High Quality Cisco 300-207 Dumps with Accurate Answers

100% Valid And Pass With latest Cisco 300-207 exam dumps, you will never fail your Cisco 300-207 exam.All the questions and answers are updated and added to the new version timely by our experts.Also now Flydumps is offering free Cisco 300-207 dumps VCE player and PDF files for free on their website:www.passsoon.com/300-207.html

300-207 dumps

QUESTION 34
Which Cisco WSA is intended for deployment in organizations of more than 6000 users?
A. WSA S370
B. WSA S670
C. WSA S370-2RU
D. WSA S170
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 35
Which command verifies that the correct CWS license key information was entered on the Cisco ASA?
A. sh run scansafe server
B. sh run scansafe
C. sh run server
D. sh run server scansafe
Correct Answer: B Explanation
Explanation/Reference: QUESTION 36
Which five system management protocols are supported by the Cisco Intrusion Prevention System? (Choose five.)
A. SNMPv2c
B. SNMPv1
C. SNMPv2
D. SNMPv3
E. Syslog

F. SDEE
G. SMTP
Correct Answer: ABCFG Explanation
Explanation/Reference:
QUESTION 37
Which four statements are correct regarding management access to a Cisco Intrusion Prevention System? (Choose four.)
A. The Telnet protocol is enabled by default
B. The Telnet protocol is disabled by default
C. HTTP is enabled by default
D. HTTP is disabled by default
E. SSH is enabled by default
F. SSH is disabled by default
G. HTTPS is enabled by default
H. HTTPS is disabled by default
Correct Answer: BDEG Explanation
Explanation/Reference:
QUESTION 38
Which two GUI options display users’ activity in Cisco Web Security Appliance? (Choose two.)
A. Web Security Manager Identity Identity Name
B. Security Services Reporting
C. Reporting Users
D. Reporting Reports by User Location
Correct Answer: CD Explanation
Explanation/Reference:

300-207 dumps
QUESTION 39
The security team needs to limit the number of e-mails they receive from the Intellishield Alert Service. Which three parameters can they adjust to restrict alerts to specific product sets? (Choose three.)
A. Vendor
B. Chassis/Module
C. Device ID
D. Service Contract
E. Version/Release
F. Service Pack/Platform
Correct Answer: AEF Explanation
Explanation/Reference:
QUESTION 40
What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.)
A. Alert Summary as Text
B. Complete Alert as an HTML Attachment
C. Complete Alert as HTML
D. Complete Alert as RSS
E. Alert Summary as Plain Text
F. Alert Summary as MMS
Correct Answer: ABC Explanation
Explanation/Reference:
QUESTION 41
With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic?
A. protocol
B. rate
C. bandwidth
D. limit
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 42
Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.)
A. It configures system polices for NAC devices.
B. It forwards traffic to destination devices.
C. It provides statistics for device health.
D. It replaces syslog, RADIUS, and TACACS+ servers.
E. It automatically detects Cisco security appliances to configure.
Correct Answer: CE Explanation
Explanation/Reference:
QUESTION 43
Which Cisco monitoring solution displays information and important statistics for the security devices in a network?
A. Cisco Prime LAN Management
B. Cisco ASDM Version 5.2
C. Cisco Threat Defense Solution
D. Syslog Server

E. TACACS+
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 44
Which three search parameters are supported by the Email Security Monitor? (Choose three.)
A. Destination domain
B. Network owner
C. MAC address
D. Policy requirements
E. Internal sender IP address
F. Originating domain
Correct Answer: ABE Explanation
Explanation/Reference:
QUESTION 45
Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?
A. the IntelliShield Threat Outbreak Alert
B. IntelliShield Alert Manager vulnerability alerts
C. the IntelliShield Alert Manager historical database
D. the IntelliShield Alert Manager web portal
E. the IntelliShield Alert Manager back-end intelligence engine
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 46
A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.)
A. Anomaly detection operational mode
B. Inline TCP session tracking mode
C. Normalizer mode
D. Load-balancing mode
E. Inline and Promiscuous mixed mode
F. Fail-open and fail-close mode
Correct Answer: ABC Explanation
Explanation/Reference:
QUESTION 47
What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?
A. Inline; fail open
B. Inline; fail closed
C. Promiscuous; fail open
D. Promiscuous; fail closed
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 48
Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.)
A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).
B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).
C. Implement redundant IPS and make data paths symmetrical.
D. Implement redundant IPS and make data paths asymmetrical.
E. Use NIPS only for small implementations.
Correct Answer: AC Explanation
Explanation/Reference:
QUESTION 49
Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?
A. sensor# configure terminal sensor(config)# service sensor sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500
B. sensor# configure terminal sensor(config)# service host sensor(config-hos)# network-settings parameter ftp sensor(config-hos-net)# ftp-timeout 500
C. sensor# configure terminal sensor(config)# service host sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500
D. sensor# configure terminal sensor(config)# service network sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500
Correct Answer: C Explanation Explanation/Reference:
QUESTION 50
What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.)
A. SPAN does not introduce latency to network traffic.
B. SPAN can perform granular scanning on captures of per-IP-address or per-port monitoring.
C. Promiscuous Mode can silently block traffic flows on the IDS.
D. SPAN can analyze network traffic from multiple points. Correct Answer: AD
Explanation Explanation/Reference:
QUESTION 51
What are the initial actions that can be performed on an incoming SMTP session by the workqueue of a Cisco Email Security Appliance?
A. Accept, Reject, Relay, TCPRefuse
B. LDAP Verification, Envelope Sender Verification, Bounce Verification, Alias Table Verification
C. Recipient Access Table Verification, Host DNS Verification, Masquerading, Spam Payload Check
D. SMTP Authentication, SBRS Verification, Sendergroup matching, DNS host verification Correct Answer: A
Explanation Explanation/Reference:
QUESTION 52
Refer to the exhibit.

