Exam A
QUESTION 1
When restoring NGX using the upgrade_import command, which of the following items are NOT restored?
A. Security Policies
B. Global properties
C. Licenses
D. User groups
E. Route tables
Correct Answer: E
QUESTION 2
Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN-1 SecureClient users to access company resources. For security reasons, your organization’s Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center, or through the center to other satellites, then to the Internet and other VPN targets
Correct Answer: D
QUESTION 3
Your organization’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How would you request and apply the license? Request a central license:
A. using the remote Gateway’s IP address. Apply the license locally with the cplic put command.
B. for the Gateways’ IP address. Apply the license on the SmartCenter Server with the cprlic put command.
C. using the remote Gateway’s IP address. Attach the license to the remote Gateway via SmartUpdate.
D. using your SmartCenter Server’s IP address. Attach the license to the remote Gateway via SmartUpdate.
E. using the SmartCenter Server’s IP address. Apply the license locally on the remote Gateway with the cplic put command.
Correct Answer: D
QUESTION 4
Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, without stopping the VPN. What is the correct order of steps?
A. 1.Add a new interface on each Gateway. 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers 4.Enable advanced routing on all three Gateways.
B. 1.Add a new interface on each Gateway. 2.Remove the newly added network from the current VPN Domain in each gateway object. 3.Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer”s VTI interface.
C. 1.Add a new interface on each Gateway. 2.Add the newly added network into the existing VPN Domain for each Gateway. 3.Create VTIs on each gateway object, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add a new interface on each Gateway. 2.Add the newly added network into the existing VPN Domain for each gateway object. 3.Create VTIs on each gateway object, to point to the other two peers. 4.Add static routes on three Gateways, to route the new networks to each peer’s VTI interface.
Correct Answer: B
QUESTION 5
Eric wants to see all URLs’ full destination paths in the SmartView Tracker logs, not just the fully qualified domain name of the Web servers. For example, the information filed of a log entry displays the URL http: //hp.msn.com/css/home/hpcl1012.css. How can Eric best customize SmartView Tracker to see the logs he wants? Configure the URI resource, and select:
A. “transparent” as the connection method
B. “tunneling” as the connection method
C. “optimize URL logging”; use the URI resource in the rule, with action “accept”
D. “Enforce URL capability”; use the URI resource in the rule, with action “accept”
Correct Answer: C
QUESTION 6
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen.
What is the problem?
A. Steve must enable directional_match(true) in the objectes_5_0.C file on SmartCenter Server.
B. Steve must enable Advanced Routing on each Security Gateway.
C. Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Steve must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Steve must enable VPN Directional Match on the gateway object??s VPN tab.
Correct Answer: C QUESTION 7
In a Management High Availablility (HA) configuration, you can configure synchronization to occur automatically, when:
1.
The Security Policy is installed.
2.
The Security Policy is saved.
3.
The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.
4.
A scheduled event occurs.
5.
The user database is installed.
Select the BEST response for the synchronization sequence. Choose one.
A. 1,2,3
B. 1,2,3,4
C. 1,3,4
D. 1,2,5
E. 1,2,4
Correct Answer: E
QUESTION 8
After importing the NGX schema into an LDAP server, what should you enable? Schema checking
A. Encryption
B. UserAuthority
C. ConnectControl
D. Secure Internal Communications
Correct Answer: A
QUESTION 9
What is the command to see the licenses of the Security Gateway FWDALLAS from your SmartCenter Server?
A. cprlic print FWDALLAS
B. fw licprint FWDALLAS
C. fw tab -t fwlic FWDALLAS
D. cplic print FWDALLAS
E. fw lic print FWDALLAS
Correct Answer: A
QUESTION 10
How can you unlock an administrator’s account, which was been locked due to SmartCenter Access settings in Global Properties?
A. Type fwm lock_admin -ua from the command line of the SmartCenter Server.
B. Clear the “locked” box of the user’s General Properties in SmartDashboard.
C. Type fwm unlock_admin -ua from the command line of the SmartCenter Server
D. Type fwm unlock_admin -ua from the command line of the Security Gateway.
E. Delete the file admin.lock in the $FWDIR/tmp/directory of the SmartCenter Server.
Correct Answer: A