JN0-532 test quesitons
http://www.passguide.com/jn0-532.html
Question: 1
You have created a VPN to a dynamic peer. Which two configured parameters must match?
(Choose two.)
A. static side peer-id
B. dynamic side local-id
C. static side IP address
D. dynamic side IP address
Answer: A, B Question: 2
Which three events would cause ScreenOS devices to generate SNMP traps? (Choose three.)
A. cold starts
B. traffic alarms C. warm reboots D. self log events
E. traffic log events
Answer: A, B, C Question: 3
Which command shows the filter applied to snoop captures?
A. get snoop B. snoop info C. get ffilter
D. get ffilter ip-proto snoop
Answer: B Question: 4
Review the exhibit.
Based on the exhibit, which of the following statements is true about this OSPF configuration?
Page 1 of 47
Exam Name: FWV, Specialist (JNCIS -FWV)
Exam Type: Juniper
Exam Code: JN0-532 Total Questions 146
A. The neighbor device has been selected as the DR.
B. The OSPF neighbor’s IP address is 10.50.1.1.
C. OSPF hellos are going to the wrong multicast address.
D. The neighbor relationship between the two devices cannot be established.
Answer: A Question: 5
A VPN tunnel uses certificates for site-to-site authentication. Phase 1 is failing when the receiving device attempts to validate the received certificate. What would be causing this problem?
A. The device certificate has been revoked.
B. The CA certificate does not include the device certificate.
C. The device certificate has a CDP extension, making it invalid.
D. The device certificate was generated before the CRL was downloaded, so it cannot be validated.
Answer: A Question: 6
You have entered the following BGP configuration:
set vrouter trust-vr bgp 65530
set vrouter trust-vr bgp enable
set vrouter trust-vr protocol bgp neighbor 1.1.1.250
remote-as 65500
set vrouter trust-vr protocol bgp neighbor 1.2.3.250
remote-as 65280 BGP is not working.
What two elements are missing from your configuration? (Choose two.)
A. You have not enabled the BGP peers. B. You have not enabled EBGP multihop.
C. You have not placed the peers in a BGP peer group.
D. You have not enabled BGP on the interfaces connecting to the peers.
Page 2 of 47
Exam Name: FWV, Specialist (JNCIS -FWV)
Exam Type: Juniper
Exam Code: JN0-532 Total Questions 146
Answer: A, D
Question: 7
Which ScreenOS CLI command(s) allow(s) for redistribution of type 1-3 LSAs?
A. set ospf export route external
B. set match route-type internal-ospf
C. set redistribute ospf lsa 1 set redistribute ospf lsa 2 set redistribute ospf lsa 3
D. set protocol ospf lsa 1 redistribute set protocol ospf lsa 2 redistribute set protocol ospf lsa 3 redistribute
Answer: B Question: 8
When enabling OSPF over a hub and spoke VPN, what must you configure on the hub device
tunnel interface to allow spokes to receive routing updates?
A. point to multipoint
B. disable split-horizon
C. enable demand circuit
D. enable passive interface
Answer: A Question: 9
What do you need to change in your IPSec VPN configuration to use certificates for authentication?
A. Replace the preshared key with the certificate name.
B. Select PFS in Phase 2, then select the certificate to be used.
C. Use a custom set of Phase 1 proposals, all beginning with rsa-. D. Use a custom set of Phase 2 proposals, all beginning with rsa-.
Answer: C Question: 10
Click the Exhibit button.
You have enabled OSPF on a device addressed as shown in the exhibit. You have not configured
a router ID. Which address will be used as the router ID?
Page 3 of 47
Exam Name: FWV, Specialist (JNCIS -FWV)
Exam Type: Juniper
Exam Code: JN0-532 Total Questions 146
A. 1.1.1.1
B. 10.1.1.1
C. 10.50.1.1
D. 192.168.1.1
Answer: C Question: 11
You have enabled RIP in a hub and spoke VPN environment, using demand circuits. You are not receiving routes from one of your spokes, although the VPN is up. When you debug RIP on the
spoke device, you see regular RIP updates being generated on the tunnel interface. You are receiving and sending routes to the rest of your spokes. What is the problem?
A. You did not disable split horizon on the spoke device.
B. You did not configure demand circuit on the spoke device.
C. You did not configure passive interface on the spoke device.
D. You did not configure a RIP neighbor for the spoke device on the hub.
Answer: B Question: 12
Which ScreenOS CLI command would be used for copying routes in the untrust-vr to OSPF in the trust-vr?
A. set vrouter trust-vr ospf export vrouter untrust-vr address to-trust
B. set vrouter untrust-vr export list to-trust vrouter trust-vr protocol ospf
C. set vrouter untrust-vr export-to vrouter trust-vr route-map to-trust protocol ospf
D. set vrouter trust-vr protocol ospf import-from vrouter untrust-vr distribute-list to-trust
Answer: C Question: 13
Click the Exhibit button.
Given the routing table in the exhibit, which interface will be used to reach the host at 10.1.20.1?
A. tunnel.1
Page 4 of 47
Exam Name: FWV, Specialist (JNCIS -FWV)
Exam Type: Juniper
Exam Code: JN0-532 Total Questions 146
B. tunnel.21
C. ethernet0/2
D. ethernet0/4
Answer: C Question: 14
Which three interface types are supported in virtual systems? (Choose three.)
A. subinterfaces
B. VPN interfaces
C. shared Interfaces
D. limited Interfaces
E. dedicated Interfaces
Answer: A, C, E Question: 15
Which two statements regarding NHTB are correct? (Choose two.)
A. If the spoke device is not a ScreenOS device, manual configuration of NHTB is required on the hub.
B. If the spoke device is not a ScreenOS device, manual configuration of NHTB is required on the spoke.
C. When configuring routing on a spoke device with one tunnel interface, the route to the tunnel interface does not require a routing gateway address.
D. When configuring routing on a hub device with one tunnel interface terminating multiple VPN
spokes, the route to the tunnel interface does not require a routing gateway address.
Answer: A, C Question: 16
Click the Exhibit button.
In the exhibit, what would correct the proxy-ID mismatch?
A. The 10.1.0.0 address book entry on the initiator needs to be changed to a 32 bit mask.
Page 5 of 47
Exam Name: FWV, Specialist (JNCIS -FWV)
Exam Type: Juniper
Exam Code: JN0-532 Total Questions 146
B. The 10.50.0.0 address book entry on the initiator needs to be changed to a 30 bit mask.
C. The 10.50.0.0 address book entry on the responder needs to be changed to a 24 bit mask.
D. The 10.50.0.0 address book entry on the responder needs to be changed to a 32 bit mask.
Answer: C Question: 17
You have implemented a hub and spoke VPN. On the hub, there are two tunnel interfaces, one to each spoke. Both tunnel interfaces are in the same zone. Which two configuration options will
control traffic between the spokes? (Choose two.)
A. Configure the common zone to block intra-zone traffic. B. Configure the common zone to block inter-zone traffic.
C. Configure each tunnel interface to block intra-zone traffic.
D. Move one of the tunnel interfaces to a different zone and create policies between the two zones.
Answer: A, D Question: 18
Which two item pairs are exchanged during Phase 2 negotiations? (Choose two.)
A. proxy-id, SA proposal list
B. IKE cookie, SA proposal list
C. hash [ID + Key], DH key exchange
D. SA proposal list, optional DH key exchange
Answer: A, D Question: 19
Which two of the following statements regarding SYSLOG are true? (Choose two.)
A. You can specify the source address of SYSLOG traffic.
B. You can specify the source interface for SYSLOG traffic.
C. You can encrypt SYSLOG traffic from within the SYSLOG configuration.
D. You can send SYSLOG messages via TCP on a per-SYSLOG server basis.
Answer: B, D
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.
