Cyberoam Certified Network & Security Professional (CCNSP) Certification Test

Personal Information (Must to issue Certificate) write in CAPITAL letters Delegates Full Name Delegates Organization Name Delegates Email Address Delegates Phone Number Instructors name Test Date Location

Read the below questions carefully and circle the correct option from the alternatives presented. Question may have one or more correct options.

1. Which of the following is incorrect in terms of Cyberoam QoS module: A. QoS policy can be applied to only user / firewall rule. B. It is possible to allocate low bandwidth to Skype messenger. C. QoS policy can be strict or committed. D. QoS policy provides 8 level of bandwidth prioritization. 2. Whats default LAN IP of factory default Cyberoam appliance? A. Port-A: 172.16.16.16 B. Port-B: 172.16.16.16 C. Port-C: 172.16.16.16 D. None

Elitecore Technologies Ltd.

www.cyberoam.com 1

3. The below given figure is a network diagram of Blue Bird Technologies. Refer the given figure and answer questions listed below:

A. Which Cyberoam deployment would you suggest for the above scenario to the Blue Bird Technologies? During the initial formal discussion they pronounced that they dont mind replacing their existing firewall. a. Transparent Mode b. Gateway Mode c. Proxy Mode d. None of the above B. After suitable deployment, what will be the Gateway of LAN users? a. 61.0.5.2 b. 192.168.0.1 c. 61.0.5.1 d. None of the above

Elitecore Technologies Ltd.

www.cyberoam.com 2

C. Also, will the people in internal network (LAN), able to access the W eb Server deployed in DMZ. a. Create an ACCEPT rule from LAN to DMZ to allow access to web server b. Create Virtual Host rule for web server c. Either of the above d. None of the above D. If DNS located on the internet then how would you allow LAN users to access just the DNS server without authentication? a. Create LAN to WAN firewall rule to allow DNS IP b. Create LAN to WAN Any Live User firewall rule to allow DNS c. Create W AN to LAN firewall rule to allow DNS IP d. Create W AN to LAN firewall rule to allow Any Host 4. Multiple Cyberoam appliances can be registered using single email-id? A. True B. False 5. How many trials are available for demo appliance? A. 3 trials per registration B. 1 trial per registration C. 30 trials D. Unlimited 6. Which of the following things needs to be considered before upgrading the appliance: A. Take required downtime as sometime appliance might require to be rebooted. B. Take appliance backup for safety purpose. C. Download the backup on local computer. D. All of above.

7. Cyberoam version 10 Upgrade can be performed only from GUI ? A. Yes B. No, upgrade needs to be uploaded via GUI and can only be applied from CLI. C. No, upgrade needs to be uploaded via CLI and can only be applied from CLI. D. None of the above.

Elitecore Technologies Ltd.

www.cyberoam.com 3

8. Cyberoam is configured with following WAN links: WAN1 (10Mbps), W AN2 (20Mbps), W AN3 (5Mbps) Requirement: All internet user traffic of LAN should go out via WAN1, W AN3 All inbound / outbound traffic of DMZ segment should go via WAN2 Which of the following is the best configuration for above: A. WAN1: 2 W eight, W AN2: 0 Weight, WAN3: 1 Weight Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance Create firewall rule DMZ -> WAN and select Route Through Gateway: W AN2 Add source based routing for DMZ subnet under W AN2 B. WAN1: 2 W eight, W AN2: 0 Weight, WAN3: 1 Weight Create firewall rule LAN -> WAN and select Route Through Gateway: W AN1, WAN3 Create firewall rule DMZ -> WAN and select Route Through Gateway: W AN2 Add source based routing for DMZ subnet under W AN2 C. WAN1: 1 W eight, W AN2: 0 Weight, WAN3: 1 Weight Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance Create firewall rule DMZ -> WAN and select Route Through Gateway: W AN2 Add source based routing for DMZ subnet under W AN2 D. WAN1: 2 W eight, W AN2: 0 Weight, WAN3: 1 Weight Create firewall rule LAN -> WAN and select Route Through Gateway: Load Balance 9. Which of the following functionality is not offered by Cyberoam Firewall Module: A. Identity as matching criteria in the firewall rule. B. It can be deployed in Gateway (Layer3) / Bridge (Layer2) mode. C. It can provide NAT / PAT functionality in Layer2 (Bridge mode). D. Firewall module provides protection from Denial of Service (DoS) attacks. 10. For which of the following Instant Messengers Cyberoam can record the chat conversations? A. Yahoo and MSN B. All Messengers C. Yahoo, MSN, Google Talk D. None of above 11. Is it possible to set RSA SecureID token for SSL-VPN users and Active Directory Single Sign On (SSO) for internal LAN users? A. Yes B. No

