1.
A customer calls you because some settings have been changed on their XG Firewall by the admin user. Your customer is the only
person that knows the admin password but some of the IT department have access using SSH keys.
How can your customer identify who logged in to make the changes?
Select one:
Correct Answer
A. Find the SSH key in dropbear.log
Explanation
The customer can identify who logged in to make the changes by finding the SSH key in the dropbear.log. This log file records all SSH key-based authentication attempts and provides information about the user who logged in using the SSH key. By examining the dropbear.log, the customer can determine which IT department member accessed the XG Firewall and made the changes.
2.
Look at the diagram below.
Where does DNAT happen?
Select one or more:
Correct Answer(s)
A. 1
E. 5
Explanation
Check the image on page 55
3.
Your customer has an XG Firewall that is deployed in gateway mode, and they want to create a bridge pair with an interface in a LAN zone and an interface in a DMZ.
Can this be done?
Select one:
Correct Answer
A. Yes
Explanation
Check the image on page 40
4.
Which of the following dynamic routing protocols are supported by Sophos XG Firewall? (select all that apply)
Select one or more:
Correct Answer(s)
B. RIP
C. OSPF
F. BGP
G. PIM-SM
Explanation
Check the image on page no 76
5.
In Lab 2 you created a bridge with two ports that were both in the LAN zone, but the computers were not able to ping each other.
If both ports are in the same zone why could the computers not ping each other?
Select one:
Correct Answer
A. There was no firewall rule to allow traffic from the LAN zone to another port in the LAN zone
Explanation
The computers were not able to ping each other because there was no firewall rule in place to allow traffic from the LAN zone to another port in the LAN zone. Without this rule, the firewall was blocking the communication between the computers even though they were in the same zone.
6.
You are the network administrator of the Sophos Store, a large retailer of socks and stickers.The Sophos Store has a head office in London with branch offices in New York and Vancouver and retail stores located throughout the world.
- The Sophos Store has multiple servers in subnet 192.168.1.0/2
- The user network subnet is 172.16.1.0/24
- Sophos Store would like to increase the internal bandwidth for each server
For the above scenario, select which of the following you would recommend to Sophos Store.
Select One :
Correct Answer
C. Connect another XG Firewall Port to the switch and configure 802.3ad LAG
Explanation
Connecting another XG Firewall Port to the switch and configuring 802.3ad LAG would be recommended to Sophos Store. This would allow for the aggregation of multiple ports, increasing the internal bandwidth for each server. LAG (Link Aggregation Group) combines multiple physical connections into a single logical connection, providing higher throughput and redundancy. 802.3ad is a standard for link aggregation that ensures load balancing and fault tolerance across the aggregated links. This solution would effectively enhance the internal bandwidth for the servers at the Sophos Store.
7.
Your customer contacts you for assistance in configuring DoS (Denial-of-Service) protection for their public facing application server.
The customer has provided this network diagram and the following information about the application:
- The application server requires an MTU of 1460
- The application requires up to 73kb of data to be transferred to complete a transaction for a connected client
- A connected client might perform up to 5 transactions per second
- The application uses a proprietary protocol
-
What configuration do you recommend to your customer? (select all that apply)
Select one or more:
Correct Answer(s)
C. Configure the DoS policy for UDP-Flood protection
E. Configure the packets per second in the DoS policy to 256
G. Configure the DoS policy per source
Explanation
73kb ----- 73*1024=74752 mb total MB / mtu 74752/1460=51.2 51.2*5 packet per second=256
8.
In Lab 3 you configured a local NAT policy.
What would the command be to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45?
Select one:
Correct Answer
A. Set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45
Explanation
The correct command to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45 is "set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45". This command sets up a NAT policy that specifies a destination of 0.0.0.0 netmask 0.0.0.0, which represents all traffic, and SNATs it to the IP address 10.1.1.45.
9.
TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application rules.
