Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
104 Cards in this Set
- Front
- Back
|
1) You want to configure Network Connect to allow users to connect through a tunnel, connect to hosts on the same subnet as their local adapter, and shut down any attempt to extend the network boundaries. How do you proceed?
A. Enable split tunneling. B. Disable split tunneling. C. Enable split tunneling with route change monitor. D. Allow access to local subnet with rooute change monitor. |
Answer:
D - Allow access to local subnet with route change monitor. |
|
|
2) Which three authentication servers are included with a baseline license? (Choose three)
A. NIS B. ACE C. SAML D. LDAP E. SiteMinder |
Answer:
A - NIS B - ACE D - LDAP |
|
|
3) You create a set of role mapping rules. You select "Merge settings for all assigned roles." The second role mapping rule has the "Stop processing rules when this rule matches" option selected. A user logs in that matches the furst three rules. What happens?
A. This is not a valid combination. The system displays an error message and does not update the configuration. B. The merge settings override the stop processing option. The user matches all three roles and merging follows the standard merging criteria. C. The Stop rule prevents any more rule matching after checking the second rule. The merge option only merges the roles of the first two rules following the IVE's built-in permissive merging rules. D. The Stop rule prevents any more rule matching after checking the second rule. The user now just matches the second rule. The merge option is overridden and the user is given only the privileges defined by the second role. |
Answer:
C - The Stop rule prevents any more rule matching after checking the second rule. The merge option only merges the roles of the first two rules following the IVE's built-in permissive merging rules. |
|
|
4) When using the J-SAM, where on a client machine would you look to verify that the loopback addresses are assigned correctly?
A. HOSTS file B. ARP cache C. LMHOSTS file D. local route table |
Answer:
A - HOSTS file |
|
|
5) What is Cache Cleaner used for?
A. to prevent users from signing in from insecure machines B. to remove content downloaded during the IVE session C. to remove Web content cached by the IVE on behalf of the user D. to determine which files should be cached between remote access sessions |
Answer:
B - to remove content downloaded during the IVE session |
|
|
6) Which role-based session option would an administrator configure to allow a user to connect from different source IP addresses within the same user session?
A. roaming session B. persistent session C. persistent password caching D. browser request follow-through |
Answer:
A - roaming session |
|
|
7) Which two Web Resource Policy features provide you with the capability to configure the IVE to work with corporate Proxy Servers? (Choose two.)
A. Web Proxy Policies B. Web Proxy Servers C. Web Cache Policies D. Web Passthrough Proxy |
Answer:
A - Web Proxy Policies B - Web Proxy Servers |
|
|
8) Which two statements about SSL VPNs are true? (Choose two.)
A. SSL VPNs provide better security than IPSEC. B. SSL VPNs provide a dedicated, point to point connection. C. SSL VPNs provide high performance for individual connections. D. SSL VPNs use well-known technologies for secure individual connections. |
Answer:
C - SSL VPNs provide high performance for individual connections. D - SSL VPNs use well-known technologies for secure individual connections. |
|
|
9) You are using RADIUS as your authorization server. Other than username, which two attributes are available for creating role mapping rules? (Choose two.)
A. Certificate B. User Attribute C. RSA Attributes D. Group Membership |
Answer:
A - Certificate B - User Attribute |
|
|
10) Where is the IVE typically deployed in the network?
A. behind the Internet firewall B. internally with all clients directly cabled to the IVE C. both interfaces on the outside of the Internet firewall D. parallel to the Internet firewall with one interface on the outside and one on the inside |
Answer:
A - behind the Internet firewall |
|
|
11) What are two reasons for using Network Connect? (Choose two.)
A. When the ability to disable split tunneling is required. B. When the client will need to redirect traffic based on process name. C. When the client will use applications with server-initiated connections. D. When the client will not have administrator privileges on their machines. |
Answer:
A - When the ability to disable split tunneling is required. C - When the client will use applications with server-initiated connections. |
|
|
12) What is the minimum information that must be configured by an administrator to create a resource policy? (Choose two.)
A. resource B. username C. policy name D. session timeout |
Answer:
A - resource C - policy name |
|
|
13) What are two possible reasons for W-SAM not starting on the client? (Choose two.)
