Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
109 Cards in this Set
- Front
- Back
|
1) Which two statements are true about applying Host Checker at the realm level? (Choose two.)
A. If Evaluate is checked then the client must pass policy to get the sign-in page. B. If Evaluate is checked then the client can fail policy and still get the sign-in page. C. If Require and Enforce is checked then the client must pass policy to get the sign-in page. D. If Require and Enforce is checked then the client can fail policy and still get the sign-in page. |
B. If Evaluate is checked then the client can fail policy and still get the sign-in page.
C. If Require and Enforce is checked then the client must pass policy to get the sign-in page. |
|
|
2) Which log contains information about service restarts, system errors, warnings, and requests to check server connectivity?
A. Events log B. System log C. User Access log D. Admin Access log |
A. Events log
|
|
|
3) Which statement is correct about defining an Infranet Enforcer for use as a RADIUS Client?
A. You do not need to configure a RADIUS client policy. B. You must know the exact model number of the Infranet Enforcer. C. You must specify the NACN password of the device in the RADIUS client policy. D. You do not need to designate a location group to which the Infranet Enforcer will belong. |
A. You do not need to configure a RADIUS client policy.
|
|
|
4) Which configuration option can be set either in the initial console menu or the Admin UI of the Infranet Controller?
A. VLAN ID B. Hostname C. Domain Name D. Administrative timeout |
C. Domain name
|
|
|
5) What is the primary purpose of creating a Location Group Policy?
A. to associate more than one realm with an authentication server B. to logically group network access devices and associate them with specific sign-in policies C. to allow or prevent users from accessing resources in specific locations on the network D. to define the URL that users of network access devices can use to access the Infranet Controller |
B. to logically group network access devices and associate them with specific sign-in policies
|
|
|
6) What is true about the operation of the Infranet Enforcer?
A. It assigns users a set of roles. B. It allows access based on auth table entries C. It verifies whether an endpoint meets security requirements. D. It configures the UAC agent to allow or deny access to resources. |
B. It allows access based on auth table entries
|
|
|
7) On a pre-existing OAC, which three options can the Infranet Controller overwrite when the user accesses the Infranet Controller? (Choose three.)
A. SSID B. login name C. MAC address D. wired adapters E. encryption method |
A. SSID
D. wired adapters E. encryption method |
|
|
8) What must be updated regularly to detect the newest versions of personal firewalls on endpoints?
A. Infranet Enforcer firmware B. Infranet Controller rollback software C. Host Security Assessment Plug-in (HSAP) D. Endpoint Security Assessment Plug-in (ESAP) |
D. Endpoint Security Assessment Plug-in (ESAP)
|
|
|
9) Which three statements about dynamic filtering are true? (Choose three.)
A. Dynamic filtering creates a query statement. B. Dynamic filtering has an option to save query. C. Dynamic filtering can select any log field to filter. D. Dynamic filtering permanently removes other log entries. E. Dynamic filtering redraws the log when you select a variable link. |
A. Dynamic filtering creates a query statement.
B. Dynamic filtering has an option to save query. E. Dynamic filtering redraws the log when you select a variable link. |
|
|
10) A customer has installed UAC in their network. They have both Windows and Linux endpoints and must choose a deployment method that everyone can use. Which deployment method allows for multiple platforms?
A. IPsec enforement B. 802.1x enforcement C. Source IP enforcement D. Odyssey Access Client |
C. Source IP enforcement
|
|
|
11) Which interface does the Infranet Controller use to push the configuration?
A. trusted port B. internal port C. trust interface D. untrust interface |
B. internal port
|
|
|
12) Which two actions are required to configure an Infranet Enforcer to communicate with an Infranet Controller? (Choose two.)
A. Enable SSH. B. Configure DNS. C. Enable route mode. D. Set certificate validation options. |
A. Enable SSH.
D. Set certificate validation options. |
|
|
13) When the Infranet Enforcer is set up in transparent mode, which additional resource policy must be configured to use OAC for IPsec enforcement?
A. IPsec Routing B. Access Control C. IP Address Pool D. Source Interface |
D. Source Interface
|
|
|
14) Which two methods of authentication are used by the Infranet Controller fir IPSec enforcement? (Choose two.)
