Exam Title

: Nortel 920-448 : NNCSE-Alteon Security

Version : R6.1

www.prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com..

www.prepking.com

 1. Which command describes how to configure RIP Routing? A. /cfg/route/rip B. /cfg/net/route/rip C. /cfg/route/rip1 or rip2 D. /cfg/net/route/rip1 or rip2 Answer: B

2. An ASF cluster has the following configuration: ? multiple firewall directors ? accelerator components to be updated and configured as a whole This is know as what type of configuration? A. NAAP B. Clustering C. Management IP Address D. Single System Image (SSI) Answer: D

3. A support engineer wants to add multiple devices to a cluster. How can they verify that the MAC address of the secondary ASF has been detected by the master ASF? A. /cfg/d B. /info/net C. /i/fw/cluster D. /cfg/acc/cur Answer: D

4. By default on the ASF 5000 series platform, which port or ports are set to use the NAAP protocol? A. Port 9 B. Ports 1-5 C. Ports 6,7, and 8 D. Ports 5,6,7,and 9 Answer: C

www.prepking.com

 5. A support engineer is tasked to troubleshoot a network consisting of an ASF 5010 Cluster of two SFD's and two SFA's with 2.0 software running sync on Ethernet 2 between the two SFD's. The support

engineer types in the ?info/clu?command and notices synch errors. What can be concluded about the synch error messages? (Choose two.) A. SFD lost communication with SFA. B. Policy has not been pushed to cluster. C. The two SFD's lost communication with their GW. D. One of the SFD's sync ports has been unplugged. E. No valid checkpoint license has been installed onto the cluster. Answer: BD

6. In order to achieve stateful fail-over between an ASF cluster, where must synchronization be configured?(Choose two.) A. the Alteon Accelerator B. the Alteon Switched Firewall C. the Checkpoint SMART TRACKER D. the Check Point management server Answer: BD

7. A support engineer upgraded an ASF network from 2.0 to 3.0 using the .pkg file and noticed problems within the existing OSPF network. What is the most likely cause of the problem? A. The ARP Cache has filled up. B. The routing table has maxed out inadvertently. C. Upgrading from 2.0 to 3.0 does not support an OSPF upgrade. D. OSPF neighbors have lost communication with the ASF running OSPF. Answer: C

8. A support engineer is logged into an ASF via the Command line interface (CLI). Which command would the engineer issue to see the current Check Point Firewall versions that are installed? A. /cfg/dump
www.prepking.com

 B. /info/fw/cur C. /cfg/software/cur D. /cfg/fw/software/cur Answer: D

9. A support engineer wants to monitor real time sessions going through a firewall. Which command will accomplish this task? A. cp fw mon B. FW monitor C. /i/fw/session D. via the log viewer Answer: B

10. What is the proper way to install a Central Checkpoint License? A. /cfg/pnp/add B. /cfg/fw/liscense C. via Secure update D. /maint/fw/liscense Answer: C

11. Which command describes how to configure the OSPF Virtual Link under OSPF? A. /cfg/net/ospf/virt B. /cfg/route/ospf/virt C. /cfg/route/ospf/virtual D. /cfg/net/route/ospf/virt E. /cfg/net/route/ospf/virtual Answer: D

12. A support engineer is unable to establish a SIC trust between the EMC and ASF director. What should the support engineer do to resolve this problem?(Choose two.)
www.prepking.com

 A. Ensure the license is installed. B. Unload the local policy from the ASF Director. C. Ensure that the firewall is enabled and running. D. Ensure the EMC Manager is set within the access list. E. Make sure your policy has an accept rule to allow communication. Answer: BC

13. A customer has multiple networks behind a firewall and wants to combine them into one port. Which command best describes how to accomplish this objective? A. /cfg/net/port 3/vtag yes B. /cfg/net/port 3/trunk yes C. /cfg/net/port 3/tag enable D. /cfg/net/port 3/vtag enable E. /cfg/net/trunk 1/add 3/add 4 Answer: A

14. A support engineer wants to set up a port trunk configuration in an Alteon network. Which factors determine how the port trunk configuration is implemented?(Choose two.) A. Up to 5 trunk groups can be configured. B. Up to 4 ports can belong to a trunk group. C. Port load distribution is determined by L2 and L3 information. D. VLAN, filter and NAAP settings are inherited from the trunk backup port. E. Port link properties of the trunk members are inherited from the trunk master port. Answer: BC

15. What is the command on the ASF to enable Checkpoint FW session Sync? A. /cfg/fw/ena B. /cfg/vrrp/ena C. /sync/fw/ena D. /cfg/fw/sync/ena
www.prepking.com

 Answer: D

16. A customer has an ASF network running 2.0 software. The network is experiencing intermittent user connectivity problems. What is the most likely cause of the problem? A. Vlan's are misconfigured. B. EMC has lost contact with the ASF. C. ARP Cache has reached max high water. D. The hosts that are not able to connect were not defined within the access list. Answer: C 17. In order to safely remove an ASA from a functioning cluster, which two steps must be taken? (Choose two.) A. telnet to the ASA in question and issue the /boot/delete command B. telnet to the ASA in question and issue the /boot/remove command