A. Java is disabled in the Sign-in policy B. ActiveX autoinstall is disabled in the role. C. A popup blocker is installed on the client machine. D. The user does not have administrator privileges on the machine. |
Answer:
C - A popup blocker is installed on the client machine. D - The user does not have administrator privileges on the machine. |
|
|
14) Which User Role session option provides you with the capability to cache basic authentication information so users are not challenged repeatedly for the same credentials?
A. roaming session B. persistent session C. persistent password caching D. browser request follow-through |
Answer:
C - persistent password caching |
|
|
15) What does a sign-in policy map users to when browsing a specified URL?
A. A list of possible user roles. B. Specific resources as stated in resource policies. C. The URL presents one or more authentication realms to the user for authentication. D. The login is passed to an authentication server for verification, and an authorization server for user attribute information. |
Answer:
C - The URL presents one or more authentication realms to the user for authentication. |
|
|
16) Which resource example should you use to define resource access to a UNIX file share?
A. server/user B. \\server\share C. tcp://host:443 D. tcp://host:137/users |
Answer:
A - server/user |
|
|
17) Which statement accurately describes Resource Profiles?
A. Resource Profiles are a collection of resources and ACLs. B. Resource Profiles are where ACLs are setup for resources. C. Resource Profiles are a collection of resources and their descriptions. D. Resource Profiles are where the resource, role, and ACL are in one location. |
Answer:
D - Resource Profiles are where the resource, role, and ACL are in one location. |
|
|
18) Resource Profiles support creating policies for which two technologies? (Choose two.)
A. secure meeting B. network connect C. terminal services D. Web applications |
Answer:
C - terminal services D - Web applications |
|
|
19) Which two Terminal Services clients can be delivered automatically from the IVE to users? (Choose two.)
A. Citrix ICA B. Tera Term C. SecureCRT D. Windows Terminal Service |
Answer:
A - Citrix ICA D - Windows Terminal Service |
|
|
20) What are two benefits of using SSL? (Choose two.)
A. SSL is supported in all Web browsers. B. SSL usually requires no client-side configuration. C. The SSL client is smaller than most IPSec clients, with half the options to configure than that of an IPSec client. D. SSL outperforms IPSec on every level because it operates at the network layer rather than the application layer. |
Answer:
A - SSL is supported in all Web browsers. B - SSL usually requires no client-side configuration. |
|
|
21) What Access Method provides dual-mode transport (IPSec or SSL)?
A. Core Access B. Network Layer Access C. Application Layer Access D. Presentation Layer Access |
Answer:
B - Network Layer Access |
|
|
22) Which two statements about a server certificate are true? (Choose two.)
A. A server certificate is required for HTTP to function. B. A server certificate is a digital document that vouches for the identity of the server. C. A server certificate contains information about the server itself and the organization that owns the server. D. A server certificate is an electronic "drivers license" that establishes client credentials when doing business or other transactions on the Web. |
Answer:
B - A server certificate is a digital document that vouches for the identity of the server. C - A server certificate contains information about the server itself and the organization that owns the server. |
|
|
23) Which combination of Authentication Servers and Authorization Servers is valid?
A. Authentication Server: LDAP Authorization Server: NT B. Authentication Server: NT Authorization Server: RADIUS C. Authentication Server: RADIUS Authorization Server: LDAP D. Authentication Server: Local Authorization Server: RADIUS |
Answer:
C - Authentication Server: RADIUS Authorization Server: LDAP |
|
|
24) What is the purpose of the administrator username and password on an AD/NT server?
A. Allows the IVE to query the AD/NT for group names for role-mapping purposes. B. Allows users to change their username and password on the AD/NT server using the IVE. C. Allows the IVE to query the AD/NT for available users from a list for role-mapping purposes. D. Allows the IVE to connect to the AD/NT domain and submit credentials on behalf of the users. |
Answer:
A - Allows the IVE to query the AD/NT for group names for role-mapping purposes. |
|
|
25) When using W-SAM, which two statements are true about client privileges? (Choose two.)
A. The user needs administrator privileges to download the ActiveX control. B. The user needs administrator privileges to download W-SAM using the Java delivery mechanism. C. The user needs administrator privileges to interface with the client LSP and manipulate traffic. D. The user needs administrator privileges to automatically install Secure Applications Manager on the client. |
Answer:
A - The user needs administrator privileges to download the ActiveX control. D - The user needs administrator privileges to automatically install Secure Applications Manager on the client. |
|
|
26) You are using LDAP as an authentication server. You select User Attribute from your "Rule based on" dropdown box. Which statement is true?
