2b0-101 1-0

2B0-101

ESSE Recertification

Version 1.0

QUESTION NO: 1

The attack category is for events that

A. Attempt to discover weaknesses

B. Map the structure of the network

C. Have the potential to compromise the integrity of an end system.

D. Deny access to resources

Answer: C

QUESTION NO: 2

Virtual Sensors can segregate traffic by?

A. IP Address, VLAN, Port

B. IP Address, VLAN, Port, Protocol

C. IP Address, VLAN, Port, Protocol, Application

D. IP Address, VLAN, Port, Application

Answer: B

QUESTION NO: 3

In an Event Flow Processor (EFP) a consumer can be?

A. A Sensor or an Event Channel

B. An Event channel only

C. An Event channel or an Agent

D. An Agent only

Answer: C

QUESTION NO: 4

Before the host Sensor can be deployed

A. It must be associated with a virtual sensor

B. It must be associated with a host policy

C. Its key must be added to the /usr/dragon/bin directory

D. Its address must be added to /etc/hosts

Answer: B

QUESTION NO: 5

Which of the following Dragon Agents is used for detecting changes to host files?

A. Real Time Console

B. MD5 Sum

C. Alarm Tool

D. Database

Answer: B

QUESTION NO: 6

In a standalone deployment the system will have?

A. A net-config-client.xml file

B. A net-config-server.xml file

C. A net-config-server.xml and a net-con fig-client.xml file

D. A net-config-server.xml, a net-con fig-client.xml and a net-config-reports.xml file

Answer: C

QUESTION NO: 7

MD5 checksums are

A. Stored in a protected directory on the host

B. Appended to the protected file

C. Passed up the event channel to the MD5 Agent

D. Stored in the /usr/dragon/bin directory on the Enterprise Management Server (EMS)

Answer: C

QUESTION NO: 8

Which of the following best describes the commit operation?

A. It uses the configuration channel to push a configuration to a device

B. It uses the event channel to push a configuration to a device

C. It writes a configuration change to the Enterprise Management Server (EMS) database

D. It writes a configuration change to the management clients database

Answer: C

QUESTION NO: 9

Which of the following Dragon Agents sends notifications when the sensors detect an event that

match a rule?


B. MD5 Sum

C. Alarm Tool

D. Database

Answer: C

QUESTION NO: 10

Signature OS

A. Applies signature to network traffic originating from the specified OS

B. Is used for writing Host signatures

C. Is optional on Network signatures

D. Is required on all signatures

Answer: B

QUESTION NO: 11

Dragonctl is used to?

A. Start, stop and monitor the dragon processes on the remote node

B. Write log files

C. Monitor the Ring Buffer

D. Maintain configuration channel connections

Answer: A

QUESTION NO: 12

Virtual sensor names?

A. Are included in events they generate

B. Must match the sensor key

C. Must include the device name

D. Require separate keys

Answer: A

QUESTION NO: 13

Agents can be deployed?

A. Only on non-forwarding Event Flow Processor (EFPs)

B. Only on forwarding Event Flow Processor (EFPs)

C. Only on the Enterprise Management Server (EMS) station

D. On any Event Flow Processor (EFP)

Answer: D

QUESTION NO: 14

The host policy MD5 detection module

A. Detects any changes in the contents of protected file

B. Detects file size increases

C. Detects file truncations

D. Detects ownership changes

Answer: A

QUESTION NO: 15

Traffic direction refers to traffic flows in relation to the

A. Server

B. Protected network

C. Client

D. DMZ

Answer: B

QUESTION NO: 16

The master Alarm Tool Default policy

A. Is write locked

B. Is writable

C. Cannot be copied

D. Cannot be associated with an Agent

Answer: A

QUESTION NO: 17

Which alarm type is best described as: collects information for x period of time, then send event

notifications

A. Real Time

B. Summary

C. Dynamic

D. Interval

Answer: B

QUESTION NO: 18

Agent status will show as Not Available until?

A. The agent is committed

B. The agent is deployed

C. The agent is selected

D. The remote node is deployed

Answer: B

QUESTION NO: 19

Agents can be deployed on?

A. Only the Enterprise Management Server (EMS)

B. Any managed node with a networked sensor deployed

C. Any managed node with host sensor deployed

D. Any managed node

Answer: D

QUESTION NO: 20

If a packet matched the rules for two virtual sensors it will be evaluated by?

