Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Juniper JN0-140 Exam -

Free JN0-140 Sample Questions:

Q: 1
Which two statements are true about applying Host Checker at the realm level? (Choose two.)

A. If Evaluate is checked then the client must pass policy to get the sign-in page.
B. If Evaluate is checked then the client can fail policy and still get the sign-in page.
C. If Require and Enforce is checked then the client must pass policy to get the sign-in page.
D. If Require and Enforce is checked then the client can fail policy and still get the sign-in page.

Answer: B, C

Q: 2
Which log contains information about service restarts, system errors, warnings, and requests to check server connectivity?

A. Events log
B. System log
C. User Access log
D. Admin Access log

Answer: A

Q: 3
Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client?

A. You do not need to configure a RADIUS client policy.
B. You must know the exact model number of the Infranet Enforcer.
C. You must specify the NACN password of the device in the RADIUS client policy.
D. You do not need to designate a location group to which the Infranet Enforcer will belong.

Answer: A

Q: 4
Which configuration option can be set either in the initial console menu or the Admin UI of the
Infranet Controller?

B. Hostname
C. Domain name
D. Administrative timeout

Answer: C

Q: 5
What is the primary purpose of creating a Location Group Policy?

A. to associate more than one realm with an authentication server
B. to logically group network access devices and associate them with specific sign-in policies
C. to allow or prevent users from accessing resources in specific locations on the network
D. to define the URL that users of network access devices can use to access the Infranet

Answer: B

Q: 6
What is true about the operation of the Infranet Enforcer?

A. It assigns users a set of roles.
B. It allows access based on auth table entries.
C. It verifies whether an endpoint meets security requirements.
D. It configures the UAC agent to allow or deny access to resources.

Answer: B

Q: 7
On a pre-existing OAC, which three options can the Infranet Controller overwrite when the user accesses the Infranet Controller? (Choose three.)

B. login name
C. MAC address
D. wired adapters
E. encryption method

Answer: A, D, E

Q: 8
What must be updated regularly to detect the newest versions of personal firewalls on endpoints?

A. Infranet Enforcer firmware
B. Infranet Controller rollback software
C. Host Security Assessment Plug-in (HSAP)
D. Endpoint Security Assessment Plug-in (ESAP)

Answer: D

Q: 9
Which three statements about dynamic filtering are true? (Choose three.)

A. Dynamic filtering creates a query statement.
B. Dynamic filtering has an option to save query.
C. Dynamic filtering can select any log field to filter.
D. Dynamic filtering permanently removes other log entries.
E. Dynamic filtering redraws the log when you select a variable link.

Answer: A, B, E

Q: 10
A customer has installed UAC in their network. They have both Windows and Linux endpoints and must choose a deployment method that everyone can use. Which deployment method allows for multiple platforms?

A. IPsec enforcement
B. 802.1X enforcement
C. Source IP enforcement
D. Odyssey Access Client

Answer: C

Q: 11
Which interface does the Infranet Controller use to push the configuration?

A. trusted port
B. internal port
C. trust interface
D. untrust interface

Answer: B

Q: 12
Which two actions are required to configure an Infranet Enforcer to communicate with an Infranet Controller? (Choose two.)

A. Enable SSH.
B. Configure DNS.
C. Enable route mode.
D. Set certificate validation options.

Answer: A, D

Q: 13
When the Infranet Enforcer is set up in transparent mode, which additional resource policy must
be configured to use OAC for IPsec enforcement?

A. IPsec Routing
B. AccessControl
C. IP Address Pool
D. Source Interface

Answer: D

Q: 14
Which two methods of authentication are used by the Infranet Controller for IPSec enforcement? (Choose two.)

A. dial-up VPN
B. IKE authentication
C. XAuth authentication
D. shared IKE authentication

Answer: A, C

Q: 15
What will serve as a RADIUS Client to the Infranet Controller for 802.1x authentication?

A. an ACE server
B. a wireless network
C. an Ethernet switch
D. Odyssey Access Client

Answer: C

Q: 16
If Host Checker restrictions are applied at the role level and the "Allow access to the role if any ONE of the select policies is passed" option is unchecked, which two statements are true? (Choose two.)

A. All roles are evaluated together.
B. Each role is evaluated separately.
C. Clients must pass all policies to access the role.
D. Clients will pass as long as one policy is accepted.

Answer: B, C

Q: 17
Which additional configuration must be completed when setting up role restrictions using certificates?

A. Set up a certificate authentication server.
B. Configure the authentication realm to remember certificate information.
C. Configure the authentication realm to use a certificate server for authentication.
D. Configure a role mapping rule requiring certification information to map user to role.

Answer: B

Q: 18
What happens when Host Checker is configured to perform checks every "0" minutes?

