Juniper.BrainDump.JN0-355.v2013-03-26.by.de68hof · 3/26/2013 · LDAP authentication is currently configured for all users. You run a TCP dump during the authentication attempt

JN0-355

Number: 000-000Passing Score: 800Time Limit: 120 minFile Version: 1.0

http://www.gratisexam.com/

Vendor: Juniper

Exam Code: JN0-335

Exam Name: Junos Pulse Secure Access, Specialist (JNCIS-SA)

Sections1. Cluster2. Pulse Connection3. Administration Configuring4. HostCheck5. Troubleshooting

Exam A

QUESTION 1When adding a new cluster member, the cluster node state is indicated by a yellow radio button icon in theAdmin UI. Which cluster node state is correct?

A. The node is enabled, not accepting user requests.B. The node is transitioning.C. The node is enabled, unreachable.D. The node is disabled.

Correct Answer: BSection: ClusterExplanation

Explanation/Reference:While the new node synchronizes its state with the existing cluster member, each node’s status indicates“Enabled,” “Enabled, Transitioning,” or “Enabled, Unreachable.”

QUESTION 2What are two properties of an active/passive cluster configuration? (Choose two.)

A. Cluster VIPB. LAN clusterC. high availabilityD. WAN cluster

Correct Answer: ABSection: ClusterExplanation

Explanation/Reference:

QUESTION 3You are connected with a VPN tunnel on a wired interface and notice that your VPN session drops when youenable your wireless interface. What would cause this drop to occur?

A. split tunnelingB. route monitorC. split monitorD. route precedence

Correct Answer: B

Section: Pulse ConnectionExplanation


QUESTION 4Which Junos Pulse Secure Access Service component controls the user login URL mapping to the appropriatebackend authentication service?

A. authentication serverB. authentication realmC. resource policyD. sign-in policy

Correct Answer: DSection: Administration ConfiguringExplanation


QUESTION 5A user is mapped to two roles. The first role assigned has a maximum session length of 240 minutes. Thesecond role assigned has a maximum session length of 480 minutes. Which maximum session length inminutes will the user receive?

A. 60B. 240C. 480D. 720

Correct Answer: CSection: Administration ConfiguringExplanation



QUESTION 6

Which statement accurately describes Host Checker?

A. Host Checker is a clientless process that removes residual data, such as temporary files or applicationcaches, left on a user's machine after a Pulse Secure Access session.

B. Host Checker is a client-side agent that removes residual data, such as temporary files or applicationcaches, left on a user's machine after a Pulse Secure Access session.

C. Host Checker is a clientless process that performs endpoint health and security checks for hosts thatattempt to connect to the Pulse Secure Access Service.

D. Host Checker is a client-side agent that performs endpoint health and security checks for hosts that attemptto connect to the Pulse Secure Access Service.

Correct Answer: DSection: HostCheckExplanation


QUESTION 7Which statement is true about the MAG Series devices?

A. The MAG2600, MAG4610, MAG6610, and MAG6611 have fixed configurations.B. The MAG2600, MAG4610, MAG6610, and MAG6611 have modular configurations.C. The MAG2600 and MAG4610 have fixed configurations and the MAG6610 and MAG6611 have modular

configurations.D. The MAG2600 and MAG4610 have modular configurations and the MAG6610 and MAG6611 have fixed

configurations.



QUESTION 8You have configured VPN Tunneling using Junos Pulse with minimal components and deployed it to youremployees. You decide to configure a Host Checker policy for your employees and apply it to their role. Whichbehavior will the user experience on the client machine the next time they sign in using Junos Pulse?

A. Junos Pulse will prompt the user with a certificate warning.B. Junos Pulse will prompt the user to install Host Checker.C. Junos Pulse will prompt the user to sign in using the Web UI.D. Junos Pulse will prompt the user to upgrade the Junos Pulse client software.

Correct Answer: DSection: Pulse ConnectionExplanation

QUESTION 9What are three benefits of choosing Junos Pulse for VPN tunneling? (Choose three.)

A. Endpoint security is integrated with Junos Pulse.

B. ESP transport methods are available for Windows, Macintosh, and Linux platforms.C. WSAM integration is available for Microsoft Windows platforms.D. Support is available for a variety of mobile devices.E. SSL transport methods are available for Linux platforms.

Correct Answer: ACDSection: Pulse ConnectionExplanation


QUESTION 10You want to use Host Checker to verify that users have a specific version of application software. Which twoHost Checker rules in the Admin UI would achieve this? (Choose two.)

A. Predefined RulE. OS ChecksB. Custom RulE. Patch AssessmentC. Custom RulE. Registry SettingD. Custom RulE. NetBIOS

Correct Answer: BCSection: HostCheckExplanation


QUESTION 11You want to restrict role access to only users who have the required client certificate and pass a Host Checkerpolicy. Which two methods in the Admin UI would set this restriction? (Choose two.)

A. Enable the Host Checker and certificate role restrictions.B. Require and enforce the Host Checker and certificate authentication policies.C. Use a custom expression to map users to the role based on the client certificate and Host Checker policy.D. Use Secure Virtual Workspace to restrict access to the role based on the client certificate and Host Checker

policy.

Correct Answer: ACSection: Administration ConfiguringExplanation


QUESTION 12You want to create a Host Checker policy that prevents a user with an Apple iOS device from connecting to thenetwork if the device limitations imposed by Apple have been altered or removed. Which Host Checker ruletype in the Admin UI should you create?

