Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home IBM C2150-620

IBM C2150-620 Exam Practice Questions (P. 3)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
One XGS appliance in a financial company was running firmware version 5.2 for 2 years. The System Administrator upgraded the firmware to 5.3.2.3 because version 5.2 is no longer supported and enabled Any-Any-Any-Inspect rule in Outbound SSL Inspection Policy according to new company audit policy. After that, several users complain that their workstations cannot get Windows Update any more.
What should the System Administrator do to resolve this issue?
  1. A
    Use the Microsoft domain certificate application object and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  2. B
    Enable Any-Any-Any- Privacy-sensitive Information-Ignore rule in Outbound SSL Inspection Policy and make sure the priority of this rule is higher than Any- Any-Any-Inspect.
  3. C
    Create a domain certificate category application specifying *.update.microsoft.com in CN List and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  4. D
    Enable the Any-Any-Microsoft domain certificate-Ignore built-in rule in Outbound SSL Inspection Policy and male sure the priority of this rule is higher than Any-Any-Any-Inspect

Correct Answer:
A
Problem(Abstract)
If Outbound SSL decryption is enabled on the XGS, Windows Updates fail.

Resolving the problem -
To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:

Action: Ignore -

Source: Any -

Destination: Any -
Domain: Microsoft domain certificate
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21903062

Question #12
The System Administrator has configured Outbound SSL Inspection Policy for five SSL-enabled web sites.
How can the SSL decryption errors for each web site be detected?
  1. A
    By looking at System Events Logs
  2. B
    By first enabling Alert on Failure
  3. C
    By looking at Network Access Events Logs
  4. D
    By looking at the SSL Connection Statistics Network Graph

Correct Answer:
B
Ensure that you selected the Alert On Success and Alert On Failure check boxes because they can help with the troubleshooting.
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 216

Question #13
The System Administrator of an oil and gas company has an XGS appliance deployed in the network below:

The appliance was working in Inline simulation mode and suddenly there was a power failure on the switch which causes link 1.2 on XGS to go down, However, port 1.1 on XGS remains up and hence the firewall keeps on sending the traffic to XGS appliance without realizing failure in the path.
Which setting should be corrected in the Protection Interface policy to avoid this behavior?
  1. A
    Ensure that Propagate link is set to No.
  2. B
    Ensure that Propagate link is set to Yes.
  3. C
    Ensure that hardware bypass mode is set to Fail Open.
  4. D
    Ensure that hardware bypass mode is set to Fail Closed.

Correct Answer:
D
Hardware Bypass Modes -
✑ *Fail ClosedCloses the links for the interface pair and prevents any network traffic from passing through the appliance.
*Fail OpenAllows all network traffic to pass through the appliance.

✑ * AutoIn non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed).
Note: On the XGS, there are two different bypass methods that are used:
The hardware bypass is controlled by the physical network interfaces.
The software bypass is controlled by the packet driver.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21882622

Question #14
A System Administrator is planning to implement SSL Inspection for both outbound user traffic and inbound traffic to a company web server.
The requirements are as follows:
✑ SSL Inspection should protect users from connections to fraudulent servers
✑ Outbound SSL Inspection should be limited to select web site categories
✑ Avoid having to deploy files, configurations, or certificates to user workstations
The steps to implement this plan are as follows:
✑ Obtain an Inspection license for the XGS
✑ Obtain a certificate from a public CA and upload it to the XGS via Outbound SSL Certificates
✑ Obtain the certificate and private key of the internal web server and upload it to the XGS via Inbound SSL Certificates
✑ Add internal CA certificates for the company intranet to the trusted Certificate Authorities tab in Outbound SSL Inspection Settings
✑ Configure Outbound SSL Inspection Settings to block connections if the server certificate is self-signed or invalid
✑ Create Outbound SSL Inspection rules that inspect only specific Domain Certificate Categories
✑ Create Inbound SSL Inspection rules that only decrypt traffic destined for the internal web server II address
What will happen if an internal user attempts to access the company intranet?
  1. A
    The connection will be blocked.
  2. B
    The connection will be successful and traffic will be decrypted.
  3. C
    The connection will be successful and the traffic will be blocked.
  4. D
    The connection will be successful and the traffic will not be decrypted.

Correct Answer:
B

Question #15
A System Administrator wants to install the XGS license files during the first time configuration of the appliance.
How should the first time configuration wizard on the appliance be accessed?
  1. A
    Use the LCD front panel.
  2. B
    Use a console cable connection.
  3. C
    Use the Command Line Interface over SSH.
  4. D
    Use the web-based Local Management Interface.

Correct Answer:
D
The Security Network Protection appliance offers a browser-based graphical user interface for local, single appliance management.
To log in to the local management interface, type the IP address or host name of your Network Protection appliance into your web browser.
References:
http://documentation.extremenetworks.com/PDFs/SIEM-IPS/Extreme_Security_Threat_Protection_Installation_Guide.pdf
, page 13

Previous Questions Next Questions

All Pages