VPN-1/FireWall-1 Management III -NG
Exam Questions, Answers, Braindumps
Thanx to www.exams.ws for providing
You can tell if CPMAD is enabled because you see the
message "FireWall-1: Starting cpmad (Malicious
Activity Detection)" when you perform a fwstart.
True of false?
When installing FW-1 on a Windows NT platform, what
state should IP forwarding be in for correct FW-1
What is true about detecting "blocked connection
A. It requires less memory than general port scanning
B. It is less secure than general port scanning
C. It is more secure than general port scanning
D. It requires more memory than general port scanning
Answer: A, B
In a load sharing MEP environment accessed by secuRemote.
What is true about gateway selection?
A. SecuRemote will choose the gateway closest to the
B. SecuRemote will use the first gateway to respond
C. SecuRemote will chose the gateway randomly
D. SecuRemote will prefer its primary gateway if both
Which two types of overlapping encryption domains
are supported by FW-1?
A. Partial overlap
B. Full overlap
C. Proper subset
D. Partial subset
Answer: B, C
What does LDAP stand for?
A. Link level Direct Access Process
B. Layered Directory Administration Protocol
C. Layer Dependent Administration process
D. Lightweight Directory Access Protocol
By default a Windows NT platform enables both TCP/IP
and IPX. What does FW-1 do with any IPX traffic?
A. Logs it, then drops it
B. Allows it through without being inspected
C. Drops all traffic regardless
D. Inspects the traffic and decide whether to allow
When using IP pools for MEP VPN access, where would
you specify the pool to be used for a particular gateway?
A. The NAT screen of the gateway's properties configuration
B. The ADVANCED screen of the gateway's properties
C. The VPN screen of the gateway's properties screen
D. The TOPOLOGY screen of the gateway's properties
What is the maximum limit to the number of secondary
management modules allowed?
A. No limit
What is a land attack?
A. It causes incomplete TCP connections
B. It involves gaining access by imitating an authorized
C. It involves scanning for ports on an IP address
that will allow access
D. It causes a server to send packets to itself
If CPMAD terminates, how can you restart it?
A. By using the GUI log client
B. It automatically starts itself
C. By using fw cpmadstart
D. By using fwstop/fwstart
What is true when using SEP high availability encryption
A. Gateways must use the same FW-1 build level.
B. All of these
C. You must use a distributed installation of VPN-1/FW-1
D. Gateways must use the same platform and OS
E. Gateways must run identical policies
In a resilient MEP topology, what mechanism can be
used by SecuRemote to determine that the primary gateway
is still available?
A. TCP Ping
B. TCP keepalives
C. RDP status queries
D. UDP ping
Which are two network related conditions required
by high availability in SEP VPN's?
A. The gateways must be synchronized
B. Traffic must be redirected correctly to the backup
gateway when the primary gateway fails
C. The gateways must use identical MAC addresses
D. NTP (network time protocol) must be configured
between both gateways
Answer: A, B
How much memory is reserved for the VPN-1/FW-1 kernel
on a Nokia platform?
A. 5 MB
B. 15 MB
C. 3 MB
D. 10 MB
Which of the following should be disabled in a Windows
NT platform when installing FW-1?
D. All of them
E. DHCP relay
CPMAD will try to connect to the LEA server a number
of times before giving up. What are the default values
for the number of connection attempts and the time
interval between them?
A. 20 times with 30secs between attempts
B. 10 times with 60secs between attempts
C. 5 times with 60secs between attempts.
D. 10 times with 10secs between attempts
When making changes to users in an LDAP server using
the policy editor user manager, when will the changes
A. After the user database is downloaded
B. When you log out of policy editor
C. After a policy download
D. When cache times out
Answer: A, C, D
Addresses allocated from an IP pool remain allocated
for a configurable period, even after all connections
to that address are closed. What is the default time
before the address is returned to the pool?
A. 120 mins
C. 30 mins
D. 60 mins
How often will SecuRemote check for the availability
of a VPN gateway by default?
A. 60 secs
B. 120 secs
C. 30 secs
D. 90 secs