Exam Title

: Juniper JN0-140 : Certified Internet Associate (JNCIA-AC) 140 Exam

Version : R6.1

www.Prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.

www.Prepking.com

 1. Which two statements are true about applying Host Checker at the realm level? (Choose two.) A. If Evaluate is checked then the client must pass policy to get the sign-in page. B. If Evaluate is checked then the client can fail policy and still get the sign-in page. C. If Require and Enforce is checked then the client must pass policy to get the sign-in page. D. If Require and Enforce is checked then the client can fail policy and still get the sign-in page. Answer: BC 2. Which log contains information about service restarts, system errors, warnings, and requests to check server connectivity? A. Events log B. System log C. User Access log D. Admin Access log Answer: A 3. Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client? A. You do not need to configure a RADIUS client policy. B. You must know the exact model number of the Infranet Enforcer. C. You must specify the NACN password of the device in the RADIUS client policy. D. You do not need to designate a location group to which the Infranet Enforcer will belong. Answer: A 4. Which configuration option can be set either in the initial console menu or the Admin UI of the Infranet Controller? A. VLAN ID B. Hostname C. Domain name D. Administrative timeout Answer: C 5. What is the primary purpose of creating a Location Group Policy? A. to associate more than one realm with an authentication server B. to logically group network access devices and associate them with specific sign-in policies C. to allow or prevent users from accessing resources in specific locations on the network D. to define the URL that users of network access devices can use to access the Infranet Controller Answer: B 6. What is true about the operation of the Infranet Enforcer? A. It assigns users a set of roles. B. It allows access based on auth table entries.

www.Prepking.com

 C. It verifies whether an endpoint meets security requirements. D. It configures the UAC agent to allow or deny access to resources. Answer: B 7. On a pre-existing OAC, which three options can the Infranet Controller overwrite when the user accesses the Infranet Controller? (Choose three.) A. SSID B. login name C. MAC address D. wired adapters E. encryption method Answer: ADE 8. What must be updated regularly to detect the newest versions of personal firewalls on endpoints? A. Infranet Enforcer firmware B. Infranet Controller rollback software C. Host Security Assessment Plug-in (HSAP) D. Endpoint Security Assessment Plug-in (ESAP) Answer: D 9. Which three statements about dynamic filtering are true? (Choose three.) A. Dynamic filtering creates a query statement. B. Dynamic filtering has an option to save query. C. Dynamic filtering can select any log field to filter. D. Dynamic filtering permanently removes other log entries. E. Dynamic filtering redraws the log when you select a variable link. Answer: ABE 10. A customer has installed UAC in their network. They have both Windows and Linux endpoints and

must choose a deployment method that everyone can use. Which deployment method allows for multiple platforms? A. IPsec enforcement B. 802.1X enforcement C. Source IP enforcement D. Odyssey Access Client Answer: C 11. Which interface does the Infranet Controller use to push the configuration? A. trusted port B. internal port

www.Prepking.com

 C. trust interface D. untrust interface Answer: B 12. Which two actions are required to configure an Infranet Enforcer to communicate with an Infranet Controller? (Choose two.) A. Enable SSH. B. Configure DNS. C. Enable route mode. D. Set certificate validation options. Answer: AD 13. When the Infranet Enforcer is set up in transparent mode, which additional resource policy must be configured to use OAC for IPsec enforcement? A. IPsec Routing B. Access Control C. IP Address Pool D. Source Interface Answer: D 14. Which two methods of authentication are used by the Infranet Controller for IPSec enforcement? (Choose two.) A. dial-up VPN B. IKE authentication C. XAuth authentication D. shared IKE authentication Answer: AC 15. What will serve as a RADIUS Client to the Infranet Controller for 802.1x authentication? A. an ACE server B. a wireless network C. an Ethernet switch D. Odyssey Access Client Answer: C 16. If Host Checker restrictions are applied at the role level and the "Allow access to the role if any ONE of the select policies is passed" option is unchecked, which two statements are true? (Choose two.) A. All roles are evaluated together. B. Each role is evaluated separately. C. Clients must pass all policies to access the role.

www.Prepking.com

 D. Clients will pass as long as one policy is accepted. Answer: BC 17. Which additional configuration must be completed when setting up role restrictions using certificates? A. Set up a certificate authentication server. B. Configure the authentication realm to remember certificate information. C. Configure the authentication realm to use a certificate server for authentication. D. Configure a role mapping rule requiring certification information to map user to role. Answer: B 18. What happens when Host Checker is configured to perform checks every "0" minutes? A. Host Checker is disabled. B. Host Checker will perform continous checks. C. Host Checker will perform checks when user logs out. D. Host Checker will perform checks when user first logs in. Answer: D 19. Your company has a mix of employees and contractors. "con-"; employee usernames never begin with "con-". Contractor usernames always begin with

You need to give employees access to all resources

and give contractors access to a limited set of resources. Employee and contractor roles have been created with the appropriate access privileges, and the realm is set to merge settings for all assigned roles.

