| rasheed 2002-01-02, 7:49 pm |
| Can anyone answer any of these questions? Someone posted them but noone replied to them.I guess it's because noone knew the answers. They might appear on the ccsa exam.
#You are a FW administrator with a
management station
managing 3 different firewalls.The system status
display of one of the FW shows a computer icon with
"!" in the status column.Which of the following is the
most likely cause?
a)The "destination" object has been defined as
external
b)The rule base is unable to resolve the IP address
c)The firewall has been halted
d)The firewall is unprotected , no security policy is
loaded
----
#The SecuRemote kernel is installed between the ---- &
----
a)TCP/IP protocol stack and Hardware card
b)Network and Hardware card
c)TCP/IP protocol stack and NIC driver
a)TCP/IP protocol stack and Network
----
#What command is used to extend the interval of the
timeout in a NAT table to prevent a hidden TCP
connection from losing its port?
a) fwd_tcp_todefaultext?w 0x<num>
b) fwx_tcp_expiration?w 0x<num>
c) fwx_tcp_todefaultextend?w 0x<num>
d)c) fwx_tcp_timeout?w 0x<num>
e) fwx_tcp_expdefaultextend?w 0x<num>
---
#Fully automatic Client authentication provides
authentication for TCP and UDP protocols whether
supported by those protocols or not.
TRUE/FALSE
---
# When a management server fetches SNMP & other
management information from a firewall, is the packet
encrypted?
a) is it always
b)only if encryption is purchased
c)only if the manager is in the firewalls encryption
domain
d)only if control map is set to FWA1
e)only if "Encrypt Firewall control connection" is
checked in the global properties section
----
#You are a FW administrator with a management station
managing 2 different firewalls.One of the firewalls
does not show up in the dialog box when attempting to
install a security policy.Which of the following is
the most likely cause?
a) No Masters file was created
b)The license of multiple firewalls has expired
c)The firewall not rebooted
d)The firewall not listed in the "Install on" column
of the rule
e)The firewall listed as external in the workstations
properties dialog box
---
#You have setup Static NAT to allow internet traffic
to an internal webserver.You notice that any HTTP
attempts to that machine are being dropped in the log
due to rule0.Which of the following is the most likely
cause?
a)Spoofing on the internal interface is set to "this
Net"
b)Spoofing on the external interface is set to
"Others"
c)you do not have a rule that above HTTP access to the
internal webservers
d)you do not have a rule that above HTTP access to any
destination
----
#Your company has requested that you provide external
internet users access to an interal webserver that has
unreserved/illegal IP address .You have a valid IP
address to publish that has been given to you by your
ISP.You also control the router between the external
interface of the FW and the internet.Select the
responses below that includes correct actions
necessary to implement static NAT.
1)Publish an arp entry on the external interface of
the firewall for the valid IP address.
2)Publish an arp entry on the internal webserver for
the valid IP address.
3)Place the static route on the firewall from the
valid IP address to the internal webserver.
4)Place the static route on the router from the valid
IP adress to the firewall external IP address.
what are the 2 correct answers?? and why not 2&3??
---
# Assume that you are working in WinNT OS .What is the
default expiration time for a Hide NAT connection not
showing any UDP activity?
Time in seconds please!!
---
#Which NAT mode is necessary if you want to start an
HTTP session to a server on a illegal IP address?
[HERE "Hide " ALSO WORKS, BUT WHY NOT "Static source"
?] |