Exam Title

: Nokia NO0-002 : Nokia Security Administrator

Version : R6.1

www.Prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.
.

www.Prepking.com

 1. Which scenarios duplicate every component in your design so that the system can continue to operate in case of failure of any one component? A. Use a clustered firewall with two separate Cisco switches, one for internal, one for external. B. Use a clustered firewall with two Cisco switches, one attached with VLANs to the inside and outside of the first firewall, one attached with VLANs to the inside and outside of the second firewall. The Cisco switches bridge to each other internal to internal and external to external. There is no spanning tree. C. Use two serial links into two Cisco routers, into two firewalls into two internal Cisco routers. There are no shared networks, but the Cisco pair, firewall pair, and internal Cisco pair each have point to point links between them. The whole system runs OSPF. There is no clustering, but FW1 state sync is configured. Answer: BC 2. What statement about security practices is NOT true? A. Your system is only as secure as its weakest link. B. Many Nokia channel partners can provide a complete security audit and system. C. Human factors, such as password choice, can be as important as choosing the right equipment. D. The security administrator only needs to monitor log files when the firewall software sends an alert email. Answer: D 3. Which statement is true about restoring a backup set to a newly replaced unit? A. The restore must be initiated from the bootmanager. B. Restoring a backup requires serial login to the IP platform. C. The firewall must have its license installed before restore is run. D. The replaced disk must be exactly the same size as the failed disk. E. The replacement firewall must have the save software and software version of the failed firewall. Answer: E 4. Which command is valid within clish? A. ipsoinfo B. netstat -a C. show route D. show config Answer: C 5. Which three aspects of the Nokia solution provide cost benefits vs. using Checkpoint FW1 on the Windows platform? (Choose three.) A. the ability to manage the system using a lightweight VNC session B. the ability to integrate out of the box with dynamically routed networks C. the ability to manage policy remotely via the Checkpoint SMART Dashboard D. the ability to scale the solution using dynamically load-balanced Nokia clustering
www.Prepking.com

 E. the ability to manage the system using a lightweight ssh session or serial console Answer: BDE 6. Which Layer 2 role can Nokia IPSO platforms fulfill? A. Bridging B. Spanning Tree C. Frame Relay Switching D. Network Address Translation Answer: A 7. When you save the current configuration in Voyager, this is written to a single file on disk in which directory? A. /etc B. flash: C. /config D. /var/etc E. /config/db Answer: E 8. When you apply changes to the current configuration in Voyager, some system files such as the hosts file are immediately rebuilt so that packages can find the information more easily. Where are these files kept? A. /etc B. flash C. /image D. /var/etc E. /config/db Answer: D 9. Which is NOT a valid IPSO boot-manager command? A. ls B. boot C. setenv D. sysinfo E. raidinfo Answer: E 10. Which IPSO root ( / ) level directories are actually read-write partitions? (Choose the ONE answer that lists ALL of the right partitions.) A. /config, /var B. /config, /opt, /var
www.Prepking.com

 C. /config, /image, /var D. /config, /image, /opt, /var E. /config, /etc, /image, /opt, /var/etc, /var/log Answer: B 11. Which three advantages might you gain by using a dedicated remote syslog server, over using the local text-based syslog files? (Choose three.) A. object ID information B. multiple indexing and searching C. guaranteed delivery of log events D. retention of facility and severity fields E. a separate audit of login events in case of malicious activity Answer: BDE 12. Which syslog-written log file contains the majority of useful messages on IPSO? A. /var/log/messages B. /var/adm/messages C. $FWDIR/log/fw.log D. /var/log/httpd_error_log E. C:\WINNT\SYSTEM32\FWLOG. TXT Answer: A 13. Which two trap types would be sent to a newly configured SNMP manager by a newly configured IPSO unit? (Choose two.) A. coldStart B. linkUp/linkDown C. clusterMemberJoin D. systemOverTemperature E. systemTrapNoDiskSpace Answer: AB 14. Which combination of tcpdump flags provides extra information about packet MAC addresses and more detailed information about the contents? A. -e -v B. -q -s C. -v -v D. -R -z E. -a -R -e Answer: A
www.Prepking.com

