Which is the BEST configuration option to protect internal users from malicious Java code, without stripping J
Which is the BEST configuration option to protect internal users from malicious Java code, without
stripping Java scripts?
What is the correct order of steps?
Your VPN Community includes three Security Gateways. Each Gateway has its own internal
network defined as a VPN Domain. You must test the VPN-1 NGX routE. based VPN feature,
without stopping the VPN. What is the correct order of steps?
Which Security Server can perform authentication tasks, but CANNOT perform content security tasks?
Which Security Server can perform authentication tasks, but CANNOT perform content security
tasks?
what does this command allow you to upgrade?
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro
Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX
CD, what does this command allow you to upgrade?
Which type of service should a Security Administrator use in a Rule Base to control access to specific shared
Which type of service should a Security Administrator use in a Rule Base to control access to
specific shared partitions on target machines?
Which of the following options will end the intruder’s access, after the next Phase 2 exchange occurs?
Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the
following options will end the intruder’s access, after the next Phase 2 exchange occurs?
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end point Net_
How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end
point Net_B, through an NGX Security Gateway?
how can you check if the new interfaces and the associated virtual IP address are recognized by ClusterXL?
After you add new interfaces to a cluster, how can you check if the new interfaces and the
associated virtual IP address are recognized by ClusterXL?
what are Barak’s remaining steps?
Barak is a Security Administrator for an organization that has two sites using prE. shared secrets
in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is
opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three
Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security
Gateway. Barak decides to switch from prE. shared secrets to Certificates issued by the Internal
Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain,
what are Barak’s remaining steps?
1. Disable “PrE. Shared Secret” on the London and Oslo gateway objects
2. Add the Madrid gateway object into the Oslo and London’s mesh VPN Community
3. Manually generate ICA Certificates for all three Security Gateways.
4. Configure “Traditional mode VPN configuration” in the Madrid gateway object’s VPN screen
5. Reinstall the Security Policy on all three Security Gateways.
How do you configure the FTP resource object and the action column in the rule to achieve this goal?
You have an internal FTP server, and you allow downloading, but not uploading. Assume Network
Address Translation is set up correctly, and you want to add an inbound rule with:
Source: Any
Destination: FTP server
Service: FTP resources object.
How do you configure the FTP resource object and the action column in the rule to achieve this
goal?