SNSP EXAM BEST PRACTICES AND OTHER BASICS ALL 85
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
Why must you enable load balancing with only 1 WAN
connection - ANSWER--To access the LB Groups and LB
Statistics sections of Failover and Load Balancing configuration
Which Probe menu should you select when configuring WAN
probes - ANSWER--Probe Succeeds when either main or
alternate target responds
Why should you always use X0 as a backup heartbeat link -
ANSWER--Because it is hardcoded in SonicOS
True or False: You should always configure X0's monitoring IP -
ANSWER--True
What happens if the WAN interface does not have the
monitoring IP configured - ANSWER--The secondary/Standby
unit directs the path to the Internet for GRID and License
Manager communication
,SNSP EXAM BEST PRACTICES AND OTHER BASICS ALL 85
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
True or False: The secondary unit is licensed automatically -
ANSWER--False
Why would you want to use Virtual MAC with an HA pair -
ANSWER--To reduce ARP convergence time during a failover
When using an HA pair what should you ensure is disabled on
the switchports on the switch - ANSWER--Spanning Tree
Protocol which can cause flapping effects when virtual MAC is
seen on multiple interfaces
True or False: Ensure all security services are enabled on proper
zones - ANSWER--True
If you do not plan on using BWM, should it still be enabled -
ANSWER--No
What settings use BWM - ANSWER--Access Rules with BWM
setting use the throttles, interface BWM settings, and priority
queues
, SNSP EXAM BEST PRACTICES AND OTHER BASICS ALL 85
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
True or False: Do not disable Allow Fragmented Packets on
access rules - ANSWER--True
What application firewall rules should be created to prevent
malware - ANSWER--Rules that restrict DNS, SSH, and Proxy-
Access applications
What can malicious applications leverage to redirect traffic to
illegitmate sites - ANSWER--DNS Cache Poisoning
True or False: You should create an Address Object and
AppRule to restrict the DNS protocol to only the Trusted DNS
Host - ANSWER--True
What is the recommend way to restrict SSH Protocol -
ANSWER--By using an Application Firewall rule since it's
possible to deviate from the standard SSH TCP 22
configuration
What additional CFS categories should be blocked - ANSWER--
CAT28 Hacking/Proxy Avoidence
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
Why must you enable load balancing with only 1 WAN
connection - ANSWER--To access the LB Groups and LB
Statistics sections of Failover and Load Balancing configuration
Which Probe menu should you select when configuring WAN
probes - ANSWER--Probe Succeeds when either main or
alternate target responds
Why should you always use X0 as a backup heartbeat link -
ANSWER--Because it is hardcoded in SonicOS
True or False: You should always configure X0's monitoring IP -
ANSWER--True
What happens if the WAN interface does not have the
monitoring IP configured - ANSWER--The secondary/Standby
unit directs the path to the Internet for GRID and License
Manager communication
,SNSP EXAM BEST PRACTICES AND OTHER BASICS ALL 85
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
True or False: The secondary unit is licensed automatically -
ANSWER--False
Why would you want to use Virtual MAC with an HA pair -
ANSWER--To reduce ARP convergence time during a failover
When using an HA pair what should you ensure is disabled on
the switchports on the switch - ANSWER--Spanning Tree
Protocol which can cause flapping effects when virtual MAC is
seen on multiple interfaces
True or False: Ensure all security services are enabled on proper
zones - ANSWER--True
If you do not plan on using BWM, should it still be enabled -
ANSWER--No
What settings use BWM - ANSWER--Access Rules with BWM
setting use the throttles, interface BWM settings, and priority
queues
, SNSP EXAM BEST PRACTICES AND OTHER BASICS ALL 85
QUESTIONS AND CORRECT DETAILED ANSWERS
|ALREADY GRADED A+
True or False: Do not disable Allow Fragmented Packets on
access rules - ANSWER--True
What application firewall rules should be created to prevent
malware - ANSWER--Rules that restrict DNS, SSH, and Proxy-
Access applications
What can malicious applications leverage to redirect traffic to
illegitmate sites - ANSWER--DNS Cache Poisoning
True or False: You should create an Address Object and
AppRule to restrict the DNS protocol to only the Trusted DNS
Host - ANSWER--True
What is the recommend way to restrict SSH Protocol -
ANSWER--By using an Application Firewall rule since it's
possible to deviate from the standard SSH TCP 22
configuration
What additional CFS categories should be blocked - ANSWER--
CAT28 Hacking/Proxy Avoidence
