Hide Notes 

Slide 1: JN0-520 Juniper Networks Certified Internet Associate(JNCIA-FWV) Exam: JN0-520 Demo Edition CERT MAGIC 1 http://www.certmagic.com
Slide 2: JN0-520 QUESTION: 1 You want to configure the NetScreen Remote client to use a preshared key. You select the "My Identity" configuration screen but you cannot find the option. What could be causing the problem? A. B. C. D. You have to set the "Select Certificate" option to none You have to set the "ID type" option to Pre-Shared key NetScreen Remote does not support the use of Pre-Shared key "My identity" is not the right tab. It needs to be configured under the Security Proposal Section Answer: A QUESTION: 2 When configuring security proposals with the NetScreen Remote Client, how many phase 2 proposals are included by default when you configure a new connection? A. B. C. D. 1 2 3 4 Answer: A QUESTION: 3 Which three (3) items are valid Connection Security options in the NetScreen Remote client? A. B. C. D. E. Block Permit Tunnel Secure Non-secure Answer: A, D, E QUESTION: 4 What must be configured to remotely manage a NetScreen device operating in transparent mode? A. B. C. D. E. An IP address must be configured for VLAN1 The telnet management service must be enabled on the VLAN1 interface only An IP address must be configured for the VLAN zone The V1-Trust interface needs to have management services enabled The public SNMP community string must be configured 2 http://www.certmagic.com
Slide 3: JN0-520 Answer: A QUESTION: 5 Which three (3) statements are true in regards to a N et S creen device in transparent mode? A. All interfaces belong to VLAN1 zone for management B. VPNs can terminate to the VLAN1 interface IP address C. Static routes must be configured if multiple virtual routers are going to be used D. It can be installed in a network without the requirement to reconfigure ip addressing schemes E. You must use the console port to manage the device as you cannot manage the device via an ethernet port. Answer: A, B, D QUESTION: 6 What is the purpose of the VLAN1 interface? A. It provides policy-based NAT for 802.1Q VLANs B. It provides an interface that can be used with all 802.1q VLANs in transparent mode C. It provides the NetScreen with a routable IP address while operating in route mode D. It provides an interface that can be used to remotely manage the NetScreen while operating in transparent mode Answer: D QUESTION: 7 In transparent mode, you can create policies between which zones? A. B. C. D. E. V1-Trust and Untrust Private and L2-Public V1-Global and V1-Global V1-Trust and Private (L2) V1-Untrust and L2-Private Answer: E QUESTION: 8 What are the two (2) components required for the NetScreen Deep Inspection implementation? A. B. C. D. Policy Statements Signature database IDP Action Statement Service Book Group Entries 3 http://www.certmagic.com
Slide 4: JN0-520 E. Address Book Group Entries Answer: A, B QUESTION: 9 While reviewing the config file you see the command "Set attack-db mode check". What is the purpose for this command? A. B. C. D. To insure all traffic is checked regardless of policy To Enable Deep Inspection functionality in the Netscreen firewall To make sure that only traffic checked by a policy will be evaluated by the Deep Inspection To insure you will be notified by a message when the Attack database needs to be updated Answer: D QUESTION: 10 How is Antivirus Scanning enabled on a NetScreen device? A. B. C. D. Antivirus Scanning is implemented via policy. Antivirus scanning is implemented at the interface Antivirus scanning is a stand alone product and manually enabled. Antivirus scanning is turned on by zone- like Screening and Malicious URLs Answer: A QUESTION: 11 Which three (3) screening options are detected only on physical interfaces? A. B. C. D. E. Limit Session Deny Syn Attack Deny UDP Flood Deny Syn Fragment Deny Ping of Death Attack Answer: A, B, C QUESTION: 12 Place the Antivirus configuration elements into the recommended configuration order: 1) Add AV to policy 2) Configure Scan Manager 3) Set Webmail options 4) Configure Global Settings 4 http://www.certmagic.com
Slide 5: JN0-520 A. B. C. D. E. 1,2,3,4 2,4,3,1 2,3,4,1 4,2,3,1 4,3,2,1 Answer: B QUESTION: 13 By default, w hat attack signature group severity level is reported for an attack attempting to crash the system? A. B. C. D. High Critical Medium Emergency Answer: B QUESTION: 14 The NetScreen Deep Inspection function perform s analysis and action up to what layer of the OSI model ? A. B. C. D. 2 3 4 7 Answer: D QUESTION: 15 Your VPN is failing during Phase 2 communication. You check your local event log and do not see anything to indicate why the failure occurred. What action should be taken to fix the problem? A. B. C. D. View the event log of the destination gateway Configure the peer-id on your local IKE gateway Delete the remote NetScreen configuration and rebuild it correctly Run Debug on the local NetScreen to view the error output in the log Answer: A QUESTION: 16 Which item is different when configuring a route-based VPN gateway than a policy-based VPN 5 http://www.certmagic.com
Slide 6: JN0-520 gateway? A. B. C. D. Gateway Security Proposal Outgoing interface Binding a tunnel interface Answer: D QUESTION: 17 Tunnel Binding is accomplished during which part of the VPN configuration process? A. B. C. D. E. Phase 1 Phase 2 Route Creation Replay protection Tunnel Interface Creation Answer: B QUESTION: 18 Click the Exhibit button to view the exhibit. Review the exhibit. You need to make a bidirectional VPN between the 5XT and the 208. What gateway address will you configure on the 208 for the VPN? A. B. C. D. 10.0.0.1 20.0.0.1 1.1.1.250 4.4.4.250 6 http://www.certmagic.com
Slide 7: JN0-520 Answer: C QUESTION: 19 How is the Diffie Hellman key exchange referred to when it is used in IKE phase 2? A. B. C. D. PFA PFS SCS SFS Answer: B QUESTION: 20 Which is NOT a component of a tunnel interface configuration? A. B. C. D. zone virtual router subnet mask IP addressing Answer: B 7 http://www.certmagic.com