Download IBM Security Network Protection (XGS) V5.3.2 System Administration.C2150-620.PracticeTest.2018-02-15.33q.vcex

Vendor: IBM
Exam Code: C2150-620
Exam Name: IBM Security Network Protection (XGS) V5.3.2 System Administration
Date: Feb 15, 2018
File Size: 2 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
One XGS appliance in a financial company was running firmware version 5.2 for 2 years. The System Administrator upgraded the firmware to 5.3.2.3 because version 5.2 is no longer supported and enabled Any-Any-Any-Inspect rule in Outbound SSL Inspection Policy according to new company audit policy. After that, several users complain that their workstations cannot get Windows Update any more. 
What should the System Administrator do to resolve this issue?
  1. Use the Microsoft domain certificate application object and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  2. Enable Any-Any-Any- Privacy-sensitive Information-Ignore rule in Outbound SSL Inspection Policy and make sure the priority of this rule is higher than Any-Any-Any-Inspect.
  3. Create a domain certificate category application specifying *.update.microsoft.com in CN List and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  4. Enable the Any-Any-Microsoft domain certificate-Ignore built-in rule in Outbound SSL Inspection Policy and male sure the priority of this rule is higher than Any-Any-Any-Inspect
Correct answer: A
Explanation:
Problem(Abstract) If Outbound SSL decryption is enabled on the XGS, Windows Updates fail. Resolving the problem To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:Action: IgnoreSource: AnyDestination: AnyDomain: Microsoft domain certificateReferences: http://www-01.ibm.com/support/docview.wss?uid=swg21903062
Problem(Abstract) 
If Outbound SSL decryption is enabled on the XGS, Windows Updates fail. 
Resolving the problem 
To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:
Action: Ignore
Source: Any
Destination: Any
Domain: Microsoft domain certificate
References: http://www-01.ibm.com/support/docview.wss?uid=swg21903062
Question 2
The System Administrator has configured Outbound SSL Inspection Policy for five SSL-enabled web sites. 
How can the SSL decryption errors for each web site be detected?
  1. By looking at System Events Logs
  2. By first enabling Alert on Failure
  3. By looking at Network Access Events Logs
  4. By looking at the SSL Connection Statistics Network Graph
Correct answer: B
Explanation:
Ensure that you selected the Alert On Success and Alert On Failure check boxes because they can help with the troubleshooting. References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 216
Ensure that you selected the Alert On Success and Alert On Failure check boxes because they can help with the troubleshooting. 
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 216
Question 3
The System Administrator of an oil and gas company has an XGS appliance deployed in the network below:
 
The appliance was working in Inline simulation mode and suddenly there was a power failure on the switch which causes link 1.2 on XGS to go down, However, port 1.1 on XGS remains up and hence the firewall keeps on sending the traffic to XGS appliance without realizing failure in the path. 
Which setting should be corrected in the Protection Interface policy to avoid this behavior?
  1. Ensure that Propagate link is set to No.
  2. Ensure that Propagate link is set to Yes.
  3. Ensure that hardware bypass mode is set to Fail Open.
  4. Ensure that hardware bypass mode is set to Fail Closed.
Correct answer: D
Explanation:
Hardware Bypass Modes Fail ClosedCloses the links for the interface pair and prevents any network traffic from passing through the appliance. Fail OpenAllows all network traffic to pass through the appliance. AutoIn non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). Note: On the XGS, there are two different bypass methods that are used:The hardware bypass is controlled by the physical network interfaces. The software bypass is controlled by the packet driver. References: http://www-01.ibm.com/support/docview.wss?uid=swg21882622
Hardware Bypass Modes 
  • Fail ClosedCloses the links for the interface pair and prevents any network traffic from passing through the appliance. 
  • Fail OpenAllows all network traffic to pass through the appliance. 
  • AutoIn non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). 
Note: On the XGS, there are two different bypass methods that are used:
The hardware bypass is controlled by the physical network interfaces. 
The software bypass is controlled by the packet driver. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21882622
Question 4
A System Administrator is planning to implement SSL Inspection for both outbound user traffic and inbound traffic to a company web server. 
The requirements are as follows:
  • SSL Inspection should protect users from connections to fraudulent servers 
  • Outbound SSL Inspection should be limited to select web site categories 
  • Avoid having to deploy files, configurations, or certificates to user workstations 
The steps to implement this plan are as follows:
  • Obtain an Inspection license for the XGS 
  • Obtain a certificate from a public CA and upload it to the XGS via Outbound SSL Certificates 
  • Obtain the certificate and private key of the internal web server and upload it to the XGS via Inbound SSL Certificates 
  • Add internal CA certificates for the company intranet to the trusted Certificate Authorities tab in Outbound SSL Inspection Settings 
  • Configure Outbound SSL Inspection Settings to block connections if the server certificate is self-signed or invalid 
  • Create Outbound SSL Inspection rules that inspect only specific Domain Certificate Categories 
  • Create Inbound SSL Inspection rules that only decrypt traffic destined for the internal web server II address 
What will happen if an internal user attempts to access the company intranet?
  1. The connection will be blocked.
  2. The connection will be successful and traffic will be decrypted.
  3. The connection will be successful and the traffic will be blocked.
  4. The connection will be successful and the traffic will not be decrypted.
Correct answer: B
Question 5
A System Administrator wants to install the XGS license files during the first time configuration of the appliance. 
How should the first time configuration wizard on the appliance be accessed?
  1. Use the LCD front panel.
  2. Use a console cable connection.
  3. Use the Command Line Interface over SSH.
  4. Use the web-based Local Management Interface.
Correct answer: D
Explanation:
The Security Network Protection appliance offers a browser-based graphical user interface for local, single appliance management. To log in to the local management interface, type the IP address or host name of your Network Protection appliance into your web browser. References: http://documentation.extremenetworks.com/PDFs/SIEM-IPS/Extreme_Security_Threat_Protection_Installation_Guide.pdf, page 13
The Security Network Protection appliance offers a browser-based graphical user interface for local, single appliance management. 
To log in to the local management interface, type the IP address or host name of your Network Protection appliance into your web browser. 
References: http://documentation.extremenetworks.com/PDFs/SIEM-IPS/Extreme_Security_Threat_Protection_Installation_Guide.pdf, page 13
Question 6
The System Administrator has configured the XGS devices shown in the following topology diagram. Outbound SSL inspection is configured on XGS1. All XGS devices are licensed for SSL inspection, Identity and Application Control, and IP Reputation. 
 
Which of the XGS devices will block PC1 from accessing a known malware web site via SSL?
  1. XGS1 in protection mode
  2. XGS2 connected to s read-only tap port
  3. XGS3 in protection mode
  4. XGS4 connected to a read-only tap port
Correct answer: A
Question 7
A System Administrator sees a lot of Ping_Sweep events reported as blocked on the network. However, because the Ping_Sweep signature only blocks the ping packet that triggers the event, most of the ping packets are allowed through the XGS. 
How can these suspicious packets be effectively blocked from the network?
  1. Add a quarantine response to the Ping_Sweep event.
  2. Add a Network Access policy rule to reject ICMP traffic.
  3. Add a catch-all rule to the bottom of the NAP that rejects all traffic.
  4. Enable the Ping_Sweep event in the default IPS policy with the Block option.
Correct answer: A
Explanation:
Question Why are some events allowed after setting a block response? Cause Most network attacks are carried out in a single packet or in several packets that are reconstructed into a single "session." For these attacks, the Block response in the XGS Intrusion Prevention policy is appropriate to use, and is translated into a block packet response and/or into a block connection response. Certain events, however, are classified as "non-sequitur." Non-sequitur events are events that require a succession of packets to occur before the signature is triggered. For example, a port scan signature may require a succession of ten port probes before the signature would trigger. In this case, many of the offending "packets" would have already passed through the system. Answer For these types of signatures, you must set the Quarantine response in addition to the Block response under the Default Repository > Shared Objects > Intrusion Prevention > select signature > Edit > enable the quarantine response under the Quarantine tab > Save. The quarantine response blocks the offending IP for a period of time, ensuring that the remaining probes do not get through. The standard block packet or drop connection responses (set by the Block response) are ineffective in stopping this kind of activity when not used in conjunction with Quarantine. List of non-sequitur events include SSH_Brute_Force. References: http://www-01.ibm.com/support/docview.wss?uid=swg21687475
Question 
Why are some events allowed after setting a block response? 
Cause 
Most network attacks are carried out in a single packet or in several packets that are reconstructed into a single "session." For these attacks, the Block response in the XGS Intrusion Prevention policy is appropriate to use, and is translated into a block packet response and/or into a block connection response. 
Certain events, however, are classified as "non-sequitur." Non-sequitur events are events that require a succession of packets to occur before the signature is triggered. For example, a port scan signature may require a succession of ten port probes before the signature would trigger. In this case, many of the offending "packets" would have already passed through the system. 
Answer 
For these types of signatures, you must set the Quarantine response in addition to the Block response under the Default Repository > Shared Objects > Intrusion Prevention > select signature > Edit > enable the quarantine response under the Quarantine tab > Save. The quarantine response blocks the offending IP for a period of time, ensuring that the remaining probes do not get through. The standard block packet or drop connection responses (set by the Block response) are ineffective in stopping this kind of activity when not used in conjunction with Quarantine. 
List of non-sequitur events include SSH_Brute_Force. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21687475
Question 8
After making changes, the System Administrator wants to verify the appliance was registered with the SiteProtector system and that current policies were synchronized with SiteProtector. 
Which two methods can be used to accomplish this? (Choose two.)
  1. In the SiteProtector console, select Asset view and check health status.
  2. In the SiteProtector console, check the health summary in the agent properties.
  3. Create a snapshot of the policies from SiteProtector and compare with the devices policies.
  4. Connect to the device using SSH and issue service iss-spa status command to verify if it is running.
  5. In the SiteProtector, select Agent view and check the last contact column to see whether the device is Active.
Correct answer: DE
Explanation:
E: Verify that the appliance is registered with the SiteProtector System by using the SiteProtector System console.Procedure Open the SiteProtector System console. In the left pane, select the group in which you added the appliance. Select the Sensor or Agent tab. The appliance is displayed in the list with a status of Active. References: https://www.ibm.com/support/knowledgecenter/en/SSB2MG_4.6.2/com.ibm.ips.doc/tasks/verifyingsuccessfulregistration.htm
E: Verify that the appliance is registered with the SiteProtector System by using the SiteProtector System console.
Procedure 
  1. Open the SiteProtector System console. 
  2. In the left pane, select the group in which you added the appliance. 
  3. Select the Sensor or Agent tab. The appliance is displayed in the list with a status of Active. 
References: https://www.ibm.com/support/knowledgecenter/en/SSB2MG_4.6.2/com.ibm.ips.doc/tasks/verifyingsuccessfulregistration.htm
Question 9
Security Policies of an organization demand that no network traffic should be allowed by XGS without inspection in case of XGS power failure or traffic beyond XGS capabilities. 
What should be the settings for built-in Hardware Bypass and Unanalyzed Policy?
  1. Hardware Bypass Mode= Fail Open; Unanalyzed Policy= Drop
  2. Hardware Bypass Mode= Fail Open; Unanalyzed Policy = Forward
  3. Hardware Bypass Mode= Fail Closed; Unanalyzed Policy= Drop
  4. Hardware Bypass Mode= Fail Closed; Unanalyzed Policy= Forward
Correct answer: B
Explanation:
Fail Open. Allows all network traffic to pass through the appliance. Incorrect Answers:C, D: Fail Closed. Closes the links for the interface pair and prevents any network traffic from passing through the appliance.References: https://www.ibm.com/support/knowledgecenter/en/SSHLHV_5.3.3/com.ibm.alps.doc/tasks/alps_configuring_protection_ports.htmNote:Hardware Bypass ModeSelect the mode to allow or to prevent traffic if the appliance fails or is powered off:Auto. In non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). Fail Open. Allows all network traffic to pass through the appliance. Fail Closed. Closes the links for the interface pair and prevents any network traffic from passing through the appliance.
Fail Open. Allows all network traffic to pass through the appliance. 
Incorrect Answers:
C, D: Fail Closed. Closes the links for the interface pair and prevents any network traffic from passing through the appliance.
References: https://www.ibm.com/support/knowledgecenter/en/SSHLHV_5.3.3/com.ibm.alps.doc/tasks/alps_configuring_protection_ports.htm
Note:
Hardware Bypass ModeSelect the mode to allow or to prevent traffic if the appliance fails or is powered off:
Auto. In non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). 
Fail Open. Allows all network traffic to pass through the appliance. 
Fail Closed. Closes the links for the interface pair and prevents any network traffic from passing through the appliance.
Question 10
The System Administrator of a financial company wants to control the network traffic during office hours, for example, social networking or streaming media traffic are forbidden during business hours (08:00-19:00) but are permitted after 19:00 from Monday to Friday. The consultant from an IBM business partner suggested that the Schedule Object in Network Access Policy could be used to fulfill this objective.
Which three parameters are required to create this Schedule Object? (Choose three.)
  1. Daily
  2. Comment
  3. End Time
  4. Start Time
  5. Expiration Date
  6. Activation Date
Correct answer: ACD
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!