Q1. - (Topic 3)
What action can be performed from SmartUpdate R77?
A. cpinfo
B. fw stat -l
C. upgrade_export
D. remote_uninstall_verifier
Answer: A
Q2. - (Topic 1)
Which of the following methods will provide the most complete backup of an R75 configuration?
A. Execute command upgrade_export
B. Database Revision Control
C. Policy Package Management
D. Copying the directories $FWDIR\conf and $CPDIR\conf to another server
Answer: A
Q3. - (Topic 3)
How many packets does the IKE exchange use for Phase 1 Aggressive Mode?
A. 1
B. 12
C. 6
D. 3
Answer: D
Q4. - (Topic 1)
Which of the following statements accurately describes the command upgrade_export?
A. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
B. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
C. This command is no longer supported in GAiA.
D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
Answer: A
Q5. - (Topic 3)
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
A. Track
B. User
C. Destination
D. Action
Answer: C
Q6. - (Topic 1)
Certificates for Security Gateways are created during a simple initialization from _____________.
A. The ICA management tool
B. SmartUpdate
C. sysconfig
D. SmartDashboard
Answer: D
Q7. - (Topic 3)
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?
A. Leveraging identity in the application control blade
B. Identity-based enforcement for non-AD users (non-Windows and guest users)
C. Identity-based auditing and logging
D. Basic identity enforcement in the internal network
Answer: B
Q8. - (Topic 2)
Which of the following is a viable consideration when determining Rule Base order?
A. Grouping authentication rules with address-translation rules
B. Grouping rules by date of creation
C. Grouping reject and drop rules after the Cleanup Rule
D. Grouping functionally related rules together
Answer: D
Q9. - (Topic 1)
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
Answer: B
Q10. - (Topic 1)
Which item below in a Security Policy would be enforced first?
A. Network Address Translation
B. Security Policy First rule
C. Administrator-defined Rule Base
D. IP spoofing/IP options
Answer: D