A. Host Checker is disabled.
B. Host Checker will perform continous checks.
C. Host Checker will perform checks when user logs out.
D. Host Checker will perform checks when user first logs in.

Answer: D

Q: 19
Your company has a mix of employees and contractors. Contractor usernames always begin with "con-"; employee usernames never begin with "con-". You need to give employees access to all resources and give contractors access to a limited set of resources. Employee and contractor
roles have been created with the appropriate access privileges, and the realm is set to merge settings for all assigned roles.
Which role mapping ruleset would result in the correct access privileges being assigned?

A. username="*" -> Employee-role Stop username="con-*" -> Contractor-role
B. username="*" -> Employee-role username="con-*" -> Contractor-role Stop
C. username="con-*" -> Contractor-role Stop username="*" -> Employee-role
D. username="con-*" -> Contractor-role username="*" -> Employee-role Stop

Answer: C

Q: 20
Which action is optional when adding an authentication realm for use on an Infranet Controller?

A. Modify sign-in policy.
B. Configure role mapping.
C. Assign authentication server.
D. Configure authentication policy.

Answer: D

Q: 21
You have created a set of three role mapping rules and selected the option to merge settings for all assigned roles. You also selected "stop processing this rule" on the second rule. A user logs in that matches all three rules. Which choice is true?

A. This selection is invalid. The system displays an error message in the log.
B. The merge option overrides the stop processing option and the user is assigned all three roles.
C. The Stop rule prevents any more rule matching after checking the first rule. The permissive merging does not occur.
D. The Stop rule prevents any more rule matching after checking the second rule and permissive merge occurs on the first two rules.

Answer: D

Q: 22
What are three functions of the Infranet Controller? (Choose three.)

A. Determines VLAN allocations.
B. Verifies compliance with policies.
C. Acts as a 802.1X enforcer if needed.
D. Enforces Layer 3 policies dynamically.
E. Communicates frequently with Odyssey Access Client.

Answer: A, B, E

Q: 23
Your company requires that users who authenticate using the Web run an approved Web browser and have current antivirus signatures in order to present their credentials for authentication. If they do not have current signatures or are running an unauthorized browser, they may not authenticate. What do you configure on the Infranet Controller to implement your company's authentication policy?

A. a browser restriction on the user's role and a Host Checker restriction on the user's role
B. a browser restriction on the user's realm and a Host Checker restriction on the user's role
C. a browser restriction on the user's role and a Host Checker restriction on the user's realm
D. a browser restriction on the user's realm and a Host Checker restriction on the user's realm

Answer: D

Q: 24
What do you lose if you require and enforce Host Checker policies at the realm level?

A. the ability to permissively merge roles
B. the ability to assign users to more than one role
C. the ability to dynamically evaluate user endpoint status
D. the ability to assign users to roles based on endpoint status

Answer: A

Q: 25
On the Infranet Controller Admin UI, how can you dynamically refresh the roles for all signed-in users in the Guest realm only?

A. On the System > Status > Active Users page, click the "Refresh Roles" button.
B. On the Troubleshooting > Commands page, click the "Refresh Users by Realm" button and select Guest.
C. On the Users > User Realms > Guest > General page, click the "Refresh Now" button under
Dynamic Policy Evaluation
D. On the Signing In > Sign-In Policies page, click the "Refresh Now" button next to the user URL that is mapped to the Guest realm.

Answer: C

Q: 26
Which Infranet Enforcer CLI command shows users that were authenticated using the Infranet

A. get policy id #
B. get auth table
C. get admin auth table
D. set -n infranet policy command "get all"

Answer: B

Q: 27
Which three are required when defining Sign-in Policies? (Choose three.)

A. sign-in URL
B. sign-in page
C. authorization server
D. authentication server
E. authentication realm

Answer: A, B, E

Q: 28
For which two purposes would RADIUS Attribute Policies be used? (Choose two.)

A. to specify against which realm a user authenticates
B. to designate with which wireless SSID a user can be associated
C. to specify which VLAN an endpoint must use to access the network
D. to configure QoS functions on a switch port for a user based on the current user's role

Answer: C, D

Q: 29
Which three options can you configure under User Session Options? (Choose three.)

A. Set Idle Time Out value.
B. Enable time out reminder.
C. Set Max Session Length value.
D. Select Roaming session options.
E. Configure Persistent Session option.

Answer: C, D, E

Q: 30
What are two ways you can set the time on the Infranet Controller and Infranet Enforcer? (Choose two.)

A. Use the NTP server.
B. Use the DNS server.
C. Use the SNTP server.
D. Get time from browser.

Answer: A, D

© 2014, All Rights Reserved