A. Both sensors

B. The first sensor it matches

C. The default sensor

D. Overlapping rules are not permitted

Answer: B

QUESTION NO: 21

A Bare Bones Event Flow Processor (EFP) has?

A. Only event channels

B. Event channels and agents

C. Only Agents and Sensors

D. Event channels and sensors

Answer: A

QUESTION NO: 22

Which alarm type is best described as: Sends event notifications as soon as the are triggered

A. Real Time

B. Summary

C. Dynamic

D. Interval

Answer: A

QUESTION NO: 23

When a notification rule is created a __________ can be associated with it.

A. Sensor

B. User

C. Time Period

D. Score

Answer: C

QUESTION NO: 24

Connection type Outbound in the net-config-client.xml file indicates?

A. The server will initiate configuration channel connections

B. The client will initiate configuration channel connections

C. The server will initiate event channel connections

D. The client will initiate event channel connections

Answer: B

QUESTION NO: 25

The default configuration channel port is?

A. 9111

B. 9112

C. 9113

D. 9114

Answer: A

QUESTION NO: 26

In an Event Flow Processor (EFP) the producer?

A. Writes events top memory

B. Takes events off the Ring Buffer

C. Puts events on the Ring Buffer

D. Passes events to Agents

Answer: C

QUESTION NO: 27

Dynamic Collection controls

A. The number of packets to analyze

B. The number of times to execute the signature in a flow

C. The number of follow on packets to capture for forensics

D. The number of bytes to search for a match

Answer: C

QUESTION NO: 28

Alarm Tool filters can filter traffic based on: time (after / before ), Direction, events, IP source or

Destination, protocol and

A. Threat subnet

B. Policy

C. Sensor

D. VLAN

Answer: C

QUESTION NO: 29

The net-config-client.xml file is associated with?

A. The Enterprise Management Server (EMS)

B. Managed node client

C. Enterprise Management Server (EMS) Management Client

D. Reporting server

Answer: B

QUESTION NO: 30

Custom Signature libraries can contain

A. Copies of master signatures and libraries

B. Customized signatures

C. Copies of master signatures and libraries, customized signatures and customized policies

D. Copies of master signatures and libraries and customized signatures

Answer: D

QUESTION NO: 31

The virtual sensor name?

A. Must match the license name

B. Is included in all events reported by the virtual sensor

C. Must include the node name

D. Applies only to the device view

Answer: B

QUESTION NO: 32

The Alarm Tool event group editor tool is used to

A. Select the Network events that will trigger an alarm

B. Add new libraries

C. Select the Network or Host events that will trigger an alarm

D. Edit host policies

Answer: C

QUESTION NO: 33

Alarm Filters are used to

A. Select the destination for notification

B. fine tune the generation of event notifications

C. select the notification protocol

D. select the action to be taken

Answer: B

QUESTION NO: 34

Master Network Libraries

A. Cannot be directly associated with sensors

B. Cannot be directly associated with virtual sensors

C. Can be directly associated with virtual sensors

D. Can be modified

Answer: C

QUESTION NO: 35

The Windows host sensor key

A. Is added to the /usr/keys directory

B. Is pushed from the Enterprise Management Server (EMS) when the managed node is

deployed

C. Is installed manually on the Windows system

D. Is pushed from the Enterprise Management Server (EMS) when the sensor is deployed

Answer: C

QUESTION NO: 36

The Host Sensor Virtual Sensor module

A. Associates host policies to the sensor

B. Allows the sensor name contained within an event to be overridden with configured values

C. Allows signatures to be associated with the sensor

D. Allows signatures and policies to be associated with the sensor

Answer: B

QUESTION NO: 37

Network policies and signatures are associated with the?

A. Managed node

B. Network sensor

C. Virtual sensor

D. Agent

Answer: C

QUESTION NO: 38

A Non-Forwarding Event Flow Processor (EFP)?

A. Has no event channels

B. Has only sensors

C. Has only Agents

D. Has Event Channels and Agents

Answer: D

QUESTION NO: 39

Virtual Sensors ____________

A. Must each use the same Network Policy

B. Must each use the same Signature Library

C. Must each use the same Network policy but each one can use different Signature Libraries

D. Each one can use different Network policies and Signature Libraries

Answer: D

QUESTION NO: 40

The misuse category is for events that

A. Indicate a successful attack

B. may have potential security ramifications

C. show evidence of a known vulnerability

D. Anything not compromising a host but forbidden by corporate policy

Answer: D

QUESTION NO: 41

Which of the following Dragon Agents Reads events from the ring buffer and stores them in

memory structures for immediate analysis?