A. Predefined RulE. Mobile Security Suite (MSS)B. Predefined RulE. Rooting DetectionC. Predefined RulE. Jail Breaking DetectionD. Predefined RulE. Check Operating System



QUESTION 13A customer requires licensing to support a total of 1,000 concurrent users for a new Junos Pulse SecureAccess Service cluster deployment consisting of two nodes. The Junos Pulse Secure Access Service will runsoftware release 7.2. What is the minimum license configuration needed to support this requirement?

A. one 500-user ADD on the first node and one 500-user CL license on the second node "First Test, FirstPass" - www.lead2pass.com 6Juniper JN0-355 Exam

B. one 1000-user ADD on the first node and one 500-user CL license on the second nodeC. two 500-user ADD licenses, one on each nodeD. two 1,000-user ADD licenses distributed equally across the two nodes

Correct Answer: CSection: ClusterExplanation


QUESTION 14You would like to set up a meeting using Junos Pulse Collaboration for the Sales division tomorrow morning. Inthe user interface, which setting should you select?

A. Instant MeetingB. Support MeetingC. Schedule MeetingD. Join Meeting



QUESTION 15You want to use ESP for your VPN Tunneling transport mechanism. Which port must you have open on yourfirewall to the Junos Pulse Secure Access Service in a default configuration?

A. UDP 500B. TCP 500C. UDP 4500D. TCP 4500

Correct Answer: CSection: Pulse ConnectionExplanation


QUESTION 16The Junos Pulse client connects to which two Juniper Networks services? (Choose two.)

A. Junos Pulse Secure Access ServiceB. Junos Pulse Access Control ServiceC. Unified Threat ManagementD. Intrusion Detection Prevention

Correct Answer: ABSection: Administration ConfiguringExplanation


QUESTION 17You are logged in to the Junos Pulse Secure Access Service on your laptop using the wired connection on yourdocking station. You undock your machine and move over to a wireless network and your session does notreconnect. Why did this happen?

A. The browser request follow through was disabled.B. The roaming session was disabled.C. The persistent session was disabled.D. The enable session extension was disabled.

Correct Answer: BSection: Pulse ConnectionExplanation


QUESTION 18Which two server instances would be used as secondary authentication servers on the Junos Pulse SecureAccess Service? (Choose two.)

A. RADIUS serverB. anonymous serverC. Active Directory serverD. certificate server


QUESTION 19Which two statements describe the functionality of the client standalone installer? (Choose two.)

A. All Windows clients are available as standalone installers, except Host Checker.B. Juniper Installer Service client deployment requires administrative privileges.C. Juniper Installer Service client can be deployed using the automated Microsoft Systems Management

Server (SMS) service.D. Clients deployed using Juniper Installer Service require post-installation machine reboot.

Correct Answer: BCSection: Administration ConfiguringExplanation

QUESTION 20Which statement is correct about VPN tunneling clients?

A. Network Connect supports the use of client certificates on Windows and Linux systems only.B. The Junos Pulse client supports the use of client certificates on Windows systems only.C. Network Connect supports the use of client certificates on smart phones and PDAs.D. Junos Pulse supports the use of client certificates on iOS and Android OS devices.


QUESTION 21Which three elements are required to deploy the Service Provider Edition (SPE) virtual appliance?(Choose three.)

A. a MAG Series device acting as license server

B. user subscription licensingC. a server that hosts the virtual appliancesD. LDAP authenticationE. Device Management Interface (DMI)

Correct Answer: ABCSection: Administration ConfiguringExplanation


QUESTION 22You must perform daily backup operations of logging information as well as configuration. What should youchoose in the Admin UI to achieve this?

A. SyslogB. Local BackupsC. SNMPD. Archiving Servers



QUESTION 23A user is currently not able to sign in to the Junos Pulse Secure Access Service. LDAP authentication iscurrently configured for all users. You run a TCP dump during the authentication attempt and notice that the response from the LDAP server lists resultCodE. invalidCredentials (49).

Which type of issue is the user experiencing?

A. authenticationB. authorizationC. resource policyD. role restriction

Correct Answer: ASection: TroubleshootingExplanation


QUESTION 24A Web site is available to all users but it does not display correctly when using basic Web access. You want to provide an alternate method for accessing the Web site through the Junos Pulse Secure AccessService while continuing to provide all other Web content using basic Web access. In the Admin UI, which two actions must be performed for users to access the Web site? (Choose two.)

A. Create a Web Proxy policy.B. Create a Do Not Rewrite Selective Rewrite policy.C. Configure Junos Pulse to provision Layer 3 access.D. Configure a proxy connection on your browser.

Correct Answer: BCSection: TroubleshootingExplanation


QUESTION 25You must plan the deployment of Junos Pulse to hundreds of end users on various client platforms includingWindows laptops, smartphones running Google Android, and iPad users. What are three delivery methods thatyou would use to complete this task? (Choose three.)

A. Users can connect to the Secure Access Gateway Web portal and install Junos Pulse from the start page.B. You can distribute a default installer to endpoints, install it, and let users create their own connections.C. You can configure a Host Checker policy to detect if Junos Pulse is installed and deliver the installation to

the endpoint during pre-authentication.D. Smartphone users can download the Junos Pulse installer from the mobile application section of the Web

portal start page.E. You can create an .msi installer that contains connection settings and services along with the Junos Pulse

installer and deliver this to endpoints using a software distribution process.

