REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Pandora
 
 

 

Braindumps of JN0-520
Juniper Networks Certified Internet Associate, FWV

Exam Questions, Answers, Braindumps (JN0-520)

Thanks to all the friends, who put their braindump on this site. for helping others. Please submit more dump. Because everyone should contribute his share.

QUESTION 1
What is the default mode for an interface in theUntrustzone?
A.NAT
B.route
C.Layer 2
D.Layer 3
E.transparent
Answer: B
Explanation:
Interfaces can operate in three different modes: Network Address Translation (NAT), Route, and Transparent. If an interface bound to a Layer 3 zone has an IP address, you can define the operational mode for that interface as either NAT or Route. An interface bound to a Layer 2 zone (such as the predefined v1-trust, v1-untrust, and v1-dmz zones, or a user-defined Layer 2zone) must be in Transparent mode. You select an operational mode when you configure an interface.
When an ingress interface is in Network Address Translation (NAT) mode, theNetScreendevice, acting like a Layer 3 switch (or router), translates two components in the header of an outgoing IP packet destined for theUntrustzone: its source IP address and source port number. The NetScreendevice replaces the source IP address of the originating host with the IP address of the Untrustzone interface. Also, it replaces the source port number with another random port number generated by theNetScreendevice. Remember that the interface that is residing in the trust zone, is default in NAT mode and an interface that is residing in theuntrustzone, isdefualtin Route mode.When an interface is in Route mode, theNetScreendevice routes traffic between different zones without performing source NAT (NAT-src); that is, the source address and port number in the IP packet header remain unchanged as it traverses theNetScreendevice.
QUESTION 2
What CLI command puts you into the policy configuration sub-mode, allowing you to add additional entries to the source, destination and/or service fields?
A.set policy id x
B.set multiple id x
C.set policy id x multiple
D.set policy from trust tountrust 10.10.10.0; 10.10.11.0 anyanypermit.
Answer: A
Explanation:
Every policy has an ID number, whether you define one or theNetScreendevice automatically assigns it. You can only define an ID number for a policy through the set policy command in the CLI:set policy idnumber... After you know the ID number, you can enter the policy context to issue further commands to modify the policy. Forexample
Netscreen-> set policy id 1
Netscreen(policy:1)-> setsrc-address host2
QUESTION 3
What is the purpose of the 'Permitted IP' address on aNetScreendevice?
A.It defines which range of addresses can access devices connected to theNetScreen
B.It defines a list of addresses that are trusted to perform management on theNetScreen
C.It is used in policy rules to determine which user traffic is allowed through theNetScreen
D.It is the address to which an external device connects in order to gain management access to a NetScreen
E.It defines a list of devices whose traffic can pass through theNetScreenwithout being authenticated
Answer: B
Explanation :
You can administerNetScreendevices from one or multiple addresses of a subnet. By default, any host on the trustedinterface can administer aNetScreendevice. To restrict this ability to specific workstations, you must
configuremanagement client IP addresses.
Example: Restricting Administration to a Single Workstation
In this example, the administrator at the workstation with the IP address 172.16.40.42 is the only administrator specifiedto manage theNetScreendevice.
WebUI
Configuration > Admin > PermittedIPs: Enter the following, and then click Add:
IP Address /Netmask: 172.16.40.42/32
CLI
setadmin manager-ip 172.16.40.42/32
save
Note: The assignment of a management client IP address takes effect immediately. If you are managing the device via a network connection and your workstation is not included in the assignment, theNetScreendevice immediately terminates your current session and you are no longer able to manage the device from that workstation.
QUESTION 4
Which policy option allows you to view session addresses that have been translated?
A.Logging
B.Counters
C.Schedule
D.Authentication
E.Address translation
Answer: A
Explanations:
When you enable logging in a policy, theNetScreendevice logs all connections to which that particular policy applies. You can view the logs through either theWebUIor CLI. Logging is a great feature for troubleshooting policies on yournetscreendevice.
IncorrectAnswers:
BWhen you enable counting in a policy, theNetScreendevice counts the total number of bytes of traffic to which this policy applies and records the information in historical graphs.