A. dial-up VPN B. IKE authentication C. XAuth authentication D. shared IKE authentication |
A. dial-up VPN
C. XAuth authentication |
|
|
15) What will serve as a RADIUS Client to the Infranet Controller for 802.1x authentication?
A. an ACE server B. a wireless network C. an Ethernet switch D. Odyssey Access Client |
C. an Ethernet switch
|
|
|
16) If Host Checker restrictions are applied at the role level and the "Allow access to the role if any ONE of the selected policies is passed" option is unchecked, which two statements are true? (Choose two.)
A. All roles are evaluated together. B. Each role is evaluated separately. C. Clients must pass all policies to access the role. D. Clients will pass as long as one policy is accepted. |
B. Each role is evaluated separately.
C. Clients must pass all policies to access the role. |
|
|
17) Which additional configuration must be completed when setting up role restrictions using certificates?
A. Set up a certificate authentication server. B. Configure the authentication realm to remember certificate information. C. Configure the authentication realm to use a certificate server for authentication. D. Configure a role mapping rule requiring certification information to map user to role. |
B. Configure the authentication realm to remember certificate information.
|
|
|
18) What happens when Host Checker is configured to perform checks every "0" minutes?
A. Host Checker is disabled. B. Host Checker will perform continuous checks. C. Host Checker will perform checks when user logs out. D. Host Checker will perform checks when user first logs in. |
D. Host Checker will perform checks when user first logs in.
|
|
|
19) Your company has a mix of employees and contractors. Contractor usernames always begin with "con-"; employee usernames never begin with "con-". You need to give employees access to all resources and give contractors access to a limited set of resources. Employee and contractor roles have been created with the appropriate access privileges, and the realm is set to merge settings for all assigned roles. Which role mapping ruleset would result in the correct access privileges being assigned?
A. username="*" -> Employee-role Stop username="con=*" -> Contractor-role B. username="*" -> Employee-role username="con-*" -> Contractor-role Stop C. username="con-*" -> Contractor-role Stop username="*" -> Employee-role D. username="con-*" -> Contractor-role username="*" -> Employee-role Stop |
C. username="con-*" -> Contractor-role Stop username="*" -> Employee-role
|
|
|
20) Which action is optional when adding an authentication realm for use on an Infranet Controller?
A. Modify sign-in policy. B. Configure role mapping. C. Assign authentication server. D. Configure authentication policy. |
D. Configure authentication policy.
|
|
|
21) You have created a set of three role mapping rules and selected the option to merge settings for all assigned roles. You also selected "stop processing this rule" on the second rule. A user logs in that matches all three rules. Which choice is true?
A. This selection is invalid. The system displays an error message in the log. B. The merge option overrides the stop processing option and the user is assigned all three roles. C. The Stop rule prevents any more rule matching after checking the first rule. The permissive merging does not occur. D. The Stop rule prevents any more rule matching after checking the second rule and permissive merge occurs on the first two rules. |
D. The Stop rule prevents any more rule matching after checking the second rule and permissive merge occurs on the first two rules.
|
|
|
22) What are three functions of the Infranet Controller? (Choose three.)
A. Determines VLAN allocations. B. Verifies compliance with policies. C. Acts as a 802.1x enforcer if needed. D. Enforces Layer 3 policies dynamically. E. Communicates frequently with Odyssey Access Client. |
A. Determines VLAN allocations.
B. Verifies compliance with policies. E. Communicates frequently with Odyssey Access Client. |
|
|
23) Your company requires that users who authenticate using the web run an approved Web browser and have current antivirus signatures in order to present their credentials for authentication. If they do not have current signatures or are running an unauthorized browser, they may not authenticate. What do you configure on the Infranet Controller to implement your company's authentication policy?
A. a browser restriction on the user's role and a Host Checker restriction on the user's role B. a browserr restriction on the user's realm and a Host Checker restriction on the user's role C. a browser restriction on the user's role and a Host Checker restriction on the user's realm D. a browser restriction on the user's realm and a Host Checker restriction on the user's realm |
D. a browser restriction on the user's realm and a Host Checker restriction on the user's realm
|
|
|
24) What do you lose if you require and enforce Host Checker policies at the realm level?
