Firewall Network Security System Quiz Questions

An adaptation module can be used only once. An Adaptation can be used many times.

An adaptation module is a container extension. An Adaptation is a database record within the Adaptations collection.

An adaptation module references an Adaptation. An Adaptation does not reference an adaptation module.

An adaptation module is configured by the administration. An Adaptation is pre-built and is loaded as a container extension.

Create a Time Range. Select Saturday and set the start and end time for morning. Select Sunday and set start and end time for afternoon. Add Time Range to Routing Policy

Create a Time Range. Select Saturday and select morning. Select Sunday and select afternoon. Add Time Range to Routing Policy

Create a Time Range. Create a Routing Policy for Saturday Morning. Create a second Routing Policy for Sunday afternoon. Add both Routing Policies to the Time Range.

Create a Time Range. Select Saturday and set start and end time for morning. Create another Time Range. Select Sunday and set start and end time for afternoon. Add both Time Ranges to Routing Policy.

HTTP

HTTPS

SIP

Secure JMX

Nothing

The request is rejected

The request is processed as normal, including NRP routing

The un-known domain is resolved and the request is proxied downstream

Session Manger crashes

It adds a route header to the request, addressed to the feature server

It changes the request URI of the request, and sends it to the feature server

It never addresses a feature server

It changes the to header of the request, and send it to the feature server SM100

Primary Session Manager and Secondary Session Managers are installed using the same installer

Primary Session Managers and Branch Session Managers are installed using the same installer

After installation Session Manager instances are configured to be either Primary Session Managers or Secondary Session Managers

Authentication

Name resolutions

Adaptations

Firewall

An adaptation module is a pluggable component that is deployed in the Service Host container as a container extension

Adaptation modules are typically designed to cater for the needs of equipment from particular vendors.

Using pluggable adaptations help make Session Manager future proof

Adaptation modules are deployed through the SM 100 configuration pages

PPM stands for Personal Profile Manager policy

PPM is the process through which CM synchronized phone settings with Session Manager

PPM is the repository of phone settings from which SIP stations retrieve their settings when a user logs in

PPM is the process through which behaviors and settings are dynamically downloaded to the phone dependent on the specific user logging in

The 'Redundant devices' check box in the SIP Entity record is checked

The IP address of each redundant device is entered in the SIP entity record

The address of the combined Entity is entered as a FQDN in the SIP Entity record

It is not possible for SIP Entities to be redundant

1

2

3

4

Location name

IP address pattern

Bandwidth allocation

Time zone

It is used to carry a Free-Pass token used to authenticate the caller

It is used to carry a Free-Pass token that signifies this call should not be billed

It tells Avaya's Session Manager which transport protocol is to be used as the request is routed toward the destination

There is no such header. The P-Avaya-Transport header does not exist

They both actively receive network traffic, providing an active / active model of server redundancy

One is for signaling traffic and the other is for management traffic

One belongs to the SM 100 and the other to the server box

The primary adapter receives all network traffic, whilst the secondary is on 'hot stand bye', ready to take over if anything goes wrong with the first

True

False

Drop packet

Rate Limit

Rate Block

Quarantine

An Entity Link is the network connection between Session Manger and one of its SIP Entities

An Entity Link is the relationship between Session Manager and one of its SIP Entities

An Entity Link is another word for a SIP Trunk or a VPN tunnel

An Entity Link is another word for a SIP Entity

If the number of packets sent over a given period from a source exceeds a defined acceptable limit, then drop all packets from that source

If the number of packets sent over a given period from a source exceeds a defined acceptable limit, then drop some packets from that source

If the number of packets sent over a given period from a source exceeds a defined acceptable limit, then drop any packets from that source that exceed the threshold

If the number of packets sent over a given period from a source exceeds a defined acceptable limit, then add the source address to the Black list

If the White list is activated, no packets are allowed through the firewall unless the source is listed on the white list

If the source is listed on the White List, allow all packets through without further checks, regardless of other conditions

