Cyberoam Certified Network & Security Professional (CCNSP)
Certification Test
Personal Information (Must to issue Certificate) write in CAPITAL letters
Read the below questions carefully and circle the correct option from the alternatives presented.
Question may have one or more correct options.
1. Which of the following is incorrect in terms of Cyberoam QoS module:
A. QoS policy can be applied to only user / firewall rule.
B. It is possible to allocate low bandwidth to Skype messenger.
C. QoS policy can be strict or committed.
D. QoS policy provides 8 level of bandwidth prioritization.
2. What’s default LAN IP of factory default Cyberoam appliance?
A. Port-A: 172.16.16.16
B. Port-B: 172.16.16.16
C. Port-C: 172.16.16.16
D. None
3. The below given figure is a network diagram of Blue Bird Technologies. Refer the given figure
and answer questions listed below:
A. Which Cyberoam deployment would you suggest for the above scenario to the Blue Bird
Technologies? During the initial formal discussion they pronounced that they don’t mind
replacing their existing firewall.
a. Transparent Mode
b. Gateway Mode
c. Proxy Mode
d. None of the above
B. After suitable deployment, what will be the Gateway of LAN users?
a. 61.0.5.2
b. 192.168.0.1
c. 61.0.5.1
d. None of the above
2
C. Also, will the people in internal network (LAN), able to access the Web Server deployed
in DMZ.
a. Create an ACCEPT rule from LAN to DMZ to allow access to web server
b. Create Virtual Host rule for web server
c. Either of the above
d. None of the above
D. If DNS located on the internet then how would you allow LAN users to access just the
DNS server without authentication?
a. Create LAN to WAN firewall rule to allow DNS IP
b. Create LAN to WAN Any Live User firewall rule to allow DNS
c. Create WAN to LAN firewall rule to allow DNS IP
d. Create WAN to LAN firewall rule to allow Any Host
4. Multiple Cyberoam appliances can be registered using single email-id?
A. True
B. False
5. How many trials are available for demo appliance?
A. 3 trials per registration
B. 1 trial per registration
C. 30 trials
D. Unlimited
6. Which of the following things needs to be considered before upgrading the appliance:
A. Take required downtime as sometime appliance might require to be rebooted.
B. Take appliance backup for safety purpose.
C. Download the backup on local computer.
D. All of above.
7. Cyberoam version 10 Upgrade can be performed only from GUI ?
A. Yes
B. No, upgrade needs to be uploaded via GUI and can only be applied from CLI.
C. No, upgrade needs to be uploaded via CLI and can only be applied from CLI.
D. None of the above.
3
8. Cyberoam is configured with following WAN links:
WAN1 (10Mbps), WAN2 (20Mbps), WAN3 (5Mbps)
Requirement:
All internet user traffic of LAN should go out via WAN1, WAN3
All inbound / outbound traffic of DMZ segment should go via WAN2
Which of the following is the best configuration for above:
A. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
B. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: WAN1, WAN3
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
C. WAN1: 1 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
D. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
9. Which of the following functionality is not offered by Cyberoam Firewall Module:
A. Identity as matching criteria in the firewall rule.
B. It can be deployed in Gateway (Layer3) / Bridge (Layer2) mode.
C. It can provide NAT / PAT functionality in Layer2 (Bridge mode).
D. Firewall module provides protection from Denial of Service (DoS) attacks.
10. For which of the following Instant Messengers Cyberoam can record the chat conversations?
A. Yahoo and MSN
B. All Messengers
C. Yahoo, MSN, Google Talk
D. None of above
11. Is it possible to set RSA SecureID token for SSL-VPN users and Active Directory Single Sign On
(SSO) for internal LAN users?
