1. A customer has an established base of GVC VPN users with a WAN GroupVPN policy configured. The customer wants to begin an implemen- tation for SSL VPN
... [Show More] users. The existing group of GVC VPN users must be converted to SSL VPN users because the SonicWALL security appliance does not support both types of VPN users.: FALSE
2. SSL VPN eliminates the need for remote access authentication.: FALSE
3. Which of the following correctly describes how a bandwidth management rule works?
-Can be configured for all VPN traffic
-Only applies to outbound traffic from the firewall to the WAN or any other destination
-Can be configured only for individual VPN Security Associations
-Only applies to inbound traffic from the WAN to the firewall: Can be config- ured for all VPN traffic
4. What are the benefits provided by a VPN (select all that apply)?
-Securely connects distributed networks together
-Prevents denial-of-service attacks on remote connections
-Enables a remote connection to the LAN via the Internet
-Assures remote clients have up-to-date anti-virus software
-Provides data confidentiality and sender authentication: -Securely connects distributed networks together
-Enables a remote connection to the LAN via the Internet
-Provides data confidentiality and sender authentication
5. What benefits are provided by a VPN (select all that apply)?
-Reporting
-Increased capacity
-Scalability
-Encryption
-Security: -Scalability
-Encryption
-Security
6. Which of the following is the most basic firewall technology?
-Packet filtering
-Single firewall
-Deep packet inspection
-Application proxies: -Packet filtering
7. The default firewall access rule allows all communication from the LAN to the Internet.
-True
-False: -True
8. What are two advantages of a multiple firewall?
-Protects restricted special resources
-Offers protection from external attacks while each network segment has free access to other segments
-Helps protect entire departments: What are two advantages of a multiple firewall?
-Protects restricted special resources
9. What is the purpose of a security policy?
-To authenticate the process by which users and devices are identified and granted access to the network
-To monitor the network security and make sure the firewall is configured properly to prevent inappropriate usage
-To make it more difficult for hackers to locate a security hole in a network's gateway
-To describe how a company wants to approach security, including rules of conduct and the determination of acceptable risk: -To describe how a company wants to approach security, including rules of conduct and the determination of acceptable risk
10. What question would you ask to get specific information on user restric- tions?
-What kinds of network traffic will you allow?
-Will the computers be locked away from the public, or will they have access
to the hardware?
-Will users be allowed to login at any time, from any location, to any machine?
-Who should be allowed to access your services?: -Will users be allowed to login at any time, from any location, to any machine?
11. Content Filtering Services applies to which of the following traffic proto- cols? (Select all that apply.)
-HTTPS
-FTP
-HTTP
-Email attachments: -HTTP
-HTTPS
12. If the appliance loses connection to the SonicWALL site rating library: (Select all that apply.)
-CFS blocks all web traffic (based on configuration)
-CFS continues to operate using the last ratings seen
-CFS allows all web traffic (based on configuration)
-CFS must use its internal logic to identify which traffic to block: -CFS blocks all web traffic (based on configuration)
-CFS allows all web traffic (based on configuration)
13. With SonicWALL CFS, network administrators have a flexible tool to provide comprehensive filtering based on which of the following? (Select all that apply.)
-Allowed domain designations
-Time of day
-SMTP
-Keywords
-LDAP Groups
-Forbidden domain designations
-FTP: -Allowed domain designations
-Time of day
-Keywords
-Forbidden domain designations
14. The default CFS policy when assigned "Via Users and Zones Screens" should be the most restrictive.
-True
-False: True
15. The SonicWALL Log can be exported in the following formats: (Choose all that apply)
-Log View
-Comma-separated value (CSV)
-Tab Delimited
-Plain text: -Comma-separated value (CSV)
-Plain text
16. Which SonicWALL security services use the Deep Packet Inspection engine? (Select all that apply)
-IPS
-Anti-Spyware
-GVC
-GAV
-CFS: -IPS
-Anti-Spyware
-GAV
-CFS
17. A SonicWALL security appliance configured with Gateway Anti-Virus verifies and enforces the Desktop Anti-Virus client to the downstream work- station.
-True
-False: -False
18. The SonicWALL GAV engine can perform base64 decoding without ever reassembling the entire base64 encoded email stream.
-True
-False: -True
19. When you select "Prevent All" in the IPS Global Settings of the Son- icWALL security appliance for High Priority Attacks, this allows all blocked attacks to be entered into the Log file of the security appliance.
-True
-False: -False
20. SonicWALL GAV includes advanced decompression technology that can automatically decompress and scan files on a per packet basis to search for viruses and malware.
-True
-False: -True
21. The SonicWALL security appliance maintains an Event log for tracking potential security threats.
-True
-False: -True
22. Which Security Services of the SonicWALL security appliance use the SonicWALL Deep Packet Inspection engine?
-IPS, GAV, Anti-Spyware, and Viewpoint
-IPS, Anti-Spyware, Content Filtering
-IPS, GAV, and Anti-Spyware
-Global VPN Client: -IPS, GAV, and Anti-Spyware
23. In order for SonicWALL's Deep Packet Inspection engine to provide pro- tection, where must GAV, IPS, and/or Gateway Anti-Spyware be configured?