B. MD5 Sum

C. Alarm Tool

D. Database

Answer: A

QUESTION NO: 42

The default event channel port is?

A. 9111

B. 9112

C. 9113

D. 9114

Answer: B

QUESTION NO: 43

The host sensor name

A. Must match the license key

B. Is for display purposes only

C. Is included in events generated by the sensor

D. Must include the managed node name

Answer: C

QUESTION NO: 44

In a signature the service direction refers to

A. Ports

B. Networks

C. VLANS

D. Protocols

Answer: A

QUESTION NO: 45

A networks sensor can have ______ virtual sensors?

A. 1

B. 2

C. 3

D. 4

Answer: D

QUESTION NO: 46

Enterprise Management Server (EMS) database files are?

A. Flat Files

B. XML Files

C. SQL records

D. Binary records

Answer: B

QUESTION NO: 47

Master network policy modules

A. Are write locked

B. Are write enables

C. Can be directly associated with sensors

D. Can be directly associated with virtual sensors

Answer: A

QUESTION NO: 48

Thresholds can be set to

A. Reduce false positives

B. Turn alarming on and off

C. Limit the number of events seen by Alarm Tool

D. Limit the number of sensors sending events

Answer: A

QUESTION NO: 49

Dpmmwctl controls what?

A. Remote sensor processes

B. The connections that make up the configuration channel

C. The connections that make up the Event channel

D. Database updates

Answer: B

QUESTION NO: 50

The Enable follow on signature check box

A. Enables dynamic packet collection

B. Enables combination signatures

C. Enables macro signatures

D. Applies signature to dynamically collected traffic

Answer: D

QUESTION NO: 51

As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role should be

assigned to ports where:

A. Only IT operations may access the network

B. Only trusted users may access the network

C. Trusted users may access the network as well as untrusted users

D. The Guest Access policy role should only be dynamically assigned to ports as a result of

successful authentication

Answer: C

QUESTION NO: 52

Which of the following QUESTION NO:s is a consideration when defining an Acceptable Use Policy for

the network:

A. Which applications are business-critical to trusted users on the network?

B. Where are untrusted users allowed to connect to the network?

C. Which protocols should not be utilized by untrusted and trusted users, representing an attack

or misuse of the network?

D. All of the above

Answer: D

QUESTION NO: 53

When configuring a highly restrictive policy role in NetSight Policy Manager with the highest level

of security, such as the Quarantine policy, the default access control setting for the policy role

should be set to:

A. Deny

B. Allow

C. Redirect to a remediation server

D. CoS Priority 0

Answer: A

QUESTION NO: 54

Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects

the network from a user masquerading as a valid service on the network?

A. Deny Unsupported Protocol Access service

B. Deny Spoofing & other Administrative Protocols service

C. Application Provisioning AUP service

D. Limit Exposure to DoS Attacks service

Answer: B

QUESTION NO: 55

The following components are mandatory for static policy deployment on the network:

A. NetSight Policy Manager and policy-capable devices

B. NetSight Policy Manager, policy-capable devices, and authentication services

C. NetSight Policy Manager and any type of device

D. NetSight Policy Manager only

Answer: A

QUESTION NO: 56

The Guest Access policy role cannot be configured to:

A. Allow only HTTP traffic onto the network

B. Allow PPTP VPN access for guests on the network

C. Authenticate guest users on the network

D. Discard layer 3 protocols not supported on the network

Answer: C

QUESTION NO: 57

A new virus has been identified on the Internet causing an infected system to listen to TCP port X

for allowing remote connections to the infected device. Since port X is not used for any businesscritical

applications on the network, the network administrator can most effectively protect his/her

network without severely impacting business continuity by configuring and enforcing policy to

the Active Edge that:

A. Discards traffic destined to TCP port X

B. Discards traffic sourced from TCP port X

C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting

D. Discards traffic sourced or destined to TCP port X

Answer: D

QUESTION NO: 58

A Policy Profile:

A. Defines a collection of classification rules and default packet handling logic

B. Maps to an organizational role within the enterprise for the allocation of network resources

C. May be assigned to multiple ports on a device

D. All of the above

Answer: D

QUESTION NO: 59

In the deployment of static policy on the network, a policy-capable device, such as the Matrix Nseries,:

A. Classifies ingressed traffic on the network

B. Centrally defines and pushes out the policy configuration for the network

C. Periodically updates the policy configuration in NetSight Policy Manager

D. Maintains periodic contact with other policy-capable switches on the network

Answer: A

QUESTION NO: 60

Which of the following is not a pre-defined Port Group in NetSight Policy Manager to:

A. All ports

B. Authenticated ports

C. Logical ports

D. CDP ports

Answer: B

QUESTION NO: 61

Fill in the blank. It is necessary to ______ policy configuration changes to the switches in

NetSight Policy Manager before the changes can take effect.

