Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Juniper JN0-541 Exam - Cheat-Test.com

Free JN0-541 Sample Questions:

Q: 1 In order to obtain attack information so that you can create a new attack object definition, you must follow certain steps. Given the following steps, assume you have acquired the attack source code.
a. On target machine, start capturing packets with a protocol analyzer.
b. On sensor, examine scio ccap output.
c. Compile attack code on attacker machine.
d. On sensor, run scio ccap all.
e. On attacker machine, run attack code against target.
What is the correct order for these steps?
A. e, c, d, b, a
B. c, d, a, e, b
C. c, e, b, d, a
D. c, d, e, a, b
Answer: B

Q: 2 Which three devices support clustering? (Choose three.)
A. IDP 10
B. IDP 50
C. IDP 200
D. IDP 600
E. IDP 1100
Answer: C, D, E

Q: 3 Which sensor utility is used to decode the contexts of a sequence of packets?
A. netstat
B. scio pcap
C. tcpreplay
D. scio ccap
Answer: D

Q: 4 Which sensor command will capture packets on a particular interface?
A. sctop
B. tcpdump
C. netstat
D. tcpreplay
Answer: B

Q: 5 Which two statements are true? (Choose two.)
A. A virtual circuit is not a forwarding interface.
B. A virtual circuit is a communications path in and out of the sensor.
C. Virtual circuits on a sensor can be listed using the command sctop vc list.
D. In transparent mode, a virtual circuit maps one-to-one with a physical interface.
Answer: B, D

Q: 6 What does the action "drop packet" instruct the sensor to do?
A. Drop all packets from the attacker's IP address.
B. Drop the specific session containing the attack pattern.
C. Drop only the specific packet matching the attack object.
D. Drop any packet matching this source IP, destination IP, and service.
Answer: C

Q: 7 On a sensor in transparent mode, how many virtual circuits are assigned to a virtual router?
A. 1
B. 1 or 2
C. 2
D. 3 or more
Answer: C

Q: 8 In IDP Sensor clustering, which port is used to send state synchronization information to other devices in the cluster?
A. eth0
B. eth1
C. eth2
D. console port
Answer: B

Q: 9 Which statement is true regarding IDP rule matching on a sensor?
A. Each rule in the IDP rule base that matches on the source IP, destination IP, and service will be processed further.
B. Each rule in the IDP rule base that matches on the source IP, destination IP, service, and attack object will be processed further.
C. Each rule in the IDP rule base that matches on the source IP, destination IP, and service will be processed further, unless the particular rule is terminal.
D. Each rule in the IDP rule base that matches on the source IP, destination IP, service, and attack object will be processed further, unless the particular rule is terminal.
Answer: C

Q: 10 Which two tasks can be performed using the ACM? (Choose two.)
A. Install a policy on the IDP sensor.
B. Upgrade the firmware on the IDP sensor.
C. Change the mode in which the sensor is operating.
D. Change the management IP address for the IDP sensor.
Answer: C, D

Q: 11 Which three actions should be taken on a rule in the IDP rule base when the sensor is in transparent mode? (Choose three.)
A. Drop stream.
B. Drop packet.
C. Drop connection.
D. Close client and server.
Answer: B, C, D

Q: 12 You can remotely administer the IDP sensor using which two methods? (Choose two.)
A. a telnet connection
B. an SSH connection
C. the WebUI ACM over HTTP
D. the WebUI ACM over HTTPS
Answer: B, D

Q: 13 You have a rule in your IDP policy that detects all HTTP signatures that are targeted towards your Web server. You notice a log message is generated each time a Web user
accesses the SQL database with the default passwords. Your Webmaster does not want to reprogram the Web page to use more secure SQL passwords. How do you disable alerts on this false positive?
A. Create a rule in the Exempt rule base; specify target address of your Web server; include only the specific HTTP SQL default password signature.
B. Create a rule at the top of the IDP rule base for any traffic destined to your Web server; specify action of Exempt.
C. Create a rule at the top of the Exempt rule base; specify target address of your Web server; include all HTTP signatures.
D. Create a rule at the top of the Exempt rule base; specify target address of your Web server; include all HTTP signatures; make this a terminal rule.
Answer: A

Q: 14 If an IDP sensor finds that a packet matchesa particular IDP rule, and then finds a matching exempt rule, what does the sensor do?
A. Does not create a log entry, does not perform the action in the matching rule, and then examines the next IDP rule in the list.
B. Creates a log entry for the matching rule, performs the action in the IDP rule, and then examines the next IDP rule in the list.
C. Creates a log entry for the matching rule, does not perform the action in the IDP rule, and then examines the next IDP rule in the list.
D. Does not create a log entry or perform the action in the matching rule, and then stops examining the remainder of the IDP rules for that particular packet.
Answer: A

