Quote:
Originally Posted by polax  Q 88:
tc says E, which is not correct imo, even page 298 student hand book says otherwise (chapter manual nat)- As long as client-side translation is implemented, no anti-spooofing issues exist with Manual NAT rules.
So i would pick B!
From real world experience because i had such troubles in the past with this.
EDIT:
Q 95: is wrong in ver 14 and 16 as well imo, B is wrong and D as well, because user auth is not limited to only Telnet, FTP, and rlogin, but to http and https as well.
And in the student hand book 350 is written The security Server first check if the connection can be allowed by a rule that doesnt need authetication. So correct is imo answer A!
Q 115: A is incorrect, because you see hiden rules but you cannot dissable them, check unhide or as answer E say Clear hide from rules drop-down menu .. |
You are correct for question 115, another clue is that answer A says "Rule" menu, it is actually "Rules" menu.
I also agree with question 95.
I also agree with question 88.
Shouldn't question 85 be A? CPCONFIG does not have reset sic in the SmartCenter Server. It only has reset sic in the gateway. The fwm sic_reset command works on the SmartCenter server and then you can go into the SmartDashboard and reinitialize sic on the gateway object.
Shouldn't question 109 be B? A logexport (fw log) is different from a log switch(fw logswitch). It does not start a new active log file and therefore would allow Desired #2.