You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations: Cluster Member 1: OS: SecurePlatform, NICs: Quad Card, memory: 512 MB, Security Gateway, version: VPN-1 NGX R76 and primary Smart Center Server installed, version: VPN-1 NGX R76 Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway only, and version: VPN-1 NGX R76 Cluster Member 3: OS: SecurePlatform, NICs: 4 other manufacturers, memory: 256 MB, Security Gateway only, and version: VPN-1 NGX R76
A. No, the Security Gateway cannot be installed on the Smart Center Pro Server.
B. No, the Smart Center Pro Server is not running the same operating system as the cluster members.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. No, Cluster Member 3 does not have the required memory.
QUESTION 212 CORRECT TEXT
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations:Are these machines correctly configured for a ClusterXL deployment?
A. No, all machines in a cluster must be running on the same OS.
B. Yes, these machines are configured correctly for a ClusterXL deployment.
C. No, QuadCards are not supported with ClusterXL.
D. No, a cluster may only have two members.
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
Which of the following statements about file-type recognition in Content Inspection is TRUE?
A. A scan failure will only occur if the antivirus engine fails to initialize.
B. Antivirus status is monitored using SmartView Tracker.
C. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.
D. All file types are considered “at risk”, and are not subject to the whims of the Administrator or the Security Policy
A. NGXR76 HA cluster contains two members with external interfaces 172.28.108.1 and 172.28.108.2. The internal interfaces are 10.4.8.1 and 10.4.8.2. The external cluster VIP address is 172.28.108.3 and the internal cluster VIP address is 10.4.8.3. The synchronization interfaces are 192.168.1.1 and 192.168.1.2. The Security Administrator discovers State Synchronization is not working properly. The cphaprob if command output displays shows: What is causing the State Synchronization problem?
A. The synchronization network has been defined as “Network Objective: Cluster + 1st sync” with an IP address 192.168.1.3 defined in the NGX cluster object’s topology. This configuration is supported in NGX and therefore the above screenshot is not relevant to the sync problem.
B. The synchronization interface on the individual NGX cluster member object’s Topology tab is enabled with “Cluster Interface”. Disable this setting.
C. The synchronization network has a cluster VIP address (192.168.1.3) defined in the NGX cluster object’s topology. Remove the 192.168.1.3 VIP interface from the cluster topology.
D. Another cluster is using 192.168.1.3 as one of the unprotected interfaces.
Your primary SmartCenter Server is installed on a SecurePlatform Pro machine, which is also a
VPN-1 Power Gateway. You want to implement Management High Availability (HA). You have a spare machine to configure as the secondary SmartCenter Server. How do you configure the new machine to be the standby SmartCenter Server?
A. Use cpprod_util to reconfigure the primary SmartCenter Server to become the secondary on the VPN-1 Power Gateway. Install a new primary SmartCenter Server on the spare machine and set to “standby”. Synchronize the “active” secondary to the “standby” primary in order to migrate the configuration.
B. Install the secondary Server on the spare machine. Add the new machine to any network routable to the primary Server. Synchronize the machines.
C. You cannot configure Management HA, when either the primary or secondary SmartCenter Server is running on a VPN-1 Pro Gateway.
D. Install the secondary Server on the spare machine. Add the new machine to the same network as the primary Server. Synchronize the machines.
What must a public hospital Security Administrator do to comply with new health-care legislation requirements for logging all traffic accepted through the perimeter Security Gateway?
A. Define two log servers on the VPN-1 NGX R76 Gateway object. Enable “Log Implied Rules” on the first log server. Enable “Log Rule Base” on the second log server. Use Eventia Reporter to merge the two log server records into the same database for HIPPA log audits.
B. Install the “View Implicit Rules” package using SmartUpdate.
C. In Global Properties > Reporting Tools check the box “Enable tracking all rules (including rules marked as ‘None’ in the Track column). Send these logs to a secondary log server for a complete logging history Use your normal log server for standard logging for troubleshooting.
D. Check the “Log Implied Rules Globally” box on the VPN-1 NGX R76 Gateway object.
In a Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when
(1) The Security Policy is installed.
(2) The Security Policy is saved.
(3) The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active.
(4) A scheduled event occurs.
(5) The user database is installed.
Select the BEST response for the synchronization sequence. Choose One:
A. 1, 2, 3, 4
B. 1, 2, 5
C. 1, 2, 4
D. 1, 3, 4
Which of the following commands is a CLI command for VPN-1 NGX R76?
A. fw shutdown
C. fw tab -u
D. fw merge
You are running the licensejjpgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. Simulate the license-upgrade process.
B. Perform the actual license-upgrade process.
C. View the status of currently installed licenses.
D. View the licenses in the SmartUpdate License Repository.