Architecture Assessment Trivia Quiz

1. TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application rules. Select one:

True

False

IPS policies can indeed be applied to both User/Network rules and Business Application rules. Intrusion Prevention System (IPS) policies are designed to protect networks and systems from potential threats and attacks. These policies can include rules that define the behavior and actions allowed or blocked for users and network traffic, as well as rules specific to business applications. By applying IPS policies to both types of rules, organizations can enhance their overall security posture and mitigate risks from various sources.

Explanation

IPS policies can indeed be applied to both User/Network rules and Business Application rules. Intrusion Prevention System (IPS) policies are designed to protect networks and systems from potential threats and attacks. These policies can include rules that define the behavior and actions allowed or blocked for users and network traffic, as well as rules specific to business applications. By applying IPS policies to both types of rules, organizations can enhance their overall security posture and mitigate risks from various sources.

2. Wireless access points are being deployed across a large office space. There will only be one network broadcast from the access points and because of the large space, you would like to take advantage of Fast BSS to ensure that users have the best roaming experience. What security modes can be used to support Fast BSS? (select all that apply) Select one or more:

WEP

WPA

WPA2

WPA2 can be used to support Fast BSS. WPA2 is the most secure security mode among the options given. It provides stronger encryption and authentication compared to WEP and WPA, making it the ideal choice for ensuring the security of the network while also allowing for a seamless roaming experience for users in the large office space.

Explanation

WPA2 can be used to support Fast BSS. WPA2 is the most secure security mode among the options given. It provides stronger encryption and authentication compared to WEP and WPA, making it the ideal choice for ensuring the security of the network while also allowing for a seamless roaming experience for users in the large office space.

3. A customer has called you because they have forgotten their admin password and there are no other admin users defined. How can your customer regain access to the XG Firewall? Select one:

Boot into SF Loader and reset the admin password to default

The device will need to be RMA'd to Sophos

Reset the password from the Sophos website

Reset the password from the MyUTM portal

Sophos can remotely reset the admin password

Use the 'Forgot password' link on the WebAdmin login page

not-available-via-ai

Explanation

not-available-via-ai

4. Your customer has an XG Firewall that is deployed in gateway mode, and they want to create a bridge pair with an interface in a LAN zone and an interface in a DMZ. Can this be done? Select one:

Yes

No

Check the image on page 40

Explanation

Check the image on page 40

5. In Lab 3 you configured a local NAT policy. What would the command be to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45? Select one:

Set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45

Set advanced-firewall sys-traffic-nat add destination * snatip 10.1.1.45

Set advanced-firewall sys-traffic-nat add snatip 10.1.1.45

The correct command to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45 is "set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45". This command sets up a NAT policy that specifies a destination of 0.0.0.0 netmask 0.0.0.0, which represents all traffic, and SNATs it to the IP address 10.1.1.45.

Explanation

The correct command to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45 is "set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45". This command sets up a NAT policy that specifies a destination of 0.0.0.0 netmask 0.0.0.0, which represents all traffic, and SNATs it to the IP address 10.1.1.45.

6. In Lab 2 you created a bridge with two ports that were both in the LAN zone, but the computers were not able to ping each other. If both ports are in the same zone why could the computers not ping each other? Select one:

There was no firewall rule to allow traffic from the LAN zone to another port in the LAN zone

Routing had not been enabled for the bridge pair

ICMP had not been enabled for the LAN zone

The computers were not able to ping each other because there was no firewall rule in place to allow traffic from the LAN zone to another port in the LAN zone. Without this rule, the firewall was blocking the communication between the computers even though they were in the same zone.

Explanation

The computers were not able to ping each other because there was no firewall rule in place to allow traffic from the LAN zone to another port in the LAN zone. Without this rule, the firewall was blocking the communication between the computers even though they were in the same zone.

7. In Lab 7 you simulated a computer with a missing heartbeat, and interrogated the XG Firewall for computers with a missing heartbeat. How does the XG Firewall identify computers that are missing the Security Heartbeat? Select one:

User

Client ID

MAC Address

IP Address

Hostname

Live lookup to Sophos Central

The XG Firewall identifies computers that are missing the Security Heartbeat based on their MAC Address.

Explanation

The XG Firewall identifies computers that are missing the Security Heartbeat based on their MAC Address.

8. You have a RED device deployed at a remote network in a standard/split configuration. When you connect a Sophos access point to the remote network, it never appears in the pending access point list on the XG Firewall. What configuration change needs to be made for the RED connection? Select one:

Add the IP address of the XG firewall to the split networks

Add the IP address of the access point to the split networks

Add 1.2.3.4 to the remote network list

Configure a split DNS server address

Adding 1.2.3.4 to the remote network list will allow the Sophos access point to be recognized by the XG Firewall.

Explanation

Adding 1.2.3.4 to the remote network list will allow the Sophos access point to be recognized by the XG Firewall.

9. When configuring a RED manually with a USB stick, what do you need to consider? (select all that apply) Select one:

The WAN interface must have a static IP address

If you lose the unlock code the RED cannot ever be connected to another Sophos XG Firewall

The USB key must never be unplugged from the RED

If you lose the unlock code for the RED device, it cannot be connected to another Sophos XG Firewall. This means that the device will be permanently locked and unable to establish a connection with any other firewall. Therefore, it is important to keep the unlock code safe and secure to ensure the proper functioning of the RED device.

Explanation

If you lose the unlock code for the RED device, it cannot be connected to another Sophos XG Firewall. This means that the device will be permanently locked and unable to establish a connection with any other firewall. Therefore, it is important to keep the unlock code safe and secure to ensure the proper functioning of the RED device.

10. In Lab 4 you configured Web Server Protection. When configuring Web Server Protection, how do you identify which rules and paths you need to create exceptions for? Select one:

By reviewing the reverseproxy.log

By performing a packet capture

Enable debug logging and generate a CTR

Using trial and error

When configuring Web Server Protection, reviewing the reverseproxy.log is the most effective way to identify which rules and paths need to be created exceptions for. The reverseproxy.log contains detailed information about the requests and responses that the web server receives and sends. By analyzing this log, you can identify any patterns or specific requests that need to be exempted from the standard rules and paths. This allows you to fine-tune the Web Server Protection configuration and ensure that legitimate traffic is not blocked or affected by the security measures in place.

Explanation

When configuring Web Server Protection, reviewing the reverseproxy.log is the most effective way to identify which rules and paths need to be created exceptions for. The reverseproxy.log contains detailed information about the requests and responses that the web server receives and sends. By analyzing this log, you can identify any patterns or specific requests that need to be exempted from the standard rules and paths. This allows you to fine-tune the Web Server Protection configuration and ensure that legitimate traffic is not blocked or affected by the security measures in place.

11. In Lab 3 you configured an advanced DoS policy. What command can you use to see the existing dos rules? Select one:

System dos-config show dos-rules

Show dos-config rules

Dos-config show dos-policies

System show dos-rules

The correct answer is "system dos-config show dos-rules". This command is used to view the existing DoS rules in Lab 3.

Explanation

The correct answer is "system dos-config show dos-rules". This command is used to view the existing DoS rules in Lab 3.

12. What does the command "service -S" do? Select one:

Start a specific service

List all of the services and their current state

Show the state of a specific service

Stop a specific service

The command "service -S" lists all of the services and their current state. This command provides an overview of the status of all services running on the system, allowing the user to see which services are currently active or inactive. It is a useful command for system administrators or users who need to monitor the status of various services on their system.

Explanation

The command "service -S" lists all of the services and their current state. This command provides an overview of the status of all services running on the system, allowing the user to see which services are currently active or inactive. It is a useful command for system administrators or users who need to monitor the status of various services on their system.

