Exam Name: Exam Type: Exam Code:

AC Associate (JNCIA-AC) Juniper JN0-141

Total Questions:

114

Question: 1 Which three statements are true about Host Checker? (Choose three.) A. Host Checker can collect information for use with MAC authentication. B. Host Checker can modify a role assignment immediately if a policy fails. C. Host Checker can be invoked before a user is allowed to sign in to the Infranet Controller. D. The Host Checker Integrity Measurement Verifier (IMV) works only with Odyssey Access Client. E. The Host Checker Integrity Measurement Collector (IMC) can run on Windows, Mac, and Linux systems. Answer: B, C, E Question: 2 What are two ScreenOS commands you can run on the overlay enforcer to troubleshoot communication with the Infranet Controller? (Choose two.) A. get event B. get controller status C. get auth table infranet D. exec infranet controller connect Answer: A, D

Answer: A

Question: 4 A user is authenticating to the Infranet Controller with username "fin-jdoe" in a realm with "Merge settings for all assigned roles" selected. The rule mapping rules are as follows: username="*" -> Employee Stop username="fin-*" -> Finance Stop What will be the resulting role(s) assigned to this user? A. User will be assigned the Finance role only. B. User will be assigned the Employee role only. C. User will be assigned both the Employee role and Finance role. D. User will be presented with the option of selecting either the Employee role or Finance role. Answer: B Question: 5 You have decided to use outer RADIUS proxy for your 802.1X UAC implementation. Which statement is true? A. Outer proxy allows for the use of any external authentication server.

Page 1 of 24

Be

IT

A. EAP-SOH B. EAP-JUAC C. EAP-MS-CHAP-V2 D. EAP-Generic Token Card

er

tif

Question: 3 You have configured the PEAP-based 802.1X authentication protocol set shown below. EAP-MS-CHAP-V2 EAP-JUAC EAP-SOH EAP-Generic Token Card Which protocol will be offered first?

ie d

.c

om

Exam Name: Exam Type: Exam Code:

AC Associate (JNCIA-AC) Juniper JN0-141

Total Questions:

114

B. Communication between the supplicant and the external authentication server is encrpyted end-to-end. C. The Infranet Controller adds the authenticator configuration attributes to the messages sent from the external authentication server to the authenticator. D. The Infranet Controller authenticates the end user, then relays the information to the external authentication server to retrieve the authenticator configuration attributes. Answer: B Question: 6 Which two elements of the access management framework can be used to ensure an endpoint meets security requirements? (Choose two.) A. role restriction B. authentication realm C. network access policy D. resource access policy Answer: A, B

Answer: B, C

Question: 9 Which three tools would you use to troubleshoot user interaction problems? (Choose three.) A. policy trace B. RADIUS diagnostic log C. overlay enforcer event log D. Infranet Controller event log E. reachability testing (for example, traceroute) Answer: A, B, D Question: 10

Page 2 of 24

Be

A. To assign a user to a role based on whether the user's antivirus is running. B. To require an acceptable level of browser encryption before a user logs in. C. To prevent a user from entering the user's credentials if a keystroke logger is present. D. To prevent a user from accessing resources if the user's endpoint is not running the authorized OS.

IT

Question: 8 What are two reasons for using a realm-level Host Checker restriction? (Choose two.)

er

Answer: B, C, E

tif

A. group B. browser C. certificate D. password E. source IP

ie d

.c

Question: 7 Which three options are valid role restrictions? (Choose three.)

om

Exam Name: Exam Type: Exam Code:

AC Associate (JNCIA-AC) Juniper JN0-141

Total Questions:

114

At which point in the enforcement process does the enforcer allow an endpoint to access a protected resource? A. immediately upon attempting to access the protected resource B. when a matching entry for the enforcer is found in the auth table C. immediately after the end user authenticates to the Infranet Controller D. after the Infranet Controller provides endpoint information for the auth table Answer: D Question: 11 What can be specified by a network access policy? A. IPsec tunnel endpoint B. port VLAN assignment C. permitted IP destinations D. permitted MAC addresses Answer: B

Answer: D

Answer: C

Question: 14 What are three settings you can configure in a realm? (Choose three.) A. IPsec routing policy B. authentication policy C. RADIUS attribute policy D. dynamic policy evaluation E. Host Checker access restriction Answer: B, D, E Question: 15 Which two statements are true about applying Host Checker at the role level?(Choose two.)

Page 3 of 24

Be

A. VLAN ID B. Hostname C. Domain name D. Administrative timeout

IT

Question: 13 Which configuration option can be set either in the initial console menu or the Admin UI of the Infranet Controller?

er

tif

A. Statement of Health rule options B. virus signature version monitoring C. patch management info monitoring D. predefined antivirus integrity checks

ie d

.c

Question: 12 Which element is updated by the Endpoint Security Assessment Plug-In (ESAP)?

om

Exam Name: Exam Type: Exam Code:

AC Associate (JNCIA-AC) Juniper JN0-141

Total Questions:

114

A. The Infranet Controller can reassign roles immediately if a Host Checker policy result changes. B. The Infranet Controller concatenates all Host Checker policies for all roles, then evaluates the policies. C. By default, an endpoint must pass all Host Checker policies associated with a role to be assigned the role. D. Host Checker runs after the Infranet Controller has determined the list of possible roles based on role mapping rules. Answer: A, C Question: 16 What are three steps in the initial console configuration of the Infranet Controller? (Choose three.) A. Install license. B. Configure interface. C. Complete initial boot. D. Create user accounts. E. Create self-signed certificate. Answer: B, C, E Question: 17 When is it necessary to use the Odyssey Access Client?

Answer: D

Question: 19 Which statement is true about the operation of the overlay enforcer? A. It assigns users a set of roles. B. It enforces resource access policies. C. It verifies whether an endpoint meets security requirements. D. It configures the UAC agent to allow or deny access to resources. Answer: B Question: 20 Which three authentication servers does the Infranet Controller support? (Choose three.) A. RADIUS
Page 4 of 24

Be

A. You must have installed the device-specific licenses. B. You must have an active Juniper Networks support account. C. You must have installed the CA-generated Infranet Controller certificate. D. You must have downloaded the service package to the administrator workstation.

IT

Question: 18 What is a prerequisite when you upgrade an Infranet Controller?

er

Answer: D

tif

A. to perform overlay enforcement B. to enable 802.1X support on the endpoint C. to communicate with the Infranet Controller D. to build an IPsec tunnel between endpoint and enforcer

ie d

.c

om