What CLI command generated the output?
A. smtproutes
B. tophosts

Free Cisco 200-125 practice questions for Cisco 300-207 dumps. These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the Cisco 300-207http://www.passsoon.com/300-207.html 

Related More Official Informations: 300-207 SITCS – Cisco

Article Link: http://www.ccna100-101.com/free-download-realistic-cisco-300-207-dumps-with-pdf-format.html

100% Pass Cisco 350-018 Dumps Exam: Cisco – CCIE Security written

350-018 dumps

Hi,I just took Cisco 350-018 dumps test and passed with a great score.All examcollection and securitytut dump are no longer valid anymore.I recommend studying Exampass Premium VCE.I can confirm that Cisco 350-018 new questions appear on my test. Keep up the good work and good luck: http://www.itcertworld.com/350-018.html

QUESTION 102
What statement is NOT correct based on the display output below? MDS1# show ivr vsan- topology active AFID SWITCH WWN Active Cfg. VSANS
1 20:00:00:05:30:00:7a:de * yes yes 202,205 1 20:00:00:0c:30:6c:24:40 yes yes 205,298 Total: 2 entries in active IVR VSAN-Topology
Current Status: Inter-VSAN topology is ACTIVE Last activation time: Sat Feb 21 00:03:42 2004
A. The wwn of MDS1 is20:00:00:05:30:00:7a:de
B. VSAN 205 is the transit VSAN
C. The wwn of MDS1 is20:00:00:0c:30:6c:24:40
D. VSAN 298 and 202 are edge VSANs
E. IVR topology is activated onSat Feb 21 00:03:42 2004
Correct Answer: C
QUESTION 103
“SCSI LUN discovery” is triggered automatically when:
A. The switch has dual supervisors
B. A 16 port FC Line card installed in an MDS switch
C. An ASM module is installed in an MDS switch
D. An IPS module is installed in an MDS switch
E. A CSM module is installed in an MDS switch

Correct Answer: CDE
QUESTION 104
What term is used to identify the special characters used in Fibre Channel Encoding?
A. D28.5
B. K28.5
C. 3b/4b
D. 8b/10b
E. idle

Correct Answer: B
QUESTION 105
What is the correct configuration to place initiator ABC.iqn into VSANs 3 and 66 only?
A. iscsi initiator name ABC.iqn vsan 3 66
B. iscsi initiator name ABC.iqn no vsan 1 vsan 3 vsan 66
C. iscsi initiator name ABC.iqn vsan member vsan 3,66
D. iscsi initiator name ABC.iqn vsan 3 vsan 66
E. iscsi initiator name ABC.iqn vsan 3 – 66

Correct Answer: B
QUESTION 106
What Switch Fabric Internal Link services (SW_ILS) command indicates if the FCIP connection is a E-Port or a B-Port?
A. EPP
B. ELP
C. ESC
D. EFP
E. LSU

Correct Answer: B
QUESTION 107
What standard association is working in the definition of the iSCSI and Fibre Channel protocols respectively?
A. FCIA, IETF
B. SNIA, IETF
C. SNIA, T11
D. FCIA, SNIA
E. IETF, ANSI

Correct Answer: E
QUESTION 108
Which non-disruptive method should be used to view the PLOGI of a FC host to a FC target on the same MDS switch?
A. Use an external FCanalyzer on the target port and debug tools on the host system
B. Run fcanalyzer local
C. Span the host port and the target port to a SD port and use a PAA or FC analyzer
D. Run debug plogi on both the Host interface and the storage interface
E. Span the host port and the target port to the mgmt interface and use Ethereal to analyze

Correct Answer: C
QUESTION 109
In a DH-CHAP enabled port, what is required of a host before it can access the port?
A. An Enterprise license must be loaded on each host to authorize fabric access.
B. Dual HBA support must be configured to support security protocol
C. Host must be connected to an interface in the VSAN range of 100-199
D. Host must have a HBA installed that supports DH-CHAP protocol
E. Host must be running RADIUS or TACACS+ to support server authentication.

Correct Answer: D
QUESTION 110
A reason for persistent binding to be enabled on an HBA is to provide what benefit?
A. To configure a user specified PWWN to the HBA
B. To allocate the same FCID to a fibre channel device
C. To allocate the same domain ID to a switch in a VSAN
D. To prevent other hosts from accessing a specific target
E. To assign the same SCSI target ID to a storage device’s PWWN

Correct Answer: E
QUESTION 111
What configuration command enables all discovered storage to be available for iSCSI?
A. enable fc targets dynamic
B. fc-target import iscsi
C. iscsi import target fc
D. iscsi target enable fc
E. iscsi virtual-target all

Correct Answer: C
QUESTION 112
The host attached to MDS-1 at site A needs to access the disk attached to MDS-2 at site B. MDS- 2 is part of a multi-switch fabric. The distance between the two sites is 600 km. What feature could stop fabric reconfiguration changes in site B from disrupting devices connected to MDS-1?
A. Switch to Switch authentication using Fibre Channel Security Protocol (FC-SP)
B. Inter-VSAN Routing
C. FCIP with Special Frame option
D. FCIP Write Acceleration
E. IP Access Lists
Correct Answer: B
QUESTION 113
What statement is NOT correct for FCIP compression?
A. High-throughput and high-comp-ratio mode may be configured simultaneously.
B. FCIP compression uses LZS compression algorithm.
C. FCIP compression is dependent on the type of data compressed.
D. By default FCIP compression is disabled.
E. FCIP compression has to be configured under FCIP interface.

Correct Answer: A
QUESTION 114
In Raid 0+1 the loss of a single drive:
A. Reduces the array redundancy to that of a Raid level 0
B. Does not affect the redundancy of the array
C. Has no affect what so ever on the array
D. Reduces the performance of the array
E. Same level of redundancy as that of a Raid 1+0

Correct Answer: A
QUESTION 115
When a port channel that is trunking a given VSAN is quiesced, frames are lost. What can be inferred about this VSAN?
A. In-Order Delivery is enabled for the VSAN.
B. Flow-based load balancing is configured for the VSAN.
C. The VSAN is a FICON VSAN.
D. QoS is enabled for the VSAN.
E. Exchange-based load balancing is configured for the VSAN.

Correct Answer: A
QUESTION 116
What ordered set is used to determine the Class of the frame?
A. SOF
B. LIP
C. TYP
D. SYN
E. COF

Correct Answer: A
QUESTION 117
During principal switch selection and the domain ID assignment, all frames are flooded to a destination ID of this well known fibre channel address:
A. FF.FF.FB
B. FF.FF.FE
C. FF.FF.FD
D. FF.FF.FC
E. FF.FF.FA
Correct Answer: C
QUESTION 118
MDS Interop mode 2 will interoperate with what legacy Fibre Channel switch below?
A. Inrange FC/9000
B. Brocade 3800 core PID mode 0
C. Brocade 12000 core PIDmode 1
D. McData 3900
E. Qlogic Sanbox

Correct Answer: B
QUESTION 119
The purpose of the SW_ILS ELP frame is to:
A. Notify other switches they can now request domain IDs
B. Notify other switches that a principal switch has been elected
C. Exchange FSPF routing information
D. None of the above

Correct Answer: D

350-018 dumps

QUESTION 120
What can be configured on a FCIP Profile?
A. TCP port number, write-accelerator, compression ratio
B. TCP port number, sack-enable, Max and Min bandwidth
C. Max and Min bandwidth, peer-info, compression ratio
D. Passive mode, peer-info, compression ratio
E. Sack-enable, TCP port number, peer-info