CBy associating a schedule to a policy, you can determine when the policy is in effect. You can configure schedules on a recurring basis and as a one-time event. Schedules provide a powerful tool in controlling the flow of network traffic and in enforcing network security.
DSelecting this option requires the auth user at the source address to authenticate his/her identity by supplying a user name and password before traffic is allowed to traverse the firewall or enter the VPN tunnel. TheNetScreendevice can use the local database or an external RADIUS,SecurID , or LDAP auth server to perform the authentication check.
ENetScreenprovides several mechanisms for applying network address translation (NAT). The concept of NAT comprises the translation of the IP address in an IP packet header and, optionally, the translation of the port number in the TCP segment or UDP datagram header. The translation can involve the source address (and optionally the source port number), the destination address (and optionally the destination port number), or a combination of translated elements. However you are not able to view translated addresses with this option.
QUESTION 5
Ac Access Policy must contain which three (3) items?
A.Service
B.Authentication
C.Source address
D.Firewall settings
E.Action (permit, deny, tunnel)
Answer: A, C, E
Explanation:
A policy permits, denies, or tunnels specified types of trafficunidirectionallybetween two points. The type of traffic (or "service"), the location of the two endpoints, and the invoked action compose the basic elements of a policy. Although there can be other components, the required elements, which together constitute the core section of a policy, are as follows:
Direction - The direction of traffic between two security zones (from a source zone to a destination zone)
Source address - The address from which traffic initiates
Destination address - The address to which traffic is sent
Service - The type of traffic transmitted
Action - The action that theNetScreendevice performs when it receives traffic meeting the first four criteria: deny, permit, reject, or tunnel
For example, the policy stated in the following CLI command permits FTP traffic from any address in the Trust zone to an FTP server named "server1" in the DMZ zone:
setpolicy from trust tountrustany server1 ftp permit
Direction:from trust tountrust(that is, from the Trust zone to theUntrustzone)
Source Address:any(that is, any address in the Trust zone. The term "any" stands for a predefined addressthat applies to any address in a zone)
Destination Address:server1(a user-defined address in theUntrustzone address book) Service:ftp(File Transfer Protocol)
Action:permit(thatNetScreendevice permits this traffic to traverse its firewall)
QUESTION 6
You are trying to remove an address book entry by going to the Address Book -> List display of the Web UI, but you cannot find the remove option. What would cause this problem?
A.An address book entry can only be deleted from the command line interface. You will need to use the CLI to delete it.
B.The address book entry ismisconfigured. You need to correct the address book entry before it will allow you to delete
C.You cannot remove an address book entry from this screen. You need to use the delete option found under the management options screen.
D.The address book entry is being used by a policy. You must delete the policy or remove the address book entry from the policy before it ban be deleted.
Answer: D
Explanation :
Before you can set up many of theNetScreenfirewall, VPN, and traffic shaping features, you need to define addressesin one or more address lists. The address list for a security zone contains the IP addresses or domain namesof hosts or subnets whose traffic is either allowed, blocked, encrypted, or user-authenticated.
After you define anaddress.oran address group and associate it with a policy, you cannot change the address location to another zone (such as from Trust toUntrust). To change its location, you must first disassociate it from the underlying policy. Also keep the following in mind regarding to addresslists :
1.When using the CLI, you must create all of your address book entries before you make your policies.
2.You can modify everything about an address book entry except its zone.
3.You can not modify an address object from the CLI, you must first delete it and the recreate it.
QUESTION 7
Addresses Book entries identify devices such as hosts and networks by their location in relation to:
A.security zones
B.existing access polices
C.an interface on the firewall
D.a listing of addresses in the ARP table
E.a reachable network (via the routing table)
Answer: A.
Explanation:
