3COM certification 3COM
Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
BEA certification BEA Systems
Business Objects certification Business Objects
Check Point certification CheckPoint
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
COGNOS certification COGNOS
CompTIA certification CompTIA
CWNP certification CWNP
EC-Council certification EC-Council
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
F5 Networks certification F5 Networks
H3C certification H3C
HDI certification HDI
HP certification HP
Hitachi certification Hitachi
IBM certification IBM
Isaca certification Isaca
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper Networks
Lotus certification Lotus
LPI certification LPI
Microsoft certification Microsoft
Mile2 certification Mile2
Network Appliance certification Network Appliance
Nortel certification Nortel
Novell certification Novell
Oracle certification Oracle
PMI certification PMI
RedHat certification RedHat
RSA certification RSA Security
SAIR certification SAIR
SAS certification SAS Institute
SNIA certification SNIA
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Teradata certification Teradata
Tibco certification Tibco
Veritas certification Veritas
VMware certification VMware
All Exams

Juniper JN0-521 Exam - CertifySky.com

Free JN0-521 Sample Questions:

Q: 1 A ScreenOS firewall has the correct interfaces addressed and active. A policy is written allowing interzone FTP traffic from a directly connected client. But the traffic does not cross the firewall from the client to the server. What is the most likely problem with the firewall?
A. The ScreenOS firewall has no physical connection to the FTP server.
B. The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C. The ScreenOS firewall does not have a route defined to the FTP servers' subnet.
D. The ScreenOS firewall does not have a route defined to the FTP clients subnet.
Answer: C

Q: 2 Click the Exhibit button. In the exhibit, why is the packet dropped?

A. interface down
B. route not configured
C. policy not configured
D. denied by policy 1005
Answer: C

Q: 3 Which three options allow proper configuration of NAT-dst? (Choose three.)
A. the default address book entry of "any" in the internal zone
B. the default address book entry of "any" in the external zone
C. a secondary address on one of the interfaces in the internal zone
D. an address book entry for the address to be translated in the internal zone
E. a static route to the appropriate subnet using a private interface as the outbound interface
Answer: C, D, E

Q: 4 Which two statements are true in regards to a ScreenOS firewall in transparent mode? (Choose two.)
A. VPNs can terminate to the VLAN1 interface IP address.
B. Static routes must be configured if multiple virtual routers are going to be used.
C. It can be installed in a network without the requirement to reconfigure IP addressing schemes.
D. You must use the console port to manage the device as you cannot manage the device using an Ethernet port.
Answer: A, C

Q: 5 What are three major concerns when sending private data over a public medium? (Choose three.)
A. integrity
B. authority
C. capacity
D. confidentiality
E. authentication
Answer: A, D, E

Q: 6 By default, from which hardware component is the startup copy of the ScreenOS loaded?
A. NVRAM
B. TFTP server
C. internal flash
D. PCMCIA card
Answer: C

Q: 7 Which three must a policy contain? (Choose three.)
A. action
B. service
C. address
D. application
E. policy name
Answer: A, B, C

Q: 8 What is the default mode for an interface in the trust zone?
A. NAT
B. route
C. Layer 2
D. Layer 3
E. transparent
Answer: A

Q: 9 Which command is used to verify IKE Phase 1 is complete?
A. get sa active
B. get ike active
C. get ike cookie
D. get flow active
Answer: C

Q: 10 When managing a ScreenOS device using the WebUI and performing an image upgrade, from which hardware component will the ScreenOS image be loaded?
A. TFTP server
B. PC local disk
C. internal flash
D. Compact Flash Card
Answer: B

Q: 11 Click the Exhibit button.

In the exhibit, in order for the SSG 20 to have full reachability to all hosts in the network, how many static routes need to be added?
A. 2
B. 3
C. 4
D. 5
Answer: C

Q: 12 While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this?
A. The policy is currently inactive.
B. The policy is configured to support a MIP.
C. The policy is configured for unidirectional NAT.
D. The policy is currently passing traffic beyond its traffic limits and is in alarm state.
Answer: C

Q: 13 Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A. routes
B. Phase 1 configuration options
C. Phase 2 configuration options
D. selected quick mode encryption algorithms
Answer: A, B

Q: 14 You have created a route-based VPN in your ScreenOS device. When the remote device tries to connect you see the following message in your event log, "No policy exists for the
proxy id received". Which two would cause this to occur? (Choose two.)
A. a proxy-id conflict
B. an unbound tunnel interface
C. the remote device is a policy-based VPN
D. the tunnel interface is configured in a different zone than the physical interface
Answer: A, C

Q: 15 In the command, save config from tftp 1.1.7.250 abcd.cfg merge, which function does the merge parameter specify?
A. The config file from the TFTP server will replace the configuration in RAM.
B. The config file from the TFTP server will replace the startup configuration file in internal flash.
C. The merge parameter is not valid for TFTP files, it is only valid for configuration files stored in internal flash.
D. The config file from the TFTP server will be combined with the configuration file in RAM and the
combined result will be saved in internal flash.
Answer: D

Q: 16 You are configuring an interface in the untrust zone with an IP address, telnet enabled, and WebUI management. Which sequence of steps must be performed to make the interface operational at the end of the configuration sequence?
A. Assign the interface to a zone, define the IP address, enable Web and telnet services.
B. Assign the interface to a zone, define the IP address, accept default management services.
C. Assign the interface to a virtual router, define the IP address, enable Web and telnet services.
D. Assign the interface to a zone, define the IP address, define a manage IP address, accept default management services.
Answer: A

Q: 17 Click the Exhibit button.

