JN0-533 Online Practice Questions and Answers

You have configured a single-port VIP to forward HTTP traffic from the untrust interface on your ScreenOS device to an internal Web server. You have configured a policy to allow this traffic. Traffic from the untrust interface that matches this

policy is unable to connect to the Web server.

What is a solution to this problem?

A. You must reboot the ScreenOS device for the VIP to become active.

B. You must ensure the ScreenOS device has a route to the Web server.

C. You must ensure the Web server is directly connected to the ScreenOS device.

D. You must save the ScreenOS device configuration for the VIP to become active.

Which two Diffie-Hellman (DH) groups are supported by ScreenOS software? (Choose two.)

A. DH Group 1: 1024-bit

B. DH Group 2: 1024-bit

C. DH Group 5: 1536-bit

D. DH Group 15: 2048-bit

You manage a ScreenOS device. A user complains that the FTP download speed is slow. You suspect a cable or an interface might be the problem. Which command provides interface error information?

A. show counter flow interface

B. get counter flow interface

C. show counter statistics interface

D. get counter statistics interface

You want to centralize the logging for all your ScreenOS devices and you must be able to synchronize the log. Which two actions would you perform to accomplish this? (Choose two.)

A. Enable logging to the console.

B. Enable logging to syslog.

C. Enable NTP and set to UTC/GMT time.

D. Enable logging to the USB.

You have lost the admin user password for your NetScreen device. No other user accounts are configured on the device. How would you access the CLI?

A. Log in on the console using the secret name "recovery" and password "netscreen".

B. Send a break to the console during the boot process and modify the configuration registers.

C. Log in on the console using the serial number as the username and password.

D. Log in on the console using the secret name "recovery" and the serial number as the password.

Referring to the exhibit, what is the appropriate VPN monitor status?

A. The VPN is active and the peer is down.

B. The VPN is active and VPN Monitor is not configured for the peer.

C. The VPN is active and the peer is up.

D. The VPN is inactive and VPN Monitor is not configured for the peer.

Referring to the exhibit, both clustered devices are in a master state. What is the cause of this situation?

NSPROD1(M)-> get nsrp ha-link total_ha_port = 2 probe on ha-link is disabled unused channel: ethernet8 (ifnum: 11) maC. 0010db1d1e8b statE. down unused channel: ethernet7 (ifnum: 10) maC. 0010db1d1e8a statE. down ha control link not available ha data link not available ha secondary path link not available

A. The cluster is not configured for NSRP.

B. The cluster is in the process of failing over from the primary node to the secondary node.

C. Probes on the HA links have been disabled, causing the HA links to go down.

D. The control and the data link is down.

Which action does a ScreenOS device perform first when processing a packet?

A. It checks for an existing session.

B. It checks for attacks in the payload.

C. It performs a route lookup.

D. It performs a policy lookup.

A ScreenOS device evaluates five primary elements when performing a security policy check on a new session. Which five elements are evaluated?

A. source IP address, destination IP address, source route, source port, and destination port

B. source IP address, destination IP address, source port, destination port, and protocol

C. source IP address, destination IP address, source port, destination port, and payload

D. destination IP address, source port, destination port, protocol, and payload

Which two actions are performed by a read/write vsys administrator? (Choose two.)

A. View the security associations for all virtual systems.

B. Configure a vsys address book entry.

C. Modify the vsys administrator login name.

D. Modify the vsys read/write administrator password.

Policy-based routing consists of which three ScreenOS objects? (Choose three.)

A. extended access lists

B. match groups

C. action groups

D. address books

E. security policy

Network traffic with a source IP of 192.168.100.60, destination IP of 8.8.8.8, and a destination port of 80 is sent through the ScreenOS device. The inbound zone is Trust, the outbound zone is Untrust. Based on the policy configuration shown in the exhibit, what happens to this traffic?

A. The traffic is denied by default policy.

B. Traffic is denied by policy ID 3.

C. Traffic is permitted by the global policy.

D. Traffic is permitted by policy ID 2.

What are two advantages for using the count parameter on a security policy? (Choose two.)

A. to see any NAT traffic drops for that policy

B. to see how many times users log in to the ScreenOS device

C. to count the total number of bytes of traffic for that policy

D. to see if the policy is temporarily not being used

Given the following output, what do you know about this session?

id /s01,vsys 0,flag 18200450/4004/0083,policy 10,time 5, dip 0 module 0 if 14(nspflag 0905):10.10.10.10/51112->8.8.8.8/443,6,000000000000,sess token 44,vlan 990,tun 0,vsd 0,route 315,wsf 0 if 8(nspflag 0904):10.10.10.10/51112<-8.8.8.8/443,6,000000000000,sess token 36,vlan 991,tun 0,vsd 0,route 293,wsf 0

A. The session was denied by policy ID 10.

B. The session was permitted by policy ID 10.

C. The protocol used for this session is UDP protocol 6.

D. This session has already timed out and is pending cleanup out of the session table.

The master device in an NSRP cluster experiences an interface failure on a monitored interface. By default, what happens as a result of this failure?

A. The device enters the Inoperable state.

B. The device enters the IntFailure state.

C. The device's NSRP priority is reduced by 255.

D. The device's NSRP priority is reduced to 10 less than the primary backup.