Select one:
Correct Answer
A. True
Explanation
IPS policies can indeed be applied to both User/Network rules and Business Application rules. Intrusion Prevention System (IPS) policies are designed to protect networks and systems from potential threats and attacks. These policies can include rules that define the behavior and actions allowed or blocked for users and network traffic, as well as rules specific to business applications. By applying IPS policies to both types of rules, organizations can enhance their overall security posture and mitigate risks from various sources.
10.
In Lab 3 you configured an advanced DoS policy.
What command can you use to see the existing dos rules?
Select one:
Correct Answer
A. System dos-config show dos-rules
Explanation
The correct answer is "system dos-config show dos-rules". This command is used to view the existing DoS rules in Lab 3.
11.
Your customer's environment consists of a number of Windows servers, as well as Windows and Mac desktops and laptops. Users have commented that accessing files on the server has been slower since the new firewall was installed. After examining the configuration, you document that the servers are located in a separate zone called SERVERS and the users are located in the LAN zone. After researching the issue further, you believe that the issue is related to the IPS scanning of the traffic as it is passing from the LAN to the SERVERS zone. Currently, the LAN to DMZ IPS policy is applied to the network rule allowing the traffic to pass from one
zone to the other.
Which of the following options would you recommend to improve the performance for the users transferring files between the zones?
Select one:
Correct Answer
D. Configure a more appropriate IPS policy for the LAN zone to the SERVERS zone
Explanation
The given scenario suggests that the slow file access issue is due to the IPS scanning of traffic between the LAN and SERVERS zone. To improve performance, it is recommended to configure a more appropriate IPS policy for the LAN zone to the SERVERS zone. This means adjusting the IPS settings to better suit the traffic between these zones, potentially reducing the scanning overhead and improving file transfer speeds.
12.
A customer is configuring a Web Server Protection Policy but is not sure what needs to be added to the 'Entry URLs' field when Static URL Hardening is enabled.
What do you tell your customer? (select all that apply)
Select one or more:
Correct Answer(s)
C. You need to add all of the URLs that you want people to access directly
D. The URLs are case sensitive
Explanation
When Static URL Hardening is enabled, the 'Entry URLs' field in the Web Server Protection Policy should contain all the URLs that the customer wants people to access directly. This means that only the URLs added to this field will be hardened. Additionally, the URLs are case sensitive, so the customer needs to ensure that the correct case is used when adding them to the 'Entry URLs' field.
13.
In Lab 4 you configured a Webserver Protection Business Application Rule that load-balanced two intranet severs.
How could you configure this so that one of the servers is the primary server and the other is only used as a backup?
Select one:
Correct Answer
A. Enable Path-specific routing and select 'Hot-standby mode'
14.
Your customer is configuring Web Server for their webmail but is getting an error when they try to login.
Look at the log file below and select what needs to be done to resolve the error. (select all that apply)
Select One or more :
Correct Answer
B. Create a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx
Explanation
Based on the given log file, the error encountered during login on the webmail is likely due to form hardening. Therefore, creating a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx would resolve the error.
15.
Your customer is configuring Web Server for their webmail but is getting an error when they try to login.
Look at the log file below and select what needs to be done to resolve the error. (select all that apply)
Select One or more :
Correct Answer(s)
D. Add ID 981003 to the filter rule skip list
F. Add ID 981200 to the filter rule skip list
Explanation
The error in the log file suggests that there is a filter rule blocking the login process. By adding ID 981003 and ID 981200 to the filter rule skip list, the web server will bypass these specific filter rules and allow the login to proceed successfully. This will resolve the error and allow the customer to log in to their webmail.
16.
You configured Web Server Authentication for a customer when you deployed their XG Firewall some time ago. The customer wants to allow another group to authenticate for the protected web service but does not know where to do this.
Where do you direct your customer to add this group?
Select one:
Correct Answer
A. In the Authentication Template
Explanation
In order to add another group to authenticate for the protected web service, the customer should be directed to add this group in the Authentication Template.
