2B0-101 ESSE Recertification

2B0-101
ESSE Recertification
Version 1.0
QUESTION NO: 1
The attack category is for events that
A. Attempt to discover weaknesses
B. Map the structure of the network
C. Have the potential to compromise the integrity of an end system.
D. Deny access to resources
Answer: C
QUESTION NO: 2
Virtual Sensors can segregate traffic by?
A. IP Address, VLAN, Port
B. IP Address, VLAN, Port, Protocol
C. IP Address, VLAN, Port, Protocol, Application
D. IP Address, VLAN, Port, Application
Answer: B
QUESTION NO: 3
In an Event Flow Processor (EFP) a consumer can be?
A. A Sensor or an Event Channel
B. An Event channel only
C. An Event channel or an Agent
D. An Agent only
Answer: C
QUESTION NO: 4
Before the host Sensor can be deployed
A. It must be associated with a virtual sensor
B. It must be associated with a host policy
C. Its key must be added to the /usr/dragon/bin directory
D. Its address must be added to /etc/hosts
Answer: B
QUESTION NO: 5
Which of the following Dragon Agents is used for detecting changes to host files?
A. Real Time Console
B. MD5 Sum
C. Alarm Tool
D. Database
Answer: B
QUESTION NO: 6
In a standalone deployment the system will have?
A. A net-config-client.xml file
B. A net-config-server.xml file
C. A net-config-server.xml and a net-con fig-client.xml file
D. A net-config-server.xml, a net-con fig-client.xml and a net-config-reports.xml file
Answer: C
QUESTION NO: 7
MD5 checksums are
A. Stored in a protected directory on the host
B. Appended to the protected file

C. Passed up the event channel to the MD5 Agent
D. Stored in the /usr/dragon/bin directory on the Enterprise Management Server (EMS)
Answer: C
QUESTION NO: 8
Which of the following best describes the commit operation?
A. It uses the configuration channel to push a configuration to a device
B. It uses the event channel to push a configuration to a device
C. It writes a configuration change to the Enterprise Management Server (EMS) database
D. It writes a configuration change to the management clients database
Answer: C
QUESTION NO: 9
Which of the following Dragon Agents sends notifications when the sensors detect an event that
match a rule?
B. MD5 Sum
C. Alarm Tool
D. Database
Answer: C
QUESTION NO: 10
Signature OS
A. Applies signature to network traffic originating from the specified OS
B. Is used for writing Host signatures

C. Is optional on Network signatures
D. Is required on all signatures
Answer: B
QUESTION NO: 11
Dragonctl is used to?
A. Start, stop and monitor the dragon processes on the remote node
B. Write log files
C. Monitor the Ring Buffer
D. Maintain configuration channel connections
Answer: A
QUESTION NO: 12
Virtual sensor names?
A. Are included in events they generate
B. Must match the sensor key
C. Must include the device name
D. Require separate keys
Answer: A
QUESTION NO: 13
Agents can be deployed?
A. Only on non-forwarding Event Flow Processor (EFPs)
B. Only on forwarding Event Flow Processor (EFPs)
C. Only on the Enterprise Management Server (EMS) station
D. On any Event Flow Processor (EFP)
Answer: D
QUESTION NO: 14
The host policy MD5 detection module
A. Detects any changes in the contents of protected file
B. Detects file size increases
C. Detects file truncations
D. Detects ownership changes
Answer: A
QUESTION NO: 15
Traffic direction refers to traffic flows in relation to the
A. Server
B. Protected network
C. Client
D. DMZ
Answer: B
QUESTION NO: 16
The master Alarm Tool Default policy
A. Is write locked
B. Is writable
C. Cannot be copied
D. Cannot be associated with an Agent
Answer: A
QUESTION NO: 17
Which alarm type is best described as: collects information for x period of time, then send event
notifications
A. Real Time
B. Summary
C. Dynamic
D. Interval
Answer: B
QUESTION NO: 18
Agent status will show as Not Available until?
A. The agent is committed
B. The agent is deployed
C. The agent is selected
D. The remote node is deployed
Answer: B
QUESTION NO: 19
Agents can be deployed on?
A. Only the Enterprise Management Server (EMS)
B. Any managed node with a networked sensor deployed
C. Any managed node with host sensor deployed
D. Any managed node
Answer: D
QUESTION NO: 20
If a packet matched the rules for two virtual sensors it will be evaluated by?
A. Both sensors
B. The first sensor it matches
C. The default sensor
D. Overlapping rules are not permitted
Answer: B
QUESTION NO: 21
A Bare Bones Event Flow Processor (EFP) has?
A. Only event channels
B. Event channels and agents
C. Only Agents and Sensors
D. Event channels and sensors
Answer: A
QUESTION NO: 22
Which alarm type is best described as: Sends event notifications as soon as the are triggered
A. Real Time
B. Summary
C. Dynamic
D. Interval
Answer: A
QUESTION NO: 23
When a notification rule is created a __________ can be associated with it.
A. Sensor
B. User
C. Time Period
D. Score
Answer: C
QUESTION NO: 24
Connection type Outbound in the net-config-client.xml file indicates?
A. The server will initiate configuration channel connections
B. The client will initiate configuration channel connections