13. What is the importance of using a valid email address when you enable RED services on the XG Firewall? Select one:

RED notification emails will be sent to this address

You will be sent a confirmation email and have to click a link to complete the process

The unlock codes for REDs will be sent to this email address

When you enable RED services on the XG Firewall, it is important to use a valid email address because the unlock codes for REDs will be sent to this email address. These unlock codes are necessary to complete the setup process and activate the RED devices. Using a valid email address ensures that you receive the unlock codes and can successfully complete the configuration of the RED services on the XG Firewall.

Explanation

When you enable RED services on the XG Firewall, it is important to use a valid email address because the unlock codes for REDs will be sent to this email address. These unlock codes are necessary to complete the setup process and activate the RED devices. Using a valid email address ensures that you receive the unlock codes and can successfully complete the configuration of the RED services on the XG Firewall.

14. Your customer wants to create a gateway on a VLAN interface in their Intranet zone to use in a policy routing rule. Can they do this? Select one:

YES

NO

Yes, the customer can create a gateway on a VLAN interface in their Intranet zone to use in a policy routing rule. This means they can set up a specific route for traffic coming from that VLAN interface, allowing them to control how the traffic is routed within their network.

Explanation

Yes, the customer can create a gateway on a VLAN interface in their Intranet zone to use in a policy routing rule. This means they can set up a specific route for traffic coming from that VLAN interface, allowing them to control how the traffic is routed within their network.

15. In Lab 9 you retrieved a log file from an XG Firewall. How is this done? Select one:

Use SCP to copy the file from the XG Firewall

Send the logs via email

Download them from the WebAdmin

Upload them to an FTP server from the XG Firewall

To retrieve a log file from an XG Firewall, the logs need to be uploaded to an FTP server from the XG Firewall. This means that the log file is transferred from the firewall to an FTP server for further analysis or storage. The other options mentioned, such as using SCP, sending logs via email, or downloading them from the WebAdmin, are not the correct methods for retrieving log files from an XG Firewall.

Explanation

To retrieve a log file from an XG Firewall, the logs need to be uploaded to an FTP server from the XG Firewall. This means that the log file is transferred from the firewall to an FTP server for further analysis or storage. The other options mentioned, such as using SCP, sending logs via email, or downloading them from the WebAdmin, are not the correct methods for retrieving log files from an XG Firewall.

16. You want to create a rule so that only traffic from secure servers in the network use the second Internet connection (WAN 2). What type of rule do you need to create? Select one:

Policy Routing Rule

BGP Route

Business Application Rule

Static Route

A policy routing rule needs to be created in order to ensure that only traffic from secure servers in the network uses the second Internet connection (WAN 2). This rule will allow for the specific routing of traffic based on certain policies or criteria, in this case, the security level of the server. By implementing a policy routing rule, the network administrator can effectively direct traffic from secure servers to the desired Internet connection, while other traffic can continue to use the default connection.

Explanation

A policy routing rule needs to be created in order to ensure that only traffic from secure servers in the network uses the second Internet connection (WAN 2). This rule will allow for the specific routing of traffic based on certain policies or criteria, in this case, the security level of the server. By implementing a policy routing rule, the network administrator can effectively direct traffic from secure servers to the desired Internet connection, while other traffic can continue to use the default connection.

17. How do you read the contents of a Consolidated Troubleshooting Report (CTR)? Select one:

Upload the CTR to the MyUTM site and use the web-based viewer

Use the viewer in the WebAdmin

Use the standalone tool from the Sophos Website

It is encrypted and can only be read by Sophos

not-available-via-ai

Explanation

not-available-via-ai

18. When you are sizing for a virtual XG Firewall, what performance decrease should you allow for the hypervisor? Select one:

12%

10%

5%

15%

7%

When sizing for a virtual XG Firewall, it is important to consider the performance decrease caused by the hypervisor. The correct answer is 10%. This means that when determining the required resources for the virtual firewall, you should account for a 10% decrease in performance due to the hypervisor overhead. This ensures that the virtual firewall has enough resources to handle the expected workload efficiently and effectively.

Explanation

When sizing for a virtual XG Firewall, it is important to consider the performance decrease caused by the hypervisor. The correct answer is 10%. This means that when determining the required resources for the virtual firewall, you should account for a 10% decrease in performance due to the hypervisor overhead. This ensures that the virtual firewall has enough resources to handle the expected workload efficiently and effectively.

19. A client contacts you complaining that their virtual XG firewall has been running very slowly. The client is running a central XG firewall on a virtual host and has over 100 remote locations connected to this host via XG to XG RED tunnels. They have followed the best practices for firewall and security configurations. After gathering some information on the existing setup, you find that the virtual host is running on older hardware and the CPU's are consistently showing very high utilization. Without compromising the security of the device or the network, what would you recommend to the customer to help alleviate the slowness problem? Select one:

Turn off Tunnel Compression on all of the RED tunnels between the Host and the remote locations

Add a second virtual XG firewall to the virtual host and move half of the RED connections to it

Disable IPS on any policies not using HTTP

Explanation

20. A customer calls you because some settings have been changed on their XG Firewall by the admin user. Your customer is the only person that knows the admin password but some of the IT department have access using SSH keys. How can your customer identify who logged in to make the changes? Select one:

Find the SSH key in dropbear.log

This information cannot be found

Check the audit.log

Search in the Log Viewer

The customer can identify who logged in to make the changes by finding the SSH key in the dropbear.log. This log file records all SSH key-based authentication attempts and provides information about the user who logged in using the SSH key. By examining the dropbear.log, the customer can determine which IT department member accessed the XG Firewall and made the changes.

Explanation

The customer can identify who logged in to make the changes by finding the SSH key in the dropbear.log. This log file records all SSH key-based authentication attempts and provides information about the user who logged in using the SSH key. By examining the dropbear.log, the customer can determine which IT department member accessed the XG Firewall and made the changes.

21. Look at the diagram below. Where does DNAT happen? Select one or more:

1

2

3

4

5

6

7

Check the image on page 55

Explanation

Check the image on page 55

Submit

22. Which of the following dynamic routing protocols are supported by Sophos XG Firewall? (select all that apply) Select one or more:

EIGRP

RIP

OSPF

IS-IS

IGRP

BGP

PIM-SM

Check the image on page no 76

Explanation

Check the image on page no 76

Submit

23. You are the network administrator of the Sophos Store, a large retailer of socks and stickers.The Sophos Store has a head office in London with branch offices in New York and Vancouver and retail stores located throughout the world.

The Sophos Store has multiple servers in subnet 192.168.1.0/2
The user network subnet is 172.16.1.0/24
Sophos Store would like to increase the internal bandwidth for each server

For the above scenario, select which of the following you would recommend to Sophos Store. Select One :

Add another NIC to the server and configure Gateway mode with Multi port L3 bridge

Connect another XG Firewall Port to the switch and configure Active-Backup LAG

Connect another XG Firewall Port to the switch and configure 802.3ad LAG

Add another NIC to the server and make L3 bridge with multiple ports

Connecting another XG Firewall Port to the switch and configuring 802.3ad LAG would be recommended to Sophos Store. This would allow for the aggregation of multiple ports, increasing the internal bandwidth for each server. LAG (Link Aggregation Group) combines multiple physical connections into a single logical connection, providing higher throughput and redundancy. 802.3ad is a standard for link aggregation that ensures load balancing and fault tolerance across the aggregated links. This solution would effectively enhance the internal bandwidth for the servers at the Sophos Store.

Explanation

Connecting another XG Firewall Port to the switch and configuring 802.3ad LAG would be recommended to Sophos Store. This would allow for the aggregation of multiple ports, increasing the internal bandwidth for each server. LAG (Link Aggregation Group) combines multiple physical connections into a single logical connection, providing higher throughput and redundancy. 802.3ad is a standard for link aggregation that ensures load balancing and fault tolerance across the aggregated links. This solution would effectively enhance the internal bandwidth for the servers at the Sophos Store.