C. disconnect the selected ASA from the network and perform a /boot/delete from the command line D. connect to the MIP and delete the ASA from the cluster using the delete command in the iSD host menu: (/cfg/sys/cluster/host #) Answer: AC

18. A Government agency needs to accelerate SSL traffic while at the same time ensuring persistency via cookies and performing end to end encryption. accomplish this goal?(Choose three.) A. Portal Mode B. SSL Connect C. HTTP Connect D. Load Balancing E. Connection Pooling Answer: BDE Which features must be configured on the ASA to

19. An administrator suspects port issues are occurring on a 184 webswitch. What would an administrator NOT do in troubleshooting this problem?
www.prepking.com

 A. check STP states B. disabling and enabling the IP interface C. note changes after disconnecting/connecting cable and/or resetting the switch D. check SYSLOG messages to see if information about the port is listed (/info/log) E. check port statistics and look for error counters, for example ? /stats/port <port-number>/ether ? /stats/port <port-number>/if/ifInErrors Answer: B

20. Which statements apply to an Alteon SSL Accelerator running in non-transparent proxy mode?(Choose two.) A. requires non transparent to use any load balancing switch B. decrypts encrypted traffic and uses the ASA's own IP address when initiating sessions sent to backend real servers C. decrypts encrypted traffic and maintains the original client IP address when initiating sessions to backend real servers D. cannot be implemented without the use of RTS enabled on Alteon load balancing switches to provide successful backend packet redirection Answer: AB

21. An administrator of an ASF cluster removes a defective SFD from a cluster and plugs in a new one. The following SYSLOG error message appeared: o free IP addresses available for automatic cluster join? How can the administrator rectify this situation? (Choose two.) appeared: ?o free IP addresses available for automatic cluster join? How can the administrator rectify this situation? (Choose two.) A. Allocate and add more addresses by using the /config/pnp menu of the CLI. B. Purchase new addresses from you sales rep. as all of the free ones are gone. C. Allocate and add more addresses by using the command dd IP address?when logged in as oot? Allocate and add more addresses by using the command ?dd IP address?when logged in as ?oot? D. Remove all traces of the old SFD from the cluster using the command /cfg/sys/clu/host <n>/del/apply. Answer: AD
www.prepking.com

This will free up the IP address that was previously in use.

22. An administrator wants to observe the number of completed SSL client connections on a current virtual SSL server. Which command should the administrator use? A. /stats/sslcurrent B. /stats/sslconnect C. /stats/sslcomplete D. /stats/sslnumber Answer: B

23. Using the CLI, which command should be issued to view the CPU utilization statistics for the management processor? A. /stats/cpu B. /stats/mp/cur C. /stats/mp/util D. /stats/cpu/mp E. /stats/mp/cpu Answer: E 24. An ASA administrator is deploying a backend server running outlook web access (OWA). In order to successfully connect to this service, client authentication is required. How does the ASA facilitate end-to-end encryption? A. End-to-end encryption is not supported when backend servers require client certificate authentication. B. By forwarding the public key of the external client to the load balanced backend server to end-to-end encrypted session. C. By dynamically generating a client certificate based on the external client certificate and forwarding it to the backend server. D. By establishing an SSL session to the backend server using a statically generated client certificate and splicing a connection from the external client. Answer: D an

25. How are upgrades between minor/major releases usually performed?

www.prepking.com

 A. boot image upgrade from boot user from console connection B. package image upgrade from admin user from console connection C. package image upgrade from admin user from telnet connection to cluster MIP address D. package image upgrade from certadmin user from telnet connection to cluster MIP address Answer: C

26. An ASA administrator will be adding an existing certificate and key pair to the ASA. Which format describes the ASA capability of importing SSL certificates? A. 3DES, PEM, x.519 B. DER, PKCS7, x.519 C. PEM, PKCS7, PKCS12 D. PKCS7, PKCS8, PKCS12 Answer: C

27. How are additional ASAs added to a cluster?(Choose three.) A. in the pnp menu select dd? LQWKHSQSPHQXVHOHFW ? GG B. log in as admin and import the configuration using /cfg/gtcfg C. connecting the new ASA using similar port types as existing cluster members D. powering up the new device and joining the cluster using the join command from the setup menu E. providing an available IP address within the same subnet as the existing ASA cluster management network Answer: CDE

28. A customer brings up a web switch and receives the following

SYSLOG error message: annot contact

default gateway <ip_address>? The A customer brings up a web switch and receives the following SYSLOG error message: ?annot contact default gateway <ip_address>? The gateway is the inside

interface of the corporate firewall and the link shows a status of p?on the port of the webswitch and the firewall. The gateway is the inside interface of the corporate firewall and the link shows a status

of ?p?on the port of the webswitch and the firewall. The default, ICMP health check, is utilized. What is the BEST step/solution to resolving this issue assuming the firewall is not at fault?
www.prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/920-448.htm