A. the ability to permissively merge roles B. the ability to assign users to more than one role C. the ability to dynamically evaluate user endpoint status D. the ability to assign users to roles based on endpoint status |
A. the ability to permissively merge roles
|
|
|
25) On the Infranet Controller Admin UI, how can you dynamically refresh the roles for all signed-in users in the Guest realm only?
A. On the System > Status > Active Users page, click the "Refresh Roles" button. B. On the Troubleshooting > Commands page, click the "Refresh Users by Realm" button and select Guest. C. On the Users > User Realms > Guest > General page, click the "Refresh Now" button under Dynamic Policy Evaluation D. On the Signing In > Sign-in Policies page, click the "Refresh Now" button next to the user URL that is mapped to the Guest realm. |
C. On the Users > User Realms > Guest > General page, click the "Refresh Now" button under Dynamic Policy Evaluation
|
|
|
26) Which Infranet Enforcer CLI command shows users that were authenticated using the Infranet Controller?
A) get policy id # B) get auth table C) get admin auth table D) set -n infranet policy command "get all" |
B) get auth table
|
|
|
27) Which three are required when defining Sign-in Policies? (Choose three.)
A. sign-in URL B. sign-in page C. authorization server D. authentication server E. authentication realm |
A. sign-in URL
B. sign-in page E. authentication realm |
|
|
28) For which two purposes would RADIUS Attribute Policies be used? (choose two.)
A. to specify against which realm a user authenticates B. to designate with which wireless SSID a user can be associated C. to specify which VLAN an endpoint must use to access the network D. to configure QoS functions on a switch port for a user based on the current user's role |
C. to specify which VLAN an endpoint must use to access the network
D. to configure QoS functions on a switch port for a user based on the current user's role |
|
|
29) Which three options can you configure under User Session Options? (choose three.)
A. Set Idle Time Out value B. Enable time out reminder C. Set Max Session Length value. D. Select Roaming session options. E. configure Persistent Session option. |
C. Set Max Session Length value.
D. Select Roaming session options. E. configure Persistent Session option. |
|
|
30) What are two ways you can set the time on the Infranet Controller and Infranet Enforcer? (choose two.)
A. Use the NTP server. B. Use the DNS server. C. Use the SNTP server. D. Get time from browser. |
A. Use the NTP server.
D. Get time from browser. |
|
|
31) Which two Host Checker rule types are available across OS platforms? (choose two.)
A. file B. port C. NetBIOS D. MAC address |
A. file
B. port |
|
|
32) Which statement is true when pre-configuring the Odyssey Access Client for 802.1X?
A. You must use the EAP-PEAP authentication protocol. B. You must select "Require connection to this Infranet Controller". C. You can only select "Configure Wired Adaptor" or "Configure Wireless Adapter". D. You can select either "Configure Wired Adaptor" or "Configure Wireless Adapter". |
D. You can select either "Configure Wired Adaptor" or "Configure Wireless Adapter".
|
|
|
33) Which setting would enable Infranet Enforcer to help with troubleshooting?
A. Enable policy trace. B. Enable tracing on the poilcy. C. Enable logging on the policy. D. Enable tracking on the policy. |
C. Enable logging on the policy.
|
|
|
34) What is a prerequisite when you upgrade an Infranet Controller?
A. The license(s) are installed. B. The CA digital certificate is installed. C. The service package is on the host machine. D. The service account at Juniper support is set up. |
C. The service package is on the host machine.
|
|
|
35) When setting up an Infranet Controller as a backup server, which two options would you not want to import? (choose two.)
A. user roles B. digital certificate C. network settings D. authentication servers |
B. digital certificate
C. network settings |
|
|
36) If you include the domain administrator name and password when defining an AD/NT authentication server, what does this allow you to do that you could not otherwise do?
A. Allows the user to change their password on the AD/NT authentication server. B. Allows the Infranet Controller to change its password on the AD/NT authentication server. C. Allows the user to query the AD/NT authentication server for user information for role mapping purposes. D. Allows the Infranet Controller to query the AD/NT authentication server for group information for role mapping purposes. |
D. Allows the Infranet Controller to query the AD/NT authentication server for group information for role mapping purposes.
|
|
|
37) Which two actions can an administrator take to determine authentication failure? (choose two)
A. Review the Events log B. Review the User Access log C. Run a policy trace, selecting authentication D. Run a policy simulation, selecting pre-authentication |
B. Review the User Access log
C. Run a policy trace, selecting authentication |
|
|
38) Which two methods can be used to archive the Infranet Controller logs? (choose two.)