Correct Answer: ABESection: Administration ConfiguringExplanation


QUESTION 26Your customer requires some users to be mapped to a specific role. The Active Directory (AD) administratorfrequently changes users from one AD group to another. Which role mapping rule type should you use?

A. the user's group membership returned by the realm's authentication serverB. the result of a host check rule for machine certificateC. the authentication realm accessedD. the user's username and NetBIOS name

Correct Answer: ASection: Administration ConfiguringExplanation

QUESTION 27As an administrator, what would you do to synchronize the state after configuring a license server on a virtualapplication?

A. Pull the leasing state from the license server on the virtual appliance.B. Copy the leasing state from the license server on the virtual appliance.C. Push the leasing state from the license server to the virtual appliance.D. Post the leasing state from the license server to the virtual appliance.


QUESTION 28You are implementing several Host Checker policies on your users, however, you must block access to aspecific Web server when users fail one specific Host Checker policy. Which Host Checker implementationallows you to satisfy this requirement?

A. Implement your Host Checker policy as an initial policy (pre sign-in).B. Implement your Host Checker policy at the authentication realm to evaluate only.C. Implement Host Checker policies at the user role where the users with different Web access requirements

belong to different roles with different Host Checker policies defined.D. Implement a Web access resource policy that contains a detailed rule with conditions on specific Host

Checker policies as conditions for access.

Correct Answer: CSection: HostCheckExplanation


QUESTION 29You are performing initial configuration steps on a MAG Series Junos Pulse Service Gateway using the serialcable that came with the appliance. You have connected one end of the cable to the serial port on a PC andyou need to connect the other end to the appliance. There are several ports on the front of the MAG Serieschassis. Which port must you use?

A. USB portB. serial terminal portC. A0D. console port


QUESTION 30Which statement about Public Key Infrastructure (PKI) is true?

A. PKI negotiates a secure connection between a client and a server.B. PKI specifies the use of a shared key.C. PKI uses digital certificates to bind public keys to an entity.D. PKI requires the use of a certificate authority and a registration authority.


QUESTION 31You are asked to deploy Windows (RDP) and Citrix terminal services for a large financial firm. The customerrequests that you enable role terminal service security settings. In the Admin UI, which two restriction settingsapply? (Choose two.)

A. Control access to printersB. Control wireless machine interfaceC. Control client access to external drivesD. Deny access to Oracle Expense reporting application



QUESTION 32Which statement describes how the JunOS Pulse Secure Access Service processes cookies?

A. The device intercepts all cookies sent by internal servers and replaces them with session cookies.B. The device intercepts all cookies sent by Junos Pulse clients and replaces them with session cookies.C. The device intercepts all cookies sent by internal servers and replaces them with persistent cookies.D. The device intercepts all cookies sent by internal servers based on the defined Web Caching policy.



QUESTION 33You have just created a Host Checker policy that limits role access to only users who sign in with company-issued computers. All users who do not pass the policy will be remediated to a different role with fewer features. Which two stepsin the Admin UI must you configure to enforce the policy? (Choose two.)

A. For the Host Checker Authentication Policy, choose "Require and Enforce".B. For the Host Checker Authentication Policy, choose "Evaluate Policies".C. For the Host Checker Role Restriction, allow all users.D. For the Host Checker Role Restriction, allow only users who meet the selected Host Checker policy.

Correct Answer: BDSection: HostCheckExplanation


QUESTION 34What are two characteristics of active/active clustering? (Choose two.)

A. clustering of up to four nodesB. load balancingC. cluster synchronization using the external portD. failover using a virtual IP (VIP) address

Correct Answer: ABSection: ClusterExplanation



QUESTION 35In the Admin UI, which two connection types are in a Junos Pulse connection set? (Choose two.)

A. SSL VPN or UAC (L3)B. Netscreen FirewallC. UAC (802.1X)D. iPass Mobile Connect

Correct Answer: ACSection: Pulse ConnectionExplanation


QUESTION 36You are attempting to sign in to the Junos Pulse Secure Access Service and receive the error, You are notallowed to sign in. Which two restrictions would cause this issue? (Choose two.)

A. You are missing a required client certificate.B. The administrator forgot to assign you any roles.C. You are not allowed to access resources.D. You typed an invalid username or password.


QUESTION 37You are asked to add another gateway to an existing three-unit SA cluster. Which two actions should youperform? (Choose two.)

A. Add a new cluster member, IP addresses, and default gateways under the existing cluster definition.B. Upgrade the new cluster member to match the same software release of the cluster.C. Set the existing cluster to active/passive state.D. Configure cluster name, cluster password, and existing member address on the new cluster member.

Correct Answer: ADSection: ClusterExplanation


If you add the Secure Access Service running a previous version service package to a cluster, the SecureAccess Service automatically detects the mismatch, gets the newer package from the cluster, and joins thecluster

QUESTION 38A customer wants to implement X.509 certificate authentication on their users. They want to extract theusername from each certificate for accounting and single sign-on purposes. The correct username syntax lieswithin the common name portion of the certificate's subject field. Which username template should you use onthe certificate authentication server's configuration?

A. <certDN.CN>B. <certDN.SN>C. <certAttr.altName.CN>D. <certAttr.altName.SN>



QUESTION 39How are Web access policies processed by the Junos Pulse Secure Access Service?