 15. Which command allows you to view the main system log file in real time? A. vi -f /var/log/messages B. tail -f /var/log/messages C. tail -20 /var/adm/messages D. tail -20 -f $FWDIR/log/fw.log E. tail /var/admin/messages | more Answer: B 16. In VRRP version 2, the original master router is automatically assigned the highest possible priority. Everything is currently working correctly, and all machines are up. Which priority is seen on the wire if everything is currently working correctly and all machines are up when using VRRP version 2? A. 1 B. 31 C. 63 D. 99 E. 255 F. 1023 Answer: E 17. In VRRP Monitored Circuits, a failed master firewall comes back online after its backup has been providing service in its place for ten minutes. Which process most accurately describes the way it takes over as master again? A. It increments its priority over time until it takes over. B. It listens to the messages from the backup and negotiates a schedule for reassertion. C. The backup is in charge, sees ping results from testing the master start to succeed, and causes failover by rebooting itself. D. It sends new link state information, and adjacent routers recalculate the optimum route based on the lower cost of the master. E. It sees that the packets on the wire have a lower priority than its own and takes over without giving advance warning to the operational master. Answer: E 18. In VRRP Monitored Circuits, VRID #1 is used both externally and internally (two hubs), with a starting priority of 99 on a master firewall, and a starting priority of 98 on the two interfaces of a backup firewall. Each interface on each firewall monitors its opposite interface with a delta of 10. The external interface on the master firewall fails. After 5 seconds, which priorities can now be seen in the VRRP hello packets on the wire? A. 88 external, 98 internal
www.Prepking.com

 B. 89 external, 89 internal C. 89 external, 99 internal D. 98 external, 89 internal E. 98 external, 98 internal Answer: E 19. VRRP (in version 2, Monitored Circuits and Simplified) can be considered to provide resilience at which single layer of the OSI model? A. L1 B. L2 C. L3 D. L4 E. L7 Answer: B 20. Which three statements are true about administering an IPSO cluster as a whole using Voyager? (Choose three.) A. You should log in with the special username "cadmin". B. There is a special separate web server that you should use that runs on port 88 by default. C. You should access Voyager with a URL that addresses one of the shared, cluster IP addresses of the cluster. D. The account that you use in Voyager should exist on all boxes and must have the same password on all boxes. E. You must use Firefox only to access Voyager in this way because of the way that Nokia has used Javascript to superimpose the Voyager pages from each node. Answer: ACD 21. You create a cluster object in Firewall-1 to represent the VRRP Monitored Circuit fail-over pair. Which statement is true? A. State synchronization is automatically turned on. B. Both units in the pair will receive identical security policies. C. The Checkpoint Firewall-1 Management module can be located on either of the Firewall Modules. D. IPSO will automatically load balance the traffic between the two nodes in the Checkpoint cluster object. Answer: B 22. You have a resilient pair of Firewall-1/IPSO units, and you are concerned about whether connections will fail over seamlessly. Which command-line operations will display state table details? A. fw tab -t B. cp fwtab -t conn
www.Prepking.com

 C. cp tab connections D. fw tab -t connections E. fw table connections -print Answer: D 23. To configure a RADIUS server under IPSO AAA and enable it for use for login authentication by the Service Profile "base_prof_login", which action must you take? A. Create Service Module "RADIUS" with control "issues" and attach it to the PRD. B. Create a RADIUS profile with control "Required" and add it to the Service Module "login". C. Adjust the authprofile "base_login_authprofile" from UNIX to RADIUS, and set the RADIUS server, port and secret. D. Create an authprofile with control "Sufficient", set the RADIUS parameters, and add it to the service profile "base_profile_login"'s Authentication column. Answer: D 24. When defining the parameters for a RADIUS server in AAA, which two are NOT available fields to configure? (Choose two.) A. secret B. FQDN C. priority D. timeout E. max tries F. port number G. host address H. circumference Answer: BH 25. Which statement is true about local users on IPSO? A. The default shell for a new user is /bin/bash. B. If you omit a UID, Voyager will allocate the next available value. C. Specifying UID zero is dangerous as it may disable the root and admin accounts. D. The default admin user is UNIX UID zero (0) and has the same level of access as a UNIX root user. E. If you enter a password for a user that is shorter than 8 characters, you will get an error message about SNMP, and no passwords will be changed. Answer: D 26. If you make a change to an administrator account in Voyager, what is the information flow? (Note that there is no need to press Save for the account change to take effect.) A. Web page -> busybox -> flash0:keys.dat
www.Prepking.com

