SNSP Exam - Best Practices and Other Basics Question
and Answers
Which interfaces cannot be configured as WAN a WAN interface - ANSWER -Link Speed to
interfaces - ANSWER -X0 and MGMT Auto Negotiate
User Default MAC address
Enable Flow Reporting
Fragment non-VPN outbound packets larger than
What is the default configuration of X1 - this Interfaces MTU
ANSWER -Static mode with IP of 0.0.0.0
MTU stands for what - ANSWER -Maximum
To avoid routing issues of X1 what should you Transmission Unit
ensure - ANSWER -It's assigned with a
valid non-zero IP address or configuring for
DHCP or PPPoE
On DSL and cable connections is the MTU size
generally lower or higher - ANSWER -
Lower
True or False: It is recommended to disassociate
the from the WAN zone if not in use -
ANSWER -True - Unassigned
How do you change the value of MTU -
ANSWER -In increments of 8 bytes
True or False: You should open HTTPS Mgmt up
on the WAN interface - ANSWER -False
True or False: Confirm that Ignore Don't
Fragment DF bit is unchecked - ANSWER -
True
True or False: Check the "Add rule to enable
redirect from HTTP to HTTPS" option when
configuring HTTPM management -
ANSWER -False True or False: Even if you only have 1 WAN
connection you should still enable "Enable Load
Balancing" - ANSWER -True
What can result from incorrect duplex settings on
the WAN - ANSWER -Inconsistent Internet
connection, slow throughput, dropped packets, Why must you enable load balancing with only 1
and inability to negotiate to an ISP connection WAN connection - ANSWER -To access
the LB Groups and LB Statistics sections of
Failover and Load Balancing configuration
What settings are default on the advanced tab of
1/7
, SNSP Exam - Best Practices and Other Basics Question
and Answers
Which Probe menu should you select when
configuring WAN probes - ANSWER - True or False: Ensure all security services are
Probe Succeeds when either main or alternate enabled on proper zones - ANSWER -True
target responds
If you do not plan on using BWM, should it still be
Why should you always use X0 as a backup enabled - ANSWER -No
heartbeat link - ANSWER -Because it is
hardcoded in SonicOS
What settings use BWM - ANSWER -
Access Rules with BWM setting use the throttles,
True or False: You should always configure X0's interface BWM settings, and priority queues
monitoring IP - ANSWER -True
True or False: Do not disable Allow Fragmented
What happens if the WAN interface does not Packets on access rules - ANSWER -True
have the monitoring IP configured -
ANSWER -The secondary/Standby unit
directs the path to the Internet for GRID and
License Manager communication What application firewall rules should be created
to prevent malware - ANSWER -Rules that
restrict DNS, SSH, and Proxy-Access
applications
True or False: The secondary unit is licensed
automatically - ANSWER -False
What can malicious applications leverage to
redirect traffic to illegitmate sites -
Why would you want to use Virtual MAC with an ANSWER -DNS Cache Poisoning
HA pair - ANSWER -To reduce ARP
convergence time during a failover
True or False: You should create an Address
Object and AppRule to restrict the DNS protocol
When using an HA pair what should you ensure to only the Trusted DNS Host - ANSWER -
is disabled on the switchports on the switch - True
ANSWER -Spanning Tree Protocol which
can cause flapping effects when virtual MAC is
seen on multiple interfaces
What is the recommend way to restrict SSH
2/7
and Answers
Which interfaces cannot be configured as WAN a WAN interface - ANSWER -Link Speed to
interfaces - ANSWER -X0 and MGMT Auto Negotiate
User Default MAC address
Enable Flow Reporting
Fragment non-VPN outbound packets larger than
What is the default configuration of X1 - this Interfaces MTU
ANSWER -Static mode with IP of 0.0.0.0
MTU stands for what - ANSWER -Maximum
To avoid routing issues of X1 what should you Transmission Unit
ensure - ANSWER -It's assigned with a
valid non-zero IP address or configuring for
DHCP or PPPoE
On DSL and cable connections is the MTU size
generally lower or higher - ANSWER -
Lower
True or False: It is recommended to disassociate
the from the WAN zone if not in use -
ANSWER -True - Unassigned
How do you change the value of MTU -
ANSWER -In increments of 8 bytes
True or False: You should open HTTPS Mgmt up
on the WAN interface - ANSWER -False
True or False: Confirm that Ignore Don't
Fragment DF bit is unchecked - ANSWER -
True
True or False: Check the "Add rule to enable
redirect from HTTP to HTTPS" option when
configuring HTTPM management -
ANSWER -False True or False: Even if you only have 1 WAN
connection you should still enable "Enable Load
Balancing" - ANSWER -True
What can result from incorrect duplex settings on
the WAN - ANSWER -Inconsistent Internet
connection, slow throughput, dropped packets, Why must you enable load balancing with only 1
and inability to negotiate to an ISP connection WAN connection - ANSWER -To access
the LB Groups and LB Statistics sections of
Failover and Load Balancing configuration
What settings are default on the advanced tab of
1/7
, SNSP Exam - Best Practices and Other Basics Question
and Answers
Which Probe menu should you select when
configuring WAN probes - ANSWER - True or False: Ensure all security services are
Probe Succeeds when either main or alternate enabled on proper zones - ANSWER -True
target responds
If you do not plan on using BWM, should it still be
Why should you always use X0 as a backup enabled - ANSWER -No
heartbeat link - ANSWER -Because it is
hardcoded in SonicOS
What settings use BWM - ANSWER -
Access Rules with BWM setting use the throttles,
True or False: You should always configure X0's interface BWM settings, and priority queues
monitoring IP - ANSWER -True
True or False: Do not disable Allow Fragmented
What happens if the WAN interface does not Packets on access rules - ANSWER -True
have the monitoring IP configured -
ANSWER -The secondary/Standby unit
directs the path to the Internet for GRID and
License Manager communication What application firewall rules should be created
to prevent malware - ANSWER -Rules that
restrict DNS, SSH, and Proxy-Access
applications
True or False: The secondary unit is licensed
automatically - ANSWER -False
What can malicious applications leverage to
redirect traffic to illegitmate sites -
Why would you want to use Virtual MAC with an ANSWER -DNS Cache Poisoning
HA pair - ANSWER -To reduce ARP
convergence time during a failover
True or False: You should create an Address
Object and AppRule to restrict the DNS protocol
When using an HA pair what should you ensure to only the Trusted DNS Host - ANSWER -
is disabled on the switchports on the switch - True
ANSWER -Spanning Tree Protocol which
can cause flapping effects when virtual MAC is
seen on multiple interfaces
What is the recommend way to restrict SSH
2/7