Q: 15 You want Enterprise Security Profiler (ESP) to capture layer 7 data of packets traversing the network. Which two steps must you perform? (Choose two.)
A. Start or restart the profiler process.
B. Create a filter in the ESP to show only tracked hosts.
C. Configure ESP to enable application profiling, and select the contexts to profile.
D. Under the Violation Viewer tab, create a permitted object, select that object, and then click Apply.
Answer: A, C

Q: 16 Which three statements are true as they relate to a transparent mode IDP deployment? (Choose three.)
A. Can actively prevent attacks on all traffic.
B. An IP address must be defined on each forwarding interface.
C. Can be installed in the network without changing IP addresses or routes.
D. Uses paired ports, such that packets arriving on one port go out the other associated port.
Answer: A, C, D

Q: 17 Which two statements are true about the Enterprise Security Profiler (ESP)? (Choose two.)
A. The ESP indicates when a specific machine has been attacked.
B. The ESP indicates when existing hosts or protocols are being used.
C. The ESP provides a summary of protocols and contexts on each host.
D. The ESP indicates which hosts are talking with each other, and which protocols are being used.
Answer: C, D

Q: 18 Which tool will allow you to change a sensor's deployment mode?
A. ACM
B. sctop
C. ifconfig
D. Security Manager
Answer: A

Q: 19 Within the SYN protector rule base, what is the function of relay action?
A. It will not monitor incoming SYN requests.
B. It will relay all SYN connections to a fake IP.
C. It will monitor new connections to a protected server, but not prevent them.
D. It will create a session with the server only if the client completes the three-step TCP handshake with the sensor.
Answer: D

Q: 20 Which three fields in a packet must match an IDP rule before that packet is examined for an attack? (Choose three.)
A. service
B. attack object
C. source address
D. terminate match
E. destination address
Answer: A, C, E

Q: 21 What two statements are true about the attack object database update process? (Choose two.)
A. The administrator is given the choice of which static groups to update.
B. Attack object database update can be scheduled using the commands guiSvrCli.sh and cron.
C. Attack object database update can be scheduled using the two commands idpSvrCli.sh and cron.
D. Attack objects are downloaded from the Juniper web site over TCP port 443 and are stored on Security Manager.
Answer: B, D

Q: 22 Which statement is true about packet capture in the IDP sensor?
A. You can only log packets after an attack packet.
B. Packet capture records all packets flowing through the sensor.
C. You can configure a particular number of packets to capture before and after an attack.
D. The Log Viewer has no indication of whether a log message has associated packet captures.
Answer: C

Q: 23 Which three are assigned as a result of running EasyConfig? (Choose three.)
A. sensor default gateway
B. sensor eth0 IP address
C. sensor eth1 IP address
D. sensor HA configuration
E. sensor deployment mode
Answer: A, B, E

Q: 24 You update your attack object database on Security Manager. What must you do before the new attack objects become active on the IDP sensors?
A. No changes are required.
B. You must restart the IDP sensor.
C. You must restart the IDP processes on the IDP sensors.
D. You install the updated security policy on the IDP sensor.
Answer: D

Q: 25 In Enterprise Security Profiler (ESP), what is a permitted object?
A. Any object that violates application context.
B. Any object that defines the configuration of ESP.
C. Any object that violates the security policy configured in ESP.
D. Any object that defines valid network connections on the network.
Answer: D

Q: 26 In which three situations would you create a compound attack object? (Choose three.)
A. When attack objects must occur in a particular order.
B. When one of the attack objects is a protocol anomaly.
C. You have at least two attack objects that define a single attack.
D. When the pattern needs to be defined using a stream 256 context.
E. When the pattern "@@@@@@@@" and context "ftp-get-filename" completely define the attack.
Answer: A, B, C

Q: 27 In a packet, which three must match an IDP rule before an action is performed on that packet or connection? (Choose three.)
A. service
B. attack object
C. terminate match
D. source/destination address
E. source/destination netmask
Answer: A, B, D

Q: 28 Which three columns can be seen in the Network View of the Enterprise Security Profiler? (Choose three.)
A. Service
B. Src OS Name
C. Packet Capture
D. Src and Dest IPs
E. Context and Context Data
Answer: A, B, D


© 2014 Cheat-Test.com, All Rights Reserved