Juniper JNCIS JN0-355 Questions & Answers

• Question 1:

  -- Exhibit -(logintime.dayOfWeek = (Mon to Fri)

  AND loginTime = (8:00AM to 5:00PM) AND hostCheckerPolicy = "Antivirus check"

  AND groups = 'Employees') OR groups = 'Executives'

  -- Exhibit -A detailed rule exists that prevents access to a Web page based on the custom expression shown in the exhibit. You want to ensure that Alice can access the resource any day of the week during any time period.

  What is required for Alice?

  A. Alice must be assigned the Employees group.

  B. Alice must be assigned the Executives group.

  C. Alice must pass the Host Checker policy.

  D. Alice must sign in using Junos Pulse.

  Correct Answer: B

• Question 2:

  -- Exhibit ?

  

  -- Exhibit -Referring to the exhibit, which statement is correct?

  A. The user has attempted to sign in using an invalid authentication server.

  B. A role-mapping rule has not been defined for the user.

  C. The user has mistyped their username or password.

  D. The authentication server that the user is authenticating to has rejected their credentials.

  Correct Answer: B

• Question 3:

  -- Exhibit -

  Root::user1(patch management)[Web Users] - Start Policy [WEBURL/REWRITING] evaluation for

  resource http://www.juniper.net:80/

  Root::user1(patch management)[Web Users] - Applying Policy [Initial Rewrite Policy]...

  Root::user1(patch management)[Web Users] - Action [Rewrite Content (auto-detect content type)]

  is returned

  Root::user1(patch management)[Web Users] - Policy [Initial Rewrite Policy] applies to resource

  Root::user1(patch management)[Web Users] - Passthrough proxy policies are not applicable for

  http://www.juniper.net

  Root::user1(patch management)[Web Users] - Start Policy [WEBURL/ACCESS] evaluation for

  resource http://www.juniper.net:80/

  Root::user1(patch management)[Web Users] - Applying Policy [Web]...

  Root::user1(patch management)[Web Users] - Evaluating Policy Rule 1...

  Root::user1(patch management)[Web Users] - Resource filter [http://www.juniper.com:80/*] does

  not match

  Root::user1(patch management)[Web Users] - No Policy Rule applies to resource

  Root::user1(patch management)[Web Users] - Applying Policy [Initial Open Policy]...

  Root::user1(patch management)[Web Users] - User roles [Web Users] do not match with

  configured roles [Exclusive:Web Users]

  Root::user1(patch management)[Web Users] - No Policy applies to resource

  Root::user1(patch management)[Web Users] - Start Auto Allow evaluation on WEBURL for

  resource http://www.juniper.net:80/

  Root::user1(patch management)[Web Users] - No Auto Allow resources configured

  -- Exhibit -A user should be able to access a Web resource but instead is receiving an error that access to the site is blocked.

  Referring to the exhibit, which policy must be modified to allow access to the resource?

  A. initial rewrite policy

  B. pass-through proxy policy

  C. initial open policy

  D. selective rewrite policy

  Correct Answer: C

• Question 4:

  -- Exhibit -

  Info AUT23457 2012-07-16 18:20:06 - ive - [192.168.252.1] jsmith(Users)[] - Login failed using auth server Corp (LDAP Server). Reason: Failed

  Info AUT24327 2012-07-16 18:20:06 - ive - [192.168.252.1] jsmith(Users)[] - Primary authentication failed for jsmith/Corp from 192.168.252.1

  Minor AUT23391 2012-07-16 18:20:06 - ive - [192.168.252.1] jsmith(Users)[] - Could not connect to LDAP server 'Corp': Failed binding to admin DN: [49] Invalid credentials: ADCorp.acme.com:389

  Info AUT23457 2012-07-16 18:20:01 - ive - [192.168.252.1] rbook(Users)[] - Login failed using auth server Corp (LDAP Server). Reason: Failed