A. Yes
B. No
4
12. Scenario: SMTP server is in the DMZ zone. What firewall rules will I have to create to allow both
internal & external access to the mail server? I wish to scan all the incoming emails. The MX ip is
203.88.135.194 & mail server internal ip address is 10.10.10.254. Following are the ip addresses
configured on Cyberoam:
Port A (LAN): 192.168.1.254
Port B (WAN): 203.88.135.194
Port C (DMZ): 10.10.10.1
Port D (LAN): 2.2.2.2
Select the most appropriate option from the following
A. Option 1
a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as
10.10.10.254
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on WAN-DMZ rule
B. Option 2
a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on WAN-DMZ rule
C. Option 3
a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as
10.10.10.254
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on LAN-DMZ rule
D. Option 4
a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on LAN-DMZ rule
13. Which of the following statement is wrong in terms of Cyberoam Web & Application Protocol
Module?
A. It’s freely available with each appliance.
B. In case of non-categorized website, one can create a custom category to allow / deny.
C. Messengers & P2P applications can be blocked using this module.
D. It can work in Gateway (Layer3) / Bridge (Layer2) deployment mode.
5
14. Scenario:
User1 should be allowed to access all type of websites except porn.
User2 should be allowed to access only Electronics related websites.
Select the most appropriate option from the following:
A. For user1, create Web Filter with template "Deny All" and deny "porn" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
B. For user1, create Web Filter with template "Allow All" and deny "porn" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
C. For user1, create Web Filter with template "Allow All" and deny "Adult" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
D. For user1, create Web Filter with template "Allow All" and deny "porn" category.
For user2, create Web Filter with template "Deny All"
15. Which of the following statements are incorrect:
A. IPS module supports protocol anomaly protection.
B. IPS module allows creating custom IPS policy and signature.
C. Cyberoam IPS is having less than 2000 signatures.
D. Cyberoam IPS module need to be subscribed.
16. What action does Cyberoam take in case of POP3 / IMAP, when a virus is detected in the mail
A. The virus infected attachment will be stripped from the message and the message body
will be replaced with a notification message.
B. Cyberoam does not support POP3 / IMAP scanning
C. The virus infected message will be deleted and connection to the POP3/IMAP server will
be lost
D. None of the above
17. Which one of the following statement is incorrect?
A. Cyberoam Antivirus gets updated automatically.
B. Cyberoam can scan and block virus file transferred via Yahoo/MSN Messengers.
C. Cyberoam cannot scan and block both file upload as well as download over HTTP/FTP.
D. Clicking on "SMTP" scanning option in the firewall rule will enable both Antivirus /
Antispam scanning.
18. Anti Spam -> Spam Rules is applied to:
A. All the users for whom the AV/AS scanning is enabled
B. Only to users those are using Cyberoam as an outbound mail server
C. Only to users those are part of Open Group
D. None of the above
6
19. Which of the following statements are incorrect in terms of Cyberoam Anti-Spam
functionality?
A. Cyberoam can not drop IMAP/POP3 oversized mails.
B. One can submit False Positive and Spam mails through http://csc.cyberoam.com
C. Cyberoam use signature database to categorize spam mails.
D. 5GB of disk space is reserved only for Antispam Quarantine.
20. How many IPSec Road Warrior VPN connections need to be created if 10 roaming users want to
access central office ERP application from public network?
A. One connection per user.
B. One connection for all 10 users.
C. One connection for each remote public IP.
D. None of the above.
21. Which of the followings statement is incorrect in terms of Cyberoam VPN:
A. Cyberoam supports PPTP / LT2P / IPSec VPN / SSL VPN protocols.
B. Cyberoam Threat Free Tunneling (TFT) works for all protocols.
C. Cyberoam provides VPN failover.
D. VPN module is available in both Gateway / Bridge mode.
22. Is it true that Log Viewer data will get flush during reboot, shutdown?
A. Yes B. No
23. I forgot the password of user Cyberoam in my appliance, what another username and
password I should use to get the access of my appliance?
A. Username: admin, Password: admin
B. Username: cyberoam, Password: cyber
C. Username: manager, Password: <blank>
D. None of the above.
24. Default IPS policy can be used in the firewall rule to protect web server hosted in the DMZ
segment:
A. Yes, as default policies are pre-configured for web servers.
B. Yes, as default policies are fine tuned for optimum performance.
C. No, as default policies contains mix set of signatures for all kind of servers. And traffic
will get scanned with unwanted set of signatures.
