Traffic is not passing the ScreenOS device due to an incorrectly configured policy. You must determine exactly which security policy the traffic is using.
Which two CLI commands should be used? (Choose two.)
Answer : B,C
Click the Exhibit button.
Answer : A,D
Click the Exhibit button.
Answer : A,D
A ScreenOS device detects a large number of sessions that match the same deep inspection attack object.What are two ways to configure the device? (Choose two.)
Answer : B,D
Click the Exhibit button.
Answer : C
The ScreenOS software performs virus scanning for which three protocols? (Choose three.)
Answer : A,B,E
HostA is in the Trust zone and has an IP address of. ServerA is a Web server in the DMZ zone and has an IP address of.
Which three configuration statements are required to allow traffic from HostA to communicate with ServerA? (Choose three.)
Answer : C,D,E
-- Exhibit --
ns5gt-> get int eth2
Interface ethernet2:
description ethernet2
number 8, if_info 704, if_index 0, mode route
link up, phy-link up/full-duplex
status change:7, last change:09/26/2012 23:08:22
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
PPPoE disabled -
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 171.211.111.111/30 mac 0014.f693.edc8
*manage ip 171.211.111.111, mac 0014.f693.edc8
route-deny disable
pmtu-v4 disabled
ping disabled, telnet enabled, SSH disabled, SNMP disabled
web enabled, ident-reset disabled, SSL disabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0
OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled
PIM: not configured IGMP not configured
MLD not configured -
NHRP disabled -
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps] configured ingress mbw 0kbps, current bw 0kbps total allocated gbw 0kbps
DHCP-Relay disabled at interface level
DHCP-server disabled -
-- Exhibit --
You are the administrator of a NetScreen 5GT. For troubleshooting purposes, you must be able to ping untrusted interfaces.
Referring to the exhibit, how do you enable ping for interface eth2?
Answer : B
You must verify on your ScreenOS device that you have configured the correct tunnel peer and determine which IKE proposals the remote device is sending and accepting.
Which command should you use?
Answer : A
What is the initial default username and password for all ScreenOS devices?
Answer : D
Which two statements are true about policy-based VPNs as compared to route-based
IPsec VPNs when using ScreenOS devices? (Choose two.)
Answer : B,D
Which NAT has bidirectional translation by default?
Answer : D
You want to copy an external configuration file to your ScreenOS device and have it become active only after the device reboots. How would you accomplish this goal?
Answer : A
You want to ensure that the IKE Phase 2 key is totally independent of the IKE Phase 1 key.
Which IKE feature would you enable?
Answer : A
What is a virtual system?
Answer : C