SNSP Exam - Best Practices and other Basics Complete 2022

Which interfaces cannot be configured as WAN interfaces X0 and MGMT What is the default configuration of X1 Static mode with IP of 0.0.0.0 To avoid routing issues of X1 what should you ensure It's assigned with a valid non-zero IP address or configuring for DHCP or PPPoE True or False: It is recommended to disassociate the from the WAN zone if not in use True - Unassigned True or False: You should open HTTPS Mgmt up on the WAN interface False True or False: Check the "Add rule to enable redirect from HTTP to HTTPS" option when configuring HTTPM management False What can result from incorrect duplex settings on the WAN Inconsistent Internet connection, slow throughput, dropped packets, and inability to negotiate to an ISP connection What settings are default on the advanced tab of a WAN interface Link Speed to Auto Negotiate User Default MAC address Enable Flow Reporting Fragment non-VPN outbound packets larger than this Interfaces MTU MTU stands for what Maximum Transmission Unit On DSL and cable connections is the MTU size generally lower or higher Lower How do you change the value of MTU In increments of 8 bytes True or False: Confirm that Ignore Don't Fragment DF bit is unchecked True True or False: Even if you only have 1 WAN connection you should still enable "Enable Load Balancing" True Why must you enable load balancing with only 1 WAN connection To access the LB Groups and LB Statistics sections of Failover and Load Balancing configuration Which Probe menu should you select when configuring WAN probes Probe Succeeds when either main or alternate target responds Why should you always use X0 as a backup heartbeat link Because it is hardcoded in SonicOS True or False: You should always configure X0's monitoring IP True What happens if the WAN interface does not have the monitoring IP configured The secondary/Standby unit directs the path to the Internet for GRID and License Manager communication True or False: The secondary unit is licensed automatically False Why would you want to use Virtual MAC with an HA pair To reduce ARP convergence time during a failover When using an HA pair what should you ensure is disabled on the switchports on the switch Spanning Tree Protocol which can cause flapping effects when virtual MAC is seen on multiple interfaces True or False: Ensure all security services are enabled on proper zones True If you do not plan on using BWM, should it still be enabled No What settings use BWM Access Rules with BWM setting use the throttles, interface BWM settings, and priority queues True or False: Do not disable Allow Fragmented Packets on access rules True What application firewall rules should be created to prevent malware Rules that restrict DNS, SSH, and Proxy-Access applications What can malicious applications leverage to redirect traffic to illegitmate sites DNS Cache Poisoning True or False: You should create an Address Object and AppRule to restrict the DNS protocol to only the Trusted DNS Host True What is the recommend way to restrict SSH Protocol By using an Application Firewall rule since it's possible to deviate from the standard SSH TCP 22 configuration What additional CFS categories should be blocked CAT28 Hacking/Proxy Avoidence CAT59 Malware CAT64 Not Rated True or False: Blocking CAT64 Not Rated can be mgmt intenstive True Where you can you submit submissions for Not Rated Sites M True or False: Leaving NAT policies disabled is considered a best practice False - delete unused policies When creating NAT policies, what should you not use Default Group Objects or Quad-Zero-Value for Original, Translated Sources, and Destinations True or False: It's ok to use All Interface IP or All WAN IP address groups in NAT policies False When working with NAT policies, what action should you take on configuring the inbound and outbound interfaces Change the default ANY/ANY and use the specific interfaces for the policies True or False: The firewall responds to incoming connection requests as either blocked or open True What happens when you enable Stealth Mode The firewall does not respond to blocked inbound connection requests; firewall becomes invisible What is the purpose of enabling Randomized IP To prevent hackers using various detection tools from detecting the presence of the firewall as IP packets are given random IP IDs What is the TTL value The value in an IP packet that informs a network router whether or not the packet has been in the network for a long time and should be discarded If you enable Decrement IP TTL for Forwarded traffic, what happens It decreases the TTL value for packets that have been forwarded but in the network for a significant time If you would like to create a custom control port for FTP traffic, how would you do that Under Firewall Settings-Advanced Settings-Dynamic Port-Enable FTP Transformations for TCP Port in Service Object What is RTSP It's an application-level protocol for control over delivery of data with real-time properties When would you want to use Enable RTSP Transformations To support on-demand delivery of real-time data, such as audio and video What is dependent on whether AppFlow is enabled, if an external collector is configured, and the model of the SW appliance The maximum number of connections What does the Connections section provide The ability to fine-tune the firewall to prioritize for either optimal throughput or an increased number of simultaneous connections that are inspected by DPI Services True or False: There is a change in the level of security protection provided by either of the DPI Connections settings False What does AGSS include GAV, IPS, AS, CFS, Botnet Filter, GEOIP Filter, Application Firewall, DPI-SSL, DPI-SSH, and CaptureATP True or False: All GAV protocol options should be checked for both inbound and outbound inspection True How can you block files containing multiple levels of zip and/or gzip compression In GAV Settings, enable Block files with multiple levels of zip/gzip compression What should you restrict over HTTP Password protected ZIP, MS Office type files with macros, and packed executables What needs to be enabled to log intrustion data Intrustion Detection True or False: Low Priority prevention should be managed on a need basis True What file types should be checked for analysis under CaptureATP Executables PDF Office 97-2003 Office Archives Where can you choose to block until verdict is returned CaptureATP-Custom Blocking Behavior True or False: GEO-IP filter is a core component of CGSS/AGSS True What does the "All Connections" option exclude in GeoIP Filter settings Firewalled Subnets If you enable Firewall Rule Based connections under GEOIP Filter settings what should you also enable Any rules for WAN-WAN, WAN-LAN and LAN-WAN should have GEOIP filter enabled specifically What does the BotNet filter do Prevent traffic to and from known malicious hosts that act as botnet networks True or False BotNet Filter can be enabled at the Access Rule level True What does DPI-SSL do Enables the firewall to act as a proxy to inspect encrypted communications such as webmail, social media, and other web contacts by leveraging HTTPS connections What should you enable under DPI-SSL/TLS Client Always authenticate server for decrypted connections If you enable Always authenticate server for decrypted connections in DPI-SSL/TLS Client setting, what else should you enable? Skip CFS Category‐based Exclusion option under DPI-SSL/TLS Server Common Name settings to exclude a particular domain or domains from this global authenticate option. This is useful to override any server authentication‐related failures of trusted sites. True or False: Setting up Automation under Log Settings can put a huge strain on the firewalls Core0 True What is the recommended methods for capturing firewall logs Using syslog or traffic Flows to SW GMS, CSC, or syslogs to Analyzer or send to a 3rd party Syslog Collector What can Sonicwall's GMS Live monitor do Can send a more detailed email alert and an SNMP trap How does the firewall use DNS or NetBIOS in log reports To resolve IP addresses to server names and stored the names and address pairs in a cache to assist future lookups True or False: It's recommended to disable the Name Resolution Method or define it to DNS True What action is taken by the firewall when Name Resolution Method is set to none The firewall will not attempt to resolve IP addresses and Names in the log reports ... ... True or False: You should use the DNS setting when you are using Analyzer or GMS True If a host on the network is infected with Malware what generally happens The host will often open at random 100s or 1000s of connections to the Internet or internal resources What can the Connection Monitor display Real-time views of all connections to and through the firewall allowing you to find infected hosts and remove them How do you access the Connection Logs Investigate-Logs-Connnection Logs