testexam23 You ought to locate the highly proper FLYDUMPS Juniper JN0-522 exam sample questions which are presented by the highly reliable online source. These Juniper JN0-522 questions and answers will certainly make the preparation process very easy for you and getting success in the Juniper JN0-522 exam will not be impossible anymore for you. FLYDUMPS is the ultimate source to pass Juniper JN0-522 exam for a lesser cost and shorter time. By the help of FLYDUMPS, you will definitely pass the Juniper JN0-522 exam and acquire your Juniper JN0-522 certification without the other materials or training classes. Juniper https://www.leads4pass.com/jn0-522.html exam sample questions at FLYDUMPS are actually proved to be the latest and current one with the professional team who especially communicate the newest condition of your FLYDUMPS Juniper JN0-522 exam.
QUESTION 1
Address book entries identify hosts and networks by their location in relation to what?
A. Network entries in the routing table
B. A listing of addresses in the ARP table
C. Security zones on the firewall
D. An interface on the firewall
Correct Answer: C
QUESTION 2
Which two options allow proper configuration of NAT-dst? (Choose two.)
A. A static route to the appropriate subnet using a private interface as the outbound interface
B. The default address book entry of “any” in the internal zone
C. The default address book entry of “any” in the external zone
D. An address book entry for the address to be translated in the internal zone
Correct Answer: AD
QUESTION 3
Which three options allow proper configuration of NAT-dst? (Choose three.)
A. The default address book entry of “any” in the external zone
B. An address book entry for the address to be translated in the internal zone
C. A static route to the appropriate subnet using a private interface as the outbound interface
D. The default address book entry of “any” in the internal zone
E. A secondary address on one of the interfaces in the internal zone
Correct Answer: BCE
QUESTION 4
Which two protocols are defined in the IPSec standard? (Choose two.)
A. ESP
B. IKE
C. GRE
D. AH
Correct Answer: AD
QUESTION 5
What is the purpose of the “Permitted IP” address on a ScreenOS device?
A. It is used in policy rules to determine which user traffic is allowed through the ScreenOS device
B. It defines a list of addresses that are trusted to perform management on the ScreenOS device
C. It is the address that an external device uses to gain management access to a ScreenOS device
D. It defines which range of addresses that can access devices connected to the ScreenOS device
Correct Answer: B
QUESTION 6
In the exhibit, which routing command would allow Host A to communicate with host C?
A. Set route 0.0.0.0/0 int e0/3 gateway 177.11.56.254
B. Set route 1.1.70.0 interface e0/3 gateway 177.11.56.254
C. Configure route 1.1.70.0/24 gateway 177.11.56.254 int e0/3
D. Set route 1.1.70.0/24 interface e0/3 gateway 177.11.56.254
Correct Answer: D
QUESTION 7
What are two benefits of configuring a ScreenOS device in transparent mode? (Choose two.)
A. Policies are easier to create since you do not have to include source and destination IP addresses
B. There is no need to create MIPs or VIPs for incoming traffic to reach protected servers
C. The product can support more VPNs and obtain greater throughput because there is less overhead to manage
D. There is no need to reconfigure the IP addresses of routers or protected servers
Correct Answer: BD
QUESTION 8
Which statement accurately describes the “config rollaback” feature?
A. Once the “Config rollback” feature is enabled, it allows the administrator to re-apply a previously saved configuration file from the flash
B. Once the “Config rollback” feature is enabled, it allows the administrator to revert to the prior ScreenOS image or configuration file in event an upgrade operation aborts
C. The “Config rollback” feature is enabled by default, it allows the administrator to re-reply a previously saved configuration file from flash
D. Once the “Config rollback” feature is enabled, it allows the administrator to re-apply a locked configuration file from a separate area in flash
Correct Answer: D
See the exhibit. Which order of policies would allow all five policies to be effective in matching traffic?
A. 3,4,2,5,1
B. 3,2,1,5,4
C. 5,3,1,2,4
D. 4,5,3,2,1
Correct Answer: A
QUESTION 10
Which ScreenOS CLI commands would be used to enable traffic logging in policy edit mode?
