what does this command allow you to upgrade?
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
Which OPSEC server is used to prevent users from accessing certain Web sites?
Which OPSEC server is used to prevent users from accessing certain Web sites?
Which type of address translation should you use, to ensure the two networks access each other through the VPN
You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer’s Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?
Which VoIP Domain object type can you use?
You are configuring the VoIP Domain object for a Skinny Client Control Protocol (SCCP) environment protected by VPN-1 NGX. Which VoIP Domain object type can you use?
What could cause this behavior?
Wayne configures an HTTP Security Server to work with the content vectoring protocol to screen forbidden sites. He has created a URI resource object using CVP with the following settings:
Use CVP
Allow CVP server to modify content
Return data after content is approved
He adds two rules to his Rule Base: one to inspect HTTP traffic going to known forbidden sites, the other to allow all other HTTP traffic.
Wayne sees HTTP traffic going to those problematic sites is not prohibited.
What could cause this behavior?
How do you block the connection in real time and verify the connection is successfully blocked?
You receive an alert indicating a suspicious FTP connection is trying to connect to one of your internal hosts. How do you block the connection in real time and verify the connection is successfully blocked?
Which VoIP Domain object type can you use?
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
Which is the BEST configuration option?
Jennifer wants to protect internal users from malicious Java code, but she does not want to strip Java scripts. Which is the BEST configuration option?
How would you configure the rule?
You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects:
Network object: SIP-net: 172.16.100.0/24
SIP-gateway: 172.16.100.100
VoIP Domain object: VoIP_domain_A
1.End-point domain: SIP-net
2.VoIP gateway installed at: SIP-gateway host object
How would you configure the rule?
what are Barak’s remaining steps?
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
1.Disable "Pre-Shared Secret" on the London and Oslo gateway objects.
2.Add the Madrid gateway object into the Oslo and London’s mesh VPN Community.
3.Manually generate ICA Certificates for all three Security Gateways.
4.Configure "Traditional mode VPN configuration" in the Madrid gateway object’s VPN screen.
5.Reinstall the Security Policy on all three Security Gateways.