FWV, Specialist (JNCIS-FWV)
Question No: 31
What is the purpose of a virtual system profile?
to limit virtual system access
to limit virtual system resources
to limit the number of virtual system interfaces
to limit the number of VPNs
Question No: 32
– Exhibit –
set admin name quot;adminquot;
set admin password quot;nOsYMqrbAs/McFsJrs6HwcIt3AF6ynquot;
set admin user quot;User1quot; password quot;nLZwKErINPPCcphC6sFMXrJquot; privilege quot;read-onlyquot; set admin port 8080
set admin access attempts 5
set admin access lock-on-failure 5 set admin auth web timeout 10 set admin auth server quot;Localquot;
– Exhibit –
User1 wants to create the policy in the ScreenOS device, but is not successful. Referring to the exhibit, what is the problem?
The User1 account has been suspended.
User1 does not have any account in this device.
User1 logged in to the device with wrong port.
User1 does not have the proper permission to create a policy.
Question No: 33
You are configuring a VPN with IKE between headquarters and a branch office that uses a dynamic public IP address. Which IKE mode should you use?
Question No: 34
You have configured integrated Web filtering in the ScreenOS software. You find that users trying to access http://www.example.com are being blocked by your Web-filtering configuration. However, you want all users to be able to access this Web site.
What are two methods to allow this traffic? (Choose two.)
Configure an SC-CPA exception for the URL.
Configure the URL as part of a custom category and allow requests in that category.
Configure the URL as part of the blacklist.
Configure the URL as part of the whitelist.
Question No: 35
Click the Exhibit button.
In the network shown in the exhibit, you have been asked to enable users in the Untrust zone to contact Server1 on TCP port 80 using IP address 126.96.36.199. You also need to allow Server1 to make connections to hosts in the Untrust zone. When Server1 makes connections to the Untrust zone, the source address of its traffic should be translated to 188.8.131.52.
What would you use to configure this behavior?
Question No: 36
– Exhibit – NS5200(M)-gt; get nsrp nsrp version: 2.0 cluster info:
cluster iD.1, namE.5200 local unit iD.8000208 active units discovereD.
index: 0, unit iD.8014208, ctrl maC.0010db000085, data maC.0010db000086 index: 1, unit iD.8337344, ctrl maC.0010db0000c5, data maC.0010db0000c6 total number of units: 2
VSD group info: init hold timE.5
heartbeat lost thresholD.3 heartbeat interval: 200(ms)
master always exist: enabled
group priority preempt holddown inelig master PB other members 0 50 yes 45 no myself 8330044
total number of vsd groups: 1
Total iteration= ,time=878546093,max=4900,min=170,average=18 RTO mirror info:
run time object synC.enabled ping session synC.enabled coldstart sync done
nsrp data packet forwarding is enabled nsrp link info:
control channel: ha1 (ifnum: 5) maC.0010db000085 statE.up data channel: ha2 (ifnum: 6) maC.0010db000086 statE.up ha secondary path link not available
NSRP encryption: disabled NSRP authentication: disabled
device based nsrp monitoring thresholD.255, weighted sum: 0, not failed
device based nsrp monitor interfacE.ethernet2/1(weight 255, UP) ethernet2/3(weight 255, UP) ethernet2/4(weight 255, UP) ethernet2/5(weight 255, UP) ethernet2/2(weight 255, UP)
device based nsrp monitor zonE.
device based nsrp track ip: (weight: 255, disabled) number of gratuitous arps: 4 (default)
config synC.enabled track ip: disabled
– Exhibit –
Referring to the exhibit, which three statements are true? (Choose three.)
This cluster is configured as an active/active cluster.
RTO sync is enabled.
No secondary path is configured.
master-always-exists is enabled.
Only one interface is used for both the control and data links.
Question No: 37
You have configured a single-port VIP to forward HTTP traffic from the untrust interface on your ScreenOS device to an internal Web server. You have configured a policy to allow thistraffic. Traffic from the untrust interface that matches this policy is unable to connect to the Web server.What is a solution to this problem?
You must reboot the ScreenOS device for the VIP to become active.
You must ensure the ScreenOS device has a route to the Web server.
You must ensure the Web server is directly connected to the ScreenOS device.
You must save the ScreenOS device configuration for the VIP to become active.
Question No: 38
You have created a site-to-site IPsec VPN between two devices. You want to keep the tunnel up at all times, even when no user traffic is using it.Which two configuration additions will accomplish this goal? (Choose two.)
set vpn quot;RemoteVPNquot; monitor source-interface ethernet0/1 destination-ip
set vpn quot;RemoteVPNquot; monitor source-interface ethernet0/1 destination-ip rekey
set vpn quot;RemoteVPNquot; monitor source-interface ethernet0/1 destination-ip keepalive
set vpn quot;RemoteVPNquot; monitor source-interface ethernet0/1 destination-ip rekey optimized
Question No: 39
What are two routing tables contained in a virtual router? (Choose two.)
Question No: 40
Policy-based routing (PBR) policies can be bound to which three ScreenOS objects? (Choose three.)
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|