Ensurepass

Question 271

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?

A. Select Intersect with user database or Ignore Database in the Action Properties window.

B. Permit access to Finance_net.

C. Select Ignore Database in the Action Properties window.

D. Select Intersect with user database in the Action Properties window.

 

Answer: A

 

 

Question 272

For remote user authentication, which authentication scheme is NOT supported?

A. Check Point Password

B. TACACS

C. SecurID

D. RADIUS

 

Answer: B

 

 

Question 273

Identity Awareness is implemented to manage access to protected resources based on a user’s

   .

A. Time of connection

B. Application requirement

C. Identity

D. Computer MAC address

 

Answer: C

 

 

Question 274

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?

A. Access Role

B. Access Rule

C. Access Policy

D. Access Certificate

 

Answer: A

 

 

Question 275

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John’s desktop which is assigned a static IP address 10.0.0.19.

He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).

He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.

John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?

A. John should install the Identity Awareness Agent

B. Investigate this as a network connectivity issue

C. After enabling Identity Awareness, reboot the gateway

D. He should lock and unlock the computer

 

Answer: D

 

 

Question 276

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John’s desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect.

How does he solve this problem?

A. John should lock and unlock the computer

B. Investigate this as a network connectivity issue

C. John should install the Identity Awareness Agent

D. The firewall admin should install the Security Policy

 

Answer: D

 

 

Question 277

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John’s desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

A. John should lock and unlock his computer

B. John should install the Identity Awareness Agent

C. Investigate this as a network connectivity issue

D. The access should be changed to authenticate the user instead of the PC

 

Answer: D

 

 

Question 278

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R76 Firewall Rule Base.

To make this scenario work, the IT administrator must:

1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.

2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.

3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.

Ms. McHanry tries to access the resource but is unable. What should she do?

A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”

B. Install the Identity Awareness agent on her iPad

C. Have the security administrator reboot the firewall

D. Have the security administrator select Any for the Machines tab in the appropriate Access Role

 

Answer: A

 

 

Question 279

When using LDAP as an authentication method for Identity Awareness, the query:

A. Prompts the user to enter credentials.

B. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.

C. Requires client and server side software.

D. Is transparent, requiring no client or server side software.

 

Answer: D

 

 

Question 280

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

A. Bridge

B. High Availability

C. Load Sharing

D. Fail Open

 

Answer: A

 

 

Comments are closed.