A. FTP B. SCP C. TFTP D. SFTP |
A. FTP
B. SCP |
|
|
39) Certificates are required to be installed on which components for communication?
A. OAC and Infranet Enforcer B. Infranet Controller and OAC C. Infranet Controller and Infranet Enforcer D. OAC, Infranet Controller, and Infranet Enforcer |
C. Infranet Controller and Infranet Enforcer
|
|
|
40) What information is required when you create a device certificate for the Infranet Controller? (Choose three.)
A. random data B. common name C. company name D. organization name E. contact phone number |
A. random data
B. common name D. organization name |
|
|
41) What are two access management options provided by the Authentication Policy in an authentication realm? (Choose two.)
A. Restrict user by source IP. B. Restrict user by certificate. C. Restrict user by DNS suffix. D. Restrict user by source VLAN. |
A. Restrict user by source IP.
B. Restrict user by certificate. |
|
|
42) In which scenario would you need to configure any VLAN ports in a RADIUS Attribute Policy?
A. You have routing configured on your network that enables the endpoint access to the Infranet Controller. B. You have two VLANs; the Infranet Controller is connected to each using both the Internal and external ports. C. You have more than two VLANs and the Infranet Enforcer is connected to a trunk port on a VLAN-enabled switch. D. You have more thanVLAN-enabled switch. |
D. You have more thanVLAN-enabled switch.
|
|
|
43) Your authentication realm is configured to use an Active Directory server for authentication and an LDAP server for directory/attribute information. Which statement is true?
A. Dynamic policy evaluation cannot be used on this realm. B. When your LDAP server is down you cannot authenticate users. C. Users can be mapped to roles based on their AD group membership. D. Users can be assigned resource policies based on their LDAP attributes |
D. Users can be assigned resource policies based on their LDAP attributes
|
|
|
44) A customer wants to allow Agentless Access for certain roles. Which navigation path should be
used to set this option? A. Users > Users Roles > [RoleName] > Agent B. Users > Users Roles > [RoleName] > General C. Users > Users Roles > [RoleName] > General > UI Options D. Users > Users Roles > [RoleName] > General > Sessions Option |
A. Users > Users Roles > [RoleName] > Agent
|
|
|
45) Which two options must be defined in a RADIUS Client Policy to enable the Infranet Controller to
respond to RADIUS requests from a network access device? (Choose two.) A. a sign-in policy B. a shared secret C. the IP address of the network access device D. the proper vendor-specific attributes for the network access device |
B. a shared secret
C. the IP address of the network access device |
|
|
46) Which capability would 802.1X provide in a deployment?
A. to control role assignment B. to control a user's location group C. to control their authentication server D. to control what VLAN they are assigned |
D. to control what VLAN they are assigned
|
|
|
47) The Base DN, Filter, Member Attribute, Query Attribute, and Nested Group Level are aspects of
which authentication server? A. NIS B. LDAP C. RADIUS D. Active Directory/Windows NT |
B. LDAP
|
|
|
48) What are two Infranet Enforcer commands you can use to troubleshoot communication with the
Infranet Controller? (Choose two.) A. get event B. get controller status C. get auth table infranet D. exec infranet controller connect |
A. get event
D. exec infranet controller connect |
|
|
49) Which three troubleshooting tools are available from the GUI? (Choose three.)
A. ping B. tcpdump C. trace route D. TCP replay E. LDAP browser |
A. ping
B. tcpdump C. trace route |
|
|
50) A user is attempting to connect to the Infranet Controller from source IP 10.0.1.13. In the source
IP restrictions for that user's role, which option will result in the user being denied access to the Infranet Controller? A. You selected "Allow users to sign in from any IP address." B. You selected "Allow or deny users from the following IP addresses:", and no IP addresses are listed. C. You selected "Allow or deny users from the following IP addresses:", listed IP address 10.0.1.0/24, and selected Deny. D. You selected "Allow or deny users from the following IP addresses:", listed IP address 10.0.1.0/24, and selected Allow. |
C. You selected "Allow or deny users from the following IP addresses:", listed IP address
10.0.1.0/24, and selected Deny. |
|
|
51) A sign-in policy maps users to _____.