24. What ports are used by the RED 15 and RED 50? (select all that apply) Select one or more:

TCP:443

TCP:3400

TCP:3410

UDP:500

UDP:3400

UDP:3410

Check on the page no 219 At the remote location, the RED requires:

• A power connection

• A network connection

• A DHCP server to provide an IP address, DNS server and default gateway

• Port 3400 TCP (COMMON FOR ALL RED DEVICE)

• Port 3400 UDP (RED 10)

• Port 3410 UDP (RED 50 and RED 15)

Explanation

Check on the page no 219 At the remote location, the RED requires:

• A power connection

• A network connection

• A DHCP server to provide an IP address, DNS server and default gateway

• Port 3400 TCP (COMMON FOR ALL RED DEVICE)

• Port 3400 UDP (RED 10)

• Port 3410 UDP (RED 50 and RED 15)

Submit

25. Your company is configuring a site to site VPN with another company in order to share information for an upcoming project. The two networks have the following IP address network ranges: What feature can be used in the IPsec site-to-site VPN on an XG Firewall in order to allow communication between these networks? Select one:

NAT Overlap

NAT Traversal

Route Precedence

VPN Failover

NAT Overlap can be used in the IPsec site-to-site VPN on an XG Firewall to allow communication between these networks. NAT Overlap is a feature that allows multiple devices on a private network to share a single public IP address. In this scenario, the two networks have overlapping IP address ranges, which means that without NAT Overlap, there would be conflicts and communication between the networks would not be possible. By enabling NAT Overlap, the XG Firewall can translate the overlapping IP addresses to unique addresses, ensuring that communication between the networks is successful.

Explanation

NAT Overlap can be used in the IPsec site-to-site VPN on an XG Firewall to allow communication between these networks. NAT Overlap is a feature that allows multiple devices on a private network to share a single public IP address. In this scenario, the two networks have overlapping IP address ranges, which means that without NAT Overlap, there would be conflicts and communication between the networks would not be possible. By enabling NAT Overlap, the XG Firewall can translate the overlapping IP addresses to unique addresses, ensuring that communication between the networks is successful.

26. In Lab 8 you created an Active-Active cluster, and then an Active-Passive cluster. How do you convert an Active-Active cluster into an Active-Passive cluster? Select one:

Use the "system ha active-active off" command

Disable HA and create a new cluster

Change the cluster mode on the primary device

To convert an Active-Active cluster into an Active-Passive cluster, the HA (High Availability) needs to be disabled and a new cluster needs to be created. This involves configuring one device as the active device and the other device as the passive device. The active device will handle all the traffic and the passive device will remain idle until the active device fails, at which point it will take over the traffic handling responsibilities.

Explanation

To convert an Active-Active cluster into an Active-Passive cluster, the HA (High Availability) needs to be disabled and a new cluster needs to be created. This involves configuring one device as the active device and the other device as the passive device. The active device will handle all the traffic and the passive device will remain idle until the active device fails, at which point it will take over the traffic handling responsibilities.

27. In Lab 4 you configured a Webserver Protection Business Application Rule that load-balanced two intranet severs. How could you configure this so that one of the servers is the primary server and the other is only used as a backup? Select one:

Enable Path-specific routing and select 'Hot-standby mode'

Web Server Protection cannot do this, you need to use a load-balancing Business Application Rule

Enable 'Sticky Sessions'

Create two separate Business Application Rules, the top one will be the primary

not-available-via-ai

Explanation

not-available-via-ai

28. What is used to determine which channels the access point can broadcast on? Select one:

The Zone the access point is in

The country selected when the access point was accepted on the XG Firewall

The number of radios the access point can use at one time

The letter designation after the access point model number

The country selected when the access point was accepted on the XG Firewall is used to determine which channels the access point can broadcast on. Different countries have different regulations and restrictions regarding wireless frequencies and channels. The access point needs to comply with these regulations and can only broadcast on channels that are allowed in the selected country.

Explanation

The country selected when the access point was accepted on the XG Firewall is used to determine which channels the access point can broadcast on. Different countries have different regulations and restrictions regarding wireless frequencies and channels. The access point needs to comply with these regulations and can only broadcast on channels that are allowed in the selected country.

29. You are enabling SSH access to an XG Firewall using keys. Which of the following algorithms could you use to generate the key? (select all that apply) Select one or more:

ECDSA

DSA

RSA

SHA2556

DES

AES256

You can use ECDSA, DSA, and RSA algorithms to generate the key for enabling SSH access to an XG Firewall. These algorithms are commonly used for generating cryptographic keys and ensuring secure communication. ECDSA (Elliptic Curve Digital Signature Algorithm), DSA (Digital Signature Algorithm), and RSA (Rivest-Shamir-Adleman) are all widely accepted and secure algorithms for key generation in SSH.

Explanation

You can use ECDSA, DSA, and RSA algorithms to generate the key for enabling SSH access to an XG Firewall. These algorithms are commonly used for generating cryptographic keys and ensuring secure communication. ECDSA (Elliptic Curve Digital Signature Algorithm), DSA (Digital Signature Algorithm), and RSA (Rivest-Shamir-Adleman) are all widely accepted and secure algorithms for key generation in SSH.

Submit

30. You have a large network that spans many different subnets. Wireless has been deployed in the network however there are issues with access points communicating back to the XG Firewall. You have identified security devices in the network that may be blocking ports between the XG Firewall and the APs. What ports need to be open to allow for proper wireless communication? (select all that apply) Select one or more:

414 UDP

2712 TCP

415 UDP

3148 UDP

443 TCP

The correct answer is 414 UDP, 2712 TCP, and 415 UDP. These ports need to be open to allow for proper wireless communication between the access points and the XG Firewall. The UDP protocol is used for port 414 and 415, while the TCP protocol is used for port 2712. By opening these ports, the access points will be able to communicate with the XG Firewall effectively, resolving the communication issues.

Explanation

The correct answer is 414 UDP, 2712 TCP, and 415 UDP. These ports need to be open to allow for proper wireless communication between the access points and the XG Firewall. The UDP protocol is used for port 414 and 415, while the TCP protocol is used for port 2712. By opening these ports, the access points will be able to communicate with the XG Firewall effectively, resolving the communication issues.

Submit

31. Your customer has called you because they have a computer with a YELLOW heartbeat and they are not sure what this means. What do you tell your customer are possible causes of this? (select all that apply) Select one or more:

Malware has not been cleaned up

Malicious traffic to a known C&C server has been detected

Active malware has been detected

The Endpoint Agent is not running

Inactive malware has been detected

A PUA (Potentially Unwanted Application) has been detected

Communications to a known bad host has been detected

Possible causes of a computer with a YELLOW heartbeat could be that inactive malware has been detected or a PUA (Potentially Unwanted Application) has been detected.

Explanation

Possible causes of a computer with a YELLOW heartbeat could be that inactive malware has been detected or a PUA (Potentially Unwanted Application) has been detected.

Submit

32. You are troubleshooting STAS issues for a customer and want to check that logins are being reported to the XG Firewall by STAS.

The IP address of the XG Firewall is 172.16.16.16
The IP address of the STA Collector is 172.16.16.50
The IP address of the STA Agent is 172.16.16.43

What command would you use? Select one:

Tcpdump "host 172.16.16.78 and port 6060"

Tcpdump "host 172.16.16.50 and port 5566"

Tcpdump "host 172.16.16.78 and port 6677"

Tcpdump "host 172.16.16.43 and port 6677"

Tcpdump "host 172.16.16.43 and port 5566"

Tcpdump "host 172.16.16.16 and port 6677"

Tcpdump "host 172.16.16.16 and port 6060"

The correct answer is "tcpdump "host 172.16.16.16 and port 6060". This command will capture network traffic on the XG Firewall with the IP address 172.16.16.16 and the port number 6060. By using this command, you can check if logins are being reported to the XG Firewall by STAS.

