|
I passed with 85%. thanks to certsbraindumps.
|
Question 1.
Which of these is a benefit of an integrated security management system?
A. It provides configuration, monitoring, and troubleshooting capabilities across a wide range of
security products.
B. It leverages existing network management systems such as HP Open View to lower the cost of
implementation.
C. It integrates security management capabilities into the router or switch.
D. It integrates security device management products and collects events on an "as needed"
Basis to reduce management overhead.
E. It provides a single point of contact for all security configuration tasks thereby enhancing the
return on investment.
Answer: A
Question 2.
DRAG DROP
Drop
Answer:
Question 3.
Which service component within the prepare phase recommends the appropriate technology strategy to address a business requirement of the customer?
A. identifying what a customer requires from a proposed solution
B. determining what end-user training a customer requires
C. analyzes the customer's business requirements and recommends the appropriate Cisco
technologies to meet business requirements
D. addressing a customer's physical requirements
Answer: C
Question 4.
What are two important approaches to communicate when identifying a customer's security risks? (Choose two.)
A. Security should be a continuous process.
B. Security solutions should come from multiple vendors to make it easier to coordinate security
events from the point of origin.
C. The designated security expert should report to the IT department, since that is where the
solution will be implemented.
D. Business strategy should directly relate to the security policy and budget.
E. Smaller companies are at less risk than larger enterprises, so their security needs are not as
great.
Answer: A, D
Question 5.
Which of the following best describe the customer benefit of creating a systems acceptance test plan in the design phase?
A. reduce operating costs and limit change-related incidents by providing a consistent and
Efficient set of processes
B. improve the return on investment and hasten migration by identifying and planning for
necessary infrastructure changes and resource additions, as well as reduce deployment costs
by analyzing gaps early in the planning process to determine what is needed to support the
system
C. improve its ability to make sound financial decisions by developing a business case based on
Its business requirements and establishing a basis for developing a technology strategy
D. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases
for use in verifying that the system meets operational, functional, and interface requirements
Answer: D
Question 6.
A Cisco Catalyst switch can belong to how many VTP domains?
A. 2
B. 1 to 4,096
C. 1
D. 1 to 1,005
E. no limit
Answer: C
Question 7.
The Cisco ASA Security Appliance can offer the benefit of integrating which three security services into one device? (Choose three.)
A. PIX firewall
B. VPN Concentrator
C. IPS
D. DDoS Anomaly Guard and Detector
E. CSA MC
F. ACS server
Answer: A, B, C
Question 8.
A customer has deployed a wireless core feature set using autonomous access points and now wants to include a satellite building 4,500 feet away from the main campus. The customer also wants to provide wireless access to a courtyard for wireless clients in close proximity to the antenna mounting position.
Which Cisco Aironet product is the most applicable solution?
A. Cisco Aironet 1000 Series
B. Cisco Aironet 1300 Series
C. Cisco Aironet 1100 Series
D. Cisco Aironet 1400 Series
E. Cisco Aironet 1200 Series
Answer: B
Question 9.
What is one benefit of the Cisco anti-X defense strategy?
A. virtual firewall protection
B. malware, virus, and worm mitigation
C. applications security
D. security events correlation for proactive response
Answer: B
Question 10.
Which two of these statements best describe the benefits of Cisco's wireless IDS functionality? (Choose two.)
A. Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client
traffic and RF monitoring.
B. Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
C. 2.4GHz RF management can monitor both 802.11 and non-802.11 RF interference.
D. APs only monitor the RF channels that are servicing the clients.
E. AirDefense for wireless IDS is required by autonomous APs.
Answer: B, C
|
Question 1. You work as a Network Administrator at ABC.com. You have been asked to deploy Lync Server 2010 as a VOIP telephony and video conferencing solution for the company. Company management is concerned about the possible network load imposed by the VoIP and video conferencing features of Lync Server 2010. To manage the network bandwidth used by the system, you configure Call Admission Control. How can you enable the Call Admission Control feature? A. By running the Set-CsNetworkInterSitePolicy cmdlet. B. By running the Set-CsNetworkConfiguration cmdlet. C. By running the Set-CsCpsConfiguration cmdlet. D. By running the Set-CsVoiceConfiguration cmdlet. Answer: B Explanation: Question 2. You work as a Network Administrator at ABC.com. The company’s communication system is provided by a Lync Server 2010 infrastructure. You have configured a bandwidth policy to limit the network bandwidth used by real-time audio and video sessions. You want to override the policy for the Managing Director of the company. What type of policy should you create first to enable you to override the bandwidth policy for the Managing Director? A. You should first create a Conferencing Policy. B. You should first create a Client Version Policy. C. You should first create a Voice Policy. D. You should first create an External Access Policy. Answer: C Explanation: Question 3. You work as a Network Administrator at ABC.com. You are configuring a new Lync Server 2010 infrastructure. You want the company phone number to be displayed in the format +11112222333 when users on the Public Switched Telephone Network (PSTN) receive calls from users using the Lync Server system. Which cmdlet should you run? A. You should run the Set-CsVoiceConfiguration cmdlet. B. You should run the Set-CsNetworkInterSitePolicy cmdlet. C. You should run the Set-CsVoicePolicy cmdlet. D. You should run the Set-CsLocationPolicy cmdlet. Answer: C Explanation: Question 4. Your work as a Network Administrator at ABC.com includes the management of the Lync Server 2010 infrastructure. The Lync Server 2010 infrastructure includes a Mediation Server pool that includes three servers named ABC-Med1, ABC-Med2 and ABC-Med3. You need to take ABC-Med3 offline for maintenance. Which two of the following steps should you perform to allow you to take ABC-Med3 offline without disconnecting any current calls in progress? A. Navigate to the Lync Server 2010 Topology Builder. B. Navigate to the Lync Server 2010 Control Panel. C. Modify the properties of the Mediation Pool. D. Modify the properties of ABC-Med3. E. Create a new Mediation Pool. Answer: B, D Explanation: Question 5. You work as a Network Administrator at ABC.com. You are in the process of deploying a Lync Server 2010 infrastructure for the company. You have configured dial-in conferencing and verified that it is functioning properly. You now want to notify users about the availability of the feature. The notification should include introductory instructions such as the initial PIN and the link to the Dial-in Conferencing Settings webpage. What is the easiest way to send the notification with the required information to the users? A. Open the Lync Management Shell and run the New-CsAnnouncement cmdlet. B. Open the Lync Management Shell and run the Set-CsPinSendCAWelcomeMail cmdlet. C. Open the Lync Management Shell and run the New-CsConferenceDirectory cmdlet. D. Open the Lync Management Shell and run the New-CsConferencingConfiguration cmdlet. Answer: B Explanation: Question 6. You work as a Network Administrator at ABC.com. You are configuring a new Lync Server 2010 infrastructure to provide Enterprise Voice services. You need to configure the Call Park service. You want to modify the configuration so that if a parked call is not answered within a specified time, the call is forwarded to a Response Group. How can you achieve the required configuration? A. By modifying the Dial Plan using the Lync Server 2010 Control Panel. B. By running the Set-CsCpsConfiguration cmdlet using the Lync Management Shell. C. By modifying the Voice Policy using the Lync Server 2010 Control Panel. D. By running the Set- CsCallParkOrbit cmdlet using the Lync Management Shell. Answer: B Explanation: Question 7. You work as a Network Administrator at ABC.com. You are in the process of deploying a Lync Server 2010 infrastructure for the company. You have configured the Lync Server pool for Enterprise Voice and dial-in conferencing. You are configuring a