A. Set policy traffic-log
B. Set traffic-log
C. Set log
D. Set logging
Correct Answer: C
QUESTION 11
Which command would you run to check IPSec Phase 1 active status?
A. Get event 427
B. Get sa active
C. Get sa
D. Get ike cookie
Correct Answer: D
QUESTION 12
Telnet management has been enabled on an interface in the untrust zone. What else should be configured to limit telnet access to the ScreenOS devie from trusted management PCs?
A. Define a manage IP address on this interface
B. Define a policy from trust to untrust
C. Define a permitted IP address
D. Define a trusted IP in the address table
Correct Answer: C
QUESTION 13
In the exhibit, which two forms of address translation would have generated the output shown? (Choose two.)
A. NAT-src with no DIP
B. Interface-based translation
C. NAT-src with a DIP, fixed-port disabled
D. MIP
Correct Answer: AB
QUESTION 14
Which statement accurately describes the “config rollaback” feature?
A. Once the “Config rollback” feature is enabled, it allows the administrator to re-apply a locked configuration file from a separate area in flash
B. The “Config rollback” feature is enabled by default, it allows the administrator to re-reply a previously saved configuration file from flash
C. Once the “Config rollback” feature is enabled, it allows the administrator to re-apply a previously saved configuration file from the flash
D. Once the “Config rollback” feature is enabled, it allows the administrator to revert to the prior ScreenOS image or configuration file in event an upgrade operation aborts
Correct Answer: A
QUESTION 15
What needs to be configured in Phase 2 of a route-based VPN that does not need to be configured in a policy-based VPN?
A. Proxy-id
B. Custom proposals
C. Tunnel-binding
D. Transport mode
Correct Answer: C
QUESTION 16
You are looking at the event log of the responding device and it says ” Rejected an initial Phase 1 packet from un unrecognized peer gateway”. What are three likely reasons for the failure? (Choose three.)
A. The Peer ID is misconfigured
B. The gateway address is misconfigured
C. The preshare keys are mismatched
D. The outgoing interface is misconfigured
E. The default gateway is missing
Correct Answer: ABD
QUESTION 17
A ScreenOS firewall is running in transparent mode. The firewall receives a packet which has no entry in A. Flood out all ports
B. Perform a policy lookup and determine the interfaces to which the source address is permitted and flood the packet out of those interfaces
C. Perform a policy lookup to determine the zones to which the source address is permitted and flood the packet out the interfaces bound to those zones
D. Check its route table for interzone destination
Correct Answer: C
QUESTION 18
you are looking at the event log of the responding device and it says ” Rejected an initial Phase 1 packet from un unrecognized peer gateway”. What are three likely reasons for the failure? (Choose three.)
A. The gateway address is misconfigured
B. The default gateway is missing
C. The Peer ID is misconfigured
D. The outgoing interface is misconfigured
E. The preshare keys are mismatched
Correct Answer: ACD
QUESTION 19
See the Exhibit: For the SSG 20 to have full reachability to all host in the network, how many static routes need to be added?
A. 5
B. 3
C. 4
D. 2
Correct Answer: C QUESTION 20
You have created a route-based VPN in your ScreenOS device. When the remote device tries to connect you see the following message in your event log, “No Policy exist for the proxy id received”. Which two would cause this to occur? (Choose two.)
A. The tunnel interface is configured in a different zone than the physical interface
B. A proxy-id conflict
C. The remote device is a policy-based VPN
D. An unbound tunnel interface
Correct Answer: BC QUESTION 21
Which command is used to verify IKE Phase 1 is complete?
A. Get ike active
B. Get flow active
C. Get ike cookie
D. Get sa a active
Correct Answer: C QUESTION 22
Your VPN tunnel does not pass traffic. You run the get ike cookie command and discover that there is no cookie. Which two should be verified? (Choose two.)
A. Selected quick mode encryption algorithms
B. Routes
C. Phase 1 configuration options
D. Phase 2 configuration options
Correct Answer: BC
Worried about Juniper https://www.leads4pass.com/jn0-522.html exam pass results? Adopt most reliable way of exam preparation that is Oracle 1Z0-047 Questions & Answers with explanations to get reliable high Juniper JN0-522 exam pass result.Flydumps definitely guarantees it!