Author Topic: New question everyday ? You can learn NetScreen architecture  (Read 20679 times)

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« on: October 20, 2004, 05:53:35 am »
Hi All,

I am planning to put 1 question everyday (exclude weekends .. Thursday+ Friday in Saudi Arabia) in this topic as a brain dump with reference to Boson Juniper Test series and Certificate practise test from VUE for NetScreen. These are free practise test series so nobody should have any issue...  8)

You may learn a lot with these...

Today's question:

You are creating a VPN b/w two netscreen devices. On the local device, you create a local address book entry with the command: "set address trust 10.0.0.4/24 10.0.0.5/32" while on the remote device you create an address book entry with the following command "set address untrust 10.0.0.5/32 10.0.0.5/32" if everything else is configured properly, will the VPN b/w two devices work?

Yes or No.

Vote for the topic through post if you want it to continue.

Thanks,
Naveen Dhar.  :idea:
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Florent

  • Atomic Playboy
  • *******
  • Posts: 1089
  • Karma: +0/-0
    • View Profile
    • http://www.netsc.ch
New question everyday ? You can learn NetScreen architecture
« Reply #1 on: October 22, 2004, 01:56:58 am »
Hey Naveen it's a nice initiative ...

Why not using the poll for such question ?
This one is funnier when you have to answer when looking at the WUI ;)
FlO
__ www.netsc.ch __

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #2 on: October 23, 2004, 12:59:59 am »
Thanks Florent.. Even i thought of a voting poll but when i was posting article, i found no option of Poll whereas i get Poll option in VPN section.

If you or Signal15 can enable it, then it would be even better.  

Today's Question:
How Many authentication Servers can be defined on the NetScreen device?

1. 10 including local database.
2. 12 including local database.
3. 10 excluding local database.
4. 12 excluding local database.  


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #3 on: October 24, 2004, 01:33:13 am »
Today's Question :

Which of the following two are not allowed in intra-zone policies:
1. Interface level NAT
2. Policy based NAT
3. VPN tunnels
4. MIP's
5. Destination NAT


Thanks,
Naveen Dhar.  :wink:
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #4 on: October 26, 2004, 02:31:13 am »
Sorry i forgot posting Question yesterday...

Yesterday's Question:What are the Maximum Entries per Multi-Cell?

Answeres:
a.  1
                b.  4
                c.  8
                d. 16
                e. 32


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #5 on: October 26, 2004, 02:33:28 am »
Today's Question: A Bridge will _________ a frame of the destination MAC Address that is not a part of the known MAC address?

1. Block
2. Learn
3.Forward
4. Flood
5. Filter


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #6 on: October 27, 2004, 12:47:53 am »
Today's Question:
Which are the two components required for NetScreen Deep Inspection implementation?
1. Service book group Entries
2.Address Book group Entries
3. Policy Statements
4. IDP Action statement
5. Signature Database


Thanks,
Naveen Dhar.   8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

gr33ndata

  • Sr. Member
  • ****
  • Posts: 366
  • Karma: +0/-0
    • View Profile
    • http://www.geocities.com/tarekamr20
New question everyday ? You can learn NetScreen architecture
« Reply #7 on: October 29, 2004, 07:12:22 am »
Hi Nav
That's a very nice idea, thank you.
Why don't you put the answer for each question the following day?
Also, shall we put our answers here?
Gr33nData, or you may call me NetScream
JNCIS-FWV, and JNCIA-IDP
http://gr33ndata.blogspot.com/

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #8 on: October 30, 2004, 12:52:03 am »
Hi Tarek,

Happy Ramadan and thanks for the appreciation.
About the questionaire, i don't wish to provide Spoon feeding on NetScreen, let the audience strive hard. If anyone wants to discuss the topic with me, he is most welcome. let them feel that only questions similar to this are seen in Certification also as the standard of questioning is not that much tough. It's just basic concept in JNCIA Exam.

Thanks,
Naveen Dhar. 8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #9 on: October 30, 2004, 01:21:47 am »
Today's Question:
I have created a VIP same as Untrust on 5GT for my Webserver on  NetScreen, If policy, VIP definition and routing is perfect, then what can be the reason that i am not able to receive any HTTP request on my WebServer ?
1. VIP for port 80 is not supported.
2. A custom Service for HTTP traffic is needed.
3. VIP same as Untrust is not supported on 5GT.
4. Change the management port for WEBUI from 80 to 8080.


