Exam Name: FWV, Specialist (JNCIS-FWV)
Exam Type: Juniper
Exam Code: JN0-531 Total Questions 145
Question: 1
Which two statements are correct regarding NHTB? (Choose two.)
A. The NHTB table can be viewed with the command get nhtb.
B. The NHTB table can be viewed with the command get interface <tunnel interface>.
C. The NHTB table can be viewed with the command get interface <physical interface>.
D. NHTB is enabled automatically when multiple VPNs are bound to a single tunnel interface.
Answer: B, D
Question: 2
m
Click the Exhibit button.
In the exhibit, the hub and spoke VPN uses route-based VPNs and has intra-zone blocking
enabled on the Evil zone.
o
What is the minimum number of policy rules required to establish full, bi-directional
.c
communications between all locations?
ne
gi
en
x am
fe
A. 3
B. 4
el
C. 6
D. 7
.s
Answer: D
w
Question: 3
Which two OSPF parameters are protocol-level parameters? (Choose two.)
w
A. cost
w
B. priority
C. neighbor list
D. summarization
E. advertise default route
Answer: D, E
Question: 4
You create three policies that will send traffic through an interface configured for 1.544 Mbps. All
policies are configured to have 256 Kbps guaranteed bandwidth and 512 Kbps of maximum
bandwidth. Each policy has been assigned the following priorities:
Page 1 of 46

Exam Name: FWV, Specialist (JNCIS-FWV)
Exam Type: Juniper
Exam Code: JN0-531 Total Questions 145
Policy 1 = priority 4
Policy 2 = priority 5
Policy 3 = priority 3
Each policy receives a constant stream of 1 Mbps.
How much bandwidth will be available for Policy 2?
A. 256 Kbps
B. 512 Kbps
C. 1.544 Mbps
D. 1 Mbps
m
Answer: B
o
Question: 5
.c
Which command is used to verify that IGMP is running correctly?
A. get route igmp
ne
B. get igmp query
C. set igmp query interface e0/1
D. exec igmp interface e0/1 query
gi
Answer: D
en
Question: 6
Click the Exhibit button.
am
In the exhibit, what would correct the proxy-ID mismatch?
x
fe
el
.s
w
w
w
A. The 10.1.0.0 address book entry on the initiator needs to be changed to a 32 bit mask.
B. The 10.50.0.0 address book entry on the initiator needs to be changed to a 30 bit mask.
C. The 10.50.0.0 address book entry on the responder needs to be changed to a 24 bit mask.
D. The 10.50.0.0 address book entry on the responder needs to be changed to a 32 bit mask.
Answer: C
Question: 7
Page 2 of 46

Exam Name: FWV, Specialist (JNCIS-FWV)
Exam Type: Juniper
Exam Code: JN0-531 Total Questions 145
You have entered the following BGP configuration:
set vrouter trust-vr bgp 65530
set vrouter trust-vr bgp enable
set vrouter trust-vr protocol bgp neighbor 1.1.1.250
remote-as 65500
set vrouter trust-vr protocol bgp neighbor 1.2.3.250
remote-as 65280
BGP is not working. What two elements are missing from your configuration? (Choose two.)
m
A. You have not enabled the BGP peers.
B. You have not enabled EBGP multihop.
C. You have not placed the peers in a BGP peer group.
o
D. You have not enabled BGP on the interfaces connecting to the peers.
.c
Answer: A, D
ne
Question: 8
Click the Exhibit button.
In the exhibit, the hub and spoke VPN uses route-based VPNs. What is the minimum number of
gi
policy rules required to establish full, bi-directional communications between all locations?
en
x am
fe
el
.s
w
A. 0
B. 3
w
C. 4
D. 6
w
Answer: A
Question: 9
Which three events would cause ScreenOS devices to generate SNMP traps?
(Choose three.)
A. cold starts
B. traffic alarms
C. warm reboots
D. self log events
E. traffic log events
Page 3 of 46

Exam Name: FWV, Specialist (JNCIS-FWV)
Exam Type: Juniper
Exam Code: JN0-531 Total Questions 145
Answer: A, B, C
Question: 10
Review the exhibit.
Which two of the following elements must be configured on the ScreenOS device in order to
support PIM-SM? (Choose two)
o m
.c
ne
A. A multicast control policy
B. A bootstrap router process
gi
C. A unicast routing protocol
D. A static RP
en
Answer: A, C
am
Question: 11
Which two are valid actions for policy-based routing? (Choose two.)
A. next hop only
x
B. next interface only
C. next hop gateway only
fe
D. next hop virtual router only
el
Answer: A, B
Question: 12
.s
Review the exhibit.
Based on the exhibit, what is wrong with this OSPF configuration?
w
w
w
A. No DR has been selected.
B. OSPF hellos are going to the wrong OSPF multicast address.
Page 4 of 46

Exam Name: FWV, Specialist (JNCIS-FWV)
Exam Type: Juniper
Exam Code: JN0-531 Total Questions 145
C. The interface is assigned to a different area than the peer device.
D. The hello interval on our device does not match the neighbor device.
Answer: D
Question: 13
Which two statements are correct when manage-ip and manager-ip settings are configured
properly? (Choose two.)
A. manager-ip is configured for each zone.
B. manage-ip limits who can manage a ScreenOS device.
m
C. manager-ip limits who can manage a ScreenOS device.
D. manage-ip is never published nor used as a source address.
E. manage-ip changes the address used for packets sourced by the device.
o
.c
Answer: C, D
Question: 14
ne
You create a policy-based VPN, and select an address group for the source address. What will
be the source component of the proxy-id seen by the remote security gateway?
gi
A. the default 0.0.0.0/0
B. the last member of the address group
en
C. the first member of the address group
D. the subnet that contains all addresses in the address group
am
Answer: A
Question: 15
What should you configure to insure an HA cable failure does not result in both devices
x
attempting to become master?
fe
A. failover count
B. secondary path
el
C. monitor threshold
D. heartbeat threshold
.s
Answer: B
w
Question: 16
Click the Exhibit button.
w
You have configured your device with a tunnel interface in the untrust zone, and your protected
resources in the trust zone. The remote gateway is defined using an FQDN. The tunnel went
w
down and has not reestablished. Based on the exhibit, what are two reasons why the tunnel is
failing to reestablish? (Choose two.)
Page 5 of 46