Correct Answer: B

Ensure that you are provided with only the best and most updated Cisco 350-018  Dumps Certification training materials, we also want you to be able to access 200-125 pdf easily, whenever you want.We provide all our Cisco 350-018 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest Cisco 350-018 content and to print and share content. http://www.itcertworld.com/350-018.html

Related More Official Informations: 350-018 CCIE Security – Cisco

Article Link: http://www.cisco350-018.com/cisco-350-018-real-exam-questions-with-the-latest-download.html

We Practice The 2016 Latest Microsoft 70-417 Exam Questions And Answers

The Microsoft 70-417 Exam is an examination given by the FLYDUMPS. It is a kind of exam taken by IT professionals these days. This exam is suggested to have several years Information Technology experience. Along with this, it is vitally advisable that you research more about the exam before taking. If you got to have extra  Microsoft 70-417 resources, it is good to find Microsoft 70-417 exam sample questions. FLYDUMPS Microsoft 70-417 exam sample questions are always updated time after time. Companies offers money back assurance if you do not pass the Microsoft 70-417 exam. Majority of online Microsoft 70-417 exam sample questions has questions with the whole info along with the verified answers to orient you: http://www.flydumps.com/70-417.html

070-410 exam

QUESTION 96
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC5. DC5 has a Server Core Installation of Windows Server 2012 R2.
You need to uninstall Active Directory from DC5 manually. Which tool should you use?
A. The Remove-ADComputercmdlet
B. The ntdsutil.exe command
C. The dsamain.exe command
D. The Remove-WindowsFeaturecmdlet

Correct Answer: D Explanation
Explanation/Reference:

QUESTION 97
Your network contains an Active Directory domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.

DC3 loses network connectivity due to a hardware failure.
You plan to remove DC3 from the domain.
You log on to DC3.
You need to identify which service location (SRV) records are registered by DC3.
What should you do?

A. Open the %windir%\system32\dns\backup\adatum.com.dns file.
B. Open the %windir%\system32\config\netlogon.dns file.
C. Run ipconfig /displaydns.
D. Run dcdiag /test:dns.

Correct Answer: B Explanation
Explanation/Reference:
Explanation:
Netlogon service creates a log file that contains all the locator resource records and places the log file in
the following location:

References:
QUESTION 98
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2.
You need to create 3-TB virtual hard disk (VHD) on Server1.
Which tool should you use?
A. New-StorageSubsytemVirtualDisk
B. New-VirtualDisk
C. Server Manager
D. Computer Management

Correct Answer: B Explanation
Explanation/Reference:
Explanation:
NOT A Share and Storage will only let you create a VHD on a storage pool NOT B Server Manager, can’t
find where to create this. NOT C Is this powershell ? the command should be NEW-VHD

D Computer management is the only valid yet non available answer. I’d be left with C, hoping they’d have
the good powershell command.
Note:
From @L_Ranger, Computer Management is not an option anymore.
Back to New-VirtualDisk
Old explanation : D (Computer management)
Explanation:
For Server 2012:
With the  Server Manager snap-in, you can create and attach a .VHD file directly. Figure A shows the drop-down box
where a.VHD file can be created and attached. Figure A
QUESTION 99
Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2.
Server1 and Server2 are part of a workgroup.

On Server1 and Server2, you create a local user account named Admin1. You add the account to the local
Administrators group. On both servers, Admin1 has the same password.

You log on to Server1 as Admin1. You open Computer Management and you connect to Server2.

When you attempt to create a scheduled task, view the event logs, and manage the shared folders, you
receive Access Denied messages.
You need to ensure that you can administer Server2 remotely from Server1 by using Computer
Management. What should you configure on Server2?

A. From Local Users and Groups, modify the membership of the Remote Management Users group.
B. From Server Manager, modify the Remote Management setting.
C. From Windows Firewall, modify the Windows Management Instrumentation (WMI) firewall rule.
D. From Registry Editor, configure the LocalAccountTokenFilterPolicyresgistry value

Correct Answer: D Explanation
Explanation/Reference:
QUESTION 100
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
On a server named Server2, you perform a Server Core Installation of Windows Server 2012 R2. You join Server2 to the contoso.com domain.
You need to ensure that you can manage Server2 by using the Computer Management console on Server1.
What should you do on Server2?
A. Run sconfig.exe and configure remote management.
B. Run sconfig.exe and configure Remote Server Administration Tools (RSAT).
C. Install Windows Management Framework.
D. Install Remote Server Administration Tools (RSAT).

Correct Answer: A Explanation
Explanation/Reference:
Explanation: In Windows Server 2012, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode.
References:
QUESTION 101
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Server1 runs Windows Server 2012 R2. 5erver2 runs Windows Server 2008 R2 Service Pack 1 (SP1) and has the DHCP Server server role installed.
You need to manage DHCP on Server2 by using the DHCP console on Server1.
What should you do first?
A. From the Microsoft Management Console on Server1, add a snap-in.
B. From Server Manager on Server2, enable Windows Remote Management.
C. From Windows PowerShell on Server2, run Enable-PSRemoting.
D. From Server Manager on Server1, install a feature.
Correct Answer: B Explanation

Explanation/Reference:
QUESTION 102
Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Hyper-V server role installed.
Server1 hosts four virtual machines named VM1, VM2, VM3, and VM4. Server1 is configured as shown in the following table.

You install Windows Server 2012 on VM2 by using Windows Deployment Services (WDS). You need to ensure that the next time VM2 restarts, you can connect to the WDS server by using PXE.
Which virtual machine setting should you configure for VM2?
A. NUMA topology
B. Resource control
C. Resource metering
D. Virtual Machine Chimney
E. The VLAN ID
F. Processor Compatibility
G. The startup order
H. Automatic Start Action
I. Integration Services
J. Port mirroring
K. Single-root I/O virtualization

Correct Answer: G Explanation
Explanation/Reference:
Explanation:
G. Configure the BIOS of the computer to enable PXE boot, and set the boot order so that it is booting from the network is first.
References:  Exam Ref 70-410, Installing and Configuring Windows Server 2012, Chapter 3: Configure Hyper-V, Objective 3.1: Create and Configure virtual machine settings, p. 144 Training Guide: Installing and Configuring Windows Server 2012: Chapter
7: Hyper-V Virtualization, Lesson 2: Deploying and configuring virtual machines, p. 335
QUESTION 103
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 R2 and are configured as global catalog servers.
The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1. What should you do?
A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.
B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.
C. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
D. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.