A. Web access policies are processed in a top-down fashion for the first match.B. Web access policies are processed in a top-down fashion for the last match.C. Web access policies are processed in a top-down fashion for the best match.D. Web access policies are processed in a top-down fashion for all possible matches.



QUESTION 40You want to ensure that untrusted computers that connect the Junos Pulse Secure Access Service haveresidual data removed after the user session is complete. Which two Endpoint Security features in the AdminUI achieve this? (Choose two.)

A. Cache CleanerB. Host CheckerC. Secure Virtual Workspace (SVW)D. Enhanced Endpoint Security (EES)


QUESTION 41What does Junos Pulse Collaboration provide?

A. group instant messaging servicesB. Web-based meeting servicesC. corporate file sharing servicesD. conference call services

Correct Answer: BSection: Administration ConfiguringExplanation


QUESTION 42You are the presenter of a Junos Pulse Collaboration meeting and attendees indicate that the presentationseems to have a problem with color quality. How would you resolve this issue?

A. Stop sharing the application and try to reshare again.B. Enable True Color Presentations in the meeting.C. Reboot the MAG Series device.D. Enable True Color Presentations globally.



QUESTION 43You are configuring the Junos Pulse client to be installed and launched the first time the user logs in to theJunos Pulse Secure Access Service start page. What should you do?

A. Under the User Role > VPN Tunneling; select Junos Pulse and Auto-launch.B. Under Junos Pulse > Connections; your connection set, select Dynamic connections.C. Under Junos Pulse > Connections; create a connection set of the SA or IC type. The client will be installed

and executed automatically.D. Under Junos Pulse > Components; your component set, select All components.

Correct Answer: ASection: Pulse ConnectionExplanation


QUESTION 44Which Junos Pulse Secure Access Service element controls the location awareness rules settings for theJunos Pulse client?

A. Junos Pulse component setB. Junos Pulse connection setC. User role restrictionsD. User role session options



QUESTION 45The Junos Pulse client for iPad supports which three types of host checks? (Choose three.)

A. jailbreak detectionB. virus detection enabledC. operating system versionD. Mobile Security Suite (MSS) registrationE. firewall enabled

Correct Answer: ACDSection: HostCheckExplanation


QUESTION 46You are asked to perform an automatic two-unit cluster upgrade. Which action must you perform?

A. Remove the backup node from the cluster prior to upgrading the code.B. Upgrade both cluster nodes to the new software release.C. Delete all active user sessions.D. Use Central Manager to perform the cluster upgrade.


QUESTION 47Which sequence describes the processing order when a user authenticates to a Junos Pulse Secure AccessService?

A. sign-in policies, roles, authentication realms, resource policiesB. sign-in policies, authentication realms, resource policies, rolesC. sign-in policies, resource policies, roles, authentication realmsD. sign-in policies, authentication realms, roles, resource policies


QUESTION 48A Junos Pulse Secure Access Service has a device certificate issued for sa.pulse.local. Users accessingsales.pulse.local and finance.pulse.local receive a certificate warning any time they access the Junos PulseSecure Access Service. As an administrator, which two actions would resolve the issue? (Choose two.)

A. Install a wildcard certificate for *.pulse.local.B. Remove the sa.pulse.local device certificate.C. Install certificates for sales.pulse.local and finance.pulse.local on the same interface.D. Load multiple server certificates (one for each hostname), and create a virtual port to associate the specific

URL.

Correct Answer: ADSection: Administration ConfiguringExplanation

QUESTION 49Which two features does the Junos Pulse Secure Access Service offer that enhance security on the corporatenetwork? (Choose two.)

A. enforcement of endpoint complianceB. secure OSPF routingC. firewall filteringD. support for multiple client types



QUESTION 50What are two operational functions of the VPN Tunneling client? (Choose two.)

A. It provides the ability to select applications that use a tunneling service.B. It supports dual transport modes, ESP or SSLC. It supports Windows domain single sign-on.D. It requires Web browser-based user authentication.

Correct Answer: BCSection: Pulse ConnectionExplanation


QUESTION 51You want to use canonical formats to specify the following resource for a resource policy:

1.1.1.1:80/employee/%

Which directory path matches this resource?

A. 1.1.1.1:80/employee/payroll/data.htmlB. www.hostname.com:80/employee/payroll/data.htmlC. 1.1.1.1:80/employee/data.htmlD. www.hostname.com:80/data.html


Explanation/Reference:* Matches ALL characters

% Matches any character except dot (.)

? Matches exactly one character

QUESTION 52How are user role-mapping rules processed by the Junos Pulse Secure Access Service gateway?

A. All rules are processed in a top-down fashion for the best match. If no match is found, the user is notallowed to sign in to the realm.

B. All rules are processed in a top-down fashion for the best match. If no match is found, the user is assignedto the default role.

C. All rules are processed in a top-down fashion for all eligible matches. If no match is found, the user is notallowed to sign into the realm.

D. All rules are processed in a top-down fashion for all eligible matches. If no match is found, the user isassigned to the default role.


Explanation/Reference:Wenn keine Stop Regel definiert ist

QUESTION 53You want to create a policy that grants access only to the server 1.1.1.1 directory called Sales and accessinside that directory only to .doc files. Which two policies will satisfy the requirement? (Choose two.)