 B. Web page -> tomcat -> SQL server -> RADIUS server C. Web page -> asp script -> 'sed' -> /var/etc/passwd D. Web page -> XML -> /config/initial -> /etc/passwd E. Web page -> IPSO database -> 'xpand' -> /var/etc/passwd Answer: E 27. Which four statements about VLAN support are true? (Choose four.) A. The standard that defines VLANs is 802.1q. B. An IP address can be moved from one VLAN to another and the Checkpoint policy will remain valid. C. You must always have an old-fashioned 802.3 network on a segment before you can create VLANs. D. VLAN support allows you to increase bandwidth through a system by aggregating multiple cables or ports together. E. VLANs allow you to reduce cabling, to make good use of GigE interfaces and to do virtual-patching of connections on your Ethernet switch. Answer: ABCE 28. Which rule most completely explains when to use full or half duplex on Ethernet? A. You should use full-duplex if you use Cat-6 cabling. B. You should always start with full-duplex and use half-duplex if it fails. C. You should always use half-duplex on a hub and half-duplex on a switch. D. You should always use Full Duplex on a switch and half-duplex on a hub. E. You should always use half-duplex, except for cross-over cables, which can use full-duplex. Answer: D 29. What is the correct PC style netmask for 10.0.0.1/20? A. 255.255.0.0 B. 255.255.224.0 C. 255.255.240.0 D. 255.255.255.0 E. 255.255.255.252 Answer: C 30. What is the standard length of an IP packet? A. 64 bytes B. 1005 bytes C. 1500 bytes D. 10000 bytes with jumbo packets enabled E. There is no standard length, it depends on the higher layer contents. Answer: E
www.Prepking.com

 31. Which two fields are found in the IPv4 packet header? (Choose two.) A. diffserv Flags B. destination port C. sequence number D. source IP address E. "Next Header" field Answer: AD 32. When routing a packet via the default gateway "GW-Harewood", where in the entire Ethernet/IP/UDP packet is the next-hop-IP-address stored? A. It is not stored in the packet. B. It is in the diagnostics header. C. It is in the layer 2 destination field. D. It is in the layer 3 destination field. E. It is in the layer 4 destination field. Answer: A 33. IPSO allows Firewall-1 to intercept all packets at which point in the Seven Layer Model? (Choose two.) A. between layers 2 and 3 inbound B. between layers 2 and 3 outbound C. between layers 4 and 7 inbound D. during routing after a failed local bind at layer 3 Answer: AB 34. The progress of a packet from wire, through NAT, routing and security and back to the wire happens in what order? (You should assume the default settings of a new FW1-NG or later installation.) A. Wire, FW1 Security, Ethernet driver, FW1 NAT, IP routing, Ethernet, wire B. Wire, Ethernet driver, FW1 Security, IP routing, FW1 NAT, Ethernet, wire C. Wire, Ethernet driver, FW1 Security and NAT, IP routing, FW1, Ethernet, wire D. Wire, Ethernet driver, IP routing, FW1 NAT, FW1 security, Ethernet driver, wire Answer: C 35. What are three advantages of stateful inspection over packet filtering? (Choose three.) A. It can be clustered more easily. B. It allows caching of documents that are passing through. C. It allows better control of which end initiates a connection. D. It allows validation (checking) of some higher layer protocols. E. It prevents a number of denial of service attacks on internal machines. Answer: CDE
www.Prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/NO0-002.htm