Correct Answer: D Explanation
Explanation/Reference:
Explanation: When you navigate your way to the Active Directory Sites and Services\Sites\SiteName\Servers then in the details pane, right-click NTDS Settings of the selected server object, and then click Properties. There will you get access to the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.
References:

Many IT institutions offer Microsoft 70-417 Exam Certified Wireless Network Administrator study material as well as general guidance on 200-125 exam. But FLYDUMPS usually the study material obtained through these sources is too detailed and does not attract the attention of the candidates. Microsoft 070-410 exam charges for exam objectives, FLYDUMPS which goes by the product number Microsoft 70-417 in the FLYDUMPS catalog, on a per-core basis Microsoft 70-417 exam sample questions. Assuming the prices are the same even though the name has changed and the release has been revved, you can see the prices here. http://www.flydumps.com/70-417.html

Relate More Official Informations:  Exam 70-417: Upgrading Your Skills to MCSA Windows Server 2012

Article Link: http://www.microsoft-technet.com/the-updated-latest-microsoft-070-417-new-dumps-download-with-latest-exam-test-flydumps.html

Most Popular Cisco 400-101 Vce, 400-101 Real Exam Online

400-101vce

The FLYDUMPS cisco 400-101 exam sample questions enables you to solve every question, whether it is easy or difficult. cisco 400-101 test preparation, cisco 400-101 vce, cisco 400-101 Certification test is one such cisco 400-101 exam examination that hands you an opportunity to exhibit your worth and market value. However, majority does not have a clue as to how should the preparation be done. Everyone wants to pass exam, but has no idea about the test questions, their pattern and the kind of approach they should adopt towards the preparation. Let FLYDUMPS help you climb that ladder of success and pass your now! http://www.jumpexam.com/400-101.html

QUESTION 26
Which Cisco IOS XE process administers routing and forwarding?
A. Forwarding manager
B. Interface manager
C. Cisco IOS
D. Host manager

Correct Answer: C Explanation
Explanation/Reference:
Some of the processes are listed in the table below:

Software_Packaging_Architecture.html
QUESTION 27
Which circumstance can cause packet loss due to a microburst?
A. slow convergence
B. a blocked spanning-tree port
C. process switching
D. insufficient buffers

Correct Answer: D Explanation Explanation/Reference:
Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in “input error” counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds).

QUESTION 28
Which two statements about proxy ARP are true? (Choose two.)
A. It is supported on networks without ARP.
B. It allows machines to spoof packets.
C. It must be used on a network with the host on a different subnet.
D. It requires larger ARP tables.
E. It reduces the amount of ARP traffic.

Correct Answer: BD Explanation
Explanation/Reference:
Disadvantages of Proxy ARP
Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP
request. But using ARP for everything has disadvantages. These are some of the disadvantages:
It increases the amount of ARP traffic on your segment.
Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.

Security can be undermined. A machine can claim to be another in order to intercept packets, an act called “spoofing.”

It does not work for networks that do not use ARP for address resolution.

It does not generalize to all network topologies. For example, more than one router that connects two physical networks.
QUESTION 29
Refer to the exhibit.

Routers R1 and R2 are configured as shown, and traffic from R1 fails to reach host 209.165.201.254. Which action can you take to correct the problem?
A. Ensure that R2 has a default route in its routing table.
B. Change the OSPF area type on R1 and R2.
C. Edit the router configurations so that address 209.165.201.254 is a routable address.
D. Remove the default-information originate command from the OSPF configuration of R2. Correct Answer: A

Explanation Explanation/Reference:
Not sure that any of these answers are correct, it appears that this configuration is valid for reaching that one specific host IP. Answer A does have a route to that host so it would not need a default route to get to it. Choice B is incorrect as the area types have nothing to do with this. C is incorrect as that IP address is routable, and D is needed so that R1 will have a default route advertised to it from R2 so that it can reach this destination.

400-101 vce
QUESTION 30
Which service is disabled by the no service tcp-small-servers command?
A. the finger service
B. the Telnet service
C. the Maintenance Operation Protocol service
D. the chargen service

Correct Answer: D Explanation
Explanation/Reference:
The TCP small servers are:
Echo: Echoes back whatever you type through the telnet x.x.x.x echo command.
Chargen: Generates a stream of ASCII data. Use the telnet x.x.x.x chargen command.

DiscarD. Throws away whatever you type. Use the telnet x.x.x.x discard command.

DaytimE. Returns system date and time, if it is correct. It is correct if you run Network Time Protocol (NTP), or have set the date and time manually from the

exec level. Use the telnet x.x.x.x daytime command.

QUESTION 31
Which two Cisco Express Forwarding tables are located in the data plane? (Choose two.)
A. the forwarding information base
B. the label forwarding information base
C. the IP routing table
D. the label information table
E. the adjacency table

Correct Answer: AB Explanation
Explanation/Reference:
The control plane runs protocols such as OSPF, BGP, STP, LDP. These protocols are needed so that routers and switches know how to forward packets and
frames.
The data plane is where the actual forwarding takes place. The data plane is populated based on the protocols running in the control plane. The Forwarding
Information Base (FIB) is used for IP traffic and the Label FIB is used for MPLS.
All the key points of cisco 400-101 questions and answers will be within your grasp by using the cisco 400-101 exam sample questions. You can save a lot of time and money to buy and learn the FLYDUMPS cisco 400-101 vce. The FLYDUMPS cisco 400-101 exam sample questions cover all the important contents of the cisco 400-101 exam for Storage Administrators. The 200-125 pdf are upgraded timely in line with the latest real cisco 400-101 exam. We promise you a reliable, current, authentic cisco 400-101 online testing questions, which creates an outstanding real cisco 400-101 Exam for Storage Administrators. You can utilize the cisco 400-101 exam sample questions more than one time and make some alteration according to your personal needs. http://www.jumpexam.com/400-101.html

Relate More Informations:

400-101 CCIE Routing and Switching – Cisco

 

 

C_GRCAC_10 SAP Certified Application Associate – C_GRCAC_10 Exam Dump For Download

http://www.dumpsoon.com/C_GRCAC_10.html

*

Add, remove, and resize logical volumes

*

Diagnose and correct networking service problems where SELinux contexts are interfering with proper operation

7, 9, 10, 11, 12, 13, 14, 15 Configuring a Network Installation Configuring Partitions, RAID, and LVM The CUPS Printing System Automating System Administration: cron and at Network Authentication Configuration: NIS and LDAP Filesystem Management and the Automounter User Account Management, The Basic User Environment, Setting Up and Managing Disk Quotas Creating and Maintaining Special Groups The Red Hat Package Manager, More RPM Commands New Kernels, the Easy Way Adding and Removing RPM Packages with yum and pirut, Managing Updates with Pup and the Red Hat Network (RHN) New Kernels, the Easy Way; Kernel Sources Configuring Partitions, 2 2 7 7 6