If the source is listed on the White List, block all packets without further checks

If the source is listed on the White List, mark the packet as having priority and send it to the front of the queue for processing

True

False

Session Manager combines data from the collections to determine routing of signaling requests

Session Manager queries data from the collections to validate a SIP Entity

Session Manager queries data from the collection to determine how much bandwidth is allocated to a location

Session Manager queries adaptation patterns from a collection to determine how a SIP message should be adapted

A Routing Policy references one or more SIP Entities and one or more Time Ranges

A Routing Policy references one Time Range and one or more Dial Patterns

A Routing Policy references one Dial Pattern and one SIP Entity

A Routing Policy references one SIP Entity and one or more Time Ranges

ASM checks the received Register request for a valid password. Only if it exists is the registration data written to the registry and the User Profile updated.

After checking that a User Profile exists, ASM returns an error response to the initial Register request, prompting the user for log on credentials. Only when received and validated against details in the User Profile is the user authenticated.

Users ensure that all requred log on credentials are included in the Register request. ASM compares the users details with those recorded in the Registry. If they match, the user is authenticated and the registration completes.

A Register request must contain the user's identifier (handle or extension ID) and the actual location of the SIP phone on which he would like to make his calls. If correct, the user is authenticated and the data is written to the registry.

1

2

3

4

A reference to an Entity Link

A time zone

An IP Address or FQDN

Timer B

A reference to an Adaptation

Black/White list, Network layer, SIP layer

SIP Layer, Network layer, Black/White list

Nework layer, SIP layer, Black/White list

Black/White list, SIP layer, Network layer

Postgres

Oracle

SQL Server

SIP phones send outgoing SIP invites to all the Session Mangers identified to them through PPM

SIP phones send outgoing SIP invites to all Session Managers to which they have registered

SIP Phones send outgoing SIP invites to the Session Manager to which they have subscribed

SIP phones send outgoing SIP invites to the first Session Managers to which they have registered

JMX extensions

HTTP servlets

SIP extensions

SIP servlets

Checking of Free-Pass token found in the P-Avaya-Transport header

Re-routing of requests over the PSTN when the network bandwidth to a location is fully utilized

One Session Manager instance requesting a portion of another Session Manager's bandwidth allocation for a location

Timer B was named after Henning Schulzrinne's youngest son

Timer B determines the minimum duration for a SIP transaction, which is by default 32 seconds

Timer B is typically set to 4 or 5 seconds

Timer B is the time after which a request will be cancelled if a response has not yet been received

The SM100 firewall monitors the rate of incoming SIP messages in order to prevent DOS attacks

At regular intervals, Session Manager sends OPTIONS requests to SIP Entities to check they are still able to receive and process SIP requests

At regular, configurable intervals, System Manager checks the SIP Registry to make sure it is not nearing capacity

Session Manager monitors the types of SIP requests it receives, in order to apply relevant processing

Create an Entity Link between the two Session Managers

Synchronize the data repositories

Ensure the DNS is updated to reflect the domain names and IP addresses of the Session Managers

Copy the Routing Policies from Primary to Secondary

Be rebooted

Register with the System Manager

Be defined as a Session Manager Instance

By default, every 60 seconds

After a Session Manager instance is defined

During the installation process (initDRS)

Both A and C

True

False

InitTM

System Manager >> Security >> Certificates >> Enrollment Password

System Manager >> Change Password

System Manager >> Session Manager >> System State Administration

Enables Session Manager to accept requests from endpoints

Establishes Trust relationships between elements and applications

Trust Management provides credentials to enable mutually authenticated TLS sessions between elements

Allows endpoints to register with System Manager

True

False

True

False

Eth0

Eth2

Date/Time

DNS settings

No Reason

The System Manager must know the FQDN of all Session Managers, and Session Managers must know the FQDN of the System Manager in order to begin accepting calls

The System Manager must know the FQDN of all Session Managers, and Session Managers must know the FQDN of the System Manager in order for Node Registration to work

