Hide Notes 

Slide 1: JN0-530 Juniper Networks Certified Internet Specialist(JNCIS-FWV) Exam: JN0-530 Demo Edition CERT MAGIC 1 http://www.certmagic.com
Slide 2: JN0-530 QUESTION: 1 You notice an unusually high number of emergency, alert and critical events being handled inefficiently. You want the NetScreen device to send an email sent to three managers anytime a message of this level occurs. What statement best reflects how you can accomplish your goals? A. You can only configure a single e-mail recipient on the NetScreen device. You cannot achieve your goal. B. You can only configure two e-mail recipients on the NetScreen device. You cannot achieve your goal. C. You can configure up to five e-mail recipients on the NetScreen device. You can achieve your goal. D. You can only configure two e-mail recipients on the NetScreen device. If one of the names is a distribution list on the e-mail server you can have all people contacted and achieve your goal. Answer: D QUESTION: 2 What two(2) statements are correct when manage-ip and manager-ip seting are configured properly? A. manage-ip is configured for each zone B. manager-ip is configured for each zone C. manage-ip limits who can manage a NetScreen device D. manager-ip limits who can manage a NetScreen device E. manage-ip is never used as a source address for traffic imitated by the NetScreen device Answer: D, E QUESTION: 3 You suspect that there has been an increase in the number of multiple user authentication failures. What Severity level would you search for in the logs to see this event? A. Alert B. Critical C. Warning D. Emergency 2 http://www.certmagic.com
Slide 3: JN0-530 E. Notifications Answer: A QUESTION: 4 You suspect you are having encryption problems with an IKE VPN. Which commands will allow you to see failed encryption attempts? A. get counter screen <zone> B. get counter flow interface<name> C. get counter policy<policy number> D. get counter statistics interface <name> Answer: B, D QUESTION: 5 What three(3) steps should be taken to secure management access to the NetScreen device? A. Set ping off B. Enable SSH/SSL C. Define Permitted IP D. Set WebAuth values E. Change name and password on the root administrator account Answer: A, C, E QUESTION: 6 You want to be able to monitor traffic directed at the Netscreen device itself. Once you configure this option, what command will allow you to view the log information? A. get event B. get log self C. get log event D. get log traffic 3 http://www.certmagic.com
Slide 4: JN0-530 Answer: B QUESTION: 7 NetScreen devices generate SNMP traps when which events occur? (Select three(3) answer) A. cold starts B. traffic alarms C. warm reboots D. traffic log events E. self log events occur Answer: A, B, C QUESTION: 8 Which three (3) elements are required to build a route-based VPN? A. CREATE ROUTES B. CREATE POLICIES C. CREATE TUNNEL INTERFACES D. CREATE ADDRESS BOOK ENTRIES E. BIND VPN TO TUNNEL INTERFACES Answer: A, C, E QUESTION: 9 What must be configured differently for a IKE Phase 1 gateway used by a route- based VPN than an IKE Phase 1 gateway for a policy-based VPN? A. Proposals B. Pre-shared key C. Remote gateway type D. Binding the tunnel interface E. There are no differences in building a route based IKE gateway and a Policy based IKE gateway 4 http://www.certmagic.com
Slide 5: JN0-530 Answer: E QUESTION: 10 Which statement is most correct in explaining weights and their use in this redundant VPN configuration? Member 1 weight 3 Member 2 weight 2 Member 3 weight 1 A. Weight is not a valid configuration option for Redundant VPNs. B. Weight is a distribution factor, Member 2 will carry 10 times the traffic of Member . C. Weight is used to determine which VPN in the Group carries traffic, Member 2 will carry the traffic. D. Weight is used to determine which VPN in the group carries traffic, member 1 will carry the traffic. E. Weight is distribution value,Member 1 will carry the most traffic, while member 2 will carry 1/10 that amount. Answer: D QUESTION: 11 Your VPN device has a dynamic address, and does not use an FQDN. Which three (3) do you need to configure on your device for a successful Phase I connection to your peer? A. DNS B. Peer id C. Local id D. Main mode E. Aggressive mode F. Static-ip of remote IKE peer Answer: A, C, E QUESTION: 12 Which two (2) statements regarding Certificate Revocation Lists are correct? A. The CRL is time stamped to identify revoked certificates 5 http://www.certmagic.com
