|
Question 1.
You are a technician at ITCertkeys. You tell your newly appointed ITCertkeys trainee that Cisco PIX Firewalls utilize transparent identity verification at the firewall, and that it makes smart decisions for access or denial. After authentication, the Cisco PIX shifts session flows so that all subsequent traffic receives more rapid routing than proxy servers enable.
Your trainee now wants to know what this process is called. What would your reply be?
A. LEAP
B. RADIUS
C. Cut-Through Proxy
D. Cut-Through Switching
Answer: C
Question 2.
The IT group in an organization would be in favor of centralized Security Management tools because they _________. (Choose three)
A. Provide convenient billing services.
B. Help them identify new threats more quickly.
C. Make their job easier installing and monitoring security functions.
D. Provide assurance that the security policy is being applied uniformly.
Answer: B, C, D
Question 3.
Which technology allows companies to securely transport data across the Internet?
A. Data encryption
B. Intrusion Detection
C. High-speed switching
D. Quality of Service (QoS)
Answer: A
Question 4.
A _____ is a set of hardware and software that is implemented at a particular spot on a network infrastructure to enforce the security policy of an organization.
A. Router
B. Switch
C. VPN concentrator
D. Cisco PIX Firewall
E. Cisco Intrusion Detection (IDS) System
Answer: E
Question 5.
Which feature hides Internet network IP addresses from the outside?
A. Host Standby Protocol
B. Advanced Quality of Service
C. Network Address Translation
D. Context-based Access Control
Answer: C
Question 6.
A customer needs to connect smaller branch office locations to its central site and desires a more
which solution should you recommend?
A. V3PN solution
B. Site-to-site VPN solution
C. Remote access VPN solution
D. Redundant Services Termination solution
Answer: C
Question 7.
Which is a cost effective VPN solution?
A. VPN concentrators
B. VPN modules for the routers
C. VPN modules for the firewalls
D. VPN modules for the switches
Answer: B
Question 8.
What is the main function of the Cisco VPN Client?
A. Initiates V3PN connection with Cisco VPN routers.
B. Sets up Secure Socket Layer connection to the web host.
C. Provides application layer connection to the remote web server.
D. Establishes encrypted tunnels with a remote access VPN concentrator.
Answer: D
Question 9.
VPN-enabled routers connect branch and regional offices. They deliver single-box solutions that offer an integrated package of routing, firewall, intrusion detection, and VPN functions. What is this type of VPN solution called?
A. Site to site VPN
B. VPN encryption
C. SSL termination
D. Remote access VPN
Answer: A
Question 10.
What are the defensible boundaries within a network that allow a security policy to be strategically enforced?
A. Firewalls
B. Perimeter networks
C. Cisco IOS Firewalls
D. Network integrity points
Answer: B
Explanation:
A network security policy focuses on controlling the network traffic and usage. It identifies a network's resources and threats, defines network use and responsibilities, and details action plans for when the security policy is violated. When you deploy a network security policy, you want it to be strategically enforced at defensible boundaries within your network. These strategic boundaries are called perimeter networks.
Reference:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm#xtocid3
Question 11.
Small and medium business often cannot afford dedicated, redundant firewall options. What is
the most economical way for them to achieve firewall functionality?
A. Use the Cisco IOS software firewall features.
B. Depend on router access lists for network security.
C. Activate firewall services provided by their service provider.
D. Rely on security features included in their applications software.
Answer: A
Question 12.
Firewalls can be implemented on which three devices? (Choose three)
A. Routers
B. Software
C. Content engines
D. Web appliances
E. Dedicated hardware devices
Answer: A, B, E
Question 13.
What functionality can be used in conjunction with the Cisco PIX Firewall to manage access to Internet sites and selectively block individual of groups of Internet sites?
A. 3 DES
B. URL filtering
C. Centralized configurations
D. Access Control List (ACLs)
Answer: B
Question 14.
Businesses must be able to define and protect sensitive portions of their networks and guard against intrusive access form potentially harmful applications.
The first line of defense that most organizations implement is _______.
A. Firewall security
B. User accounting
C. A Virtual Private Network.
D. An Intrusion Protection system
Answer: A
Question 15.
Establishing two Cisco PIX Firewalls that run parallel ensures that if one firewall malfunctions, the second automatically maintains security operations. Implementing this feature assures that the firewall is always on.
What is this configuration called?
A. URL filtering
B. Hot Standby
C. Standards-based VPN
D. Centralized Configuration Builder
Answer: B
Question 16.
What is a company's last means of perimeter defense between the intellectual assets of an organization and the Internet if they choose not to implement a firewall solution?
A. Their routers
B. Their service provider
C. The Intrusion Protection System
D. The Security Management System
Answer: A
Question 17.
What are three security functions that Host IDS performs? (Choose three)
A. Protection of critical servers within the network.
B. Secure session encryption using industry standards.
C. Facilitation of client changes and updates to their passwords.
D. Proactive event notification that is sent to network administration.
E. Real-time monitoring of network traffic at pre-determined points in the network.
Answer: A, D, E
Question 18.