A. You cannot match to User Attribute when using LDAP as an authentication server. B. Before you can select User Attributes for comparison purposes, you must save the rule. C. Before you can select User Attributes for comparison purposes, you must configure the merge settings. D. Before you can select User Attributes for comparison purposes, you must use the Update button after you select the User Attribute Rule based on option to have it display. |
Answer:
D - Before you can select User Attributes for comparison purposes, you must use the Update button after you select the User Attribute Rule based on option to have it display. |
|
|
27) Which three functions are performed by user roles? (Choose three.)
A. defining user session parameters B. allowing access to specific services C. allowing access to types of services D. selecting user authentication methods E. establishing session settings and options |
Answer:
A - defining user session parameters C - allowing access to types of services E - establishing session settings and options |
|
|
28) Under which three conditions can the Host Checker feature be invoked by the IVE? (Choose three.)
A. when assigning users to a role B. when the user logs out of the IVE C. before the login page is presented D. before allowing access to a resource E. only after the sign-in page is displayed |
Answer:
A - when assigning users to a role C - before the login page is presented D - before allowing access to a resource |
|
|
Advanced License is installed and you want to filter logs to extract information about system events. How would you create dynamic log filters?
A. You type the query in by hand in the Edit query field, then select Update. B. You create the query in the Query field using the Filter Variables Dictionary. C. In the log display, you click on a field containing the value you want to use as a filter. D. The Advanced License does not allow for customized logging. You must buy a special license to perform log filtering. |
Answer:
C - In the log display, you click on a field containing the value you want to use as a filter. |
|
|
30) Which two GUI options can you customize when using the Sign-in Page menu? (Choose two.)
A. Define Sign-In URLs. B. Change the Logo image. C. Define Authentication Servers. D. Customize the Welcome messages. |
Answer:
B - Change the Logo image. D - Customize the Welcome messages. |
|
|
31) What is the purpose of Host Checker?
A. to distribute software to the remote machine. B. to capture sign-in credentials of the remote user C. to remove unwanted files from the remote machine D. to determine the security status of the remote machine |
Answer:
D - to determine the security status of the remote machine |
|
|
32) You receive an IVE from the factory. Which Web address should you access if you want to initially configure the device using a browser?
A. https://192.168.0.1 B. https://192.168.1.1/admin C. Obtain IP address using DHCP D. You cannot initially configure the IVE from a browser. |
Answer:
D - You cannot initially configure the IVE from a browser. |
|
|
33) What are two features of J-SAM? (Choose two.)
A. Map network drives using NetBios. B. Encapsulate static TCP port client and server traffic. C. Encapsulate dynamic UDP port client and server traffic. D. Support for only Windows, Linux, and Solaris platforms. |
Answer:
A - Map network drives using NetBios. B - Encapsulate static TCP port client and server traffic. |
|
|
34) From which two locations can a user obtain a copy of the Citrix ICA client? (Choose two.)
A. Download a custom ICA client. B. Download automatically from IVE. C. Download from the Juniper Web site. D. Download from System->Maintenance->Installers. |
Answer:
A - Download a custom ICA client. B - Download automatically from IVE. |
|
|
35) Which TCP port does LDAP normally use?
A. 389 B. 443 C. 636 D. 1812 |
Answer:
A - 389 |
|
|
36) Which is the advantage of selecting the Auto-Allow option when creating file bookmarks?
A. It allows users to create their own bookmarks and resource ;olicies without contacting the IVE administrator. B. The IVE will create the resource policies for any of the file bookmarks that the user creates using the admin GUI. C. It allows the user to create the resource policies, but only if the complementary option "User can add bookmarks" is selected. D. It allows Windows and NFS shares to be automatically mounted during the sign-in process. |
B - The IVE will create the resource policies for any of the file bookmarks that the user creates using the admin GUI.
|
|
|
37) Assuming there are no default Web resource policies, you create a Web bookmark for the URL http://*acme.net/* without selecting any other options. You then select the Save Changes button. Which statement is true?
