Professional Documents
Culture Documents
JN0-570 Juniper Networks Certified Internet Specialist, SSL (JNCIS-SSL)
JN0-570 Juniper Networks Certified Internet Specialist, SSL (JNCIS-SSL)
Version 3.1
JN0-520
-2-
JN0-520
QUESTION NO: 1
Which two configuration elements are part of a Host Checker policy? (Choose two.)
A. Policy Rule
B. Remediation settings
C. Role restriction
D. Role mapping
Answer: A,B
QUESTION NO: 2
Exhibit:
You work as a network administrator at TestKing.com. You study the exhibit carefully.
Referring to the exhibit, which authentication realm will be available to the user?
A. LDAP Realm
B. Users
C. ALL
D. Users and LDAP Realm
Answer: B
QUESTION NO: 3
You are the VS administrator for your IVS and are having issues contacting a backend LDAP server. Which
tools are available from the administrative UI to troubleshoot this issue?
-3-
JN0-520
Answer: A
QUESTION NO: 4
Which two proxy scenarios are supported by Network connect when split tunneling is disabled? (Choose two.)
Answer: A,B
QUESTION NO: 5
What are three reasons for using certificates? (Choose three.)
A. Role Mapping
B. Profile Assignment
C. Policy Assignment
D. User Authentication
E. Server Authentication
Answer: A,D,E
QUESTION NO: 6
Which statement accurately describes resource profiles?
Answer: B
QUESTION NO: 7
Which statement is true about password mediation?
A. To enable password mediation for LDAP, you must specify valid administrator credentials and specify the
correct LDAP server type
B. With password mediation enabled, if a user logs in to the IVE with an LDAP password that is about to
expire, the user is redirected to a mediation server
-4-
JN0-520
C. Password mediation to an LDAP server is possible only if the LDAP server supports RFC 2195 password
handling
D. Password mediation is only available for LDAP authentication
Answer: A
QUESTION NO: 8
When conducting meetings with Secure Meeting, your users frequently complain about jitter in the video
presentation. How might you attempt to improve performance?
A. Enable the Secure Meeting acceleration feature with the optional license upgrade
B. Ensure that image compression is enabled on the IVE device's Secure Meeting configuration page
C. Ensure that 32-bit presentations mode is not enabled on the IVE device's Secure Meeting configuration page
D. Limit the presentation video size to 800x600 resolution on the IVE device's Secure Meeting configuration
page
Answer: C
QUESTION NO: 9
You are the owner of a small ISP and you would like to lease IVE device access to several of your customers.
You own only one SA 6000. What are two reasons to create an IVS for each subscriber? (Choose two.)
A. All VS admins can be virtually separated using virtual IP addresses and VLAN tagging
B. All VS admins can troubleshoot their virtual system using tools such as TCP dump and traceroute
C. All VS admins can create their own roles and realms that are separate from the other virtual systems
D. All VS admins can upgrade their virtual system without affecting the other virtual systems on the device
Answer: A,C
QUESTION NO: 10
You would like Host Checker to ensure that all hosts are running antivirus software using the latest definitions.
Which feature on the IVE device allows you to monitor and verify this information?
Answer: A
-5-
JN0-520
QUESTION NO: 11
When using Secure Virtual workspace, where is the protected workspace created?
A. On a trusted server
B. On the IVE hard drive
C. On the client desktop
D. In the IVE memory
Answer: C
QUESTION NO: 12
Which statement is true about password mediation?
Answer: C
QUESTION NO: 13
Which ActiveX parameter rewrite option does the IVE support?
A. Rewrite ClassID
B. Rewrite URL
C. Rewrite cookies and headers
D. Rewrite hostname and port
Answer: B
QUESTION NO: 14
Which two statements about OCSP are true? (Choose two.)
-6-
JN0-520
Answer: A,B
QUESTION NO: 15
Which character do you use to escape characters in an attribute name?
A. {} ( Curly Braces)
B. ' (Single Quotations)
C. "" (Double quotations)
D. ` (Back tick)
Answer: A
QUESTION NO: 16
What is a factory predefined format in the IVE logging system?
Answer: D
QUESTION NO: 17
You need to present data for reporting and it must include the source IP address, destination IP Address and
length of the connection. What would be the correct log filter to obtain the information?
Answer: C
QUESTION NO: 18
After upgrading your Endpoint Security Assessment Plug-in (ESAP), you notice that several of your predefined
host checker rules are not functioning correctly. How would you resolve this issue?