17.
A customer is having problems configuring Web Server Protection for a section of their website that dynamically generates a survey in the browser.
What do they need to configure to resolve the problem?
Select one:
Correct Answer
F. Create an exception for that path that will 'Accept unhardened form data'
Explanation
To resolve the problem, the customer needs to create an exception for the specific path that will allow the web server to accept unhardened form data. This means that the web server protection will not apply to the section of the website that dynamically generates the survey in the browser, allowing it to function properly without any configuration issues.
18.
After configuring two new VPN connections, everything is running fine until the remote office loses Internet access. When it comes back up, the users are complaining that they can no longer access resources in the head office network. You verify that the Internet is working at both locations and then look at the VPN configuration, which is as below.
What needs to be adjusted in the remote office?
Select one:
Correct Answer
B. Action on VPN Restart
19.
Your company is configuring a site to site VPN with another company in order to share information for an upcoming project. The two networks have the following IP address network ranges:
What feature can be used in the IPsec site-to-site VPN on an XG Firewall in order to allow communication between these networks?
Select one:
Correct Answer
A. NAT Overlap
Explanation
NAT Overlap can be used in the IPsec site-to-site VPN on an XG Firewall to allow communication between these networks. NAT Overlap is a feature that allows multiple devices on a private network to share a single public IP address. In this scenario, the two networks have overlapping IP address ranges, which means that without NAT Overlap, there would be conflicts and communication between the networks would not be possible. By enabling NAT Overlap, the XG Firewall can translate the overlapping IP addresses to unique addresses, ensuring that communication between the networks is successful.
20.
In Lab 5, if the New York Gateway had 2 WAN connections, then how many IPsec connections would be created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes?
Select one :
Correct Answer
D. 4
Explanation
If the New York Gateway had 2 WAN connections, then there would be a total of 4 IPsec connections created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes. Each WAN connection would require 2 IPsec connections, resulting in a total of 4 IPsec connections.
21.
A customer has added an MPLS between its large offices in the UK, US and Japan. The customer also has VPNs connecting the larger offices and the smaller offices. The customer has noticed that the traffic between the larger offices is going over the slower VPNs rather than the faster MPLS.
What options would the customer have in order to route the traffic over the MPLS?
Select one or more:
Correct Answer(s)
B. Configure route precedence on the XG firewall
E. Configure Policy based routing to route the traffic
Explanation
The customer can configure route precedence on the XG firewall to prioritize the MPLS traffic over the VPN traffic. This will ensure that the traffic between the larger offices is routed through the faster MPLS connection. Additionally, the customer can also configure policy-based routing to explicitly route the traffic over the MPLS. These options will allow the customer to control the routing of traffic and ensure that it takes the desired path.
22.
A client contacts you complaining that their virtual XG firewall has been running very slowly. The client is running a central XG firewall on a virtual host and has over 100 remote locations connected to this host via XG to XG RED tunnels. They have followed the best practices for firewall and security configurations. After gathering some information on the existing setup, you find that the virtual host is running on older hardware and the CPU's are consistently showing very high utilization.
Without compromising the security of the device or the network, what would you recommend to the customer to help alleviate the slowness problem?
Select one:
Correct Answer
A. Turn off Tunnel Compression on all of the RED tunnels between the Host and the remote locations
23.
In which RED deployment mode do you need to configure the following?
- IP address of the RED interface on the Sophos XG Firewall
- Zone of the RED interface on the Sophos XG Firewall
- DHCP Server
- A list of split networks
Select one:
Correct Answer
A. Standard/Split
Explanation
In the Standard/Split deployment mode, the following configurations need to be made on the Sophos XG Firewall: IP address of the RED interface, Zone of the RED interface, DHCP Server, and a list of split networks. This mode allows the RED device to be connected to a separate network segment, and the traffic from the RED device is split between the local and remote networks.
