Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
B. SmartView Status
C. SmartView Monitor
D. None, SmartConsole applications only communicate with the Security Management Server.
Which R76 GUI would you use to see the number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Status
C. SmartView Tracker
You are trying to save a custom log query in R76 SmartView Tracker, but getting the following error: Could not save< query-name> (Error: Database is Read Only)
Which of the following is a likely explanation for this?
A. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization.
C. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.
D. You have read-only rights to the Security Management Server database.
The R76 fw monitor utility is used to troubleshoot which of the following problems?
A. User data base corruption
B. Traffic issues
C. Phase two key negotiation
D. Log Consolidation Engine
You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.
A. In the SmartView Tracker, if you activate the column Matching Rate.
B. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
C. In SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerning Top Matched Logged Rules.
D. SmartReporter provides this information in the section Firewall Blade – Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections
easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?
A. Configure Additional Logging on an additional log server.
B. Turn the field Track of each rule to LOG.
C. Network traffic cannot be analyzed when the Security Management Server has a high load.
D. SmartReporter analyzes all network traffic, logged or not.
What is a Consolidation Policy?
A. A global Policy used to share a common enforcement policy for multiple Security Gateways.
B. The collective name of the logs generated by SmartReporter.
C. The collective name of the Security Policy, Address Translation, and IPS Policies.
D. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
Which feature in R76 permits blocking specific IP addresses for a specified time period?
A. Block Port Overflow
B. Suspicious Activity Monitoring
C. HTTP Methods
D. Local Interface Spoofing
You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:
A. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
B. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
C. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
D. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?
A. Change the Rule Base and install the Policy to all Security Gateways
B. SAM – Suspicious Activity Rules feature of SmartView Monitor
C. SAM – Block Intruder feature of SmartView Tracker
D. Intrusion Detection System (IDS) Policy install