BIt evaluates and redirects matching traffic into secure tunnels.
CIt provides translation between IP addresses.
DIt performs Layer 2 switching.
On a ScreenOS device, which word appears at the beginning of configuration commands?
Aset
Bconfigure
Cenable
Dcommit
Which action does a ScreenOS device perform first when processing a packet?
AIt checks for an existing session.
BIt checks for attacks in the payload.
CIt performs a route lookup.
DIt performs a policy lookup.
On a ScreenOS device, which three processes does the task CPU handle? (Choose three.)
Apolicy evaluation
Btraffic logging
Csession table clean-up
Dmanagement services
Ebroadcast packet processing
Question 6
Stateful Firewall and Screen Options
0
Question 7
Platform Operations and Services
Question 8
Platform Operations and Services
Question 9
Application Control, Access Control, and Content Security
Question 10
Stateful Firewall and Screen Options
Question 11
Platform Operations and Services
Question 12
Platform Operations and Services
Question 13
Application Control, Access Control, and Content Security
Question 14
Platform Operations and Services
Question 15
Platform Operations and Services
Question 16
Stateful Firewall and Screen Options
Question 17
Stateful Firewall and Screen Options
Question 18
Stateful Firewall and Screen Options
Question 19
Platform Operations and Services
Question 20
Platform Operations and Services
Question 21
Platform Operations and Services
Question 22
Platform Operations and Services
Question 23
Stateful Firewall and Screen Options
Question 24
Platform Operations and Services
Question 25
Stateful Firewall and Screen Options
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
A ScreenOS device evaluates five primary elements when performing a security policy check on a new session. Which five elements are evaluated?
Asource IP address, destination IP address, source route, source port, and destination port
Bsource IP address, destination IP address, source port, destination port, and protocol
Csource IP address, destination IP address, source port, destination port, and payload
Ddestination IP address, source port, destination port, protocol, and payload
You want to enable IPv6 on your ScreenOS device.
Which command should you use to accomplish this goal?
Aset envar ipv6=enable
Bset ipv6 enable
Cset envar ipv6=yes
Dset ipv6 yes
Your ScreenOS device does not have a static IP address. You want to be able to access it using its FQDN. How would you implement this task?
AConfigure a domain in DNS.
BConfigure syslog.
CConfigure SNMP.
DConfigure DDNS.
You have just installed a new ScreenOS device in your network and you want only a select range of IP addresses to have administrative access to the device.
Which choice will allow you to accomplish this?
AConfigure a manager IP.
BConfigure the management interface.
CConfigure a management IP on the trust interface.
DConfigure new system administrators.
You have two interfaces in ZoneA and traffic is passing without any policy configured. You want to control the traffic between the two interfaces.
Which two actions will allow this to happen? (Choose two.)
AConfigure interzone blocking on ZoneA and create a policy in that zone to control the traffic.
BConfigure intrazone blocking on ZoneA and create a policy in that zone to control the traffic.
CMove one of the interfaces to a different zone and create an interzone policy to control the traffic.
DMove one of the interfaces to a different zone and create an intrazone policy to control the traffic.
What is an aggregate interface?
AAn aggregate interface binds two physical interfaces together to create a redundant interface.
BAn aggregate interface binds two or more physical interfaces that share the traffic load.
CAn aggregate interface is the management interface.
DAn aggregate interface is used for VPN tunnels.
Which two statements are true about redundant interfaces? (Choose two.)
AYou can bind two physical interfaces together to create one redundant interface.
BRedundant interfaces bind to a security zone; one physical interface acts as the primary interface, and the other physical interface acts as the secondary interface.
CA redundant interface is the accumulation of two or more physical interfaces that share the same traffic load.
DA redundant interface is the management interface for bridge mode.
Which two actions are performed by a read/write vsys administrator? (Choose two.)
AView the security associations for all virtual systems.
BConfigure a vsys address book entry.
CModify the vsys administrator login name.
DModify the vsys read/write administrator password.
When you create a new virtual system, which zone is automatically created within the vsys-specific VR?
Atrust zone
Buntrust zone
Cshared zone
Dnull zone
What is the purpose of a virtual system profile?
Ato limit virtual system access
Bto limit virtual system resources
Cto limit the number of virtual system interfaces
Dto limit the number of VPNs
What is required to route traffic from one virtual system to another virtual system?
AConfigure the same dynamic routing protocol in each virtual system.
BConfigure a virtual system profile with a shared forwarding table.
CConfigure a private virtual router in each virtual system.
DConfigure a shared root-level virtual router.
Policy-based routing (PBR) policies can be bound to which three ScreenOS objects? (Choose three.)
Avirtual routers
Binterfaces
Czones
Dsecurity policies
Evirtual system
Policy-based routing consists of which three ScreenOS objects? (Choose three.)
Aextended access lists
Bmatch groups
Caction groups
Daddress books
Esecurity policy
What are two routing tables contained in a virtual router? (Choose two.)
Adestination-based
BNHTB
Csource-based
Dzone-based
Which dynamic routing protocol does IPv6 use?
ARIP
BRIPng
COSPFv2
DNHRP
A routing table contains an IBGP route, a RIP route, an OSPF external Type 2 route, and an EBGP route for 192.168.0.0/16. When the router receives traffic destined for, which route will the router use by default?
Athe EBGP route
Bthe IBGP route
Cthe OSPF route
Dthe RIP route
A routing table contains an IBGP route for 192.168.0.0/24, a RIP route for 192.168.0.0/23, an OSPF route for 192.168.0.0/22, and a static route for 192.168.0.0/16.
When the router receives traffic destined for 192.168.0.1, which route will the router use?
Athe IBGP route
Bthe OSPF route
Cthe RIP route
Dthe static route
You are troubleshooting telnet traffic destined to IP address 10.10.10.1. You decide to run debug and want to set the flow filter. Which command will show only the telnet traffic going to the 10.10.10.1 address?
Assg5-serial-> set ffilter dst-ip 10.10.10.1 ssg5-serial-> set ffilter dst-port 23
Bssg5-serial-> set ffilter dst-ip 10.10.10.1 dst-port 23
Cssg5-serial-> set ffilter dst-port 23
Dssg5-serial-> set ffilter dst-ip 10.10.10.1
You have enabled BGP on your ScreenOS device and configured a single EBGP peer. The CLI shows that the BGP connection is transitioning between the
CONNECT and ACTIVE states, but never reaching the ESTABLISHED state.
What are three reasons for this behavior? (Choose three.)
AThe peer is blocking traffic destined for TCP port 179.
BThe peer address is not configured correctly.
CThe enable statement has not been configured for the peer.
DThe peer AS number is not configured correctly.
EBGP has not been enabled on the virtual router.
You want to set up a last resort route and prevent route lookups in either the source-based routing table or the destination-based routing table.
What should you do?
ADisable SIBR and create a default route in the trust-vr table using the null interface as the outgoing interface with a higher metric than other routes.
BDisable SIBR and create a default route in the trust-vr table using the null interface as the outgoing interface with a lower metric than other routes.
CEnable SIBR and create a default route in the SIBR table using the null interface as the outgoing interface with a higher metric than other routes.
DEnable SIBR and create a default route in the SIBR table using the null interface as the outgoing interface with a lower metric than other routes.
