Which of the following is a supported deployment for Connectra?
A. IPSO 4.9 build 88
B. VMWare ESX
C. Solaris 10
D. Windows server 2007
To force clients to use Integrity Secure Workspace when accessing sensitive applications, the Administrator can configure Connectra:
A. Via protection levels
B. To implement Integrity Clientless Security
C. To force the user to re-authenticate at login
D. Without a special setting. Secure Workspace is automatically configured.
Which of the following statements about SSL VPN is TRUE?
A. Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal servers.
B. All traffic is always encrypted.
C. Traffic is encrypted, when it is initiated from a LAN.
D. Administration traffic is not encrypted.
SSL termination takes place:
A. In a LAN deployment on a Security Gateway
B. In a DMZ and LAN deployment scenario on a Security Gateway
C. In a DMZ and LAN deployment scenario on a Connectra Gateway
D. In a DMZ deployment on a Connectra Gateway
Which port is typically used by SSL Network Extender, if the Connectra Portal will also be used on the same IP address?
A. SSL (TCP/900)
B. SSL (TCP/443)
C. SSL (TCP/444)
D. SSL (TCP/80)
For an initial installation of Connectra, which of the following statements is TRUE?
A. You must configure the Connectra username and password before running the First Time Wizard.
B. It is possible to run the First Time Wizard from Expert Mode on the Connectra server.
C. It is not possible to use the sysconfig and cpconfig utilities, until the First Time Wizard in the Administration Web GUI is successfully completed.
D. It is not necessary to set up the Rule Base before completing Connectra’s installation.
Why would an old Connectra Gateway IP be displayed to remote SSL Network Extender users, after changing it to a different IP? You must:
A. Restart service CPwebis
B. Update Connectra’s certificate to reflect the newly assigned IP address
C. Make the change using sysconfig instead of the admin portal
D. Install a new license corresponding to the newly configured IP
To configure a client to properly log in to the user portal using a certificate, the Administrator MUST:
A. Create an internal user in the admin portal.
B. Install an R71 internal Certificate Authority certificate.
C. Create a client certificate from SmartDashboard.
D. Store the client certificate on the SSL VPN Gateway.
Can end users be forced to authenticate by using client certificates and username/password credentials?
A. Yes, but by manually changing the parameter :IsPasswordWarning to true in the
$FWDIR/conf/objects_5_0.C file, to allow for LDAP password remediation; and through the use of multiple-challenge login pages.
B. No, R71 only supports authentication by client certificates.
C. Yes, by editing the protection-level settings.
D. SSL VPN only supports server certificates.
A user attempts to initialize a network application using SSL Network Extender. The application fails to start. What is the MOST LIKELY solution?
A. Select the option Auto-detect client capabilities.
B. Select the option Enable SSL Network Extender Application Mode only.
C. Select the option Turn off all SSL tunneling clients.
D. Select the option Enable SSL Network Extender Network Mode only.