Which three statements are true about Host Checker? (Choose three.)
A. Host Checker can collect information for use with MAC authentication.
B. Host Checker can modify a role assignment immediately if a policy fails.
C. Host Checker can be invoked before a user is allowed to sign in to the Infranet Controller.
D. The Host Checker Integrity Measurement Verifier (IMV) works only with Odyssey Access Client.
E. The Host Checker Integrity Measurement Collector (IMC) can run on Windows, Mac, and Linux systems.
Answer: B C E
Which statement is accurate about the integrated Odyssey Access Client agent?
A. The agent is installed by the Layer 2 enforcer.
B. The agent is installed by the overlay enforcer.
C. The agent is installed by the Infranet Controller.
D. The agent communicates with the overlay enforcer in agentless mode.
What are two elements of Juniper Networks Access Management Framework? (Choose two.)
A. user account
B. sign-in policy
C. role access policy
D. authentication realm
Answer: B D
Which three devices are elements described in the 802.1X specification? (Choose three.)
B. access point
D. endpoint client
E. authentication server
Answer: A C E
Which two actions are required to configure an overlay enforcer to communicate with an Infranet Controller? (Choose two.)
A. Enable SSH.
B. Configure DNS.
C. Enable route mode.
D. Set certificate validation options.
Answer: A D
What happens when Host Checker is configured to perform checks every "0" minutes?
A. Host Checker is disabled.
B. Host Checker performs continuous checks.
C. Host Checker performs checks only when the user first logs in.
D. Host Checker performs checks when the user attempts to access a resource.
What is the primary purpose of creating a location group?
A. to associate more than one realm with an authentication server
B. to logically group network access devices and associate them with specific sign-in policies
C. to allow or prevent users from accessing resources in specific locations on the network
D. to define the URL that users of network access devices can use to access the Infranet Controller
If you include the domain administrator name and password when defining an AD/NT authentication server, what does this allow you to do?
A. Allows the user to change their password on the AD/NT authentication server.
B. Allows the Infranet Controller to change its password on the AD/NT authentication server.
C. Allows the user to query the AD/NT authentication for user information for role mapping purposes.
D. Allows the Infranet Controller to query the AD/NT authentication server for group information for role mapping purposes.
One of your users cannot access a protected resource. When you examine the output of debug auth infranet on the overlay enforcer, you see the following output:
## 2008-07-10 21:01:06 : notify drop: 10.4.2.5
## 2008-07-10 21:01:20 : update_jps_a_b: auth_id 3, src_ip 10.4.2.5, user bob ## 2008-07-10 21:01:20 : : roles 1213902732.796213.0, role-names Employee , user ctx ,idle_timeout 0
## 2008-07-10 21:01:20 : AUTHID: 1 NOT FOUND
What can you deduce from this output?
A. The end user has not authenticated to the Infranet Controller.
B. The Infrnaet Controller has not relayed the resource access policy to the enforcer.
C. The Infranet Controller has not relayed the user authentication data to the enforcer.
D. The end user has not been assigned the role associated with the resource access policy protecting the resource.
What are two ScreenOS commands you can run on the overlay enforcer to troubleshoot communication with the Infranet Controller? (Choose two.)
A. get event
B. get controller status
C. get auth table infranet
D. exec infranet controller connect
Answer: A D
Passing your Juniper JN0-141 Exam by using the latest Juniper JN0-141 Exam Dump Full Version: http://www.braindump2go.com/jn0-141.html