SNSP SonicOS 7
When configuring a route based VPN, which option is used for unnumbered OSPF
configuration? - answer Allow advanced routing
What are the features of SSH? (Select all that apply) - answer- provides secure data
communication - allows for remote command line login- cryptographic network protocol
What are the key features and benefits of integrating capture client with Sonic Wall
firewalls? - answer- Endpoint security enforcement
- User visibility
- Single Sign On
- Network threat alerts
- Enabling DPI-SSL
While an area border router had interfaces in multiple areas, at least __ of its interfaces
will be connected to area 0. - answer1
Which of the following should be imported for the firewall to be able to act as a resigning
authority? - answer Server certification
A user attempting to access a web server located behind the firewall and downloading a
file containing a virus. The DPI-SSL/TLS server inspection features are enabled on the
firewall. What may be the result of the user attmept? - answerThe operation would be
blocked.
An alert would appear in the systems logs panel
DPI-SSL provides advanced application control for analyzing encrypted HTTPS and
SSL based traffic but does not provide data leakage prevention. True or false? -
answerTrue
What is the purpose of enabling the block port forwarding feature? - answerTo stop
users from bypassing the firewall
The encryption used by SSH uses confidentiality and integrity of data over insecure
networks. true or false - answerTrue
When using SSH to login to a server, what happens if the SSH server key is stored in a
local machine and not deleted? - answerThe SSH session will fail
Which client implementation are supported by DPI-SSH? - answer- Secure CRT
- WIN SCP
, - CYGWIN
- Putty
End users can use putty client to port forward through the firewall and bypass content
filtering? true or false - answertrue
Policies using regular expression match the first occurrence of the pattern and network
traffic? True or false - answerTrue
App rules when configuring an SMTP client policy, which connection site setting is
enabled by default? - answerClient side
Creating an app rule REGEX you can log and block the leakege of data and block
known or potential threats to the organization. true or false? - answerTrue
The VPN AP client id must match on both sides. true or false? - answerTrue
What are the benefits of an application firewall? - answer- Matches text or binary
content
- Logs individual object content
- Scans application layer network traffic
- Defines the user or domain to match
In order to block a specific app or signature, which option will override the inherited
settings of app control? - answerblock-enable
An app control signature configuration settings default to the settings for the application
to which the signature belongs. true or false? - answerTrue
In the app control app settings window, what is the default settings for the log
redundancy filter? - answer60 seconds
What is the current sequence of app control policies from the least granular to the most
granular? - answerCategory, application, signature
What are the main components of application control? - answer- Policy
- Application Events
- Actions
- Objects
A website displays a security certificate issued by digits or ECC secure server CA. What
does it imply? - answerThe firewall is not performing DPI inspection on the website
traffic
What are two possible reasons why an administrator may want to exclude trusted sites
from DPI-SSL inspection? - answer- Comply with local law requirements
When configuring a route based VPN, which option is used for unnumbered OSPF
configuration? - answer Allow advanced routing
What are the features of SSH? (Select all that apply) - answer- provides secure data
communication - allows for remote command line login- cryptographic network protocol
What are the key features and benefits of integrating capture client with Sonic Wall
firewalls? - answer- Endpoint security enforcement
- User visibility
- Single Sign On
- Network threat alerts
- Enabling DPI-SSL
While an area border router had interfaces in multiple areas, at least __ of its interfaces
will be connected to area 0. - answer1
Which of the following should be imported for the firewall to be able to act as a resigning
authority? - answer Server certification
A user attempting to access a web server located behind the firewall and downloading a
file containing a virus. The DPI-SSL/TLS server inspection features are enabled on the
firewall. What may be the result of the user attmept? - answerThe operation would be
blocked.
An alert would appear in the systems logs panel
DPI-SSL provides advanced application control for analyzing encrypted HTTPS and
SSL based traffic but does not provide data leakage prevention. True or false? -
answerTrue
What is the purpose of enabling the block port forwarding feature? - answerTo stop
users from bypassing the firewall
The encryption used by SSH uses confidentiality and integrity of data over insecure
networks. true or false - answerTrue
When using SSH to login to a server, what happens if the SSH server key is stored in a
local machine and not deleted? - answerThe SSH session will fail
Which client implementation are supported by DPI-SSH? - answer- Secure CRT
- WIN SCP
, - CYGWIN
- Putty
End users can use putty client to port forward through the firewall and bypass content
filtering? true or false - answertrue
Policies using regular expression match the first occurrence of the pattern and network
traffic? True or false - answerTrue
App rules when configuring an SMTP client policy, which connection site setting is
enabled by default? - answerClient side
Creating an app rule REGEX you can log and block the leakege of data and block
known or potential threats to the organization. true or false? - answerTrue
The VPN AP client id must match on both sides. true or false? - answerTrue
What are the benefits of an application firewall? - answer- Matches text or binary
content
- Logs individual object content
- Scans application layer network traffic
- Defines the user or domain to match
In order to block a specific app or signature, which option will override the inherited
settings of app control? - answerblock-enable
An app control signature configuration settings default to the settings for the application
to which the signature belongs. true or false? - answerTrue
In the app control app settings window, what is the default settings for the log
redundancy filter? - answer60 seconds
What is the current sequence of app control policies from the least granular to the most
granular? - answerCategory, application, signature
What are the main components of application control? - answer- Policy
- Application Events
- Actions
- Objects
A website displays a security certificate issued by digits or ECC secure server CA. What
does it imply? - answerThe firewall is not performing DPI inspection on the website
traffic
What are two possible reasons why an administrator may want to exclude trusted sites
from DPI-SSL inspection? - answer- Comply with local law requirements
