|
Question 1. Which parameter(s) can you modify on a predefined service? A. source IP, source port range, destination IP, destination port range, and protocol B. protocol timeout C. source port, destination port and protocol D. source port range, destination port range, and protocol Answer: B Question 2. Which two steps are required for MIP configuration? (Choose two.) A. Configure the MIP interface. B. Define the MIP ports. C. Define the MIP. D. Configure the MIP policy. Answer: C, D Question 3. You have created a route-based VPN in your ScreenOS device. When the remote device tries to connect you see the following message in your event log, "No policy exists for the proxy id received". Which two would cause this to occur? (Choose two.) A. the tunnel interface is configured in a different zone than the physical interface B. a proxy-id conflict C. the remote device is a policy-based VPN D. an unbound tunnel interface Answer: B, C Question 4. Which ScreenOS CLI command is used to verify MIP operation? A. get session B. get nat C. get translation D. get mip Answer: A Question 5. Exhibit: You work as an administrator at ITCertKeys.com. Study the exhibit carefully. In the exhibit, if you configure NAT-src on interface e0/4, and do not specify a DIP, which address will be used as the outbound source address of packets destined for the Internet? A. 143.45.56.254 B. NAT-src requires a DIP C. 143.45.56.1 D. the original source address Answer: C Question 6. What needs to be configured in Phase 2 of a route-based VPN, that does not need to be configured in a policy-based VPN? A. tunnel-binding B. transport mode C. proxy-id D. custom proposals Answer: A Question 7. While looking at your policies using the WebUI, you notice that the green permit policy has turned blue. What would cause this? A. The policy is currently passing traffic beyond its traffic limits and is in alarm state. B. The policy is configured to support a MIP. C. The policy is configured for unidirectional NAT. D. The policy is currently inactive. Answer: C Question 8. Exhibit: You work as an administrator at ITCertKeys.com. Study the exhibit carefully. In the exhibit, you need to make a bidirectional gateway between the SSG 5 and the SSG 550. Which gateway address will you configure on the SSG 550 for the VPN? A. 20.0.0.1 B. 10.0.0.1 C. 4.4.4.250 D. 1.1.1.250 Answer: D Question 9. In the packet forwarding decision process, how is the second packet handled differently than the first in a series of allowed interzone packets? A. The second packet causes an ARP query. B. The second packet is forwarded without checking the route table. C. The second packet is forwarded without a sanity check. D. The second packet is checked against the policy table. Answer: B Question 10. Exhibit: You work as an administrator at ITCertKeys.com. Study the exhibit carefully. In the exhibit, to enable interface-based NAT between Host A and Host D, which interface(s) must be in NAT mode? A. e0/4 B. e0/3 and e0/4 C. e0/1 and e0/2 D. e0/1 E. e0/1 and e0/4 Answer: D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.