分类:
2009-05-12 15:03:51
1. Which statement accurately describes the "config rollback" feature?
A.Once the "config rollback" feature is enabled, it allows the administrator to re-apply a previously saved configuration file from flash.
B.The "config rollback" feature is enabled by default, it allows the administrator to re-apply a previously saved configuration file from flash.
C.Once the "config rollback" feature is enabled, it allows the administrator to re-apply a locked configuration file from a separate area in flash.
D.Once the "config rollback" feature is enabled, it allows the administrator to revert to the prior ScreenOS image or configuration file in the event an upgrade operation aborts.
Answer: C
2. Click the Exhibit button.
In the exhibit, which interface would be used to forward traffic to host 1.1.7.5?
A.e0/1
B.e0/2
C.e0/3
D.e0/4
Answer: C
3. Which ScreenOS WebUI button reorders policies?
A.Shift
B.Move
C.Reorder
D.Transfer
Answer: B
4. Which type of NAT is performed when you implement interface-based NAT?
A.source IP address translation
B.destination IP address translation
C.source IP and port address translation
D.destination IP and port address translation
Answer: C
5. In the packet forwarding decision process, how is the second packet handled differently than the first in a series of allowed interzone packets?
A.The second packet causes an ARP query.
B.The second packet is checked against the policy table.
C.The second packet is forwarded without a sanity check.
D.The second packet is forwarded without checking the route table.
Answer: D
6. You are looking at the event log of the responding device and it says,
"Rejected an initial Phase 1 packet from an unrecognized peer gateway"
What are three likely reasons for the failure? (Choose three.)
A.The peer ID is misconfigured.
B.The default gateway is missing.
C.The preshare keys are mismatched.
D.The gateway address is misconfigured.
E.The outgoing interface is misconfigured.
Answer: ADE
7. Which command would you run to check IPSec Phase 1 active status?
A.get sa
B.get event 427
C.get sa active
D.get ike cookie
Answer: D
8. By default, from which hardware component is the startup copy of the ScreenOS loaded?
A.NVRAM
B.TFTP server
C.internal flash
D.PCMCIA card
Answer: C
9. A ScreenOS firewall has the correct interfaces addressed and active. A policy is written allowing interzone FTP traffic from a directly connected client. But the traffic does not cross the firewall from the client to the server.
What is the most likely problem with the firewall?
A.The ScreenOS firewall has no physical connection to the FTP server.
B.The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C.The ScreenOS firewall does not have a route defined to the FTP servers' subnet.
D.The ScreenOS firewall does not have a route defined to the FTP clients subnet.
Answer: C
10. When a firewall receives the first packet in a series, what will it immediately do?
A.Check its route table.
B.Check its session table.
C.Determine if traffic is crossing zones.
D.Verify that it is not malformed or a fragment.
Answer: D