C. The server will initiate event channel connections
D. The client will initiate event channel connections
Answer: B
QUESTION NO: 25
The default configuration channel port is?
A. 9111
B. 9112
C. 9113
D. 9114
Answer: A
QUESTION NO: 26
In an Event Flow Processor (EFP) the producer?
A. Writes events top memory
B. Takes events off the Ring Buffer
C. Puts events on the Ring Buffer
D. Passes events to Agents
Answer: C
QUESTION NO: 27
Dynamic Collection controls
A. The number of packets to analyze
B. The number of times to execute the signature in a flow
C. The number of follow on packets to capture for forensics
D. The number of bytes to search for a match
Answer: C
QUESTION NO: 28
Alarm Tool filters can filter traffic based on: time (after / before ), Direction, events, IP source or
Destination, protocol and
A. Threat subnet
B. Policy
C. Sensor
D. VLAN
Answer: C
QUESTION NO: 29
The net-config-client.xml file is associated with?
A. The Enterprise Management Server (EMS)
B. Managed node client
C. Enterprise Management Server (EMS) Management Client
D. Reporting server
Answer: B
QUESTION NO: 30
Custom Signature libraries can contain
A. Copies of master signatures and libraries
B. Customized signatures
C. Copies of master signatures and libraries, customized signatures and customized policies
D. Copies of master signatures and libraries and customized signatures
Answer: D
QUESTION NO: 31
The virtual sensor name?
A. Must match the license name
B. Is included in all events reported by the virtual sensor

C. Must include the node name
D. Applies only to the device view
Answer: B
QUESTION NO: 32
The Alarm Tool event group editor tool is used to
A. Select the Network events that will trigger an alarm
B. Add new libraries
C. Select the Network or Host events that will trigger an alarm
D. Edit host policies
Answer: C
QUESTION NO: 33
Alarm Filters are used to
A. Select the destination for notification
B. fine tune the generation of event notifications
C. select the notification protocol
D. select the action to be taken
Answer: B
QUESTION NO: 34
Master Network Libraries
A. Cannot be directly associated with sensors
B. Cannot be directly associated with virtual sensors
C. Can be directly associated with virtual sensors
D. Can be modified
Answer: C
QUESTION NO: 35
The Windows host sensor key
A. Is added to the /usr/keys directory
B. Is pushed from the Enterprise Management Server (EMS) when the managed node is
deployed
C. Is installed manually on the Windows system
D. Is pushed from the Enterprise Management Server (EMS) when the sensor is deployed
Answer: C
QUESTION NO: 36
The Host Sensor Virtual Sensor module
A. Associates host policies to the sensor
B. Allows the sensor name contained within an event to be overridden with configured values
C. Allows signatures to be associated with the sensor
D. Allows signatures and policies to be associated with the sensor
Answer: B
QUESTION NO: 37
Network policies and signatures are associated with the?
A. Managed node
B. Network sensor
C. Virtual sensor
D. Agent
Answer: C
QUESTION NO: 38
A Non-Forwarding Event Flow Processor (EFP)?

