You have only one public IP address available and you must allow external access to three servers on a DMZ network. Which two NAT types would allow you to accomplish your objective? (Choose two.)

A. MIP

B. VIP

C. NAT-dst

D. NAT-src

You are receiving 3000 SYN packets per second from multiple outside sources to the same destination IP address in your network. You want the SYN proxy Screen option to engage when SYN packets exceed 2000 per second, but the SYN proxy is not engaging. What is causing the problem?

A. The SYN packets are being sent to multiple destination ports.

B. The alarm threshold is too high.

C. The destination threshold is too high.

D. The option to only generate alarms without dropping packets is set to ON.

You have configured deep-packet inspection on a ScreenOS device. You have not modified the default threshold values. The device detects a single session that matches an attack. Which two actions can you configure the device to take? (Choose two.)

A. Close the connection and disallow further connections from the client to the server.

B. Close the connection and rate-limit further connections to the server.

C. Discard all additional packets related to the session.

D. Send a TCP RST message to both the client and server.

You are the administrator of a NetScreen 5GT. The system administrator cannot use SSH to log in to the NetScreen 5GT. Referring to the exhibit, what is the problem?

SSH V2 is active ns5gt-> get int et1 Interface ethernet1: description ethernet1 number 2, if_info 176, if_index 0, mode nat link up, phy-link up/full-duplex status change:1, last change:02/06/1997 18:02:32 vsys Root, zone Trust, vr trust-vr dhcp client disabled PPPoE disabled admin mtu 0, operating mtu 1500, default mtu 1500 *ip 192.168.1.1/24 *manage ip 192.168.1.1, route-deny disable pmtu-v4 disabled ping enabled, telnet enabled, SSH enabled, SNMP enabled web enabled, ident-reset disabled, SSL enabled SSH is enabled SSH is ready for connections Maximum sessions: 3 Active sessions: 3

A. Interface eth1 does not permit logins using SSH.

B. SSH is not enabled on the NetScreen 5GT.

C. Interface eth1's link status is down.

D. The maximum SSH session has been used.

You are the administrator of a NetScreen 5GT. For troubleshooting purposes, you must be able to ping untrusted interfaces. Referring to the exhibit, how do you enable ping for interface eth2?

ns5gt-> get int eth2 Interface ethernet2: description ethernet2 number 8, if_info 704, if_index 0, mode route link up, phy-link up/full-duplex status change:7, last change:09/26/2012 23:08:22 vsys Root, zone Untrust, vr trust-vr dhcp client disabled PPPoE disabled admin mtu 0, operating mtu 1500, default mtu 1500 *ip 171.211.111.111/30 mac 0014.f693.edc8 *manage ip 171.211.111.111, mac 0014.f693.edc8 route-deny disable pmtu-v4 disabled ping disabled, telnet enabled, SSH disabled, SNMP disabled web enabled, ident-reset disabled, SSL disabled DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0 OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled PIM: not configured IGMP not configured MLD not configured NHRP disabled bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps] configured ingress mbw 0kbps, current bw 0kbps total allocated gbw 0kbps DHCP-Relay disabled at interface level DHCP-server disabled

A. ns5gt-> unset int eth2 manage-ip ping

B. ns5gt-> set int eth2 manage ping

C. ns5gt-> enable int eth2 manage ping

D. ns5gt-> set int eth2 manage-ip ping

Given the output shown in the exhibit, which command would you use to view the number of attacks that have been blocked by the Screen options on the Untrust zone?

A. ssg5-> get counter screen interface ethernet2/1

B. ssg5-> get zone Untrust screen

C. ssg5-> get counter screen zone Untrust

D. ssg5-> get counter statistics interface ethernet2/1

What is a zone?

A. a set of rules that controls traffic from a specified source to a specified destination using a specified service

B. a collection of subnets and interfaces sharing identical security requirements

C. a method of providing a secure connection across a network

D. a tool to protect against DoS attacks

What is the function of NAT?

A. It performs Layer 3 routing.

B. It evaluates and redirects matching traffic into secure tunnels.

C. It provides translation between IP addresses.

D. It performs Layer 2 switching.

In the exhibit, you have configured the MIP address 1.1.8.64 on a ScreenOS device. Which statement is correct?

A. It performs one-to-one address translation and maps 1.1.8.64 to 10.1.10.64.

B. It performs one-to-many address translation and maps 1.1.8.64 to a range from 10.1.10.64 to 10.1.10.71.

C. It performs range address translation and maps 1.1.8.64 to 10.1.10.64, 1.1.8.65 to 10.1.10.65, etc..

D. It performs address translation using a random IP address from the pool for 10.1.10.64/29.

You are using NSRP and enable preempt on a device with a priority of 120. The other device has the default priority set. What will be the result of this action?

A. The device will become master immediately.

B. The device will only become master if the device with default priority fails.

C. The device will wait the defined holdtime period and then take over as master.

D. The device will enter a pending state until the next maintenance window and then assume the master role.