-7-
JN0-520
Answer: C
QUESTION NO: 19
Which two statements are valid about support meetings? (Choose two.)
Answer: C,D
QUESTION NO: 20
Which statement is true regarding Secure Meeting?
Answer: B
QUESTION NO: 21
Which operation would you use to extract the configuration in a format that can be read by a script?
A. Config export
B. Syslog capture
C. XML export
D. SNMPv3 trap
Answer: C
QUESTION NO: 22
What are three content-types that the web compression function can properly compress? (Choose three.)
A. bin/executable (.exe)
B. Application/ms-word (.doc)
C. Application/visio (.vis)
-8-
JN0-520
D. Text/plain (.txt)
E. Text/html (.html, .htm)
Answer: B,D,E
QUESTION NO: 23
Which statement is true regarding Secure Meeting?
Answer: B
QUESTION NO: 24
You are the administrator of a large company and you will be implementing two SA 6000s for remote access.
You require high availability and a way to balance the load between thousands of users. Which scenario should
you use for your cluster?
Answer: A
QUESTION NO: 25
Which two statements about certificate-based user authentication are true? (Choose two.)
Answer: A,C
QUESTION NO: 26
When conducting meetings with Secure Meeting, your users frequently complain about jitter in the video
presentation. How might you attempt to improve performance?
-9-
JN0-520
A. Ensure that image compression is enabled on the IVE device's Secure Meeting configuration page
B. Ensure that 32-bit presentations mode is not enabled on the IVE device's Secure Meeting configuration page
C. Limit the presentation video size to 800x600 resolution on the IVE device's Secure Meeting configuration
page
D. Enable the Secure Meeting acceleration feature with the optional license upgrade
Answer: B
QUESTION NO: 27
Which three log elements are available as variables within the logging system? (Choose three.)
A. Severity
B. Result
C. Errorcode
D. Proxyip
E. Sourceip
Answer: A,B,E
QUESTION NO: 28
Which two options are available to the administrator of a secure meeting during a session? (Choose two.)
Answer: B,C
QUESTION NO: 29
Which two statements about OCSP are true? (Choose two.)
Answer: B,D
- 10 -
JN0-520
QUESTION NO: 30
You want to allow your users to change their Active Directory password on the IVE after authenticating. What
should you enable?
Answer: A
QUESTION NO: 31
What must you do to use CRLs to validate user certificates?
Answer: D
QUESTION NO: 32
When configuring a SAML single Sign-on (SSO) policy, what are the two communication methods you can use
to communicate with the SAML server? (Choose two.)
A. Push
B. Pull
C. Artifact
D. Post
Answer: C,D
QUESTION NO: 33
What are three functions of a resource profile? (Choose three.)
A. It creates bookmarks
B. It maps users to roles based on resource names
C. It specifies resources
D. It restricts access to resources based on authentication policies
E. It specifies access based on user roles
- 11 -
JN0-520
Answer: A,C,E
QUESTION NO: 34
Which three statements about role mapping are true? ( Choose three.)
Answer: A,C,E
QUESTION NO: 35
Which statement about PKI is true?
Answer: D
QUESTION NO: 36
You would like to configure your IVE device to provide a secure area for user access where all data is removed
when the session is terminated. Which component of the Juniper Endpoint Defense initiative provides this
functionality?
Answer: B
QUESTION NO: 37
You have two SA 4000s that you would like to run in a cluster. You have a small number of users accessing the
device and you want to ensure that these users do not lose a connection in the event that one device goes down.
How should you set up your cluster?
- 12 -
JN0-520
A. Place each device in a different network and set your cluster to active/active
B. Place your devices in the same LAN, set your cluster to active/active and ensure that you have a front-end
load balancer
C. Place both devices behind a front-end load balancer and set your cluster to active/passive
D. Place the both devices in the same LAN and set your cluster to active/passive
Answer: D
QUESTION NO: 38
What are three ways that the installer Service can be deployed and installed? (Choose three.)
Answer: A,B,D
QUESTION NO: 39
What are two steps to configure and enable a second server certificate for use with a new sign-in URL? (Choose
two.)
A. Modify the sing-in page for the new sign-in URL to designate that it will use the new server certificate
B. Modify the IVE device's new server certificate entry to designate that it will be presented on a new virtual
port
C. Create a virtual port for the IP Address which resolves to the fully qualified domain name of the new URL
D. From the IVE device's server certificates pages, edit the proprieties of the existing certificate to duplicate it
for use with the new URL
Answer: B,C
QUESTION NO: 40
What are three components of the administrative console that a delegated administrator can manage? (Choose
three.)