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #10 on: October 31, 2004, 01:26:03 am »
Today's Question: If you wanted to perform Source NAT when in route mode; what could you configure to perform this? ( Choose 2)
1. Nothing NAT happens by default
2. Policy based NAT
3. Interface based NAT
4.You can not perform NAT when in Route mode.
5. DIP


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #11 on: November 01, 2004, 03:11:05 am »
Today's Question: Your VPN is failing during Phase1 communication. You want to view the log messages for finding the fault. So what process has to be followed for troubleshooting???

1. Rebuild the remote NetScreen VPN configuration again.
2. Run debug on the local NetScreen to view the error output on the log.
3. Configure the peer-id on your local ike gateway.
4. View the event log of destination Gateway NetScreen for finding misconfiguration.


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #12 on: November 03, 2004, 01:05:46 am »
I was down in fever yesterday so couldn't paste question yesterday.

Yesterday's Question:What can be taken as Source in Global policy?
1. Any
2. VIP
3. MIP
4. Both MIP and VIP
5. All addresses defined in Global zone


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #13 on: November 03, 2004, 01:12:30 am »
Today's question:Which 2 of mentioned 5 conditions is true for NAT-Dst?
1. A route has to be added for the Public IP on which NAT-Dst has to be performed.
2. No route is needed.
3. Route is automatically created when you check NAT-Dst in policy.
4. Address book entry of NAT-Dst Public IP is compulsory needed in Source zone of policy.

5. Address book entry of NAT-Dst Public IP is compulsory needed in Destination zone of policy.

Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #14 on: November 07, 2004, 01:47:36 am »
Ok Yesterday's question... : Why i am getting fever again and again in Riyadh...  :lol:  that's not the question.

Question:what of the following two modes does IPSEC operate ?
1. Transparent mode
2.Transport mode
3.Tunnel mode
4. ISAKMP mode
5. CRYPTO mode
6. Encryption/decryption mode
7. VPN mode


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #15 on: November 07, 2004, 01:50:12 am »
Today's Question : What are the type of admin users?
1. Global user
2.Active user
3. Read only user
4. Passive user
4. Read-write user
5.Domain User
6. Root user


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #16 on: November 08, 2004, 12:03:40 am »
Today's Question:When defining ICMP services which of the following must you have?
1. Type
2. Code
3. Port
4. Position
5. Area


Thanks,
Naveen Dhar.  8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

Naveen Dhar

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +0/-0
    • View Profile
New question everyday ? You can learn NetScreen architecture
« Reply #17 on: November 09, 2004, 01:35:10 am »
Today's question:  When creating a policy which of the following are mandatory?
1. Zones
2 Addresses
3. Services
4. Counting
5. Logging
6. Deep Inspection
7. AV
8. Schedule


Ok friends i will be on leave/Out of Office from 10 to 19 Nov. so there is very less chance of me coming on Internet for the Forum... So see you all on 19 Nov.  
Have a Happy Ramadan and Eid Mubarak.

Thanks,
Naveen Dhar.   8)
Thanks & Regards,
Naveen Dhar
RSA Secure-ID CSE, JNCIA-JUNOS,
JNCIA-IDP, JNCIS-SEC, JNCIP-SEC
HIC Network Security Solutions LLC
New York City -  www.hicnetworks.com

MikeTsai

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
What is per Multi-Cell ?
« Reply #18 on: January 04, 2005, 12:57:05 am »
Quote from: naveen_dharbhardwaj
Sorry i forgot posting Question yesterday...

Yesterday's Question:What are the Maximum Entries per Multi-Cell?

Answeres:
a.  1
                b.  4
                c.  8
                d. 16
                e. 32


Thanks,
Naveen Dhar.  8)

gr33ndata

  • Sr. Member
  • ****
  • Posts: 366
  • Karma: +0/-0
    • View Profile
    • http://www.geocities.com/tarekamr20
New question everyday ? You can learn NetScreen architecture
« Reply #19 on: January 04, 2005, 05:58:33 am »
Welcome Back
Gr33nData, or you may call me NetScream
JNCIS-FWV, and JNCIA-IDP
http://gr33ndata.blogspot.com/