Download SNSA sonicOS 7 Exam: Questions and Answers and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
2025 SNSA sonicOS 7 EXAM|ACTUAL 100 QUESTIONS AND
ANSWERS|LATEST UPDATE|ALREADY GRADED A+
Which interface should be selected when configuring routes for a route-based vpn?
- interface from where trafic is generated
- multiple wan interface
- any physical interfacewhich is aktiv
- tunnel interface Tunnel interface Nsm on-prem offers large-scale centralized management of gen 7 devices only.
- True
- False False When used in conjunction with sonicwall firewalls, capture client enables visibility into encrypted traffic through the management of trusted ssl certificate used for deep packet inspection of ssl/tls trafic
- True
- False
True Which feature of the sonicwall is used to monitor and investigate individual data packets that flow through the sonicwall firewall?
- network probes
- packet monitor
- packet replay
- system diagnostics Packet monitor In which of the following formats can a snapshot of the packet monitor output be exported? (Select all that apply)
- pcap
- html
- plain text
- xml
- excel chart **- pcap
- html
- plain text**
- inform Alert Which of the following can be used to track potential security threats, as well as policy or compliance violation?
- auditing logs
- connections
- system logs
- appflow monitor Auditing logs Which of the following routing protocols are supported in sonicos for nsvs? (Select all that apply)
- IS-IS
- ospfv
- ospfv
- ripng
- EIGRP
- RIP
**- ospfv
- ospfv
- RIP** Which authentication method is recommended for a relatively small and limited number of users?
- configure radius
- configure ldap
- local users
- configure sso Local users What type of interfaces can be configured in an nsv? (Select all that apply)
- L2TP interface
- 4to6 tunnel interface
- virtual interface
- point-to-point interface
- vpn tunnel interfaces **- 4to6 tunnel interface
- virtual interface
- vpn tunnel interfaces**
What are the key fetures of sonicwall next-gen virtual firewals? (Select all that apply)
- operational complexity
- network segmentation
- flexible deployment
- single-layer security system
- application intelligence and control
- network segmentation
- flexible deployment
- application intelligence and control The sonicwall firewall does not temporarily block the traffic while waiting for user and ip information from the sso agent.
- True
- False False
After the sso agent returns the user information, the firewall will query the configured authentication server to obtain which of the following?
- group membership
- user principal name
- distinguished names
- user login credentials Group membership Which diagnostic tool in sonicos is used to find the location of an IP address?
- path ping
- trace route
- ping
- network path Trace route Select the connectivity test that you can complete on the check network settings page (Select all that apply)
Which feature in sonicos chooses the best destination interface to route trafic based performance metric?
- WAN failover
- route policies
- wan acceleration
- sd-wan Route policies What are the two methods of remote access provided by ssl vpn?
- portal-based and remote desktop connection-based (rdp)
- portal-based and remote shell-based
- portal-based and software client-based
- none of the above Portal-based and software client-based What group must ssl-vpn users/groups belong to in order to connect through the netextender client?
- vpn users
- ssl-vpn group
- sslvpn services
- ssl users Sslvpn services Route-based vpns do not support dynamic routing.
- True
- False True If a sonicwall firewall administrator has to make frequent changes to networks participating in a site-to-site VPN, which type of vpn would be the best choice?
- remote access with gvc
- policy- based vpn
- ssl-vpn
What are the two parts of a complete bandwidth management policy?
- Classifier and bandwidth rule
- Classifier and access rule
- Classifier and action object
- Classifier and bmw object Classifier and bmw object Which object is used to limit specific non-business, streaming applications like Youtube or facebook?
- dynamic external object
- bmw object
- custom object
- aws object Bmw object
What is the character limit of the comment field? 16 32 64 128 32 While configuring a NAT policy what is the default original source?
- lan subnets
- wan subnets
- any
- original Any Which of the following are the default zone security type? (Select all that apply)
- sonicwall cfs has 64 categories, and each category has a number and a name
- sonicwall cfs rates websites and groups them under a category, according to the nature of the website.
- the rating of a website url is obtained by the sonicwall firewall from the cfs server
- all the answers are true
- sonicwall cfs rates websites and groups them under a category, according to the nature of the website.
- the rating of a website url is obtained by the sonicwall firewall from the cfs server The exclude administrator option on the cfs page is disabled by default. True False False Identify some best practices related to applcontrol configuration. (Select all that apply)
- distribute bandwidth utilization equally across all applications
- enable logging, as needed, per application
- assign common access rules to all users, regardless of groups
- rate-limit application traffic
- enable logging, as needed, per application
- assign common access rules to all users, regardless of groups Which of the following sonicos feature will help apply very specific and custom controls over a users access to network resources and particular applications or services?
- app control
- wan isp failover
- client dpi-ssl App control Wich object type represents the condition that must be met in an app rule policy?
- address object
- match object
- bandwidth object
- host
- network
- range Which of the following is a correct subnet mask (Select all that apply) 255.255.255. 255.224.0. 255.255.255. All are correct All are correct HA Primary and Secondary firewalls will habe different settings.
- True
- False False
Which option is recommended to be left disabled when using stateful HA?
- Enable Preempt mode
- enable virtual MAC
- Generate/overwrite backup settings when upgrading firmware
- leaving the mode set to none Enable Preempt mode What are the two probe methods that you can use for logical probes?
- tcp
- arp
- ping
- udp
- tcp
- ping