What is a benefit of implementing BOTH Network IDS and Host IDS?
A. Network IDS can protect a network from probes and Host IDS can protect vulnerable servers.
B. Wireless LANs become more secure with the additional LEAP and encryption provided by
Network and Host IDS.
C. Router performance can be increased by offloading Network and Host IDS functions to
security appliances and servers.
D. Private VLAN security provided through Network and Host IDS decreases propagation of
attacks by isolating critical servers.
Answer: A
Question 19.
How does Cisco Intrusion Protection address the financial impact of a possible network outage? (Choose two)
A. Allows simplified network management.
B. Identifies and reacts to known or suspected network intrusion and anomalies.
C. Reduces additional financial losses by shutting down the network on intrusion.
D. Prevents losses that are due to both hacker attacks and internal violations of security policy.
Answer: B, D
Question 20.
Which product is best for real-time monitoring and protecting a network (from unauthorized activities, denial of service attacks, port sweeps) and is able to take actions against these attacks?
A. Cisco Security Agent
B. Cisco IDS 4200 family
C. Cisco VPN Concentrator
D. Cisco PIX Firewall Appliances
Answer: B
|
Question 1.
Which files should be acquired from a Windows 2003 Server system crash with a Dr. Watson error?
A. drwtsn32.log
B. vmcore.log
C. core.log
D. memory.log
E. info.log
Answer: A
Question 2.
VPN debugging information is written to which of the following files?
A. FWDIR/log/ahttpd.elg
B. FWDIR/log/fw.elg
C. $FWDIR/log/ike.elg
D. FWDIR/log/authd.elg
E. FWDIR/log/vpn.elg
Answer: C
Question 3.
fw monitor packets are collected from the kernel in a buffer.
What happens if the buffer becomes full?
A. The information in the buffer is saved and packet capture continues, with new data stored in
the buffer.
B. Older packet information is dropped as new packet information is added.
C. Packet capture stops.
D. All packets in it are deleted, and the buffer begins filling from the beginning.
Answer: D
Question 4.
Which file provides the data for the host_table output, and is responsible for keeping a record of all internal IPs passing through the internal interfaces of a restricted hosts licensed Security Gateway?
A. hosts.h
B. external.if
C. hosts
D. fwd.h
E. fwconn.h
Answer: D
Question 5.
You modified the *def file on your Security Gateway, but the changes were not applied. Why?
A. There is more than one *.def file on the Gateway.
B. You did not have the proper authority.
C. *.def files must be modified on the SmartCenter Server.
D. The *.def file on the Gateway is read-only.
Answer: C
Question 6.
Assume you have a rule allowing HTTP traffic, on port 80, to a specific Web server in a Demilitarized Zone (DMZ).
If an external host port scans the Web server's IP address, what information will be revealed?
A. Nothing; the NGX Security Server automatically block all port scans.
B. All ports are open on the Security Server.
C. All ports are open on the Web server.
D. The Web server's file structure is revealed.
E. Port 80 is open on the Web server.
Answer: E
Question 7.
Which of the following types of information should an Administrator use tcpdump to view?
A. DECnet traffic analysis
B. VLAN trunking analysis
C. NAT traffic analysis
D. Packet-header analysis
E. AppleTalk traffic analysis
Answer: D
Question 8.
Which statement is true for route based VPNs?
A. IP Pool NAT must be configured on each gateway
B. Route-based VPNs replace domain-based VPNs
C. Route-based VPNs are a form of partial overlap VPN Domain
D. Packets are encrypted or decrypted automatically
E. Dynamic-routing protocols are not required
Answer: E
Question 9.
The list below provides all the actions Check Point recommends to troubleshoot a problem with an NGX product.
A. List Possible Causes
B. Identify the Problem
C. Collect Related Information
D. Consult Various Reference Sources
E. Test Causes Individually and Logically
Select the answer that shows the order of the recommended actions that make up Check Point's troubleshooting guidelines?
A. B, C, A, E, D
B. A, E, B, D, C
C. A, B, C, D, E
D. B, A, D, E, C
E. D, B, A, C, E
Answer: A
Question 10.
NGX Wire Mode allows:
A. Peer gateways to establish a VPN connection automatically from predefined preshared
secrets.
B. Administrators to verify that each VPN-1 SecureClient is properly configured, before allowing it
access to the protected domain.
C. Peer gateways to fail over existing VPN traffic, by avoiding Stateful Inspection.
D. Administrators to monitor VPN traffic for troubleshooting purposes.
E. Administrators to limit the number of simultaneous VPN connections, to reduce the traffic load
passing through a Security Gateway.
Answer: C
Question 11.
Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the Initial Policy?
A. fw monitor
B. cp policy
C. cp stat
D. fw policy
E. fw stat
Answer: E
Question 12.
A SecuRemote/SecureClient tunnel test uses which port?
A. UDP 18233
B. UDP 2746
C. UDP 18234
D. TCP 18231
E. UDP 18321
Answer: C
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.