Term
|
Definition
| An agreement between two gateways to exchange data securely |
|
|
Term
| Site-to-site VPN Security Policies are typically configured to negotiate using aggressive mode when: |
|
Definition
| One peer has a static and the other has a dynamically assigned WAN IP address |
|
|
Term
| What are two examples of a denial-of-service attack? |
|
Definition
"Flooding" a network to prevent legitimate network traffic access Power outage
Attempts to disrupt service to a specific system |
|
|
Term
| What Phase 1 IKE Exchange mode is used for establishing a client VPN connection using GVC? |
|
Definition
|
|
Term
| Various classes of NAT behavior relate to how UDP bindings are managed within a NAT. These have been classified into four types |
|
Definition
| Full Cone - Port-restricted cone - Symmetric - Restricted Cone |
|
|
Term
| When Geo-IP filter is enabled, connections are blocked |
|
Definition
| To/From selected countries |
|
|
Term
| How does the SonicWALL maintain persistence with outbound load balancing? |
|
Definition
| Source IP and Destination IP |
|
|
Term
| Restoring a firewall using a backup settings image causes the SonicOS appliance to: |
|
Definition
|
|
Term
| While in SonicOS appliance is in SafeMode, it will accept the following type traffic |
|
Definition
|
|
Term
| SonicOS supports several object classes. Which of the following are supported types Address Objects? |
|
Definition
|
|
Term
| Proper server configuration and data backup practices are defined in which section of a security policy? |
|
Definition
|
|
Term
| If you are unable to connect to the SonicWALL security appliance’s management interface, or you want to restart the SonicWALL security appliance in Safemode, you should: |
|
Definition
| Hold down the reset button with a pin for 5-8 seconds and then connect the browser to 192.168.168.168. |
|
|
Term
| Your organization has 3 departments: HR, Accounting, and Engineering. Each department has its own dedicated server. Only employees working in a department can access that department's server. Which of the following options should you implement? |
|
Definition
|
|
Term
| What are the different types of SIP Servers (Select all that apply)? |
|
Definition
| Proxy Server - Redirect Server - Registrar Server |
|
|
Term
| Select the correct statements related to HA best practices from the following: (Select all that apply) |
|
Definition
| The primary and backup appliances must be the same model. - The primary and backup appliances must run the same version of Firmware |
|
|
Term
| What does the firewall setting of Bandwidth Aggregation Per Policy enable? |
|
Definition
| Each policy can consume up to the maximum configured bandwidth even when multiple policies are active at the same time |
|
|
Term
| The Company's security policy is to only allow WWW browsing by all internal users; no other internet traffic is permitted. Assuming that you are allowing DNS, what are the "Best Practices" firewall rules to accomplish this. Assume the following column headings: (Select the one best answer) |
|
Definition
| LAN > WAN(Intersection) - Any(Source) - Any(Destination) - HTTP(Service) - Allow(Action) - All(Users) |
|
|
Term
| Content Filtering Services applies to which of the following traffic protocols? (Select all that apply.) |
|
Definition
|
|
Term
| The administrator wants to force all of a remote users' Internet traffic to go through the security appliance once they have successfully logged in, using the SSL VPN client. How would the administrator accomplish this? |
|
Definition
| Enable the Tunnel All Mode. |
|
|
Term
| With a T1 primary WAN connection (Static IP) and a Cable ISP failover/backup connection (Dynamic IP), what VPN mode should be selected to connect back to the corporate site? |
|
Definition
|
|
Term
| Connection limiting is controlled by the… |
|
Definition
|
|
Term
| Which of the following choices is the best way to identify vulnerabilities? |
|
Definition
| Performing scans on your private network internally, as well as externally (the Internet) is the best way to identify vulnerabilities. |
|
|
Term
| Which of the following is a differentiating technology used in next generation firewalls? |
|
Definition
|
|
Term
| Customer requires the following configured in App Control Advanced - IM Category to be blocked for all users except Managers Group; allow Yahoo Messenger for Accounts Group; allow Skype for Marketing. Which of the following method would accomplish customer's requirement? |
|
Definition
| Enable Block under Category: IM and Exclude Managers user group; Disable Block under Application: Yahoo Messenger and Include Accounts user group; Disable Block under Application: Skype and Include Marketing user group. |
|
|
Term
| Logging into an HA pair's virtual IP address guarantees connecting to the Active unit. |
|
Definition
|
|
Term
| The customer is experiencing continous failovers in their HA pair. What could create this issue? |
|
Definition
| Stateful High Availability is selected with "Enable Pre-empt Mode" enabled |
|
|
Term
| Select the correct statement for License Synchronization between firewalls in High Availability |
|
Definition
| The firewalls in HA pair need to be registered in the same MySonicWALL Account for license synchronization |
|
|
Term
