Vendor: Juniper
Exam Code: JN0-533
Exam Name: Juniper Networks Certified Specialist, FWV (JNCIS-FWV)
QUESTION 1
Your ScreenOS device does not have a static IP address. You want to be able to access it using its FQDN. How would you implement this task?
A. Configure a domain in DNS.
B. Configure syslog.
C. Configure SNMP.
D. Configure DDNS.
Answer: D
QUESTION 2
You have just installed a new ScreenOS device in your network and you want only a select range of IP addresses to have administrative access to the device. Which choice will allow you to accomplish this?
A. Configure a manager IP.
B. Configure the management interface.
C. Configure a management IP on the trust interface.
D. Configure new system administrators.
Answer: A
QUESTION 3
A routing table contains an IBGP route for 192.168.0.0/24, a RIP route for 192.168.0.0/23, an OSPF route for 192.168.0.0/22, and a static route for 192.168.0.0/16. When the router receives traffic destined for 192.168.0.1, which route will the router use?
A. the IBGP route
B. the OSPF route
C. the RIP route
D. the static route
Answer: A
QUESTION 4
You are troubleshooting telnet traffic destined to IP address 10.10.10.1. You decide to run debug and want to set the flow filter. Which command will show only the telnet traffic going to the 10.10.10.1 address?
A. ssg5-serial-> set ffilter dst-ip 10.10.10.1
ssg5-serial-> set ffilter dst-port 23
B. ssg5-serial-> set ffilter dst-ip 10.10.10.1 dst-port 23
C. ssg5-serial-> set ffilter dst-port 23
D. ssg5-serial-> set ffilter dst-ip 10.10.10.1
Answer: B
QUESTION 5
You have enabled BGP on your ScreenOS device and configured a single EBGP peer. The CLI shows that the BGP connection is transitioning between the CONNECT and ACTIVE states, but never reaching the ESTABLISHED state. What are three reasons for this behavior? (Choose three.)
A. The peer is blocking traffic destined for TCP port 179.
B. The peer address is not configured correctly.
C. The enable statement has not been configured for the peer.
D. The peer AS number is not configured correctly.
E. BGP has not been enabled on the virtual router.
Answer: ABD
QUESTION 6
You want to set up a last resort route and prevent route lookups in either the source-based routing table or the destination-based routing table. What should you do?
A. Disable SIBR and create a default route in the trust-vr table using the null interface as the outgoing
interface with a higher metric than other routes.
B. Disable SIBR and create a default route in the trust-vr table using the null interface as the outgoing
interface with a lower metric than other routes.
C. Enable SIBR and create a default route in the SIBR table using the null interface as the outgoing
interface with a higher metric than other routes.
D. Enable SIBR and create a default route in the SIBR table using the null interface as the outgoing
interface with a lower metric than other routes.
Answer: C
QUESTION 7
You have the following BGP configuration in place to establish a session with a remote peer over your ethernet4 interface.
set vrouter trust-vr protocol bgp 65000
set vrouter trust-vr protocol bgp enable
set vrouter trust-vr protocol bgp neighbor remote-as 65500
set vrouter trust-vr protocol bgp neighbor enable
Which additional statement is necessary to establish the session?
A. set interface protocol bgp enable
B. set interface ethernet4 bgp enable
C. set vrouter trust-vr protocol bgp interface ethernet4
D. set interface ethernet4 protocol bgp
Answer: D
QUESTION 8
You have only one public IP address available and you must allow external access to three servers on a DMZ network. Which two NAT types would allow you to accomplish your objective? (Choose two.)
A. MIP
B. VIP
C. NAT-dst
D. NAT-src
Answer: BC
QUESTION 9
Your ScreenOS device is configured with multiple NAT types.
What is the order of precedence in this situation?
A. interface-based NAT -> VIP -> MIP -> policy-based NAT
B. VIP -> MIP -> policy-based NAT -> interface-based NAT
C. MIP -> VIP -> interface-based NAT -> policy-based NAT
D. MIP -> VIP -> policy-based NAT -> interface-based NAT
Answer: D
QUESTION 10
You must translate a range of public IP addresses to a range of internal IP addresses. Which two mechanisms would you use to accomplish your objective? (Choose two.)
A. MIP using masks
B. VIP using masks
C. policy-based NAT-dst
D. policy-based NAT-src
Answer: AC
QUESTION 11
You enter the following commands:
snoop filter ip dst-ip 1.1.1.10
snoop filter ip src-ip 2.1.1.10
What is the net result of these settings?
A. Only packets with both a dst-ip of 1.1.1.10 and a src-ip of 2.1.1.10 will be captured
B. Packets that have either a dst-ip of 1.1.1.10 or packets with a src-ip of 2.1.1.10 will be captured
C. The second command will be ignored since a second filter cannot be added until the first one has been deleted
D. The second command you entered will overwrite the first command you entered so you will only capture traffic with a src-ip of 2.1.1.10
Answer: B
If you want to pass Juniper JN0-533 successfully, donot missing to read latest lead2pass Juniper JN0-533 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.