Architecture Assessment Trivia Quiz

69 Questions | Total Attempts: 808

SettingsSettingsSettings
Assessment Quizzes & Trivia

Practice makes you perfect. . . . . Good Luck. . . !


Questions and Answers
  • 1. 
    A customer calls you because some settings have been changed on their XG Firewall by the admin user. Your customer is the only person that knows the admin password but some of the IT department have access using SSH keys. How can your customer identify who logged in to make the changes? Select one:
    • A. 

      Find the SSH key in dropbear.log

    • B. 

      This information cannot be found

    • C. 

      Check the audit.log

    • D. 

      Search in the Log Viewer

  • 2. 
    Look at the diagram below. Where does DNAT happen? Select one or more:
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      5

    • F. 

      6

    • G. 

      7

  • 3. 
    Your customer has an XG Firewall that is deployed in gateway mode, and they want to create a bridge pair with an interface in a LAN zone and an interface in a DMZ. Can this be done? Select one:
    • A. 

      Yes

    • B. 

      No

  • 4. 
    Which of the following dynamic routing protocols are supported by Sophos XG Firewall? (select all that apply) Select one or more:
    • A. 

      EIGRP

    • B. 

      RIP

    • C. 

      OSPF

    • D. 

      IS-IS

    • E. 

      IGRP

    • F. 

      BGP

    • G. 

      PIM-SM

  • 5. 
    In Lab 2 you created a bridge with two ports that were both in the LAN zone, but the computers were not able to ping each other. If both ports are in the same zone why could the computers not ping each other? Select one:
    • A. 

      There was no firewall rule to allow traffic from the LAN zone to another port in the LAN zone

    • B. 

      Routing had not been enabled for the bridge pair

    • C. 

      ICMP had not been enabled for the LAN zone

  • 6. 
    You are the network administrator of the Sophos Store, a large retailer of socks and stickers.The Sophos Store has a head office in London with branch offices in New York and Vancouver and retail stores located throughout the world.
    • The Sophos Store has multiple servers in subnet 192.168.1.0/2
    • The user network subnet is 172.16.1.0/24
    • Sophos Store would like to increase the internal bandwidth for each server
    For the above scenario, select which of the following you would recommend to Sophos Store. Select One :
    • A. 

      Add another NIC to the server and configure Gateway mode with Multi port L3 bridge

    • B. 

      Connect another XG Firewall Port to the switch and configure Active-Backup LAG

    • C. 

      Connect another XG Firewall Port to the switch and configure 802.3ad LAG

    • D. 

      Add another NIC to the server and make L3 bridge with multiple ports

  • 7. 
    Your customer contacts you for assistance in configuring DoS (Denial-of-Service) protection for their public facing application server. The customer has provided this network diagram and the following information about the application:  
    • The application server requires an MTU of 1460
    • The application requires up to 73kb of data to be transferred to complete a transaction for a connected client
    • A connected client might perform up to 5 transactions per second
    • The application uses a proprietary protocol
    •  
    What configuration do you recommend to your customer? (select all that apply) Select one or more:
    • A. 

      Configure the packets per second in the DoS policy to 25,600

    • B. 

      Configure the DoS policy for SYN-Flood protection

    • C. 

      Configure the DoS policy for UDP-Flood protection

    • D. 

      Configure the DoS policy per destination

    • E. 

      Configure the packets per second in the DoS policy to 256

    • F. 

      Configure the packets per second in the DoS policy to 2,560

    • G. 

      Configure the DoS policy per source

  • 8. 
    In Lab 3 you configured a local NAT policy. What would the command be to SNAT the traffic from the XG firewall to the Internet to 10.1.1.45? Select one:
    • A. 

      Set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip 10.1.1.45

    • B. 

      Set advanced-firewall sys-traffic-nat add destination * snatip 10.1.1.45

    • C. 

      Set advanced-firewall sys-traffic-nat add snatip 10.1.1.45

  • 9. 
    TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application rules. Select one:
    • A. 

      True

    • B. 