In the exhibit, which interface would be used to forward traffic to host 1.1.7.5?
A. e0/1
B. e0/2
C. e0/3
D. e0/4
Answer: C

Q: 18 Which ScreenOS CLI policy statement keyword would enable a policy only during specified times, days, and/or dates?
A. at
B. calendar
C. schedule
D. scheduler
Answer: C

Q: 19 A ScreenOS firewall is running in transparent mode. The firewall receives a packet which has no entry in its forwarding table. What will the firewall do?
A. Flood out all ports.
B. Check its route table for interzone destination.
C. Perform a policy lookup to determine the interfaces to which the source address is permitted, and flood the packet out of those interfaces.
D. Perform a policy lookup to determine the zones to which the source address is permitted, and flood the packet out the interfaces bound to those zones.
Answer: D

Q: 20 What is the maximum number of custom proposals sent by a ScreenOS device when negotiating IKE Phase 1 or Phase 2?
A. 2
B. 3
C. 4
D. 6
Answer: C

Q: 21 You are trying to remove an address book entry by going to the Objects > Addresses > List display of the WebUI, but you cannot find the remove option. What would cause this problem?
A. An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B. The address book entry is misconfigured. You need to correct the address book entry before it will allow you to delete it.
C. You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D. The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it can be deleted.
Answer: D

Q: 22 When adding an address book entry for a host, which mask should be used?
A. 0.0.0.0
B. 255.255.255.0
C. 255.255.255.255
D. the host's subnet mask i.e., 255.255.255.224
Answer: C

Q: 23 Click the Exhibit button.

In the exhibit, which routing command would allow host A to communicate with host D? (Note: Assume a route from the SSG 20 to host A's subnet already exists.)
A. set route 143.45.56.0/24 interface e0/4
B. set route 0.0.0.0/0 int e0/4 gateway 143.45.56.254
C. set route 200.5.5.0/24 gateway 143.45.56.254 int e0/4
D. set route 200.5.5.0/24 interface e0/4 gateway 143.45.56.254
Answer: B

Q: 24 An operational firewall needs a configuration loaded and executed while it is passing user data. Which CLI command will perform this process without interrupting traffic?
A. save config from tftp 1.1.7.250 15June06.cfg to flash
B. save config from tftp 1.1.7.250 15June06.cfg to ram
C. save config from tftp 1.1.7.250 15June06.cfg merge
D. save config from tftp 1.1.7.250 15June06.cfg to flash reset
Answer: C

Q: 25 Telnet management has been enabled on an interface in the untrust zone.
What else should be completed to limit telnet access to the ScreenOS device from trusted management PCs?
A. Define a permitted IP address.
B. Define a policy from trust to untrust.
C. Define a trusted IP in the address table.
D. Define a manage IP address on this interface.
Answer: A

Q: 26 You have created your tunnel interface in the untrust zone. Traffic from the trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the untrust zone is not able to pass traffic through the tunnel. You are using a single virtual
router. What is causing this problem?
A. Two virtual routers need to be configured.
B. A policy is needed since intra-zone blocking is on by default in the untrust zone.
C. The tunnel is configured with a proxy id that does not include the address from the untrust interface.
D. The routing tables are not correctly configured to allow the traffic from the untrust source to be delivered to the destination.
Answer: B

Q: 27 Which type of NAT is performed when you implement interface-based NAT?
A. source IP address translation
B. destination IP address translation
C. source IP and port address translation
D. destination IP and port address translation
Answer: C

Q: 28 If all interfaces are configured for route mode, what will be modified by the ScreenOS device when traffic travels from the trust zone to the untrust zone?
A. source IP
B. source port
C. source MAC
D. destination IP
E. destination port
Answer: C

Q: 29 What is the purpose of the sequence number in the ESP or AH header?
A. to provide protection from missing packets that have been encrypted
B. to provide protection from someone trying to modify the packet content
C. to provide protection from someone trying to replay captured data later in the session
D. to provide protection from hackers changing the sequence number in the layer 4 header
Answer: C

Q: 30 Which ScreenOS CLI policy statement keyword would be used to enable traffic counters?
A. count
B. traffic
C. counter
D. counters
Answer: A