156-115.80 Online Practice Questions and Answers

Which of the following is not one of the relational database domains that stores the management configuration?

A. User Domain

B. System Domain

C. Global Domain

D. Audit Domain

What occurs when Bypass Under Load activated?

A. Packets are forwarded to the destination without checking the packets against the firewall rule base

B. Packets are forwarded to the destination without performing IPS analysis

C. To still ensure a minimum level of data integrity, the system revert to the use of MD5 instead of SHA-1, since former produces an output smaller than the latter

D. The amount of the state table entries is decreased according to the LRU (least recently used) algorithm

You run "cat/proc/smt_status" on your security gateway and the output shows `Soft Disable'. How is your system configured in reference to hyper-threading?

A. Hyper-threading is disabled in BIOS and cpconfig

B. Hyper-threading is enabled in BIOS but disabled in cpconfig

C. Hyper-threading is disabled in BIOS but enabled in cpconfig

D. Your system does not support Hyper-threading

What is the correct command to turn off an IKE debug?

A. vpn debug ikeoff

B. fw ctl debug ikeoff

C. vpn debug ikeoff 0

D. fw ctl vpn debug ikeoff

What process(es) should be checked if there is high I/O and you suspect it may be related to the Antivirus Software Blade?

A. avsp

B. dlpu and rad processes

C. cpta

D. cpm and fwm

Which file would you need to make sure you collect when debugging a VPN that fails to establish that is configured to use IKEv2?

A. $FWDIR/log/ike2.elg

B. $FWDIR/log/vpnd.xml.v2

C. $FWDIR/log/ikev2.xml

D. $CPDIR/log/ike.elg

Fill in the blank: The R80 utility fw monitor is used to troubleshoot ___________________.

A. User data base corruption

B. LDAP conflicts

C. Traffic issues

D. Phase two key negotiation

Which IPS command debug tool can you use for troubleshooting IPS traffic?

A. ips debug traffic –o IPSdebug

B. ips debug –f /var/log/IPSdebug.txt

C. debug ips enable –o IPSdebug

D. ips debug –o IPSdebug

Which of the following statements is TRUE about R80 management plug-ins?

A. The plug-in is a package installed on the Security Gateway

B. Installing a management plug-in requires a Snapshot, just like any upgrade process

C. A management plug-in interacts with a Security Management Server to provide new features and support for new products

D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in

URL Filtering is an essential part of Web Security in the Gateway. For the Security Gateway to perform a URL lookup when a client makes a URL request, where is the sync-request forwarded from if a sync-request is required?

A. RAD Kernel Space

B. URLF Kernel Client

C. URLF Online Service

D. RAD User Space

Which templates for SecureXL are not enabled by default?

A. All templates are disabled by default

B. Accept and NMR

C. Drop and NAT

D. All templates are enabled by default

Static NAT has been configured and NAT rules were created automatically. The global properties option "Translate destination on client side" is not checked. Clients are complaining that they are not able to connect to one of your web servers using its public address. How would you solve the problem without changing the global properties and reinstalling the security policy?

A. On the security gateway, add a static route for the web server's public ip address

B. Rebooting the security gateway will resolve the problem

C. You will have the global properties and reinstall the security policy

D. Configure manual NAT

According to the CCSM manual what is the first step in generating vpn debugging information?

A. Enter "vpn debug off" then "vpn debug on"

B. Turn the firewall of then on again

C. Kill all traffic over the VPN and enter "vpn tu" in Expert mode

D. Enter "vpn debug ikeon"

Consider IPv4 header. How does the Security Gateway handle an IP packet that has bits set in its option type field?

A. Modifies TCP/UDP packet with IP options automatically

B. Uses PSL mechanism to pad the IP Options field

C. Drop TCP/UDP packet with IP options

D. Accept TCP/UDP packet with IP options

You are about to add an IPv6 address to an interface with CLISH, but the system generates a message stating that the command is unknown. What could be the reason of this behavior?

A. You have to install the IPv6 SKU license onto your Security Gateway

B. You must activate the IPv6 protocol stack with the "set ipv6-state on" command in CLISH

C. You have to tick the IPv6 check box under the topology section of your gateway object within SmartConsole

D. You have to install the IPv6 SKU license onto your Security Management Server