A. You are not able to access any of the servers in acme.net nor any subdirectories. B. You receive an error because you have not configured enough information to have the IVE accept the data. C. You are able to access all servers and sub-folders within any domain that contains the word cme.? You are able to access all servers and sub-folders within any domain that contains the word ?cme. D. You are only able to access those http servers with the domain name of acme.net, all subdomains, and subdomains, and sub-directories of those Web sites. |
Answer:
A - You are not able to access any of the servers in acme.net nor any subdirectories. |
|
|
38) You are configuring J-SAM for a customer. The user has administrative access to the workstation. You have properly configured the SAM access control policy. Which additional role option must be turned on for J-SAM to work properly?
A. session start script B. automatic host-mapping C. user can add applications D. prompt for username and password for intranet sites |
Answer:
B - automatic host-mapping |
|
|
39) Which three are required when defining Sign-in Policies? (Choose three.)
A. sign-in URL B. sign-in page C. authorization server D. authentication server E. authentication realm |
Answer:
A - sign-in URL B - sign-in page E - authentication realm |
|
|
40) Two resource policies cover the same resource. The first policy is a Permit Policy and the second policy is a Deny Policy. Which policy takes precedence and why?
A. The first policy takes precedence because it is a Permit Policy. B. The second policy takes precedence because it is a Deny Policy. C. The first policy takes precedence because the system stops processing rules once a match is found. D. The second policy takes precedence because the system evaluates all rules and implements the action of the last rule. |
Answer:
C - The first policy takes precedence because the system stops processing rules once a match is found. |
|
|
41) You want users to be able to browse to any SSL-enabled Website behind the IVE. Which two are required to accomplish this? (Choose two.)
A. Set the rewrite file://URLs option in the resource policy. B. Set the "Allow browsing untrusted SSL servers" option in the User Role. C. Configure User Role to allow access to all addresses using protocol SSL. D. Configure a resource policy to allow access to all addresses using port 443. |
Answer:
B - Set the "Allow browsing untrusted SSL servers" option in the User Role. D - Configure a resource policy to allow access to all addresses using port 443. |
|
|
42) Cache Cleaner is enabled in the default configuration. What will Cache Cleaner clear from the user's system when the IVE session is over?
A. all OS temporary files B. all temporary Internet files C. all content downloaded through the IVE's rewriter engine D. all cached usernames and passwords from the browser |
Answer:
C - all content downloaded through the IVE's rewriter engine |
|
|
43) Which platform requires an additional license for Core Clientless Access?
A. SA700 B. SA2000 C. SA4000 D. SA6000 |
Answer:
A - SA700 |
|
|
44) What are two benefits of using Core Access? (Choose two.)
A. full network access B. more secure than SAM and Network Connect C. secure architecture with host level application proxy D. more flexible than SAM and Network Connect (works with most devices, any network, and most browsers) |
Answer:
B - more secure than SAM and Network Connect D - more flexible than SAM and Network Connect (works with most devices, any network, and most browsers) |
|
|
45) What are two advantages of secure virtual workspace? (Choose two.)
A. It is a secure client replacement for RDP. B. It does not save files to the local hard drive. C. It creates a seperate desktop in which to work. D. It allows files to be saved to the local hard drive. |
Answer:
B - It does not save files to the local hard drive. C - It creates a seperate desktop in which to work. |
|
|
46) What is required to configure an application for W-SAM redirection?
A. name B. filename C. MD5 hash D. application path |
Answer:
B - filename |
|
|
47) Which tool will allow you to verify the user's access without the user being present?
A. Run a policy trace from the GUI, select role mapping and all policy options. B. Run policy simulation from the GUI, select role mapping and all policy options. C. Run a policy trace from the serial console, select role mapping and all policy options. D. Run a policy simulation from the console, select role mapping and all policy options. |
Answer:
B - Run policy simulation from the GUI, select role mapping and all policy options. |
|
|
48) What does Secure Virtual Workspace allow users to do?
A. Access internal resources without logging. B. Prevent users from accessing sensitive data. C. Access resources and securely store them on the local system. D. Access internal resources without leaving data on the local drive. |
Answer:
D - Access internal resources without leaving data on the local drive. |
|
|
49) Which three logs are default log files on the IVE system? (Choose three.)
A. Syslog B. Event log C. NC Packet log D. User Access log E. Admin Access log |
Answer:
B - Event log D - User Access log E - Admin Access log |
|
|
50) Which two statements are correct regarding SSH role configurations? (Choose two.)