Elitecore Technologies Ltd.

www.cyberoam.com 4

12. Scenario: SMTP server is in the DMZ zone. What firewall rules will I have to create to allow both internal & external access to the mail server? I wish to scan all the incoming emails. The MX ip is 203.88.135.194 & mail server internal ip address is 10.10.10.254. Following are the ip addresses configured on Cyberoam: Port A (LAN): 192.168.1.254 Port B (W AN): 203.88.135.194 Port C (DMZ): 10.10.10.1 Port D (LAN): 2.2.2.2 Select the most appropriate option from the following A. Option 1 a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as 10.10.10.254 b. Create W AN-DMZ firewall rule for SMTP service using the virtual host c. Create LAN-DMZ firewall rule for SMTP service using the virtual host d. Apply SMTP scanning on WAN-DMZ rule B. Option 2 a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1 b. Create W AN-DMZ firewall rule for SMTP service using the virtual host c. Create LAN-DMZ firewall rule for SMTP service using the virtual host d. Apply SMTP scanning on WAN-DMZ rule C. Option 3 a. Create a virtual host with external ip as 203.88.135.194 & mapped ip as 10.10.10.254 b. Create W AN-DMZ firewall rule for SMTP service using the virtual host c. Create LAN-DMZ firewall rule for SMTP service using the virtual host d. Apply SMTP scanning on LAN-DMZ rule D. Option 4 a. Create virtual host with external ip 203.88.135.194 & mapped ip as 10.10.10.1 b. Create W AN-DMZ firewall rule for SMTP service using the virtual host c. Create LAN-DMZ firewall rule for SMTP service using the virtual host d. Apply SMTP scanning on LAN-DMZ rule 13. Which of the following statement is wrong in terms of Cyberoam Web & Application Protocol Module? A. Its freely available with each appliance. B. In case of non-categorized website, one can create a custom category to allow / deny. C. Messengers & P2P applications can be blocked using this module. D. It can work in Gateway (Layer3) / Bridge (Layer2) deployment mode.

Elitecore Technologies Ltd.

www.cyberoam.com 5

14. Scenario: User1 should be allowed to access all type of websites except porn. User2 should be allowed to access only Electronics related websites. Select the most appropriate option from the following: A. For user1, create W eb Filter with template "Deny All" and deny "porn" category. For user2, create W eb Filter with template "Deny All" and allow "Electronics" category. B. For user1, create W eb Filter with template "Allow All" and deny "porn" category. For user2, create W eb Filter with template "Deny All" and allow "Electronics" category. C. For user1, create W eb Filter with template "Allow All" and deny "Adult" category. For user2, create W eb Filter with template "Deny All" and allow "Electronics" category. D. For user1, create W eb Filter with template "Allow All" and deny "porn" category. For user2, create W eb Filter with template "Deny All" 15. Which of the following statements are incorrect: A. IPS module supports protocol anomaly protection. B. IPS module allows creating custom IPS policy and signature. C. Cyberoam IPS is having less than 2000 signatures. D. Cyberoam IPS module need to be subscribed. 16. What action does Cyberoam take in case of POP3 / IMAP, when a virus is detected in the mail A. The virus infected attachment will be stripped from the message and the message body will be replaced with a notification message. B. Cyberoam does not support POP3 / IMAP scanning C. The virus infected message will be deleted and connection to the POP3/IMAP server will be lost D. None of the above 17. Which one of the following statement is incorrect? A. Cyberoam Antivirus gets updated automatically. B. Cyberoam can scan and block virus file transferred via Yahoo/MSN Messengers. C. Cyberoam cannot scan and block both file upload as well as download over HTTP/FTP. D. Clicking on "SMTP" scanning option in the firewall rule will enable both Antivirus / Antispam scanning. 18. Anti Spam -> Spam Rules is applied to: A. All the users for whom the AV/AS scanning is enabled B. Only to users those are using Cyberoam as an outbound mail server C. Only to users those are part of Open Group D. None of the above