329, 443, 493, 557, 585, 613, 649, 691

*

RHCT Installation and Configuration Skills Perform network OS installation Implement a custom partitioning scheme Configure printing Configure the scheduling of tasks using cron and at Attach system to a network directory service, such as NIS or LDAP Configure autofs Add and manage users, groups, and quotas, and File Access Control Lists Configure filesystem permissions for collaboration Install and update packages using rpm Properly update the kernel package Configure the system to update/install packages from remote repositories using yum or pup Modify the system boot loader Implement software RAID at install-

81 96 341 354 313

* * * * *

4 6

200 273, 285, 290 301 222, 227 388 238, 234

* *

6 5

* *

8 5

* *

8 2, 8

388, 392 96, 410

* *

This document is created with trial version of CHM2PDF Pilot 2.15.72. time and runtime RAID, and LVM; Advanced
Partitioning: Software RAID Use /proc/sys and sysctl to modify and set kernel runtime parameters Use scripting to automate system maintenance tasks RHCE Installation and Configuration Skills For HTTP/HTTPS, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For SMB, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For NFS, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For FTP, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For Web proxy, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For SMTP, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For IMAP/IMAPS/POP3, install, configure SELinux support, configure to start on reboot for basic operation and host- and userbased security For SSH, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security For DNS (caching name server, slave name server), install, configure SELinux support, configure to start on reboot for basic operation and host- and userbased security For NTP, install, configure SELinux support, configure to start on reboot for basic operation and host- and user-based security Configure hands-free installation using Kickstart Implement logical volumes at install-time Use iptables to implement packet filtering and/or NAT The Apache Web Server, Virtual Hosts, Apache Access Configuration Samba Services The Basics of the Kernel Automating System Administration: cron and at 9 8 7 444, 466, 456 516 377 329 * * *

10

*

Configuring a Network File System (NFS) Server, Client-side NFS The File Transfer Protocol and vsFTPd

10

494, 509

*

10

512

*

The Squid Web Cache Proxy

9

476

*

Electronic Mail (entire chapter)

12

585

*

Reception with Dovecot

12

589

*

The Secure Shell Package

13

620

*

Domain Name Service (entire chapter)

11

557

*

The Network Time Protocol (NTP)

13

634

*

Using Kickstart to Automate Installation Configuring Partitions, RAID, and LVM Firewalls and Packet Filtering using netfilter, Network Address Translation Pluggable Authentication Modules

5 2 15

244 96 697, 703

* * *

Use PAM to implement user-level restrictions

6

305

*

This document is created with trial version of CHM2PDF Pilot 2.15.72.

This document is created with trial version of CHM2PDF Pilot 2.15.72.

Chapter 1: RHCE Prerequisites
Overview
The Red Hat exams are an advanced challenge. As both the RHCE and RHCT courses specify a number of prerequisite skills, this book assumes that you know some basics about Linux. This chapter covers the prerequisite topics for Red Hat’s RH300 course in a minimum of detail, with references to other books and sources for more information. It also covers the related prerequisites as defined in the Red Hat Exam Prep guide. Unlike those in other chapters and other books in this series, the questions in this chapter include a number of “zingers” that go beyond the chapter’s content. These questions will help determine whether you have the prerequisite skills necessary to handle the remaining chapters. If you’re serious about the RHCE and RHCT exams, this chapter should be just a review. In fact, for any user serious about Linux, this chapter should be trivial. Linux gurus should recognize that I’ve “oversimplified” a number of explanations; my intention is to keep this chapter as short as possible. However, it is okay if you do not feel comfortable with a few topics in this chapter. In fact, it’s quite natural that many experienced Linux administrators don’t use every one of the prerequisite topics in their everyday work. Many candidates are able to fill in the gaps in their knowledge with some self-study and practice. If you’re new to Linux or Unix, this chapter will not be enough for you. It’s not possible to provide sufficient detail, at least in a way that can be understood by newcomers to Linux and other Unix-based operating systems. If, after reading this chapter, you find gaps in your knowledge, refer to one of the following guides:

The Red Hat Enterprise Linux 5 documentation guides, available online from  . Hacking Linux Exposed, Third Edition: Linux Security Secrets and Solutions, by Casarik, Hatch, Lee, and Kurtz, gives you a detailed look at how to secure your Linux system and networks in every possible way. Mastering Fedora Core 5, by Michael Jang, covers the distribution that Red Hat used as one of the testbeds for RHEL 5.

http://www.dumpsoon.com/C_GRCAC_10.html

CheckPoint.156-310.2009-2-26.by.Ramon.398q

http://www.examcoop.com/156-310.html

Exam A
QUESTION 1
Which of the following statements about IKE Encryption are TRUE? (Choose three )
A. The final packet size is increased after it is encrypted.
B. TCP and IP headers are encrypted, along with the payload.
C. IKE uses in-place encryption.
D. IKE can use the FWZ1 encryption algorithm.
E. IKE uses tunneling encryption.

Correct Answer: ABE
QUESTION 2
When upgrading a configuration to NG with Application Intelligence: (Choose the FALSE answer)
A. Upgrade the SmartConsole.
B. Upgrade each module’s version in SmartDashboard manually.
C. Upgrade the VPN-1/Firewall-1 Enforcement Modules.
D. Copy $FWDIR/state from one version of VPN-1/FireWall-1 to another version of VPN-1/FireWall-1.
E. Upgrade the SmartCenter server. The version is set during the upgrade.

Correct Answer: D
QUESTION 3
When you upgrade VPN-1/FireWall-1, what components are carried over to the new version? (Choose two)
A. Licenses
B. VPN-1/FireWall-1 database
C. OPSEC database
D. Backward Compatibility
E. Rule Base

Correct Answer: AB
QUESTION 4
Which of the following is NOT a function of the Internal Certificate Authority (ICA)?
A. Provides certificates for users and Security Administrators.
B. Generated certificates for HTTPS Web server.
C. Establishes SIC between OPSEC applications and Check Point products.
D. Authentications SecureClient traffic to Enforcement Modules for VPNs.
E. Establishes SIC between Check Point products.

Correct Answer: B
QUESTION 5
Which of the following FTP Content Security settings prevents internal users from sending corporate files to external FTP Servers, while allowing users to retrieve files?
A. Use an FTP resource, and enable the GET and PUT methods.
B. Use an FTP resource and enable the GET method.
C. Use an FTP resource and enable the PUT method.
D. Block FTP_PASV.
E. Block all FTP traffic.

Correct Answer: B
QUESTION 6
All of the following are steps for implementing UFP, EXCEPT:
A. While the UFP Server is analyzing the requests, the Enforcement Module HTTP Proxy Server initiates a request to the destination. The HTTP Proxy server then waits for a response from the UFP Server before allowing the request.
B. The client invokes a connection through the VPN-1/FireWall-1 Enforcement Module.
C. The Content Server inspects the URLs and returns the validation result message to the Enforcement Module.
D. The Enforcement Module takes the action defined in the Rule Base for the resource.
E. The Security Server uses UFP to send the URL to a third-party UFP Server categorization.

