|
Question 1. Address book entries identify hosts and networks by their location in relation to what? A. Network entries in the routing table B. A listing of addresses in the ARP table C. Security zones on the firewall D. An interface on the firewall Answer: C Explanation: Question 2. Which two options allow proper configuration of NAT-dst? (Choose two.) A. A static route to the appropriate subnet using a private interface as the outbound interface B. The default address book entry of "any" in the internal zone C. The default address book entry of "any" in the external zone D. An address book entry for the address to be translated in the internal zone Answer: A, D Explanation: Question 3. Which three options allow proper configuration of NAT-dst? (Choose three.) A. The default address book entry of "any" in the external zone B. An address book entry for the address to be translated in the internal zone C. A static route to the appropriate subnet using a private interface as the outbound interface D. The default address book entry of "any" in the internal zone E. A secondary address on one of the interfaces in the internal zone Answer: B, C, E Explanation: Question 4. Which two protocols are defined in the IPSec standard? (Choose two.) A. ESP B. IKE C. GRE D. AH Answer: A, D Explanation: Question 5. What is the purpose of the "Permitted IP" address on a ScreenOS device? A. It is used in policy rules to determine which user traffic is allowed through the ScreenOS device B. It defines a list of addresses that are trusted to perform management on the ScreenOS device C. It is the address that an external device uses to gain management access to a ScreenOS device D. It defines which range of addresses that can access devices connected to the ScreenOS device Answer: B Explanation: Question 6. See the exhibit: Exhibit: In the exhibit, which routing command would allow Host A to communicate with host C? A. Set route 0.0.0.0/0 int e0/3 gateway 177.11.56.254 B. Set route 1.1.70.0 interface e0/3 gateway 177.11.56.254 C. Configure route 1.1.70.0/24 gateway 177.11.56.254 int e0/3 D. Set route 1.1.70.0/24 interface e0/3 gateway 177.11.56.254 Answer: D Explanation: Question 7. What are two benefits of configuring a ScreenOS device in transparent mode? (Choose two.) A. Policies are easier to create since you do not have to include source and destination IP addresses B. There is no need to create MIPs or VIPs for incoming traffic to reach protected servers C. The product can support more VPNs and obtain greater throughput because there is less overhead to manage D. There is no need to reconfigure the IP addresses of routers or protected servers Answer: B, D Explanation: Question 8. Which statement accurately describes the "config rollaback" feature? A. Once the "Config rollback" feature is enabled, it allows the administrator to re-apply a previously saved configuration file from the flash B. Once the "Config rollback" feature is enabled, it allows the administrator to revert to the prior ScreenOS image or configuration file in event an upgrade operation aborts C. The "Config rollback" feature is enabled by default, it allows the administrator to re-reply a previously saved configuration file from flash D. Once the "Config rollback" feature is enabled, it allows the administrator to re-apply a locked configuration file from a separate area in flash Answer: D Explanation: Question 9. See the exhibit: Exhibit: Which order of policies would allow all five policies to be effective in matching traffic? A. 3,4,2,5,1 B. 3,2,1,5,4 C. 5,3,1,2,4 D. 4,5,3,2,1 Answer: A Explanation: Question 10. Which ScreenOS CLI commands would be used to enable traffic logging in policy edit mode? A. Set policy traffic-log B. Set traffic-log C. Set log D. Set logging Answer: C Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.