      False

  • 10. 
    In Lab 3 you configured an advanced DoS policy. What command can you use to see the existing dos rules? Select one:
    • A. 

      System dos-config show dos-rules

    • B. 

      Show dos-config rules

    • C. 

      Dos-config show dos-policies

    • D. 

      System show dos-rules

  • 11. 
    Your customer's environment consists of a number of Windows servers, as well as Windows and Mac desktops and laptops. Users have commented that accessing files on the server has been slower since the new firewall was installed. After examining the configuration, you document that the servers are located in a separate zone called SERVERS and the users are located in the LAN zone. After researching the issue further, you believe that the issue is related to the IPS scanning of the traffic as it is passing from the LAN to the SERVERS zone. Currently, the LAN to DMZ IPS policy is applied to the network rule allowing the traffic to pass from one zone to the other. Which of the following options would you recommend to improve the performance for the users transferring files between the zones? Select one:
    • A. 

      Disable IPS for the LAN zone to the SERVERS zone

    • B. 

      Configure the Local NAT Policy on the firewall

    • C. 

      Change the FastPath threshold value

    • D. 

      Configure a more appropriate IPS policy for the LAN zone to the SERVERS zone

    • E. 

      Adjust the size of the connection tracking database

    • F. 

      Turn off Strict Policy on the firewall

  • 12. 
    A customer is configuring a Web Server Protection Policy but is not sure what needs to be added to the 'Entry URLs' field when Static URL Hardening is enabled. What do you tell your customer? (select all that apply) Select one or more:
    • A. 

      You need to add all list of the URLs that you want to be hardened

    • B. 

      You can include wildcards in the URLs

    • C. 

      You need to add all of the URLs that you want people to access directly

    • D. 

      The URLs are case sensitive

    • E. 

      You need to add all of the URLs on your website

    • F. 

      You need to add all of the directories on your website

  • 13. 
    In Lab 4 you configured a Webserver Protection Business Application Rule that load-balanced two intranet severs. How could you configure this so that one of the servers is the primary server and the other is only used as a backup? Select one:
    • A. 

      Enable Path-specific routing and select 'Hot-standby mode'

    • B. 

      Web Server Protection cannot do this, you need to use a load-balancing Business Application Rule

    • C. 

      Enable 'Sticky Sessions'

    • D. 

      Create two separate Business Application Rules, the top one will be the primary

  • 14. 
    Your customer is configuring Web Server for their webmail but is getting an error when they try to login. Look at the log file below and select what needs to be done to resolve the error. (select all that apply) Select One or more :
    • A. 

      Create an antivirus exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • B. 

      Create a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • C. 

      Add ID 981003 to the filter rule skip list

    • D. 

      Enable accept unhardened form data for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • E. 

      Add ID 981200 to the filter rule skip list

    • F. 

      Add ID 9 to the filter rule skip list

  • 15. 
    Your customer is configuring Web Server for their webmail but is getting an error when they try to login. Look at the log file below and select what needs to be done to resolve the error. (select all that apply) Select One or more :
    • A. 

      Create an antivirus exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • B. 

      Enable accept unhardened form data for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • C. 

      Add ID 9 to the filter rule skip list

    • D. 

      Add ID 981003 to the filter rule skip list

    • E. 

      Create a form hardening exception for the URL /MEWebMail/Mondo/lang/sys/login.aspx

    • F. 

      Add ID 981200 to the filter rule skip list

  • 16. 
    You configured Web Server Authentication for a customer when you deployed their XG Firewall some time ago. The customer wants to allow another group to authenticate for the protected web service but does not know where to do this. Where do you direct your customer to add this group? Select one:
    • A. 

      In the Authentication Template

    • B. 

      In the Web Server Protection Policy

    • C. 

      In the Path-specific routing

    • D. 

      In the firewall authentication methods

    • E. 

      In the Web Server Authentication Policy

    • F. 

      In the Business Application Rule

    • G. 

      In the Authentication Server

  • 17. 
    A customer is having problems configuring Web Server Protection for a section of their website that dynamically generates a survey in the browser. What do they need to configure to resolve the problem? Select one:
    • A. 