A. The IVE must be configured to use protocol TCP 22. B. It allows users to connect to servers using IP addresses or hostnames. C. There are no resource policies that need to be configured to support this feature. D. Users do not need client software as connectivity is provided using Java from the IVE. |
Answer:
B - It allows users to connect to servers using IP addresses or hostnames. D - Users do not need client software as connectivity is provided using Java from the IVE. |
|
|
51) What makes RADIUS unique from the other authentication servers that the IVE can utilize?
A. RADIUS can be used to obtain user attributes. B. RADIUS can be used to obtain group information. C. RADIUS can be used for accounting as well as authentication. D. RADIUS can be used as both an authorization server and an authentication Server. |
Answer:
C - RADIUS can be used for accounting as well as authentication. |
|
|
52) What information is needed to run the Simulation tool? (Choose three.)
A. source IP B. username C. user realm D. browser type E. resource to simulate |
Answer:
B - username C - user realm E - resource to simulate |
|
|
53) What are the two components of the Content Intermediation Engine? (Choose two.)
A. parser B. transformer C. authorization D. authentication |
Answer:
A - parser B - transformer |
|
|
54) What information is required to create a new local user under the User section of the admin GUI? (Choose three.)
A. password B. user name C. description D. group name E. authentication server |
Answer:
A - password B - user name E - authentication server |
|
|
55) Which filter properly searches on AD/NT server directory using LDAP for the user login name and compares it to the user's IVE login name?
A. cn=<GROUPNAME> B. cn=<samaccountname> C. samaccountname=<NAME> D. samaccountname=<USERNAME> |
Answer:
D - samaccountname=<USERNAME> |
|
|
56) Which two tools for troubleshooting are available from the serial console? (Choose two.)
A. ping B. trace route C. policy trace D. policy simulation |
Answer:
A - ping B - trace route |
|
|
57) Which three settings are configured in an Authentication Realm? (Choose three.)
A. Role Mapping B. Sign-in Policy C. Authorization Server D. Resource Policy E. Authentication Server |
Answer:
A - Role Mapping C - Authorization Server E - Authentication Server |
|
|
58) When a user logs out of the IVE, by default what happens to all the captured cookies created by internal servers?
A. The cookies are stored. B. The cookies are deleted. C. The cookies are returned to the servers. D. The cookies are transformed into permanent cookies. |
Answer:
B - The cookies are deleted. |
|
|
59) Which three formats are valid when specifying resources as part of a Network Connect resource policy? (Choose three.)
A. tcp://*.1-1024 B. 10.10.10.10/24 C. \\server\share\* D. udp://10.10.10.10/24* E. 10.10.10.10/<USERNAME> |
Answer:
A - tcp://*.1-1024 B - 10.10.10.10/24 D - udp://10.10.10.10/24* |
|
|
60) What are two reasons to use W-SAM instead of J-SAM for a customer? (Choose two.)
A. W-SAM has a smaller client B. W-SAM is not dependent on one operating system. C. W-SAM provides multiple configuration options to capture application traffic. D. W-SAM can be used when you don't know the ports that an application uses. |
Answer:
C - W-SAM provides multiple configuration options to capture application traffic. D - W-SAM can be used when you don't know the ports that an application uses. |
|
|
61) Which access method do applications with dynamic UDP port traffic require?
A. W-SAM B. J-SAM C. Core Access D. Network Connect |
Answer:
D - Network Connect |
|
|
62) You enter "B" when configuring a username-based role mapping rule. Which name does this match?
A. Bo B. Bob C. Bone D. Bobby |
Answer:
B - Bob |
|
|
63) When authenticating using an AD/NT server on the IVE, what does the <USER> variable define?
A. username B. domain and password C. domain and username D. username and password |
Answer:
C - domain and username |
|
|
64) Which attributes are necessary to configure a Resource Profile?
A. resource and role B. resource, role, and realm C. resource, role, realm, sign-in policy D. resource, realm, and access control |
Answer:
A - resource and role |
|
|
65) Which two examples contain valid uses of wildcards for Web and file bookmarks? (Choose two.)
A. http://*.golf.local/* B. http://*.golf.local/%user% C. http://*.golf.local:80,443/% D. http://players.golf.local:[80,443]/* |
Answer:
A - http://*.golf.local/* C - http://*.golf.local:80,443/% |
|
|
66) Which three troubleshooting tools are available from the GUI? (Choose three.)
A. ping B. replay C. tcpdump D. trace route E. LDAP browser |
Answer:
A - ping C - tcpdump D - trace route |
|
|
67) Which log would an administrator review to check for specific system errors or warnings?