24.
How is a RED configured to connect to Sophos XG Firewall? (select all that apply)
Select one or more:
Correct Answer(s)
A. The configuration is created on SopHos XG Firewall
B. The RED can load the configuration from a USB drive
C. The RED can download the configuration from the provisioning servers
Explanation
The configuration for a RED can be created directly on the Sophos XG Firewall. Additionally, the RED can load the configuration from a USB drive or download it from the provisioning servers. This allows for flexibility in how the RED is configured and allows for easy deployment and management of multiple RED devices.
25.
When configuring a RED manually with a USB stick, what do you need to consider? (select all that apply)
Select one:
Correct Answer
B. If you lose the unlock code the RED cannot ever be connected to another SopHos XG Firewall
Explanation
If you lose the unlock code for the RED device, it cannot be connected to another Sophos XG Firewall. This means that the device will be permanently locked and unable to establish a connection with any other firewall. Therefore, it is important to keep the unlock code safe and secure to ensure the proper functioning of the RED device.
26.
In Lab 5 you configured an XG-to-XG RED tunnel.
You have configured a RED tunnel between two XG Firewalls but you are unable to connect to a server at the remote site.
What are the most likely causes of this problem?
Select one or more:
Correct Answer(s)
A. There is no firewall rule to allow the traffic
B. No route has been configured for the traffic
Explanation
The most likely causes of the problem are that there is no firewall rule to allow the traffic and no route has been configured for the traffic. Without a firewall rule allowing the traffic, the XG Firewalls will block the connection. Additionally, without a configured route, the XG Firewalls will not know how to properly direct the traffic to the remote site.
27.
Your customer has deployed STAS on their network for single sign-on. Users at a small branch site that does not have a domain controller are not being authenticated with the XG Firewall at that site, but they can be seen in the Live Users list on the head office XG Firewall. The small branch site is connected to the head office using an SSL site-to-site VPN.
What could be the problem? (select all that apply)
Select one or more:
Correct Answer(s)
B. The collector may not be configured with the IP address of the branch office XG Firewall and vice versa
C. The XG Firewall in the branch office may not be configured to allow the Collector in the VPN zone
Explanation
The problem could be that the collector is not configured with the IP address of the branch office XG Firewall and vice versa. This means that the collector is not able to communicate with the XG Firewall at the branch office, causing the authentication process to fail. Additionally, the XG Firewall in the branch office may not be configured to allow the collector in the VPN zone, further preventing authentication from taking place.
28.
You are troubleshooting STAS issues for a customer and want to check that logins are being reported to the XG Firewall by STAS.
- The IP address of the XG Firewall is 172.16.16.16
- The IP address of the STA Collector is 172.16.16.50
- The IP address of the STA Agent is 172.16.16.43
What command would you use?
Select one:
Correct Answer
G. Tcpdump "host 172.16.16.16 and port 6060"
Explanation
The correct answer is "tcpdump "host 172.16.16.16 and port 6060". This command will capture network traffic on the XG Firewall with the IP address 172.16.16.16 and the port number 6060. By using this command, you can check if logins are being reported to the XG Firewall by STAS.
29.
In Lab 6 you cleared the cached authentication status after installing STAS.
How can you remove computers from the authentication cache? (select all that apply)
Select one or more:
Correct Answer(s)
A. With the command "ipset -D lusers "
C. Restart the Authentication service in the WebAdmin
Explanation
To remove computers from the authentication cache, you can use the command "ipset -D lusers" and restart the Authentication service in the WebAdmin. These actions will clear the cached authentication status and remove the computers from the cache.
30.
Your customer has configured Security Heartbeat on their XG Firewall so that only computers that have a GREEN heartbeat status are able to connect to the intranet servers. The computers that are connecting through an SSL remote access VPN using split tunneling are unable to access the intranet servers.
