What is the result of the following ACL?
allow serier-ip 216.240.23.27 and server-port 80 deny any
A - Objects from a server with the IP address of 216.240.23.27 andfrom port 80 are allowed.
B - Objects requested by a client 216.240.23.27 on the client’s port so are allowed.
C - All requests are denied unless the request is coming from 216.240.23.27 and enters the
cache on the cache port 80.
D - Allow server-ip 215.240.23.27 to use the cache’s port 80.
Answer: A
Assuming access control is based purely upon a successful validation of credentials received
from a client, then, where NTLM Authentication is required, the correct sequence involving a
HTTP request is:
1. NetCache retrieves object from server.
2. Client requests object credentials are included.
3. Client requests object; credentials are not included.
4. NetCache tells client to send credentials.
5. Domain Controller sends result of validation of credentials.
6. NetCache asks Domain Controller if credentials are valid.
7. NetCache serves objec t to client.
A - 3,4,2,1,6,5,7
B - 2, 1,6,5,7
C - 3,4,2,6,5,1,7
D - 2, 6,5,1,7
Answer: C
What benefit does SecureAdmin provide for administration?
A - It creates a more stable environment by providing the administrator with an easy-to-use
interface for creating backup procedures and managing multiple caches from one central
location.
B - It forces administrators to authenticate any hosts requesting access to the NetCache
appliance.
C - It deeply reduces performance because it causes all traffic to be encrypted.
D - It provides a secure environment for administrating the NetCache appliance.
Answer: D
When used with SmartFilter, which of the following ACLs will prohibit job searches by the group
finance during business hours?
A - Allow not smartfilter Job_Search and time 9am - 5pm day mon - fri
B - deny smartfilter Job_Search and time 9am - 5pm day mon - fri
C - deny job search group finance 9am - 5pm mon - fri
D - deny group finance and smartfilter Job_Search and time 9am - 5pm and day mon - fri
Answer: D
When a NetCache joins a native Windows 2000 or 2003 domain, it uses _________
authentication for the join process.
A - NTLM
B - LDAP
C - Kerberos
D - RADIUS
Answer: C
What is the difference between deny and allow not?
A - The deny denies the request and stops the evaluation, while the allow not allows all requests
except for those that match the criteria after the “not.”
B - The deny denies the request and continues evaluation, while the allow not only continues
evaluations for requests that meet the criteria specified after the “not.”
C - The deny allows all requests that match its criteria and denies all other requests, while the
allow not denies everything except for those requests that match its criteria.
D - They both give the same result.
Answer: A
What is the difference between the icap command and the icap_now command?
A - The icap command directs requests to the ICAP application after all other ACLs are
evaluated; the icap_now command is used to force requests to be directed to the ICAP
application first.
B - The icap command is used to force requests to be directed to the ICAP application first; the
icap_now command directs requests to the icap_now application after all other ACLs are
evaluated.
C - The icap_now command is used to modiN the requests before sending to the other ACLs for
evaluation; The icap command specifies to send requests to the ICAP application for filtering
before evaluating all other ACLs.
D - The icap command directs requests to the ICAP application before requests are evaluated by
the other ACLs; the icap_now command specifies to use the ICAP application only for
evaluation.
Answer: A
Which THREE require authentication? (Choose 3)
A - HTTPS
B - NNTP
C - Gopher
D - DNS
Answer: A, B, C
The vectoring point, REQMOD_PRECACHE, is used to adapt content_______________
A - coming into NetCache from the client
B - going from NetCache to the ICAP server
C - coming into NetCache from the ICAP server
D - going from NetCache to the client
Answer: A
When using on-box filters with ACLs, what is the precedence of the ACL settings?
A - group authentication, ACLs, and then the filter
B - the filter, ACLs, then authentication
C - ACLs, group authentication, and then the filter
D - the filter, authentication, then ACLs
Answer: C
Where in the GUI can you define the port used to accept http traffic?
A - Setup> Maintenance > System Control
B - Setup>Ports>HTTP
C - Setup> HTTP > General ?HTTP Proxy Ports
D - Setup> HTTP > Web Server Acceleration
Answer: C
Given the following ACL, if Bob is in group 1, when is he allowed?
> allow group grp1 and time 9:00am - 5:00pm > deny group grp2 > deny any
A - Bob has access between 9:00 AM through 5:00 PM.
B - Bob has access after 5:00 PM and until 9:00 AM.
C - Bob has access regardless of the time because he is in group 1.
D - Bob has access either when he is a member of group 1 or between 9:00 AM and 5:00 PM.
Answer: A
Which TWO implementations are required for setting up transparency with WCCP? (Choose 2)
A - The WCCP router must be located where a firewall that uses Network Address Translation
(NAT) is not located between the WCCP and the NetCache appliance.
B - The WCCP router must be located so that it can view all network traffic for the clients that it is
expected to serve.
C - The WCCP router has to be directly connected to the proxy’.
D - The WCCP router must be located where a firewall that uses Network Address Translation
(NAT) is located between the WCCP and the NetCache appliance.
Answer: A, B
What is the default administration port?
A - 3128
B - 8080
C - 3132
D - 9090
Answer: C
The SecureAdmin feature uses _____________ to securely replace _____________
and________
A - Kerberos, SSH, and HTTPS
B - SSH, Telnet, and RSH
C - RSH, Telnet, and SSH
D - SSH, HTTPS, and LDAP
Answer: B
What protocols does the SecureAdmin support?
A - HTTPS and FTP.
B - SSH and SSL
C - RTSP and MMS
D - NTLM, Kerberos, and LDAP
Answer: B
Which of the following ACL5 will limit the ability to administer the NetCache to a specific
computer?
A - auth client-ip [IP address]: 3132
B - allow client-ip [IP address]: 3132
C - reauth client-ip [IP address]: 3128
D - allow client-ip [IP address]: 3128
Answer: B
Given the following service farm configuration, which requests will be scanned by the ICAP
server?
config.icapv1 .farm0.attr = marketing_resp RESPMOD_PRECACHE on rr on weak
A - responses before being sent to NetCache
B - responses from NetCache
C - responses before being sent to the CAP server
D - responses from the Internet
Answer: C
Which authentication methods, used to receive client credentials, are performed once per
connection instead of performed once per request?
A - NTLM and Kerberos
B - LDAP and Basic
C - FTP and NTP
D - RADIUS and challenge-response
Answer: A
Which FOUR are key steps in the authentication process? (Choose 4)
A - verify protocol authentication settings (authenticates the user)
B - verity ACL permission settings for the applicable group in the NetCache user database
C - verify whether SmartFilter or WebWasher DynaBLocator denies the request
D - verify connectivity to logging server
E - allow or deny the request, based on the results of the authentication process
Answer: A, B, C, E
Which vector point is used to route an object to the ICAP server from NetCache, but before the
data is requested from the Web server?
A - REQMOD_PRECACHE
B - REQMOD_POSTCACHE
C - RESPMOD_PRECACHE
D - RESPMOD_POSTCACHE
Answer: B
Which TWO of the following server types can function as a logging target for NetCache? (Choose
2)
A - FTP
B - CIPS
C - HTTP
D - NFS
Answer: A, C
Given the following log entry from the Web Access log, with the default access log format, what
does DIRECT mean? 1093891725.752 0.080 10.32.10.92 TCP_MISS/200 10177 GET
http://aroopam.com- DIRECT/209 .68.147.66 “text/html”
A - The object must be retrieved from a parent cache.
B - The requested URL resides outside the firewall, and the URL maps to no parents or
neighbors.
C - The URL was fetched from the source.
D - This NetCache has no valid parents or neighbors.
Answer: C
What is the difference between the following two ACLs?
Deny url matches “.*.org”
?RUJ Deny server-domain contains “org’
A - The first ACL reads the entire URL, the second ACL reads only the server-domain field in the
URL.
B - The first ACL is more efficient because it uses regular expressions and will match more URLs.
C - The first ACL is a syntax that is specific to the HTTP protocol only, while the second URL is a
general purpose ACL.
D - The first ACL uses incorrect syntax and will cause an error message. The second ACL is
correct.
Answer: A
When used with SmartFilter, which of the following ACL5 will prohibit job searches by the group
finance during business hours?
A - Allow not smartfilter Job_Search and time 9am - 5pm day mon - fri
B - deny smartfilter Job_Search and time 9am - 5pm day mon - fri
C - deny job search group finance 9am - 5 pm mon - fri
D - deny group finance and smartfilter Job_Search and time 9am - 5pm and day mon - fri
Answer: D
What is the result of the following ACL?allow serier-ip 216.240.23.27 and server-port 80 deny anyA - Objects from a server with the IP address of 216.240.23.27 andfrom port 80 are allowed.B - Objects requested by a client 216.240.23.27 on the client’s port so are allowed.C - All requests are denied unless the request is coming from 216.240.23.27 and enters thecache on the cache port 80.D - Allow server-ip 215.240.23.27 to use the cache’s port 80.Answer: AAssuming access control is based purely upon a successful validation of credentials receivedfrom a client, then, where NTLM Authentication is required, the correct sequence involving aHTTP request is:1. NetCache retrieves object from server.2. Client requests object credentials are included.3. Client requests object; credentials are not included.4. NetCache tells client to send credentials.5. Domain Controller sends result of validation of credentials.6. NetCache asks Domain Controller if credentials are valid.7. NetCache serves objec t to client.A - 3,4,2,1,6,5,7B - 2, 1,6,5,7C - 3,4,2,6,5,1,7D - 2, 6,5,1,7Answer: CWhat benefit does SecureAdmin provide for administration?A - It creates a more stable environment by providing the administrator with an easy-to-useinterface for creating backup procedures and managing multiple caches from one centrallocation.B - It forces administrators to authenticate any hosts requesting access to the NetCacheappliance.C - It deeply reduces performance because it causes all traffic to be encrypted.D - It provides a secure environment for administrating the NetCache appliance.Answer: DWhen used with SmartFilter, which of the following ACLs will prohibit job searches by the groupfinance during business hours?A - Allow not smartfilter Job_Search and time 9am - 5pm day mon - friB - deny smartfilter Job_Search and time 9am - 5pm day mon - friC - deny job search group finance 9am - 5pm mon - friD - deny group finance and smartfilter Job_Search and time 9am - 5pm and day mon - friAnswer: DWhen a NetCache joins a native Windows 2000 or 2003 domain, it uses _________authentication for the join process.A - NTLMB - LDAPC - KerberosD - RADIUSAnswer: CWhat is the difference between deny and allow not?A - The deny denies the request and stops the evaluation, while the allow not allows all requestsexcept for those that match the criteria after the “not.”B - The deny denies the request and continues evaluation, while the allow not only continuesevaluations for requests that meet the criteria specified after the “not.”C - The deny allows all requests that match its criteria and denies all other requests, while theallow not denies everything except for those requests that match its criteria.D - They both give the same result.Answer: AWhat is the difference between the icap command and the icap_now command?A - The icap command directs requests to the ICAP application after all other ACLs areevaluated; the icap_now command is used to force requests to be directed to the ICAPapplication first.B - The icap command is used to force requests to be directed to the ICAP application first; theicap_now command directs requests to the icap_now application after all other ACLs areevaluated.C - The icap_now command is used to modiN the requests before sending to the other ACLs forevaluation; The icap command specifies to send requests to the ICAP application for filteringbefore evaluating all other ACLs.D - The icap command directs requests to the ICAP application before requests are evaluated bythe other ACLs; the icap_now command specifies to use the ICAP application only forevaluation.Answer: AWhich THREE require authentication? (Choose 3)A - HTTPSB - NNTPC - GopherD - DNSAnswer: A, B, CThe vectoring point, REQMOD_PRECACHE, is used to adapt content_______________A - coming into NetCache from the clientB - going from NetCache to the ICAP serverC - coming into NetCache from the ICAP serverD - going from NetCache to the clientAnswer: AWhen using on-box filters with ACLs, what is the precedence of the ACL settings?A - group authentication, ACLs, and then the filterB - the filter, ACLs, then authenticationC - ACLs, group authentication, and then the filterD - the filter, authentication, then ACLsAnswer: CWhere in the GUI can you define the port used to accept http traffic?A - Setup> Maintenance > System ControlB - Setup>Ports>HTTPC - Setup> HTTP > General ?HTTP Proxy PortsD - Setup> HTTP > Web Server AccelerationAnswer: CGiven the following ACL, if Bob is in group 1, when is he allowed?> allow group grp1 and time 9:00am - 5:00pm > deny group grp2 > deny anyA - Bob has access between 9:00 AM through 5:00 PM.B - Bob has access after 5:00 PM and until 9:00 AM.C - Bob has access regardless of the time because he is in group 1.D - Bob has access either when he is a member of group 1 or between 9:00 AM and 5:00 PM.Answer: AWhich TWO implementations are required for setting up transparency with WCCP? (Choose 2)A - The WCCP router must be located where a firewall that uses Network Address Translation(NAT) is not located between the WCCP and the NetCache appliance.B - The WCCP router must be located so that it can view all network traffic for the clients that it isexpected to serve.C - The WCCP router has to be directly connected to the proxy’.D - The WCCP router must be located where a firewall that uses Network Address Translation(NAT) is located between the WCCP and the NetCache appliance.Answer: A, BWhat is the default administration port?A - 3128B - 8080C - 3132D - 9090Answer: CThe SecureAdmin feature uses _____________ to securely replace _____________and________A - Kerberos, SSH, and HTTPSB - SSH, Telnet, and RSHC - RSH, Telnet, and SSHD - SSH, HTTPS, and LDAPAnswer: BWhat protocols does the SecureAdmin support?A - HTTPS and FTP.B - SSH and SSLC - RTSP and MMSD - NTLM, Kerberos, and LDAPAnswer: BWhich of the following ACL5 will limit the ability to administer the NetCache to a specificcomputer?A - auth client-ip [IP address]: 3132B - allow client-ip [IP address]: 3132C - reauth client-ip [IP address]: 3128D - allow client-ip [IP address]: 3128Answer: BGiven the following service farm configuration, which requests will be scanned by the ICAPserver?config.icapv1 .farm0.attr = marketing_resp RESPMOD_PRECACHE on rr on weakA - responses before being sent to NetCacheB - responses from NetCacheC - responses before being sent to the CAP serverD - responses from the InternetAnswer: CWhich authentication methods, used to receive client credentials, are performed once perconnection instead of performed once per request?A - NTLM and KerberosB - LDAP and BasicC - FTP and NTPD - RADIUS and challenge-responseAnswer: AWhich FOUR are key steps in the authentication process? (Choose 4)A - verify protocol authentication settings (authenticates the user)B - verity ACL permission settings for the applicable group in the NetCache user databaseC - verify whether SmartFilter or WebWasher DynaBLocator denies the requestD - verify connectivity to logging serverE - allow or deny the request, based on the results of the authentication processAnswer: A, B, C, EWhich vector point is used to route an object to the ICAP server from NetCache, but before thedata is requested from the Web server?A - REQMOD_PRECACHEB - REQMOD_POSTCACHEC - RESPMOD_PRECACHED - RESPMOD_POSTCACHEAnswer: BWhich TWO of the following server types can function as a logging target for NetCache? (Choose2)A - FTPB - CIPSC - HTTPD - NFSAnswer: A, CGiven the following log entry from the Web Access log, with the default access log format, whatdoes DIRECT mean? 1093891725.752 0.080 10.32.10.92 TCP_MISS/200 10177 GEThttp://aroopam.com- DIRECT/209 .68.147.66 “text/html”A - The object must be retrieved from a parent cache.B - The requested URL resides outside the firewall, and the URL maps to no parents orneighbors.C - The URL was fetched from the source.D - This NetCache has no valid parents or neighbors.Answer: CWhat is the difference between the following two ACLs?Deny url matches “.*.org”?RUJ Deny server-domain contains “org’A - The first ACL reads the entire URL, the second ACL reads
only the server-domain field in theURL.B - The first ACL is more efficient because it uses regular expressions and will match more URLs.C - The first ACL is a syntax that is specific to the HTTP protocol only, while the second URL is ageneral purpose ACL.D - The first ACL uses incorrect syntax and will cause an error message. The second ACL iscorrect.Answer: AWhen used with SmartFilter, which of the following ACL5 will prohibit job searches by the groupfinance during business hours?A - Allow not smartfilter Job_Search and time 9am - 5pm day mon - friB - deny smartfilter Job_Search and time 9am - 5pm day mon - friC - deny job search group finance 9am - 5 pm mon - friD - deny group finance and smartfilter Job_Search and time 9am - 5pm and day mon - friAnswer: D
No comments:
Post a Comment
Leave Your Valuable Opinion