156-215.75 Online Practice Questions and Answers

Over the weekend, an Administrator without access to SmartDashboard installed a new R75 Security Gateway using SecurePlatform. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?

A. You first need to initialize SIC in SmartUpdate.

B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

C. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server.

D. You first need to run the fw unloadlocal command on the new Security Gateway.

The third shift administrator was updating security management server access setting in global properties. He managed to lock the entire Administrator out of their accounts. How should you unlock these accounts?

A. Logging to smart dash board as special cpconfig_admin account. Right click on each administrator object and select Unlock.

B. Type fwm lock_admin ua from the command line of the security management server

C. Reinstall the security management Server and restore using upgrade _imort

D. Delete the file admin .lock in the sfwdir/ tmp/directory of the security managem,ent server.

How can you check whether IP forwarding is enabled on an IP Security Appliance?

A. clish c show routing active enable

B. echo 1 > /proc/sys/net/ipv4/ip_forwarding

C. ipsofwd list

D. cat/proc/sys/net/ipv4/ip_forward

Which item below in a Security Policy would be enforced first?

A. Administrator-defined Rule Base

B. Network Address Translation

C. IP spoofing/IP options

D. Security Policy "First" rule

Which rules are not applied on a first-match basis?

A. Cleanup

B. User Authentication

C. Session Authentication

D. Client Authentication

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

A. Users being authenticated by Client Authentication have to re-authenticate.

B. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

C. All FTP downloads are reset; users have to start their downloads again.

D. All connections are reset, so a policy install is recommended during announced downtime only.

Which of these security policy changes optimize Security Gateway performance?

A. Use Automatic NAT rules instead of Manual NAT rules whenever possible

B. Putting the least-used rule at the top of the Rule Base

C. Using groups within groups in the manual NAT Rule Base

D. Using domain objects in rules when possible

You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?

A. View the status of currently installed licenses

B. Perform the actual license-upgrade process

C. View the licenses in the SmartUpdate License Repository

D. Simulate the license-upgrade process

Which set of objects have an Authentication tab?

A. Networks. Hosts

B. Users, Networks

C. Users, User Groups

D. Templates, Users

Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are:

A. encrypted using SIC and re-encrypted again by the Community regardless of VPN domain configuration.

B. encrypted by the Community.

C. not encrypted, only authenticated.

D. encrypted using SIC.