Академический Документы
Профессиональный Документы
Культура Документы
Version : R6.1
www.prepking.com
www.prepking.com
1. Which command describes how to configure RIP Routing? A. /cfg/route/rip B. /cfg/net/route/rip C. /cfg/route/rip1 or rip2 D. /cfg/net/route/rip1 or rip2 Answer: B
2. An ASF cluster has the following configuration: ? multiple firewall directors ? accelerator components to be updated and configured as a whole This is know as what type of configuration? A. NAAP B. Clustering C. Management IP Address D. Single System Image (SSI) Answer: D
3. A support engineer wants to add multiple devices to a cluster. How can they verify that the MAC address of the secondary ASF has been detected by the master ASF? A. /cfg/d B. /info/net C. /i/fw/cluster D. /cfg/acc/cur Answer: D
4. By default on the ASF 5000 series platform, which port or ports are set to use the NAAP protocol? A. Port 9 B. Ports 1-5 C. Ports 6,7, and 8 D. Ports 5,6,7,and 9 Answer: C
www.prepking.com
5. A support engineer is tasked to troubleshoot a network consisting of an ASF 5010 Cluster of two SFD's and two SFA's with 2.0 software running sync on Ethernet 2 between the two SFD's. The support
engineer types in the ?info/clu?command and notices synch errors. What can be concluded about the synch error messages? (Choose two.) A. SFD lost communication with SFA. B. Policy has not been pushed to cluster. C. The two SFD's lost communication with their GW. D. One of the SFD's sync ports has been unplugged. E. No valid checkpoint license has been installed onto the cluster. Answer: BD
6. In order to achieve stateful fail-over between an ASF cluster, where must synchronization be configured?(Choose two.) A. the Alteon Accelerator B. the Alteon Switched Firewall C. the Checkpoint SMART TRACKER D. the Check Point management server Answer: BD
7. A support engineer upgraded an ASF network from 2.0 to 3.0 using the .pkg file and noticed problems within the existing OSPF network. What is the most likely cause of the problem? A. The ARP Cache has filled up. B. The routing table has maxed out inadvertently. C. Upgrading from 2.0 to 3.0 does not support an OSPF upgrade. D. OSPF neighbors have lost communication with the ASF running OSPF. Answer: C
8. A support engineer is logged into an ASF via the Command line interface (CLI). Which command would the engineer issue to see the current Check Point Firewall versions that are installed? A. /cfg/dump
www.prepking.com
9. A support engineer wants to monitor real time sessions going through a firewall. Which command will accomplish this task? A. cp fw mon B. FW monitor C. /i/fw/session D. via the log viewer Answer: B
10. What is the proper way to install a Central Checkpoint License? A. /cfg/pnp/add B. /cfg/fw/liscense C. via Secure update D. /maint/fw/liscense Answer: C
11. Which command describes how to configure the OSPF Virtual Link under OSPF? A. /cfg/net/ospf/virt B. /cfg/route/ospf/virt C. /cfg/route/ospf/virtual D. /cfg/net/route/ospf/virt E. /cfg/net/route/ospf/virtual Answer: D
12. A support engineer is unable to establish a SIC trust between the EMC and ASF director. What should the support engineer do to resolve this problem?(Choose two.)
www.prepking.com
A. Ensure the license is installed. B. Unload the local policy from the ASF Director. C. Ensure that the firewall is enabled and running. D. Ensure the EMC Manager is set within the access list. E. Make sure your policy has an accept rule to allow communication. Answer: BC
13. A customer has multiple networks behind a firewall and wants to combine them into one port. Which command best describes how to accomplish this objective? A. /cfg/net/port 3/vtag yes B. /cfg/net/port 3/trunk yes C. /cfg/net/port 3/tag enable D. /cfg/net/port 3/vtag enable E. /cfg/net/trunk 1/add 3/add 4 Answer: A
14. A support engineer wants to set up a port trunk configuration in an Alteon network. Which factors determine how the port trunk configuration is implemented?(Choose two.) A. Up to 5 trunk groups can be configured. B. Up to 4 ports can belong to a trunk group. C. Port load distribution is determined by L2 and L3 information. D. VLAN, filter and NAAP settings are inherited from the trunk backup port. E. Port link properties of the trunk members are inherited from the trunk master port. Answer: BC
15. What is the command on the ASF to enable Checkpoint FW session Sync? A. /cfg/fw/ena B. /cfg/vrrp/ena C. /sync/fw/ena D. /cfg/fw/sync/ena
www.prepking.com
Answer: D
16. A customer has an ASF network running 2.0 software. The network is experiencing intermittent user connectivity problems. What is the most likely cause of the problem? A. Vlan's are misconfigured. B. EMC has lost contact with the ASF. C. ARP Cache has reached max high water. D. The hosts that are not able to connect were not defined within the access list. Answer: C 17. In order to safely remove an ASA from a functioning cluster, which two steps must be taken? (Choose two.) A. telnet to the ASA in question and issue the /boot/delete command B. telnet to the ASA in question and issue the /boot/remove command
C. disconnect the selected ASA from the network and perform a /boot/delete from the command line D. connect to the MIP and delete the ASA from the cluster using the delete command in the iSD host menu: (/cfg/sys/cluster/host #) Answer: AC
18. A Government agency needs to accelerate SSL traffic while at the same time ensuring persistency via cookies and performing end to end encryption. accomplish this goal?(Choose three.) A. Portal Mode B. SSL Connect C. HTTP Connect D. Load Balancing E. Connection Pooling Answer: BDE Which features must be configured on the ASA to
19. An administrator suspects port issues are occurring on a 184 webswitch. What would an administrator NOT do in troubleshooting this problem?
