JN0-740 Online Practice Questions and Answers

By default, from which hardware component is the startup copy of the ScreenOS loaded?

A. NVRAM

B. TFTP server

C. internal flash

D. PCMCIA card

An Access Policy must contain which three (3) items?

A. Service

B. Authentication

C. Source address

D. Firewall settings

E. Action (permit, deny, tunnel)

Which ScreenOS WebUI button reorders policies?

A. Shift

B. Move

C. Reorder

D. Transfer

Place the configuration steps for NAT-dst in the recommended order: 1)Configurepolicy 2)Configureroute or secondary address on internal interface 3)Configureaddress book entry for public address

A. 1,2,3

B. 1,3,2

C. 2,3,1

D. 3,1,2

E. 3,2,1

Using the information below, what is the recommended order for configuring NAT-dst? 1)Configurepolicy 2)Configureroute or secondary address on internal interface 3)Configureaddress book entry for public address

A. 1,2,3

B. 1,3,2

C. 2,3,1

D. 3,1,2

E. 3,2,1

Which two statements are accurate about tunnel mode? (Choose two.)

A. In tunnel mode the IPSec header precedes the original IP header.

B. Tunnel mode is required in IPSec networks where ESP packets are used.

C. Tunnel mode is the default mode of operation for IPSec in ScreenOS devices.

D. Tunnel mode can only be used when operating between IPSec security gateways.

You have created a route-based VPN in your ScreenOS device. When the remote device tries to connect

you see the following message in your event log:

No policy exists for the proxy id received.

Which two would cause this to occur? (Choose two.)

A. a proxy-id conflict

B. an unbound tunnel interface

C. the remote device is a policy-based VPN

D. the tunnel interface is configured in a different zone than the physical interface

-- Exhibit -

-- Exhibit -Click the Exhibit button.

In the exhibit, what is the correct command to configure a default route on the SSG 20?

A. set route 0.0.0.0/0 vrouter untrust

B. set route 0.0.0.0/0 interface e0/4 gateway 143.45.56.254

C. set route 0.0.0.0/0 interface e0/4 next-hop 143.45.56.254

D. set route 0.0.0.0/0 interface 143.45.56.1 gate 143.45.56.254

-- Exhibit -

-- Exhibit -Click the Exhibit button.

In the exhibit, if you configure NAT-src on interface e0/4, and specify a DIP with address 143.45.56.31,

which address will be used as the outbound source address of packets destined for the Internet?

A. 143.45.56.1

B. 143.45.56.31

C. 143.45.56.254

D. the original source address

-- Exhibit -

-- Exhibit -Click the Exhibit button to view the exhibit. Review the exhibit. You need to make a bidirectional gateway between the 5XT and the 208. What

gateway address will you configure on the 208 for the VPN?

A. 10.0.0.1

B. 20.0.0.1

C. 1.1.1.250

D. 4.4.4.250