|
Question 1.
You have created a VPN to a dynamic peer. Which two configured parameters must match? (Choose two.)
A. static side peer-id
B. dynamic side local-id
C. static side IP address
D. dynamic side IP address
Answer: A, B
Question 2.
Which three events would cause ScreenOS devices to generate SNMP traps? (Choose three.)
A. cold starts
B. traffic alarms
C. warm reboots
D. self log events
E. traffic log events
Answer: A, B, C
Question 3.
Which command shows the filter applied to snoop captures?
A. get snoop
B. snoop info
C. get ffilter
D. get ffilter ip-proto snoop
Answer: B
Question 4.
Review the exhibit.
Based on the exhibit, which of the following statements is true about this OSPF configuration?
A. The neighbor device has been selected as the DR.
B. The OSPF neighbor's IP address is 10.50.1.1.
C. OSPF hellos are going to the wrong multicast address.
D. The neighbor relationship between the two devices cannot be established.
Answer: A
Question 5.
A VPN tunnel uses certificates for site-to-site authentication. Phase 1 is failing when the receiving device attempts to validate the received certificate.
What would be causing this problem?
A. The device certificate has been revoked.
B. The CA certificate does not include the device certificate.
C. The device certificate has a CDP extension, making it invalid.
D. The device certificate was generated before the CRL was downloaded, so it cannot be
validated.
Answer: A
Question 6.
You have entered the following BGP configuration:
set vrouter trust-vr bgp 65530
set vrouter trust-vr bgp enable
set vrouter trust-vr protocol bgp neighbor 1.1.1.250
remote-as 65500
set vrouter trust-vr protocol bgp neighbor 1.2.3.250
remote-as 65280 BGP is not working.
What two elements are missing from your configuration? (Choose two.)
A. You have not enabled the BGP peers.
B. You have not enabled EBGP multihop.
C. You have not placed the peers in a BGP peer group.
D. You have not enabled BGP on the interfaces connecting to the peers.
Answer: A, D
Question 7.
Which ScreenOS CLI command(s) allow(s) for redistribution of type 1-3 LSAs?
A. set ospf export route external
B. set match route-type internal-ospf
C. set redistribute ospf lsa 1
set redistribute ospf lsa 2
set redistribute ospf lsa 3
D. set protocol ospf lsa 1 redistribute
set protocol ospf lsa 2 redistribute
set protocol ospf lsa 3 redistribute
Answer: B
Question 8.
When enabling OSPF over a hub and spoke VPN, what must you configure on the hub device tunnel interface to allow spokes to receive routing updates?
A. point to multipoint
B. disable split-horizon
C. enable demand circuit
D. enable passive interface
Answer: A
Question 9.
What do you need to change in your IPSec VPN configuration to use certificates for authentication?
A. Replace the preshared key with the certificate name.
B. Select PFS in Phase 2, then select the certificate to be used.
C. Use a custom set of Phase 1 proposals, all beginning with rsa-.
D. Use a custom set of Phase 2 proposals, all beginning with rsa-.
Answer: C
Question 10.
Click the Exhibit button.
You have enabled OSPF on a device addressed as shown in the exhibit. You have not configured a router ID.
Which address will be used as the router ID?
A. 1.1.1.1
B. 10.1.1.1
C. 10.50.1.1
D. 192.168.1.1
Answer: C
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.