Which NAT has bidirectional translation by default?
A. NAT-src
B. NAT-dst
C. VIP
D. MIP
You are the administrator of a NetScreen 5GT. The system administrator cannot use SSH to log in to the NetScreen 5GT. Referring to the exhibit, what is the problem?
SSH V2 is active ns5gt-> get int et1 Interface ethernet1: description ethernet1 number 2, if_info 176, if_index 0, mode nat link up, phy-link up/full-duplex status change:1, last change:02/06/1997 18:02:32 vsys Root, zone Trust, vr trust-vr dhcp client disabled PPPoE disabled admin mtu 0, operating mtu 1500, default mtu 1500 *ip 192.168.1.1/24 *manage ip 192.168.1.1, route-deny disable pmtu-v4 disabled ping enabled, telnet enabled, SSH enabled, SNMP enabled web enabled, ident-reset disabled, SSL enabled SSH is enabled SSH is ready for connections Maximum sessions: 3 Active sessions: 3
A. Interface eth1 does not permit logins using SSH.
B. SSH is not enabled on the NetScreen 5GT.
C. Interface eth1's link status is down.
D. The maximum SSH session has been used.
A ScreenOS device evaluates five primary elements when performing a security policy check on a new session. Which five elements are evaluated?
A. source IP address, destination IP address, source route, source port, and destination port
B. source IP address, destination IP address, source port, destination port, and protocol
C. source IP address, destination IP address, source port, destination port, and payload
D. destination IP address, source port, destination port, protocol, and payload
Which two actions are performed by a read/write vsys administrator? (Choose two.)
A. View the security associations for all virtual systems.
B. Configure a vsys address book entry.
C. Modify the vsys administrator login name.
D. Modify the vsys read/write administrator password.
What is the purpose of a virtual system profile?
A. to limit virtual system access
B. to limit virtual system resources
C. to limit the number of virtual system interfaces
D. to limit the number of VPNs
A routing table contains an IBGP route, a RIP route, an OSPF external Type 2 route, and an EBGP route for 192.168.0.0/16. When the router receives traffic destined for, which route will the router use by default?
A. the EBGP route
B. the IBGP route
C. the OSPF route
D. the RIP route
In the network shown in the exhibit, you have been asked to enable users in the Untrust zone to contact Server1 on TCP port 80 using IP address 1.1.1.1. You also need to allow Server1 to make connections to hosts in the Untrust zone.
When Server1 makes connections to the Untrust zone, the source address of its traffic should be translated to 1.1.1.1.
What would you use to configure this behavior?
A. MIP
B. VIP
C. DIP
D. SIBR
What are three policy types? (Choose three.)
A. destination-based policy
B. intrazone policy
C. source-based policy
D. interzone policy
E. global zone policy
You have created a site-to-site IPsec VPN between two devices. You want to keep the tunnel up at all times, even when no user traffic is using it. Which two configuration additions will accomplish this goal? (Choose two.)
A. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip
B. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip rekey
C. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip keepalive
D. set vpn "RemoteVPN" monitor source-interface ethernet0/1 destination-ip rekey optimized
You have configured NSRP so that session state messages are sent to the backup device. A session is about to timeout on the backup device. Which statement most correctly describes what happens next?
A. The backup device sends a session sync query message to the primary.
B. The master device sends a session disconnect message to the backup device.
C. The session times out with no action from either the backup device or the primary device.
D. The primary sends a reset timer message to the backup with a time value of 8 times the protocol timeout value.