What can the customer to do to resolve the problem? (select all that apply)
Select one or more:
Correct Answer
A. Configure the heartbeat IP address as a permitted network resource in the VPN profile
Explanation
The customer should configure the heartbeat IP address as a permitted network resource in the VPN profile. This will allow the computers connecting through the SSL remote access VPN to access the intranet servers by recognizing their GREEN heartbeat status.
31.
Your customer has called you because they have a computer with a YELLOW heartbeat and they are not sure what this means.
What do you tell your customer are possible causes of this? (select all that apply)
Select one or more:
Correct Answer(s)
E. Inactive malware has been detected
F. A PUA (Potentially Unwanted Application) has been detected
Explanation
Possible causes of a computer with a YELLOW heartbeat could be that inactive malware has been detected or a PUA (Potentially Unwanted Application) has been detected.
32.
In Lab 7 you simulated a computer with a missing heartbeat, and interrogated the XG Firewall for computers with a missing heartbeat.
How does the XG Firewall identify computers that are missing the Security Heartbeat?
Select one:
Correct Answer
C. MAC Address
Explanation
The XG Firewall identifies computers that are missing the Security Heartbeat based on their MAC Address.
33.
You have a RED device deployed at a remote network in a standard/split configuration. When you connect a Sophos access point to the remote network, it never appears in the pending access point list on the XG Firewall.
What configuration change needs to be made for the RED connection?
Select one:
Correct Answer
C. Add 1.2.3.4 to the remote network list
Explanation
Adding 1.2.3.4 to the remote network list will allow the Sophos access point to be recognized by the XG Firewall.
34.
Wireless access points are being deployed across a large office space. There will only be one network broadcast from the access points and because of the large space, you would like to take advantage of Fast BSS to ensure that users have the best roaming experience.
What security modes can be used to support Fast BSS? (select all that apply)
Select one or more:
Correct Answer
C. WPA2
Explanation
WPA2 can be used to support Fast BSS. WPA2 is the most secure security mode among the options given. It provides stronger encryption and authentication compared to WEP and WPA, making it the ideal choice for ensuring the security of the network while also allowing for a seamless roaming experience for users in the large office space.
35.
You have a large network that spans many different subnets. Wireless has been deployed in the network however there are issues with access points communicating back to the XG Firewall. You have identified security devices in the network that may be blocking ports between the XG Firewall and the APs.
What ports need to be open to allow for proper wireless communication? (select all that apply)
Select one or more:
Correct Answer(s)
A. 414 UDP
B. 2712 TCP
C. 415 UDP
Explanation
The correct answer is 414 UDP, 2712 TCP, and 415 UDP. These ports need to be open to allow for proper wireless communication between the access points and the XG Firewall. The UDP protocol is used for port 414 and 415, while the TCP protocol is used for port 2712. By opening these ports, the access points will be able to communicate with the XG Firewall effectively, resolving the communication issues.
36.
You are working with a large customer with offices in countries all round the world, including London, New York, Milan, Sidney and Singapore.
Your customer is already using XG Firewall at all of their offices, and now wants to roll out wireless access points at all sites to provide wireless access to their main internal network, as well as guest networks.
In order to prepare for the rollout, what actions would you recommend to the customer in order to gather information and plan out the wireless deployment in the various offices? (select all that apply)
Select one or more:
Correct Answer(s)
A. Determine if any of the walls or ceilings are made of materials that will significantly impede the signal
B. Floor plan of the offices
C. Perform a site survey at the various locations
D. Scan the to see which channels are being used by other wireless networks
F. Estimate the number of devices that will be connecting at each location
Explanation
To gather information and plan out the wireless deployment, it is recommended to determine if any of the walls or ceilings are made of materials that will significantly impede the signal. This is important to ensure that the wireless access points can provide adequate coverage in all areas. Additionally, obtaining the floor plan of the offices will help in identifying the optimal locations for installing the access points. Performing a site survey at the various locations will further assess the signal strength and potential interference sources. Scanning the channels used by other wireless networks will help in selecting the least congested channels for deployment. Lastly, estimating the number of devices that will be connecting at each location is necessary to determine the capacity requirements for the wireless network.
