JN0-533 Online Practice Questions and Answers

Your ScreenOS device is using NAT. Which NAT function allows you to use a single IP address from an untrust zone to communicate to multiple IP addresses in a trust zone?

A. NAT-src with PAT enabled

B. NAT-dst with PAT enabled

C. NAT-src using a DIP pool with PAT enabled

D. NAT-dst using a DIP pool with PAT disabled

How is a route-based VPN different from a policy-based VPN?

A. A route-based VPN requires manual keys for encryption and authentication.

B. A route-based VPN requires static route entries for the remote peer.

C. A route-based VPN is bound to a tunnel interface.

D. A route-based VPN is bound to a loopback interface.

You have lost the admin user password for your NetScreen device. No other user accounts are configured on the device. How would you access the CLI?

A. Log in on the console using the secret name "recovery" and password "netscreen".

B. Send a break to the console during the boot process and modify the configuration registers.

C. Log in on the console using the serial number as the username and password.

D. Log in on the console using the secret name "recovery" and the serial number as the password.

A host in the untrust zone sends 1000 SYN packets in a single second to a host in your trust zone destined for port 80. Referring to the exhibit, which statement describes the behavior of the ScreenOS device?

ssg5-> get conf | include syn set zone untrust screen syn-flood attack-threshold 625 set zone untrust screen syn-flood alarm-threshold 250 set zone untrust screen syn-flood timeout 20 set zone untrust screen syn-flood queue-size 1000 set zone untrust screen syn-flood set flow syn-proxy syn-cookie

A. It will maintain this state for all 1000 connection attempts.

B. It will begin to drop the SYN packets.

C. It will block further connection attempts from this host for 20 seconds.

D. It will reply with SYN-ACK packets.

Referring to the exhibit, what does this output show?

A. the number of supported physical interfaces on the device

B. the number of supported route tables on the device

C. the number of supported VRs on the device

D. the amount of system memory on the device

On a ScreenOS device, which three processes does the task CPU handle? (Choose three.)

A. policy evaluation

B. traffic logging

C. session table clean-up

D. management services

E. broadcast packet processing

Which two statements are true regarding the route shown in the exhibit? (Choose two.)

A. 5.5.5.0/24 was configured as a source route with a next-hop IP address of 1.1.1.1 in the trust- vr.

B. 5.5.5.0/24 was configured as a destination route with a next-hop IP address of 1.1.1.1 in the trust-vr.

C. 5.5.5.0/24 was configured as a SIBR route with a next-hop IP address of 1.1.1.1 in the trust-vr.

D. 5.5.5.0/24 was configured as a permanent source route.

A monitored interface on a clustered pair of ScreenOS devices goes down and both devices became ineligible to be master of the cluster. As a result, neither device is passing traffic. Which step would have prevented this situation?

A. Configure initial hold-down time to 10 seconds.

B. Configure the preempt parameter and a higher priority on one of the devices.

C. Configure the lost heartbeat interval to 1 second.

D. Configure the master-always-exists parameter.

You are using NSRP and enable preempt on a device with a priority of 120. The other device has the default priority set. What will be the result of this action?

A. The device will become master immediately.

B. The device will only become master if the device with default priority fails.

C. The device will wait the defined holdtime period and then take over as master.

D. The device will enter a pending state until the next maintenance window and then assume the master role.

You manage a ScreenOS device. A user complains that the FTP download speed is slow. You suspect a cable or an interface might be the problem. Which command provides interface error information?

A. show counter flow interface

B. get counter flow interface

C. get counter statistics interface

D. show counter statistics interface