Explanation

The correct answer is "tcpdump "host 172.16.16.16 and port 6060". This command will capture network traffic on the XG Firewall with the IP address 172.16.16.16 and the port number 6060. By using this command, you can check if logins are being reported to the XG Firewall by STAS.

33. Your customer's environment consists of a number of Windows servers, as well as Windows and Mac desktops and laptops. Users have commented that accessing files on the server has been slower since the new firewall was installed. After examining the configuration, you document that the servers are located in a separate zone called SERVERS and the users are located in the LAN zone. After researching the issue further, you believe that the issue is related to the IPS scanning of the traffic as it is passing from the LAN to the SERVERS zone. Currently, the LAN to DMZ IPS policy is applied to the network rule allowing the traffic to pass from one zone to the other. Which of the following options would you recommend to improve the performance for the users transferring files between the zones? Select one:

Disable IPS for the LAN zone to the SERVERS zone

Configure the Local NAT Policy on the firewall

Change the FastPath threshold value

Configure a more appropriate IPS policy for the LAN zone to the SERVERS zone

Adjust the size of the connection tracking database

Turn off Strict Policy on the firewall

The given scenario suggests that the slow file access issue is due to the IPS scanning of traffic between the LAN and SERVERS zone. To improve performance, it is recommended to configure a more appropriate IPS policy for the LAN zone to the SERVERS zone. This means adjusting the IPS settings to better suit the traffic between these zones, potentially reducing the scanning overhead and improving file transfer speeds.

Explanation

The given scenario suggests that the slow file access issue is due to the IPS scanning of traffic between the LAN and SERVERS zone. To improve performance, it is recommended to configure a more appropriate IPS policy for the LAN zone to the SERVERS zone. This means adjusting the IPS settings to better suit the traffic between these zones, potentially reducing the scanning overhead and improving file transfer speeds.

34. Your customer has configured Security Heartbeat on their XG Firewall so that only computers that have a GREEN heartbeat status are able to connect to the intranet servers. The computers that are connecting through an SSL remote access VPN using split tunneling are unable to access the intranet servers. What can the customer to do to resolve the problem? (select all that apply) Select one or more:

Configure the heartbeat IP address as a permitted network resource in the VPN profile

Configure the DNS server for the computer to be the XG Firewall

Enable VPN support for the firewall in Sophos Central

Add the WAN port to the permitted network resources for the VPN

Add 'cloud.sophos.com' to the VPN permitted network resourced

The customer should configure the heartbeat IP address as a permitted network resource in the VPN profile. This will allow the computers connecting through the SSL remote access VPN to access the intranet servers by recognizing their GREEN heartbeat status.

Explanation

The customer should configure the heartbeat IP address as a permitted network resource in the VPN profile. This will allow the computers connecting through the SSL remote access VPN to access the intranet servers by recognizing their GREEN heartbeat status.

35. In Lab 5, if the New York Gateway had 2 WAN connections, then how many IPsec connections would be created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes? Select one :

1

2

3

4

6

8

10

If the New York Gateway had 2 WAN connections, then there would be a total of 4 IPsec connections created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes. Each WAN connection would require 2 IPsec connections, resulting in a total of 4 IPsec connections.

Explanation

If the New York Gateway had 2 WAN connections, then there would be a total of 4 IPsec connections created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes. Each WAN connection would require 2 IPsec connections, resulting in a total of 4 IPsec connections.

36. Your XG Firewall is configured with multiple IP addresses on the WAN interface that are used to publish various services. How would you specify the IP address that should be used for traffic that originates from the XG Firewall? Select one:

Configure a Local NAT policy

Create a firewall rule and enable 'Rewrite source address'

Enable the 'Default Interface' tab in the ports settings

Create a firewall rule and select the required gateway

To specify the IP address that should be used for traffic originating from the XG Firewall, you would configure a Local NAT policy. This allows you to define a specific IP address to be used as the source address for outbound traffic from the firewall. By configuring a Local NAT policy, you can ensure that traffic originating from the XG Firewall is sent out with the desired IP address, which is useful when publishing various services using multiple IP addresses on the WAN interface.

Explanation

To specify the IP address that should be used for traffic originating from the XG Firewall, you would configure a Local NAT policy. This allows you to define a specific IP address to be used as the source address for outbound traffic from the firewall. By configuring a Local NAT policy, you can ensure that traffic originating from the XG Firewall is sent out with the desired IP address, which is useful when publishing various services using multiple IP addresses on the WAN interface.

37. How many Business Application Rules do you need to create when configuring Web Server Protection for Microsoft Exchange? Select one:

5

6

3

4

1

2

When configuring Web Server Protection for Microsoft Exchange, you need to create 3 Business Application Rules. These rules are used to define the specific behavior and security settings for the web server. Each rule will specify the conditions and actions to be taken in order to protect the server and its resources.

Explanation

When configuring Web Server Protection for Microsoft Exchange, you need to create 3 Business Application Rules. These rules are used to define the specific behavior and security settings for the web server. Each rule will specify the conditions and actions to be taken in order to protect the server and its resources.

38. After configuring two new VPN connections, everything is running fine until the remote office loses Internet access. When it comes back up, the users are complaining that they can no longer access resources in the head office network. You verify that the Internet is working at both locations and then look at the VPN configuration, which is as below. What needs to be adjusted in the remote office? Select one:

Authentication Type

Action on VPN Restart

Remote IP Address

Connection Type

Policy

39. In which RED deployment mode do you need to configure the following?

IP address of the RED interface on the Sophos XG Firewall
Zone of the RED interface on the Sophos XG Firewall
DHCP Server
A list of split networks

Select one:

Standard/Split

Transparent/Split

Standard/Unified

In the Standard/Split deployment mode, the following configurations need to be made on the Sophos XG Firewall: IP address of the RED interface, Zone of the RED interface, DHCP Server, and a list of split networks. This mode allows the RED device to be connected to a separate network segment, and the traffic from the RED device is split between the local and remote networks.

Explanation

In the Standard/Split deployment mode, the following configurations need to be made on the Sophos XG Firewall: IP address of the RED interface, Zone of the RED interface, DHCP Server, and a list of split networks. This mode allows the RED device to be connected to a separate network segment, and the traffic from the RED device is split between the local and remote networks.

40. On which devices can you disable HA? (select all that apply) Select one or more:

Primary

Auxiliary

Standalone

You can disable HA on the Primary device and the Standalone device. This means that you have the option to turn off High Availability on these devices.

Explanation

You can disable HA on the Primary device and the Standalone device. This means that you have the option to turn off High Availability on these devices.

Submit

41. In Lab 5 you configured site-to-site VPN connections for multiple networks on both the London and New York sites. TRUE or FALSE: To create a VPN to multiple remote networks at a single location you need to create a VPN for each network. Select one:

True

False

To create a VPN to multiple remote networks at a single location, you do not need to create a VPN for each network. Instead, you can use a single VPN connection to connect to multiple remote networks simultaneously. This allows for more efficient and streamlined network management, as all the networks can be accessed through a single VPN connection.

Explanation

To create a VPN to multiple remote networks at a single location, you do not need to create a VPN for each network. Instead, you can use a single VPN connection to connect to multiple remote networks simultaneously. This allows for more efficient and streamlined network management, as all the networks can be accessed through a single VPN connection.