hardware load balancer to distribute the load between the servers in the pool. Which two of the following ports would you need to configure on the hardware load balancer to load balance the dial-in conferencing function? (Choose two). A. TCP port 5060 B. TCP port 5061 C. TCP port 5072 D. TCP port 5073 E. TCP port 80 F. TCP port 443 Answer: C, D Explanation: Question 8. You work as a Network Administrator at ABC.com. You are configuring a new Lync Server 2010 infrastructure for Enterprise Voice. The company is located in an area with an area code of 234 and a country code of 1. You want to configure Lync Server 2010 so that when a user dials a seven-digit number, it is converted to E.164 format. To this end, you decide to create a normalization rule. You have configured the translation pattern of the normalization rule. What should you do next? A. You should run the Set-CsVoicePolicy cmdlet. B. You should set the translation rule to +1234$1 C. You should set the translation rule to $11234 D. You should create a Conferencing Policy. Answer: B Explanation: Question 9. You work as a Network Administrator at ABC.com. You are configuring a new Lync Server 2010 infrastructure for Enterprise Voice. All ABC.com employees will be enabled for Enterprise Voice. A server named ABC-Lync1 runs Lync Server 2010. A server named ABC-Exch1 runs Microsoft Exchange Server 2010 and hosts a mailbox for every ABC.com employee. You are configuring the environment for Unified Messaging (UM). The voice mail of all employees should be stored in their Exchange mailboxes. You have created a UM dial plan and a UM Auto Attendant. You then enable all mailboxes for UM. Which of the following should be the next step in your configuration? A. You should run the exchucutil.ps1 script on ABC-Exch1. B. You should run OcsUmUtil.exe on ABC-Lync1. C. You should run the Set-CsUserServer cmdlet on ABC-Lync1. D. You should run the ocssendmailps1 script on ABC-Lync1. Answer: A Explanation: Question 10. You work as a Network Administrator at ABC.com. The company’s communication system is provided by a Lync Server 2010 infrastructure. Which function of Lync Server 2010 should you configure to play a custom message when someone calls an unassigned telephone number? A. You should configure a Response Group. B. You should configure an Announcement Service. C. You should configure a Dial Plan. D. You should configure a Conferencing Policy. Answer: B Explanation:
|
Question 1.
Which of the following is NOT a restriction, for partners accessing internal corporate resources through an extranet?
A. Preventing modification of restricted information
B. Using restricted programs, to access databases and other information resources
C. Allowing access from any location
D. Preventing access to any network resource, other than those explicitly permitted
E. Viewing inventory levels for partner products only
Answer: C
Question 2.
Which type of Business Continuity Plan (BCP) test involves practicing aspects of the BCP, without actually interrupting operations or bringing an alternate site on-line?
A. Structured walkthrough
B. Checklist
C. Simulation
D. Full interruption
E. Parallel
Answer: C
Question 3.
Which of the following equations results in the Single Loss Expectancy for an asset?
A. Asset Value x %Of Loss From Realized Exposure
B. Asset Value x % Of Loss From Realized Threat
C. Annualized Rate of Occurrence / Annualized Loss Expectancy
D. Asset Value x %Of Loss From Realized Vulnerability
E. Annualized Rate of Occurrence x Annualized Loss Expectancy
Answer: B
Question 4.
Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
A. Private data must remain internal to an organization.
B. Data must be consistent between ROBO sites and headquarters.
C. Users must be educated about appropriate security policies.
D. Improvised solutions must provide the level of protection required.
E. Data must remain available to all remote offices.
Answer: B
Question 5.
Operating-system fingerprinting uses all of the following, EXCEPT ______, to identify a target operating system.
A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field
Answer: C
Question 6.
Internal intrusions are loosely divided into which categories? (Choose TWO.)
A. Attempts by insiders to perform appropriate acts, on information assets to which they have
been given rights or permissions.
B. Attempts by insiders to access resources, without proper access rights
C. Attempts by insiders to access external resources, without proper access rights.
D. Attempts by insiders to perform inappropriate acts, on external information assets to which
They have been given rights or permissions.
E. Attempts by insiders to perform inappropriate acts, on information assets to which they have
been given rights or permissions.
