869 お客様のコメント
質問 1:
You find that your open server SecurePlatform system is lagging although you know you have plenty of memory and the complexity of the Rule Base has not changed significantly. You think that upgrading the CPU frequency speed could help your performance. Which command could help you see what speed and model of CPU you are using?
A. top
B. cat /proc/cpuinfo
C. fw tab
D. sysconfig
正解:B
質問 2:
Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?
A. The source MAC address of the packet.
B. The packet has a TTL value of less than 255.
C. The destination IP of the packet.
D. The source IP of the packet.
正解:B
質問 3:
Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .
A. fw ctl setsync off, fw ctl setsync on
B. fw ctl setsync off, fw ctl setsync start
C. fw ctl setsync stop, fw ctl setsync on
D. fw ctl sync stop, fw ctl sync start
正解:B
質問 4:
Where do you enable Route-based VPN?
A. vpn_route.conf
B. Security Gateway Object
C. WebUI
D. VPN shell
正解:B
質問 5:
Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?
A. WebUI or add proxy ARP ... commands via CLISH
B. SmartView Tracker
C. SmartDashboard
D. local.arp file
正解:A
質問 6:
You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify a connection is correctly translated to its NAT address. What flags should you use for the kernel debug?
A. fw ctl debug -m fw + conn drop ld
B. fw ctl debug -m fw + conn drop nat vm xlate xltrc
C. fw ctl debug -m nat + conn drop nat xlate xltrc
D. fw ctl debug -m nat + conn drop fw xlate xltrc
正解:B
質問 7:
How to check the overall SecureXL statistics:
A. cat /proc/ppk/statistics
B. fwaccel conns
C. fwaccel on
D. fwaccel stat
正解:A
質問 8:
Which command should you use to stop kernel module debugging (excluding SecureXL)?
A. fw debug fwd off; vpn debug off
B. fw debug fwd off
C. fw ctl debug 0
D. fw ctl zdebug - all
正解:C
質問 9:
Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls. What could be the problem?
A. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will not.
B. In order to make changes on R70 machines you need work within GuiDBedit
C. To support R70, the file in the compatibility directory should have been modified.
D. Changes to the table.def can only be applied to firewalls matching the Management Server version. The customer needs to upgrade the firewalls to the same version as the firewall.
正解:C
You find that your open server SecurePlatform system is lagging although you know you have plenty of memory and the complexity of the Rule Base has not changed significantly. You think that upgrading the CPU frequency speed could help your performance. Which command could help you see what speed and model of CPU you are using?
A. top
B. cat /proc/cpuinfo
C. fw tab
D. sysconfig
正解:B
質問 2:
Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of a gateway in the cluster is being spoofed?
A. The source MAC address of the packet.
B. The packet has a TTL value of less than 255.
C. The destination IP of the packet.
D. The source IP of the packet.
正解:B
質問 3:
Misha is working on a stand-by firewall and deletes the connections table in error. He finds that now the table is out of sync with the Active member. to get them completely synced again, Mish should run the command pair ____________ and __________ .
A. fw ctl setsync off, fw ctl setsync on
B. fw ctl setsync off, fw ctl setsync start
C. fw ctl setsync stop, fw ctl setsync on
D. fw ctl sync stop, fw ctl sync start
正解:B
質問 4:
Where do you enable Route-based VPN?
A. vpn_route.conf
B. Security Gateway Object
C. WebUI
D. VPN shell
正解:B
質問 5:
Since R76 GAiA, what is the method for configuring proxy ARP entries for manual NAT rules?
A. WebUI or add proxy ARP ... commands via CLISH
B. SmartView Tracker
C. SmartDashboard
D. local.arp file
正解:A
質問 6:
You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify a connection is correctly translated to its NAT address. What flags should you use for the kernel debug?
A. fw ctl debug -m fw + conn drop ld
B. fw ctl debug -m fw + conn drop nat vm xlate xltrc
C. fw ctl debug -m nat + conn drop nat xlate xltrc
D. fw ctl debug -m nat + conn drop fw xlate xltrc
正解:B
質問 7:
How to check the overall SecureXL statistics:
A. cat /proc/ppk/statistics
B. fwaccel conns
C. fwaccel on
D. fwaccel stat
正解:A
質問 8:
Which command should you use to stop kernel module debugging (excluding SecureXL)?
A. fw debug fwd off; vpn debug off
B. fw debug fwd off
C. fw ctl debug 0
D. fw ctl zdebug - all
正解:C
質問 9:
Your customer has an R77 Multi-domain Management Server managing a mix of firewalls of R70 and R77 versions. A change was made to the file $FWDIR/lib/tables.def on one of the domains. However, it was found that the change was not applied to the R70 firewalls. What could be the problem?
A. R70 is end of life and is not supported. Most functions will work, but modifying the table.def will not.
B. In order to make changes on R70 machines you need work within GuiDBedit
C. To support R70, the file in the compatibility directory should have been modified.
D. Changes to the table.def can only be applied to firewalls matching the Management Server version. The customer needs to upgrade the firewalls to the same version as the firewall.
正解:C
Shigeno -
身に着けた知識は、本書に付属するアプリでしっかりと反復演習を行うことで、156-115.77試験対策ができます。一冊で十分カバー出来ます。