Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Advertise

Submit Braindumps

Forum

Tell A Friend

    Contact Us

 Home

 Search

Latest Brain Dumps

 BrainDump List

 Certifications Dumps

 Microsoft

 CompTIA

 Oracle

  Cisco
  CIW
  Novell
  Linux
  Sun
  Certs Notes
  How-Tos & Practices 
  Free Online Demos
  Free Online Quizzes
  Free Study Guides
  Free Online Sims
  Material Submission
  Test Vouchers
  Users Submissions
  Site Links
  Submit Site

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Online Training Demos and Learning Tutorials for Windows XP, 2000, 2003.

 

 

 

 





Braindumps for "646-301" Exam

VPN/Security

 Question 1.	
You are a technician at ITCertkeys. You tell your newly appointed ITCertkeys trainee that Cisco PIX Firewalls utilize transparent identity verification at the firewall, and that it makes smart decisions for access or denial. After authentication, the Cisco PIX shifts session flows so that all subsequent traffic receives more rapid routing than proxy servers enable.

Your trainee now wants to know what this process is called. What would your reply be?

A. LEAP
B. RADIUS
C. Cut-Through Proxy
D. Cut-Through Switching

Answer: C

Question 2.
The IT group in an organization would be in favor of centralized Security Management tools because they _________. (Choose three)

A. Provide convenient billing services.
B. Help them identify new threats more quickly.
C. Make their job easier installing and monitoring security functions.
D. Provide assurance that the security policy is being applied uniformly.

Answer: B, C, D

Question 3.
Which technology allows companies to securely transport data across the Internet?

A. Data encryption
B. Intrusion Detection
C. High-speed switching
D. Quality of Service (QoS)

Answer: A

Question 4.
A _____ is a set of hardware and software that is implemented at a particular spot on a network infrastructure to enforce the security policy of an organization.

A. Router
B. Switch
C. VPN concentrator
D. Cisco PIX Firewall
E. Cisco Intrusion Detection (IDS) System

Answer: E

Question 5.
Which feature hides Internet network IP addresses from the outside?

A. Host Standby Protocol
B. Advanced Quality of Service
C. Network Address Translation
D. Context-based Access Control

Answer: C

Question 6.
A customer needs to connect smaller branch office locations to its central site and desires a more
which solution should you recommend?

A. V3PN solution
B. Site-to-site VPN solution
C. Remote access VPN solution
D. Redundant Services Termination solution

Answer: C

Question 7.
Which is a cost effective VPN solution?

A. VPN concentrators
B. VPN modules for the routers
C. VPN modules for the firewalls
D. VPN modules for the switches

Answer: B

Question 8.
What is the main function of the Cisco VPN Client?

A. Initiates V3PN connection with Cisco VPN routers.
B. Sets up Secure Socket Layer connection to the web host.
C. Provides application layer connection to the remote web server.
D. Establishes encrypted tunnels with a remote access VPN concentrator.

Answer: D

Question 9.
VPN-enabled routers connect branch and regional offices. They deliver single-box solutions that offer an integrated package of routing, firewall, intrusion detection, and VPN functions. What is this type of VPN solution called?

A. Site to site VPN
B. VPN encryption
C. SSL termination
D. Remote access VPN

Answer: A

Question 10.
What are the defensible boundaries within a network that allow a security policy to be strategically enforced?

A. Firewalls
B. Perimeter networks
C. Cisco IOS Firewalls
D. Network integrity points

Answer: B

Explanation:
A network security policy focuses on controlling the network traffic and usage. It identifies a network's resources and threats, defines network use and responsibilities, and details action plans for when the security policy is violated. When you deploy a network security policy, you want it to be strategically enforced at defensible boundaries within your network. These strategic boundaries are called perimeter networks.

Reference: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm#xtocid3

Question 11.
Small and medium business often cannot afford dedicated, redundant firewall options. What is
the most economical way for them to achieve firewall functionality?

A. Use the Cisco IOS software firewall features.
B. Depend on router access lists for network security.
C. Activate firewall services provided by their service provider.
D. Rely on security features included in their applications software.

Answer: A

Question 12.
Firewalls can be implemented on which three devices? (Choose three)

A. Routers
B. Software
C. Content engines
D. Web appliances
E. Dedicated hardware devices

Answer: A, B, E

Question 13.
What functionality can be used in conjunction with the Cisco PIX Firewall to manage access to Internet sites and selectively block individual of groups of Internet sites?

A. 3 DES
B. URL filtering
C. Centralized configurations
D. Access Control List (ACLs)

Answer: B

Question 14.
Businesses must be able to define and protect sensitive portions of their networks and guard against intrusive access form potentially harmful applications. 

The first line of defense that most organizations implement is _______.

A. Firewall security
B. User accounting
C. A Virtual Private Network.
D. An Intrusion Protection system

Answer: A

Question 15. 
Establishing two Cisco PIX Firewalls that run parallel ensures that if one firewall malfunctions, the second automatically maintains security operations. Implementing this feature assures that the firewall is always on. 

What is this configuration called?

A. URL filtering
B. Hot Standby
C. Standards-based VPN
D. Centralized Configuration Builder

Answer: B

Question 16.
What is a company's last means of perimeter defense between the intellectual assets of an organization and the Internet if they choose not to implement a firewall solution?

A. Their routers
B. Their service provider
C. The Intrusion Protection System
D. The Security Management System

Answer: A

Question 17.
What are three security functions that Host IDS performs? (Choose three)

A. Protection of critical servers within the network.
B. Secure session encryption using industry standards.
C. Facilitation of client changes and updates to their passwords.
D. Proactive event notification that is sent to network administration.
E. Real-time monitoring of network traffic at pre-determined points in the network.

