CCSA Practice Questions with 100% Correct Answers
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the - Answer- destination on client side
A Web server ...
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the
Security Gateway. With the default settings in place for NAT, the initiating packet will
translate the - Answer- destination on client side
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side
NAT is not checked in the Global Properties. A client on the Internet initiates a session
to the Web Server. Assuming there is a rule allowing this traffic, what other
configuration must be done to allow the traffic to reach the Web server? - Answer- A
static route must be added on the Security Gateway to the internal host.
When translation occurs using automatic Hide NAT, what also happens? - Answer- The
source port is modified.
The fw monitor utility is used to troubleshoot which of the following problems? - Answer-
Address translation
In SmartDashboard, Translate destination on client side is checked in Global Properties.
When Network Address Translation is used: - Answer- It is not necessary to add a static
route to the Gateway's routing table
Secure Internal Communications (SIC) is completely NAT-tolerant because it is based
on - Answer- SIC names
Static NAT connections, by default, translate on which firewall kernel inspection point? -
Answer- Inbound
You are MegaCorp's Security Administrator. There are various network objects which
must be NATed. Some of them use the Automatic Hide NAT method, while others use
the Automatic Static NAT method. What is the rule order if both methods are used
together? - Answer- The Static NAT rules have priority over the Hide NAT rules and the
NAT on a node has priority over the NAT on a network or an address range.
Automatic Static NAT CANNOT be used when: - Answer- NAT decision is based on the
destination port. Both Source and Destination IP's have to be translated.
, After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the
i, I, and o inspection points, but not in the O inspection point. Which is the likely source
of the issue? - Answer- It is due to NAT.
Your internal network is configured to be 10.1.1.0/24. This network is behind your
perimeter R77 Gateway, which connects to your ISP provider. How do you configure the
Gateway to allow this network to go out to the Internet? - Answer- Use Hide NAT for
network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
You enable Automatic Static NAT on an internal host node object with a private IP
address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings
in Global Properties / NAT.)
When you run fw monitor on the R77 Security Gateway and then start a new HTTP
connection from host 10.10.10.5 to browse the Internet, at what point in the monitor
output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back
into 10.10.10.5? - Answer- I=inbound kernel, after the virtual machine
You have configured Automatic Static NAT on an internal host-node object. You clear
the box Translate destination on client site from Global Properties > NAT. Assuming all
other NAT settings in Global Properties are selected, what else must be configured so
that a host on the Internet can initiate an inbound connection to this host? - Answer- A
static route, to ensure packets destined for the public NAT IP address will reach the
Gateway's internal interface.
You manage a global network extending from your base in Chicago to Tokyo, Calcutta
and Dallas. Management wants a report detailing the current software level of each
Enterprise class Security Gateway. You plan to take the opportunity to create a
proposal outline, listing the most cost- effective way to upgrade your Gateways. Which
two SmartConsole applications will you use to create this report and outline? - Answer-
SmartView Monitor and SmartUpdate
Your bank's distributed R77 installation has Security Gateways up for renewal. Which
SmartConsole application will tell you which Security Gateways have licenses that will
expire within the next 30 days? - Answer- SmartUpdate
When launching SmartDashboard, what information is required to log into R77? -
Answer- User Name, Password, Management Server IP
Message digests use - Answer- SHA-1 and MD5
A hash algorithm? - Answer- MD5
Uses the same key to decrypt as it does to encrypt? - Answer- Symmetric encryption
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.09. You're not tied to anything after your purchase.