None of the Above

True

False

True

False

Upgrade the existing installation

Uninstall and clean the existing installation and install a new installation

It will do nothing

Prompt you to upgrade or install fresh

True

False

Sipas-mg

Sm-mgmt

Postgresql

Secmod

/home/root

/home/craft

/opt

/opt/Avaya

Data is copied from the System Manager database to the Session Manager database

Foreign key constraints are removed before data is copied

The Session Manager reboots

Foreign key constraints are replaced after data is copied

/home/root

/home/craft

/var/log/Avaya

/opt/Avaya

Swversion

Swstatus

Pstree

Statapp

InitTM

InitDRS

Session Manager Instance administration

All of the above

InitTM is always used to initialize Trust Management

InitTM is used if Trust Management fails to initialize during the Session Manager install

InitTM is used to initialize Session Manager

InitTM is never used

Statapp

Version

Smversion

Swversion

To authenticate users prior to making pre-paid calls

To validate new SIP Entities in the network

To access keys for deciphering encrypted SIP messages

To congratulate users who register with Session Manager for the first time

Tail end hop off, Least cost routing, End to end IP, End to end PSTN

Least cost routing, Tail end hop off, End to end IP, End to end PSTN

End to end IP, Tail end hop off, Least cost routing, End to end PSTN

End to end PSTN, Tail end hop off, Least cost routing, End to end IP

True

False

Session Manager and System Manager are both fundamental components of Avaya Aura's next generation architecture

Session Manager serves web pages through which System Manager is administered

Session Manager and System Manager are both based on web application servers

System Manager is Avaya Aura's common interface tool through which Session Manager is administered

To provide redundancy

To provide increased capacity

To be an enterprise level support network

To provide commonality of user experience

Dialed number format change. Eg add/remove international & city code to a local number

SIP message header manipulation. Eg add/remove proprietary SIP headers

SIP address resolution

Conversion between long and short SIP header names.

Registration enables calls to be made to their IP phone, thus helping Session Manager avoid costly charges on behalf of the organization

Registration is an IP mechanism for clocking in and out of work

Registration gives Session Manager the user's public identifier and the IP address of the phone, meaning that Session Manager knows where to route incoming calls for the user.

Registration is the mechanism through which User A calls User B, via Session Manager

Minimized the cost of calls, AND integrates telephony systems of different types throughout the organization

Minimized the cost of calls, AND serves to secure the organization from malicious attack

Serves to secure the organization from malicious attack, AND integrates telephony systems of different types throughout the organization

None of the above

True

False

True

False

500

5000

50000

500000

'Originating' and 'terminating' apply to the half call model in which a SIP Entity translates non-SIP signaling on the branch side to SIP signaling on the core side

'Originating' and 'terminating' refers to the SIP Entity in the branch and the SM100 security module respectively

'Originating' and 'terminating' refers to the individual application of features, or services, on behalf of the caller and the callee

Session Manager regularly checks the network for unauthorized SIP Entities

The SM 100 card is a self-contained computer that has built-in firewall capabilities

The SM 100 card removes all sensitive information (eg authorization data) from the SIP message before sending it out over the network

Messages are encrypted before being sent over the network and deciphered at Session Manager by the SM 100 card. Only those with relevant keys can decipher the messages

Session Manager

System Manager

Security Module

Security Manager

1

2

3

4

Session Manager sets up a secure network connection between itself in the data center and all branch offices of an organization

Session Manager acts as a SIP registrar and location service for all SIP phones within the organization

Session Manager will serve organizations that are distributed both nationally and internationally

In order for Session Manager to serve a remote branch of the organization, there must be an IP link between the branch and the data center

True

False

Avaya S8510

System Manager Accelerator card

SM 100

PSTN/SIP Gateway

Through use of SIP Entities, all communications signaling in the core of the network is SIP, meaning that common routing policies and special treatment can be applied to all calls within the whole organization, regardless of from which type of phone the call is made

Session Manager applies Network Routing Policies to determine which SIP Entity a call should be routed to

Calls to a non-SIP phone within the organization will be routed to Session Manager, from where it will be routed to a SIP Entity that has knowledge of how to route the call to the non-SIP end point

Session Manager integrated non-SIP based telephone systems in remote branches by translating non-SIP signaling messages into SIP messages and then routing them toward the destination through the application of Network Routing Policies

SAL is a simple to use mechanism through which Avaya support can gain secure, trusted access to a System Manager, without the need for a VPN connection

SAL is an SNMP based process through which System Manager alerts an administrator when there are system health issues.