A. Mediate

B. Enforce

C. Compile

D. Encrypt

Answer: B

QUESTION NO: 62

By not dropping packets formatted with TCP/UDP source port 67 and TCP/UDP source port 53

on user ports, a user can:

A. Execute DNS server spoofing attacks

B. Execute man-in-the-middle-attacks to compromise data confidentiality

C. Execute a DoS attack by allocating bogus IP address to other end systems on the network

D. All of the above

Answer: D

QUESTION NO: 63

An Acceptable Use Policy for the network should define:

A. Which types of traffic trusted users only are allowed to generate on the network

B. Which types of traffic untrusted users only are allowed to generate on the network

C. Which types of traffic trusted and untrusted users are allowed to generate on the network

D. Which types of traffic guest users only are allowed to generate on the network

Answer: C

QUESTION NO: 64

A new virus has been identified on the Internet causing an infected system to listen to TCP port X for allowing remote connections to the infected device. If a network administrator desires to prevent an internal user from connecting to an infected device, the network administrator should configure and enforce policy for malicious users to the Active Edge of the network that:



C. Prioritizes traffic destined or sourced to TCP port X to a low priority

D. Rate limit traffic destined or sourced to TCP port X

Answer: A

QUESTION NO: 65

In a multi-vendor environment, where is the placement of a policy capable device most effective

in discarding malicious traffic and protecting the entire network:

A. At the access layer edge

B. At the distribution layer

C. In the DMZ

D. In the core

Answer: A

QUESTION NO: 66

When deploying static policy to the network,:

A. The NetSight Policy configuration must be enforced to the policy-capable devices before policy

roles are assigned to ports

B. The Phased Implementation Approach should be used to minimize inadvertent negative impact to business-critical applications on the network

C. Updating the policy configuration across the entire network requires enforcing the altered policy configuration in NetSight Policy Manager and then reassigning the altered policy roles to device ports

D. A and B

Answer: D

QUESTION NO: 67

Which of the following authentication methods requires a default policy role to be assigned to the

port when the authentication method is enabled:

A. MAC-based authentication

B. 802.1X authentication

C. Port Web Authentication

D. All of the above

Answer: C

QUESTION NO: 68

A new policy role, Staff, is created under the Roles tab in NetSight Policy Manager. To use the

Staff policy role to classify ingressed traffic for static policy deployment, the network administrator

must at a minimum:

A. Do nothing else. Once the Staff policy role is created in NetSight Policy Manager, the network

begins classifying traffic according to the configuration of Staff

B. Enforce NetSight Policy Managers policy configuration to policy-capable devices only

C. Enforce NetSight Policy Managers policy configuration to policy-capable devices and also

assign the Staff policy role to a port

D. Enforce NetSight Policy Managers policy configuration to policy-capable devices, assign the

Staff policy role to a port, and enable authentication on the port.

Answer: C

QUESTION NO: 69

As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role should be

statically assigned to ports where:


B. IT operations may access the network as well as trusted users

C. IT operations may access the network as well as trusted and untrusted users

D. Only trusted users may access the network

Answer: A

QUESTION NO: 70

As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning - AUP

service is designed to group classification rules that:

A. Discard malicious traffic

B. Prioritize traffic by assigning various classes of service to different applications

C. Discard unsupported protocols

D. Discard traffic associated to DoS attacks

Answer: B

QUESTION NO: 71

If a policy role is configured in NetSight Policy Manager to allow all traffic by default, then to

increase the security level of the policy role, the classification rules associated to this policy role

should be configured to:

A. Allow traffic

B. Prioritize traffic to CoS Priority 5

C. Rewrite the ToS field of traffic

D. Deny traffic

Answer: D

QUESTION NO: 72

The Device Configuration Wizard and Port Configuration Wizard in NetSight Policy Manager can

be used to:

A. Configure a group of devices or ports on devices with the same configuration at one time

B. Add/remove network elements in NetSight Policy Manager

C. Enforce the NetSight Policy Manager policy configuration to a group of devices

D. Configure user-to-policy role mapping on the enterprise networks RADIUS server

Answer: A

QUESTION NO: 73

As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning -

Supplemental service is designed to:

A. Discard malicious traffic

B. Prioritize mission critical traffic by provisioning on-demand QoS

C. Discard unsupported protocols

D. Rate limit traffic associated to DoS attacks

Answer: B

QUESTION NO: 74

The Guest Access policy role is implemented by:

A. Assigning the Guest Access policy role as the default policy on ports

B. Successfully authenticating guest users on the network and dynamically assigning the Guest

Access policy role

C. Assigning the Guest Access policy role to traffic sourced from the MAC address of guest users

D. All of the above

Answer: A

QUESTION NO: 75

With VLAN-based containment for guest networking, guest users are both potential victims and

threats to each other on the network because:

A. Guests are more likely to be infected by malware when surfing the Internet

B. Guest access to critical infrastructure resources cannot be controlled

C. Traffic sourced from guests is controlled at the VLAN egress point, not upon ingress to the

network

D. Guests are placed on the production VLAN where trusted users can attack guest users

Answer: C

QUESTION NO: 76

In the context of NetSight Policy Manager, a Service is a

A. Feature set that is assigned after authentication exchange and the port is available

B. Feature used to assign access control and/or class of service to network traffic based on its

OSI layer

C. Feature used to enforce the default role on a port

D. A group of one or more classification rules.

Answer: D

QUESTION NO: 77

In a multi-vendor environment where 3 rd party devices are located at the edge of the network

and are not policy-capable, installing a policy-capable device in the distribution layer:

A. Protects the network core from internally sourced attacks

B. Protects the server farm from internally sourced attacks

C. Secures other access layer segments connected through the policy-capable distribution layer

device

D. All of the above

Answer: D

QUESTION NO: 78

In the deployment of dynamic policy, ports providing access to untrusted users and are enabled

with authentication should be configured with an unauthenticated behavior set to:

A. Discard

B. Default role of Enterprise Access

C. Default role of Guest Access

D. Default role of Administrator

Answer: C

QUESTION NO: 79

Which of the following is false about VLAN-based containment for guest networking:

A. Guest VLANs drop unwanted traffic before this traffic enters the network

B. Guest VLANs still allow guests to freely communicate to other guests within the same VLAN

C. Guest VLANs must be spanned across the network increasing the complexity of the network

topology

D. Multiple guest VLANs may need to be configured based on the topology of the network, such

as size of broadcast domains and deployment of remote sites

Answer: A

QUESTION NO: 80

A new virus has been identified on the Internet causing an infected system to listen to TCP port X for allowing remote connections to the infected device. If a network administrator desires to

prevent infected devices from being further exploited within the enterprise network, the network

administrator should configure and enforce policy for infected devices to the Active Edge of the

network that:



C. Prioritizes traffic destined or sourced to TCP port X to a low priority

D. Rate limit traffic destined or sourced to TCP port X

Answer: B

QUESTION NO: 81

As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role should

be assigned to ports where:


B. Only trusted users may access the network

C. Trusted users may access the network as well as untrusted users

D. Any type of user may access the network

Answer: B

QUESTION NO: 82

The following components are mandatory for dynamic policy deployment on the network:

A. NetSight Policy Manager and policy-capable devices

B. NetSight Policy Manager, policy-capable devices, and authentication services

C. NetSight Policy Manager and any device

D. NetSight Policy Manager only

Answer: B

QUESTION NO: 83

In the deployment of dynamic policy, the authentication of an end system on the network can:

A. Dynamically assign a policy role to the port of connection based on the users business-aligned

organizational unit

B. Allow location-independent network resource allocation for authenticating users on the network

C. Deny network access to end systems with invalid credentials

D. All of the above

Answer: D

QUESTION NO: 84


the network from Denial of Service attacks on the network?


B. Deny DoS Attacks service

C. Limit Exposure to DoS Attacks service

D. Application Provisioning - AUP service

Answer: C

QUESTION NO: 85

A network administrator has identified that a new operating system installed on a large number of

end devices on the network natively supports IPv6 as well as IPv4, and these end systems

attempt to communicate over IPv4 and IPv6 by default. To improve the network utilization

efficiency and avoid reconfiguring each individual end system, to which service would the network

administrator most likely add a drop IPv6 traffic classification rule?