42. Your customer has deployed STAS on their network for single sign-on. Users at a small branch site that does not have a domain controller are not being authenticated with the XG Firewall at that site, but they can be seen in the Live Users list on the head office XG Firewall. The small branch site is connected to the head office using an SSL site-to-site VPN. What could be the problem? (select all that apply) Select one or more:

The agent may not be configured with the collector IP address

The collector may not be configured with the IP address of the branch office XG Firewall and vice versa

The XG Firewall in the branch office may not be configured to allow the Collector in the VPN zone

The problem could be that the collector is not configured with the IP address of the branch office XG Firewall and vice versa. This means that the collector is not able to communicate with the XG Firewall at the branch office, causing the authentication process to fail. Additionally, the XG Firewall in the branch office may not be configured to allow the collector in the VPN zone, further preventing authentication from taking place.

Explanation

The problem could be that the collector is not configured with the IP address of the branch office XG Firewall and vice versa. This means that the collector is not able to communicate with the XG Firewall at the branch office, causing the authentication process to fail. Additionally, the XG Firewall in the branch office may not be configured to allow the collector in the VPN zone, further preventing authentication from taking place.

Submit

43. In Lab 2 you configure policy routing for an MPLS scenario. When you created the firewall rules that allowed the traffic to the remote network you disabled NATing by deselecting the 'Rewrite source address' option. Why would the routing not have worked correctly if NATing been enabled in this scenario? Select one:

The traffic would not have matched a policy route on the LOCAL XG Firewall

The traffic would not have matched a firewall rule on the REMOTE XG Firewall

The traffic would not have matched a policy route on the REMOTE XG Firewall

The traffic would not have matched a firewall rule on the LOCAL XG Firewall

If NATing had been enabled in this scenario, the source address of the traffic would have been rewritten. This means that the firewall rule on the REMOTE XG Firewall, which was configured to allow traffic to the remote network, would not have matched the rewritten source address. Therefore, the traffic would not have matched a firewall rule on the REMOTE XG Firewall, resulting in the routing not working correctly.

Explanation

If NATing had been enabled in this scenario, the source address of the traffic would have been rewritten. This means that the firewall rule on the REMOTE XG Firewall, which was configured to allow traffic to the remote network, would not have matched the rewritten source address. Therefore, the traffic would not have matched a firewall rule on the REMOTE XG Firewall, resulting in the routing not working correctly.

44. You configured Web Server Authentication for a customer when you deployed their XG Firewall some time ago. The customer wants to allow another group to authenticate for the protected web service but does not know where to do this. Where do you direct your customer to add this group? Select one:

In the Authentication Template

In the Web Server Protection Policy

In the Path-specific routing

In the firewall authentication methods

In the Web Server Authentication Policy

In the Business Application Rule

In the Authentication Server

In order to add another group to authenticate for the protected web service, the customer should be directed to add this group in the Authentication Template.

Explanation

In order to add another group to authenticate for the protected web service, the customer should be directed to add this group in the Authentication Template.

45. A customer wants to confirm whether their planned configuration for a RED 50 is correct before implementing it. The configuration hasthe following:

The second IP/hostname for Sophos XG Firewall is configured for load balancing
The second uplink on a RED 50 is configured for failover

Assuming that no links have failed, the customer wants to confirm which connections would be actively used? (select all that apply) Select one or more:

RED 50 Uplink 2 to XG Firewall Hostname 2

RED 50 Uplink 1 to XG Firewall Hostname 2

RED 50 Uplink 2 to XG Firewall Hostname 1

RED 50 Uplink 1 to XG Firewall Hostname 1

The customer wants to confirm which connections would be actively used assuming no links have failed. The configuration states that the second IP/hostname for Sophos XG Firewall is configured for load balancing, and the second uplink on a RED 50 is configured for failover. This means that Uplink 1 will be actively used for both XG Firewall Hostname 2 and XG Firewall Hostname 1, while Uplink 2 will not be actively used for either hostname. Thus, the correct connections that would be actively used are RED 50 Uplink 1 to XG Firewall Hostname 2 and RED 50 Uplink 1 to XG Firewall Hostname 1.

Explanation

The customer wants to confirm which connections would be actively used assuming no links have failed. The configuration states that the second IP/hostname for Sophos XG Firewall is configured for load balancing, and the second uplink on a RED 50 is configured for failover. This means that Uplink 1 will be actively used for both XG Firewall Hostname 2 and XG Firewall Hostname 1, while Uplink 2 will not be actively used for either hostname. Thus, the correct connections that would be actively used are RED 50 Uplink 1 to XG Firewall Hostname 2 and RED 50 Uplink 1 to XG Firewall Hostname 1.

Submit

46. In Lab 6 you cleared the cached authentication status after installing STAS. How can you remove computers from the authentication cache? (select all that apply) Select one or more:

With the command "ipset -D lusers "

Flush the cache for the Authentication Server

Restart the Authentication service in the WebAdmin

Reinstall the STAS software

To remove computers from the authentication cache, you can use the command "ipset -D lusers" and restart the Authentication service in the WebAdmin. These actions will clear the cached authentication status and remove the computers from the cache.

Explanation

To remove computers from the authentication cache, you can use the command "ipset -D lusers" and restart the Authentication service in the WebAdmin. These actions will clear the cached authentication status and remove the computers from the cache.

Submit

47. Your customer is configuring Web Server for their webmail but is getting an error when they try to login. Look at the log file below and select what needs to be done to resolve the error. (select all that apply) Select One or more :

Create an antivirus exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Enable accept unhardened form data for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Add ID 9 to the filter rule skip list

Add ID 981003 to the filter rule skip list

Create a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Add ID 981200 to the filter rule skip list

The error in the log file suggests that there is a filter rule blocking the login process. By adding ID 981003 and ID 981200 to the filter rule skip list, the web server will bypass these specific filter rules and allow the login to proceed successfully. This will resolve the error and allow the customer to log in to their webmail.

Explanation

The error in the log file suggests that there is a filter rule blocking the login process. By adding ID 981003 and ID 981200 to the filter rule skip list, the web server will bypass these specific filter rules and allow the login to proceed successfully. This will resolve the error and allow the customer to log in to their webmail.

Submit

48. Following an extended period of growth your customer is starting to outgrow the capabilities of their current device. Your customer is considering whether they should purchase a second device that is the same is their existing model and create an Active-Active cluster, or whether they need to purchase a higher model device. You explain to your customer that not everything is load balanced in an Active-Active cluster. Which of the following types of traffic do you tell your customer are load balanced in Active-Active mode? (select all that apply) Select one or more:

VPN traffic

ICMP traffic

SNAT TCP traffic

UDP traffic

TCP traffic

VLAN traffic

In an Active-Active cluster, the types of traffic that are load balanced include SNAT TCP traffic, TCP traffic, and VLAN traffic. Load balancing ensures that these types of traffic are evenly distributed across multiple devices, improving performance and preventing overload on a single device. Other types of traffic such as VPN traffic, ICMP traffic, and UDP traffic may not be load balanced in an Active-Active cluster, meaning they may not be evenly distributed and may still rely on a single device for processing.

Explanation

In an Active-Active cluster, the types of traffic that are load balanced include SNAT TCP traffic, TCP traffic, and VLAN traffic. Load balancing ensures that these types of traffic are evenly distributed across multiple devices, improving performance and preventing overload on a single device. Other types of traffic such as VPN traffic, ICMP traffic, and UDP traffic may not be load balanced in an Active-Active cluster, meaning they may not be evenly distributed and may still rely on a single device for processing.

