New Questions 8

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R80 Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.

Ms. McHanry tries to access the resource but is unable. What should she do?

A. Have the security administrator select the Action field of the Firewall Rule u201cRedirect HTTP connections to an authentication (captive) portalu201d

B. Have the security administrator reboot the firewall

C. Have the security administrator select Any for the Machines tab in the appropriate Access Role

D. Install the Identity Awareness agent on her iPad

View Answer

New Questions 9

Security Gateway R80 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.

A. SMTP, FTP, TELNET

B. SMTP, FTP, HTTP, TELNET

C. FTP, HTTP, TELNET

D. FTP, TELNET

View Answer

New Questions 10

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R80?

A. External-user group

B. LDAP group

C. A group with a generic user

D. All Users

View Answer

New Questions 11

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the .

A. destination on server side

B. source on server side

C. source on client side

D. destination on client side

View Answer

New Questions 12

You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?

A. The cluster link is down.

B. The physical interface is administratively set to DOWN.

C. The physical interface is down.

D. CCP pakets couldn't be sent to or didn't arrive from neighbor member.

View Answer

New Questions 13

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

A. John should install the Identity Awareness Agent

B. The firewall admin should install the Security Policy

C. John should lock and unlock the computer

D. Investigate this as a network connectivity issue

View Answer

New Questions 14

What is the command to show SecureXL status?

A. fwaccel status

B. fwaccel stats u2013m

C. fwaccel u2013s

D. fwaccel stat

View Answer

New Questions 15

What is the purpose of the pre-defined exclusions included with SmartEvent R80?

A. To allow SmartEvent R80 to function properly with all other R71 devices.

B. To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.

C. As a base for starting and building exclusions.

D. To give samples of how to write your own exclusion.

View Answer

New Questions 16

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

A. Automatic ARP must be unchecked in the Global Properties.

B. Nothing else must be configured.

C. A static route must be added on the Security Gateway to the internal host.

D. A static route for the NAT IP must be added to the Gatewayu2021s upstream router.

View Answer