Answer: B, E
Question 7.
_________ occurs when an individual or process acquires a higher level of privilege. Or access, than originally intended.
A. Security Triad
B. Privilege aggregation
C. Need-to-know
D. Privilege escalation
E. Least privilege
Answer: D
Question 8.
Which encryption algorithm has the highest bit strength?
A. AES
B. Blowfish
C. DES
D. CAST
E. Triple DES
Answer: A
Question 9.
How is bogus information disseminated?
A. Adversaries sort through trash to find information.
B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ
other methods, such as social engineering, to discover the cause of the noise.
C. Adversaries use movement patterns as indicators of activity.
D. Adversaries take advantage of a person's trust and goodwill.
E. Seemingly, unimportant pieces of data may yield enough information to an adversary, for him
to disseminate incorrect information and sound authoritative,
Answer: E
Question 10.
Which type of Business Continuity Plan (BCP) test involves shutting down z on-line, and moving all operations to the alternate site?
A. Parallel
B. Full interruption
C. Checklist
D. Structured walkthrough
E. Simulation
Answer: B
|
Question 1.
Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection?
A. IPS
B. Packet filtering
C. Stateful Inspection
D. Application Intelligence
Answer: C
Explanation:
Question 2.
Which of the following statements about Bridge mode is TRUE?
A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for
Network Address Translation.
B. Assuming a new installation, bridge mode requires changing the existing IP routing of the
network.
C. All ClusterXL modes are supported.
D. A bridge must be configured with a pair of interfaces.
Answer: D
Explanation:
Question 3.
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker
Answer: D
Explanation:
Question 4.
Which of the following statements is TRUE about management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. A management plug-in interacts with a Security Management Server to provide new features
and support for new products.
C. Using a plug-in offers full central management only if special licensing is applied to specific
features of the plug-in.
D. Installing a management plug-in is just like an upgrade process. (It overwrites existing
components.)
Answer: B
Explanation:
Question 5.
UDP packets are delivered if they are _________.
A. A legal response to an allowed request on the inverse UDP ports and IP
B. A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IP
C. Reference in the SAM related Dynamic tables
D. Bypassing the Kernel by the “forwarding layer” of clusterXL
Answer: A
Explanation:
Question 6.
The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model?
A. Session and Network layers
B. Application and Presentation layers
C. Physical and Datalink layers
D. Network and Datalink layers
Answer: D
Explanation:
Question 7.
The customer has a small Check Point installation, which includes one Linux Enterprise 3.0 server working as the SmartConsole, and a second server running Windows 2003 as both Security Management Server and Security Gateway. This is an example of a(n):
A. Stand-Alone Installation
B. Distributed Installation
C. Hybrid Installation
D. Unsupported configuration
Answer: D
Explanation:
Question 8.
The customer has a small Check Point installation which includes one Windows 2003 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. This is an example of a(n):
A. Unsupported configuration.
B. Hybrid Installation.
C. Distributed Installation.
D. Stand-Alone Installation.
Answer: D
Explanation:
Question 9.
The customer has a small Check Point installation which includes one Windows XP workstation as the SmartConsole, one Solaris server working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Stand-Alone Installation.
B. Unsupported configuration
C. Distributed Installation.
D. Hybrid Installation.
Answer: C
Explanation:
Question 10.
The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Hybrid Installation.
B. Unsupported configuration.
C. Distributed Installation.
D. Stand-Alone Installation.
Answer: C
Explanation:
|
Question 1.
Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection?
A. IPS
B. Packet filtering
C. Stateful Inspection
D. Application Intelligence
Answer: C
Explanation:
Question 2.
Which of the following statements about Bridge mode is TRUE?
A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for
Network Address Translation.
B. Assuming a new installation, bridge mode requires changing the existing IP routing of the
network.
C. All ClusterXL modes are supported.
D. A bridge must be configured with a pair of interfaces.
Answer: D
Explanation:
Question 3.