Submit

49. You are working with a large customer with offices in countries all round the world, including London, New York, Milan, Sidney and Singapore. Your customer is already using XG Firewall at all of their offices, and now wants to roll out wireless access points at all sites to provide wireless access to their main internal network, as well as guest networks. In order to prepare for the rollout, what actions would you recommend to the customer in order to gather information and plan out the wireless deployment in the various offices? (select all that apply) Select one or more:

Determine if any of the walls or ceilings are made of materials that will significantly impede the signal

Floor plan of the offices

Perform a site survey at the various locations

Scan the to see which channels are being used by other wireless networks

The number of computers connecting to the physical network

Estimate the number of devices that will be connecting at each location

The number of servers in each office

To gather information and plan out the wireless deployment, it is recommended to determine if any of the walls or ceilings are made of materials that will significantly impede the signal. This is important to ensure that the wireless access points can provide adequate coverage in all areas. Additionally, obtaining the floor plan of the offices will help in identifying the optimal locations for installing the access points. Performing a site survey at the various locations will further assess the signal strength and potential interference sources. Scanning the channels used by other wireless networks will help in selecting the least congested channels for deployment. Lastly, estimating the number of devices that will be connecting at each location is necessary to determine the capacity requirements for the wireless network.

Explanation

To gather information and plan out the wireless deployment, it is recommended to determine if any of the walls or ceilings are made of materials that will significantly impede the signal. This is important to ensure that the wireless access points can provide adequate coverage in all areas. Additionally, obtaining the floor plan of the offices will help in identifying the optimal locations for installing the access points. Performing a site survey at the various locations will further assess the signal strength and potential interference sources. Scanning the channels used by other wireless networks will help in selecting the least congested channels for deployment. Lastly, estimating the number of devices that will be connecting at each location is necessary to determine the capacity requirements for the wireless network.

Submit

50. How is a RED configured to connect to Sophos XG Firewall? (select all that apply) Select one or more:

The configuration is created on Sophos XG Firewall

The RED can load the configuration from a USB drive

The RED can download the configuration from the provisioning servers

The RED sends a discovery packet to the IP address 1.2.3.4

The RED can be configured using its own web interface

The configuration for a RED can be created directly on the Sophos XG Firewall. Additionally, the RED can load the configuration from a USB drive or download it from the provisioning servers. This allows for flexibility in how the RED is configured and allows for easy deployment and management of multiple RED devices.

Explanation

The configuration for a RED can be created directly on the Sophos XG Firewall. Additionally, the RED can load the configuration from a USB drive or download it from the provisioning servers. This allows for flexibility in how the RED is configured and allows for easy deployment and management of multiple RED devices.

Submit

51. You are helping a customer configure an IPsec site-to-site VPN using certificates for authentication. Your customer has created new certificates for each of the XG Firewalls on the XG Firewall in the head office. What do they need to import on the XG Firewall in the branch office? (select all that apply) Select one or more:

The CA certificate

The head office XG Firewall certificate

The branch office XG Firewall certificate

The CA private key

The head office XG Firewall private key

The branch office XG Firewall private key

The branch office XG Firewall needs to import the CA certificate, the head office XG Firewall certificate, the branch office XG Firewall certificate, the head office XG Firewall private key, and the branch office XG Firewall private key. This is because the CA certificate is required to verify the authenticity of the certificates, the head office XG Firewall certificate is needed for authentication, and the private keys are necessary for decrypting and encrypting the VPN traffic.

Explanation

The branch office XG Firewall needs to import the CA certificate, the head office XG Firewall certificate, the branch office XG Firewall certificate, the head office XG Firewall private key, and the branch office XG Firewall private key. This is because the CA certificate is required to verify the authenticity of the certificates, the head office XG Firewall certificate is needed for authentication, and the private keys are necessary for decrypting and encrypting the VPN traffic.

Submit

52. Which of the following statements are TRUE about the port that is used for the dedicated HA link? (select all that apply) Select one or more:

Must have the TELNET admin service enabled

Must have the SSH admin service enabled

Can be configured via DHCP

Must be in a zone of type DMZ

Must be in a zone of type HA

Must be the same port on both devices

The IP address must be in the same subnet on both devices

The port used for the dedicated HA link must have the SSH admin service enabled because it is used for secure communication between the devices. It must also be in a zone of type DMZ, which is a demilitarized zone that separates the internal network from the external network. The port must be the same on both devices to establish a connection, and the IP address assigned to the port must be in the same subnet on both devices for proper communication.

Explanation

The port used for the dedicated HA link must have the SSH admin service enabled because it is used for secure communication between the devices. It must also be in a zone of type DMZ, which is a demilitarized zone that separates the internal network from the external network. The port must be the same on both devices to establish a connection, and the IP address assigned to the port must be in the same subnet on both devices for proper communication.

Submit

53. A customer is having problems configuring Web Server Protection for a section of their website that dynamically generates a survey in the browser. What do they need to configure to resolve the problem? Select one:

Enabled 'Pass Outlook Anywhere' in the Protection Policy

Enable 'Rewrite HTML' in the Business Application Rule

Create an exception for that path that will skip static URL hardening

Create an exception for that path that will skip cookie signing

Enable 'Pass Host Header' in the Business Application Rule

Create an exception for that path that will 'Accept unhardened form data'

To resolve the problem, the customer needs to create an exception for the specific path that will allow the web server to accept unhardened form data. This means that the web server protection will not apply to the section of the website that dynamically generates the survey in the browser, allowing it to function properly without any configuration issues.

Explanation

To resolve the problem, the customer needs to create an exception for the specific path that will allow the web server to accept unhardened form data. This means that the web server protection will not apply to the section of the website that dynamically generates the survey in the browser, allowing it to function properly without any configuration issues.

54. You are sizing a hardware XG Firewall for a prospect that has the following requirements:

The company has 300 users
All of the users have access to the VPN for when they are out of the office, and regularly receive around 80 emails with attachmentsper day
75 of the users spend most of their time working remotely
The users have a mix of Windows and Mac computers
The company receives a high percentage of spam
They want to use the XG Firewall for network protection, email protection and web protection
The company has a 200Mbit Internet connection

What model do you recommend? You may want to refer to the sizing guide. Please use this version of the sizing guide. Select one:

XG450

XG310

XG330

XG550

XG430

Based on the given requirements, the XG430 model is recommended. This model can handle the 300 users and the 200Mbit Internet connection. It also supports VPN access for all users and can handle the high volume of emails with attachments. Additionally, it can provide network protection, email protection, and web protection, meeting the company's needs. The XG430 is suitable for a mix of Windows and Mac computers, making it a good fit for the company's user base.

Explanation

Based on the given requirements, the XG430 model is recommended. This model can handle the 300 users and the 200Mbit Internet connection. It also supports VPN access for all users and can handle the high volume of emails with attachments. Additionally, it can provide network protection, email protection, and web protection, meeting the company's needs. The XG430 is suitable for a mix of Windows and Mac computers, making it a good fit for the company's user base.

55. Which of the following are prerequisites for creating a HA cluster? (select all that apply) Select one or more:

The MTU-MSS on the dedicated port should be default

Hardware devices must be the same model

The MAC address must be overridden on the dedicated HA port

The Sophos XG Firewall firmware version must be the same

Devices must have the same number of ports

To create a high availability (HA) cluster, several prerequisites need to be met. The first requirement is that the MTU-MSS (Maximum Transmission Unit - Maximum Segment Size) on the dedicated port should be set to default. This ensures proper communication between the devices in the cluster. Secondly, the hardware devices must be the same model to ensure compatibility and seamless failover. Additionally, the Sophos XG Firewall firmware version must be the same on all devices to ensure consistent functionality and configuration. Lastly, the devices must have the same number of ports to ensure proper network connectivity and redundancy.

