|
Question 1.
MD5 is example of a?
A. encryption algorithm
B. digital signature
C. hashed mac
D. SA
Answer: D
Explanation:
IPSEC was developed by the Internet Engineering Task Force (IETF) to address certain vulnerabilities inherent in the popular IP protocol. Exploits in IP allowed for eavesdropping
(sniffing) and identity masking (spoofing), so it was difficult to get guaranteed security over large networks. Prior solutions would provide security for only specific applications (PGP for email and SSL for web applications). IPSEC secures the network itself, so it also secures the applications using the network. IPSEC is a set of IP extensions that provide strong data authentication and privacy guarantees through the use of modern encryption techniques.
To have security on your network, you need to have confidence in three factors:
1. The person you are communicating with is really that person (authentication)
2. No one can eavesdrop on your communication (confidentiality)
3. The communication that you received has not been modified in transit (integrity)
IPSEC is comprised of three components that provide these security functions. Authentication Header (AH) - A signature is tied to each packet, allowing you to verify the sender's identity and the integrity of the data. Currently MD5 and SHA-1 authentication schemes
are supported.
Encapsulating Security Payload (ESP) - Uses strong encryption algorithms to encrypt the data in each packet to defeat common eavesdropping techniques. The most common encryption algorithm used by ESP is 56-bit DES, but ESP is an open protocol that allows support for most current (and even future) encryption algorithms.
Internet Key Exchange (IKE) - Allows nodes to agree on authentication methods, encryption methods, the keys to use and the keys' lifespan. IKE also allows smart secure key exchange.
AH and ESP provide the means to protect data from tampering, preventing eavesdropping and verifying the origin of the data.
IKE provides a secure method of exchanging keys and negotiating protocols and encryption algorithms to use. The information negotiated IKE is stored in a Security Association (SA). The SA is like a contract laying out the rules of the VPN connection for the duration of the SA.
An SA is assigned a 32-bit number that, when used in conjunction with the destination IP address, uniquely identifies the SA. This number is called the Security Parameters Index or SPI.
To tie this all together, let's look at an example. User A wants to send data to User B. User A's router (router A) has a security policy applied with a rule that says all traffic to User B needs to be encrypted. User B's router (router B) will be the other end of an IPSEC tunnel. Router A checks to see if an IPSEC SA exists between it and router B. If it doesn't, router A will request an IPSEC SA from IKE. If an IKE SA exists between the two routers, an IPSEC SA is issued. If an IKE SA does not exist, one has to be negotiated first, with the routers exchanging information signed by a third-party certificate authority (CA) that both routers trust. Once the IKE SA is agreed upon by the routers, an IPSEC SA can be issued, and secure, encrypted communications can begin. This process is transparent to User A and User B.
The basic steps for setting up an IPSEC connection are as follows:
1. Set up an IKE SA.
2. Agree upon the terms of communication and encryption algorithm. Create an IPSEC SA.
3. Start sending data.
Question 2.
Which of the following malware attempt to scam the user into surrendering private information that will be used to identity theft ?
A. torjan
B. Phish
C. Downloader
D. Worm
Answer: B
Question 3.
Which spam filter does not query DNS servers for an address record? Return email DNS check
A. Hello DNS lookup
B. RBL/ORDBL list
C. BWL check
Answer: A, C
Question 4.
Which action must be taken when creating a new DNSBL entry in Antispam tp block spam SMTP email .
A. discard
B. spam
C. reject
D. clear
Answer: B
Explanation:
DNSBL & ORDBL options
DNSBL & ORDBL list has the following icons and features:
Create New Select Create New to add a server to the DNSBL & ORDBL list.
Total The number of items in the list.
The Page up, Page down, and Remove all entries icons.
DNSBL Server The current list of servers. Select the check box to enable all the DNSBL
and ORDBL servers in the list.
Action The action to take on email matched by the DNSBLs and ORDBLs.
Actions are: Mark as Spam to apply the spam action configured in the protection profile, or Mark as Reject to drop the session.
The Delete and Edit/View icons.
Question 5.
What are the necessary procedure before using Xauth?
A. create user group
B. create firewall policy
C. enable IPSEC VPN
D. enable PPTP
Answer: A, B, C
Question 6.
Which one is the most efficient way to block MSN traffic by Fortigate unit ?
A. Use IPS module by applying protection profile
B. Use Antivirus engine
C. Use firewall policy
D. Use content filtering
Answer: A
Question 7.
What is the valid web script filtering option for web filtering ?