A. roles B. routes C. realms D. resources |
C. realms
|
|
|
52) Which deployment option is used to protect data center resources from unauthorized users and noncompliant endpoints?
A. WAN Gateway B. Campus Wired C. Server Front End D. Distributed Enterprise |
C. Server Front End
|
|
|
53) Which two protocols allow you to determine traffic direction (incoming/outgoing) when configuring Host Enforcer? (Choose two.)
A. ESP B. TCP C. UDP D. ICMP |
B. TCP
C. UDP |
|
|
54) Which three options are required to configure a source IP enforcement policy on the Infranet
Enforcer? (Choose three.) A. logging B. source zone C. permit action D. address translation E. destination address |
B. source zone
C. permit action E. destination address |
|
|
55) Where in the Infranet Controller do you select LDAP attributes to be used for role mapping?
A. Server Catalog B. LDAP Database C. Attribute Catalog D. Attribute Directory Store |
A. Server Catalog
|
|
|
56) Which statement is accurate about the UAC agent?
A. UAC agent is installed by the switch. B. The UAC agent is installed by the Infranet Enforcer. C. The UAC agent is installed by the Infranet Controller. D. The UAC agent communicates with Infranet Enforcer when using agentless mode. |
C. The UAC agent is installed by the Infranet Controller.
|
|
|
57) Which three options are required during the initial configuration of the Infranet Controller console?
(Choose three.) A. gateway B. netmask C. hostname D. IP address E. link speed |
A. gateway
B. netmask D. IP address |
|
|
58) Which three options can be configured on the Host Checker policy for a Linux or Mac platform?
(Choose three.) A. files B. ports C. processes D. registry entries E. integrated third-party security products |
A. files
B. ports C. processes |
|
|
59) What makes RADIUS unique from other authentication servers used by the Infranet Controller?
A. It can be used to obtain user attribute information. B. It can be used to obtain group attribute information. C. It can be used to do both authentication and accounting. D. It can be used as both a authorization server and authentication server. |
C. It can be used to do both authentication and accounting.
|
|
|
60) Which two options can be used for certificate validation on the Infranet Enforcer? (Choose two.)
A. SCEP B. OCSP C. OCR-Y D. real time |
A. SCEP
B. OCSP |
|
|
61) What are three steps in the initial console configuration of the Infranet Controller? (Choose three.)
A. Install license. B. Configure interface. C. Complete initial boot. D. Create user accounts. E. Create self-signed certificate. |
B. Configure interface.
C. Complete initial boot. E. Create self-signed certificate. |
|
|
62) Which two Host Checker rule types are only available on Windows? (Choose two.)
A. port B. NetBIOS C. processes D. MAC address |
B. NetBIOS
D. MAC address |
|
|
63) Which three logs are default log files for the Infranet Controller? (Choose three.)
A. Traffic logs B. Event logs C. System logs D. User Access log E. Admin Access log |
B. Event logs
D. User Access log E. Admin Access log |
|
|
64) What is the refresh interval when you validate a certificate on the Infranet Enforcer using OSCP?
A. daily B. weekly C. monthly D. real-time |
D. real-time
|
|
|
65) For which type of authentication server are you able to configure two backup servers?
A. NIS B. LDAP C. RADIUS D. Active Directory/Windows NT |
B. LDAP
|
|
|
66) What must be configured to enable the Infranet Controller to respond to a RADIUS request from a network access device?
A. Sign-In Policy B. RADIUS Client Policy C. Location Group Policy D. RADIUS Attribute Policy |
B. RADIUS Client Policy
|
|
|
67) What is the function of the Host Checker?
A. Runs on the Infranet Controller and ensures reachability to agents. B. Communicates with the Infranet Enforcer and restricts access to resources. C. Communicates with the Infranet Controller and checks endpoint security compliance. D. Runs on the endpoint and checks for healthy communication with the Infranet Enforcer and the Infranet Controller. |
C. Communicates with the Infranet Controller and checks endpoint security compliance.
|
|
|
68) Which three statements are true about Host Checker? (Choose three.)