C. Threat Management service


Answer: A

QUESTION NO: 86

A new virus has been identified on the Internet causing an infected system to listen to TCP port X for allowing remote connections to the infected device. Since port X is used for a business-critical

application on the network, the network administrator can most effectively protect his/her network

without severely impacting business continuity by configuring and enforcing policy to the Active

Edge that:



C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting

D. Discards traffic sourced or destined to TCP port X

Answer: C

QUESTION NO: 87

As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role is associated

to:

A. No services

B. The Deny Spoofing & Other Administrative Protocols service only

C. The Deny Unsupported Protocol Access service only

D. All services grouped under the Acceptable Use Policy service group

Answer: A

QUESTION NO: 88

A policy role named User_Group_A is configured with a default access control of Allow and

classification rules to discard SNMP and SSH traffic. The User_Group_A policy role is most

applicable to which group of users in allocating network resources to end systems on the

network:

A. Users that have violated network security policy

B. Trusted users that have successfully authenticated to the network

C. Users that are in high risk of violating the network security policy

D. Users that should be limited to utilizing only a few protocols on the network

Answer: B

QUESTION NO: 89

In traditional VLAN-based containment for guest networking, guests are:

A. Each placed in separate guest VLANs

B. All placed in the same guest VLAN or several guest VLANs

C. Isolated from communicating to one another

D. Placed on the production VLAN and each controlled with policy

Answer: B

QUESTION NO: 90

As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role is

associated to:

A. No services



D. All services grouped under the Secure Guest Access service group

Answer: D

QUESTION NO: 91

In the deployment of static policy on the network, NetSight Policy Manager:

A. Classifies ingressed traffic locally on the device where NetSight Policy Manager is installed

B. Defines and pushes a policy configuration out to devices on the network

C. Is used to update the policy configuration of a switch after it is rebooted

D. Maintains periodic contact with policy-capable switches on the network so the switch can pull

down the policy configuration on demand

Answer: B

QUESTION NO: 92

The advantages to using protocol-based containment via policy for guest networking over VLANbased

containment is:

A. Policy drops unwanted traffic sourced from guests before this traffic enters the network

B. Policy can be configured to control how guests communicate to other guests on the network,

even within the same VLAN

C. Guest users can reside on the production VLAN while network security is maintained.

Therefore, guest VLANs do not need to be deployed on the network

D. All of the above

Answer: D

QUESTION NO: 93

Which of the following services, as defined by demo.pmd in NetSight Policy Manager, reduces

network congestion by removing legacy protocols from the network such as IPX?





Answer: A

QUESTION NO: 94

As defined in NetSight Policy Managers demo.pmd file, the Secure Guest Access Service Group:

A. Allows PPTP and HTTP traffic only, and discards all other traffic

B. Allows HTTP, DNS, and DHCP traffic only, and discards all other traffic

C. Allows PPTP, HTTP, DNS, and DHCP traffic, and denies access to all other TCP/UDP ports

and unsupported protocols on the network

D. Discards all traffic

Answer: C

QUESTION NO: 95

As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role is

associated to:

A. No services



D. All services grouped under the Acceptable Use Policy service group

Answer: D

QUESTION NO: 96

Which of the following is not a traffic attribute for which a classification rule may be configured?

A. MAC address

B. PHY and PMD sub-layers

C. TCP/UDP port number

D. IP address

Answer: B

QUESTION NO: 97


the network from well-known layer 4 ports utilized in various attacks and exploits on the network?


B. Deny Layer 4 Attack Ports service


D. Application Provisioning - AUP service

Answer: C

QUESTION NO: 98

As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning -

Supplemental service is associated to the:

A. Enterprise User role only

B. Enterprise User role and Enterprise Access role

C. Enterprise Access role only

D. Enterprise Access and Guest Access role

Answer: A

QUESTION NO: 99

The RADIUS Filter-ID parameter is used to:

A. Authenticate users

B. Authenticate a RADIUS client

C. Pass policy information to a switch to authorize an authenticated user with a level of network

access

D. Discard traffic destined for a RADIUS server

Answer: C

QUESTION NO: 100

Port Groups can be used in NetSight Policy Manager to:

A. Group ports based on location

B. Group ports based on speed

C. Group ports based on whether untrusted users have physical access to these ports

D. All of the above

Answer: D

2b0-101 1-0

Documents