37.
An existing customer wants to roll out VPN access to a large number of users.
What should they consider when choosing which type of VPN to use?
Select one or more:
Correct Answer(s)
B. How heavily utilized the current device is
C. The cost of the VPN client
D. Specific security requirements
E. How much bandwidth is available where the XG is located
Explanation
When choosing which type of VPN to use for rolling out VPN access to a large number of users, several factors should be considered. Firstly, the heaviness of the current device's utilization is important to ensure that it can handle the increased workload. Secondly, the cost of the VPN client needs to be taken into account to ensure it fits within the budget. Additionally, specific security requirements must be considered to ensure the chosen VPN meets the necessary security standards. Lastly, the amount of available bandwidth where the XG is located should be considered to ensure smooth and efficient VPN connections.
38.
On which devices can you disable HA? (select all that apply)
Select one or more:
Correct Answer(s)
A. Primary
C. Standalone
Explanation
You can disable HA on the Primary device and the Standalone device. This means that you have the option to turn off High Availability on these devices.
39.
Which of the following statements are TRUE about the virtual MAC address in an Active-Active HA cluster? (select all that apply)
Select one or more:
Correct Answer(s)
A. The primary device owns the virtual MAC address
D. There is one virtual MAC address for each interface except the dedicated HA port
Explanation
The primary device owns the virtual MAC address, meaning that it is responsible for responding to ARP requests for the virtual MAC address. Additionally, there is one virtual MAC address for each interface except the dedicated HA port. This means that each interface in the Active-Active HA cluster has its own unique virtual MAC address.
40.
Which of the following statements are TRUE about the port that is used for the dedicated HA link? (select all that apply)
Select one or more:
Correct Answer(s)
B. Must have the SSH admin service enabled
D. Must be in a zone of type DMZ
F. Must be the same port on both devices
G. The IP address must be in the same subnet on both devices
Explanation
The port used for the dedicated HA link must have the SSH admin service enabled because it is used for secure communication between the devices. It must also be in a zone of type DMZ, which is a demilitarized zone that separates the internal network from the external network. The port must be the same on both devices to establish a connection, and the IP address assigned to the port must be in the same subnet on both devices for proper communication.
41.
Which of the following are prerequisites for creating a HA cluster? (select all that apply)
Select one or more:
Correct Answer(s)
A. The MTU-MSS on the dedicated port should be default
B. Hardware devices must be the same model
D. The SopHos XG Firewall firmware version must be the same
E. Devices must have the same number of ports
Explanation
To create a high availability (HA) cluster, several prerequisites need to be met. The first requirement is that the MTU-MSS (Maximum Transmission Unit - Maximum Segment Size) on the dedicated port should be set to default. This ensures proper communication between the devices in the cluster. Secondly, the hardware devices must be the same model to ensure compatibility and seamless failover. Additionally, the Sophos XG Firewall firmware version must be the same on all devices to ensure consistent functionality and configuration. Lastly, the devices must have the same number of ports to ensure proper network connectivity and redundancy.
42.
In Lab 8 you created an Active-Active cluster, and then an Active-Passive cluster.
How do you convert an Active-Active cluster into an Active-Passive cluster?
Select one:
Correct Answer
B. Disable HA and create a new cluster
Explanation
To convert an Active-Active cluster into an Active-Passive cluster, the HA (High Availability) needs to be disabled and a new cluster needs to be created. This involves configuring one device as the active device and the other device as the passive device. The active device will handle all the traffic and the passive device will remain idle until the active device fails, at which point it will take over the traffic handling responsibilities.
43.