A. Host Checker can be applied to a resource policy. B. Host Checker can be used to check the age of a file on the client system. C. Host Checker can be used to check the presence of a particular file on a client system. D. Host Checker can be invoked before a user is allowed to sign in to the Infranet Controller. E. Host Checker can verify the client certificate being offered by the client system using the Certificate Revocation List (CRL) check |
B. Host Checker can be used to check the age of a file on the client system.
C. Host Checker can be used to check the presence of a particular file on a client system. D. Host Checker can be invoked before a user is allowed to sign in to the Infranet Controller. |
|
|
69) Which Infranet Controller feature would help with making a large number of changes to the
configuration? A. XML Import/Export B. Configuration Export C. Import/Export Users D. Configuration > Tools |
A. XML Import/Export
|
|
|
70) When creating role mapping rules, which two "Rule based on:" options allow you to automatically
retrieve and populate a list of available server catalog attributes from LDAP? (Choose two.) A. username B. user attribute C. group membership D. custom expression |
B. user attribute
C. group membership |
|
|
71) In your IPsec Routing policy, you have selected to always use a virtual adapter. Which additional
resource policy must be configured? A. Host Enforcer B. Access Control C. IP Address Pool D. Auth Table Mapping |
C. IP Address Pool
|
|
|
72) On the Infranet Controller, which link under the Users > User Roles > Rolename > General tab
should be selected to change the logo presented to the user? A. Overview B. UI Options C. Restrictions D. Session Options |
B. UI Options
|
|
|
73) Which statement is accurate regarding the UAC agents?
A. OAC is required for IPsec enforcement. B. UAC Host Checker can be installed by the enforcer. C. UAC Host Checker is required for 802.1X enforcement. D. OAC can be installed automatically on any operating system |
A. OAC is required for IPsec enforcement.
|
|
|
74) Which realm-level Host Checker restriction option allows you to enforce Host Checker policies
only at the role level? A. When Evaluate is checked and Require and Enforce is checked. B. When Evaluate is checked and Require and Enforce is unchecked. C. When Evaluate is unchecked and Require and Enforce is checked. D. When Evaluate is unchecked and Require and Enforce is unchecked. |
B. When Evaluate is checked and Require and Enforce is unchecked.
|
|
|
75) A user is authenticating to the Infranet Controller with username "fin-jdoe" in a realm with "Merge
settings for all assigned roles" selected. Which two role mapping rulesets will result in that user being eligible for both the Employee and Finance roles? (Choose two.) A. username="*" -> Employee Stop username="fin-*" -> Finance B. username="*" -> Employee username="fin-*" -> Finance Stop C. username="fin-*" -> Finance Stop username="*" -> Employee D. username="fin-*" -> Finance username="*" -> Employee Stop |
B. username="*" -> Employee username="fin-*" -> Finance Stop
D. username="fin-*" -> Finance username="*" -> Employee Stop |
|
|
76) What are two reasons where you would use a realm-level Host Checker restriction? (Choose
two.) A. To assign a user to a role based on whether their antivirus is running. B. To require an acceptable level of browser encryption before a user logs in. C. To prevent a user from entering their credentials if a keystroke logger is present. D. To prevent a user from accessing resources if their endpoint isn't running the authorized OS. |
B. To require an acceptable level of browser encryption before a user logs in.
C. To prevent a user from entering their credentials if a keystroke logger is present. |
|
|
77) In the Infranet Controller Admin UI, how can you verify communication with the Infranet Enforcer?
A. Ping the Infranet Enforcer. B. SSH to the Infranet Enforcer. C. Check the Infranet Enforcer icon in the System Status window. D. Click the "Check Connection" button on the Infranet Enforcer Connection page. |
C. Check the Infranet Enforcer icon in the System Status window.
|
|
|
78) Which three configured options are validated when the Test Configuration button is clicked during
the configuration of AD/NT Authentication Server? (Choose three.) A. Whether the Domain does exist. B. Whether the computer name is valid. C. Whether the authentication protocol works. D. Whether the Admin name and password is valid. E. Whether the domain controller is a valid AD controller. |
A. Whether the Domain does exist.
C. Whether the authentication protocol works. E. Whether the domain controller is a valid AD controller. |
|
|
79) What must be specified when configuring a Location Group Policy?
