Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Juniper JN0-521 Exam - Cheat-Test.com

Free JN0-521 Sample Questions:

Q: 1 A ScreenOS firewall has the correct interfaces addressed and active. A policy is written allowing interzone FTP traffic from a directly connected client. But the traffic does not cross the firewall from the client to the server. What is the most likely problem with the firewall?
A. The ScreenOS firewall has no physical connection to the FTP server.
B. The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C. The ScreenOS firewall does not have a route defined to the FTP servers' subnet.
D. The ScreenOS firewall does not have a route defined to the FTP clients subnet.
Answer: C

Q: 2 Which ScreenOS CLI policy statement keyword would be used to enable traffic counters?
A. count
B. traffic
C. counter
D. counters
Answer: A

Q: 3 Which three options allow proper configuration of NAT-dst? (Choose three.)
A. the default address book entry of "any" in the internal zone
B. the default address book entry of "any" in the external zone
C. a secondary address on one of the interfaces in the internal zone
D. an address book entry for the address to be translated in the internal zone
E. a static route to the appropriate subnet using a private interface as the outbound interface
Answer: C, D, E

Q: 4 Which two statements are true in regards to a ScreenOS firewall in transparent mode? (Choose two.)
A. VPNs can terminate to the VLAN1 interface IP address.
B. Static routes must be configured if multiple virtual routers are going to be used.
C. It can be installed in a network without the requirement to reconfigure IP addressing schemes.
D. You must use the console port to manage the device as you cannot manage the device using an Ethernet port.
Answer: A, C

Q: 5 What are three major concerns when sending private data over a public medium? (Choose three.)
A. integrity
B. authority
C. capacity
D. confidentiality
E. authentication
Answer: A, D, E

Q: 6 By default, from which hardware component is the startup copy of the ScreenOS loaded?
A. NVRAM
B. TFTP server
C. internal flash
D. PCMCIA card
Answer: C

Q: 7 Which three must a policy contain? (Choose three.)
A. action
B. service
C. address
D. application
E. policy name
Answer: A, B, C

Q: 8 What is the default mode for an interface in the trust zone?
A. NAT
B. route
C. Layer 2
D. Layer 3
E. transparent
Answer: A

Q: 9 Which command is used to verify IKE Phase 1 is complete?
A. get sa active
B. get ike active
C. get ike cookie
D. get flow active
Answer: C

Q: 10 When managing a ScreenOS device using the WebUI and performing an image upgrade, from which hardware component will the ScreenOS image be loaded?
A. TFTP server
B. PC local disk
C. internal flash
D. Compact Flash Card
Answer: B

Q: 11 What is the purpose of the sequence number in the ESP or AH header?
A. to provide protection from missing packets that have been encrypted
B. to provide protection from someone trying to modify the packet content
C. to provide protection from someone trying to replay captured data later in the session
D. to provide protection from hackers changing the sequence number in the layer 4 header
Answer: C

Q: 12 While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this?
A. The policy is currently inactive.
B. The policy is configured to support a MIP.
C. The policy is configured for unidirectional NAT.
D. The policy is currently passing traffic beyond its traffic limits and is in alarm state.
Answer: C

Q: 13 Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A. routes
B. Phase 1 configuration options
C. Phase 2 configuration options
D. selected quick mode encryption algorithms
Answer: A, B

Q: 14 You have created a route-based VPN in your ScreenOS device. When the remote device tries to connect you see the following message in your event log, "No policy exists for the
proxy id received". Which two would cause this to occur? (Choose two.)
A. a proxy-id conflict
B. an unbound tunnel interface
C. the remote device is a policy-based VPN
D. the tunnel interface is configured in a different zone than the physical interface
Answer: A, C

Q: 15 In the command, save config from tftp 1.1.7.250 abcd.cfg merge, which function does the merge parameter specify?
A. The config file from the TFTP server will replace the configuration in RAM.
B. The config file from the TFTP server will replace the startup configuration file in internal flash.
C. The merge parameter is not valid for TFTP files, it is only valid for configuration files stored in internal flash.
D. The config file from the TFTP server will be combined with the configuration file in RAM and the
combined result will be saved in internal flash.
Answer: D

Q: 16 You are configuring an interface in the untrust zone with an IP address, telnet enabled, and WebUI management. Which sequence of steps must be performed to make the interface operational at the end of the configuration sequence?
A. Assign the interface to a zone, define the IP address, enable Web and telnet services.
B. Assign the interface to a zone, define the IP address, accept default management services.
C. Assign the interface to a virtual router, define the IP address, enable Web and telnet services.
D. Assign the interface to a zone, define the IP address, define a manage IP address, accept default management services.
Answer: A

Q: 17 If all interfaces are configured for route mode, what will be modified by the ScreenOS device when traffic travels from the trust zone to the untrust zone?
A. source IP
B. source port
C. source MAC
D. destination IP
E. destination port
Answer: C

Q: 18 Which ScreenOS CLI policy statement keyword would enable a policy only during specified times, days, and/or dates?
A. at
B. calendar
C. schedule
D. scheduler
Answer: C

Q: 19 A ScreenOS firewall is running in transparent mode. The firewall receives a packet which has no entry in its forwarding table. What will the firewall do?
A. Flood out all ports.
B. Check its route table for interzone destination.
C. Perform a policy lookup to determine the interfaces to which the source address is permitted, and flood the packet out of those interfaces.
D. Perform a policy lookup to determine the zones to which the source address is permitted, and flood the packet out the interfaces bound to those zones.
Answer: D

Q: 20 What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?
A. 2
B. 3
C. 4
D. 6
Answer: C

Q: 21 You are trying to remove an address book entry by going to the Objects > Addresses > List display of the WebUI, but you cannot find the remove option. What would cause this problem?
A. An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B. The address book entry is misconfigured. You need to correct the address book entry before it will allow you to delete it.
C. You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D. The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it can be deleted.
Answer: D

Q: 22 When adding an address book entry for a host, which mask should be used?
A. 0.0.0.0
B. 255.255.255.0
C. 255.255.255.255
D. the host's subnet mask i.e., 255.255.255.224
Answer: C

Q: 23 Which type of NAT is performed when you implement interface-based NAT?
A. source IP address translation
B. destination IP address translation
C. source IP and port address translation
D. destination IP and port address translation
Answer: C

Q: 24 An operational firewall needs a configuration loaded and executed while it is passing user data. Which CLI command will perform this process without interrupting traffic?
A. save config from tftp 1.1.7.250 15June06.cfg to flash
B. save config from tftp 1.1.7.250 15June06.cfg to ram
C. save config from tftp 1.1.7.250 15June06.cfg merge
D. save config from tftp 1.1.7.250 15June06.cfg to flash reset
Answer: C

Q: 25 Telnet management has been enabled on an interface in the untrust zone.
What else should be completed to limit telnet access to the ScreenOS device from trusted management PCs?
A. Define a permitted IP address.
B. Define a policy from trust to untrust.
C. Define a trusted IP in the address table.
D. Define a manage IP address on this interface.
Answer: A

Q: 26 You have created your tunnel interface in the untrust zone. Traffic from the trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the untrust zone is not able to pass traffic through the tunnel. You are using a single virtual
router. What is causing this problem?
A. Two virtual routers need to be configured.
B. A policy is needed since intra-zone blocking is on by default in the untrust zone.
C. The tunnel is configured with a proxy id that does not include the address from the untrust interface.
D. The routing tables are not correctly configured to allow the traffic from the untrust source to be delivered to the destination.
Answer: B


© 2014 Cheat-Test.com, All Rights Reserved