A. Has no event channels
B. Has only sensors
C. Has only Agents
D. Has Event Channels and Agents
Answer: D
QUESTION NO: 39
Virtual Sensors ____________
A. Must each use the same Network Policy
B. Must each use the same Signature Library
C. Must each use the same Network policy but each one can use different Signature Libraries
D. Each one can use different Network policies and Signature Libraries
Answer: D
QUESTION NO: 40
The misuse category is for events that
A. Indicate a successful attack
B. may have potential security ramifications
C. show evidence of a known vulnerability
D. Anything not compromising a host but forbidden by corporate policy
Answer: D
QUESTION NO: 41
Which of the following Dragon Agents Reads events from the ring buffer and stores them in
memory structures for immediate analysis?
B. MD5 Sum
C. Alarm Tool
D. Database
Answer: A
QUESTION NO: 42
The default event channel port is?
A. 9111
B. 9112
C. 9113
D. 9114
Answer: B
QUESTION NO: 43
The host sensor name
A. Must match the license key
B. Is for display purposes only
C. Is included in events generated by the sensor
D. Must include the managed node name
Answer: C
QUESTION NO: 44
In a signature the service direction refers to
A. Ports
B. Networks
C. VLANS
D. Protocols
Answer: A
QUESTION NO: 45
A networks sensor can have ______ virtual sensors?

A. 1
B. 2
C. 3
D. 4
Answer: D
QUESTION NO: 46
Enterprise Management Server (EMS) database files are?
A. Flat Files
B. XML Files
C. SQL records
D. Binary records
Answer: B
QUESTION NO: 47
Master network policy modules
A. Are write locked
B. Are write enables
C. Can be directly associated with sensors
D. Can be directly associated with virtual sensors
Answer: A
QUESTION NO: 48
Thresholds can be set to
A. Reduce false positives
B. Turn alarming on and off
C. Limit the number of events seen by Alarm Tool
D. Limit the number of sensors sending events

Answer: A
QUESTION NO: 49
Dpmmwctl controls what?
A. Remote sensor processes
B. The connections that make up the configuration channel
C. The connections that make up the Event channel
D. Database updates
Answer: B
QUESTION NO: 50
The Enable follow on signature check box
A. Enables dynamic packet collection
B. Enables combination signatures
C. Enables macro signatures
D. Applies signature to dynamically collected traffic
Answer: D
QUESTION NO: 51
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role should be
assigned to ports where:
A. Only IT operations may access the network
B. Only trusted users may access the network
C. Trusted users may access the network as well as untrusted users
D. The Guest Access policy role should only be dynamically assigned to ports as a result of
successful authentication
Answer: C
QUESTION NO: 52
Which of the following QUESTION NO:s is a consideration when defining an Acceptable Use
Policy for
the network:
A. Which applications are business-critical to trusted users on the network?
B. Where are untrusted users allowed to connect to the network?
C. Which protocols should not be utilized by untrusted and trusted users, representing an attack
or misuse of the network?
D. All of the above
Answer: D
QUESTION NO: 53
When configuring a highly restrictive policy role in NetSight Policy Manager with the highest
level
of security, such as the Quarantine policy, the default access control setting for the policy role
should be set to:
A. Deny
B. Allow
C. Redirect to a remediation server
D. CoS Priority 0
Answer: A
QUESTION NO: 54
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from a user masquerading as a valid service on the network?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Application Provisioning AUP service

D. Limit Exposure to DoS Attacks service
Answer: B
QUESTION NO: 55
The following components are mandatory for static policy deployment on the network:
A. NetSight Policy Manager and policy-capable devices
B. NetSight Policy Manager, policy-capable devices, and authentication services
C. NetSight Policy Manager and any type of device
D. NetSight Policy Manager only
Answer: A
QUESTION NO: 56
The Guest Access policy role cannot be configured to:
A. Allow only HTTP traffic onto the network
B. Allow PPTP VPN access for guests on the network
C. Authenticate guest users on the network
D. Discard layer 3 protocols not supported on the network
Answer: C
QUESTION NO: 57
A new virus has been identified on the Internet causing an infected system to listen to TCP port
X
for allowing remote connections to the infected device. Since port X is not used for any
businesscritical
applications on the network, the network administrator can most effectively protect his/her
network without severely impacting business continuity by configuring and enforcing policy to
the Active Edge that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X