D. No, as default policies are only for Database Servers.
25. Which of the following tool can be used to see live traffic for any specific IP or protocol?
A. Logs & Reports Log Viewer
B. Logs & Reports View Reports
C. System Packet Capture
D. Firewall Rule
7
26. In bridge mode deployment, Cyberoam provides which of following zones:
A. LAN, WAN, DMZ
B. LAN
C. LAN, WAN
D. All of Above
27. Cyberoam can be integrated with which of the following:
A. LDAP
B. TACACS+
C. Active Directory
D. Radius
E. All of the above
28. Is it true that Cyberoam never decrypt the HTTPS traffic in case if Antivirus scanning is turned off
for HTTPS and only content filtering is enabled?
A. No
B. Yes
29. In which of the following conditions weight 0 (zero) should be assigned to any WAN interface?
A. In case if WAN interface is for any specific purpose and shouldn't be used in load
balancing
B. In case if WAN interface is having very low bandwidth
C. In case if WAN interface is PPPoE
D. None of the above
30. Write best suitable VPN policy to be selected to satisfy below VPN requirement:
• Site to Site VPN Tunnel between Head Office and 15 Branch Offices.
• Branch Offices should always initiate the tunnel and in case of link failure it should do
unlimited retries.
• Head Office should always respond Branch Office VPN request. In case of link failure it
should terminate the tunnel after 3 retries and bring tunnel back into listening mode.
Please, chose the correct option for above requirement:
At Head Office: At Branch Office:
VPN Policy:
A. Default Policy
B. DefaultBranchOffice
C. DefaultHeadOffice
VPN Policy:
A. Default Policy
B. DefaultBranchOffice
C. DefaultHeadOffice
Action on VPN Restart:
A. Disable
B. Respond Only
C. Initiate
Action on VPN Restart:
A. Disable
B. Respond Only
C. Initiate
8
Certification Test
Personal Information (Must to issue Certificate) write in CAPITAL letters
Read the below questions carefully and circle the correct option from the alternatives presented.
Question may have one or more correct options.
1. Which of the following is incorrect in terms of Cyberoam QoS module:
A. QoS policy can be applied to only user / firewall rule.
B. It is possible to allocate low bandwidth to Skype messenger.
C. QoS policy can be strict or committed.
D. QoS policy provides 8 level of bandwidth prioritization.
2. What’s default LAN IP of factory default Cyberoam appliance?
A. Port-A: 172.16.16.16
B. Port-B: 172.16.16.16
C. Port-C: 172.16.16.16
D. None
3. The below given figure is a network diagram of Blue Bird Technologies. Refer the given figure
and answer questions listed below:
A. Which Cyberoam deployment would you suggest for the above scenario to the Blue Bird
Technologies? During the initial formal discussion they pronounced that they don’t mind
replacing their existing firewall.
a. Transparent Mode
b. Gateway Mode
c. Proxy Mode
d. None of the above
B. After suitable deployment, what will be the Gateway of LAN users?
a. 61.0.5.2
b. 192.168.0.1
c. 61.0.5.1
d. None of the above
2
C. Also, will the people in internal network (LAN), able to access the Web Server deployed
in DMZ.
a. Create an ACCEPT rule from LAN to DMZ to allow access to web server
b. Create Virtual Host rule for web server
c. Either of the above
d. None of the above
D. If DNS located on the internet then how would you allow LAN users to access just the
DNS server without authentication?