What are the primary considerations when sizing a RED? (select all that apply)
Select one or more:
Correct Answer(s)
B. Dual WAN ports
C. Throughput (Mbit/s)
D. VLAN tagging
F. Built-in wireless
Explanation
When sizing a RED, the primary considerations include the number of users, throughput (Mbit/s), VLAN tagging, and built-in wireless. Dual WAN ports and LCD display are not mentioned as primary considerations for sizing a RED.
44.
When you are sizing for a virtual XG Firewall, what performance decrease should you allow for the hypervisor?
Select one:
Correct Answer
B. 10%
Explanation
When sizing for a virtual XG Firewall, it is important to consider the performance decrease caused by the hypervisor. The correct answer is 10%. This means that when determining the required resources for the virtual firewall, you should account for a 10% decrease in performance due to the hypervisor overhead. This ensures that the virtual firewall has enough resources to handle the expected workload efficiently and effectively.
45.
A customer wants to protect external access to their Exchange server using Web Server Protection on the XG Firewall.
What information would you need to be able to accurately size this?
Select one or more:
Correct Answer(s)
C. The peak number of concurrent users
E. The number of mailboxes on the Exchange Server
G. Whether they will be using dual AV scanning
Explanation
To accurately size the Web Server Protection on the XG Firewall for protecting external access to the Exchange server, the information needed includes the peak number of concurrent users, the number of mailboxes on the Exchange Server, and whether they will be using dual AV scanning. This information is crucial for determining the appropriate capacity and resources required to handle the expected load and ensure effective protection for the server. The average number of concurrent users, the issuer of the HTTPS certificate, who their ISP is, and the size of the mailboxes are not directly relevant to sizing the Web Server Protection.
46.
A company is looking at replacing their existing firewall with a Sophos XG firewall. They also have an aging web filter they would like to replace. The company has 100 users that will need access through the firewall. Of those, half would be considered advanced users and the other half just browse the internet and check their email. There are also 25 users that work from home and are connected via VPN back to the company 100% of the time. Just to be safe, they are considering the system load to be high.
What device would be recommended for them?
You may want to refer to the sizing guide. Please use this version of the sizing guide.
Select One :
Correct Answer
F. XG310
Explanation
Based on the given information, the company has 100 users, with half being advanced users and the other half browsing the internet and checking email. Additionally, there are 25 users connected via VPN back to the company at all times. Considering the system load to be high, the recommended device would be the XG310. This device is capable of handling the number of users and the high system load effectively.
47.
A customer has called you because they have forgotten their admin password and there are no other admin users defined.
How can your customer regain access to the XG Firewall?
Select one:
Correct Answer
A. Boot into SF Loader and reset the admin password to default
48.
How do you read the contents of a Consolidated Troubleshooting Report (CTR)?
Select one:
Correct Answer
D. It is encrypted and can only be read by SopHos
49.
In Lab 9 you retrieved a log file from an XG Firewall.
How is this done?
Select one:
Correct Answer
D. Upload them to an FTP server from the XG Firewall
Explanation
To retrieve a log file from an XG Firewall, the logs need to be uploaded to an FTP server from the XG Firewall. This means that the log file is transferred from the firewall to an FTP server for further analysis or storage. The other options mentioned, such as using SCP, sending logs via email, or downloading them from the WebAdmin, are not the correct methods for retrieving log files from an XG Firewall.
50.
You are enabling SSH access to an XG Firewall using keys.
Which of the following algorithms could you use to generate the key? (select all that apply)
Select one or more:
Correct Answer(s)
A. ECDSA
B. DSA
C. RSA
Explanation
You can use ECDSA, DSA, and RSA algorithms to generate the key for enabling SSH access to an XG Firewall. These algorithms are commonly used for generating cryptographic keys and ensuring secure communication. ECDSA (Elliptic Curve Digital Signature Algorithm), DSA (Digital Signature Algorithm), and RSA (Rivest-Shamir-Adleman) are all widely accepted and secure algorithms for key generation in SSH.