Which role mapping ruleset would result in the correct access privileges being assigned? A. username="*" username="con-*" B. username="*" username="con-*" C. username="con-*" username="*" D. username="con-*" username="*" Answer: C 20. Which action is optional when adding an authentication realm for use on an Infranet Controller? A. Modify sign-in policy. B. Configure role mapping. C. Assign authentication server. D. Configure authentication policy. Answer: D -> Employee-role -> Contractor-role -> Employee-role -> Contractor-role -> Contractor-role -> Employee-role -> Contractor-role -> Employee-role Stop Stop Stop Stop

www.Prepking.com

 21. You have created a set of three role mapping rules and selected the option to merge settings for all assigned roles. You also selected "stop processing this rule" on the second rule. matches all three rules. Which choice is true? A. This selection is invalid. The system displays an error message in the log. B. The merge option overrides the stop processing option and the user is assigned all three roles. C. The Stop rule prevents any more rule matching after checking the first rule. The permissive merging does not occur. D. The Stop rule prevents any more rule matching after checking the second rule and permissive merge occurs on the first two rules. Answer: D 22. What are three functions of the Infranet Controller? (Choose three.) A. Determines VLAN allocations. B. Verifies compliance with policies. C. Acts as a 802.1X enforcer if needed. D. Enforces Layer 3 policies dynamically. E. Communicates frequently with Odyssey Access Client. Answer: ABE 23. Your company requires that users who authenticate using the Web run an approved Web browser and have current antivirus signatures in order to present their credentials for authentication. If they do not A user logs in that

have current signatures or are running an unauthorized browser, they may not authenticate. What do you configure on the Infranet Controller to implement your company's authentication policy? A. a browser restriction on the user's role and a Host Checker restriction on the user's role B. a browser restriction on the user's realm and a Host Checker restriction on the user's role C. a browser restriction on the user's role and a Host Checker restriction on the user's realm D. a browser restriction on the user's realm and a Host Checker restriction on the user's realm Answer: D 24. What do you lose if you require and enforce Host Checker policies at the realm level? A. the ability to permissively merge roles B. the ability to assign users to more than one role C. the ability to dynamically evaluate user endpoint status D. the ability to assign users to roles based on endpoint status Answer: A 25. On the Infranet Controller Admin UI, how can you dynamically refresh the roles for all signed-in users in the Guest realm only? A. On the System > Status > Active Users page, click the "Refresh Roles" button.

www.Prepking.com

 B. On the Troubleshooting > Commands page, click the "Refresh Users by Realm" button and select Guest. C. On the Users > User Realms > Guest > General page, click the "Refresh Now" button under Dynamic Policy Evaluation D. On the Signing In > Sign-In Policies page, click the "Refresh Now" button next to the user URL that is mapped to the Guest realm. Answer: C 26. Which Infranet Enforcer CLI command shows users that were authenicated using the Infranet Controller? A. get policy id # B. get auth table C. get admin auth table D. set -n infranet policy command "get all" Answer: B 27. Which three are required when defining Sign-in Policies? (Choose three.) A. sign-in URL B. sign-in page C. authorization server D. authentication server E. authentication realm Answer: ABE 28. For which two purposes would RADIUS Attribute Policies be used? (Choose two.) A. to specify against which realm a user authenticates B. to designate with which wireless SSID a user can be associated C. to specify which VLAN an endpoint must use to access the network D. to configure QoS functions on a switch port for a user based on the current user's role Answer: CD 29. Which three options can you configure under User Session Options? (Choose three.) A. Set Idle Time Out value. B. Enable time out reminder. C. Set Max Session Length value. D. Select Roaming session options. E. Configure Persistent Session option. Answer: CDE 30. What are two ways you can set the time on the Infranet Controller and Infranet Enforcer? (Choose two.) A. Use the NTP server.

www.Prepking.com

 B. Use the DNS server. C. Use the SNTP server. D. Get time from browser. Answer: AD 31. Which two Host Checker rule types are available across OS platforms? (Choose two.) A. file B. port C. NetBIOS D. MAC address Answer: AB 32. Which statement is true when pre-configuring the Odyssey Access Client for 802.1X? A. You must use the EAP-PEAP authentication protocol. B. You must select "Require connection to this Infranet Controller". C. You can only select " Configure Wired Adaptor" or "Configure Wireless Adapter". D. You can select either "Configure Wired Apaptor" or "Configure Wireless Adapter". Answer: D 33. Which setting would enable Infranet Enforcer to help with troubleshooting? A. Enable policy trace. B. Enable tracing on the policy. C. Enable logging on the policy. D. Enable tracking on the policy. Answer: C 34. What is a prerequisite when you upgrade an Infranet Controller? A. The license(s) are installed. B. The CA digital certificate is installed. C. The service package is on the host machine. D. The service account at Juniper support is set up. Answer: C 35. When setting up an Infranet Controller as a backup server, which two options would you not want to import? (Choose two.) A. user roles B. digital certificate C. network settings D. authentication servers Answer: BC

www.Prepking.com

 36. If you include the domain administrator name and password when defining an AD/NT authentication server, what does this allow you to do that you could not otherwise do? A. Allows the user to change their password on the AD/NT authentication server. B. Allows the Infranet Controller to change its password on the AD/NT authentication server. C. Allows the user to query the AD/NT authentication for user information for role mapping purposes. D. Allows the Infranet Controller to query the AD/NT authentication server for group information for role mapping purposes. Answer: D 37. Which two actions can an administrator take to determine authentication failure? (Choose two.) A. Review the Events log. B. Review the User Access log. C. Run a policy trace, selecting authentication. D. Run a policy simulation, selecting pre-authentication. Answer: BC 38. Which two methods can be used to archive the Infranet Controller logs? (Choose two.) A. FTP B. SCP C. TFTP D. SFTP Answer: AB 39. Certificates are required to be installed on which components for communication? A. OAC and Infranet Enforcer B. Infranet Controller and OAC C. Infranet Controller and Infranet Enforcer D. OAC, Infranet Controller, and Infranet Enforcer Answer: C 40. What information is required when you create a device certificate for the Infranet Controller? (Choose three.) A. random data B. common name C. company name D. organization name E. contact phone number Answer: ABD 41. What are two access management options provided by the Authentication Policy in an authentication

www.Prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/JN0-140.htm