A. Java Applet
B. Worm
C. ActiveX
D. Cookie
Answer: A, C, D
Question 8.
What is the best way to implement Fortigate HA ?
A. connect corresponding interface to individual switch
B. connect all interface to the same hub or switch
C. connect corresponding interface directly using cross-over cable
D. connect corresponding interface directly using straight-through cable
Answer: A
Question 9.
What is the valid address object in Fortigate unit?
A. 10.1.1.1 / 255.255.255.0
B. 10.1.1.1 / 255.255.255.255
C. 10.1.1.1 / 255.255.255.248
D. 10.1.1.1 / 255.255.255.252
Answer: B
Question 10.
What is the valid network in Fortigate?
A. 10.1.1.0 / 255.255.255.0
B. 10.1.1.1 / 255.255.255.0
C. 10.1.1.0 / 255.255.255.255
D. 10.1.1.0 / 255.255.0.0
Answer: B, D
Question 11.
What is the valid ipsec phase 1 option?
A. des
B. 3des
C. md5
D. sha1
Answer: A, B
Question 12.
What is the valid ipsec phase 2 option?
A. des
B. 3des
C. md5
D. sha1
Answer: C, D
Question 13.
What is valid router object of Fortigate unit ?
A. prefix list
B. route map
C. key chain list
D. access list
Answer: A, B, C
Question 14.
What service can protection profile protect?
A. ftp
B. IMAP
C. POP3
D. http
E. SMTP
Answer: A, B, C, D, E
Question 15.
What is the default protection profile ?
A. strict
B. scan
C. web
D. unfiltered
Answer: A, B, C, D
Question 16.
What are the valid option in web filtering?
A. content block
B. url block
C. exempt list
D. script filtering
Answer: A, B, C, D
Question 17.
What is the valid IPS option?
A. IPS signature
B. IPS anomaly
C. IPS engine
D. IPS list
Answer: A, D
Question 18.
Which logging can enable when enable protection profile content log?
A. HTTP
B. FTP
C. IMAP
D. POP3
E. SMTP
Answer: A, B, C, D
Question 19.
What is the valid option of Fortigate HA schedule?
A. none, hub, least-connection, round-robin
B. weighted round-robin, random, ip , ip port
C. switch, ip, ip port
D. priority, hub , least-connection
Answer: A, B
Question 20.
Which command can show HA status?
A. get system status
B. diag sys ha status
C. exec ha maga 1
D. get sys lic
E. config ha
Answer: A, B, C
Question 21.
What is the correct match order to choose a cluster master?
1. monitor port priority.
2. Age.
3. Unit Priority.
4. Serial number
A. 1 , 2 , 3 , 4
B. 1 , 3 , 2 , 4
C. 2 , 1 , 3 , 4
D. 2 , 4 , 1 , 3
E. 4 , 1 , 3 , 2
Answer: A
Question 22.
IPSEC VPN support which of the following DH group?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: A, B, E
Question 23.
What is the mechanism for processing DH group?
A. to generate session key
B. to generate pre-share key
C. to generate public key
D. to generate private key
Answer: A
Question 24.
Fortigate support which of the following client mode,
A. ipsec
B. latp
C. pptp
D. l2f
Answer: A, B, C
Question 25.
Fortigate use port 9443 to do what function
A. to communicate with proxy server
B. to run push update
C. to communicate with syslog server
D. to communicate with Forti log server
Answer: B
Explanation:
Update center
You can configure the FortiGate unit to connect to the Forti Protect Distribution Network (FDN) to update the antivirus (including gray ware), Spam Filter and attack definitions and engines.
Before the FortiGate unit can receive antivirus and attack updates, it must be able to connect to the Forti Protect Distribution Network (FDN). The FortiGate unit uses HTTPS on port 443 to connect to the FDN. The FortiGate unit must be able to route packets to the Internet using port 443.
You can also configure the FortiGate unit to allow push updates. Push updates are provided to the FortiGate unit from the FDN using HTTPS on UDP port 9443. To receive push updates, the FDN must be able to route packets to the FortiGate unit using UDP port 9443.
The FDN is a world-wide network of Forti Protect Distribution Servers (FDSs). When the FortiGate unit connects to the FDN it connects to the nearest FDS. To do this, all FortiGate units are programmed with a list of FDS addresses sorted by nearest time zone according to the time zone configured for the FortiGate unit.
The FortiGate unit supports the following antivirus and attack definition update features:
User-initiated update from the FDN, Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FDN, Push update from the FDN, Update status including version members, expiry date ,and update dates and times, Push updates through a NAT device.