| Customer has created an App Rules policy to block the FTP command PUT with appropriate Match Object. The policy is successfully blocking PUT commands from hosts behind the SonicWALL. However, the customer requires that certain FTP servers on the WAN be excluded from this policy. What configuration would fulfill customer's requirement. |
|
Definition
| Add the servers in the Exclusion field of the App Policy. |
|
|
Term
| Select the recommended firmware upgrade procedure on the firewall when in Stateful HA? |
|
Definition
| Log into the virtual IP of the HA pair. Go to System>Settings and click Upload Firmware. The HA pair will automatically update both units with the new firmware. |
|
|
Term
| Select the correct steps to remove High Availability association between two firewalls in Mysonicwall.com. |
|
Definition
| Login Mysonicwall.com > Look for Backup firewall serial number > Under Parent Product Section > Click Remove |
|
|
Term
| In the event of an HA failover with the Virtual MAC feature enabled, how does the rest of the network send traffic correctly to the Backup unit instead of Primary unit? |
|
Definition
| The change is transparent to the rest of the network: the backup unit will automatically assume the Virtual MAC address and resume traffic flow. |
|
|
Term
| Select the correct steps to be followed when replacing the defective Primary Unit in High Availability with a new one: |
|
Definition
| Login to Primary unit > Disable High Availability > Remove the Backup Serial number > Import the settings in the New Primary unit > Enable High Availability on the New Primary Unit > Add the serial number of Backup unit |
|
|
Term
| What does the firewall setting of Bandwidth Aggregation Per Policy enable? |
|
Definition
| Each policy can consume up to the maximum configured bandwidth even when multiple policies are active at the same time |
|
|
Term
| The SonicWALL Administrator has only one WAN Public IP address. The WAN IP address is configured as the firewall's WAN interface. The administrator wants to create a DMZ Zone for one Web server with a private IP address. The Web server on the DMZ must be available to all Internet users. What one configuration does the administrator need to make on the firewall? |
|
Definition
| Configure both NAT and WAN to DMZ firewall rules to allow HTTP service to the Web server |
|
|
Term
| The content of the License Management screen is served from: |
|
Definition
| SonicWALL's license manager servers located in the cloud |
|
|
Term
| In which of the following networks would you utilize OSPF over RIP routing? (select all that apply)) |
|
Definition
| Medium office which makes use of different routers, some with 1g ports, others with 10g ports. - Large enterprise office whose networking require going over fifteen routers. |
|
|
Term
| Assuming a Route Based VPN Tunnel with multiple, redundant routes are configured, what happens if the active route fails? |
|
Definition
| The SonicWALL appliance will re-route the traffic over the next highest priority active route. |
|
|
Term
| Which of the following statements are true about the default gateway? (Select two) |
|
Definition
| It can be used to access resources outside of a hosts broadcast domain - It serves as the route of last resort for internal hosts |
|
|
Term
| The firewall will automatically download the various certificates in the Registration Authority (RA) or Certificate Authority (CA) certificate chain when the SSL-DPI feature is enabled. |
|
Definition
|
|
Term
| What impact does NAT have on a VoIP call? |
|
Definition
| Causes the call to be misdirected - Blocks both inbound and outbound calls |
|
|
Term
| What are the features of a typical Client DPI-SSL deployment on a SonicWALL firewall (Select all that apply)? |
|
Definition
| The firewall does not require additional CA certificates - The firewall re-writes the certificate sent by the remote server and replaces it with the certificate specified in the Client DPI-SSL configuration - The firewall owns the certificates for the content it is inspecting |
|
|
Term
| During the establishment of an SSL connection, certificates are often used as part of the authentication process. If a server offers a certificate for authentication to a client, which of the checks below should the client make? (Select all that apply) |
|
Definition
The identity of the issuer of the certificate should be checked to verify that the issuer is in a list of trusted certification authorities or can be trusted through a chain of issuers
The version number and protocol version in the certificate should be inspected to validate that the certificate's cryptographic parameters as established by the certification authority are acceptable to the client
The signature applied to the certificate by the server should be checked to verify that the server is in possession of the private key which matches the public key in the certificate. |
|
|
Term
| Which authentication always occurs during a successful SSL connection? |
|
Definition
| The client authenticates itself to the server |
|
|
Term
| What part of a packet does Stateful Packet Inspection technology examine? |
|
Definition
Header and data
Nota: Se for mais de uma, então também marcar Source and Destination IP address |
|
|
Term
| Assuming a Route Based directions can be set when creating a App Rules Policy of type App Control Content: |
|
Definition
|
|
Term
| What are the uses of AppFlow Reporting (Select all that apply)? |
|
Definition
| Application monitoring - Authentication |
|
|
