QUESTION NO: 1
IPsec tunnel communication is used between the headquarters and branch offices, in order to ensure the security of data transmission on the Internet. The administrator uses the dual-system hot backup function to improve the reliability of the communication between the headquarters and the branch offices, so as to avoid the failure of one USG in the headquarters and the failure of the branch offices to access the headquarters.
According to the following network diagram, which of the following statements is correct?
IPsec tunnel communication is used between the headquarters and branch offices, in order to ensure the security of data transmission on the Internet. The administrator uses the dual-system hot backup function to improve the reliability of the communication between the headquarters and the branch offices, so as to avoid the failure of one USG in the headquarters and the failure of the branch offices to access the headquarters.
According to the following network diagram, which of the following statements is correct?
Correct Answer: A,C
Vote an answer
QUESTION NO: 2
After the USG enables the HRP backup function, key configuration commands and session table status information will be synchronously backed up to the standby device in real time. What configuration commands and status information can be backed up?
After the USG enables the HRP backup function, key configuration commands and session table status information will be synchronously backed up to the standby device in real time. What configuration commands and status information can be backed up?
Correct Answer: A,C,D
Vote an answer
QUESTION NO: 3
Use NGFW for SSL VPN connection, use certificate authentication, certificate can be selected, but after clicking login, you cannot log in to the resource page. After using debug check on NGFW, it prompts that the certificate is wrong.
<NGFW>debugging ssl error
<NGFW>terminal debugging
<NGFW>terminal monitor
*0.10012266 USG2130 SSL/7/error:
SSL 3.0, Alert, write, fatal bad certificate
But check that the certificate is complete and the contents of the certificate are correct.
What are the possible reasons for this certificate validation error?
Use NGFW for SSL VPN connection, use certificate authentication, certificate can be selected, but after clicking login, you cannot log in to the resource page. After using debug check on NGFW, it prompts that the certificate is wrong.
<NGFW>debugging ssl error
<NGFW>terminal debugging
<NGFW>terminal monitor
*0.10012266 USG2130 SSL/7/error:
SSL 3.0, Alert, write, fatal bad certificate
But check that the certificate is complete and the contents of the certificate are correct.
What are the possible reasons for this certificate validation error?
Correct Answer: B,D
Vote an answer
QUESTION NO: 4
Regarding the Internet access area in the data, the correct planning and deployment suggestions are:
Regarding the Internet access area in the data, the correct planning and deployment suggestions are:
Correct Answer: A,C,D
Vote an answer
QUESTION NO: 5
Mainframe hardening mainly includes which of the following aspects?
Mainframe hardening mainly includes which of the following aspects?
Correct Answer: A,B,E
Vote an answer
QUESTION NO: 6
When upgrading the IPS signature database and AV virus database online, it is found that the upgrade fails. During the upgrade operation, the following information is displayed:
Connecting to the security server failure.
The following possible problems are:
When upgrading the IPS signature database and AV virus database online, it is found that the upgrade fails. During the upgrade operation, the following information is displayed:
Connecting to the security server failure.
The following possible problems are:
Correct Answer: B,D
Vote an answer
QUESTION NO: 7
The main differences between the RADIUS and HWTACACS protocols include:
The main differences between the RADIUS and HWTACACS protocols include:
Correct Answer: A,B
Vote an answer
QUESTION NO: 8
In the scenario of dual-system hot backup of firewalls, IPsec VPN does not support real-time backup of tunnels.
In the scenario of dual-system hot backup of firewalls, IPsec VPN does not support real-time backup of tunnels.
Correct Answer: B
Vote an answer
QUESTION NO: 9
The customer has a USG6000, and the remote PC wants to access the intranet through l2tp over ipsec, but the dial-up through the vpn client software is unsuccessful.
1 View ike sa during dialing:
<USG6000>dis ike sa
20:54:36 2013/06/19
current ike sa number: 2
-------------------------------------------------- -----------------------------
conn-id peer flag phase vpn
-------------------------------------------------- ------------------------------
40051 <unnamed> NONE v1:2 public
40050 2.2.2.2:12485 NONE v1:1 public
2 debugging ipsec error:
2013-06-19 20:54:21 USG2100 %%01IKE/4/WARNING (I): phase2: security acl mismatch.
*0.46319980 USG IKE/7/DEBUG: Get IPsec policy: get IPsec policy failed
*0.46319930 USG IKE/7/DEBUG: validate_prop: no IPsec policy found
*0.46319980 USG IKE/7/DEBUG: dropped message from 2.2.2.2 due to notification type
INVALID ID INFORMATION
Which statement about this problem is correct?
The customer has a USG6000, and the remote PC wants to access the intranet through l2tp over ipsec, but the dial-up through the vpn client software is unsuccessful.
1 View ike sa during dialing:
<USG6000>dis ike sa
20:54:36 2013/06/19
current ike sa number: 2
-------------------------------------------------- -----------------------------
conn-id peer flag phase vpn
-------------------------------------------------- ------------------------------
40051 <unnamed> NONE v1:2 public
40050 2.2.2.2:12485 NONE v1:1 public
2 debugging ipsec error:
2013-06-19 20:54:21 USG2100 %%01IKE/4/WARNING (I): phase2: security acl mismatch.
*0.46319980 USG IKE/7/DEBUG: Get IPsec policy: get IPsec policy failed
*0.46319930 USG IKE/7/DEBUG: validate_prop: no IPsec policy found
*0.46319980 USG IKE/7/DEBUG: dropped message from 2.2.2.2 due to notification type
INVALID ID INFORMATION
Which statement about this problem is correct?
Correct Answer: A
Vote an answer
QUESTION NO: 10
The following are application layer attacks:
The following are application layer attacks:
Correct Answer: A,D
Vote an answer
QUESTION NO: 11
In a new campus network of an enterprise, there is a requirement for ordinary PC users and dumb terminal users to connect to the Internet at the same time under an access switch.
Which authentication method is recommended to be deployed on this switch?
In a new campus network of an enterprise, there is a requirement for ordinary PC users and dumb terminal users to connect to the Internet at the same time under an access switch.
Which authentication method is recommended to be deployed on this switch?
Correct Answer: D
Vote an answer