then Captive Portal will start.
Answer: D
Explanation:
Question 6.
A medium-sized enterprise has some devices that are 802.1X capable and some that are not.
Any device that fails authentication must be provided limited access through a VLAN called NONAUTH. How do you provide this access?
A. Configure NONAUTH VLAN as the guest VLAN.
B. Configure NONAUTH VLAN as the server-reject VLAN.
C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN
D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.
Answer: C
Explanation:
Question 7.
Click the Exhibit button.
Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 have been authenticated through 802.1X, however Host 3 does not have an 802.1X supplicant.
Referring to the configuration in the exhibit, how can Host 3 be authenticated?
A. secure-authentication option of HTTP or HTTPS must be configured for Captive Portal.
B. MAC RADIUS authentication must be configured for Host 3 instead of Captive Portal.
C. A new authentication-profile must be configured because 802.1X and Captive Portal cannot
have the same authentication-profile.
D. The 802.1X server failback feature must be configured for Host 3 to allow non-802.1X clients
to authenticate.
Answer: B
Explanation:
Question 8.
A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).
Which Junos command can help verify connectivity in the network? (Choose two.)
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Answer: B, C
Explanation:
Question 9.
Click the Exhibit button.
The exhibit shows the output of an OSPF router LSA.
Which interface ID represents the router's loopback address?
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Answer: B
Explanation:
Question 10.
Click the Exhibit button.
Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?
A. The origin is IGP.
B. The origin is unknown.
C. The AS path is longer.
D. Multihop is enabled.
Answer: A
Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.