1222 お客様のコメント
質問 1:
Which command can be used to see all active modules on the Security Gateway:
A. fw ctl debug -h
B. fw ctl chain
C. fw ctl zdebug drop
D. fw ctl debug -m
正解:B
質問 2:
The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located?
A. /opt/CPsuite-R77/fg1/log
B. /opt/CPshrd-R77/log
C. /opt/CPsuite-R77/fw1/log
D. /var/log/opt/CPsuite-R77/fg1/log
正解:C
質問 3:
Does R77 SmartDashboard support IPv6?
A. R77.20 and above provides the support for Smart Dashboard and IPv6 support.
B. Yes provided the operating system on which Smart Dashboard is installed is configured with IPv6.
C. IPv6 needs to be tunneled through IPv4 to support IPv6.
D. SmartDashboard does not support IPv6.
正解:B
質問 4:
After disabling SecureXL you ran command fw monitor to help troubleshoot a VPN issue. In your review you note that you only see pre-inbound traffic ("i") and no other traffic after this. Which of the following reasons could explain this output?
A. You have overlapping encryption domains with the remote site
B. Routes are set up incorrectly
C. You don't have an "encrypt" rule
D. Traffic is not destined to the correct MAC address because you failed to set up proxy ARP
正解:A
質問 5:
A new packet has arrived to a firewall's interface. The packet was compared with the connection table and there is no match. What process does the firewall start with that connection?
A. The new packet represents a new flow and requires a new connection table entry.
B. The packet will be then forwarded to the outbound interface for handling.
C. The packet will be rejected by the kernel firewall.
D. The packet will be forwarded to the firewall to apply the Security Policy.
正解:D
質問 6:
What is required when changing the configuration of the number of workers in CoreXL?
A. cpstop/cpstart
B. A reboot
C. evstop/evstart
D. A policy installation
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
The "Hide internal networks behind the Gateway's external IP" option is selected. What defines what traffic will be NATted?
A. The network objects configured for the network
B. The topology configuration of the gateway object
C. The VPN encryption domain of the gateway object
D. The Firewall policy of the gateway
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Why would you choose to combine dynamic routing protocols and VPNs?
A. All options listed.
B. The VPN device can be automatically updated with network changes on any VPN peer Gateway without the need to update the VPN Domain's configuration.
C. Dynamic-routing information can propagate over the VPN, utilizing the VPN as just another point-to-point link in the network.
D. In the case of one tunnel failure, other tunnels may be used to route the traffic.
正解:A
質問 9:
Which operating systems support Wire mode?
A. IPSO and GAIA
B. Solaris and SecurePlatform
C. IPSO and SecurePlatform
D. SecurePlatform and GAIA
正解:D
Which command can be used to see all active modules on the Security Gateway:
A. fw ctl debug -h
B. fw ctl chain
C. fw ctl zdebug drop
D. fw ctl debug -m
正解:B
質問 2:
The file ike.elg is a log file used to log IKE negotiations during VPN tunnel establishment. Where is this file located?
A. /opt/CPsuite-R77/fg1/log
B. /opt/CPshrd-R77/log
C. /opt/CPsuite-R77/fw1/log
D. /var/log/opt/CPsuite-R77/fg1/log
正解:C
質問 3:
Does R77 SmartDashboard support IPv6?
A. R77.20 and above provides the support for Smart Dashboard and IPv6 support.
B. Yes provided the operating system on which Smart Dashboard is installed is configured with IPv6.
C. IPv6 needs to be tunneled through IPv4 to support IPv6.
D. SmartDashboard does not support IPv6.
正解:B
質問 4:
After disabling SecureXL you ran command fw monitor to help troubleshoot a VPN issue. In your review you note that you only see pre-inbound traffic ("i") and no other traffic after this. Which of the following reasons could explain this output?
A. You have overlapping encryption domains with the remote site
B. Routes are set up incorrectly
C. You don't have an "encrypt" rule
D. Traffic is not destined to the correct MAC address because you failed to set up proxy ARP
正解:A
質問 5:
A new packet has arrived to a firewall's interface. The packet was compared with the connection table and there is no match. What process does the firewall start with that connection?
A. The new packet represents a new flow and requires a new connection table entry.
B. The packet will be then forwarded to the outbound interface for handling.
C. The packet will be rejected by the kernel firewall.
D. The packet will be forwarded to the firewall to apply the Security Policy.
正解:D
質問 6:
What is required when changing the configuration of the number of workers in CoreXL?
A. cpstop/cpstart
B. A reboot
C. evstop/evstart
D. A policy installation
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
The "Hide internal networks behind the Gateway's external IP" option is selected. What defines what traffic will be NATted?
A. The network objects configured for the network
B. The topology configuration of the gateway object
C. The VPN encryption domain of the gateway object
D. The Firewall policy of the gateway
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 8:
Why would you choose to combine dynamic routing protocols and VPNs?
A. All options listed.
B. The VPN device can be automatically updated with network changes on any VPN peer Gateway without the need to update the VPN Domain's configuration.
C. Dynamic-routing information can propagate over the VPN, utilizing the VPN as just another point-to-point link in the network.
D. In the case of one tunnel failure, other tunnels may be used to route the traffic.
正解:A
質問 9:
Which operating systems support Wire mode?
A. IPSO and GAIA
B. Solaris and SecurePlatform
C. IPSO and SecurePlatform
D. SecurePlatform and GAIA
正解:D
小雪 -
Pass4Testさんの問題集は156-115.77ていねい&わかりやすい解説で、受験直前までの仕上げ学習をガッチリサポート!