-Firewall rules
-Enforced in the Zones and enabled in security services
-Address objects
-Zones
-NAT policies and firewall rules: -Zones
24. Which of the following LB/Failover methods would be selected if an administrator wanted to specify how much outbound traffic is sent through the primary and secondary WAN interfaces?
-Active/Passive
-Ratio based
-Round Robin
-Spill-Over based: -Ratio based
25. How does the SonicWALL maintain persistence with outbound load bal- ancing?
-SSL Session ID
-Source IP and Destination IP
-Source and Destination Port
-Session Cookies: -Source IP and Destination IP
26. One requirement of WAN ISP Failover and Load balancing is?
-Twin-ax cables
-Standard OS
-A second ISP connection
-Cross-Over cable: -A second ISP connection
27. When WAN failover occurs, the firewall re-establishes all sessions using the new WAN interface with no traffic interruption thanks to the stored and tracked session states.
-True
-False: -False
28. Besides Probe Monitoring, one requirement of WAN ISP Failover and Load balancing is?
-Static IP Addresses on both WAN Interfaces
-Twin-ax cables
-Available Interface that can be configured as a secondary WAN
-Standard OS: -Available Interface that can be configured as a secondary WAN
29. The Company's security policy is to only allow WWW browsing by all internal users; no other internet traffic is permitted. Assuming that you are allowing DNS, what are the "Best Practices" firewall rules to accomplish this. Assume the following column headings:
(Select the one best answer)
--LAN > WAN(Intersection) - Any(Source) - Any(Destination) - HTTP(Service)
- Allow(Action) - All(Users)
--WAN > LAN(Intersection) - Any(Source) - Any(Destination) - DNS(Service) - Allow(Action) - All(Users)
--WAN > WAN(Intersection) - Any(Source) - Any(Destination) - Any(Service) - Deny(Action) - All(Users)
--LAN > WAN(Intersection) - Any(Source) - Any(Destination) - Any(Service) - Allow(Action) - All(Users)
--WAN > LAN(Intersection) - Any(Source) - Any(Destination) - HTTP(Service)
- Allow(Action) - All(Users): --LAN > WAN(Intersection) - Any(Source) - Any(Des- tination) - HTTP(Service) - Allow(Action) - All(Users)
30. Which of the following configurations takes precedence?
-Private NAT rules on DMZ
-Outbound WAN Load Balancing
-Global Public NAT rules
-Outbound Policy Based Route: -Outbound WAN Load Balancing
31. Which of the following LB/Failover methods allows an administrator to specify a threshold at which traffic is also sent out of the secondary WAN Interface?
-Spill-Over based
-Percentage based
-Round Robin
-Active/Passive: -Spill-Over based
32. Check Network Settings is a diagnostic tool which automatically checks the network connectivity and service availability of several pre-defined func- tional areas of SonicOS, returns the results, and attempts to describe the causes if any exceptions are detected.
-True
-False: -True
33. The default factory behavior of a SonicOS appliance is to allow all traffic from the LAN and block all traffic from the WAN.
-True
-False: -True
34. Before you upgrade firmware, you should save some backups and doc- umentation, so that you are prepared to recover easily if something goes
wrong.
-True
-False: -True
35. Which of the following is NOT a valid System boot option:
-Uploaded Firmware
-New Firmware
-Current Firmware
-Current Firmware with Factory Defaults: -New Firmware
36. For any model, when having problems with synchronization with the licensing information, you can try a method which involves a button on the
page which resets the firewall's licensing.
-diag.html
-climgr.html
-adminlocal.html
-debug.html: -diag.html
37. The default IP Address for a SonicOS appliance booted in SafeMode is:
-For Gen 5 192.168.168.1, for Gen 6 192.168.1.1
-For Gen 5 192.168.168.168, for Gen 6 192.168.1.1
-For Gen 5 192.168.168.1, for Gen 6 192.168.1.254
-For Gen 5 192.168.1.254, for Gen 6 192.168.168.168
-For Gen 5 192.168.168.168, for Gen 6 192.168.1.254: -For Gen 5
192.168.168.168, for Gen 6 192.168.1.254
38. To interpret traffic captured by the Packet Capture tool, it is necessary to understand the three-way handshake that occurs for every IKE connection or TCP connection.
True False: True
39. Clicking Create Backup overwrites the existing System Backup firmware image as necessary.
True False: True
40. When a connection completely traverses the firewall, and while the Mon- itor Intermediate Packets setting is enabled, the packet capture filter should show 2 entries for each packet; ingress and egress.
In an inbound NAT scenario, the destination IP should change prior to egress. In an outbound NAT scenario, the source IP should change.
True False: True
41. The Tech Support Report generates a detailed report of the SonicWALL security appliance configuration and status, and can be exported using the Download Report button.
True False: True
42. Setting the Log Monitor to display Emergency level logs will result in the highest priority; most verbose logs.
True
False: False
43. Booting the system with Firmware Diagnostic Enabled is a good practice.
True
False: False [Show Less]