A. \\1.1.1.1\sales\*.docB. \\1.1.1.1\sales\%.docC. \\1.1.1.1\%sales%\*.docD. \\1.1.1.1\*\%.doc





QUESTION 54You are asked to set up Junos Pulse Secure Access Service in a high availability, active/active clusterconfiguration. In the Admin UI, which two cluster settings are available? (Choose two.)

A. Internal VIPB. Member NameC. Synchronize user-defined bookmarksD. Synchronize log messages

Correct Answer: BDSection: ClusterExplanation


QUESTION 55A Network Connect (NC) user attempts to start a VPN tunnel and receives the error message shown below:

"The secure gateway denied the connection request from this client".

What are two reasons why this error would occur? (Choose two.)

A. There is no IP address pool defined for the user's role in the NC Connection Profile.B. A firewall is blocking access between the client and Secure Access Gateway.C. The DHCP server configured to assign IP Addresses in the NC Connection Profile is not responding.D. A DNS profile has not been configured in the NC Connection Profile.

Correct Answer: AC

Section: Administration ConfiguringExplanation

QUESTION 56You are deploying a VPN tunneling client and are asked to configure a restrictive set of tunneling policies. In theAdmin UI, which two VPN Tunneling role settings apply? (Choose two.)

A. Split TunnelingB. VPN Tunneling Access ControlC. Route MonitorD. Connection Settings

Correct Answer: ACSection: Pulse ConnectionExplanation


QUESTION 57Which two types of traffic does the Host Checker connection control policy block on the client? (Choose two.)

A. all incoming TCP trafficB. all outgoing TCP trafficC. all outgoing DNS trafficD. all incoming UDP traffic

Correct Answer: ADSection: HostCheckExplanation


QUESTION 58Certain users within your organization have an LDAP attribute named userAttr.EmployeeLevel. You want tomap these users to a specific role if the value of the attribute is 65 or higher. In the Admin UI, which rolemapping rule type will perform this operation?

A. UsernameB. Group MembershipC. Custom ExpressionD. Certificate Attribute



QUESTION 59The MAG Series Junos Pulse Gateway provides which three functions? (Choose three.)

A. deep packet inspectionB. centralized policy managementC. dynamic routingD. check complianceE. authenticate users

Correct Answer: BDESection: Administration ConfiguringExplanation

QUESTION 60Which three describe clustering on the MAG Series Junos Pulse Gateway? (Choose three.)

A. load balancingB. configuration synchronizationC. aggregate interfacesD. high availabilityE. WAN support

Correct Answer: ABDSection: ClusterExplanation

QUESTION 61Which two statements describe the Content Intermediation Engine (CIE)? (Choose two.)

A. The CIE is responsible for the redirect function.B. The CIE is responsible for processing incoming requests and outgoing content.C. The CIE rewrites Web content.D. The CIE rewrites application content using Junos Pulse.

Correct Answer: BCSection: Administration ConfiguringExplanation

Explanation/Reference:CIE Overview

One of the core technologies that Secure Access offers is the Content Intermediation Engine (CIE), a highlyadvanced parser and rewriter. The CIE retrieves Web-based content from internal Web servers and changesURL references and Java socket calls so that all network references point to Secure Access.

For instance, when an authenticated user clicks a link, the request goes to Secure Access. Secure Accessperforms intermediation by parsing the incoming link to determine the internal destination server and thenforwarding the request to that internal server on behalf of the end-user. In other words, Secure Access acts asthe internal server to the end-user and acts as an end-user to the internal server. This intermediation processprovides protection and clear separation between end-users and internal resources.

In order to successfully intermediate Web applications, the CIE must successfully locate all links within a pageand rewrite them accurately. This document provides guidelines to Web application developers and userinterface designers for creating Web applications that the CIE can successfully intermediate. The documentprovides general recommendations, lists the content-types that Secure Access supports, the level of supportthat Secure Access provides for each of the content types, and the language constructs to avoid.

Note: The Content Intermediation Engine does not intermediate all types of links. For instance, it does notintermediate ftp, rtsp, mms, and mailto links.

Content Types Supported Through the CIE

The Content Intermediation Engine fully supports Web applications written in standard HTML, JavaScript,VBscript, and Java. There are a few corner cases, however, in which these content types are sensitive tointermediation and parsing. If this document does not contain information about a content type, the ContentIntermediation Engine does not officially support it, but the content type may still work through Secure Access.

QUESTION 62What does Secure Virtual Workspace (SVW) provide?

A. a virtual desktop on a client desktopB. protected file storage on a remote serverC. a protected workspace on a client virtual machineD. a protected workspace on the client desktop

Correct Answer: D

Section: Administration ConfiguringExplanation

Explanation/Reference:The Secure Virtual Workspace guarantees the integrity of Secure Access session data on a client machinerunning Windows 2000 or Windows XP by creating a protected workspace on the client desktop. By enablingthe Secure Virtual Workspace, you ensure that any end-user signing in to your intranet must perform allinteractions within a completely protected environment. If the user’s applications and interactions result in databeing written to disk or to the registry, the Secure Virtual Workspace encrypts that information. When theSecure Access session is complete, the Secure Virtual Workspace destroys all information pertaining to itselfor to the session, by default. However, you can configure the state of this type of information to suit yourparticular needs. For example, you might decide to allow data to persist across Secure Virtual Workspacesessions.

QUESTION 63Which three actions are performed when configuring WSAM for Junos Pulse? (Choose three.)