Correct Answer: A
QUESTION 7

The _______ algorithm determines the load of each physical server and requires a Load Measuring Agent be installed on each server.
A. Server Load
B. Server Relay
C. Round Robin
D. Domain
E. Round Trip

Correct Answer: A
QUESTION 8
Which of the following is NOT a method of Load Balancing with VPN-1/FireWall-1?
A. Domain Load Balancing
B. Round Robin
C. Server Load
D. Round Trip
E. Quantum Load Balancing

Correct Answer: E
QUESTION 9
Which of the following does NOT require definition for a Voice over IP (VoIP) Domain SIP object?
A. SIP Proxy
B. IP Address Range
C. VoIP Gateway
D. Related Endpoint Domain
E. Name

Correct Answer: A
QUESTION 10
Which of the following is NOT a valid VPN configuration option available in the VPN Manager of the Simplified Rule Base?
A. Point-to-Point
B. Mesh
C. Remote Access
D. Star with Meshed Center
E. Star

http://www.examcoop.com/156-310.html

Cisco.642-691.2011-11-22.by.Piers.99q

http://www.examcoop.com/642-691.html

Exam A
QUESTION 1
For which purpose is the command mpls ldp maxhops used?
A. In large ATM-MPLS networks, the LFIB can become too large and it may be necessary to limit the maximum diameter of the MPLS LSPs.
B. Because downstream-on-demand label allocation uses hop count to control loop detection, it maybe necessary to limit the maximum diameter of the MPLS network.
C. Because end-to-end delay can cause problems with some voice applications, it may be necessary to limit the maximum diameter of the MPLS network.
D. When interconnecting large frame mode MPLS and cell mode networks it may be necessary to limit the maximum network diameter to prevent forwarding loops.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Refer to the diagram. What problem can be caused by the second P router summarizing the loopback address of the egress PE router?

A. The first P router will be faced with a VPN label which it does not understand.
B. The second P router will be faced with a VPN label which it does not understand.
C. The egress PE router will not be able to establish a label switch path (LSP) to the ingress PE router.
D. A label switch path (LSP) will be established from the ingress PE router to the egress PE router, an event that is not desirable.
E. The ingress PE router will not be able to receive the VPN label from the egress PE router via MP-IBGP.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 3
In a central services topology, which routes do client VRFs contain?
A. routes from the client site, but not from the server site
B. routes from the server site, but not from the client site
C. routes from both the client site and the server site
D. only EBGP routes from either the client site or the server site

Correct Answer: C Section: (none) Explanation
QUESTION 4
On a dedicated subinterface implementation, PE-2 must establish an address-family vrf IPv4 BGP neighbor relationship with which router?

A. CE-1
B. CE-2
C. PE-1
D. PE-IG
E. CE-1 and CE-2
F. PE-1 and PE-IG

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What are three drawbacks of a peer-to-peer VPN using a shared provider edge (PE) router? (Choose three.)
A. A full mesh of virtual circuits is required between the customer sites.
B. All the customers have to share a common IP address space.
C. Optimal routing between customer sites cannot be guaranteed.
D. The shared PE router has to know all routes for all customers.
E. Packet filters are required on the PE routers.

Correct Answer: BDE Section: (none) Explanation
QUESTION 6
Which two of the following statements regarding LDP are true? (Choose two.)
A. LDP can also be used between nonadjacent routers using multicast LDP hello messages.
B. LDP does not require periodic hello messages once the LDP session has been established between the LDP peers.
C. LDP hello messages use TCP packets with a destination port number of 646.
D. Multiple sessions can be established between a pair of LSRs if they use multiple label spaces.
E. Per-platform label space can be identified by a label space ID of 0 in the LDP identifier field.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which two of the following statements about the MPLS configurations are true? (Choose two.)

A. The VPI range being configured is the default VPI range.
B. The router is missing the mpls label protocol ldp configuration command on its ATM 0/0.1 subinterface to make it an LC-ATM enabled subinterface.
C. There is a problem with the configurations because the control VC should be set to 0 32 instead.
D. The ATM switch is using VC merge since VC merge is enabled by default.
E. For MPLS label allocations, both VPI 6 and 7 can be used.

Correct Answer: DE Section: (none) Explanation
QUESTION 8
What does the following command accomplish? sanjose#clear ip bgp 10.1.1.1 in prefix-filter
A. The sanjose router will perform an outbound soft reconfig to the 10.1.1.1 neighbor.
B. The sanjose router will send out the ORF prefix-list so that a new route refresh will be received from the
1.1.1 neighbor.
C. The 10.1.1.1 router will perform an inbound soft reconfig on the updates from the sanjose neighbor.
D. The 10.1.1.1 router will send out the ORF prefix-list so that a new route refresh will be received from the sanjose neighbor.
E. The bgp session between the sanjose and the 10.1.1.1 router will be reset so that all the new bgp updates from the 10.1.1.1 router can be processed by the inbound prefix-list at the sanjose router.
F.     The bgp session between the sanjose and the 10.1.1.1 router will be reset so that all the new bgp updates from the sanjose router can be processed by the inbound prefix-list at the 10.1.1.1 router.

http://www.examcoop.com/642-691.html

Download Apple 9L0-004 Exam PDF

9L0-004

9L0-004 Wiat.tape of nachine are you installing? For maximum flexibility, choose “Custom”, Workstation Server

(Workstation)     9L0-004  9L0-004 exam cost Linux,     64 , 16    /boot – –     ,         .         600    ..

(Seryer)

. 2.2.

,    64    , 256     ,  512    /usr, 512  —  /home  256  —  /var.        1.6    .    Linux,     .       ,     Linux.         .        (    )  .    —   ,    ,    —    , ,       .    :    —  ,       ,  /  .          ,          ,    ,        .        ,       ( ),     .    ,     Linux   root,     .       . ,        :   (/dev/hdal  /dev/hda2).        ,    —  (,  X Window   ).        root,   ,      .   : linux root=/dev/hdal
53

(  )        (/dev/hdal)  ,     /dev/hda2.     : / ?
_/bin _/dev _/etc
_/home

_/mnt _/var
_/root /sbin

/tmp        .     . 4 (. 4.5),     Linux.     ,   Red Hat      Disk Druid,     .     fdisk  Disk Druid.    —   .  Disk Druid          (   ).    Red Hit Linn ( 1  Red Hat Sofbiare 1 Windows-   –    64 Linux swap hda6 3020 Linux native .: IK   Linux. , hdbl ?222 Linux native            2048 ,   Linux   600 .  ,  Ma t 78M28/S)    600   I 621/ 64/! 1222M   64     .       536  ( Linux Native), Fl- F2-AJtllrS 2. v i.W . 2..  Disk Druid  — 64  ( Linux
54

Swap).      ??      .         Windows- (, /mnt/disk_c)    dit?  ,         (. . 2.3).      2.3
,    ,
64 32

8.. .16
32

64… 128  128

,          .         . 2.3.          .         ,       (     Linux Swap),  ,    .     ,  Windows-.        dd?()   ,     (. . 2.3).      Windows.    ,    ,    ,       .   —    ,         .        /mnt. ,  Windows-    win  /mnt,       Is /Hint/win.      /home  /var        ,    – –    .   /home     .       (   )    .  ,  ,       ,   –   :         ,       .