Explanation

To create a high availability (HA) cluster, several prerequisites need to be met. The first requirement is that the MTU-MSS (Maximum Transmission Unit - Maximum Segment Size) on the dedicated port should be set to default. This ensures proper communication between the devices in the cluster. Secondly, the hardware devices must be the same model to ensure compatibility and seamless failover. Additionally, the Sophos XG Firewall firmware version must be the same on all devices to ensure consistent functionality and configuration. Lastly, the devices must have the same number of ports to ensure proper network connectivity and redundancy.

Submit

56. A company is looking at replacing their existing firewall with a Sophos XG firewall. They also have an aging web filter they would like to replace. The company has 100 users that will need access through the firewall. Of those, half would be considered advanced users and the other half just browse the internet and check their email. There are also 25 users that work from home and are connected via VPN back to the company 100% of the time. Just to be safe, they are considering the system load to be high. What device would be recommended for them? You may want to refer to the sizing guide. Please use this version of the sizing guide. Select One :

XG450

XG550

XG330

XG210

XG430

XG310

XG230

Based on the given information, the company has 100 users, with half being advanced users and the other half browsing the internet and checking email. Additionally, there are 25 users connected via VPN back to the company at all times. Considering the system load to be high, the recommended device would be the XG310. This device is capable of handling the number of users and the high system load effectively.

Explanation

Based on the given information, the company has 100 users, with half being advanced users and the other half browsing the internet and checking email. Additionally, there are 25 users connected via VPN back to the company at all times. Considering the system load to be high, the recommended device would be the XG310. This device is capable of handling the number of users and the high system load effectively.

57. Which of the following statements are TRUE about an Active-Passive cluster on Sophos XG Firewall? (select all that apply) Select one or more:

Both devices will respond to ARP requests

The auxiliary device responds to ARP requests

The primary device owns the virtual MAC address

The primary device processes all traffic

All traffic is sent to the primary device

The primary device will respond to ARP requests

In an Active-Passive cluster on Sophos XG Firewall, the primary device owns the virtual MAC address, meaning it is responsible for handling network traffic using that address. The primary device also processes all traffic, meaning it is the one that performs the necessary operations on the incoming and outgoing data. Additionally, all traffic is sent to the primary device, ensuring that it is the one handling all the network traffic. Lastly, the primary device will respond to ARP requests, allowing it to effectively communicate with other devices on the network.

Explanation

In an Active-Passive cluster on Sophos XG Firewall, the primary device owns the virtual MAC address, meaning it is responsible for handling network traffic using that address. The primary device also processes all traffic, meaning it is the one that performs the necessary operations on the incoming and outgoing data. Additionally, all traffic is sent to the primary device, ensuring that it is the one handling all the network traffic. Lastly, the primary device will respond to ARP requests, allowing it to effectively communicate with other devices on the network.

Submit

58. What are the primary considerations when sizing a RED? (select all that apply) Select one or more:

Number of users

Dual WAN ports

Throughput (Mbit/s)

VLAN tagging

LCD display

Built-in wireless

When sizing a RED, the primary considerations include the number of users, throughput (Mbit/s), VLAN tagging, and built-in wireless. Dual WAN ports and LCD display are not mentioned as primary considerations for sizing a RED.

Explanation

When sizing a RED, the primary considerations include the number of users, throughput (Mbit/s), VLAN tagging, and built-in wireless. Dual WAN ports and LCD display are not mentioned as primary considerations for sizing a RED.

Submit

59. Your customer contacts you for assistance in configuring DoS (Denial-of-Service) protection for their public facing application server. The customer has provided this network diagram and the following information about the application:

The application server requires an MTU of 1460
The application requires up to 73kb of data to be transferred to complete a transaction for a connected client
A connected client might perform up to 5 transactions per second
The application uses a proprietary protocol

What configuration do you recommend to your customer? (select all that apply) Select one or more:

Configure the packets per second in the DoS policy to 25,600

Configure the DoS policy for SYN-Flood protection

Configure the DoS policy for UDP-Flood protection

Configure the DoS policy per destination

Configure the packets per second in the DoS policy to 256

Configure the packets per second in the DoS policy to 2,560

Configure the DoS policy per source

73kb ----- 73*1024=74752 mb total MB / mtu 74752/1460=51.2 51.2*5 packet per second=256

Explanation

73kb ----- 73*1024=74752 mb total MB / mtu 74752/1460=51.2 51.2*5 packet per second=256

Submit

60. Your customer is configuring Web Server for their webmail but is getting an error when they try to login. Look at the log file below and select what needs to be done to resolve the error. (select all that apply) Select One or more :

Create an antivirus exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Create a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Add ID 981003 to the filter rule skip list

Enable accept unhardened form data for the URL /MEWebMail/Mondo/lang/sys/login.aspx

Add ID 981200 to the filter rule skip list

Add ID 9 to the filter rule skip list

Based on the given log file, the error encountered during login on the webmail is likely due to form hardening. Therefore, creating a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx would resolve the error.

Explanation

Based on the given log file, the error encountered during login on the webmail is likely due to form hardening. Therefore, creating a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx would resolve the error.

61. An existing customer wants to roll out VPN access to a large number of users. What should they consider when choosing which type of VPN to use? Select one or more:

The number of ports on the XG Firewall

How heavily utilized the current device is

The cost of the VPN client

Specific security requirements

How much bandwidth is available where the XG is located

Whether users will be connecting using wireless

When choosing which type of VPN to use for rolling out VPN access to a large number of users, several factors should be considered. Firstly, the heaviness of the current device's utilization is important to ensure that it can handle the increased workload. Secondly, the cost of the VPN client needs to be taken into account to ensure it fits within the budget. Additionally, specific security requirements must be considered to ensure the chosen VPN meets the necessary security standards. Lastly, the amount of available bandwidth where the XG is located should be considered to ensure smooth and efficient VPN connections.

Explanation

When choosing which type of VPN to use for rolling out VPN access to a large number of users, several factors should be considered. Firstly, the heaviness of the current device's utilization is important to ensure that it can handle the increased workload. Secondly, the cost of the VPN client needs to be taken into account to ensure it fits within the budget. Additionally, specific security requirements must be considered to ensure the chosen VPN meets the necessary security standards. Lastly, the amount of available bandwidth where the XG is located should be considered to ensure smooth and efficient VPN connections.

Submit

62. A customer is configuring a Web Server Protection Policy but is not sure what needs to be added to the 'Entry URLs' field when Static URL Hardening is enabled. What do you tell your customer? (select all that apply) Select one or more:

You need to add all list of the URLs that you want to be hardened

You can include wildcards in the URLs

You need to add all of the URLs that you want people to access directly

The URLs are case sensitive

You need to add all of the URLs on your website

You need to add all of the directories on your website

When Static URL Hardening is enabled, the 'Entry URLs' field in the Web Server Protection Policy should contain all the URLs that the customer wants people to access directly. This means that only the URLs added to this field will be hardened. Additionally, the URLs are case sensitive, so the customer needs to ensure that the correct case is used when adding them to the 'Entry URLs' field.

Explanation

When Static URL Hardening is enabled, the 'Entry URLs' field in the Web Server Protection Policy should contain all the URLs that the customer wants people to access directly. This means that only the URLs added to this field will be hardened. Additionally, the URLs are case sensitive, so the customer needs to ensure that the correct case is used when adding them to the 'Entry URLs' field.

Submit

63. In Lab 5 you configured an XG-to-XG RED tunnel. You have configured a RED tunnel between two XG Firewalls but you are unable to connect to a server at the remote site. What are the most likely causes of this problem? Select one or more:

There is no firewall rule to allow the traffic

No route has been configured for the traffic

The route precedence needs to be configured to favor the RED tunnel

The XG Firewall needs to be rebooted

The RED tunnel needs to be added to the VPN zone

The most likely causes of the problem are that there is no firewall rule to allow the traffic and no route has been configured for the traffic. Without a firewall rule allowing the traffic, the XG Firewalls will block the connection. Additionally, without a configured route, the XG Firewalls will not know how to properly direct the traffic to the remote site.

