You are receiving 3000 SYN packets per second from multiple outside sources to the same destination IP address in your network. You want the SYN proxy Screen option to engage when SYN packets exceed 2000 per second, but the SYN proxy is not engaging. What is causing the problem?
A. The SYN packets are being sent to multiple destination ports.
B. The alarm threshold is too high.
C. The destination threshold is too high.
D. The option to only generate alarms without dropping packets is set to ON.
You have configured deep-packet inspection on a ScreenOS device. You have not modified the default threshold values. The device detects a single session that matches an attack. Which two actions can you configure the device to take? (Choose two.)
A. Close the connection and disallow further connections from the client to the server.
B. Close the connection and rate-limit further connections to the server.
C. Discard all additional packets related to the session.
D. Send a TCP RST message to both the client and server.
Which two statements are true about VPN Monitor on a ScreenOS device? (Choose two.)
A. With a route-based VPN failure, VPN Monitor marks the tunnel interface status as down.
B. With a policy-based VPN failure, VPN Monitor marks the tunnel interface status as down.
C. VPN Monitor uses UDP to detect a VPN connection failure.
D. VPN Monitor uses ICMP to detect a VPN connection failure.
You want to ensure that the IKE Phase 2 key is totally independent of the IKE Phase 1 key. Which IKE feature would you enable?
A. Perfect Forward Secrecy
B. Diffie-Hellman Group 5
C. Replay Protection
D. Rekey Protection
Which two Diffie-Hellman (DH) groups are supported by ScreenOS software? (Choose two.)
A. DH Group 1: 1024-bit
B. DH Group 2: 1024-bit
C. DH Group 5: 1536-bit
D. DH Group 15: 2048-bit
How is a route-based VPN different from a policy-based VPN?
A. A route-based VPN requires manual keys for encryption and authentication.
B. A route-based VPN requires static route entries for the remote peer.
C. A route-based VPN is bound to a tunnel interface.
D. A route-based VPN is bound to a loopback interface.
Which two statements are true about policy-based VPNs as compared to route-based IPsec VPNs when using ScreenOS devices? (Choose two.)
A. For policy-based IPsec VPNs, you can configure 0.0.0.0/0 as the proxy ID on both VPN gateways regardless of the security policy.
B. For route-based IPsec VPNs, you can configure 0.0.0.0/0 as the proxy ID on both VPN gateways regardless of the security policy.
C. For route-based IPsec VPNs, the proxy ID is derived from the policy.
D. For policy-based IPsec VPNs, the proxy ID is derived from the policy.
You are configuring a VPN with IKE between headquarters and a branch office that uses a dynamic public IP address. Which IKE mode should you use?
A. quick mode
B. main mode
C. aggressive mode
D. wizard mode
You are building an IPsec VPN and want to authenticate and encrypt the content. Which two Phase 1/ Phase 2 (P1/P2) proposals would achieve this goal? (Choose two.)
A. P1: pre-g5-3des-sha, P2: g5-esp-3des-sha
B. P1: pre-g2-aes128-sha, P2: g5-ah-aes128-sha
C. P1: pre-g5-des-md5, P2: g5-ah-des-md5
D. P1: pre-g2-esp128-sha, P2: g2-esp-aes128-sha
You must verify on your ScreenOS device that you have configured the correct tunnel peer and determine which IKE proposals the remote device is sending and accepting. Which command should you use?
A. get ike gateway
B. get ike peer
C. get sa active
D. get ike active
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-533 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.