(. . 2.4).      ,   ? ?   .     :          —    .
55

Linux,       —      ,   .     ,     .       .
. 2.4.

—  .        ,    .         —                .

(   ),   .          .    ISA    NE2000, a PCI –  NEY2KPCI (NE2000 PCI).         — IRQ, DMA,  /.  PCI      !
.
,        .

—      ,       .    ?     , ,  ,     ,  ,    .

,      ,   Windows-.        .              —    .  —    ,        .       .     —   (. . 2.5).  /dev/lpO  Linux   LPT1  DOS, /dev/lpl — LPT2
56

..  ,     What device is your printer connected to   . {note that /dev/lpO is equiv- alent to LPTl:)?     SMB. ‘ . : ‘ ??Printer Bevies:  ,    (tuto-detected ports:     IP-/deu/lpO: Detected   (  /dev/lpl: Not Detected /dev/lp2: Not Detected  Windows    ,     1 ),  ,    ,  : : I ,   . 2.5.      ,    —         ( ,  ).     ? ?(Fix stair-stepping of text).     ? ?          :
:

^^^p55!!5_

l i

,   LF,   Linux    ,          ( CR).     -,        ,     LF  CR.
.

—      root.  root ()     — .  root  Linux   Adminisrtator  Windows NT (2000/XP).      ,          ,   .       6 .        .        –  123456, qwerty, password   .     —           .            (. . 2.6).       MD5 (se Shadow Password? nable MD5 Password?).      authconfig.

,           .      , ..       Windows,      (MBR)   Linux    .
. 2.6.    LILO

.

LInuxLOader (LILO) —   Linux    .   ,      :  MBR       Linux.      Windows 9x,   MBR.    —         The boot manager Red Hat uses can boot other operating    systems as well, You need to tell me what partitions you would like to be able to boot and what label you want to     use For each 6F themi’ : v :/  ?’ ‘ .    COS 16-bit >=32 Linux native         (label).     LILO  ,       .   LILO    : 2.7.  LILO
: : : :

LILO boot:

Linux,    linux    nter?   Linux      (default).   DOS   /dev/hdbl   dos.        玊ab?
XFree86 (X Window)

X Window      UNIX.        (MIT)      UNIX-.     UNIX       X Window.
58

,    (David Wexelblat)     MIT X Window   i80386-Pentium IV    .     XFree86,      ,   ,    86 ( Linux, FreeBSD  ). XFree86    XFree86 Project, Inc.   X Window   . 20  .

,       .            .       .       ,  Custom     .       ,    .        .          ,     ,         ,   .   ,      ,  Standard VGA 640×480 —    .  ,  Linux Red Hat 6    AGP.       ,     Red Hat 7.x (8.x)       XFree86     .   ,   AGP  ,    PCI.   !     —  .

2.2.  Linux Mandrake
Linux Mandrake.  . 2.4     .     128       10…20 ,        .   Linux Mandrake  350 .       ,    1      -.            2 ,         ,       .

Linux Mandrake   ,   ,      Pentium
32

2.4   Pentium 9L0-004 exam 9L0-004 exam dumps 166
64

650

VESA 2.0

2048   VESA 2.0

59

Download Cisco 500-210 Exam PDF,Free Download 500-210 Cisco Braindumps

500-210
Neil R. Wyler Technical Editor Trent Fausett Kevin Fletcher Patrick Foxhoven Mark J. Lucas Kevin Miller Kevin Peterson Brad Woodberg

Technical Editor and Contributing Author
Neil R. Wyler ( JNCIA-SSL, JNCIS-FWV, JNCIS-M) is 500-210 an information security engineer and researcher located on the Wasatch Front in Utah. He is currently doing contract work for Juniper Networks, working with the company’s Security Products Group. Neil is a staff member of the Black Hat Security Briefings and Def Con hacker conference. He has spoken at numerous security conferences and been the subject of various online, print, film, and television interviews regarding different areas of information security. He was the lead author and technical editor of Aggressive Network Self-Defense (Syngress, ISBN: 1-931836-20-5) and coauthor of Configuring Juniper Networks NetScreen & SSG Firewalls (Syngress, ISBN: 1-59749-118-7).

Contributors
Trent Fausett ( JNCIA-FWV, JNCIA-SSL) is a network engineer with Valcom (the longest standing Juniper reseller) in Salt Lake City, UT. He was previously doing contract work for Juniper Networks for the SSL VPN primary Technical Assistance Center. He did extensive work with improving the Juniper SSL VPN knowledge base and helped publish the SSL VPN resolution guides available on the Juniper support site today. He is currently finishing up a bachelor’s degree in Computer Science. Kevin Fletcher (CISSP) works for Juniper Networks in technical marketing and was formerly a product manager at Neoteris, the inventor of the first SSL VPN appliance. He has spent the last several years building and evangelizing SSL VPNs and works closely with organizations all over the world as they design and deploy their next-generation remote access control solutions. Kevin’s primary areas of expertise include HTTP, SSL/TLS, PKI, AAA, network management,Web security, and overall solution design. He has over 10 years’ network management and security experience and holds a bachelor’s degree from Purdue University in Telecommunications Networking. Patrick Foxhoven ( JNCIS-FWV, JNCIA-IDP, JNCIA-SSL, ECDP, MCP+I, CCNA) is the chief information officer of CentraComm Communications, a leading managed security service provider (MSSP) and Juniper Networks Elite J-Partner based in Findlay, OH. Patrick has over 12 years of diverse professional experience in telecommunications, managed security, and mission-critical networking fields encompassing a unique mix of multisite networking, security, hosting, wireless, and consulting strategies for solutions aimed at medium-sized through Fortune 500 accounts. Prior to joining CentraComm, Patrick served as vice president of a regional Internet service provider with five physical network points of presence in Ohio serving over 2,500 customers. He has hands-on proficiency and multiple industry certifications. Mark J. Lucas (MCSE and GIAC Certified Windows Security Administrator) is a senior system administrator at the California Institute of Technology. Mark is responsible for the design, implementation, and security of high-availability systems such as Microsoft Exchange servers,VMWare ESX hosted servers, and various licensing servers. He is also responsible for the firewalls protecting these systems. Mark has been in the IT industry for 10 years. Mark lives in Tujunga, CA, with his wife, Beth, and the furry, four-legged children, Aldo, Cali, Chuey, and Emma. Kevin Miller ( JNCIA-SSL, CCSP, CCNP, CCDP, MCSE) is a network architect with Herman Miller Inc., an international office furniture manufacturer. From his home office in Huntsville, AL, he provides network design, configuration, and support services