A. Configure a WSAM resource profile.B. Enable route monitor in the user role.C. Enable Junos Pulse in the User role.D. Configure a Junos Pulse client connection and component set.E. Under the user role, SAM, select the Auto-launch Secure Application Manager box.

Correct Answer: ACESection: Administration ConfiguringExplanation


http://kb.juniper.net/InfoCenter/index?page=content&id=KB23994

QUESTION 64Remote access users must maintain connectivity to printers on their local network when they launch their VPNtunnel and are connected with split tunneling disabled. In the Admin UI, which VPN Tunneling setting wouldallow this?

A. Enable Tunnel routes under Route Precedence.B. Enable Route Monitor.C. Enable Endpoint routes under Route Precedence.

D. Disable Route Monitor.



QUESTION 65Which platform supports the Junos Pulse Secure Access Service?

A. MX SeriesB. SRX SeriesC. MAG SeriesD. EX Series



QUESTION 66You have just launched a meeting using Junos Pulse Collaboration. You examine the Collaboration toolbar andnotice several buttons. Which three features are available? (Choose three.)

A. VoiceB. ChatC. AnnotationD. Upload FileE. Meeting Info

Correct Answer: BCESection: Administration ConfiguringExplanation


QUESTION 67Which two statements about certificate-based authentication are true? (Choose two.)

A. Certificate-based user authentication requires OCSP with CRL as a backup.B. Certificate-based user authentication requires CRL.C. Certificate-based authentication might require user input during the login process.D. Certificate attributes can be used to assign users to roles.

Correct Answer: CDSection: Administration ConfiguringExplanation

QUESTION 68You are asked to configure enterprise Web services access. In the Admin UI, which two Web role actionsapply? (Choose two.)

A. Add bookmarks.B. Allow automount shares.C. Auto-launch Secure Application Manager.

D. Mask host names while browsing.



QUESTION 69You have configured a Web Resource Profile to allow access to your company's Intranet site and assigned theWeb role to the profile. A bookmark to the site was configured and will be displayed on the user's start page.You also enabled the Web URL browse bar. You did not modify any of the default auto-allow policies. What willusers in the Web role be able to access?

A. Users will not be able to access any Web sites.B. Users will have access to any Web site in the domain.C. Users will only have access to the bookmark on the start page.D. Users will need the administrator to create additional bookmarks to access other sites.



QUESTION 70You want to create a VPN tunneling role that allows access to the corporate network but still allows users toaccess the Internet outside of the VPN tunnel. In the Admin UI, which VPN tunneling policy must you configure?

A. Access ControlB. Connection ProfileC. Bandwidth ManagementD. Split-Tunneling Networks


QUESTION 71Which two statements are true about Online Certificate Status Protocol (OCSP)? (Choose two.)

A. OCSP provides real-time certificate verification.B. The Revocation Checking option must be disabled in OCSP.C. OCSP must have the Allow Clock Discrepancy field set to zero.D. The Junos Pulse Secure Access Service is an OCSP client.



QUESTION 72Users access the Junos Pulse Secure Access Service from home using a specific connection. When the sameusers access secured resources in the office, they must connect to the Junos Pulse Access Control Serviceusing a different connection. You want to make the user connection automatic when they launch Junos Pulse.Which Junos Pulse feature should you configure?

A. Connection AwarenessB. Location AwarenessC. Location ServicesD. Connection Services

Correct Answer: BSection: Pulse ConnectionExplanation


QUESTION 73

You are asked to configure a user's bookmark page to present the appropriate customer-facing corporatebranding. Which two user interface role configurations apply? (Choose two.)

A. corporate logo imageB. corporate font typeC. text colorD. Flash video message



QUESTION 74A customer wants to verify that users satisfy a minimum Windows operating system and service pack (SP)level. Which type of endpoint security policy would be the simplest way to verify this?

A. Use a Host Checker policy with a rule type of "PredefineD. OS Checks."B. Use a Host Checker policy with a rule type of "Custom: Patch Assessment."C. Use a realm authentication policy to verify user-agent strings sent by the user's browser.D. Use a role restriction policy to verify user-agent strings sent by the user's browser.

Correct Answer: ASection: HostCheckExplanation


QUESTION 75In a SAML profile, which two SSO methods are used to communicate with the SAML server? (Choose two.)

A. Push

B. ArtifactC. PullD. Post

Correct Answer: BDSection: Administration ConfiguringExplanation


QUESTION 76You are configuring a Web resource policy and you want to ensure that a user can only access the URL http://intranet.example.com/employees and exactly one level below /employees. Which policy will satisfy thisrequirement?

A. http://intranet.example.com/employees/*/?B. http://intranet.example.com/employees/*C. http://intranet.example.com/employees/?D. http://intranet.example.com/employees/%





QUESTION 77You have just upgraded the Junos Pulse Secure Access Service, but now Host Checker is not operational.Host Checker functioned normally before the upgrade. Which Host Checker setting should you verify is enabledin the Admin UI?

A. Perform dynamic policy reevaluationB. Endpoint Security Assessment Plug-In (ESAP) versionsC. Auto-update virus signatures listD. Auto-upgrade Host Checker



QUESTION 78What are three reasons for using certificates? (Choose three.)

A. for role mappingB. to acquire an IP addressC. for server authenticationD. for user authenticationE. for ESP negotiation

Correct Answer: ACDSection: Administration ConfiguringExplanation

QUESTION 79Which three statements describe virtual desktops?

