JNCIS-AC Exam Objectives (Exam: JN0-314)

Overview
Identify the concepts, operation, and functionality of Junos Pulse Access Control Service
Junos Pulse Access Control Service components
Component functions and interaction
Identify the components of the access management framework
Interrelationship between realms, roles and policies

Platform Configuration
Demonstrate knowledge how to configure the basic elements of a Junos Pulse Access Control Service environment
Initial Junos Pulse Access Control Service configuration
Choosing the platform (e.g., virtual or physical)
Configure authentication servers
Connectivity verification

Roles
Identify the concepts, operation and functionality of roles
Purpose of roles
Role mapping
Customization of the end-user experience
Demonstrate knowledge of how to configure roles
Roles and role options

End User Access
Identify the Junos Pulse Access Control Service client access options
Junos Pulse
Odyssey Access Client (OAC)
Machine authentication and third party supplicant
Agentless access
Demonstrate knowledge of how to configure Junos Pulse Access Control Service clients
Junos Pulse
Odyssey Access Client (OAC)
Agentless access

Firewall Enforcement

Identify the concepts, operation and functionality of firewall enforcement
Purpose of resource policies
Resource policies for firewall enforcement
User-based firewall policies
Captive portal
Demonstrate knowledge of how to configure firewall enforcement
Junos Pulse Access Control Service configuration
SRX Series device configuration
User-based firewall policies
Captive portal

Layer 2 Enforcement
Identify the concepts, operation and functionality of Layer 2 enforcement techniques
802.1X security
RADIUS (related to 802.1X)
MAC authentication
Multiple supplicant authentication on EX Series devices
Demonstrate knowledge of how to configure Layer 2 enforcement
Junos Pulse Access Control Service configuration
EX Series device configuration
SRX Series device configuration

Endpoint Defense
Identify the concepts, operation and functionality of endpoint defense
Host Checker
Authentication policies and role restrictions
Demonstrate knowledge of how to configure endpoint defense
Host Checker
Authentication policies and role restrictions

Authentication Options

Identify the concepts, operation and functionality of user authentication
Authentication process
Authentication options
Demonstrate knowledge of how to configure authentication
Authentication servers including LDAP, RADIUS, AD/NT, anonymous
Authentication realms

Management and Troubleshooting

Demonstrate knowledge of how to manage and troubleshoot a Junos Pulse Access Control Service environment, including Junos Pulse Access Control Service and SRX Series devices
Logging (e.g., RADIUS logging, policy tracing)
System Monitoring
File Management
Information collection
Component connectivity
End user connectivity and enforcement

High Availability
Identify the concepts and requirements for high availability in a Junos Pulse Access Control Service environment
Clustering
Deployment options and considerations
Demonstrate knowledge of how to configure high availability
Junos Pulse Access Control Service configuration
SRX Series device configuration

Integration
Identify the concepts and requirements for Junos Pulse Access Control Service integration with other components
Integration with IF-MAP client
Integration with STRM
Integration with SRX Series devices
Integration with EX Series devices
Demonstrate knowledge of how to configure integration
IF-MAP federation
Syslog


QUESTION 1
A customer wants to create a custom Junos Pulse configuration. Which two are required?
(Choose two)

A. Connection set
B. Configuration set
C. Custom installer
D. Component set

Answer: A,D

Explanation:


QUESTION 2
What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?

A. Checkpoint firewall
B. SRX Series device
C. DP sensor
D. MX Series device

Answer: B

Explanation:


QUESTION 3
A customer is trying to decide which 802.1X inner protocol to use on their network. The customer
requires that no passwords be sent across the network in plain text, that the protocol be supported
by the Windows native supplicant, and that the protocol supports password changes at Layer 2.
Which protocol would meet the customer’s needs?

A. EAP-TLS
B. EAP-MD5
C. PAP
D. EAP-MSCHAPv2

Answer: D

Explanation:


QUESTION 4
You navigate to “UAC” > “Infranet Enforcer” > “Auth Table Mapping” in the admin GUI. You see
one policy, which is the unmodified, original default policy.
Which statement is true?

A. Dynamic auth table mapping is not enabled.
B. A successful authentication attempt will result in a new authentication table entry, which will be
delivered only to the Junos enforcer protecting the network from which the user has authenticated.
C. To create a static auth table mapping, you must delete the default policy.
D. The default policy applies only to the factory-default role User.

Answer: A

Explanation:


QUESTION 5
You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate
all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A
remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos
Pulse Secure Access Service provisions a remote access session for that user.
What happens next?

A. The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access
Service for authentication
B. The Junos Pulse Access Control Service provisions enforcement points to enable resource
access for that user.
C. The Junos Pulse Secure Access Service publishes user session and role information to the IFMAP
Federation server,
D. The Junos Pulse Secure Access Service provisions enforcement points to enable resource
access for that user.

Answer: C

Explanation:

 

Click here to view complete Q&A of JN0-314 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-314 Certification, Cisco JN0-314 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]

Leave a Reply

Your email address will not be published. Required fields are marked *