iii

throughout Herman Miller’s network. His specialties include Juniper’s SSL concentrators and Cisco routers, switches, firewalls, wireless and Web content services. Kevin’s background includes significant experience with both security and quality-of-service technology. Kevin Peterson (CISSP, JNCIA-SSL) is an SSL VPN specialist for the eastern region (U.S.) with Juniper Networks and has been working with the Juniper SSL VPN for over four years. Kevin’s background includes positions as a security product manager and a senior security architect at McKesson Information Solutions, a support engineer at Microsoft, and an avionic systems technician with the United States Air Force Special Operations Command in England. He has also authored multiple security white papers and presented at notable security conferences, including the RSA Security Conference, HIPAA Summit, The Institute for Applied Network Security, and the Healthcare Information Management Systems Society (HIMSS). Prior system and security certifications include MSCE, MCP+I, MCT, CNA, CCNA and GSEC. Kevin resides in Alpharetta, GA, with his family, Patricia, Siobhan, and Conor. Brad Woodberg ( JNCIS-FWV, JNCIS-M, JNCIA-IDP, JNCIA-SSL, JNCIA-UAC, Packeteer Expert, CCNP) is a security consultant at Networks Group Inc. in Brighton, MI. At Networks Group his primary focus is designing and implementing security solutions for clients ranging from small businesses to Fortune 500 companies. His main areas of expertise include network perimeter security, intrusion prevention, security analysis, and network infrastructure. Outside of work he has a great interest in proof-of-concept vulnerability analysis, open source integration/development, and computer architecture. Brad currently holds a Computer Engineering bachelor’s degree from Michigan State University and participates with local security organizations; he also mentors and gives lectures to students interested in the computer network field. He was a contributing author to Configuring Juniper Networks NetScreen & SSG Firewalls (ISBN: 1-597491187), published by Syngress Publishing.

iv

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Chapter 1 Defining a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Why Have Different Types of Firewalls? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Back to Basics: Transmission Control Protocol/Internet Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 TCP/IP Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Firewall Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Application Proxy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Pros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Cons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Packet Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Stateful Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Chapter 2 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Initial CLI Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 IVE Console Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Initial Web Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Accessing the IVE through the WebUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Configuring Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Configuring Licensing on the IVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Network Settings in the AdminUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Generating a CSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Other Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Security and System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 System Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Chapter 3 Realms, Roles, and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Introducing Realms, Roles, and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Configuring Realms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Selecting and Configuring General Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Selecting and Configuring Authentication Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Selecting and Configuring Role Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Optimizing User Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Admin Realms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Configuring Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Standard Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

v

vi

Contents
Meeting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Admin Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introducing Resource Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introducing Resource Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 105 106 107 112 113 113 116

Chapter 4 Authentication Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Local Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 NIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 ACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 AD/NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Anonymous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 SiteMinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 SAML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Chapter 5 Secure Application Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Why Use SAM? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Feature Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Secure Application Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 SAM Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 How to Deploy the SAM Applet to Connecting Computers? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Secure Application Manager Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Enabling SAM and Configuring Role Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Configuring SAM on a Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Configuring SAM Resource Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Configuring SAM Resource Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Secure Application Manager User Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Secure Application Manager Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Chapter 6 Terminal Services and Citrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Why Use the Juniper Citrix Terminal Services Proxy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Feature Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Terminal Services Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Configuring Terminal Services Resource Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring Terminal Services Resource Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Configuring Terminal Services and Citrix Using a Hosted Java Applet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Terminal Services User Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Contents
Citrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Citrix Client Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Citrix Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Citrix User Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Launching Terminal Services 500-210 hp Sessions and Java Applets from an External Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Terminal Services and Citrix Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IVE-Side Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 205 207 210 211 212 213 217 217 219

1z0-040 can haz IPMI ? Ou comment gérer l’aspect matériel de ses serveurs

L 19275

118 –

F: 6,50

RD

France Métro:

TOM Surface:

POL. A: 1400 XPF

6,50  – DOM: 7,00  950 XPF 7,50

BEUPORICONT:

CH: 13,8 CHF – CAN: 13 1Z0-040 SCAD

1-

TUNtSIE : 8,80 TND MAR: 75 MAD

En panne

os solutions professionnelles de redondance et de clustering, peuvent vous aider à élaborer un plan de reprise d’activité efficace …

‘.if- The Go Open Expert Café

‘.I.e’ Nordic Perl Workshop 2009/ Go Open 2009

News

Kernel ‘.i’:’ Nouveautés du noyau 2.6.30
Critique: Algorithmique Raisonner pour concevoir»

«

SysAdmin
1

can haz IPMI ? Ou comment gérer l’aspect matériel de ses serveurs

Gestion de sources distribuée avec Mercurial

NetAdmin

,.”.1 À la découverte de LemonLDAP::NG

‘.Iif- OpenVPN à travers un proxy restrictif
Repères ‘.’l* Processus de publication chez Debian et Ubuntu ‘.;:t.1 Parce qu’y’en a marre

‘.l:,_ NetBSD a enfin son APT: Un pkgin sans glace pour la 6 ‘.i»’ Petite histoire du portage d’un logiciel libre sur HP-UX
Abonnement
p.66,85,86 Bons d’abonnement et de commande

Code(s)

Gnu /Linux MagAzine Fr”nce

E·mill : [email protected]

[email protected] Site.1I : www.gnulinuxmag.com
Service oommerciol : www.ed-diamond.com Directeur de publication: Arnaud Merzler Rédacteur en chef: Denis

oe -iiliiItiOEii1
1:

est &lité par Diamond Editions

Secrétaire de rédaction: Véronique Wilhelm Relecture: Dominique Grosse Conception graphique: Fabrice Krachcnfels Responsable publicité: Tél. :03 58 0208 88 Service .bonnement: Tél.:03 58 0208 88 Impression: VPM Druck Allemagne D i stribution France; (uniquement pour les dépositaires de presse) MLP Réassort: Plate-fonne de Sainr-Banhélemy-d’Anjou.

Tél.:0241 27 5312 Plate-forme de Saint-entin-Falla\;er. Tél.: 04 7 48263 04 Service des ventes: Distri-médias : Tél.:05 61 72 7624

B.P. 2 142 -67f:IJ3 Sélemt Cedex 0 Tél :03 58 0208 88 . Fax: 03 8858 0209

Membre

\

IMPRIMