In the command save config from tftp 1.1.abcd.cfg merge, which function does the merge parameter specify?

A. The config file from the TFTP server will replace the configuration in RAM.

B. The config file from the TFTP server will replace the startup configuration file in internal flash.

C. The merge parameter is not valid for TFTP files, it is only valid for configuration files stored in internal flash.

D. The config file from the TFTP server will be combined with the configuration file in RAM and the combined result will be saved in internal flash.

Which statement about address configuration is correct?

A. Address groups cannot be used with VPN policies.

B. Address groups must be associated with a single zone.

C. You can create address groups as needed from within a policy.

D. You cannot reference individual addresses once they have been added to a group.

What should be done if you needed to create a policy to control DNS zone transfers, but allow DNS queries to go through?

A. Nothing, the pre-defined DNS service will work properly as defined

B. Create a custom service using TCP port 53 as the destination port

C. The predefined DNS service does not allow this type of configuration

D. Create a custom service only using UDP port 53 as the destination port

You have a host that is assigned an IP from private address space that needs to access public addresses on the internet. At the same time, a system from the public network needs to access the services of that system. You have plenty of public addresses available for use. Which type of NAT would you use?

A. VIP

B. MIP

C. NAT-dst

D. NAT-src

You enter the following command:

set int e8 dip 5 shift-from 10.1.1.5 1.1.10.2 1.1.10.40

What will be the source IP address of the egress packet for the second user requesting an address from

the DIP pool, if the source address of that user is 10.1.1.7?

A. 1.1.10.2

B. 1.1.10.3

C. 1.1.10.4

D. 1.1.10.40

You are defining a MIP on the zone called "Internet". To which subnet should you add the MIP?

A. any subnet

B. a 255.255.255.0 subnet

C. the same IP range as the zone

D. you can not have a zone called Internet

You have one VIP configured on your device, using public address 191.111.222.5. When you configure the policy, what will you select for the VIP, and where will you select it?

A. VIP::1 in the NAT-dst public field

B. VIP::1 as the destination address

C. VIP(191.111.222.5) in the NAT-dst public field

D. VIP(191.111.222.5) as the destination address

What needs to be configured during phase 2 of a route-based VPN, that does not have to be configured during a policy-based VPN?

A. Proxy-id

B. Tunnel-binding

C. Transport mode

D. Replay protection

E. Custom proposals

Which command can you use to view the log of IKE negotiations and results?

A. get event type 536

B. get ike cookie

C. get sa active

D. debug ike basic

-- Exhibit -

-- Exhibit -Click the Exhibit button.

In the exhibit, what is the correct command to configure a default route on the SSG 20?

A. set route 0.0.0.0/0 vrouter untrust

B. set route 0.0.0.0/0 interface e0/4 gateway 143.45.56.254

C. set route 0.0.0.0/0 interface e0/4 next-hop 143.45.56.254

D. set route 0.0.0.0/0 interface 143.45.56.1 gate 143.45.56.254