Juniper Juniper Certifications JN0-533 Questions & Answers

• Question 41:

  In the network shown in the exhibit, you have been asked to enable users in the Untrust zone to contact Server1 on TCP port 80 using IP address 1.1.1.1. You also need to allow Server1 to make connections to hosts in the Untrust zone.

  When Server1 makes connections to the Untrust zone, the source address of its traffic should be translated to 1.1.1.1.

  What would you use to configure this behavior?

  

  A. MIP

  B. VIP

  C. DIP

  D. SIBR

  Correct Answer: A

• Question 42:

  In the exhibit, you have configured the MIP address 1.1.8.64 on a ScreenOS device. Which statement is correct?

  

  A. It performs one-to-one address translation and maps 1.1.8.64 to 10.1.10.64.

  B. It performs one-to-many address translation and maps 1.1.8.64 to a range from 10.1.10.64 to 10.1.10.71.

  C. It performs range address translation and maps 1.1.8.64 to 10.1.10.64, 1.1.8.65 to 10.1.10.65, etc..

  D. It performs address translation using a random IP address from the pool for 10.1.10.64/29.

  Correct Answer: C

• Question 43:

  FTP connections from host 10.20.1.10 to server 192.168.1.100 are not working. You produce the output shown in the exhibit. What is causing the traffic problem?

  ssg20-> set address "Trust" "192.168.1.0/32" 10.20.1.0 255.255.255.0 ssg20-> set address "Untrust" "10.204.1.0/24" 10.204.1.0 255.255.255.0 ssg20-> set address "Untrust" "192.168.1.0/24" 192.168.1.0 255.255.255.255 ssg20-> get policy id 1 name:"none" (id 1), zone Trust -> Untrust,action Permit, status "enabled" src "192.168.1.0/32", dst "192.168.1.0/24", serv "FTP" Rules on this VPN policy: 0 nat off, Web filtering : disabled vpn unknown vpn, policy flag 00000000, session backup: on, idle reset: on traffic shaping off, scheduler n/a, serv flag 00 log no, log count 0, alert no, counter no(0) byte rate(sec/min) 0/0 total octets 0, counter(session/packet/ octet) 0/0/0 priority 7, diffserv marking Off tadapter: state off, gbw/mbw 0/0 policing (no) No Authentication No User, User Group or Group expression set

  A. The policy's source address is incorrect.

  B. The policy's destination address is incorrect.

  C. The policy's service is incorrect.

  D. The policy does not have the FTP ALG enabled.

  Correct Answer: B

• Question 44:

  Given the policy and address information for the three hosts shown in the exhibit, which two statements are correct? (Choose two.)

  

  A. HTTP traffic from HostC to HostA will be silently discarded.

  B. HTTP traffic from HostC to HostA will result in a RST sent to HostC.

  C. HTTP traffic from HostA to HostB will be allowed.

  D. HTTP traffic from HostA to HostB will be rejected.

  Correct Answer: BC

• Question 45:

  You are setting up security policies to allow access to the servers on the 1.1.1.0/24 subnet. Referring to the exhibit, which two host addresses will be able to access the Web servers using FTP? (Choose two.)

  

  A. 10.1.3.5

  B. 10.1.2.1

  C. 10.1.2.13

  D. 10.1.1.1

  Correct Answer: AC

• Question 46:

  Network traffic with a source IP of 192.168.100.60, destination IP of 8.8.8.8, and a destination port of 80 is sent through the ScreenOS device. The inbound zone is Trust, the outbound zone is Untrust. Based on the policy configuration shown in the exhibit, what happens to this traffic?

  

  A. The traffic is denied by default policy.

  B. Traffic is denied by policy ID 3.

  C. Traffic is permitted by the global policy.

  D. Traffic is permitted by policy ID 2.

  Correct Answer: C

  Explanation:

• Question 47:

  Which two statements are true about the default route configuration based on the output shown in the exhibit? (Choose two.)

  

  A. A default route is configured in the trust-vr with a next-hop IP address of 1.1.1.1.

  B. A default route is configured in the trust-vr with a next hop of ethernet3/1.

  C. A default route is configured in the trust-vr with a next hop of the untrust-vr.

  D. A default route is configured in the untrust-vr with a next-hop IP address of 1.1.1.1.

  Correct Answer: CD

• Question 48:

  Which two statements are true regarding the route shown in the exhibit? (Choose two.)

  

  A. 5.5.5.0/24 was configured as a source route with a next-hop IP address of 1.1.1.1 in the trust- vr.

  B. 5.5.5.0/24 was configured as a destination route with a next-hop IP address of 1.1.1.1 in the trust-vr.

  C. 5.5.5.0/24 was configured as a SIBR route with a next-hop IP address of 1.1.1.1 in the trust-vr.

  D. 5.5.5.0/24 was configured as a permanent source route.

  Correct Answer: AD

• Question 49:

  Users on the 10.10.10.0/24 subnet are reporting connectivity problems. While troubleshooting, you see the output shown in the exhibit. What is the cause of the route flapping?

  

  A. The autonomous system (AS) ID is incorrect.

  B. The interface is in the incorrect OSPF area.

  C. A duplicate router ID exists in the network.

  D. The OSPF neighbors have different hold timer values.

  Correct Answer: C

• Question 50:

  A routing table contains an IBGP route, a RIP route, an OSPF external Type 2 route, and an EBGP route for 192.168.0.0/16. When the router receives traffic destined for, which route will the router use by default?

  A. the EBGP route

  B. the IBGP route

  C. the OSPF route

  D. the RIP route

  Correct Answer: A