Answer: A, D, E

Question 18.
What is a benefit of implementing BOTH Network IDS and Host IDS?

A. Network IDS can protect a network from probes and Host IDS can protect vulnerable servers.
B. Wireless LANs become more secure with the additional LEAP and encryption provided by 
    Network and Host IDS.
C. Router performance can be increased by offloading Network and Host IDS functions to 
    security appliances and servers.
D. Private VLAN security provided through Network and Host IDS decreases propagation of 
    attacks by isolating critical servers.

Answer: A

Question 19.
How does Cisco Intrusion Protection address the financial impact of a possible network outage? (Choose two)

A. Allows simplified network management.
B. Identifies and reacts to known or suspected network intrusion and anomalies.
C. Reduces additional financial losses by shutting down the network on intrusion.
D. Prevents losses that are due to both hacker attacks and internal violations of security policy.

Answer: B, D

Question 20.
Which product is best for real-time monitoring and protecting a network (from unauthorized activities, denial of service attacks, port sweeps) and is able to take actions against these attacks?

A. Cisco Security Agent
B. Cisco IDS 4200 family
C. Cisco VPN Concentrator
D. Cisco PIX Firewall Appliances

Answer: B


Google
 
Web www.certsbraindumps.com


Braindumps: Dumps for 156-515 Exam Brain Dump

Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Advertise

Submit Braindumps

Forum

Tell A Friend

    Contact Us





Braindumps for "156-515" Exam

Check Point Certified Security Expert Plus NGX

 Question 1.
Which files should be acquired from a Windows 2003 Server system crash with a Dr. Watson error?

A. drwtsn32.log
B. vmcore.log
C. core.log
D. memory.log
E. info.log

Answer: A

Question 2.
VPN debugging information is written to which of the following files?

A. FWDIR/log/ahttpd.elg
B. FWDIR/log/fw.elg
C. $FWDIR/log/ike.elg
D. FWDIR/log/authd.elg
E. FWDIR/log/vpn.elg

Answer: C

Question 3.
fw monitor packets are collected from the kernel in a buffer. 

What happens if the buffer becomes full?

A. The information in the buffer is saved and packet capture continues, with new data stored in 
    the buffer.
B. Older packet information is dropped as new packet information is added.
C. Packet capture stops.
D. All packets in it are deleted, and the buffer begins filling from the beginning.

Answer: D

Question 4.
Which file provides the data for the host_table output, and is responsible for keeping a record of all internal IPs passing through the internal interfaces of a restricted hosts licensed Security Gateway?

A. hosts.h
B. external.if
C. hosts
D. fwd.h
E. fwconn.h

Answer: D

Question 5.
You modified the *def file on your Security Gateway, but the changes were not applied. Why?

A. There is more than one *.def file on the Gateway.
B. You did not have the proper authority.
C. *.def files must be modified on the SmartCenter Server.
D. The *.def file on the Gateway is read-only.

Answer: C

Question 6.
Assume you have a rule allowing HTTP traffic, on port 80, to a specific Web server in a Demilitarized Zone (DMZ). 

If an external host port scans the Web server's IP address, what information will be revealed?

A. Nothing; the NGX Security Server automatically block all port scans.
B. All ports are open on the Security Server.
C. All ports are open on the Web server.
D. The Web server's file structure is revealed.
E. Port 80 is open on the Web server.

Answer: E

Question 7.
Which of the following types of information should an Administrator use tcpdump to view?

A. DECnet traffic analysis
B. VLAN trunking analysis
C. NAT traffic analysis
D. Packet-header analysis
E. AppleTalk traffic analysis

Answer: D

Question 8.
Which statement is true for route based VPNs?

A. IP Pool NAT must be configured on each gateway
B. Route-based VPNs replace domain-based VPNs
C. Route-based VPNs are a form of partial overlap VPN Domain
D. Packets are encrypted or decrypted automatically
E. Dynamic-routing protocols are not required

Answer: E

Question 9.
The list below provides all the actions Check Point recommends to troubleshoot a problem with an NGX product.

A. List Possible Causes
B. Identify the Problem
C. Collect Related Information
D. Consult Various Reference Sources
E. Test Causes Individually and Logically

Select the answer that shows the order of the recommended actions that make up Check Point's troubleshooting guidelines?

A. B, C, A, E, D
B. A, E, B, D, C
C. A, B, C, D, E
D. B, A, D, E, C
E. D, B, A, C, E

Answer: A

Question 10.
NGX Wire Mode allows:

A. Peer gateways to establish a VPN connection automatically from predefined preshared 
    secrets.
B. Administrators to verify that each VPN-1 SecureClient is properly configured, before allowing it 
    access to the protected domain.
C. Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection.
D. Administrators to monitor VPN traffic for troubleshooting purposes.
E. Administrators to limit the number of simultaneous VPN connections, to reduce the traffic load 
    passing through a Security Gateway.

Answer: C

Question 11.
Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the Initial Policy?

A. fw monitor
B. cp policy
C. cp stat
D. fw policy
E. fw stat

Answer: E

Question 12.
A SecuRemote/SecureClient tunnel test uses which port?

A. UDP 18233
B. UDP 2746
C. UDP 18234
D. TCP 18231
E. UDP 18321

Answer: C


Google
 
Web www.certsbraindumps.com


Study Guides and Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA





              Privacy Policy                   Disclaimer                    Feedback                    Term & Conditions

www.helpline4IT.com

ITCertKeys.com

Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.