Elitecore Technologies Ltd.

www.cyberoam.com 6

19. Which of the following statements are incorrect in terms of Cyberoam Anti-Spam functionality? A. Cyberoam can not drop IMAP/POP3 oversized mails. B. One can submit False Positive and Spam mails through http://csc.cyberoam.com C. Cyberoam use signature database to categorize spam mails. D. 5GB of disk space is reserved only for Antispam Quarantine. 20. How many IPSec Road W arrior VPN connections need to be created if 10 roaming users want to access central office ERP application from public network? A. One connection per user. B. One connection for all 10 users. C. One connection for each remote public IP. D. None of the above. 21. Which of the followings statement is incorrect in terms of Cyberoam VPN: A. Cyberoam supports PPTP / LT2P / IPSec VPN / SSL VPN protocols. B. Cyberoam Threat Free Tunneling (TFT) works for all protocols. C. Cyberoam provides VPN failover. D. VPN module is available in both Gateway / Bridge mode. 22. Is it true that Log Viewer data will get flush during reboot, shutdown? A. Yes B. No 23. I forgot the password of user Cyberoam in my appliance, what another username and password I should use to get the access of my appliance? A. Username: admin, Password: admin B. Username: cyberoam, Password: cyber C. Username: manager, Password: <blank> D. None of the above. 24. Default IPS policy can be used in the firewall rule to protect web server hosted in the DMZ

segment: A. Yes, as default policies are pre-configured for web servers. B. Yes, as default policies are fine tuned for optimum performance. C. No, as default policies contains mix set of signatures for all kind of servers. And traffic will get scanned with unwanted set of signatures. D. No, as default policies are only for Database Servers.
25. Which of the following tool can be used to see live traffic for any specific IP or protocol? A. Logs & Reports Log Viewer B. Logs & Reports View Reports C. System Packet Capture D. Firewall Rule

Elitecore Technologies Ltd.

www.cyberoam.com 7

26. In bridge mode deployment, Cyberoam provides which of following zones: A. LAN, W AN, DMZ B. LAN C. LAN, W AN D. All of Above 27. Cyberoam can be integrated with which of the following: A. LDAP B. TACACS+ C. Active Directory D. Radius E. All of the above 28. Is it true that Cyberoam never decrypt the HTTPS traffic in case if Antivirus scanning is turned off for HTTPS and only content filtering is enabled? A. No B. Yes 29. In which of the following conditions weight 0 (zero) should be assigned to any WAN interface? A. In case if W AN interface is for any specific purpose and shouldn't be used in load balancing B. In case if W AN interface is having very low bandwidth C. In case if W AN interface is PPPoE D. None of the above 30. Write best suitable VPN policy to be selected to satisfy below VPN requirement: Site to Site VPN Tunnel between Head Office and 15 Branch Offices. Branch Offices should always initiate the tunnel and in case of link failure it should do unlimited retries. Head Office should always respond Branch Office VPN request. In case of link failure it should terminate the tunnel after 3 retries and bring tunnel back into listening mode. Please, chose the correct option for above requirement:

At Head Office: VPN Policy: A. Default Policy B. DefaultBranchOffice C. DefaultHeadOffice Action on VPN Restart: A. Disable B. Respond Only C. Initiate

At Branch Office: VPN Policy: A. Default Policy B. DefaultBranchOffice C. DefaultHeadOffice Action on VPN Restart: A. Disable B. Respond Only C. Initiate

Elitecore Technologies Ltd.

www.cyberoam.com 8