7.26--7.28參加了Astaro的ACA(Astaro Certified Engineer)培訓,8.4參加了考試
You have passed the ACA (english) exam.
Score: 82%
Score Needed to Pass: 71%
Questions you answered incorrectly are highlighted in red.
Legend:
X - Incorrect answer you selected
+ - A correct answer
* - A correct answer you did not select
X - Incorrect answer you selected
+ - A correct answer
* - A correct answer you did not select
- 1. Name the available ASG Appliance Hardware?
- +A. 110/120, 220, 320, 425, 525
- B. 1,2,3,4,5
- C. 100, 200, 350, 450, 600
- D. 500/1000, 2000, 3000, 4000
- B. 1,2,3,4,5
- 2. What OS is Astaro Based on?
- +A. SLES10
- B. RedHat Enterprise 5.0
- C. OpenBSD 4.0
- D. MS Windows Server 2003 Rel. 2
- B. RedHat Enterprise 5.0
- 3. On which technique is the Web GUI is built upon?
- +A. Ajax
- B. Web2
- C. PowerWeb
- D. UserWeb
- B. Web2
- 4. On which Port is WebAdmin in ASG V7.x available by default?
- A. 443
- +B. 4444
- C. 8443
- D. 4430
- +B. 4444
- 5. What is the correct URL to access documentation resources for ASG?
- +A. http://www.astaro.com/kb
- B. http://www.astaro.de/documentation
- C. http://docs.astaro.org
- D. https://archive.astaro.org
- B. http://www.astaro.de/documentation
- 6. What does the installation wizard configure?
- +A. Basic configuration
- B. The GUI colors
- C. Networking setup
- D. Remote Admin Authenticationrn
- B. The GUI colors
- 7. Which information does the dashboard offer?
- +A. Version Information, Resource Usage, Threat Status, Interface Status, System Configuration
- B. Version Information, Resource Usage, Interface Status, System Configuration, Message of the day
- C. Traffic Statistics, Packet Filter Violations, Attack Status, *** Connection Status
- D. Model, Uptime, System Time, Admin Accounts, License ID
- B. Version Information, Resource Usage, Interface Status, System Configuration, Message of the day
- 8. What are Shortcuts useful for?
- A. To easily logout the admin session
- B. To remove pop ups
- C. To auto-fill forms
- +D. Bring up selection boxes and menus
- B. To remove pop ups
- 9. What parameters must be entered to get DynDNS running?
- +A. Username, Password, Hostname
- B. Peer DNS, Local DNS, Hostname
- C. DynDNS is not supported
- D. Upload the config-file provided by DynDNS
- B. Peer DNS, Local DNS, Hostname
- 10. Firmware updates keep the antivirus, antispam, intrusion prevention definitions as well as the online help up-to-date.
- XA. True
- *B. False
- 11. What happens if the number of IP addresses in your networks exceed the scope of your license?
- A. IP addresses not seen for a period of 24 hours will automatically be removed from the license counter.
- B. All IP adresses which exceeded the license limit will be blocked by ASG.
- +C. If the limit is exceeded you will receive an e-mail notification at regular intervals.
- D. License violations will be prosecuted if you dont reply to the regarding notifications within 10 working days.
- B. All IP adresses which exceeded the license limit will be blocked by ASG.
- 12. Which protocols does the Up2Date mechanism use in Astaro Security Gateway V7?
- A. IPSec
- B. HTTPS via Port 222
- +C. HTTPS via Port 443
- D. SCP via Port 22
- B. HTTPS via Port 222
- 13. How can I use Astaro Security Gateway as a central NTP distribution point?
- +A. Enable the "Network > NTP" server and allow the appropriate networks
- B. ASG broadcasts the current time automatically to all interfaces flagged "internal"
- C. There is no way to distribute time from ASG
- D. ASG allows to be queried from any local network automatically
- B. ASG broadcasts the current time automatically to all interfaces flagged "internal"
- 14. How is it possible to encrypt backups?
- A. Not at all.
- B. Manually after download, using a additional Software called BackupCrypt
- C. Automatically with the Backup-Crypt Plugin
- +D. By enabling the "Encrypt Backup" option and providing a password
- B. Manually after download, using a additional Software called BackupCrypt
- 15. What happens to my log files and reports if I turn the time back or forth?
- +A. The log lines will "jump around", time-wise.
- B. Nothing, since astaro uses the "Universal Astaro Timezone" for internal logging
- C. When turning back the time, no new log files will be written until the last entry is at least at the same time
- D. There is no timestamp in the logfiles, only a incremental counter
- B. Nothing, since astaro uses the "Universal Astaro Timezone" for internal logging
- 16. Which kind of Network Definitions can be created on ASG V7?