A. Events log B. System log C. User Access log D. Admin Access log |
Answer:
A - Events log |
|
|
68) What is the function of the Sign-in Policy?
A. It controls whether or not a user can sign-in, based on role membership. B. It controls which options are available on the login screen, based on the user's permissions. C. It controls who can access the login page, based on IP address, certificate information, Host Checker and other criteria. D. It defines the URLs that users and administrators can use to access the IVE and what Sign-in page is associated with those URLs. |
Answer:
D - It defines the URLs that users and administrators can use to access the IVE and what Sign-in page is associated with those URLs. |
|
|
69) When configuring a Sign-in Page, which two may be changed? (Choose two.)
A, authorization server B. authentication policy C. custom HTML file for help D. text for login screen displays |
Answer:
C - custom HTML file for help D - text for login screen displays |
|
|
70) You configure a user role to load a specific start page rather than the IVE bookmark page. What must you do to allow the user to access the page?
A. Create a caching policy B. Do nothing, access is automatically granted. C. Create a resource policy for the page to allow access. D. Create a resource profile for the page to allow access. |
Answer:
B - Do nothing, access is automatically granted. |
|
|
71) Which hardware platform supports a maximum of 1000 concurrent users?
A. SA700 B. SA2000 C. SA4000 D. SA6000 |
Answer:
C - SA4000 |
|
|
72) When using Core Access, what does the IVE do with all cookies generated on internal servers?
A. It ignores all cookies generated on internal servers. B. It forwards all cookies to the Web browser to be stored for later use. C. It traps all cookies, caches them and replaces them with a transient cookie. D. It replaces all cookies with an encrypted cookie that is permanently stored by the browser. |
Answer:
C - It traps all cookies, caches them and replaces them with a transient cookie. |
|
|
73) J-SAM starts, but the client cannot connect. Which two questions might you consider when troubleshooting this problem? (Choose two.)
A. Is ActiveX allowed in the browser? B. Is Java configured for split-tunneling? C. Are the appropriate loopback addresses published in DNS correctly? D. Has the host file been rewritten to redirect the traffic to a loopback address? |
Answer:
C - Are the appropriate loopback addresses published in DNS correctly? D - Has the host file been rewritten to redirect the traffic to a loopback address? |
|
|
74) Which two actions can an administrator take to determine authentication failure? (Choose two.)
A. Review the Events log. B. Review the User Access log. C. Run a policy trace, selecting authentication. D. Run a policy simulation, selecting pre-authentication. |
Answer:
B - Review the User Access log. C - Run a policy trace, selecting authentication. |
|
|
75) Which authentication server allows the administrator to force password changes directly on the IVE?
A. ACE B. LDAP C. RADIUS D. Local Authentication |
Answer:
D - Local Authentication |
|
|
76) You are using the IVE to provide access to Terminal Service applications. Which statement is true regarding Windows Remote Desktop and Citrix ICA Terminal Services applications?
A. The user must have the client application installed. B. The user is provided the client automatically from the IVE. C. The user must use Network Connect to secure the traffic. D. The user must use the Secure Application Manager to secure the traffic. |
Answer:
B - The user is provided the client automatically from the IVE. |
|
|
77) During the login process on the IVE, what must occur before login information is passed to an authentication server for verification?
A. A list of possible user roles must be created. B. The user's session must pass the authentication policy. C. The list of possible roles must be compared against the role restrictions. D. The resource policy must be checked to control acces to that resource. |
Answer:
B - The user's session must pass the authentication policy. |
|
|
78) The variables <USER> and <USERNAME> can be used interchangeably if you are using which two authentication methods? (Choose two.)
A. LDAP B. RADIUS C. TACACS+ D. Active Directory/NT |
Answer:
A - LDAP B - RADIUS |
|
|
79) Which three statements are true about the configuration of an LDAP Authentication Server on the IVE? (Choose three.)
A. LDAP authentication server cannot provide password management. B. LDAP can be used for both authentication and authorization purposes. C. Most LDAP servers do not require authentication to search the directory. D. When using LDAP to perform password management, LDAPS is required. E. An LDAP authentication server can be used to perform accounting and authentication. |
Answer:
B - LDAP can be used for both authentication and authorization purposes. C - Most LDAP servers do not require authentication to search the directory. D - When using LDAP to perform password management, LDAPS is required. |
|
|
80) Which type of cipher is used to encrypt data between the Secure Virtual Workspace and the IVE?