      Enabled 'Pass Outlook Anywhere' in the Protection Policy

    • B. 

      Enable 'Rewrite HTML' in the Business Application Rule

    • C. 

      Create an exception for that path that will skip static URL hardening

    • D. 

      Create an exception for that path that will skip cookie signing

    • E. 

      Enable 'Pass Host Header' in the Business Application Rule

    • F. 

      Create an exception for that path that will 'Accept unhardened form data'

  • 18. 
    After configuring two new VPN connections, everything is running fine until the remote office loses Internet access. When it comes back up, the users are complaining that they can no longer access resources in the head office network. You verify that the Internet is working at both locations and then look at the VPN configuration, which is as below. What needs to be adjusted in the remote office? Select one:
    • A. 

      Authentication Type

    • B. 

      Action on VPN Restart

    • C. 

      Remote IP Address

    • D. 

      Connection Type

    • E. 

      Policy

  • 19. 
    Your company is configuring a site to site VPN with another company in order to share information for an upcoming project. The two networks have the following IP address network ranges: What feature can be used in the IPsec site-to-site VPN on an XG Firewall in order to allow communication between these networks? Select one:
    • A. 

      NAT Overlap

    • B. 

      NAT Traversal

    • C. 

      Route Precedence

    • D. 

      VPN Failover

  • 20. 
    In Lab 5, if the New York Gateway had 2 WAN connections, then how many IPsec connections would be created on the New York Gateway in order to take advantage of the maximum number of possible VPN failover routes? Select one :
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      4

    • E. 

      6

    • F. 

      8

    • G. 

      10

  • 21. 
    A customer has added an MPLS between its large offices in the UK, US and Japan. The customer also has VPNs connecting the larger offices and the smaller offices. The customer has noticed that the traffic between the larger offices is going over the slower VPNs rather than the faster MPLS. What options would the customer have in order to route the traffic over the MPLS? Select one or more:
    • A. 

      Configure the Local NAT Policy

    • B. 

      Configure route precedence on the XG firewall

    • C. 

      Change the order of the firewall rules so the MPLS traffic rule is above the VPN rule.

    • D. 

      Adjust the weights on the static routes

    • E. 

      Configure Policy based routing to route the traffic

  • 22. 
    A client contacts you complaining that their virtual XG firewall has been running very slowly. The client is running a central XG firewall on a virtual host and has over 100 remote locations connected to this host via XG to XG RED tunnels. They have followed the best practices for firewall and security configurations. After gathering some information on the existing setup, you find that the virtual host is running on older hardware and the CPU's are consistently showing very high utilization. Without compromising the security of the device or the network, what would you recommend to the customer to help alleviate the slowness problem? Select one:
    • A. 

      Turn off Tunnel Compression on all of the RED tunnels between the Host and the remote locations

    • B. 

      Add a second virtual XG firewall to the virtual host and move half of the RED connections to it

    • C. 

      Disable IPS on any policies not using HTTP

  • 23. 
    In which RED deployment mode do you need to configure the following?
    • IP address of the RED interface on the Sophos XG Firewall
    • Zone of the RED interface on the Sophos XG Firewall
    • DHCP Server
    • A list of split networks
    Select one:
    • A. 

      Standard/Split

    • B. 

      Transparent/Split

    • C. 

      Standard/Unified

  • 24. 
    How is a RED configured to connect to Sophos XG Firewall? (select all that apply) Select one or more:
    • A. 

      The configuration is created on Sophos XG Firewall

    • B. 

      The RED can load the configuration from a USB drive

    • C. 

      The RED can download the configuration from the provisioning servers

    • D. 

      The RED sends a discovery packet to the IP address 1.2.3.4

    • E. 

      The RED can be configured using its own web interface

  • 25. 
    When configuring a RED manually with a USB stick, what do you need to consider? (select all that apply) Select one:
    • A. 

      The WAN interface must have a static IP address

    • B. 

      If you lose the unlock code the RED cannot ever be connected to another Sophos XG Firewall

    • C. 

      The USB key must never be unplugged from the RED

Back to Top Back to top