- +A. Host, Network, DNS host/group, Network group, and Availability group
- B. Single, Multiple, and Group
- C. Local, Remote, and Group
- D. NIS, YP, WINS, and Group
- B. Single, Multiple, and Group
- 17. Is it possible to nest Service Group Definitions?
- A. Yes
- +B. No
- C. With Groups of TCP Services only
- D. With Groups of UDP Services only
- +B. No
- 18. What are the service protocol types that can be defined in ASG V7?
- +A. TCP, UDP, TCP/UDP, ICMP, IP, ESP, AH, Groups of others
- B. HTTP, FTP, E-Mail
- C. Web, News, FTP
- D. CIFS, DNS, NFS, YP
- B. HTTP, FTP, E-Mail
- 19. Which definitions will be added for each Ethernet-type network interface automtically by ASG?
- A. media type, attached network, direction (external/internal)
- B. MAC Address, TX and RX count
- C. uptime, connectivity, speed
- +D. Address, Broadcast, Network
- B. MAC Address, TX and RX count
- 20. For which facilities will the system automatically create user objects, whenever an unknown Active Directory user successfully authenticates to a back-end mechanism?
- A. HTTP Single-Sign-On
- B. PPTP
- C. IPSec
- +D. User Portal, Webadmin
- B. PPTP
- 21. What are the types of static routes you can define on ASG?
- +A. Interface, Gateway, Blackhole
- B. Network, System, Gateway
- C. Nexthop, Lasthop, Intermediate
- D. Internet, Intranet, DMZ
- B. Network, System, Gateway
- 22. In which menu is the interface table of ASG to be seen?
- A. In "Network"
- +B. In "Support > Advanced > Interfaces Table"
- C. In "Network > Tables"
- D. In "Support > Interfaces"
- +B. In "Support > Advanced > Interfaces Table"
- 23. Is it possible to run PPPoA or PPPoE Interfaces over a virtual hardware?
- XA. Yes, it is pointless, though
- *B. No
- C. Only PPPoE
- D. Only PPPoA
- *B. No
- 24. What happens to packets not matching any routing table entry?
- +A. They are discarded, the sender will not be notified with "ICMP, No route to host"
- B. They are being sent back
- C. They are sent to a random gateway
- D. They are sent to the Quarantine
- E. They are discarded, the sender will be notified with "ICMP, No route to host"
- B. They are being sent back
- 25. What kind of function describes "Request Routing" on ASG?
- +A. The function to send different DNS requests to specific, responsible DNS servers
- B. The function to send different SMTP requests to specific, responsible SMTP servers
- C. The function to send different HTTP requests to specific, responsible HTTP servers
- D. There is no such feature
- B. The function to send different SMTP requests to specific, responsible SMTP servers
- 26. In which usage scenario should I set the DynDNS Set Wildcard Record?
- +A. To have www, smtp, imap, pop3 as "sub-domains" to your DynDNS name
- B. To redirect invalid requests to Google
- C. To redirect any request to a user-defined site
- D. To match multiple DNS hostname, which are all registered for the same IP address
- B. To redirect invalid requests to Google
- 27. Which modes are available for Uplink Balancing?
- XA. Router redundancy protocol support, router detour protocol
- B. Single mode, dual mode
- *C. Multipath, failover
- D. Single route, double route
- B. Single mode, dual mode
- 28. How does ASG handle packets when Spoof Protection is set on "normal"?
- A. The firewall will drop and log packets which either have the same source IP address as the interface itself or which arrive on an interface which has a source IP of a network assigned to another of its interfaces and also drop and log all packets which have a destination IP for an interface but arriving on an interface other than assigned.
- B. The packet filter will check the data packets for minimal length if the ICMP, TCP, or UDP protocol is used.
- +C. The firewall will drop and log packets which either have the same source IP address as the interface itself or which arrive on an interface which has a source IP of a network assigned to another of its interfaces.
- D. The firewall can "pick up" existing TCP connections that are not currently handled in the connection tracking table due to a network facility reset.
- B. The packet filter will check the data packets for minimal length if the ICMP, TCP, or UDP protocol is used.
- 29. For which protocols are connection tracking helpers available?
- A. TFTP, FTP, FTPS, IRC, MMS, PPTP
- B. SFTP, ESP, MMS, PPTP, TFTP
- +C. FTP, IRC, PPTP, TFTP
- D. FTP, IRC, MMS, L2TP, SKYPE
- B. SFTP, ESP, MMS, PPTP, TFTP
- 30. How does ASG V7 handels broadcasts?
- A. By default, all broadcasts are dropped, which in addition will be logged.
- +B. By default, all broadcasts are dropped, which in addition will not be logged.
- C. By default, all broadcasts (also multicasts) are routed in all attached networks.
- D. By default, all broadcasts are changed into unicasts and routed in all attached networks.
- +B. By default, all broadcasts are dropped, which in addition will not be logged.
- 31. What kinds of NAT are available?
- +A. SNAT, DNAT, Server Load Balancing, Masquerading
- B. Hide-NAT, TNAT and INAT
- C. Inbound NAT
- D. Outbound NAT
- B. Hide-NAT, TNAT and INAT
- 32. Which proxies are available on Astaro Security Gateway V7?
- +A. HTTP, SMTP, POP3, Generic, Ident, Socks
- B. Java, Marshalling, Routing
- C. Design Pattern Proxy
- D. Man in the Middle Proxy
- B. Java, Marshalling, Routing
- 33. How many http profiles can be created for one source network?
- A. as much as you like
- B. two profiles
- C. one in standard or transparent mode and one with authentication
- +D. one single profile
- B. two profiles
- 34. What kind of host-name is necessary, to join ASG to an Active Directory domain?
- A. more than 8 characters
- B. host-name requires at least one special character
- +C. full qualified domain name
- D. no special host-name is needed
- B. host-name requires at least one special character
- 35. Name the HTTP Proxy Modes available on ASG V7.
- +A. Standard, Transparent, User Authentication, Active Directory, eDirectory
- B. Manual and Automatic
- C. Generic and Standard
- D. Static and Volatile
- B. Manual and Automatic
- 36. Which certificate should be imported to your local browser/client when surfing the Internet via HTTPS Proxy to avoid SSL warning messages?
- *A. Signing CA
- B. Verification CA
- C. Global Verification CA
- XD. WebAdmin certificate
- B. Verification CA
- 37. Does Virus Protection also checks outgoing e-mails?
- A. No
- B. Yes
- +C. Yes, if "Scan relayed messages" is activated
- D. Only if the sender's e-mail address is added to "allowed users"
- B. Yes
- 38. What does Recipient Verification do?
- XA. Makes sure that the nslookup of the recipient domain is accurate.
- B. Checks that the domain of the sender is valid.
- *C. Checks that the person a message is destined for exists on your network.
- D. Checks that the person you are sending out to exists.
- E. Increased security to protect against malicious attachments
- B. Checks that the domain of the sender is valid.
- 39. What steps are necessary to quarantine e-mails containing Spam if you use the POP3 proxy?
- A. Activate POPS
- *B. Configure a user and a POP3 account in the End User Portal
- XC. Set the quarantine threshold to at least 10
- +D. Activate prefetching
- *B. Configure a user and a POP3 account in the End User Portal
- 40. Which type of e-mails are *NOT* stored in the Quarantine Manager (QM)?
- A. Messages blocked by an expression
- XB. Messages blocked because they contain an attachment matching the files extension filter
- C. Infected messages
- D. Messages containing spam
- *E. Rejected Messages
- XB. Messages blocked because they contain an attachment matching the files extension filter
- 41. What happens to SPAM messages sent from hosts listed in Allowed Networks?
- A. It will get tagged
- B. It will get quarantined
- +C. It will be blocked if "Scan relayed messages" is activated
- D. It will get blackholed
- B. It will get quarantined
- 42. Which of the following tasks can the SMTP proxy perform?
- +A. It can provide Virus and Spam filtering.
- +B. It can shield the internal mail server from certain attacks.
- XC. It can act as a mail server for internal clients.
- D. It can deliver message-waiting notifications to users.
- *E. It can scan mails for harmful content.
- +B. It can shield the internal mail server from certain attacks.
- 43. What is the fundamental precondition that the SMTP proxy will handle incoming E-mails?
- A. Setup e-mail encryption
- B. Setup packet filter rules
- C. Create a user account for every e-mail address
- +D. Define the domain name of your internal domain
- B. Setup packet filter rules
- 44. What does an Astaro Certified Engineer/Astaro Certified Administrator need to make sure of when routing mails to a specific domain by their MX record?
- A. The administrator must make sure that the firewall itself is the primary MX for the domain, since it has to receive all mails adressed to that MX.
- +B. The administrator must make sure that the firewall itself is NOT the primary MX for the domain, since it will not deliver mail to itself.
- C. That the MX record does not have more than one entry.
- D. Routing cannot be done using the MX record.
- E. The administrator must make sure that the firewall itself IS the primary MX record, as mail must be delivered both to the firewall, and forwarded to it as well.
- +B. The administrator must make sure that the firewall itself is NOT the primary MX for the domain, since it will not deliver mail to itself.
- 45. Regarding SMTP Authentication, Astaro Security Gateway supports SPA (Secure Password Authentication) which is an alternative encryption method.
- A. True
- +B. False