Most recent Juniper JN0-533 - An Overview 41 to 50

It is impossible to pass Juniper JN0-533 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed Juniper JN0-533 practice questions. You will get a surprising result by our Improve FWV, Specialist (JNCIS-FWV) practice guides.

2016 Nov JN0-533 braindumps

Q41. You have configured deep-packet inspection on a ScreenOS device. You have not modified the default threshold values. The device detects a single session that matches an attack. 

Which two actions can you configure the device to take? (Choose two.) 

A. Close the connection and disallow further connections from the client to the server. 

B. Close the connection and rate-limit further connections to the server. 

C. Discard all additional packets related to the session. 

D. Send a TCP RST message to both the client and server. 

Answer: C,D 


Q42. What is the purpose of a virtual system profile? 

A. to limit virtual system access 

B. to limit virtual system resources 

C. to limit the number of virtual system interfaces 

D. to limit the number of VPNs 

Answer:


Q43. Click the Exhibit button. 

You configure NAT on your ScreenOS device to route the services shown in the exhibit to the internal addresses. Which commands will you use to configure this scenario? 

A. ssg5-> set interface ethernet3 vip 1.1.1.3 53 dns 10.1.1.3 ssg5-> set interface ethernet3 vip 1.1.1.3 80 http 10.1.1.4 ssg5-> set interface ethernet3 vip 1.1.1.3 5983 ldap 10.1.1.4 ssg5-> set interface ethernet3 vip 1.1.1.3 5631 pcanywhere 10.1.1.5 ssg5-> set interface ethernet3 mip 1.1.1.3 53 dns 10.1.1.3 

B. ssg5-> set interface ethernet3 mip 1.1.1.3 80 http 10.1.1.4 ssg5-> set interface ethernet3 mip 1.1.1.3 5631 pcanywhere 10.1.1.4 ssg5-> set interface ethernet3 mip 1.1.1.3 5983 ldap 10.1.1.5 ssg5-> set interface ethernet3 dip 1.1.1.3 53 dns 10.1.1.3 

C. ssg5-> set interface ethernet3 dip 1.1.1.3 80 http 10.1.1.4 ssg5-> set interface ethernet3 dip 1.1.1.3 5631 pcanywhere 10.1.1.4 ssg5-> set interface ethernet3 dip 1.1.1.3 5983 ldap 10.1.1.5 ssg5-> set interface ethernet3 vip 1.1.1.3 53 dns 10.1.1.3 

D. ssg5-> set interface ethernet3 vip 1.1.1.3 80 http 10.1.1.4 ssg5-> set interface ethernet3 vip 1.1.1.3 5631 pcanywhere 10.1.1.4 ssg5-> set interface ethernet3 vip 1.1.1.3 5983 ldap 10.1.1.5 

Answer:


Q44. A ScreenOS device detects a large number of sessions that match the same deep inspection attack object. What are two ways to configure the device? (Choose two.) 

A. Activate dynamic firewall policies. 

B. Close the connection and disallow further connections from the client. 

C. Close the connection and rate-limit further connections to the server. 

D. Log an alert. 

Answer: B,D 


Q45. You have enabled BGP on your ScreenOS device and configured a single EBGP peer. The CLI shows that the BGP connection is transitioning between the CONNECT and ACTIVE states, but never reaching the ESTABLISHED state. 

What are three reasons for this behavior? (Choose three.) 

A. The peer is blocking traffic destined for TCP port 179. 

B. The peer address is not configured correctly. 

C. The enable statement has not been configured for the peer. 

D. The peer AS number is not configured correctly. 

E. BGP has not been enabled on the virtual router. 

Answer: A,B,D 


Latest JN0-533 testing engine:

Q46. You have created a site-to-site IPsec VPN between two devices. You want to keep the tunnel up at all times, even when no user traffic is using it. Which two configuration additions will accomplish this goal? (Choose two.) 

A. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip 

B. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip rekey 

C. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip keepalive 

D. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip rekey optimized 

Answer: B,D 


Q47. You want to ensure that the IKE Phase 2 key is totally independent of the IKE Phase 1 key. 

Which IKE feature would you enable? 

A. Perfect Forward Secrecy 

B. Diffie-Hellman Group 5 

C. Replay Protection 

D. Rekey Protection 

Answer:


Q48. What are two advantages for using the count parameter on a security policy? (Choose two.) 

A. to see any NAT traffic drops for that policy 

B. to see how many times users log in to the ScreenOS device 

C. to count the total number of bytes of traffic for that policy 

D. to see if the policy is temporarily not being used 

Answer: C,D 


Q49. -- Exhibit -- set admin name "admin" set admin password "nOsYMqrbAs/McFsJrs6HwcIt3AF6yn" set admin user "User1" password "nLZwKErINPPCcphC6sFMXrJ" privilege "read-only" set admin port 8080 set admin access attempts 5 set admin access lock-on-failure 5 set admin auth web timeout 10 set admin auth server "Local" -- Exhibit -- 

User1 wants to create the policy in the ScreenOS device, but is not successful. 

Referring to the exhibit, what is the problem? 

A. The User1 account has been suspended. 

B. User1 does not have any account in this device. 

C. User1 logged in to the device with wrong port. 

D. User1 does not have the proper permission to create a policy. 

Answer:


Q50. Your ScreenOS device is configured with multiple NAT types. 

What is the order of precedence in this situation? 

A. interface-based NAT -> VIP -> MIP -> policy-based NAT 

B. VIP -> MIP -> policy-based NAT -> interface-based NAT 

C. MIP -> VIP -> interface-based NAT -> policy-based NAT 

D. MIP -> VIP -> policy-based NAT -> interface-based NAT 

Answer:



see more JN0-533 dumps