C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: D
QUESTION NO: 58
A Policy Profile:
A. Defines a collection of classification rules and default packet handling logic
B. Maps to an organizational role within the enterprise for the allocation of network resources
C. May be assigned to multiple ports on a device
D. All of the above
Answer: D
QUESTION NO: 59
In the deployment of static policy on the network, a policy-capable device, such as the Matrix
Nseries,:
A. Classifies ingressed traffic on the network
B. Centrally defines and pushes out the policy configuration for the network
C. Periodically updates the policy configuration in NetSight Policy Manager
D. Maintains periodic contact with other policy-capable switches on the network
Answer: A
QUESTION NO: 60
Which of the following is not a pre-defined Port Group in NetSight Policy Manager to:
A. All ports
B. Authenticated ports
C. Logical ports
D. CDP ports
Answer: B
QUESTION NO: 61
Fill in the blank. It is necessary to ______ policy configuration changes to the switches in
NetSight Policy Manager before the changes can take effect.
A. Mediate
B. Enforce
C. Compile
D. Encrypt
Answer: B
QUESTION NO: 62
By not dropping packets formatted with TCP/UDP source port 67 and TCP/UDP source port 53
on user ports, a user can:
A. Execute DNS server spoofing attacks
B. Execute man-in-the-middle-attacks to compromise data confidentiality
C. Execute a DoS attack by allocating bogus IP address to other end systems on the network
D. All of the above
Answer: D
QUESTION NO: 63
An Acceptable Use Policy for the network should define:
A. Which types of traffic trusted users only are allowed to generate on the network
B. Which types of traffic untrusted users only are allowed to generate on the network
C. Which types of traffic trusted and untrusted users are allowed to generate on the network
D. Which types of traffic guest users only are allowed to generate on the network
Answer: C
QUESTION NO: 64
X for allowing remote connections to the infected device. If a network administrator desires to
prevent an internal user from connecting to an infected device, the network administrator should
configure and enforce policy for malicious users to the Active Edge of the network that:
C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: A
QUESTION NO: 65
In a multi-vendor environment, where is the placement of a policy capable device most effective
in discarding malicious traffic and protecting the entire network:
A. At the access layer edge
B. At the distribution layer
C. In the DMZ
D. In the core
Answer: A
QUESTION NO: 66
When deploying static policy to the network,:
A. The NetSight Policy configuration must be enforced to the policy-capable devices before
policy
roles are assigned to ports
B. The Phased Implementation Approach should be used to minimize inadvertent negative
impact to business-critical applications on the network
C. Updating the policy configuration across the entire network requires enforcing the altered
policy configuration in NetSight Policy Manager and then reassigning the altered policy roles to
device ports
D. A and B
Answer: D
QUESTION NO: 67
Which of the following authentication methods requires a default policy role to be assigned to
the
port when the authentication method is enabled:
A. MAC-based authentication
B. 802.1X authentication
C. Port Web Authentication
D. All of the above
Answer: C
QUESTION NO: 68
A new policy role, Staff, is created under the Roles tab in NetSight Policy Manager. To use the
Staff policy role to classify ingressed traffic for static policy deployment, the network
administrator
must at a minimum:
A. Do nothing else. Once the Staff policy role is created in NetSight Policy Manager, the
network
begins classifying traffic according to the configuration of Staff
B. Enforce NetSight Policy Managers policy configuration to policy-capable devices only
C. Enforce NetSight Policy Managers policy configuration to policy-capable devices and also
assign the Staff policy role to a port
D. Enforce NetSight Policy Managers policy configuration to policy-capable devices, assign the
Staff policy role to a port, and enable authentication on the port.
Answer: C
QUESTION NO: 69
As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role should be
statically assigned to ports where:
B. IT operations may access the network as well as trusted users
C. IT operations may access the network as well as trusted and untrusted users
D. Only trusted users may access the network
Answer: A
QUESTION NO: 70
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning - AUP
service is designed to group classification rules that:
A. Discard malicious traffic
B. Prioritize traffic by assigning various classes of service to different applications
C. Discard unsupported protocols
D. Discard traffic associated to DoS attacks
Answer: B
QUESTION NO: 71
If a policy role is configured in NetSight Policy Manager to allow all traffic by default, then to
increase the security level of the policy role, the classification rules associated to this policy role
should be configured to:
A. Allow traffic
B. Prioritize traffic to CoS Priority 5
C. Rewrite the ToS field of traffic
D. Deny traffic
Answer: D
QUESTION NO: 72
The Device Configuration Wizard and Port Configuration Wizard in NetSight Policy Manager
can
be used to:
A. Configure a group of devices or ports on devices with the same configuration at one time
B. Add/remove network elements in NetSight Policy Manager
C. Enforce the NetSight Policy Manager policy configuration to a group of devices
D. Configure user-to-policy role mapping on the enterprise networks RADIUS server
Answer: A
QUESTION NO: 73
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning Supplemental service is designed to:
A. Discard malicious traffic
B. Prioritize mission critical traffic by provisioning on-demand QoS
C. Discard unsupported protocols
D. Rate limit traffic associated to DoS attacks
Answer: B
QUESTION NO: 74
The Guest Access policy role is implemented by:
A. Assigning the Guest Access policy role as the default policy on ports
B. Successfully authenticating guest users on the network and dynamically assigning the Guest
Access policy role
C. Assigning the Guest Access policy role to traffic sourced from the MAC address of guest
users
D. All of the above
Answer: A
QUESTION NO: 75
With VLAN-based containment for guest networking, guest users are both potential victims and
threats to each other on the network because:
A. Guests are more likely to be infected by malware when surfing the Internet
B. Guest access to critical infrastructure resources cannot be controlled
C. Traffic sourced from guests is controlled at the VLAN egress point, not upon ingress to the
network
D. Guests are placed on the production VLAN where trusted users can attack guest users
Answer: C
QUESTION NO: 76
In the context of NetSight Policy Manager, a Service is a
A. Feature set that is assigned after authentication exchange and the port is available
B. Feature used to assign access control and/or class of service to network traffic based on its
OSI layer
C. Feature used to enforce the default role on a port
D. A group of one or more classification rules.
Answer: D
QUESTION NO: 77
In a multi-vendor environment where 3 rd party devices are located at the edge of the network
and are not policy-capable, installing a policy-capable device in the distribution layer:
A. Protects the network core from internally sourced attacks
B. Protects the server farm from internally sourced attacks
C. Secures other access layer segments connected through the policy-capable distribution layer
device
D. All of the above
Answer: D
QUESTION NO: 78
In the deployment of dynamic policy, ports providing access to untrusted users and are enabled
with authentication should be configured with an unauthenticated behavior set to:
A. Discard
B. Default role of Enterprise Access
C. Default role of Guest Access
D. Default role of Administrator
Answer: C
QUESTION NO: 79
Which of the following is false about VLAN-based containment for guest networking:
A. Guest VLANs drop unwanted traffic before this traffic enters the network
B. Guest VLANs still allow guests to freely communicate to other guests within the same VLAN
C. Guest VLANs must be spanned across the network increasing the complexity of the network
topology
D. Multiple guest VLANs may need to be configured based on the topology of the network, such
as size of broadcast domains and deployment of remote sites
Answer: A
QUESTION NO: 80
X for allowing remote connections to the infected device. If a network administrator desires to
prevent infected devices from being further exploited within the enterprise network, the network
administrator should configure and enforce policy for infected devices to the Active Edge of the
network that:

C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: B
QUESTION NO: 81
As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role should
be assigned to ports where:
B. Only trusted users may access the network
C. Trusted users may access the network as well as untrusted users
D. Any type of user may access the network
Answer: B
QUESTION NO: 82
The following components are mandatory for dynamic policy deployment on the network:
A. NetSight Policy Manager and policy-capable devices
B. NetSight Policy Manager, policy-capable devices, and authentication services
C. NetSight Policy Manager and any device
D. NetSight Policy Manager only
Answer: B
QUESTION NO: 83
In the deployment of dynamic policy, the authentication of an end system on the network can:
A. Dynamically assign a policy role to the port of connection based on the users business-aligned
organizational unit
B. Allow location-independent network resource allocation for authenticating users on the
network
C. Deny network access to end systems with invalid credentials

D. All of the above
Answer: D
QUESTION NO: 84
the network from Denial of Service attacks on the network?
B. Deny DoS Attacks service
C. Limit Exposure to DoS Attacks service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 85
A network administrator has identified that a new operating system installed on a large number
of
end devices on the network natively supports IPv6 as well as IPv4, and these end systems
attempt to communicate over IPv4 and IPv6 by default. To improve the network utilization
efficiency and avoid reconfiguring each individual end system, to which service would the
network
administrator most likely add a drop IPv6 traffic classification rule?
C. Threat Management service
Answer: A
QUESTION NO: 86
X for allowing remote connections to the infected device. Since port X is used for a businesscritical
application on the network, the network administrator can most effectively protect his/her
network
without severely impacting business continuity by configuring and enforcing policy to the Active
Edge that:

C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: C
QUESTION NO: 87
As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role is
associated
to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Acceptable Use Policy service group
Answer: A
QUESTION NO: 88
A policy role named User_Group_A is configured with a default access control of Allow and
classification rules to discard SNMP and SSH traffic. The User_Group_A policy role is most
applicable to which group of users in allocating network resources to end systems on the
network:
A. Users that have violated network security policy

B. Trusted users that have successfully authenticated to the network
C. Users that are in high risk of violating the network security policy
D. Users that should be limited to utilizing only a few protocols on the network
Answer: B
QUESTION NO: 89
In traditional VLAN-based containment for guest networking, guests are:
A. Each placed in separate guest VLANs
B. All placed in the same guest VLAN or several guest VLANs
C. Isolated from communicating to one another
D. Placed on the production VLAN and each controlled with policy
Answer: B
QUESTION NO: 90
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role is
associated to:
A. No services
D. All services grouped under the Secure Guest Access service group
Answer: D
QUESTION NO: 91
In the deployment of static policy on the network, NetSight Policy Manager:
A. Classifies ingressed traffic locally on the device where NetSight Policy Manager is installed
B. Defines and pushes a policy configuration out to devices on the network
C. Is used to update the policy configuration of a switch after it is rebooted
D. Maintains periodic contact with policy-capable switches on the network so the switch can pull
down the policy configuration on demand
Answer: B
QUESTION NO: 92
The advantages to using protocol-based containment via policy for guest networking over
VLANbased
containment is:
A. Policy drops unwanted traffic sourced from guests before this traffic enters the network
B. Policy can be configured to control how guests communicate to other guests on the network,
even within the same VLAN
C. Guest users can reside on the production VLAN while network security is maintained.
Therefore, guest VLANs do not need to be deployed on the network
D. All of the above
Answer: D
QUESTION NO: 93
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, reduces
network congestion by removing legacy protocols from the network such as IPX?
Answer: A
QUESTION NO: 94
As defined in NetSight Policy Managers demo.pmd file, the Secure Guest Access Service Group:
A. Allows PPTP and HTTP traffic only, and discards all other traffic
B. Allows HTTP, DNS, and DHCP traffic only, and discards all other traffic
C. Allows PPTP, HTTP, DNS, and DHCP traffic, and denies access to all other TCP/UDP ports
and unsupported protocols on the network
D. Discards all traffic
Answer: C
QUESTION NO: 95
As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role is
associated to:
A. No services
D. All services grouped under the Acceptable Use Policy service group
Answer: D
QUESTION NO: 96
Which of the following is not a traffic attribute for which a classification rule may be
configured?
A. MAC address
B. PHY and PMD sub-layers
C. TCP/UDP port number
D. IP address
Answer: B
QUESTION NO: 97
the network from well-known layer 4 ports utilized in various attacks and exploits on the
network?
B. Deny Layer 4 Attack Ports service

D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 98
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning Supplemental service is associated to the:
A. Enterprise User role only
B. Enterprise User role and Enterprise Access role
C. Enterprise Access role only
D. Enterprise Access and Guest Access role
Answer: A
QUESTION NO: 99
The RADIUS Filter-ID parameter is used to:
A. Authenticate users
B. Authenticate a RADIUS client
C. Pass policy information to a switch to authorize an authenticated user with a level of network
access
D. Discard traffic destined for a RADIUS server
Answer: C
QUESTION NO: 100
Port Groups can be used in NetSight Policy Manager to:
A. Group ports based on location
B. Group ports based on speed
C. Group ports based on whether untrusted users have physical access to these ports
D. All of the above

Answer: D

2B0-101 ESSE Recertification

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

2B0-101 ESSE Recertification

Загружено:

Авторское право:

Доступные форматы

2B0-101

B. Appended to the protected file

B. Is used for writing Host signatures

B. The client will initiate configuration channel connections

B. Is included in all events reported by the virtual sensor

A Non-Forwarding Event Flow Processor (EFP)?

A networks sensor can have ______ virtual sensors?

D. Limit the number of sensors sending events

C. Application Provisioning AUP service

B. Discards traffic sourced from TCP port X

B. Discards traffic sourced from TCP port X

C. Deny network access to end systems with invalid credentials

A. Discards traffic destined to TCP port X

A. Users that have violated network security policy

B. Deny Layer 4 Attack Ports service

D. All of the above

Вам также может понравиться