Which SmartConsole component can Administrators use to track remote administrative activities?
A. WebUI
B. Eventia Reporter
C. SmartView Monitor
D. SmartView Tracker
Answer: D
Explanation:
Question 4.
Which of the following statements is TRUE about management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. A management plug-in interacts with a Security Management Server to provide new features
and support for new products.
C. Using a plug-in offers full central management only if special licensing is applied to specific
features of the plug-in.
D. Installing a management plug-in is just like an upgrade process. (It overwrites existing
components.)
Answer: B
Explanation:
Question 5.
UDP packets are delivered if they are _________.
A. A legal response to an allowed request on the inverse UDP ports and IP
B. A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IP
C. Reference in the SAM related Dynamic tables
D. Bypassing the Kernel by the “forwarding layer” of clusterXL
Answer: A
Explanation:
Question 6.
The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model?
A. Session and Network layers
B. Application and Presentation layers
C. Physical and Datalink layers
D. Network and Datalink layers
Answer: D
Explanation:
Question 7.
The customer has a small Check Point installation, which includes one Linux Enterprise 3.0 server working as the SmartConsole, and a second server running Windows 2003 as both Security Management Server running Windows 2003 as both Security Management Server and Security Gateway. This is an example of a(n).
A. Stand-Alone Installation
B. Distributed Installation
C. Hybrid Installation
D. Unsupported configuration
Answer: D
Explanation:
Question 8.
The customer has a small Check Point installation which includes one Windows 2003 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. This is an example of a(n):
A. Unsupported configuration.
B. Hybrid Installation.
C. Distributed Installation.
D. Stand-Alone Installation.
Answer: D
Explanation:
Question 9.
The customer has a small Check Point installation which includes one Windows XP workstation as the SmartConsole, one Solaris server working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Stand-Alone Installation.
B. Unsupported configuration
C. Distributed Installation.
D. Hybrid Installation.
Answer: C
Explanation:
Question 10.
The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Hybrid Installation.
B. Unsupported configuration.
C. Distributed Installation.
D. Stand-Alone Installation.
Answer: C
Explanation:
|
Question 1.
The following is cphaprob state command output from a ClusterXL New mode High Availability member When member 192.168.1.2 fails over and restarts, which member will become active?
A. 192.168.1.2
B. 192.168.1 1
C. Both members' state will be standby
D. Both members' state will be active
Answer: B
Question 2.
What is the command to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 SmartCenter Server to VPN-1 NGX using a CD?
A. cd patch add
B. fwm upgrade_tool
C. cppkg add
D. patch add
E. patch add cd
Answer: E
Question 3.
You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX.
What is the correct procedure?
A. 1. Synchronize the two SmartCenter Servers.
2. Upgrade the secondary SmartCenter Server.
3. Upgrade the primary SmartCenter Server.
4. Configure both SmartCenter Server host objects version to VPN-1 NGX.
5. Synchronize the Servers again.
B. 1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Upgrade the secondary SmartCenter Server.
4. Configure both SmartCenter Server host objects to version VPN-1 NGX.
5. Synchronize the Servers again.
C. 1. Perform an advanced upgrade on the primary SmartCenter Server.
2. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
3. Synchronize the primary with the secondary SmartCenter Server.
4. Upgrade the secondary SmartCenter Server.
5. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
6. Synchronize the Servers again.
D. 1. Synchronize the two SmartCenter Servers.
2. Perform an advanced upgrade on the primary SmartCenter Server.
3. Configure the primary SmartCenter Server host object to version VPN-1 NGX.
4. Synchronize the two Servers again.
5. Upgrade the secondary SmartCenter Server.
6. Configure the secondary SmartCenter Server host object to version VPN-1 NGX.
7. Synchronize the Servers again.
Answer: B
Question 4.
Your primary SmartCenter Server is installed on a SecurePlatform Pro machine, which is also a VPN-1 Pro Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server, without making any changes to the existing primary SmartCenter Server? (Changes can include uninstalling and reinstalling.)