A. Troubleshooting
B. Administrative Roles
C. Administrative Realms
D. User Roles
E. Resource profiles
- 13 -
JN0-520
Answer: A,D,E
QUESTION NO: 41
Which three are provided by the WSAM scriptable launcher? (Choose three.)
Answer: A,B,C
QUESTION NO: 42
Where do you create a custom expression in the IVE platform?
A. Sign-in policies
B. Authentication server attributes
C. Authentication policy
D. Server catalog
Answer: D
QUESTION NO: 43
What are three benefits that log files provide? (Choose three.)
Answer: B,D,E
QUESTION NO: 44
Exhibit:
- 14 -
JN0-520
You work as a network administrator at TestKing.com. You study the exhibit carefully. Which types of log is
shown in the exhibit?
A. Events
B. User Access
C. Admin Access
D. Client
Answer: D
QUESTION NO: 45
How can a user obtain an eTrust SiteMinder SMSESSION cookie?
Answer: C
QUESTION NO: 46
Which series of steps describes the appropriate method for upgrading an active/active cluster?
Answer: A
- 15 -
JN0-520
QUESTION NO: 47
Which custom expression would allow users to login only during business hours (8:00AM to 5:00PM, Monday
through Friday)
Answer: D
QUESTION NO: 48
The installer Service can install which three components on a PC? (Choose three.)
A. NC
B. A newer version for installer Service
C. Custom Java applet
D. WSAM
E. JSAM
Answer: A,B,D
QUESTION NO: 49
By default, the IVE device maintains a list of trusted root CAs and possible chains installed on the device. The
list of installed certificates mirrors which operating system and browser?
Answer: B
QUESTION NO: 50
You are creating a custom rule based on registry settings on a Windows system. After creating the registry
subkey "\Control Panel\Desktop", you must enter the key name. What is the correct format for the name field?
A. CorrectKeyName
B. \CorrectKeyName\
C. \CorrectKeyName\*
D. \CorrectKeyName
- 16 -
JN0-520
Answer: A
QUESTION NO: 51
You want to allow your users to have a personal meeting URL based on their username from which they can
create meetings on demand. Which feature would you configure?
A. Personal Meeting
B. MeetMeNow
C. Secure Meeting
D. MySecureMeeting
Answer: D
QUESTION NO: 52
Which two elements do detailed resource policy rules contain? (Choose two.)
A. Action
B. Role
C. Resources
D. Rule Name
Answer: A,C
QUESTION NO: 53
Which condition in a resource policy rule properly expresses that Cache Cleaner is disabled?
A. cacheCleanerStatus=0
B. cacheCleanerStatus=Null
C. cacheCleanerStatus=None
D. cacheCleanerStatus=False
Answer: A
QUESTION NO: 54
Which statement about cache cleaner is true?
- 17 -
JN0-520
D. Cache cleaner may delete usernames, passwords and web addresses that users enter in web forms
Answer: D
QUESTION NO: 55
What are two advantages of using Central Manager for cluster management? (Choose two.)
Answer: C,D
QUESTION NO: 56
What must b specified by the root administrator for Network connect to be used on a virtual system?
A. The number of allocated users on the virtual system must not exceed the number of Network Connect users
on the system
B. The VLAN tagging must be associated to the correct VS
C. The IP address pools must be specified by the root administrator before they can be specified on a virtual
system
D. The virtual port must be associated to the correct VS
Answer: C
QUESTION NO: 57
Which two are valid regarding the deployment of an active/active cluster? (Choose two.)
Answer: B,C
QUESTION NO: 58
To which three items can you control access using Secure Virtual Workspace (SVW)? (Choose three.)
A. Removable drives
- 18 -
JN0-520
B. Printers
C. Web Sites
D. Linux servers
E. Network shares
Answer: A,B,E
QUESTION NO: 59
Which two options must be configured when using session start scripts, session end scripts or both in a
Windows environment? (Choose two.)
Answer: C,D
QUESTION NO: 60
You decide to use virus signature version monitoring to ensure that all user PCs have the latest virus definitions
installed. Which three settings must be configured to maintain this functionality? ( Choose three.)
A. Download path
B. Staging site authentication credentials
C. Predefined antivirus rule name
D. Download interval
E. Download version
Answer: A,B,D
QUESTION NO: 61
You have configured your IVE device to use OCSP for certificate validation. Which statement is true?
