Astaro ACA認證考試

7.26--7.28參加了Astaro的ACA(Astaro Certified Engineer)培訓，8.4參加了考試

You have passed the ACA (english) exam.

---

Score:  82%
Score Needed to Pass:  71%

Questions you answered incorrectly are highlighted in red.

Legend:
X - Incorrect answer you selected
+ - A correct answer
* - A correct answer you did not select

---

1.  Name the available ASG Appliance Hardware?

+A.  110/120, 220, 320, 425, 525

B.  1,2,3,4,5

C.  100, 200, 350, 450, 600

D.  500/1000, 2000, 3000, 4000

2.  What OS is Astaro Based on?

+A.  SLES10

B.  RedHat Enterprise 5.0

C.  OpenBSD 4.0

D.  MS Windows Server 2003 Rel. 2

3.  On which technique is the Web GUI is built upon?

+A.  Ajax

B.  Web2

C.  PowerWeb

D.  UserWeb

4.  On which Port is WebAdmin in ASG V7.x available by default?

A.  443

+B.  4444

C.  8443

D.  4430

5.  What is the correct URL to access documentation resources for ASG?

+A.  http://www.astaro.com/kb

B.  http://www.astaro.de/documentation

C.  http://docs.astaro.org

D.  https://archive.astaro.org

6.  What does the installation wizard configure?

+A.  Basic configuration

B.  The GUI colors

C.  Networking setup

D.  Remote Admin Authenticationrn

7.  Which information does the dashboard offer?

+A.  Version Information, Resource Usage, Threat Status, Interface Status, System Configuration

B.  Version Information, Resource Usage, Interface Status, System Configuration, Message of the day

C.  Traffic Statistics, Packet Filter Violations, Attack Status, *** Connection Status

D.  Model, Uptime, System Time, Admin Accounts, License ID

8.  What are Shortcuts useful for?

A.  To easily logout the admin session

B.  To remove pop ups

C.  To auto-fill forms

+D.  Bring up selection boxes and menus

9.  What parameters must be entered to get DynDNS running?

+A.  Username, Password, Hostname

B.  Peer DNS, Local DNS, Hostname

C.  DynDNS is not supported

D.  Upload the config-file provided by DynDNS

10.  Firmware updates keep the antivirus, antispam, intrusion prevention definitions as well as the online help up-to-date.

XA.  True

*B.  False

11.  What happens if the number of IP addresses in your networks exceed the scope of your license?

A.  IP addresses not seen for a period of 24 hours will automatically be removed from the license counter.

B.  All IP adresses which exceeded the license limit will be blocked by ASG.

+C.  If the limit is exceeded you will receive an e-mail notification at regular intervals.

D.  License violations will be prosecuted if you dont reply to the regarding notifications within 10 working days.

12.  Which protocols does the Up2Date mechanism use in Astaro Security Gateway V7?

A.  IPSec

B.  HTTPS via Port 222

+C.  HTTPS via Port 443

D.  SCP via Port 22

13.  How can I use Astaro Security Gateway as a central NTP distribution point?

+A.  Enable the "Network > NTP" server and allow the appropriate networks

B.  ASG broadcasts the current time automatically to all interfaces flagged "internal"

C.  There is no way to distribute time from ASG

D.  ASG allows to be queried from any local network automatically

14.  How is it possible to encrypt backups?

A.  Not at all.

B.  Manually after download, using a additional Software called BackupCrypt

C.  Automatically with the Backup-Crypt Plugin

+D.  By enabling the "Encrypt Backup" option and providing a password

15.  What happens to my log files and reports if I turn the time back or forth?

+A.  The log lines will "jump around", time-wise.

B.  Nothing, since astaro uses the "Universal Astaro Timezone" for internal logging

C.  When turning back the time, no new log files will be written until the last entry is at least at the same time

D.  There is no timestamp in the logfiles, only a incremental counter

16.  Which kind of Network Definitions can be created on ASG V7?

+A.  Host, Network, DNS host/group, Network group, and Availability group

B.  Single, Multiple, and Group

C.  Local, Remote, and Group

D.  NIS, YP, WINS, and Group

17.  Is it possible to nest Service Group Definitions?

A.  Yes

+B.  No

C.  With Groups of TCP Services only

D.  With Groups of UDP Services only

18.  What are the service protocol types that can be defined in ASG V7?

+A.  TCP, UDP, TCP/UDP, ICMP, IP, ESP, AH, Groups of others

B.  HTTP, FTP, E-Mail

C.  Web, News, FTP

D.  CIFS, DNS, NFS, YP

19.  Which definitions will be added for each Ethernet-type network interface automtically by ASG?

A.  media type, attached network, direction (external/internal)

B.  MAC Address, TX and RX count

C.  uptime, connectivity, speed

+D.  Address, Broadcast, Network

20.  For which facilities will the system automatically create user objects, whenever an unknown Active Directory user successfully authenticates to a back-end mechanism?

A.  HTTP Single-Sign-On

B.  PPTP

C.  IPSec

+D.  User Portal, Webadmin

21.  What are the types of static routes you can define on ASG?

+A.  Interface, Gateway, Blackhole

B.  Network, System, Gateway

C.  Nexthop, Lasthop, Intermediate

D.  Internet, Intranet, DMZ

22.  In which menu is the interface table of ASG to be seen?

A.  In "Network"

+B.  In "Support > Advanced > Interfaces Table"

C.  In "Network > Tables"

D.  In "Support > Interfaces"

23.  Is it possible to run PPPoA or PPPoE Interfaces over a virtual hardware?

XA.  Yes, it is pointless, though

*B.  No

C.  Only PPPoE

D.  Only PPPoA

24.  What happens to packets not matching any routing table entry?

+A.  They are discarded, the sender will not be notified with "ICMP, No route to host"

B.  They are being sent back

C.  They are sent to a random gateway

D.  They are sent to the Quarantine

E.  They are discarded, the sender will be notified with "ICMP, No route to host"

25.  What kind of function describes "Request Routing" on ASG?

+A.  The function to send different DNS requests to specific, responsible DNS servers

B.  The function to send different SMTP requests to specific, responsible SMTP servers

C.  The function to send different HTTP requests to specific, responsible HTTP servers

D.  There is no such feature

26.  In which usage scenario should I set the DynDNS Set Wildcard Record?

+A.  To have www, smtp, imap, pop3 as "sub-domains" to your DynDNS name

B.  To redirect invalid requests to Google

C.  To redirect any request to a user-defined site

D.  To match multiple DNS hostname, which are all registered for the same IP address

27.  Which modes are available for Uplink Balancing?

XA.  Router redundancy protocol support, router detour protocol

B.  Single mode, dual mode

*C.  Multipath, failover

D.  Single route, double route

28.  How does ASG handle packets when Spoof Protection is set on "normal"?

A.  The firewall will drop and log packets which either have the same source IP address as the interface itself or which arrive on an interface which has a source IP of a network assigned to another of its interfaces and also drop and log all packets which have a destination IP for an interface but arriving on an interface other than assigned.

B.  The packet filter will check the data packets for minimal length if the ICMP, TCP, or UDP protocol is used.

+C.  The firewall will drop and log packets which either have the same source IP address as the interface itself or which arrive on an interface which has a source IP of a network assigned to another of its interfaces.

D.  The firewall can "pick up" existing TCP connections that are not currently handled in the connection tracking table due to a network facility reset.

29.  For which protocols are connection tracking helpers available?

A.  TFTP, FTP, FTPS, IRC, MMS, PPTP

B.  SFTP, ESP, MMS, PPTP, TFTP

+C.  FTP, IRC, PPTP, TFTP

D.  FTP, IRC, MMS, L2TP, SKYPE

30.  How does ASG V7 handels broadcasts?

A.  By default, all broadcasts are dropped, which in addition will be logged.

+B.  By default, all broadcasts are dropped, which in addition will not be logged.

C.  By default, all broadcasts (also multicasts) are routed in all attached networks.

D.  By default, all broadcasts are changed into unicasts and routed in all attached networks.

31.  What kinds of NAT are available?

+A.  SNAT, DNAT, Server Load Balancing, Masquerading

B.  Hide-NAT, TNAT and INAT

C.  Inbound NAT

D.  Outbound NAT

32.  Which proxies are available on Astaro Security Gateway V7?

+A.  HTTP, SMTP, POP3, Generic, Ident, Socks

B.  Java, Marshalling, Routing

C.  Design Pattern Proxy

D.  Man in the Middle Proxy

33.  How many http profiles can be created for one source network?

A.  as much as you like

B.  two profiles

C.  one in standard or transparent mode and one with authentication

+D.  one single profile

34.  What kind of host-name is necessary, to join ASG to an Active Directory domain?

A.  more than 8 characters

B.  host-name requires at least one special character

+C.  full qualified domain name

D.  no special host-name is needed

35.  Name the HTTP Proxy Modes available on ASG V7.

+A.  Standard, Transparent, User Authentication, Active Directory, eDirectory

B.  Manual and Automatic

C.  Generic and Standard

D.  Static and Volatile

36.  Which certificate should be imported to your local browser/client when surfing the Internet via HTTPS Proxy to avoid SSL warning messages?

*A.  Signing CA

B.  Verification CA

C.  Global Verification CA

XD.  WebAdmin certificate

37.  Does Virus Protection also checks outgoing e-mails?

A.  No

B.  Yes

+C.  Yes, if "Scan relayed messages" is activated

D.  Only if the sender's e-mail address is added to "allowed users"

38.  What does Recipient Verification do?

XA.  Makes sure that the nslookup of the recipient domain is accurate.

B.  Checks that the domain of the sender is valid.

*C.  Checks that the person a message is destined for exists on your network.

D.  Checks that the person you are sending out to exists.

E.  Increased security to protect against malicious attachments

39.  What steps are necessary to quarantine e-mails containing Spam if you use the POP3 proxy?

A.  Activate POPS

*B.  Configure a user and a POP3 account in the End User Portal

XC.  Set the quarantine threshold to at least 10

+D.  Activate prefetching

40.  Which type of e-mails are *NOT* stored in the Quarantine Manager (QM)?

A.  Messages blocked by an expression

XB.  Messages blocked because they contain an attachment matching the files extension filter

C.  Infected messages

D.  Messages containing spam

*E.  Rejected Messages

41.  What happens to SPAM messages sent from hosts listed in Allowed Networks?

A.  It will get tagged

B.  It will get quarantined

+C.  It will be blocked if "Scan relayed messages" is activated

D.  It will get blackholed

42.  Which of the following tasks can the SMTP proxy perform?

+A.  It can provide Virus and Spam filtering.

+B.  It can shield the internal mail server from certain attacks.

XC.  It can act as a mail server for internal clients.

D.  It can deliver message-waiting notifications to users.

*E.  It can scan mails for harmful content.

43.  What is the fundamental precondition that the SMTP proxy will handle incoming E-mails?

A.  Setup e-mail encryption

B.  Setup packet filter rules

C.  Create a user account for every e-mail address

+D.  Define the domain name of your internal domain

44.  What does an Astaro Certified Engineer/Astaro Certified Administrator need to make sure of when routing mails to a specific domain by their MX record?

A.  The administrator must make sure that the firewall itself is the primary MX for the domain, since it has to receive all mails adressed to that MX.

+B.  The administrator must make sure that the firewall itself is NOT the primary MX for the domain, since it will not deliver mail to itself.

C.  That the MX record does not have more than one entry.

D.  Routing cannot be done using the MX record.

E.  The administrator must make sure that the firewall itself IS the primary MX record, as mail must be delivered both to the firewall, and forwarded to it as well.

45.  Regarding SMTP Authentication, Astaro Security Gateway supports SPA (Secure Password Authentication) which is an alternative encryption method.

A.  True

+B.  False