A. You cannot configure Management HA, when either the primary or secondary SmartCenter
Server is running on a VPN-1 Pro Gateway.
B. The new machine cannot be installed as the Internal Certificate Authority on its own.
C. The secondary Server cannot be installed on a SecurePlatform Pro machine alone.
D. Install the secondary Server on the spare machine. Add the new machine to the same network
as the primary Server.
Answer: A
Question 5.
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations:
Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 256 MB, Security Gateway version: VPN-1 NGX
Cluster Member 2: OS: SecurePlatform, NICs: four Intel 3Com, memory: 512 MB, Security Gateway version: VPN-1 NGX
Cluster Member 3: OS: SecurePlatform, NICs: four other manufacturers, memory: 128 MB, Security Gateway version: VPN-1 NGX
SmartCenter Pro Server: MS Windows Server 2003, NIC: Intel NIC (one), Security Gateway and primary SmartCenter Server installed version: VPN-1 NGX
Are these machines correctly configured for a ClusterXL deployment?
A. No, the SmartCenter Pro Server is not using the same operating system as the cluster
members.
B. Yes, these machines are configured correctly for a ClusterXL deployment.
C. No, Cluster Member 3 does not have the required memory.
D. No, the SmartCenter Pro Server has only one NIC.
Answer: B
Question 6.
You set up a mesh VPN Community, so your internal networks can access your partner's network, and vice versa. Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All other traffic among your internal and partner networks is sent in clear text.
How do you configure the VPN Community?
A. Disable "accept all encrypted traffic", and put FTP and HTTP in the Excluded services in the
Community object. Add a rule in the Security Policy for services FTP and http, with the
Community object in the VPN field.
B. Disable "accept all encrypted traffic" in the Community, and add FTP and HTTP services to the
Security Policy, with that Community object in the VPN field.
C. Enable "accept all encrypted traffic", but put FTP and HTTP in the Excluded services in the
Community. Add a rule in the Security Policy, with services FTP and http, and the Community
object in the VPN field.
D. Put FTP and HTTP in the Excluded services in the Community object. Then add a rule in the
Security Policy to allow Any as the service, with the Community object in the VPN field.
Answer: B
Question 7.
How does a standby SmartCenter Server receive logs from all Security Gateways, when an active SmartCenter Server fails over?
A. The remote Gateways must set up SIC with the secondary SmartCenter Server, for logging.
B. Establish Secure Internal Communications (SIC) between the primary and secondary Servers.
The secondary Server can then receive logs from the Gateways, when the active Server fails
over.
C. On the Log Servers screen (from the Logs and Masters tree on the gateway object's General
Properties screen), add the secondary SmartCenter Server object as the additional log server.
Reinstall the Security Policy.
D. Create a Check Point host object to represent the standby SmartCenter Server. Then select
"Secondary SmartCenter Server" and Log Server", from the list of Check Point Products on the
General properties screen.
E. The secondary Server's host name and IP address must be added to the Masters file, on the
remote Gateways.
Answer: C
Question 8.
You want only RAS signals to pass through H.323 Gatekeeper and other H.323 protocols, passing directly between end points.
Which routing mode in the VoIP Domain Gatekeeper do you select?
A. Direct
B. Direct and Call Setup
C. Call Setup
D. Call Setup and Call Control
Answer: A
Question 9.
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenterServer
C. SmartLSM
D. Policy Server
E. Security Gateway
Answer: B
Question 10.
You are configuring the VoIP Domain object for a Skinny Client Control Protocol (SCCP) environment protected by VPN-1 NGX.
Which VoIP Domain object type can you use?
A. CallManager
B. Gatekeeper
C. Gateway
D. Proxy
E. Transmission Router
Answer: A
|
Question 1.
You need to publish SecurePlatform routes using the ospf routing protocol.
What is the correct command structure, once entering the route command, to implement ospf successfully?