A. The IVE device will use OCSP to download and validate the CA certificate
B. The IVE device will validate certificates with the OCSP server on an on-demand basis
C. The IVE device will download the CRL from the OCSP server
D. The IVE device will periodically check user certificates with the OCSP server
Answer: B
- 19 -
JN0-520
QUESTION NO: 62
When configuring a realm to require multiple sing-in credentials, which three are valid secondary authentication
methods? ( Choose three. )
A. Netegrity
B. Client Certificate
C. RADIUS
D. LDAP
E. Activate Directory
Answer: C,D,E
QUESTION NO: 63
Which two statements about Endpoint Security Assessment Plug-in (ESAP) are true? ( Choose two.)
A. The plug-in can be upgraded independently of the IVE system software package
B. The plug-in is concluded in the IVE system software package
C. The plug-in can be configured to monitor that the virus definitions on the clint are up to date
D. The plug-in can be automatically imported from the Juniper Networks staging site
Answer: A,B
QUESTION NO: 64
To perform checks on your UNIX hosts. Which three options are available for host evaluation? (Choose three.)
A. Processes
B. Client-Side Permission
C. Integrated third-party security products
D. Files
E. Ports
Answer: A,D,E
QUESTION NO: 65
TestKing.com is rolling out Secure Meeting to assist the helpdesk in troubleshooting desktop issues. Which
type of meeting should you enable on the SSL VPN?
A. Technical Meeting
B. Instant Meeting
C. Support Meeting
D. Scheduled meeting
- 20 -
JN0-520
Answer: C
QUESTION NO: 66
What will allow a user to automatically log in to network connect using the standalone launcher?
Answer: D
QUESTION NO: 67
You want to create access for a new administrator who will be able to create Web bookmarks only for a specific
role. Which three steps should you take? (Choose three.)
A. Select "Custom Settings" and choose "write" under web access for the specified role
B. Add the role under role mapping rules
C. Add the realm under your existing sign-in policy
D. For the specified role, enable full web access and disable everything else
E. For the specified realm, enable "write" access under custom settings for web access
Answer: A,B,C
QUESTION NO: 68
What are three components of the administrative console that a delegated administrator can manage? (Choose
three.)
A. User Roles
B. Administrative Roles
C. Troubleshooting
D. Administrative Realms
E. Resource profiles
Answer: A,C,E
QUESTION NO: 69
.Why would you create a virtual port on your IVE device?
- 21 -
JN0-520
Answer: A
QUESTION NO: 70
What is required for a user to connect to a secure meeting?
Answer: C
QUESTION NO: 71
Which Single Sign-on (SSO) policy relies on the IVE domain name?
A. Headers/Cookies
B. Form Post
C. Basic Auth/NTLM
D. SAML
Answer: C
QUESTION NO: 72
You are using the scriptable WSAM launcher to access the network. You want to include the URL in the script
that you will be launching. Which switch should you use in the command?
A. -u
B. -p
C. -r
D. -rul
Answer: D
QUESTION NO: 73
- 22 -
JN0-520
Which three configuration elements can you use to apply a Host Checker policy to a client session? ( Choose
three. )
A. Authentication Policy
B. Role mapping Rule
C. Resource Policy
D. Resource Restriction
E. Sign-in Policy
Answer: A,B,C
QUESTION NO: 74
TestKing.com wants to use an SA device to front-end its intranet and block access to its Wiki, but also provide
access to sites like Google, Yahoo and MSN. Which two settings must be configured to support this scenario?
(Choose two.)
A. Selective rewrite
B. Passthrough proxy
C. Web Access Control Policies
D. DNS
Answer: C,D
QUESTION NO: 75
Which three client endpoint agents can produce and auto-upload logs when configured to do so? (Choose three.)
A. Terminal Services
B. Meetings
C. Host Checker
D. Advanced Endpoint Defense
E. Installer Service
Answer: A,B,C
QUESTION NO: 76
What should you do when you need to create a meeting on demand to troubleshoot a client issue?
- 23 -
JN0-520
Answer: D
QUESTION NO: 77
Which statement is correct regarding the configuration of a backup device in an active/passive cluster?
Answer: C
QUESTION NO: 78
Which Host Checker feature uses a software module running on the IVE device to validate an endpoints
compliance?
Answer: A
QUESTION NO: 79
Which two types of meetings can you enable at the role level? (Choose two.)
A. Technical Meeting
B. Troubleshooting Meeting
C. Scheduled Meeting
D. Support Meeting
Answer: C,D
- 24 -