  Info AUT24327 2012-07-16 18:20:01 - ive - [192.168.252.1] rbook(Users)[] - Primary authentication failed for jsmith/Corp from 192.168.252.1

  Minor AUT23391 2012-07-16 18:20:01 - ive - [192.168.252.1] rbook(Users)[] - Could not connect to LDAP server 'Corp': Failed binding to admin DN: [49] Invalid credentials: ADCorp.acme.com:389

  -- Exhibit -

  Users are reporting that they cannot log in to the Junos Pulse Secure Access Service. In the user access log on the Junos Pulse Secure Access Service, you discover a series of messages shown in the exhibit.

  What is the cause of the problem?

  A. The Junos Pulse Secure Access Service cannot reach the LDAP authentication server.

  B. The Junos Pulse Secure Access Service cannot authenticate to the LDAP authentication server.

  C. The users are failing authentication because their LDAP credentials are invalid.

  D. The users are failing authentication because they do not exist in the LDAP directory.

  Correct Answer: B

• Question 5:

  -- Exhibit -

  Info PTR23245 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees] Evaluating Policy Rule 1... Info PTR23244 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees]

  Condition [( loginTime.dayOfWeek = (Sat TO Sun) AND loginTime = (8:00AM TO 5:00PM)) OR

  groups = 'Clockworks'] evaluated to false Info PTR23246 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees] No Policy Rule applies to resource

  [etc...]

  Info PTR23245 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees] Evaluating Policy Rule 1... Info PTR23239 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees]

  Action [Deny access] is returned

  Info PTR23234 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[All Employees] Policy [Pulse, Inc. Intranet] applies to resource -- Exhibit -You are unable to access a Web page through the Junos Pulse Secure Access Service. You run a policy trace in the Admin UI to troubleshoot the issue. Referring to the exhibit, what is causing the issue?

  A. Host Checker policy is limiting access to the realm.

  B. A role restriction is denying access to the resource.

  C. A detailed rule is denying access to the resource.

  D. The resource policies are not in the proper order.

  Correct Answer: C

• Question 6:

  You are asked to configure a user's bookmark page to present the appropriate customer-facing corporate branding. Which two user interface role configurations apply? (Choose two.)

  A. corporate logo image

  B. corporate font type

  C. text color

  D. Flash video message

  Correct Answer: AC

• Question 7:

  A customer wants to verify that users satisfy a minimum Windows operating system and service pack (SP) level. Which type of endpoint security policy would be the simplest way to verify this?

  A. Use a Host Checker policy with a rule type of "PredefineD. OS Checks."

  B. Use a Host Checker policy with a rule type of "Custom: Patch Assessment."

  C. Use a realm authentication policy to verify user-agent strings sent by the user's browser.

  D. Use a role restriction policy to verify user-agent strings sent by the user's browser.

  Correct Answer: A

• Question 8:

  In a SAML profile, which two SSO methods are used to communicate with the SAML server? (Choose two.)

  A. Push

  B. Artifact

  C. Pull

  D. Post

  Correct Answer: BD

• Question 9:

  You are configuring a Web resource policy and you want to ensure that a user can only access the URL http://intranet.example.com/employees and exactly one level below /employees. Which policy will satisfy this requirement?

  A. http://intranet.example.com/employees/*/?

  B. http://intranet.example.com/employees/*

  C. http://intranet.example.com/employees/?

  D. http://intranet.example.com/employees/%

  Correct Answer: D

• Question 10:

  You have just upgraded the Junos Pulse Secure Access Service, but now Host Checker is not operational. Host Checker functioned normally before the upgrade. Which Host Checker setting should you verify is enabled in the Admin UI?

  A. Perform dynamic policy reevaluation

  B. Endpoint Security Assessment Plug-In (ESAP) versions

  C. Auto-update virus signatures list

  D. Auto-upgrade Host Checker

  Correct Answer: D