A. Run cpconfig utility to enable ospf routing
B. ip route ospf
ospf network1
ospf network2
C. Enable
Configure terminal
Router ospf [id]
Network [network] [wildmask] area [id]
D. Use DBedit utility to either the objects_5_0.c file
Answer: C
Explanation:
Question 2.
Control connections between the Security Management Server and the Gateway are not encrypted by the VPN Community.
How are these connections secured?
A. They are encrypted and authenticated using SIC.
B. They are not encrypted, but are authenticated by the Gateway
C. They are secured by PPTP
D. They are not secured.
Answer: D
Explanation:
Question 3.
How does a cluster member take over the VIP after a failover event?
A. Ping the sync interface
B. if list -renew
C. Broadcast storm
D. Gratuitous ARP
Answer: D
Explanation:
Question 4.
You want to verify that your Check Point cluster is working correctly.
Which command line tool can you use?
A. cphaconf state
B. cphaprob state
C. cphainfo-s
D. cphastart -status
Answer: B
Explanation:
Question 5.
________is a proprietary Check Point protocol. it is the basis for Check Point ClusterXL intermodule communication.
A. RDP
B. CCP
C. CKPP
D. HA OPCODE
Answer: B
Explanation:
Question 6.
John is configuring a new R71 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties:
What's happening?
A. John is not using third party hardware as IP Clustering is part of Check Point's IP Appliance
B .Third Party Clustering is not available for R71 Security Gateways.
B. ClusterXL needs to be unselected to permit 3rd party clustering configuration.
C. John has an invalid ClusterXL license.
Answer: C
Explanation:
Question 7.
You are MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over cable).
Which of the following commands is the best for testing the connectivity of the crossover cable?
A. telnet
B. arping
C. ifconfig –a
D. Ping
Answer: B
Explanation:
Question 8.
Organizations are sometimes faced with the need to locate cluster members in different geographic locations that are distant from each other. A typical example is replicated data centers whose location is widely separated for disaster recovery purposes.
What are the restrictions of this solution?
A. There are no restrictions.
B. There is one restriction: The synchronization network must guarantee no more than 150 ms
latency (ITU Standard G.114).
C. There is one restriction: The synchronization network must guarantee no more than 100 ms
latency.
D. There are two restrictions: 1. The synchronization network must guarantee no more than
100ms latency and no more than 5% packet loss. 2. The synchronization network may only
include switches and hubs.
Answer: D
Explanation:
Question 9.
You are establishing a ClusterXL environment, with the following topology:
External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16 10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3.
What is the problem with this configuration?
A. There is an IP address conflict
B. The Security Management Server must be in the dedicated synchronization network, not the
internal network.
C. The Cluster interface names must be identical across all cluster members.
D. Cluster members cannot use the VLAN switch. They must use hubs.
Answer: B
Explanation:
Question 10.
Refer to Exhibit:
Match the ClusterXL Modes with their configurations
A. A-3, B-2, C-1, D-4
B. A-3, B-2, C-4, D-1
C. A-2, B-3, C-4, D-1
D. A-2, B-3, C-1, D-4
Answer: C
Explanation:
|
Question 1. Control connections between the Security Management Server and the Gateway are not encrypted by the VPN Community. How are these connections secured? A. They are encrypted and authenticated using SIC. B. They are not encrypted, but are authenticated by the Gateway C. They are secured by PPTP D. They are not secured. Answer: D Explanation: Question 2. If Bob wanted to create a Management High Availability configuration, what is the minimum number of Security Management servers required in order to achieve his goal? A. Three B. Two C. Four D. One Answer: D Explanation: Question 3. David wants to manage hundreds of gateways using a central management tool. What tool would David use to accomplish his goal? A. SmartProvisioning B. SmartBlade C. SmartDashboard D. SmartLSM Answer: B Explanation: Question 4. From the following output of cphaprob state, which ClusterXL mode is this? A. New mode B. Multicast mode C. Legacy mode D. Unicast mode Answer: D Explanation: Question 5. Which of the following is NOT a feature of ClusterXL? A. Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway) B. Transparent failover in case of device failures C. Zero downtime for mission-critical environments with State Synchronization D. Transparent upgrades Answer: C Explanation: Question 6. In which case is a Sticky Decision Function relevant? A. Load Sharing - Unicast B. Load Balancing - Forward C. High Availability D. Load Sharing - Multicast Answer: C Explanation: Question 7. You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic? A. 80% B. 40% C. 100% D. 50% Answer: D Explanation: Question 8. You have pushed a policy to your firewall and you are not able to access the firewall. What command will allow you to remove the current policy from the machine? A. fw purge policy B. fw fetch policy C. fw purge active D. fw unloadlocal Answer: A Explanation: Question 9. How do you verify the Check Point kernel running on a firewall? A. fw ctl get kernel B. fw ctl pstat C. fw kernel D. fw ver -k Answer: B Explanation: Question 10. The process ________________ compiles $FWDIR/conf/*.W files into machine language. A. fw gen B. cpd C. fwd D. fwm Answer: A Explanation:
|
Question 1.
Which operating system listed supports running a Multi-Domain Management with Provider-1 MDS, but has a limitation in the number of virtual IP addresses which can be assigned to a given interface?
A. Red Hat Enterprise Linux
B. Windows 2003 Server
C. SecurePlatform
D. Solaris
Answer: D
Explanation:
Question 2.
Which of the following systems would meet the MINIMUM requirements for an MDS?
A. SecurePlatform, 10 GB hard drive
B. SecurePlatform, 2-GB hard drive, 8 MB memory
C. Solaris 9, 4-GB hard drive, 1 GB memory
D. Linux RHEL 5, 2.4 kernel, 4-GB hard drive, 4-GB memory
Answer: A
Explanation:
Question 3.
Which of the following are valid reasons for using Multi-Domain Management with Provider-1 instead of Management Servers?
A. 3 and 4
B. 2 and 3
C. 1 and 3
D. 1 and 4
Answer: D
Explanation:
Question 4.
A Multi-Domain Management with Provider-1 MDS is supported on which of the following platforms?
A. 1, 2, and 3
B. 2 and 3
C. 1 and 2
D. 1, 2, and 4
Answer: C
Explanation:
Question 5.
Which of the following statements is TRUE about Multi-Domain Management with Provider-1?
A. Provider-1 encrypts all traffic among modules - so no firewall is necessary to protect the
Provider-1 system.
B. The MDS Manager has a built-in firewall for the Provider-1 system, protecting the MDS
Containers.
C. The added security of a firewall to protect the Provider-1 system is difficult to implement, and is
not recommended.
D. A separately managed Security Gateway is recommended to protect the Provider-1
environment.
Answer: D
Explanation:
Question 6.
On which SecurePlatform kernel version is Multi-Domain Management with Provider-1 R71 built?
A. 2.4.18
B. 2.6.18-92
C. 2.4.21-21
D. RHEL 3
Answer: B
Explanation:
Question 7.
What is the name for the interface connecting CMA Virtual IPs?
A. Leading VIP Interface
B. VIP Lounge Interface
C. Main External Interface
Answer: A
Explanation:
Question 8.
Communication between the MDG and the MDS is secured in what way?
A. IKE encryption using shared secret
B. Configurable third-party authentication mechanism
C. Username and Password authentication
D. SSL initiated using SIC certificate exchange
Answer: D
Explanation:
Question 9.
All of the following can be configured on a Multi-Domain Management with Provider-1 MDS, EXCEPT:
A. Analyze logs
B. Firewall Module
C. Firewall Manager
D. Customer Logging Module
Answer: B
Explanation:
Question 10.
When does a SIC certificate expire for CMA/MDS?
A. After 3 years
B. After 5 years
C. The interval is configurable.
D. After 1 year
Answer: B
Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.