FWV, Associate (JNCIA-FWV)
Answers, Braindumps (JN0-521)
Here is my contribution to the braindumps. For this
exam I used www.exams.ws guide and i got cleared the
A ScreenOS firewall has the correct interfaces addressed
and active. A policy is written allowing interzone
FTP traffic from a directly connected client. But
the traffic does not cross the firewall from the client
to the server. What is the most likely problem with
A. The ScreenOS firewall has no physical connection
to the FTP server.
B. The ALG option on the ScreenOS firewall has not
been enabled for FTP traffic.
C. The ScreenOS firewall does not have a route defined
to the FTP servers' subnet.
D. The ScreenOS firewall does not have a route defined
to the FTP clients subnet.
Which three options allow proper configuration of
NAT-dst? (Choose three.)
A. the default address book entry of "any"
in the internal zone
B. the default address book entry of "any"
in the external zone
C. a secondary address on one of the interfaces in
the internal zone
D. an address book entry for the address to be translated
in the internal zone
E. a static route to the appropriate subnet using
a private interface as the outbound interface
ANS C, D, E
Which two statements are true in regards to a ScreenOS
firewall in transparent mode? (Choose two.)
A. VPNs can terminate to the VLAN1 interface IP address.
B. Static routes must be configured if multiple virtual
routers are going to be used.
C. It can be installed in a network without the requirement
to reconfigure IP addressing schemes.
D. You must use the console port to manage the device
as you cannot manage the device using an Ethernet
ANS A, C
What are three major concerns when sending private
data over a public medium? (Choose three.)
ANS A, D, E
By default, from which hardware component is the startup
copy of the ScreenOS loaded?
B. TFTP server
C. internal flash
D. PCMCIA card
Which three must a policy contain? (Choose three.)
E. policy name
ANS A, B, C
While looking at your policies using the WebUI, you
notice that the green permit policy has turned blue.
What would cause this?
A. The policy is currently inactive.
B. The policy is configured to support a MIP.
C. The policy is configured for unidirectional NAT.
D. The policy is currently passing traffic beyond
its traffic limits and is in alarm state.
Your VPN tunnel does not pass traffic. You run the
get ike cookie command and discover that there is
no cookie. Which two should be verified? (Choose two.)
B. Phase 1 configuration options
C. Phase 2 configuration options
D. selected quick mode encryption algorithms
ANS A, B