Sunteți pe pagina 1din 11

Exam Title

: Symantec 250-502 : Firewall & integrated security appliances solutions

Version : R6.1

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact

1. What is another term commonly used for NAT? A. IP spoofing B. IP masquerading C. IP address proxying D. IP packet address translation Answer: B 2. Which three can a proxy-based firewall do? (Choose three.) A. hide addresses on the internal network B. track each connection across all interfaces C. inspect encrypted traffic at the application layer D. allow for logging of events at the application layer Answer: ABD 3. Your customer has configured their internal network to use the network and is using NAT to route to the Internet. They are complaining that the Symantec LiveUpdate service is not functioning properly. How should you fix the problem? A. Configure the NAT to use dynamic DNS. B. Configure the NAT to route the network to the Internet. C. Reconfigure the internal network to use an accepted private network address. D. Add a static route from the network to the Symantec LiveUpdate servers. Answer: C 4. How many host IP addresses can a network with a subnet mask of support? A. 62 B. 64 C. 126 D. 128 Answer: A 5. Which security technology supports encryption and encapsulation to ensure that data cannot be compromised in transit? A. PKI B. VPN C. RADIUS D. Kerberos Answer: B 6. Which two methods are used by VPN technology to ensure data confidentiality? (Choose two.) A. AES

B. MD5 C. SHA1 D. 3DES Answer: AD 7. Which three addresses are non-routable on the public Internet? (Choose three.) A. B. C. D. E. Answer: ABD 8. Which three layers can a firewall use to process network traffic? (Choose three.) A. network B. physical C. data link D. transport Answer: ACD 9. How do you ensure that Symantec Enterprise Firewall content filtering is based on a current list of restricted topics or sites? A. Use LiveUpdate to download ratings list. B. Purchase a third-party ratings subscription. C. Download ratings lists from the Symantec Web site. D. Configure a referral to an external site and content blocking service. Answer: A 10. Which three conditions must be met on each firewall when configuring a Symantec Enterprise Firewall cluster? (Choose three.) A. same OS version B. same hardware platform C. same external IP address D. multimode fiber interfaces E. same number of node licenses Answer: ABE 11. Which three are shipped with Symantec Enterprise Firewall? (Choose three.) A. pre-configured IPSec/IKE policies B. pre-configured IPSec/IPv4 policies

C. pre-configured IPSec/Static policies D. a single Symantec Client VPN license Answer: ACD 12. Which two methods can you use to limit Symantec Enterprise Firewall VPN tunnel traffic? (Choose two.) A. Pass traffic to proxies. B. Modify the global IKE policy. C. Create a filter and apply it to an interface. D. Create a filter and apply it to the VPN policy. Answer: AD 13. Which two Security Gateway Management Interface (SGMI) methods can you use to allow outbound SMTP and HTTP traffic if you did not configure these traffic options at the time you installed the Symantec Enterprise Firewall? (Choose two.) A. Protocol Tab B. Policy Wizard C. System Setup Wizard D. Rules tab in the Policy Window Answer: BD 14. In which two formats are Symantec Enterprise Firewall reports available? (Choose two.) A. XML B. PDF C. email D. HTML Answer: BD 15. Which three authentication methods does Symantec Enterprise Firewall support? (Choose three.) A. RADIUS B. iisProtect C. TACACS+ D. Bellcore S/Key Answer: ACD 16. Which three notification methods can be configured via the Security Gateway Management Interface (SGMI)? (Choose three.) A. fax B. SMS C. pager D. SNMP

E. client program Answer: CDE 17. Which Symantec Enterprise Firewall task must you perform to ensure proper functioning of DNSd for a security gateway facing the Internet? A. Disable public zone files on the security gateway. B. Configure a DNS forwarder to point to a root name server. C. Configure the public recursion record on the security gateway. D. Configure the DNS server search order to point to the Internet root servers. E. Ensure network connectivity to the Internet root name servers on the security gateway. Answer: E 18. Which option should you use to remove a node from a Symantec Enterprise Firewall cluster? A. Kill Node B. Delete Node C. Modify Cluster D. Configure Cluster Answer: C 19. What is the Symantec Enterprise Firewall default port for UDP encapsulation data transfer? A. 117 B. 418 C. 786 D. 1723 Answer: C 20. Which Symantec Enterprise Firewall wizard or tab is used to configure high availability? A. HA/LB Wizard B. Cluster Wizard C. Performance tab D. High Availability Status tab Answer: B 21. You are using a protocol that includes the IP address as application data (GSPs). H ow do you configure the Symantec Enterprise Firewall to correctly route the connection? A. select Static NAT Pool B. check Pass Traffic to Proxies C. select Use Original Client Address D. check Non-Cancel Control Message Allowed Answer: C

22. You are deploying Symantec Enterprise Firewall as your perimeter protection for your four-segment network. Three segments are internal networks and one provides a WAN connection to the Internet. A network router connects the internal networks to the security gateway. The security gateway must protect all three internal networks from the Internet. What is the minimum number of network interfaces required on the security gateway? A. 1 B. 2 C. 3 D. 4 Answer: B 23. Which utility can you use to securely transfer Symantec Enterprise Firewall logfiles? A. Syslog B. SRMC C. Rempass D. RemoteLog Answer: D 24. Which two are true about Symantec Enterprise Firewall load balancing? (Choose two.) A. shares traffic across gateways B. traffic will be decreased across gateways C. deployed in maximum cluster size of four gateways D. deployed in maximum cluster size of eight gateways Answer: AD 25. You are using Symantec Enterprise Firewall NAT for address hiding with VPN tunnels. The VPN traffic fails to pass through the proxies. Why is the traffic forwarding failing? A. VPN load balancing is not enabled. B. VPN policy is not properly configured. C. Service redirects are not configured for VPN. D. VPN shared secrets are not properly configured. Answer: B 26. Which must you do prior to having the Symantec Enterprise Firewall join Symantec Enterprise Security Architecture (SESA)? A. Apply SESA licenses. B. Enable the SESA bridge. C. Install SESA foundation pack. D. Enable Symantec Incident Manager.

Answer: C 27. What is the maximum size of the address pool supported by the Symantec Gateway Security 300 Series DHCP service? A. 64 B. 125 C. 253 D. 65535 Answer: C 28. Which two statements are true about Symantec Gateway Security 300 Series Ant i Virus Policy Enforcement (AVpe)? (Choose two.) A. UNIX/Linux clients must be placed in an access group without AVpe. B. Clients who have been denied Internet access can connect to the Internet after a 10-minute period. C. Clients who have been denied Internet access can still connect to Symantec's LiveUpdate servers. D. AVpe can be configured to automatically update a client that has been found to have obsolete virus protection. Answer: AC 29. What is the benefit of using a global VPN tunnel when configuring remote users to connect to the Symantec Gateway Security 300 Series? A. It allows authentication via LDAP. B. It uses stronger encryption protocols. C. Client traffic is filtered by the appliance. D. There are faster network response times while browsing. Answer: C 30. How many LAN ports does the Symantec Gateway Security 320 have? A. 1 B. 2 C. 4 D. 8 E. 10 Answer: C 31. Your client computer has a static address of You plug your client computer into one of the LAN ports on the Symantec Gateway Security 360, but cannot establish a connection to the appliance's management interface. Which two configuration settings could you assign to your client to establish a management connection? (Choose two.) A. IP

B. IP C. Mask D. Mask Answer: BC 32. How should you configure a backup Internet connection on a Symantec Gateway Security 320? A. Configure a redundant IP on the WAN port. B. Configure the WAN2 port to connect to your ISP. C. Connect a modem to the serial port and configure a dialup account. D. Connect a modem to the CardBus port and configure a dialup account. Answer: C 33. Your ISP provides a changing IP address. Which feature of Symantec Gateway Security 300 Series allows external connections by name? A. BIND DNS client B. BIND DNS server C. Dynamic DNS client D. Dynamic DNS server Answer: C 34. How does the addition of LiveUpdate to the Symantec Gateway Security 300 Series improve its management capabilities? A. It keeps virus definitions up-to-date. B. Appliance firmware is easily updated. C. Client AntiVirus software is updated automatically. D. OS patches are automatically distributed throughout your network. E. Firewall rules are automatically downloaded and installed on the device. Answer: B 35. You manage a Symantec Gateway Security 300 Series for your company. Your company employs a lot of contractors who work for short durations with the company, but who require VPN access. This has resulted in considerable administration on your behalf, updating user accounts on the appliance, and ensuring that only those contractors who currently require access will have it. What can you do to simplify this process? A. Allow only gateway-to-gateway VPN tunnels on the appliance. B. Configure the appliance to update the user account list by importing a CSV listing the currently authorized users. C. Install a LDAP server on your network and configure the appliance to use the LDAP server to authenticate VPN connection attempts.

D. Install a RADIUS server on your network and configure the appliance to use the RADIUS server to authenticate VPN connection attempts. Answer: D 36. Which action is performed when the Symantec Gateway Security 300 Series is unable to pass its self-check test after a LiveUpdate? A. It goes into disaster-recovery mode. B. It attempts to restart the interrupted LiveUpdate. C. It defaults to the factory firmware stored in protected memory. D. It becomes unusable until the PROM chip is replaced with a pre-programmed one. Answer: C 37. What are two characteristics of the Symantec Gateway Security 300 Series content filtering lists? (Choose two.) A. support wild cards B. do not support wild cards C. hold a maximum of 100 entries D. hold a maximum of 128 entries Answer: AC 38. Which two events will generate Symantec Gateway Security 300 Series SNMP messages? (Choose two.) A. cold startup B. blocked connections C. SGMI authentication failure D. Trojan communication attempts Answer: AC 39. Which three are supported connection types for the Symantec Gateway Security 300 Series? (Choose three.) A. Dialup B. PPPoA C. PPPoE D. Firewire E. Ethernet F. Token Ring Answer: ACE 40. You want to configure the Symantec Gateway Security 360R to use WAN2 30% of the time. Which three steps must you carry out to achieve this? (Choose three.)

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below