A. a realm B. a sign-in policy C. a meaningful description D. the IP address(es) of all RADIUS clients that will be a part of the location group |
B. a sign-in policy
|
|
|
80) A customer has just installed UAC. They want to provide encrypted transport and are using
Windows XP clients. Which two items are needed to configure and setup? (Choose two.) A. Agentless Access B. IPsec enforcement C. Source IP enforcement D. Odyssey Access Client |
B. IPsec enforcement
D. Odyssey Access Client |
|
|
81) If Dynamic Policy evaluation is not enabled on a realm, when will roles, restrictions, or policies be
evaluated for users in that realm? (Choose two.) A. at the specified refresh interval B. when the user makes a request for a resource C. when the Host Checker status of the endpoint changes D. when you click the Refresh Now button on the General page of the user's realm |
B. when the user makes a request for a resource
C. when the Host Checker status of the endpoint changes |
|
|
82) When configuring a RADIUS server as an authentication server, what information is optional?
A. name B. NAS-identifier C. shared secret D. authentication port |
B. NAS-identifier
|
|
|
83) What are three settings you can configure in a realm? (Choose three.)
A. IPsec routing policy B. authentication policy C. RADIUS attribute policy D. dynamic policy evaluation E. Host Checker access restriction |
B. authentication policy
D. dynamic policy evaluation E. Host Checker access restriction |
|
|
84) On the Infranet Enforcer, which two optons must be configured on the policy to require Source IP
enforcement? (Choose two.) A. position policy at the top B. Authentication/Auth Server C. Authentication/Infranet-Auth D. position policy at the bottom |
A. position policy at the top
C. Authentication/Infranet-Auth |
|
|
85) The Endpoint Security Assessment Plug-in (ESAP) is used by which component of the Infranet
Controller? A. Host Checker B. Cache Cleaner C. User Authorization D. User Authentication |
A. Host Checker
|
|
|
86) Which two deployment options is used to check users compliance before allowing access to the
local LAN? (Choose two.) A. Campus Wired B. Server Front End C. Campus Wireless D. Distributed Enterprise |
A. Campus Wired
C. Campus Wireless |
|
|
87) When using the push configuration function, which two statements are true? (Choose two.)
A. You can push to multiple members at the same time. B. You can push a configuration to another member in your cluster. C. You can select what configuration settings are pushed to the other devices. D. The target Infranet Controller cannot reject the pushed configuration settings. |
A. You can push to multiple members at the same time.
C. You can select what configuration settings are pushed to the other devices. |
|
|
88) Which statement is correct about 802.1X authentication?
A. The user must provide a valid user certificate to be allowed access to a LAN. B. Keys used for data encryption after authentication can be generated dynamically. C. A network access device, such as a wireless access point, authenticates the user credentials. D. In a wireless network, 802.1x authentication must occur before an 802.11 association method |
B. Keys used for data encryption after authentication can be generated dynamically.
|
|
|
89) Which archive method on the Infranet Controller sends the logs in an encrypted format?
A. FTP B. SEP C. SCP D. TFTP |
C. SCP
|
|
|
90) Which two tools for troubleshooting are available from the serial console? (Choose two.)
A. ping B. trace route C. policy trace D. policy simulation |
A. ping
B. trace route |
|
|
91) Which troubleshooting tool allows the administrator to isolate pre-authentication and
authentication issues? A. Events log B. Policy Tracing C. User Access log D. Policy Simulation |
B. Policy Tracing
|
|
|
92) What information is required to generate an Infranet Controller license? (Choose two.)
A. hostname B. IP address C. hardware ID D. authorization code |
C. hardware ID
D. authorization code |
|
|
93) What will fail if time is not synchronized between the Infranet Controller and the Infranet
Enforcer? A. certificate validation B. local user authentication C. Infranet Enforcer log rollback D. Infranet Controller 802.1X VLAN assignment |
A. certificate validation
|
|
|
94) When you initiate an upgrade of the Infranet Controller, what can you delete to reduce the
upgrade time? A. system log B. digital certificates C. user configuration D. system configuration |
A. system log
|
|
|
95) What is the function of the Sign-in Policy?
