|
Question 1.
Which statement is true concerning packet filters?
A. Filters cannot prevent application viruses.
B. Filters cannot prevent the BIG-IP synching process from taking place.
C. The order of filters does not affect which traffic is accepted or denied.
D. In addition to administrator-created filter, there always exists a "deny all" filter that processes
traffic last.
Answer: A
Explanation:
Packet filters enhance network security by specifying whether a BIG-IP system interface should accept or reject certain packets based on criteria that you specify. Packet filters enforce an access policy on incoming traffic. They apply to incoming traffic only.
Question 2.
If a self-IP port lockdown is set to "allow default", which three ports will accept administrative traffic? (Choose three.)
A. SSH
B. DNS
C. HTTP
D. SMTP
E. HTTPS
Answer: A, B, E
Explanation:
Port Lockdown specifies the protocols and services from which the self IP address can accept traffic.
Each self IP address has a feature known as port lockdown. Port lockdown is a security feature that allows you to specify particular UDP and TCP protocols and services from which the self IP address can accept traffic. By default, a self IP address accepts traffic from these protocols and services:
• For UDP, the allowed protocols and services are: DNS (53), SNMP
(161), RIP (520)
• For TCP, the allowed protocols and services are: SSH (22), DNS (53), SNMP (161), HTTPS (443), 4353 (iQuery)
If you do not want to use the default setting (Allow Default), you can configure port lockdown to allow either all UDP and TCP protocols and services (Allow All), no UDP protocols and services (Allow None), or only those that you specify (Allow Custom).
Question 3.
If a self-IP's port lockdown is set to "allow 443", which statement describes allowed communication to that address?
A. Access is available to the Configuration Utility.
B. Serial console access is prevented since only port 443 access is allowed.
C. Access may be available via SSH dependent upon the /etc/host.allow settings.
D. The partner BIG-IP will be able to synchronize and mirror connection and persistence
information.
Answer: A
Explanation:
Port Lockdown specifies the protocols and services from which the self IP address can accept traffic.
Each self IP address has a feature known as port lockdown. Port lockdown is a security feature that allows you to specify particular UDP and TCP protocols and services from which the self IP address can accept traffic. By default, a self IP address accepts traffic from these protocols and services:
• For UDP, the allowed protocols and services are: DNS (53), SNMP
(161), RIP (520)
• For TCP, the allowed protocols and services are: SSH (22), DNS (53), SNMP (161), HTTPS (443), 4353 (iQuery)
If you do not want to use the default setting (Allow Default), you can configure port lockdown to allow either all UDP and TCP protocols and services (Allow All), no UDP protocols and services (Allow None), or only those that you specify (Allow Custom).
Question 4.
For optimal performance, you should aggregate links in powers of.
A. Two
B. Three
C. Four
D. Any of the above
Answer: A
Explanation:
For optimal performance, you should aggregate links in powers of two. Thus, you ideally aggregate two, four, or eight links.
Question 5.
Two systems that use trunks to exchange frames are known as
A. Redundant systems
B. Peer systems
C. Group Systems
D. Pool systems
Answer: B
Explanation:
You can use trunks to transmit traffic from a BIG-IP system to another vendor switch. Two systems that use trunks to exchange frames are known as peer systems.
|
Question 1. Given the information provided in the exhibit: Which entry would you put in nco_routing section of the nco_pa.conf on the host 'server1' to allow PA on server1 to communicate with PA on server2 and server3? A. 'SERVER1_PA' 'SERVER2_PA' 'SERVER3_PA' B. host 'server1' 'SERVER1_PA' host 'server2' 'SERVER2_PA' host 'server3' 'SERVER3_PA' C. host 'server1' 'SERVER1_PA' host 'server1' 'SERVER2_PA' host 'server1' 'SERVER3_PA' D. host 'server1' 'SERVER1_PA' host 'server2' 'SERVER1_PA' host 'server3' 'SERVER1_PA' Answer: B Question 2. Which three system files can be utilized on UNIX to store the users environment variables? (Choose three.) A. ~/.cshrc B. ~/.bashrc C. ~/.profile. D. /etc/rc3.d/K98 E. /var/adm/license_file F. /opt/netcool/install/application.sql Answer: A, B, C Question 3. Which argument can you use to configure a probe to communicate with a particular ObjectServer using the command line? A. -name B. -agent C. -server D. -manager Answer: C Question 4. Which three configuration changes must be made in order for failover to work? (Choose three.) A. Proxy Server B. a Virtual ObjectServer C. uni-directional gateway D. two ObjectServers on different machines E. ObjectServer definitions in ObjectServer .props file F. a link between two ObjectServers in the omni.dat file Answer: B, D, F Question 5. Which two properties (partial list) must be set to enable a bidirectional gateway to maintain two synchronized ObjectServers? (Choose two.) A. Gate.MapFile B. Gate.Transfer.FailoverSyncRate C. ObjectServerB.TblReplicate DefFile D. Gate.Mapper.ForwardHistoricJournals E. Gate.ObjectServerA.RefreshCacheOnUpdate Answer: A, C Question 6. The probe you are installing uses Java technology. The README file says that it requires JRE 1.5. The probe will not start under P A. What must you do to check the JRE version in use by the probe? A. run java -version B. place the java binary in the same directory as the probes C. set the CLASSPATH to the same directory as the props file D. set your PATH to the value of $PATH set in the init script which starts PA Answer: A Question 7. Which UNIX command is used to add a user to an already created group in the UNIX environment? A. usermod -gB. usermod -g C. groupmod -g D. groupmod -g Answer: A Question 8. How is a trigger created or replaced if it already exist? A. DROP OR REPLACE 'trigger_name'; B. CREATE OR RENAME TRIGGER 'trigger_name'; C. CREATE OR REPLACE TRIGGER 'trigger_name'; D. CREATE OR RECREATE TRIGGER 'trigger_name'; Answer: C Question 9. An engineer is working directly on the UNIX server where IBM Tivoli Netcool/OMNIbus v7.1 (OMNIbus) is installed and running. The engineer tries to start the Event List, but receives the following error output: Fatal Error: /opt/netcool/omnibus/platform/solaris2/bin/nco_event: can't open display. What is a possible cause of this error? A. The remote machine is not running OMNIbus. B. The engineer has not properly set the environment variable, DISPLAY. C. The user account the engineer is using does not have execute permission for nco_event. D. The machine is low on swap space and does not have enough resources to allocate for rendering the Event List. Answer: B Question 10. Assuming a default UNIX/Linux installation of IBM Tivoli Netcool/OMNIbus v7.1 with default probe settings, what is the path and filename of the log file for the Simnet probe? A. $NCHOME/log/simnet.log B. $NCHOME/log/probes/simnet.log C. $NCHOME/omnibus/log/simnet.log D. $NCHOME/omnibus/log/probes/simnet.log Answer: C
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.