3COM certification 3COM
Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
BEA certification BEA Systems
Business Objects certification Business Objects
Check Point certification CheckPoint
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
COGNOS certification COGNOS
CompTIA certification CompTIA
CWNP certification CWNP
EC-Council certification EC-Council
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
F5 Networks certification F5 Networks
H3C certification H3C
HDI certification HDI
HP certification HP
Hitachi certification Hitachi
IBM certification IBM
Isaca certification Isaca
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper Networks
Lotus certification Lotus
LPI certification LPI
Microsoft certification Microsoft
Mile2 certification Mile2
Network Appliance certification Network Appliance
Nortel certification Nortel
Novell certification Novell
Oracle certification Oracle
PMI certification PMI
RedHat certification RedHat
RSA certification RSA Security
SAIR certification SAIR
SAS certification SAS Institute
SNIA certification SNIA
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Teradata certification Teradata
Tibco certification Tibco
Veritas certification Veritas
VMware certification VMware
All Exams

Nortel 920-440 Exam - CertifySky.com

Free 920-440 Sample Questions:

1. A customer has an OSPF network with clean and dirty OSPF routers. An ASF is between the two areas. Which routing protocol should be used for this network?
A. RIP
B. PIM
C. OSPF
D. DVMRP
Answer: C

2. In relation to generating Private Keys and Certificates on the ASA, which statement is NOT true?
A. The ASA can be used to produce a Certificate Signing Request (CSR)
B. Only certificates signed by a Certificate Authority can be used on the ASA
C. The ASA can import existing private keys and certificates created on other devices
D. The ASA can be used to create both a private key and corresponding SSL certificate
Answer: A

3. A customer has a HA-ASF5610 with port one used for public and port two for private LAN. Ports three through five are used for three DMZ networks. Ports six through nine connects an Director and a second Accelerator. Which method provides an effective increase to five DMZ zones?
A. Trunk port 3-5
B. Use a separate VLAN for each DMZ
C. Five tagged VLANs and MLT for ports 3-5
D. Two VLAN on port 3, two VLAN on port 4 and one VLAN for port 5
Answer: C

4. An Alteon Switched Firewall has to be integrated into an OSPF network. Which router types are supported in this scenario? (Choose three)
A. DR
B. ABS
C. ABR
D. ASBR
Answer: ACD

5. A customer has a single ASF5105 with a single DMZ FTP server. The customer intends to add two additional FTP servers and now expects a maximum of 350 Mbps throughput and connection rate of 4000 connections per second. What is the minimum configuration required to support this requirement?
A. Keep the ASF5105
B. Upgrade to ASF5109
C. Upgrade to ASF5308
D. Upgrade to ASF5112 plus Layer 2 switch
Answer: B

6. A switched firewall customer needs to support 500,000 concurrent and accelerated sessions plus 30,000 new connections per second. What is the minimum configuration required?
A. One SFA5600 + five SFD5010
B. Two SFA5600 + six SFD5010
C. Two SFA5700 + six SFD5010
D. One SFA5700 + five SFD5010
Answer: C

7. A portal providing HTTP/FTP services is using an ASF-5710 in redundant configuration with Software 2.0.3.0. The ASF is located between an incoming router and a Switch in different networks. The router should not see this device. The customer wants to hide this Firewall. Which solution will accomplish this objective?
A. Keep Software and use AntiSpoofing feature
B. Upgrade system to SW-Rel. 3.0 und use routing feature
C. Upgrade system to SW-Rel. 3.1 und use bridging feature
D. Keep Software and use SSH feature Add a stealth rule to the firewall
Answer: C

8. A small location needs an ASF connected directly to one web-server using 1000GB TX with a RJ45 connector. Connection rate is below 2000/sec. Which two ASFs meet this requirement? (Choose two.)
A. ASF5308
B. ASF5105
C. ASF5112
D. ASF5109
E. ASF5114
Answer: CE

9. A customer has purchased a 5700 series ASF Cluster running version 2.0. They have about 60 IP networks and about 6000 nodes behind the ASF. Because of their legacy IP deployment strategy it is not possible to summarize these networks. What will be the best design solution for this customer?
A. No design considerations are necessary
B. Upgrade to 3.0 because it's the latest code
C. Upgrade to 3.0 because is supports 16k routes
D. Upgrade to 3.0 because it supports 2.0 does not support Checkpoint NG
Answer: C

10. A customer currently has a single ASF and would like to go to an ASF Cluster for High availability. They have about 200 servers that use the ASF as their default gateway. What design constraints need to be considered to make sure that the servers still have the ability to communicate with devices on different IP networks?
A. VRRP is not required
B. The ASF will automatically assign new addresses for the Cluster
C. The default gateway on all the servers has to be changed to the new VRRP address.
D. No design constraints are necessary because the interface on the ASF becomes the VRRP address
Answer: D

11. Which ASF technology is used to upgrade all components in an ASF Cluster?
A. SSI
B. NAAP
C. RTSP
D. SecureXL
E. Checkpoint Clustering
Answer: A

12. A customer wants to deploy 40 ASF Clusters and would like to have granular management of their Firewall rules/policies. What would be the best way to support this requirement?
A. Use Alteon WebUI
B. Use Checkpoint Provider-1
C. Use Checkpoint policy server
D. Use the Alteon Security manager
E. This feature automatically comes with the ASF Cluster
Answer: E

13. A computer on a customer's private IP network needs to be accessed from the Internet and also needs to access resources on the Internet. What type of NAT implementation would work best in this scenario?
A. Hide NAT
B. Static NAT
C. Pooled NAT
D. Private NAT
E. No Natting is required
Answer: B

14. A customer is building a new e-commerce website and would like to ensure that only traffic with the source IP address of a given network be allowed to enter that firewall interface. What would be the best way to accomplish this?
A. Turn on OSPF
B. Disable IP routing
C. Add a static route to the ASF
D. Add a rule to the global properties
E. Turn on anti-spoofing on that interface
Answer: E

15. Why are routing protocols not recommended on a firewall?
A. They are inefficient
B. They do not work on firewalls
C. They slow down the CPU of the firewall
D. They are susceptible to bad route injection by hackers
Answer: D