a. Create LAN to WAN firewall rule to allow DNS IP
b. Create LAN to WAN Any Live User firewall rule to allow DNS
c. Create WAN to LAN firewall rule to allow DNS IP
d. Create WAN to LAN firewall rule to allow Any Host
4. Multiple Cyberoam appliances can be registered using single email-id?
A. True
B. False
5. How many trials are available for demo appliance?
A. 3 trials per registration
B. 1 trial per registration
C. 30 trials
D. Unlimited
6. Which of the following things needs to be considered before upgrading the appliance:
A. Take required downtime as sometime appliance might require to be rebooted.
B. Take appliance backup for safety purpose.
C. Download the backup on local computer.
D. All of above.
7. Cyberoam version 10 Upgrade can be performed only from GUI ?
A. Yes
B. No, upgrade needs to be uploaded via GUI and can only be applied from CLI.
C. No, upgrade needs to be uploaded via CLI and can only be applied from CLI.
D. None of the above.
3
8. Cyberoam is configured with following WAN links:
WAN1 (10Mbps), WAN2 (20Mbps), WAN3 (5Mbps)
Requirement:
All internet user traffic of LAN should go out via WAN1, WAN3
All inbound / outbound traffic of DMZ segment should go via WAN2
Which of the following is the best configuration for above:
A. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
B. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: WAN1, WAN3
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
C. WAN1: 1 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
Create firewall rule DMZ -> WAN and select Route Through Gateway: WAN2
Add source based routing for DMZ subnet under WAN2
D. WAN1: 2 Weight, WAN2: 0 Weight, WAN3: 1 Weight
Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance
9. Which of the following functionality is not offered by Cyberoam Firewall Module:
A. Identity as matching criteria in the firewall rule.
B. It can be deployed in Gateway (Layer3) / Bridge (Layer2) mode.
C. It can provide NAT / PAT functionality in Layer2 (Bridge mode).
D. Firewall module provides protection from Denial of Service (DoS) attacks.
10. For which of the following Instant Messengers Cyberoam can record the chat conversations?
A. Yahoo and MSN
B. All Messengers
C. Yahoo, MSN, Google Talk
D. None of above
11. Is it possible to set RSA SecureID token for SSL-VPN users and Active Directory Single Sign On
(SSO) for internal LAN users?
A. Yes
B. No
4
12. Scenario: SMTP server is in the DMZ zone. What firewall rules will I have to create to allow both
internal & external access to the mail server? I wish to scan all the incoming emails. The MX ip is
203.88.135.194 & mail server internal ip address is 10.10.10.254. Following are the ip addresses
configured on Cyberoam:
Port A (LAN): 192.168.1.254
Port B (WAN): 203.88.135.194
Port C (DMZ): 10.10.10.1
Port D (LAN): 2.2.2.2
Select the most appropriate option from the following
A. Option 1
a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as
10.10.10.254
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on WAN-DMZ rule
B. Option 2
a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on WAN-DMZ rule
C. Option 3
a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as
10.10.10.254
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on LAN-DMZ rule
D. Option 4
a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1
b. Create WAN-DMZ firewall rule for SMTP service using the virtual host
c. Create LAN-DMZ firewall rule for SMTP service using the virtual host
d. Apply SMTP scanning on LAN-DMZ rule
13. Which of the following statement is wrong in terms of Cyberoam Web & Application Protocol
Module?
A. It’s freely available with each appliance.
B. In case of non-categorized website, one can create a custom category to allow / deny.
C. Messengers & P2P applications can be blocked using this module.
D. It can work in Gateway (Layer3) / Bridge (Layer2) deployment mode.
5
14. Scenario:
User1 should be allowed to access all type of websites except porn.
User2 should be allowed to access only Electronics related websites.
Select the most appropriate option from the following:
A. For user1, create Web Filter with template "Deny All" and deny "porn" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
B. For user1, create Web Filter with template "Allow All" and deny "porn" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
C. For user1, create Web Filter with template "Allow All" and deny "Adult" category.
For user2, create Web Filter with template "Deny All" and allow "Electronics" category.
D. For user1, create Web Filter with template "Allow All" and deny "porn" category.
For user2, create Web Filter with template "Deny All"
15. Which of the following statements are incorrect:
A. IPS module supports protocol anomaly protection.
B. IPS module allows creating custom IPS policy and signature.
C. Cyberoam IPS is having less than 2000 signatures.
D. Cyberoam IPS module need to be subscribed.
16. What action does Cyberoam take in case of POP3 / IMAP, when a virus is detected in the mail
A. The virus infected attachment will be stripped from the message and the message body
will be replaced with a notification message.
