Q1. - (Topic 3)
Where does the security administrator activate Identity Awareness within SmartDashboard?
A. LDAP Server Object > General Properties
B. Gateway Object > General Properties
C. Policy > Global Properties > Identity Awareness
D. Security Management Server > Identity Awareness
Answer: B
Q2. - (Topic 3)
What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?
A. Captive Portal is more secure than standard LDAP
B. Captive Portal is more transparent to the user
C. Nothing, LDAP query is required when configuring Captive Portal
D. Captive Portal works with both configured users and guests
Answer: D
Q3. - (Topic 3)
John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
“Trust established?
SIC still does not seem to work because the policy won’t install and interface fetching does not work. What might be a reason for this?
A. SIC does not function over the network.
B. It always works when the trust is established
C. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
D. This must be a human error.
Answer: C
Q4. - (Topic 2)
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
B. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
C. Place a static host route on the firewall for the valid IP address to the internal Web server.
D. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
Answer: D
Q5. - (Topic 3)
Where is the fingerprint generated, based on the output display?
A. SmartUpdate
B. Security Management Server
C. SmartConsole
D. SmartDashboard
Answer: B
Q6. - (Topic 3)
Which R75 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?
A. SmartView Monitor
B. SmartView Status
C. SmartEvent
D. SmartUpdate
Answer: A
Q7. - (Topic 3)
Why are certificates preferred over pre-shared keys in an IPsec VPN?
A. Weak security: PSKs can only have 112 bit length.
B. Weak Security: PSK are static and can be brute-forced.
C. Weak scalability: PSKs need to be set on each and every Gateway.
D. Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.
Answer: B
Q8. - (Topic 3)
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A. You can limit the authentication attempts in the User Properties' Authentication tab.
B. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
C. You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
D. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.
Answer: D
Q9. - (Topic 3)
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Blank field under Rule Number
C. Cleanup Rule
D. Rule 1
Answer: A
Q10. - (Topic 3)
What command syntax would you use to turn on PDP logging in a distributed environment?
A. pdp tracker on
B. pdp log=1
C. pdp track=1
D. pdp logging on
Answer: A