To receive scheduled updates and push updates, you must register the FortiGate unit on the Fortinet support web page.
Question 26.
What's the difference between RIP V1 & V2 ?
A. carry more information
B. support simple authentication
C. support subnet mask
D. support encryption
Answer: A, B, C
Question 27.
Which one of the following command could show HA information of fortigate?
A. get system status
B. diag sys ha status
C. exec ha mamane 1
D. diag deb ena
Answer: A, B, C
Question 28.
What is the max hop of RIP?
A. 13
B. 14
C. 15
D. 16
Answer: C
Question 29.
What is the max metric can be configured in route distribution?
A. 13
B. 14
C. 15
D. 16
Answer: D
Question 30.
What are the valid dhcp server options?
A. none
B. dhcp server
C. dhcp relay agent
D. dhcp forwarding
Answer: A, B, C
Question 31.
What port is used between Fortigate to transmit log message to Foritlog
A. tcp 514
B. udp 514
C. tcp 69
D. udp 69
Answer: B
Question 32.
What is the correct protocol number for TCP (6) & UDP (17),
A. TCP / 6 , UDP / 17
B. TCP / 16 , UDP 117
C. TCP / 66 , UDP / 77
D. TCP / 106 , UDP / 107
Answer: A
Question 33.
Which of the following Fortigate components can not be rename
A. schedule
B. predefine service
C. address group
D. network range
Answer: A, B, C, D
|
Question 1. Which two attributes are copied for a CREATE TABLE from a subquery to the table being created? (Choose two.) A. data types B. FALLBACK option C. column-level attributes D. primary index E. CHECK constraints Answer: A, C Question 2. Which three features are associated with join indexes? (Choose three.) A. a pre-aggregation of a single base table B. the pre-join of multiple tables using INNER JOIN C. the pre-join of multiple tables using FULL OUTER JOIN D. a replicated subset of a single base table Answer: A, B, D Question 3. You want to generate three mutually exclusive sample sets from a customer table. SELECT customer_id, age, income, SAMPLEID FROM customer_table Which clause needs to be added to complete the task? A. SAMPLE .6, .25, .10, .05 ; B. SAMPLE .6, .25, .10, .05 WITH REPLACEMENT ; C. SAMPLE .6, .25, .10 ; D. SAMPLE .6, .25, .10 WITH REPLACEMENT ; Answer: C Question 4. Consider the table t1 created as follows: CREATE TABLE t1 ( a integer, d date, v varchar(100)) PRIMARY INDEX (a) PARTITION BY RANGE_N(d BETWEEN DATE '2001-01-01' AND DATE '2005-12-31' EACH INTERVAL '7' DAY); and the query: SELECT v FROM t1 WHERE d = DATE '2004-03-16'; Which plan does the Optimizer use to find qualifying rows? A. full table scan on a single AMP B. single partition scan on every AMP C. value lookup on every AMP D. hash lookup on each AMP E. single partition scan on a single AMP Answer: B Question 5. If neither RANGE_N nor CASE_N are used to define the number of partitions, how many partitions will the Optimizer assume? A. 255 B. 0 C. 32767 D. 1 E. 65535 Answer: E Question 6. Which two statements are true concerning parameters within a stored procedure? (Choose two.) A. Parameters and their attributes are always stored in the Data Dictionary. B. Parameters can be used to build a dynamic SQL statement. C. Parameters can be altered using the FORMAT clause. D. Parameters can include status variables such as ACTIVITY_COUNT. Answer: A, B Question 7. Which two tools can be used to alter database objects to improve workload performance? (Choose two.) A. Teradata System Emulation Tool (TSET) B. Teradata Visual Explain C. Teradata Statistics Wizard D. Teradata Index Wizard Answer: C, D Question 8. Which three are attributes of an Active Data Warehouse? (Choose three.) A. high availability B. tactical queries C. complex queries D. expanding batch windows Answer: A, B, C Question 9. Which join plan makes use of a primary index on each of two tables with matching partitioned primary indexes (PPIs)? A. rowkey-based merge B. nested C. exclusion merge D. rowhash merge Answer: A Question 10. You are evaluating the possible use of a hash index on a multi-terabyte table. Which two factors complicate the implementation of a hash index on such a table? (Choose two.) A. A partitioned primary index (PPI) is defined on the table. B. A large number of users access the table. C. Triggers are defined on the table. D. The maintenance job for the table is MultiLoad. Answer: C, D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.