A. Virtual desktops enable users to run personal computer instances on a remote central server.B. Virtual desktops remove workspace data when a session ends.C. Virtual desktops provide a real-time malware scan and remove the malware if detected.D. Virtual desktops lower administrative, support, and hardware costs associated with individual PCs.E. Virtual desktop support includes Citrix XenDesktop.

Correct Answer: ADESection: Administration ConfiguringExplanation


QUESTION 80Referring to the exhibit, which two statements are correct? (Choose two.)

IVE - [127.0.0.1] Root::System()[] - License Server Protocol Error: Code=(0x23)Error="No Such Client"

A. The lease client ID does not match to the one configured on the licensing server.B. The lease client ID is not configured on the licensing server.C. The time difference on the lease client and licensing server is more than 3600 seconds.D. The lease client ID is not yet registered to the licensing server.

Correct Answer: BDSection: TroubleshootingExplanation


QUESTION 81After performing the initial configuration, you browse to the Admin sign-in page for the first time and a certificateerror is displayed as shown in the exhibit. What is causing this error?

A. The device is using an SSL certificate that has expired.B. The device certificate is using an invalid cipher.C. The device certificate authority has been revoked.D. The device is using a self-signed certificate.

Correct Answer: DSection: TroubleshootingExplanation


QUESTION 82You are unable to access a Web page through the Junos Pulse Secure Access Service. You run a policy tracein the Admin UI to troubleshoot the issue. Referring to the exhibit, what is causing the issue?

Info PTR23245 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - Evaluating Policy Rule 1...Info PTR23244 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - Condition [( loginTime.dayOfWeek = (Sa t TO Sun) AND loginTime =(8:00AM TO 5:00PM)) OR groups = 'Clockworks']evalua ted to falseInfo PTR23246 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - No Policy Rule applies to resource [et c...]Info PTR23245 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - Evaluating Policy Rule 1...Info PTR23239 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - Action [Deny access] is returnedInfo PTR23234 2012/04/25 20:53:35 - SA - [1.2.3.4] - Root::hugo(LDAPRealm)[AllEmployees] - Policy [Pulse, Inc. Intranet] applies to resource

A. A role restriction is denying access to the resource.B. A detailed rule is denying access to the resource.C. The resource policies are not in the proper order.D. A Host Checker policy is limiting access to the realm.

Correct Answer: ASection: TroubleshootingExplanation


QUESTION 83A user should be able to access a Web resource but instead is receiving an error that access to the site isblocked. Referring to the exhibit, which policy must be modified to allow access to the resource?

Root::user1(patch management)[Web Users] - Start Po licy [WEBURL/REWRITING]evaluation for resource http://www.juniper.net:80/Root::user1(patch management)[Web Users] - Applying Policy [Initial RewritePolicy]... Root::user1(patch management)[Web Users] - Action [ Rewrite Content (auto-detectcontent type)] is returnedRoot::user1(patch management)[Web Users] - Policy [ Initial Rewrite Policy]applies to resource Root::user1(patch management)[Web Users] - Passthro ugh proxy policies are notapplicable for http://www.juniper.netRoot::user1(patch management)[Web Users] - Start Po licy [WEBURL/ACCESS]evaluation for resource http://www.juniper.net:80/Root::user1(patch management)[Web Users] - Applying Policy [Web]... Root::user1(patch management)[Web Users] - Evaluati ng Policy Rule 1... Root::user1(patch management)[Web Users] - Resource filter [http://www.juniper.com:80/*] does not match Root::user1(patch management)[Web Users] - No Polic y Rule applies to resource Root::user1(patch management)[Web Users] - Applying Policy [Initial OpenPolicy]... Root::user1(patch management)[Web Users] - User rol es [Web Users] do not matchwith configured roles [Exclusive:Web Users]Root::user1(patch management)[Web Users] - No Polic y applies to resource Root::user1(patch management)[Web Users] - Start Au to Allow evaluation on WEBURLfor resource http://www.juniper.net:80/Root::user1(patch management)[Web Users] - No Auto Allow resources configured

A. pass-through proxy policyB. initial open policyC. selective rewrite policyD. initial rewrite policy

Correct Answer: BSection: TroubleshootingExplanation


QUESTION 84You must perform daily backup operations of logging information as well as configuration. What should youchoose in the Admin UI to achieve this?

A. SyslogB. Local BackupsC. SNMPD. Archiving Servers


QUESTION 85Referring to the exhibit, which statement is correct?

A. A role-mapping rule has not been defined for the user.B. The user has mistyped their username or password.C. The authentication server that the user is authenticating to has rejected their credentials.D. The user has attempted to sign in using an invalid authentication server.

Correct Answer: ASection: (none)Explanation


QUESTION 86Which two statements are correct regarding the MAG6611 Junos Pulse Gateway in an active/active clusterconfiguration? (Choose two.)

A. Virtual IP (VIP) is available.B. It supports up to two devices.C. It supports up to four devices.D. External load balancing is preferred.

Correct Answer: CDSection: ClusterExplanation

QUESTION 87What is the function of the smart caching setting within a Web caching policy?

A. to send the cache control compress header to the clientB. to remove the cache control headers from the origin serverC. to not modify the cache control header from the origin serverD. to send the appropriate cache control header based on Web content.



QUESTION 88You have configured RADIUS authentication on the Junos Pulse Secure Access Service. Users report that theirauthentication is rejected. The RADIUS administrator reports that the RADIUS server requires a specificattribute that identifies the Junos Pulse Secure Access Service on the RADIUS server. In the Admin UI, whichconfiguration parameter will address this issue?

