Exam Title

: Nortel 920-440 : NNCDE Alteon Security Exam

Version : R6.1

www.prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com..

www.prepking.com

 1. A customer wants to access the Microsoft Outlook Web Access application through the Alteon SSL-VPN Secure Portal. What are the minimum features that need to be considered? A. Secure Portal and Authentication B. Secure Portal and SSL Client certificates C. Secure Portal, Java Application Tunnels and Authentication D. Outlook Web Access is not supported using the Secure Portal Answer: A

2. What would be the preferred use of the network ports in an Alteon SSL Accelerator 310 or 410 when deployed for SSL-VPN? A. Only use port 1 in a one armed solution. B. Connect port 1 to the public network or DMZ and port 2 towards the Intranet. C. Connect both ports to the same L2 switch using Multi Link Trunking for link redundancy and load sharing. D. Configure a one armed solution in conjunction with a load balancing switch and use port 2 for management only. Answer: B

3. Which statement best describes the use of Alteon SSL-VPN? A. SSL-VPN is purely used for Remote Access to selected applications. B. SSL-VPN can ONLY be used when accessing web server applications on the Intranet. C. SSL-VPN is used for both Remote Access and Branch-to-branch (LAN-to-LAN) applications. D. SSL-VPN can be considered a full replacement for IPsec based Remote Access for all applications. Answer: D

4. A customer requires 1000 simultaneous users and a High-Availability solution. The proposed solution will consist of two Alteon SSL Accelerators that are members of the same cluster. Even if one of the Alteon SLL Accelerators fails the solution should still be capable of terminating 1000 simultaneous users. How many and what kind of SSL-VPN licenses will be needed? A. Two 500 user licenses. B. Two 1000 user licenses.
www.prepking.com

 C. Only one 1000 user license for the cluster. D. 1000 user license and one 100 user license. Answer: B 5. Which of statement would provide the best DNS configuration for secure access to Intranet applications? A. The DNS setting is not that important since most of the communication uses IP addresses in any case. B. The preferred way is to configure an internal/Intranet based DNS server since the Internal hostnames should be kept separate from external users. C. The preferred way is to configure an external/Internet based DNS server since the Internal hostnames needs to be available for an external user to access the Alteon SSL-VPN. D. The configuration needs to send DNS queries to an external/Internet based DNS server since clients that access the Alteon SSL-VPN need the ability to perform reverse DNS look-ups. Answer: D

6. Which statement best describes the use of SSL Client certificates in the Alteon SSL-VPN solution when connecting to the Secure Portal? A. The use of SSL Client certificates is not supported using Alteon SSL-VPN. B. When using Client certificates the user connecting to the SSL-VPN unit will make sure that the SSL-VPN unit is the correct one, i.e. Server Authentication. C. When a user connects to the SSL-VPN unit the user is asked to provide a Client certificates to allow the SSL-VPN unit to verify that the client is allowed to connect, i.e. Client Authentication. No further authentication is needed to access the Secure Portal. D. When a user connects to the SSL-VPN unit the user is asked to provide a Client certificate to allow the SSL-VPN unit to verify that the client is allowed to connect, i.e. Client Authentication. Next, the user needs to provide the normal username / password credentials to access the Secure Portal. Answer: C

7. A customer wants access to a legacy host application using their own Telnet client application. What feature of the SSL-VPN solution would they need to use? A. Secure Portal only B. The built-in Terminal Access applet
www.prepking.com

 C. Port Forward applet Java application tunnel D. Support for third party Telnet clients is not supported Answer: B

8. A customer wants access to Microsoft file shares (SMB) on an Internal file server through the Alteon SSL-VPN Secure Portal. What are the minimum features that need to be considered? A. Secure Portal and Authentication B. Secure Portal and SSL Client certificates C. Secure Portal, Java Application Tunnels and Authentication D. Microsoft file shares (SMB) is not supported using the Secure Portal Answer: A

9. A customer wants to integrate the Alteon SSL-VPN solution with an existing Microsoft Windows NT 4.0 environment. What would be the preferred authentication method? A. NTLM B. LDAP C. RADIUS D. ASA local user database Answer: B

10. A customer wants to use the Clientless Browser mode. What minimum feature of the web browser should be supported? A. Support only clear-text HTTP, since the application tunnel will encrypt everything. B. Support only SSL to ensure that a secure communication channel can be established. C. Support both SSL and Java since all communication in Clientless browser mode is using the HTTP Proxy applet. D. Support both SSL and Java since all communication in Clientless browser mode is using the Port Forwarder applet. Answer: B

www.prepking.com

 11. A customer is using the Alteon SSL Accelerator with version 4.0 software for a normal HTTPS offload application. They would like to start testing the SSL-VPN feature for an internal web application. What additional software elements are needed before testing can start? A. They would need to buy an additional SSL-VPN license. B. They need to buy a third party SSL-VPN client software. C. Nothing, a 10-user SSL-VPN license is included by default in version 4.0. D. They would need to load special Alteon SSL Accelerator software and buy an additional SSL-VPN license. Answer: B

12. A customer intends to offer secure and tamper proof storage of cryptographic key material. Which platform will meet this requirement? A. ASA-100 B. ASA-310 C. ASA-310FIP D. AAS-2424-SSL Answer: D

