You are the administrator of a NetScreen 5GT. For troubleshooting purposes, you must be able to ping untrusted interfaces.
Referring to the exhibit, how do you enable ping for interface eth2?
ns5gt-> get int eth2
number 8, if_info 704, if_index 0, mode route
link up, phy-link up/full-duplex
status change:7, last change:09/26/2012 23:08:22
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 188.8.131.52/30 mac 0014.f693.edc8
*manage ip 184.108.40.206, mac 0014.f693.edc8
ping disabled, telnet enabled, SSH disabled, SNMP disabled web enabled, ident-reset disabled, SSL disabled DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0 OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled PIM: not configured IGMP not configured
MLD not configured
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps] configured ingress mbw 0kbps,
current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled at interface level
A. ns5gt-> unset int eth2 manage-ip ping
B. ns5gt-> set int eth2 manage ping
C. ns5gt-> enable int eth2 manage ping
D. ns5gt-> set int eth2 manage-ip ping
Referring to the exhibit, which three statements are true? (Choose three.)
NS5200(M)-> get nsrp
nsrp version: 2.0
cluster iD. 1, namE. 5200
local unit iD. 8000208
active units discovereD.
index: 0, unit iD. 8014208, ctrl maC. 0010db000085, data maC.
index: 1, unit iD. 8337344, ctrl maC. 0010db0000c5, data maC.
total number of units: 2
VSD group info:
init hold timE. 5
heartbeat lost thresholD. 3
heartbeat interval: 200(ms)
master always exist: enabled
group priority preempt holddown inelig master PB other members 0 50 yes 45 no myself 8330044
total number of vsd groups: 1
Total iteration= ,time=878546093,max=4900,min=170,average=18 RTO mirror info:
“FirstTest, FirstPass” – www.lead2pass.com 18
Juniper JN0-533 Exam
run time object synC. enabled
ping session synC. enabled
coldstart sync done
nsrp data packet forwarding is enabled
nsrp link info:
control channel: ha1 (ifnum: 5) maC. 0010db000085 statE. up data channel: ha2 (ifnum: 6) maC.
0010db000086 statE. up
ha secondary path link not available
NSRP encryption: disabled
NSRP authentication: disabled
device based nsrp monitoring thresholD. 255, weighted sum: 0, not failed
device based nsrp monitor interfacE. ethernet2/1(weight 255, UP) ethernet2/3(weight 255, UP)
ethernet2/4(weight 255, UP) ethernet2/5(weight 255, UP)
ethernet2/2(weight 255, UP)
device based nsrp monitor zonE.
device based nsrp track ip: (weight: 255, disabled)
number of gratuitous arps: 4 (default)
config synC. enabled
track ip: disabled
A. This cluster is configured as an active/active cluster.
B. RTO sync is enabled.
C. No secondary path is configured.
D. master-always-exists is enabled.
E. Only one interface is used for both the control and data links.
A host in the untrust zone sends 1000 SYN packets in a single second to a host in your trust zone destined for port 80. Referring to the exhibit, which statement describes the behavior of the ScreenOS device?
ssg5-> get conf | include syn
set zone untrust screen syn-flood attack-threshold 625
set zone untrust screen syn-flood alarm-threshold 250
set zone untrust screen syn-flood timeout 20
set zone untrust screen syn-flood queue-size 1000
set zone untrust screen syn-flood
set flow syn-proxy syn-cookie
A. It will maintain this state for all 1000 connection attempts.
B. It will begin to drop the SYN packets.
C. It will block further connection attempts from this host for 20 seconds.
D. It will reply with SYN-ACK packets.
The exhibit displays output from the event log of a ScreenOS device. Given the information shown in the exhibit, which two statements are correct? (Choose two.)
A. The VPN initiator is sending a proxy ID of:
local: 10.20.1.0/24 remote:10.204.1.0/24
B. The VPN contains a proxy ID mismatch.
C. Phase 2 negotiations completed successfully.
D. Phase 1 negotiations completed successfully.
You have lost the admin user password for your NetScreen device. No other user accounts are configured on the device. How would you access the CLI?
A. Log in on the console using the secret name “recovery” and password “netscreen”.
B. Send a break to the console during the boot process and modify the configuration registers.
C. Log in on the console using the serial number as the username and password.
D. Log in on the console using the secret name “recovery” and the serial number as the password.
Referring to the output shown in the exhibit, which NAT configuration is being used?
A. interface-based NAT
C. source-based NAT
You can see packet originally aimed at 220.127.116.11 and then the destination changes to 192.168.1.4
User1 wants to create the policy in the ScreenOS device, but is not successful.
Referring to the exhibit, what is the problem?
set admin name “admin”
set admin password “nOsYMqrbAs/McFsJrs6HwcIt3AF6yn”
set admin user “User1” password “nLZwKErINPPCcphC6sFMXrJ” privilege “read-only”
set admin port 8080
set admin access attempts 5
set admin access lock-on-failure 5
set admin auth web timeout 10
set admin auth server “Local”
A. The User1 account has been suspended.
B. User1 does not have any account in this device.
C. User1 logged in to the device with wrong port.
D. User1 does not have the proper permission to create a policy.
You have the following BGP configuration in place to establish a session with a remote peer over your ethernet4 interface.
set vrouter trust-vr protocol bgp 65000
set vrouter trust-vr protocol bgp enable
set vrouter trust-vr protocol bgp neighbor remote-as 65500
set vrouter trust-vr protocol bgp neighbor enable
Which additional statement is necessary to establish the session?
A. set interface protocol bgp enable
B. set interface ethernet4 bgp enable
C. set vrouter trust-vr protocol bgp interface ethernet4
D. set interface ethernet4 protocol bgp
You want to ensure that the ScreenOS device sends alert data to notify the security operation center. Which three log destinations would you set to accomplish your objective? (Choose three.)
You are creating a DIP pool of 30 addresses. You would like to see how addresses are being allocated to different traffic streams. Which command will you use to view this information?
B. get dip all
C. get session
D. get address xlate