Q1. - (Topic 3) 

What action can be performed from SmartUpdate R77? 

A. cpinfo 

B. fw stat -l 

C. upgrade_export 

D. remote_uninstall_verifier 

View Answer

Q2. - (Topic 1) 

Which of the following methods will provide the most complete backup of an R75 configuration? 

A. Execute command upgrade_export 

B. Database Revision Control 

C. Policy Package Management 

D. Copying the directories $FWDIR\conf and $CPDIR\conf to another server 

View Answer

Q3. - (Topic 3) 

How many packets does the IKE exchange use for Phase 1 Aggressive Mode? 

A. 1 

B. 12 

C. 6 

D. 3 

View Answer

Q4. - (Topic 1) 

Which of the following statements accurately describes the command upgrade_export? 

A. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. 

B. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server. 

C. This command is no longer supported in GAiA. 

D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting. 

View Answer

Q5. - (Topic 3) 

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role? 

A. Track 

B. User 

C. Destination 

D. Action 

View Answer

Q6. - (Topic 1) 

Certificates for Security Gateways are created during a simple initialization from _____________. 

A. The ICA management tool 

B. SmartUpdate 

C. sysconfig 

D. SmartDashboard 

View Answer

Q7. - (Topic 3) 

When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method? 

A. Leveraging identity in the application control blade 

B. Identity-based enforcement for non-AD users (non-Windows and guest users) 

C. Identity-based auditing and logging 

D. Basic identity enforcement in the internal network 

View Answer

Q8. - (Topic 2) 

Which of the following is a viable consideration when determining Rule Base order? 

A. Grouping authentication rules with address-translation rules 

B. Grouping rules by date of creation 

C. Grouping reject and drop rules after the Cleanup Rule 

D. Grouping functionally related rules together 

View Answer

Q9. - (Topic 1) 

When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change? 

A. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field 

B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up 

C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings. 

D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56 

View Answer

Q10. - (Topic 1) 

Which item below in a Security Policy would be enforced first? 

A. Network Address Translation 

B. Security Policy First rule 

C. Administrator-defined Rule Base 

D. IP spoofing/IP options 

View Answer