13. A customer wants to deploy an SSL-VPN solution using a clean side and a dirty side network interface card. Which platforms would support this configuration? (Choose three) A. ASA-100 B. ASA-310 C. ASA-410 D. ASA-310FIPS E. AAS-2424-SSL Answer: BCD

14. A customer wants to deploy SSL VPN features and SSL offload features. Which platform would provide the best performance in terms of new SSL sessions? A. ASA-100
www.prepking.com

 B. ASA-310 C. ASA-410 D. ASA-310FIP E. AAS-2424-SSL Answer: D

15. A customer wants to run a web application through a Secure Portal. The Alteon SSL Accelerator will need to translate Intranet URL's to Internet URL's (application address translation) for the application to

work. Which statement is true in regards to this scenario? A. The internal web server needs to be re-programmed to allow for the URL rewrite to happen. B. The administrator needs to manually add a map list (Internal-to-external URL) to the configuration of each SSL-VPN domain. C. Application Address Translation is not a feature you can turn on/off, it is always enabled when running web applications through the Secure Portal. D. Application Address Translation requires an additional third party software proxy between the internal web servers and the Alteon SSL Accelerator to work. Answer: C

16. A designer implemented SSL VPN services in a data center. The server group is complaining that they are no longer able to track the users. How can this issue be addressed? A. Turn on connection pooling B. Add Via header in the HTTP menu C. Add X-forwarding-for header in the HTTP menu D. Configure Proxy IP addressing on the ingress ports Answer: C

17. An insurance company has built an application that allows customers to update their personal data. After deployment, server performance degraded dramatically and they now want to deploy an ASA solution. Current requirements are to provide end to end encryption, scale to 10 backend servers, and persistency maintained by the individual user. What is the best way to address this issue?
www.prepking.com

 A. Configure SSL Connect to the backend servers B. Configure SSL Connect to the L7 Load Balancer C. Turn on Hashing on the SSL Server group in the ASA D. Add a L7 Load Balancer after SSL traffic has been encrypted, before the origin servers Answer: A

18. Consider that a content site requires 3,500 new SSL transactions per second on their existing infrastructure. Which solution would provide adequate capacity to support this customer's needs?

A. Two (2) ASA iSD-410s B. Seven (7) ASA iSD-100s C. One (1) ASA iSD-410 AND Three (3) ASA iSD-100s D. One (1) ASA iSD-410 AND Three (3) ASA iSD-100s Answer: A

19. Which encryption algorithms are supported on the ASA? A. RC2, and DES3 B. DES, DES3 only C. DES and RC4(Streaming) only D. RC2, RC4(Streaming) DES, & DES3 E. DES3 encryption Only. Others available through upgrade. Answer: D

20. A designer wants to configure a cluster of ASAs. Which statement best describes the maximum characteristics of the cluster? A. One Master with 256 slaves B. Four Masters with up to 252 Slaves C. Two Masters with up to 256 slaves each D. One to 256 Masters with up to a total of 256 Slaves. Answer: B

www.prepking.com

 21. A customer has implemented an SSL VPN solution. Which topologies are available for this VPN solution? A. In path and out of path B. Single path and high available C. In path, out of path or dual path D. In path, out of path or high availability Answer: D

22. A design engineer deployed SSL acceleration services in a network. The security department has mandated that all SSL traffic use only the IETF standard -TLS 1.0. How should the design engineer configure the SSL Accelerator service to conform to this restriction? A. Restrict traffic to TLS 1.0 B. Do nothing, TLS 1.0 is the default setting. C. Enable TLS 1.0 & remove all others under /cfg/ssl/advanced/ciphers. D. Have everyone upgrade their browsers, newer browsers support TLS 1.0 only. Answer: A

23. The ASA supports Certificate Revocation Lists (CRLs). Which statement is NOT true? A. A local CRL can be defined on the ASA B. The CRL can be imported by TFTP into the ASA C. PEM, DER and ASCII are valid file formats for the CRL D. The CRL must be held by a root Certificate Authority (CA) Answer: BC

24. A customer is tasked to operate an e-commerce portal using HTTPS. The customer wants to enhance secure connection capacity and implement an Intrusion Detection System. The communication must be secure and encrypted to the web server. What are the necessary components required to meet this objective? A. One ASA B. One ASA, one Alteon Web Switch
www.prepking.com

 C. Two ASAs, one Alteon Web Switch D. Two ASAs, two Alteon Web Switches Answer: C

25. An engineer wants to design a network using transparent 443 redirection from a L4 switch. Which statement is true? A. PKCS10 B. ASA must be L2 attached C. Arp requests are needed for the VIP, standalone must be enabled. D. A route must be defined from the L4 switch to the ASA subnet if not L2 attached. Answer: B

26. Which option provides the ability to Load Balance SSL requests to multiple sites? A. End-2-End encryption B. Site Server Load Balancing C. Global Server Load Balancing D. IPSec Virtual Private Networks Answer: C

27. Which option adequately provides the necessary input to join an existing ASA Cluster? A. Port number for management network, IP Address, VLAN tag id, Management IP (MIP), existing admin password. B. Port number for management network, IP Address, Network Mask, VLAN tag id, Management IP (MIP), Cluster ID. C. Port number for management network, IP Address, Certificate ID, VLAN tag id, Management IP (MIP), existing admin password. D. Port number for management network, IP Address, Network Mask, VLAN tag id, Management IP (MIP), existing admin password. Answer: D

www.prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/920-440.htm