A. SSL B. AES C. 3DES D. Blowfish |
Answer:
B - AES |
|
|
81) What are two features of J-SAM? (Choose two.)
A. Map network drives using NetBios. B. Encapsulate static TCP port client and server traffic. C. Encapsulate dynamic UDP port client and server traffic. D. Support for only Windows, Linux, and Solaris platforms. |
Answer:
A - Map network drives using NetBios. B - Encapsulate static TCP port client and server traffic. |
|
|
82) Which three statements are true about the Host Checker feature? (Choose three.)
A. Host Checker can be used to monitor user activity. B. Host Checker can be used to check the age of a file on a client system. C. Host Checker can be invoked before a user is allowed to sign in to the IVE. D. Host Checker can be used to check the presence of a particular process on a client system. E. Host Checker can berify the client certificate being offered by the client system via a Certificate Revocation List (CRL) check. |
B - Host Checker can be used to check the age of a file on a client system.
C - Host Checker can be invoked before a user is allowed to sign in to the IVE. D - Host Checker can be used to check the presence of a particular process on a client system. |
|
|
83) Which two combinations of Authentication Servers and Authorization Servers are valid? (Choose two.)
A. Authentication Server: Local Authorization Server: LDAP B. Authentication Server: LDAP Authorization Server: AD/NT C. Authentication Server: AD/NT Authorization Server: RADIUS D. Authentication Server: RADIUS Authorization Server: LDAP |
A - Authentication Server: Local Authorization Server: LDAP
D - Authentication Server: RADIUS Authorization Server: LDAP |
|
|
84) Which two can you configure in A Terminal Services bookmark to allow for local resource access? (Choose two.)
A. session type B. connect local drives C. connect local printers D. session length |
B - connect local drives
C - connect local printers |
|
|
85) When using the custom application feature of W-SAM to redirect traffic, you configure the name of the Windows executable and optionally the MD5 hash of that file. What happens if the MD5 hash value does not match the checksum value of the executable?
A. W-SAM notifies the user that the checksum could not be validated and shuts down completely. B. W-SAM notifies the user that the checksum could not be validated, but forwards connections from the application anyway. C. W-SAM does not notify the user that the checksum verification has failed, but forwards connections from the application anyway. D. W-SAM notifies the user that the identity of the application could not be verified and does not forward connections from the application to the IVE. |
D - W-SAM notifies the user that the identity of the application could not be verified and does not forward connections from the application to the IVE.
|
|
|
86) Which two tools allow an administrator to work with an end user to identify an access problem? (Choose two.)
A. Events log B. policy trace C. policy simulation D. User Access log |
B - policy trace
D - User Access log |
|
|
87) Which resource example should you use to define resource access using Network Connect?
A. server/user B. tcp://host:443 C. \\server\share D. tcp://host:137/user |
B - tcp://host:443
|
|
|
88) Which statement is correct regarding Telnet configurations?
A. The IVE must be configured to use protocol TCP 23. B. Users do require client software to connect to the IVE. C. Attribute <USER> can be passed to the Telnet server. D. There are no resource policies that need to be configured to support this feature. |
C - Attribute <USER> can be passed to the Telnet server.
|
|
|
89) You want to set up W-SAM for a role, but you can only access the J-SAM configuration screen. Which statement correctly describes what is happening?
A. The configurations for J-SAM and W-SAM applications are identical. B. The system only supports one type of SAM support per role at a time. C. You are running under the Baseline License and you do not have access to the SAM Configuration screen. D. You cannot configure W-SAM access here. You must go to Resource Policies to access the W-SAM Application Configuration screen. |
B - The system only supports one type of SAM support per role at a time.
|
|
|
90) What are two benefits of using SSL? (Choose two.)
A. SSL is a session layer protocol so it has no NAT or firewall traversal issues. B. Remote Access with SSL only requires a Web browser on the client for basic access. C. SSL is a network layer protocol so it provides easy access to large numbers of users with minimal configuration. D. While SSL VPNs are more difficult to set up than IPSec VPNs, they are much faster and offer higher encryption rates than that of IPSec VPNs. |
A - SSL is a session layer protocol so it has no NAT or firewall traversal issues.