SAL stands for Secure Authorization Link

SAL is the secure access link between System Manager and Session Manager. It ensures no unauthorized parties can capture and misuse configuration data sent between the two servers.

Avaya S8510

System Manager Accelerator card

SM 100

PSTN/SIP Gateway

Active / Standby

Active / Active

Standby / Standby

Call Transfer, Ad-Hoc Conferencing, Voice Mail, Black List, White List

Call Transfer, Voice mail, Black List, White List, Call Forwarding

Call Transfer, Ad-Hoc Conferencing, Black List, White List, Call Forwarding

None of the above

Routing a User's incoming calls to different phones depending on the time of day

Routing calls over IP or PSTN trunks depending on the time of day

Applying different features to an outgoing call depending on the time of day

Routing a call over specific PSTN trunks depending on the time of day

Multiple Session Manager instances in a geo-redundant arrangement in a data center

Two or more Session Manager servers located in different regions

A single Session Manager instance installed on geographically distributed servers

When the servers are nearing end of life and perform less

So that if one server has a problem, another can take over, maintaining the service

Two servers provide more processing power than one

Session Manager servers are never arranged in a redundant manner

To authenticate the user

To authorize the user

To refuse the user

To reduce bandwidth

Individual call initiation processing on behalf of the caller and the callee

The independent flow of media from caller to callee and again from callee to caller

Call durations are limited to thirty minutes

Long distance call charges are typically reduced by 50%

None of the above

Provides a basic service if the Session manager in the core of the network goes down

Provides additional layer of security between the branch and the core network

Provides a basic service if the IP trunk to the core network goes down

Provides media stream conversion for branch devices that use non-standard codecs

Any end point that does not have a defined User Profile

A SIP Entity

An Entity

An integral User Profile

A SIP Entity is a trusted partner known to Session Manager. Session Manager will reject any requests received from any other source.

A SIP Entity in a remote branch enables the branch to connect to Session Manager over the public internet

SIP Entities act as security agents to protect against Session Manager attack, including Denial of Service

SIP Entities can take a number of forms, including SIP enabled devices already in many networks such as Avaya's Communication Manager.

True

False

True

False

System Manager monitors Session Manager's health

System Manager alerts an administrator when it detects a problem

System Manager provides UPS backup for Session Manager in case of electricity loss

System Manager collates system information and logs to help trace problems

Password

User Name

Handle / Extension ID

Phone Location

It checks to see if the request is coming from a registered SIP station

It checks the SIP Registry to see if the called party is registered

It checks to see if the caller has a User Profile

It checks to see if the callee has a User Profile

Applies a Network Routing Policy to route the INVITE downstream towards the called party to answer here

Applies SIP Location routing to route the INVITE downstream towards the called party

Uses the address in the Route header to proxy the INVITE downstream towards the called party

Uses the address in the Request URI to proxy the INVITE downstream towards the called party

HTTP with SIP content

HTTP with text content

SIP with text content

SIP with SOAP content

HTTP with SOAP content

System Platform

System Manager

Communication Manager

Session Manager

JBOSS

Tomcat

Apache

Microsoft IIS

Used by user when logging in to administer their own details online

Used by user when logging in on a phone

Used by administrator to login to System Manager Admin pages

Used to authenticate a user when calling customer support

True

False

Service Director

Service Host

Service Manager

Management Server

HTTP

HTTPS

SIP

Secure JMX

True

False

New Location

Adaptation

Routing policy

Regular expression