JN0-740 Online Practice Questions and Answers

Which security feature provides secure tunnels across a public network?

A. dynamic routing

B. Web filtering

C. IPsec

D. firewall filters

Which ScreenOS WebUI button reorders policies?

A. Shift

B. Move

C. Reorder

D. Transfer

You enter the following command:

set int e0/8 mip 1.1.8.32 host 10.1.10.32 netmask 255.255.255.248

How many MIP address translations have you just configured?

A. 1

B. 8 C. 32

D. 254

Which two statements are accurate about tunnel mode? (Choose two.)

A. In tunnel mode the IPSec header precedes the original IP header.

B. Tunnel mode is required in IPSec networks where ESP packets are used.

C. Tunnel mode is the default mode of operation for IPSec in ScreenOS devices.

D. Tunnel mode can only be used when operating between IPSec security gateways.

You are looking at the event log of the initiating device and it says Received notify message for DOI <1> <14> . What is likely to be the problem?

A. Phase 2 PFS failure

B. Phase 1 gateway failure

C. Phase 1 proposal mismatch

D. Phase 2 proposal mismatch

What is required to support policy-based NAT when using route-based VPNs?

A. Tunnel interface

B. Tunnel interface must have an IP address.

C. Tunnel interface must have an unnumbered IP.

D. Tunnel interface must have an unnumbered IP address.

What is required to support policy-based NAT when using route-based VPNs?

A. Policy defined for VPN traffic.

B. Tunnel interface must be unnumbered.

C. Tunnel interface must have an IP address.

D. Tunnel interface must have a custom zone assigned.

You have created your tunnel interface in the untrust zone. Traffic from the trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the untrust zone is not able to pass traffic through the tunnel. You are using a single virtual router. What could be causing this problem?

A. Two virtual routers need to be configured.

B. A policy is needed since intra-zone blocking is on by default in the untrust zone.

C. The tunnel is configured with a proxy id that does not include the address from the untrust interface.

D. The routing tables are not correctly configured to allow the traffic from the untrust source to be delivered to the destination.

-- Exhibit -

-- Exhibit -Click the Exhibit button.

In the exhibit, what is the correct command to configure a default route on the SSG 20?

A. set route 0.0.0.0/0 vrouter untrust

B. set route 0.0.0.0/0 interface e0/4 gateway 143.45.56.254

C. set route 0.0.0.0/0 interface e0/4 next-hop 143.45.56.254

D. set route 0.0.0.0/0 interface 143.45.56.1 gate 143.45.56.254

-- Exhibit -

-- Exhibit -Click the Exhibit button to view the exhibit.

What does this icon indicate?

A. Logging is enabled on a policy

B. Counters are enabled on a policy

C. Scheduling is enabled on a policy

D. Authentication is enabled on a policy

E. Address translation is enabled on a policy