B - Remote Access with SSL only requires a Web browser on the client for basic access. |
|
|
91) Which two remediation options are allowed in a secure virtual workspace? (Choose two.)
A. Kill Processes B. Halt Operation C. Send Email to Admin D. Enable Custom Instructions |
A - Kill Processes
D - Enable Custom Instructions |
|
|
92) Which two settings are selected or configured when creating an Authentication Realm? (Choose two.)
A. Sign-in Policies B. Resource Policies C. Authentication Policies D. Authentication Servers |
C - Authentication Policies
D - Authentication Servers |
|
|
93) You have created a resource policy for file access. What is the default action?
A. deny access B. allow access C. no default setting D. refer to detailed rule |
B - allow access
|
|
|
94) You need to create a very detailed log search and have the Baseline License installed. How would you accomplish this?
A. Export the log ad use a third-party utility to search the file. B. Use dynamic logs and keep clicking on fields until you get as detailed as you need. C. Use the Filter tab and create your query using the query field, then reference the Filter Variables Dictionary. D. Use the edit query feature on the log screen and use the "?" to get access to the Filter Variables Dictionary. |
A - Export the log and use a third-part utility to search the file.
|
|
|
95) You are using LDAP as your authorization server. Which two options are available for creating role mapping rules? (Choose two.)
A. User Attribute B. Group Membership C. User connection time D. CA Certificate Attributes |
A - User Attribute
B - Group Membership |
|
|
96) Which access method provides Web access for Windows and NFS files?
A. Core Access B. Network Layer Access C. Application Layer Access D. Presentation Layer Access |
A - Core Access
|
|
|
97) Which two types of authentication servers are supported with an advanced license? (Choose two.)
A. SAML B. RADIUS C. SiteMinder D. Anonymous |
A - SAML
C - SiteMinder |
|
|
98) What is the function of Web Options when defined as part of a user role?
A. Web Options restrict access to specific Web sites. B. Web Options control the general browsing experience of the user. C. Web Options define the colors and logos used on the IVE gateway home page where bookmarks are displayed. D. Web Options are used to specify whether or not IP matching will be done if a user types in an IP address rather than a URL. |
B - Web Options control the general browsing experience of the user.
|
|
|
99) Which three statements about IPSec VPNs are true? (Choose three.)
A. IPSec VPNs are clientless. B. IPSec VPNs are standards-based. C. IPSec VPNs have been superseded with SSL VPNs. D. IPSec VPNs provide a dedicated, always-on connection. E. IPSec encryption, data integrity, and authentication methods are well known. |
B - IPSec VPNs are standards-based.
D - IPSec VPNs provide a dedicated, always-on connection. E - IPSec encryption, data integrity, and authentication methods are well known. |
|
|
100) When using Cache Cleaner, what are two methods you can use to remove residual data left on a user's machine after an IVE session? (Choose two.)
A. clearing cached NTLM credentials. B. clearing client-side Digital Certificates C. clearing files based on hostname or IP address D. clearing browser cache and temporary directory |
C - clearing files based on a hostname or IP address.
D - clearing browser cache and temporary directory. |
|
|
101) Two resource policies cover the same resource. The first policy resource definition is not as specific as the second policy. Which resource policy takes precedence and why?
A. The first policy takes precedence because all rules are always evaluated. B. The second policy takes precedence because it is most specific and the system works on the longest match. C. the first policy takes precedence because it is the first match in the rule list and the first match stops processing. D. The second policy takes precedence. Unless you specify that the first rule is marked to stop processing, the system continues to check for matches until it reaches the last match and it takes that rule's action. |
C - The first policy takes precedence because it is the first match in the rule list and the first match stops processing.
|
|
|
102) For which three attributes can Host Checker check on a client machine? (Choose three.)
A. files B. network ports C. machine hardware D. running processes E. Windows Services |
A - files
B - network ports D - running processes |
|
|
103) What can be configured using user roles?
A. new users B. session options C. authentication server D. detailed resource policies |
B - session options
|
|
|
104) How do you configure Cache Cleaner to remove temporary files created by other client applications during an IVE session?
A. You configure Secure Virtual Workspace. B. You configure Cache Cleaner with default settings. C. You configure the IVE to prompt the user to delete all temporary files upon logging out. D. You specify the files and folders to be removed as part of the Cache Cleaner configuration. |
D - You specify the files and folders to be removed as part of the Cache Cleaner configuration.
|
