A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?
A. Configure Additional Logging on an additional log server.
B. Network traffic cannot be analyzed when the Security Management Server has a high load.
C. Turn the field Track of each rule to LOG.
D. SmartReporter analyzes all network traffic, logged or not.
正解:A
質問 2:
Which of the following items should be configured for the Security Management Server to authenticate via LDAP?
A. Active Directory Server object
B. WMI object
C. Windows logon password
D. Check Point Password
正解:A
質問 3:
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
B. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
C. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.
D. If you chose Automatic NAT instead, all necessary entries are done for you.
正解:C
質問 4:
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction?
A. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
B. Source setting in Source column always takes precedence.
C. Source setting in User Properties always takes precedence.
D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.
正解:D
質問 5:
UDP packets are delivered if they are ___________.
A. referenced in the SAM related dynamic tables
B. bypassing the kernel by the forwarding layer of ClusterXL
C. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
D. a valid response to an allowed request on the inverse UDP ports and IP
正解:D
質問 6:
If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?
A. 3
B. 9
C. 6
D. 2
正解:C
大村** -
焦っている人におすすめ 156-215.13試験直前の決定版だね!要点をしっかり抑えながら学ぶことができます。