Before you can set up many of theNetScreenfirewall, VPN, and traffic shaping features, you need to define addressesin one or more address lists. The address list for a security zone contains the IP addresses or domain names1 of hosts or subnets whose traffic is either allowed, blocked, encrypted, or user-authenticated.
On a singleNetScreendevice, you can configure multiple security zones, sectioning the network into segments to which you can apply various security options to satisfy the needs of each segment. At a minimum, you must define two security zones, basically to protect one area of the network from the other. On someNetScreenplatforms, you can define many security zones, bringing finer granularity to your network security design- and without deploying multiple security appliances to do so.
You can identify a security zone because it has an address book and can be referenced in policies.
QUESTION 8
Which are two (2) advanced policy configuration options?
A.Schedule
B.Service group
C.Authentication
D.Source address
E.Action (permit, deny, tunnel)
Answer: A, C
Explanation:
Schedule
A schedule is a configurable object that you can associate with one or more policies to define when they are in effect. Through the application of schedules, you can control network traffic flow and enforce network security.
The schedule option can be found under the advanced policy section. When you define a schedule, enter values for the following parameters:
Schedule Name:The name that appears in the Schedule drop-down list in the Policy Configuration dialog
box. Choose a descriptive name to help you identify the schedule. The name must be unique and is limited to19 characters.
Comment:Any additional information that you want to add.
Recurring:Enable this when you want the schedule to repeat on a weekly basis.
Start and End Times:You must configure both a start time and an end time. You can specify up to twotime periods within the same day.
Once:Enable this when you want the schedule to start and end only once.
mm/dd/yyyyhh:mm:You must enter both start and stop dates and times.
Service Group Services are objects that identify application protocols using layer4 information such as standard and accepted TCP and UDP port numbers for application services like Telnet, FTP, SMTP, and HTTP. TheScreenOSincludes predefined core Internet services. Additionally, you can define custom services. You can define policies that specify which services are permitted, denied, encrypted, authenticated, logged, or counted.
Authentication
Selecting this option requires the auth user at the source address to authenticate his/her identity by supplying a user name and password before traffic is allowed to traverse the firewall or enter the VPN tunnel. TheNetScreendevice can use the local database or an external RADIUS,SecurID , or LDAP auth server to perform the authentication check. The authentication options can be found under the advanced policy section.NetScreenprovides two authentication schemes:
Run-time authentication, in which theNetScreendevice prompts an auth user to log on when it receives HTTP, FTP or Telnet traffic matching a policy that has authentication enabled WebAuth, in which a user must authenticate himself or herself before sending traffic through theNetScreen device
Source Address
You can apply source address translation (NAT-src) at the policy level. With NAT-src, you can translate the source address oneither incoming or outgoing network andVPN traffic. The new source address can come from either a dynamic IP (DIP) pool or the egress interface. NAT-src also supports source port address translation (PAT).
Action
An action is an object that describes what the firewall does to the traffic it receives.
Deny blocks the packet from traversing the firewall.
Permit allows the packet to pass the firewall.
Reject blocks the packet from traversing the firewall. TheNetScreendevice drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic3 and an ICMP "destination unreachable, port unreachable" message (type 3, code 3) for UDP traffic. For types of traffic other than TCP and UDP, the NetScreendevice drops the packet without notifying the source host, which is also what occurs when the actionis "deny".
Tunnel encapsulates outgoing IP packets anddecapsulatesincoming IP packets. For anIPSec VPN tunnel, specify which VPN tunnel to use. For an L2TP tunnel, specify which L2TP tunnel to use.
For
L2TP-over-IPSec, specify both anIPSecVPN tunnel and an L2TP tunnel4.
TheNetScreendevice applies the specified action on traffic that matches the previously presented criteria: zones (source and destination), addresses (source and destination), and service.

JN0-520

 

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend