IBM Security Network Protection (XGS) V5.3.2 System Administration (C2150-620) Free Practice Test

Question 1

One XGS appliance was deployed on the network edge in a financial company. The 5th rule of Outbound SSL Inspection Policy, Any-Any-Any-Inspect, is enabled. The Outbound SSL Certificate is also imported into the web browser of employees' workstations. The System Administrator found that most HTTPS traffic can be inspected except some that use SPDY protocol.
What should the System Administrator do if all HTTPS traffic must be inspected?

A. On the Destination tab of the Outbound SSL Rule, select Disable SPDY checkbox.

B. Add one Advanced Tuning Parameter network. http.spdy.enabled= false.

C. Instruct the employees to disable SPDY on their web browser.

D. On the Generation Configuration tab of the Outbound SSL Rule, select Disable SPDY checkbox.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A financial company wants to establish one rule to prevent employees accessing an online game using TCP port 5432 during office hours.
Which Application Object in Network Access Policy should the System Administrator use to accomplish this?

A. Domain Certificate Categories

B. Non-Web Applications

C. IP Reputation Categories

D. Web Applications

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

A System Administrator wants to configure two XGS appliances in an active/active high availability (HA) setup so that network traffic can fail over to the secondary XGS without missing inspection of any packets. The diagram below shows the current cabling setup between the redundant firewalls and routers and the 4 built in ports on the XGS appliances:

What is wrong with the cabling diagram?

A. One extra network cable is required between XGS A and XGS B. It can be plugged into either port 1.3 or 1.4 as long as it is the same port on both XGS appliances.

B. Four extra network cables are required: Cable 1) Firewall A to XGS B, port 1.3; Cable 2) Firewall B to XGS A, port 1.3; Cable 3) XGS A, port 1.4 to Router B; Cable 4) XGS B, port 1.4 to Router A.

C. Two extra network cables are required: one from XGS A port 1.3 to XGS B port 1.3 the other from XGS A port 1.4 to XGS B port 1.4.

D. The incorrect ports are being used on XGS B. The firewall and router should be plugged into ports 1.3 and 1.4 respectively.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

A Security Administrator wants to enable a block page to alert users when they attempt to access HTTP websites that are blocked due to a Network Access policy (NAP) rule.
How should the Administrator achieve this?

A. Add a NAP rule with an action of Drop.

B. Add a NAP rule with an action of Reject (Authenticate) and then create a special user group that has default action of Block HTTP.

C. Add a NAP rule with an action of Reject.

D. Add a NAP rule that has an action of Do Not inspect and then set the response object to Block Page.

Correct Answer: D

Question 5

The System Administrator for a financial organization wants to register an XGS appliance to SiteProtector. There are two SiteProtector Sites:
*
SiteProtector_1 in Strict mode has AgentManager_1 installed in it.
*
SiteProtector_2 in Compatible mode has AgentManager_2 installed in it.
The System Administrator has configured XGS SiteProtector Management policy as follows:

In which SiteProtector instance should this XGS appear as Active based on the above policy given that there are no other network issues?

A. XGS should be seen as Active in both SiteProtector sites.

B. XGS should be seen as Active in SiteProtector_1 only.

C. XGS should not be active in any of the SiteProtector sites.

D. XGS should be seen as Active in SiteProtector_2 only.

Correct Answer: D

Question 6

A specialized third- party appliance protects customer networks by detecting any data transmissions that do not meet the minimum security standards. The security officer wants to be alerted when machines on the customer network send data out of the internal LAN using a low encryption level and prevent them from doing so until the minimum level of encryption is met.
How can the XGS be configured to contain the exposed risk?

A. Enable all IPS signatures that are configured to detect the minimum encryption and configure the block response within the IPS policy.

B. Configure the ATP Agents policy to allow the third-party device to send a quarantine and enable responses in the ATP policy.

C. Enable the content analysis module and the associated signatures that are configured to detect the minimum encryption and configure the quarantine response within the IPS policy.

D. Configure the DLP device to send a message to the IPS Event filter policy and manipulate the IPS signature response to quarantine.

Correct Answer: A

Welcome to TestSimulate

IBM Security Network Protection (XGS) V5.3.2 System Administration (C2150-620) Free Practice Test