Slide 6: JN0-530 B. CRLs are maintained by independent agents to insure accuracy C. A CRL ontains the names and IP addresses of Certificates that have been revoked by the CA D. New CRLs are issued on a regular, periodic basis, which could be hourtly, daily, weekly Answer: A, D QUESTION: 13 Which parameter is exchanged during Phase 2 negotiations? A. Proxy-id B. Certificates C. Pre shared key D. NAT-Trnsversal Data E. Asymmetric Private Keys Answer: A QUESTION: 14 Exhibit: Based on the exhibit, NetScreen A is using a route-based VPN configuration. What two (2) things are “required” on NetScreen A to successfully establish a VPN? (Both device have static IP addresses) A. Proxy-ID B. Peer address of 1.1.2.5 C. Local ID of 1.1.1.1 D. IKE Phase 1 aggressive mode 6 http://www.certmagic.com
Slide 7: JN0-530 E. Tunnel interface with an address in the 1.1.2.0/24 subnet Answer: A, B QUESTION: 15 When using a route-based VPN, what is the default proxy-id for the source address? A. 0.0.0.0/0 B. 0.0.0.0/32 C. The source address of the first packet through the VPN D. The source address of the final Phase 2 packet from the initiator Answer: A QUESTION: 16 Which is a valid Phase 2 IKE proposal? A. pre-g1 –des-md5 B. rsa-g2 3des-sha C. g2-esp-3des-md5 D. g2-esp-aes120-md5 Answer: C QUESTION: 17 Which two (2) statements are correct regarding NHTB? A. The NHTB table can be viewed with the command “get nhtb” B. The NHTB table can be viewed with the command “get interface <tunnel interface>” C. The NHTB table can be viewed with the command “get interface <physical interface>” D. NHTB is enabled automatically when multiple route-based VPNs are bound to a single tunnel interface. E. You cannot see the contents of the NHTB table because it is built automatically and is used internally by the system. 7 http://www.certmagic.com
Slide 8: JN0-530 Answer: B, D QUESTION: 18 Exhibit: Review the exhibit. To deal with the overlapping addresses at the two sites, we are using NAT –src and NAT –dst in association with a route-based VPN. Which two (2) routes are required on NetScreen A to support the bi-directional traffic flow from NetScreenA to NetScreenB? A. set route 192.16.11.1/24 interface trust B. set route 208.18.21.1/24 interface untrust C. set route 208.18.21.1/24 interface tunnel.1 D. set route 192.16.11.1/24 interface tunnel.1 E. set route 0.0.0.0./0 int untrust gateway 2.1.1.20 F. set route 0.0.0.0./0 in untrust gateway 208.18.21.1 Answer: A, C QUESTION: 19 Up-to-the minute information on certificate status is critical to your organization. What should you implement? A. Download new Certificate Revocation List every hour B. Implement SCEP to do real-time checking of Certificate status C. Implement OCEP to do real-time checking of Certificate status D. Download new Certificate Revocation List every day. The Certificate Revocation List are only updated once a day so additional downloads are unnecessary Answer: C 8 http://www.certmagic.com
Slide 9: JN0-530 QUESTION: 20 You have implemented a hub and spoke VPN. On the hub, there are two tunnel interfaces, one to each spoke. Both tunnel interfaces are in zone Corporate. What do you need to configure on the hub to control traffic between the spokes? A. Configure the Corporate zone to be not shareable B. Configure the Corporate zone to block inter-zone traffic. C. Configure the Corporate zone to block intra-zone traffic. D. Configure each tunnel interface to block intra-zone traffic. Answer: C 9 http://www.certmagic.com