A. It controls whether or not a user can sign-in, based on role membership. B. It controls which options are available on the login screen, based on the user's permissions. C. It controls who can access the login page, based on IP address, Host Checker and other criteria. D. It defines the URLs and corresponding sign-in pages that users and administrators can use to access the Infranet Controller. |
D. It defines the URLs and corresponding sign-in pages that users and administrators can use to
access the Infranet Controller. |
|
|
96) You are creating a sign-in policy. What are two options that must be configured? (Choose two)
A. Sign-in URL B. Description C. Sign-in page D. Sign-in Realm |
A. Sign-in URL
C. Sign-in page |
|
|
97) What must you specify on the Users > Resource Policies > Infranet Enforcer > Connection page
in order to define an Infranet Enforcer as a RADIUS client? A. specific model number of the device B. fully-qualified domain name of the device C. location group to which the device will belong D. RADIUS client policy to which the device will apply |
C. location group to which the device will belong
|
|
|
98) If you are using 802.1X, what is the initial enforcement point?
A. the router B. the switch C. the Infranet Controller D. the Odyssey Access Client |
B. the switch
|
|
|
99) Which three options are valid role restrictions? (Choose three.)
A. Limits B. Browser C. Source IP D. Certificate E. Password |
B. Browser
C. Source IP D. Certificate |
|
|
100) Which two authentication and directory (authorization) combinations are possible at the realm
level? (Choose two.) A. Authentication: Active Directory Directory (authorization): LDAP B. Authentication: Active Directory Directory (authorization): ACE C. Authentication: RADIUS Directory (authorization): Active Directory D. Authentication: Anonymous Directory (authorization): LDAP |
A. Authentication: Active Directory Directory (authorization): LDAP
C. Authentication: RADIUS Directory (authorization): Active Directory |
|
|
101) Which menu option would you select to install a new device certificate?
A. System > Network B. System > Configuration C. Maintenance > System D. Authentication > Signing In |
B. System > Configuration
|
|
|
102) You have created a host enforcer policy and want to verify that it has been applied. In which two
places would you look to determine if the policy is being enforced? (Choose two.) A. OAC B. Client browser C. Infranet Enforcer D. Infranet Controller |
A. OAC
D. Infranet Controller |
|
|
103) How many certificates can be assigned to an interface with an IP address at one time?
A. 1 B. 2 C. 3 D. unlimited |
A. 1
|
|
|
104) Which type of policy on the Infranet Controller would allow you to specify QoS functions such as
bandwidth restrictions for users who are assigned to a particular role? A. Sign-In Policy B. Resource Policy C. Host Checker Policy D. RADIUS Attribute Policy |
D. RADIUS Attribute Policy
|
|
|
105) Which three additional resource policies are required when configuring IPsec in route mode with
NAT? (Choose three.) A. IP Pools B. IPsec Routing C. Source Interface D. Resource Access E. Auth Table Mapping |
A. IP Pools
B. IPsec Routing D. Resource Access |
|
|
106) You are creating a custom log filter. Which three statements are true? (Choose three.)
A. You must include a filter name. B. You must create a custom format. C. You can specify a date range to filter. D. The filter is only available on the log in which it is created. E. The filter can be applied to other logging functions of the Infranet Controller. |
A. You must include a filter name.
C. You can specify a date range to filter. E. The filter can be applied to other logging functions of the Infranet Controller. |
|
|
107) When using agent access, what are two agent settings you can configure on a user role?
(Choose two.) A. interval B. timeout C. frequency D. delivery method |
A. interval
B. timeout |
|
|
108) On the Infranet Controller UI, where do you pre-configure Odyssey Access Client settings?
A. User Roles B. 802.1x policy C. Sign-in Policies D. Authentication Realms |
C. Sign-in Policies
|
|
|
109) What information is required to add an Infranet Controller instance to an Infranet Enforcer?
(Choose two.) A. gateway B. selected CA C. source interface D. Infranet Controller admin credentials |
B. selected CA
C. source interface |