B. Cyberoam does not support POP3 / IMAP scanning
C. The virus infected message will be deleted and connection to the POP3/IMAP server will
be lost
D. None of the above
17. Which one of the following statement is incorrect?
A. Cyberoam Antivirus gets updated automatically.
B. Cyberoam can scan and block virus file transferred via Yahoo/MSN Messengers.
C. Cyberoam cannot scan and block both file upload as well as download over HTTP/FTP.
D. Clicking on "SMTP" scanning option in the firewall rule will enable both Antivirus /
Antispam scanning.
18. Anti Spam -> Spam Rules is applied to:
A. All the users for whom the AV/AS scanning is enabled
B. Only to users those are using Cyberoam as an outbound mail server
C. Only to users those are part of Open Group
D. None of the above
6
19. Which of the following statements are incorrect in terms of Cyberoam Anti-Spam
functionality?
A. Cyberoam can not drop IMAP/POP3 oversized mails.
B. One can submit False Positive and Spam mails through http://csc.cyberoam.com
C. Cyberoam use signature database to categorize spam mails.
D. 5GB of disk space is reserved only for Antispam Quarantine.
20. How many IPSec Road Warrior VPN connections need to be created if 10 roaming users want to
access central office ERP application from public network?
A. One connection per user.
B. One connection for all 10 users.
C. One connection for each remote public IP.
D. None of the above.
21. Which of the followings statement is incorrect in terms of Cyberoam VPN:
A. Cyberoam supports PPTP / LT2P / IPSec VPN / SSL VPN protocols.
B. Cyberoam Threat Free Tunneling (TFT) works for all protocols.
C. Cyberoam provides VPN failover.
D. VPN module is available in both Gateway / Bridge mode.
22. Is it true that Log Viewer data will get flush during reboot, shutdown?
A. Yes B. No
23. I forgot the password of user Cyberoam in my appliance, what another username and
password I should use to get the access of my appliance?
A. Username: admin, Password: admin
B. Username: cyberoam, Password: cyber
C. Username: manager, Password: <blank>
D. None of the above.
24. Default IPS policy can be used in the firewall rule to protect web server hosted in the DMZ
segment:
A. Yes, as default policies are pre-configured for web servers.
B. Yes, as default policies are fine tuned for optimum performance.
C. No, as default policies contains mix set of signatures for all kind of servers. And traffic
will get scanned with unwanted set of signatures.
D. No, as default policies are only for Database Servers.
25. Which of the following tool can be used to see live traffic for any specific IP or protocol?
A. Logs & Reports Log Viewer
B. Logs & Reports View Reports
C. System Packet Capture
D. Firewall Rule
7
26. In bridge mode deployment, Cyberoam provides which of following zones:
A. LAN, WAN, DMZ
B. LAN
C. LAN, WAN
D. All of Above
27. Cyberoam can be integrated with which of the following:
A. LDAP
B. TACACS+
C. Active Directory
D. Radius
E. All of the above
28. Is it true that Cyberoam never decrypt the HTTPS traffic in case if Antivirus scanning is turned off
for HTTPS and only content filtering is enabled?
A. No
B. Yes
29. In which of the following conditions weight 0 (zero) should be assigned to any WAN interface?
A. In case if WAN interface is for any specific purpose and shouldn't be used in load
balancing
B. In case if WAN interface is having very low bandwidth
C. In case if WAN interface is PPPoE
D. None of the above
30. Write best suitable VPN policy to be selected to satisfy below VPN requirement:
• Site to Site VPN Tunnel between Head Office and 15 Branch Offices.
• Branch Offices should always initiate the tunnel and in case of link failure it should do
unlimited retries.
• Head Office should always respond Branch Office VPN request. In case of link failure it
should terminate the tunnel after 3 retries and bring tunnel back into listening mode.
Please, chose the correct option for above requirement:
At Head Office: At Branch Office:
VPN Policy:
A. Default Policy
B. DefaultBranchOffice
C. DefaultHeadOffice
VPN Policy:
A. Default Policy
B. DefaultBranchOffice
C. DefaultHeadOffice
Action on VPN Restart:
A. Disable
B. Respond Only
C. Initiate
Action on VPN Restart:
A. Disable
B. Respond Only
C. Initiate
8
No comments:
Post a Comment