A. NameB. NAS-IdentifierC. RADIUS ServerD. Shared Secret



QUESTION 89What are three benefits that resource profiles provide over resource policies? (Choose three.)

A. Resource profiles provide automatic mapping of users to roles.B. Resource profiles provide a simplified process for creating bookmarks and resource policies.C. One profile can be assigned to multiple roles.D. Resource options can be customized for each profile.E. Resource profiles provide a simplified process for configuring applications such as VPN tunneling.

Correct Answer: BCDSection: Administration ConfiguringExplanation


QUESTION 90You must deploy VPN tunneling using Network Connect to multiple Microsoft Windows devices. Due to access

restrictions, the users do not have permission to install WSAM. Which component resolves this issue?

A. Juniper Installer ServiceB. Host CheckerC. third-party integrity measurement verifierD. Windows Secure Application Manager scriptable launcher


QUESTION 91You want to use ESP for your VPN Tunneling transport mechanism. Which port must you have open on yourfirewall to the Junos Pulse Secure Access Service in a default configuration?

A. UDP 500B. TCP 500C. UDP 4500D. TCP 4500



QUESTION 92Users report that they cannot download a PowerPoint presentation when accessing a Web site using basicWeb access. Which resource policy in the Admin UI will resolve this issue?

A. Selective Rewrite Policy

B. Web Caching PolicyC. Web Proxy PolicyD. Single Sign-On Policy



QUESTION 93Which two access transport protocols are used with Junos Pulse for an Apple OS X computer? (Choose two.)

A. ESPB. SSHC. SSLD. IKEv2

Correct Answer: ACSection: (none)Explanation

QUESTION 94What would be used to configure the management port on the MAG4610 Junos Pulse Gateway?

A. USB portB. custom scriptsC. serial consoleD. Admin UI

Correct Answer: DSection: (none)Explanation


QUESTION 95What are three ways a Junos Pulse connection is initiated to a Junos Pulse Secure Access Service? (Choosethree.)

A. The connection is initiated when the Web browser requires that a VPN tunnel be established.B. The connection is initiated after the user signs in to the PC.C. The user manually initiates a connection.D. The connection is initiated after the PC starts.E. The connection is initiated only if application acceleration is enabled.

Correct Answer: BCDSection: (none)Explanation

QUESTION 96You are asked to define role settings for Windows file bookmarks with a certain set of access policies. In theAdmin UI, which two Windows file restrictions apply? (Choose two.)

A. network file share browsingB. persistent password cachingC. read-write accessD. source IP address role restriction

Correct Answer: ACSection: (none)Explanation


QUESTION 97Which action must you perform to use CRLs to validate user certificates?

A. Configure an OCSP responder.B. Validate a trusted server CA.C. Import as a trusted client the root certificate of the CA issuing the CRL.D. Configure a CA chain.

Correct Answer: CSection: (none)Explanation

QUESTION 98Users sign in to the Junos Pulse Secure Access Service using LDAP authentication. Users must also accessOutlook Web Access using the same LDAP credentials. You would like to make this authentication processautomatic so that users do not need to submit the same credentials twice. In the Admin UI, which two willaddress this concern? (Choose two.)

A. KerberosB. Anonymous accessC. Windows Terminal ServicesD. Remote form POST

Correct Answer: ADSection: (none)Explanation


QUESTION 99Users are reporting that they cannot log in to the Junos Pulse Secure Access Service. In the user access log onthe Junos Pulse Secure Access Service, you discover a series of messages shown in the exhibit. What is thecause of the problem?

Info AUT23457 2012-07-16 18:20:06 - ive - [192.168. 252.1] jsmith(Users)[] - Loginfailed using auth server Corp (LDAP Server). Reason : FailedInfo AUT24327 2012-07-16 18:20:06 - ive - [192.168. 252.1] jsmith(Users)[] -Primary authentication failed for jsmith/Corp from 192.168.252.1Minor AUT23391 2012-07-16 18:20:06 - ive - [192.168 .252.1] jsmith(Users)[] -Could not connect to LDAP server 'Corp': Failed bin ding to admin DN: [49] Invalidcredentials: ADCorp.acme.com:389Info AUT23457 2012-07-16 18:20:01 - ive - [192.168. 252.1] rbook(Users)[] - Loginfailed using auth server Corp (LDAP Server). Reason : FailedInfo AUT24327 2012-07-16 18:20:01 - ive - [192.168. 252.1] rbook(Users)[] -Primary authentication failed for jsmith/Corp from 192.168.252.1Minor AUT23391 2012-07-16 18:20:01 - ive - [192.168 .252.1] rbook(Users)[] - Couldnot connect to LDAP server 'Corp': Failed binding t o admin DN: [49] Invalidcredentials: ADCorp.acme.com:389

A. The Junos Pulse Secure Access Service cannot reach the LDAP authentication server.B. The Junos Pulse Secure Access Service cannot authenticate to the LDAP authentication server.C. The users are failing authentication because their LDAP credentials are invalid.D. The users are failing authentication because they do not exist in the LDAP directory.

Correct Answer: BSection: (none)Explanation



Documents

Juniper.BrainDump.JN0-355.v2013-03-26.by.de68hof · 3/26/2013 · LDAP authentication is currently configured for all users. You run a TCP dump during the authentication attempt