Explanation

The most likely causes of the problem are that there is no firewall rule to allow the traffic and no route has been configured for the traffic. Without a firewall rule allowing the traffic, the XG Firewalls will block the connection. Additionally, without a configured route, the XG Firewalls will not know how to properly direct the traffic to the remote site.

Submit

64. Which of the following statements are TRUE about an Active-Active cluster on Sophos XG Firewall? (select all that apply) Select one or more:

All traffic is sent to the primary device

The primary device will respond to ARP requests

Both devices will respond to ARP requests

The primary device owns the virtual MAC address

The primary device processes all traffic

The auxiliary device responds to ARP requests

In an Active-Active cluster on Sophos XG Firewall, all traffic is sent to the primary device, meaning that it handles all incoming and outgoing network traffic. The primary device also responds to ARP (Address Resolution Protocol) requests, which are used to map IP addresses to MAC addresses in a local network. Additionally, the primary device owns the virtual MAC address, which is a unique identifier assigned to the cluster.

Explanation

In an Active-Active cluster on Sophos XG Firewall, all traffic is sent to the primary device, meaning that it handles all incoming and outgoing network traffic. The primary device also responds to ARP (Address Resolution Protocol) requests, which are used to map IP addresses to MAC addresses in a local network. Additionally, the primary device owns the virtual MAC address, which is a unique identifier assigned to the cluster.

Submit

65. A customer has added an MPLS between its large offices in the UK, US and Japan. The customer also has VPNs connecting the larger offices and the smaller offices. The customer has noticed that the traffic between the larger offices is going over the slower VPNs rather than the faster MPLS. What options would the customer have in order to route the traffic over the MPLS? Select one or more:

Configure the Local NAT Policy

Configure route precedence on the XG firewall

Change the order of the firewall rules so the MPLS traffic rule is above the VPN rule.

Adjust the weights on the static routes

Configure Policy based routing to route the traffic

The customer can configure route precedence on the XG firewall to prioritize the MPLS traffic over the VPN traffic. This will ensure that the traffic between the larger offices is routed through the faster MPLS connection. Additionally, the customer can also configure policy-based routing to explicitly route the traffic over the MPLS. These options will allow the customer to control the routing of traffic and ensure that it takes the desired path.

Explanation

The customer can configure route precedence on the XG firewall to prioritize the MPLS traffic over the VPN traffic. This will ensure that the traffic between the larger offices is routed through the faster MPLS connection. Additionally, the customer can also configure policy-based routing to explicitly route the traffic over the MPLS. These options will allow the customer to control the routing of traffic and ensure that it takes the desired path.

Submit

66. You are creating a new and optimized IPS rule. Which of the following can be done to ensure that the rule you are creating will be as efficient as possible? (select all that apply) Select one or more:

Select only the Severities that are required

Upload a custom IPS database

Select only the categories that are needed

Select only the platforms that are present in the network

Select the targets that the rule will apply to

Assign the IPS to a specific CPU

To ensure that the rule being created is as efficient as possible, the following steps can be taken: selecting only the severities that are required, uploading a custom IPS database, selecting only the categories that are needed, and selecting only the platforms that are present in the network. These actions help to streamline the rule and ensure that it is tailored to the specific needs and environment of the network.

Explanation

To ensure that the rule being created is as efficient as possible, the following steps can be taken: selecting only the severities that are required, uploading a custom IPS database, selecting only the categories that are needed, and selecting only the platforms that are present in the network. These actions help to streamline the rule and ensure that it is tailored to the specific needs and environment of the network.

Submit

67. Which of the following statements are TRUE about the virtual MAC address in an Active-Active HA cluster? (select all that apply) Select one or more:

The primary device owns the virtual MAC address

There is a virtual IP assigned to the virtual MAC address

The virtual MAC address is the physical address of the primary device

There is one virtual MAC address for each interface except the dedicated HA port

The virtual MAC address is applied to the interface on both devices

The primary device owns the virtual MAC address, meaning that it is responsible for responding to ARP requests for the virtual MAC address. Additionally, there is one virtual MAC address for each interface except the dedicated HA port. This means that each interface in the Active-Active HA cluster has its own unique virtual MAC address.

Explanation

The primary device owns the virtual MAC address, meaning that it is responsible for responding to ARP requests for the virtual MAC address. Additionally, there is one virtual MAC address for each interface except the dedicated HA port. This means that each interface in the Active-Active HA cluster has its own unique virtual MAC address.

Submit

68. A customer wants to protect external access to their Exchange server using Web Server Protection on the XG Firewall. What information would you need to be able to accurately size this? Select one or more:

The average number of concurrent users

The issuer of the HTTPS certificate

The peak number of concurrent users

Who their ISP is

The number of mailboxes on the Exchange Server

The size of the mailboxes

Whether they will be using dual AV scanning

To accurately size the Web Server Protection on the XG Firewall for protecting external access to the Exchange server, the information needed includes the peak number of concurrent users, the number of mailboxes on the Exchange Server, and whether they will be using dual AV scanning. This information is crucial for determining the appropriate capacity and resources required to handle the expected load and ensure effective protection for the server. The average number of concurrent users, the issuer of the HTTPS certificate, who their ISP is, and the size of the mailboxes are not directly relevant to sizing the Web Server Protection.

Explanation

To accurately size the Web Server Protection on the XG Firewall for protecting external access to the Exchange server, the information needed includes the peak number of concurrent users, the number of mailboxes on the Exchange Server, and whether they will be using dual AV scanning. This information is crucial for determining the appropriate capacity and resources required to handle the expected load and ensure effective protection for the server. The average number of concurrent users, the issuer of the HTTPS certificate, who their ISP is, and the size of the mailboxes are not directly relevant to sizing the Web Server Protection.

Submit

69. You are deploying STAS for a large customer. They have multiple sites around the world and multiple domain controllers per site. Each site has at least one XG Firewall and they are connected by IPsec site-to-site VPNs using certificate authentication. The customer wants to minimize the flow of authentication traffic being sent between sites. What steps would you recommend the customer takes to meet these requirements? (select all that apply) Select one or more:

Create firewall rules to prevent the Agents and Collectors transmitted authentication traffic between sites

Install the full STA Suite on and least two and up to five domain controllers per site

On each XG Firewall create a Collector group for each site

Configure all of the Agents with the IP addresses of all of the Collectors

Configure all of the Collectors with the IP addresses of all of the XG Firewalls

Configure the Agents at each site with just the IP addresses of the Collectors at that site

At each site configure the remote Collectors to be in the VPN zone

To minimize the flow of authentication traffic between sites, the customer should install the full STA Suite on at least two and up to five domain controllers per site. This will distribute the authentication load and reduce the traffic sent between sites. Additionally, they should create a Collector group for each site on each XG Firewall and configure all of the Collectors with the IP addresses of all of the XG Firewalls. The Agents at each site should be configured with just the IP addresses of the Collectors at that site. Lastly, the remote Collectors at each site should be configured to be in the VPN zone to ensure secure communication.

Explanation

To minimize the flow of authentication traffic between sites, the customer should install the full STA Suite on at least two and up to five domain controllers per site. This will distribute the authentication load and reduce the traffic sent between sites. Additionally, they should create a Collector group for each site on each XG Firewall and configure all of the Collectors with the IP addresses of all of the XG Firewalls. The Agents at each site should be configured with just the IP addresses of the Collectors at that site. Lastly, the remote Collectors at each site should be configured to be in the VPN zone to ensure secure communication.

Submit