Q1. - (Topic 3)
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
A. Track
B. Action
C. Source
D. User
Answer: C
Q2. - (Topic 3)
What is a possible reason for the IKE failure shown in this screenshot?
A. Mismatch in preshared secrets.
B. Mismatch in Diffie-Hellman group.
C. Mismatch in VPN Domains.
D. Mismatch in encryption schemes.
Answer: A
Q3. - (Topic 3)
Which rule is responsible for the client authentication failure? Exhibit:
A. Rule 4
B. Rule 6
C. Rule 3
D. Rule 5
Answer: A
Q4. - (Topic 3)
Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.
Exhibit:
Exhibit:
A. Rule 4
B. Rule 7
C. Rule 8
D. Rule 5
Answer: A
Q5. - (Topic 1)
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. Run cpconfig, and click Reset.
B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
C. Click Communication > Reset on the Gateway object, and type a new activation key.
D. Run cpconfig, and select Secure Internal Communication > Change One Time Password.
Answer: B
Q6. - (Topic 2)
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.
A. 3, 5, 2, 4
B. 1, 5, 2, 4
C. 1, 2, 5, 4
D. 3, 2, 5, 4
Answer: B
Q7. - (Topic 3)
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:
A. Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet,
using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you
achieve these requirements?
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on
both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for
200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable
Hide NAT on the NAT page of the address range object. Enter Hiding IP address
200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of
200.200.200.3.
D. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC
address of 200.200.200.3.
Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network
objects to a group object. Create a manual NAT rule like the following: Original source -group object; Destination - any; Service - any; Translated source - 200.200.200.5;
Destination - original; Service - original.
Answer: B
Q8. - (Topic 3)
You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?
Exhibit:
A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R77 supports.
B. Changing the setting Perform key exchange encryption with from AES-256 to 3DES will enhance the VPN Community's security , and reduce encryption overhead.
C. Change the data-integrity setting for this VPN Community because MD5 is incompatible with AES.
D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the encryption overhead.
Answer: D
Q9. - (Topic 3)
Which of the following is NOT defined by an Access Role object?
A. Source Network
B. Source User
C. Source Machine
D. Source Server
Answer: D
Q10. - (Topic 3)
Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity
Awareness credential requests.
A. ICA Certificates
B. Key-logging
C. SecureClient
D. Single Sign-On
Answer: D