Download IBM Security Network Protection (XGS) V5.3.2 System Administration.C2150-620.PracticeTest.2018-02-15.33q.tqb

Vendor: IBM
Exam Code: C2150-620
Exam Name: IBM Security Network Protection (XGS) V5.3.2 System Administration
Date: Feb 15, 2018
File Size: 2 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
One XGS appliance in a financial company was running firmware version 5.2 for 2 years. The System Administrator upgraded the firmware to 5.3.2.3 because version 5.2 is no longer supported and enabled Any-Any-Any-Inspect rule in Outbound SSL Inspection Policy according to new company audit policy. After that, several users complain that their workstations cannot get Windows Update any more. 
What should the System Administrator do to resolve this issue?
  1. Use the Microsoft domain certificate application object and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  2. Enable Any-Any-Any- Privacy-sensitive Information-Ignore rule in Outbound SSL Inspection Policy and make sure the priority of this rule is higher than Any-Any-Any-Inspect.
  3. Create a domain certificate category application specifying *.update.microsoft.com in CN List and create an outbound SSL ignore rule with priority higher than Any-Any-Any-Inspect.
  4. Enable the Any-Any-Microsoft domain certificate-Ignore built-in rule in Outbound SSL Inspection Policy and male sure the priority of this rule is higher than Any-Any-Any-Inspect
Correct answer: A
Explanation:
Problem(Abstract) If Outbound SSL decryption is enabled on the XGS, Windows Updates fail. Resolving the problem To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:Action: IgnoreSource: AnyDestination: AnyDomain: Microsoft domain certificateReferences: http://www-01.ibm.com/support/docview.wss?uid=swg21903062
Problem(Abstract) 
If Outbound SSL decryption is enabled on the XGS, Windows Updates fail. 
Resolving the problem 
To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:
Action: Ignore
Source: Any
Destination: Any
Domain: Microsoft domain certificate
References: http://www-01.ibm.com/support/docview.wss?uid=swg21903062
Question 2
The System Administrator has configured Outbound SSL Inspection Policy for five SSL-enabled web sites. 
How can the SSL decryption errors for each web site be detected?
  1. By looking at System Events Logs
  2. By first enabling Alert on Failure
  3. By looking at Network Access Events Logs
  4. By looking at the SSL Connection Statistics Network Graph
Correct answer: B
Explanation:
Ensure that you selected the Alert On Success and Alert On Failure check boxes because they can help with the troubleshooting. References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 216
Ensure that you selected the Alert On Success and Alert On Failure check boxes because they can help with the troubleshooting. 
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 216
Question 3
The System Administrator of an oil and gas company has an XGS appliance deployed in the network below:
 
The appliance was working in Inline simulation mode and suddenly there was a power failure on the switch which causes link 1.2 on XGS to go down, However, port 1.1 on XGS remains up and hence the firewall keeps on sending the traffic to XGS appliance without realizing failure in the path. 
Which setting should be corrected in the Protection Interface policy to avoid this behavior?
  1. Ensure that Propagate link is set to No.
  2. Ensure that Propagate link is set to Yes.
  3. Ensure that hardware bypass mode is set to Fail Open.
  4. Ensure that hardware bypass mode is set to Fail Closed.
Correct answer: D
Explanation:
Hardware Bypass Modes Fail ClosedCloses the links for the interface pair and prevents any network traffic from passing through the appliance. Fail OpenAllows all network traffic to pass through the appliance. AutoIn non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). Note: On the XGS, there are two different bypass methods that are used:The hardware bypass is controlled by the physical network interfaces. The software bypass is controlled by the packet driver. References: http://www-01.ibm.com/support/docview.wss?uid=swg21882622
Hardware Bypass Modes 
  • Fail ClosedCloses the links for the interface pair and prevents any network traffic from passing through the appliance. 
  • Fail OpenAllows all network traffic to pass through the appliance. 
  • AutoIn non-HA modes, all traffic is allowed to pass through the appliance (fail open). In HA mode, interface links are closed and traffic is prevented from passing through the appliance (fail closed). 
Note: On the XGS, there are two different bypass methods that are used:
The hardware bypass is controlled by the physical network interfaces. 
The software bypass is controlled by the packet driver. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21882622
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!