Which certificate can be used to ensure that traffic coming from a specific server remains encrypted?
A. Forward entrust
B. SSL inbound inspection
C. Forward trust
D. SSL exclude certificate
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A client chooses to not block uncategorized websites.
Which two additions should be made to help provide some protection? (Choose two.)
A. A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access
B. A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites
C. A security policy rule using only known URL categories with the action set to allow
D. A file blocking profile to security policy rules that allow uncategorized websites to help reduce the risk of drive by downloads
正解:A,C
質問 3:
Which design objective could be satisfied by vsys functionality?
A. Administrative separation of firewall policies used by different departments in company
B. Provide same-device high availability functionality for different departments in a company
C. Separation of routing tables used by different departments in company
D. Allocate firewall hardware resources to different departments in a company
正解:A
質問 4:
How do Highly Suspicious artifacts in-AutoFocus help identify when an unknown, potential zero-day, targeted attack occur to allow one to adjust the security posture?
A. All High Risk artifacts are automatically classified as Highly Suspicious.
B. Highly Suspicious artifacts have been seen infecting a broad, significant range of companies.
C. Highly Suspicious artifacts are High Risk artifacts that have been seen in very few samples.
D. Highly Suspicious artifacts are associated with High-Risk payloads that are inflicting massive amounts of damage to end customers.
正解:C
質問 5:
What are three considerations when deploying User-ID. (Choose three.)
A. Use a dedicated service account for User-ID services with the minimal permissions necessary.
B. User-ID can support a maximum of 15 hops.
C. Specify included and excluded networks when configuring User-ID
D. Enable WMI probing in high security networks
E. Only enable User-ID on trusted zones
正解:A,C,D
質問 6:
DNS sinkholing helps identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's DNS query (that is, the firewall cannot see the originator of DNS query) Which of the following Statements is true?
A. DNS Sinkholing requires the Vulnerability Protection Profile be enabled.
B. Sinkholing malware DNS queries solves this visibilty problem by forging responses to the client host queries directed at fake domains created in a controlled "Fake Internet" called Zanadu which designed for testing and honeypots.
C. DNS Sinkholing requires a license SinkHole license in order to activate.
D. Infected hosts can then be easily identified in the traffic logs because any host that attempts to connect the sinkhole IP address are most likely infected with malware.
正解:D