www.prepking.com
A. check STP states B. disabling and enabling the IP interface C. note changes after disconnecting/connecting cable and/or resetting the switch D. check SYSLOG messages to see if information about the port is listed (/info/log) E. check port statistics and look for error counters, for example ? /stats/port <port-number>/ether ? /stats/port <port-number>/if/ifInErrors Answer: B
20. Which statements apply to an Alteon SSL Accelerator running in non-transparent proxy mode?(Choose two.) A. requires non transparent to use any load balancing switch B. decrypts encrypted traffic and uses the ASA's own IP address when initiating sessions sent to backend real servers C. decrypts encrypted traffic and maintains the original client IP address when initiating sessions to backend real servers D. cannot be implemented without the use of RTS enabled on Alteon load balancing switches to provide successful backend packet redirection Answer: AB
21. An administrator of an ASF cluster removes a defective SFD from a cluster and plugs in a new one. The following SYSLOG error message appeared: o free IP addresses available for automatic cluster join? How can the administrator rectify this situation? (Choose two.) appeared: ?o free IP addresses available for automatic cluster join? How can the administrator rectify this situation? (Choose two.) A. Allocate and add more addresses by using the /config/pnp menu of the CLI. B. Purchase new addresses from you sales rep. as all of the free ones are gone. C. Allocate and add more addresses by using the command dd IP address?when logged in as oot? Allocate and add more addresses by using the command ?dd IP address?when logged in as ?oot? D. Remove all traces of the old SFD from the cluster using the command /cfg/sys/clu/host <n>/del/apply. Answer: AD
www.prepking.com
22. An administrator wants to observe the number of completed SSL client connections on a current virtual SSL server. Which command should the administrator use? A. /stats/sslcurrent B. /stats/sslconnect C. /stats/sslcomplete D. /stats/sslnumber Answer: B
23. Using the CLI, which command should be issued to view the CPU utilization statistics for the management processor? A. /stats/cpu B. /stats/mp/cur C. /stats/mp/util D. /stats/cpu/mp E. /stats/mp/cpu Answer: E 24. An ASA administrator is deploying a backend server running outlook web access (OWA). In order to successfully connect to this service, client authentication is required. How does the ASA facilitate end-to-end encryption? A. End-to-end encryption is not supported when backend servers require client certificate authentication. B. By forwarding the public key of the external client to the load balanced backend server to end-to-end encrypted session. C. By dynamically generating a client certificate based on the external client certificate and forwarding it to the backend server. D. By establishing an SSL session to the backend server using a statically generated client certificate and splicing a connection from the external client. Answer: D an
A. boot image upgrade from boot user from console connection B. package image upgrade from admin user from console connection C. package image upgrade from admin user from telnet connection to cluster MIP address D. package image upgrade from certadmin user from telnet connection to cluster MIP address Answer: C
26. An ASA administrator will be adding an existing certificate and key pair to the ASA. Which format describes the ASA capability of importing SSL certificates? A. 3DES, PEM, x.519 B. DER, PKCS7, x.519 C. PEM, PKCS7, PKCS12 D. PKCS7, PKCS8, PKCS12 Answer: C
27. How are additional ASAs added to a cluster?(Choose three.) A. in the pnp menu select dd? LQWKHSQSPHQXVHOHFW ? GG B. log in as admin and import the configuration using /cfg/gtcfg C. connecting the new ASA using similar port types as existing cluster members D. powering up the new device and joining the cluster using the join command from the setup menu E. providing an available IP address within the same subnet as the existing ASA cluster management network Answer: CDE
default gateway <ip_address>? The A customer brings up a web switch and receives the following SYSLOG error message: ?annot contact default gateway <ip_address>? The gateway is the inside
interface of the corporate firewall and the link shows a status of p?on the port of the webswitch and the firewall. The gateway is the inside interface of the corporate firewall and the link shows a status
of ?p?on the port of the webswitch and the firewall. The default, ICMP health check, is utilized. What is the BEST step/solution to resolving this issue assuming the firewall is not at fault?
www.prepking.com
100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/920-448.htm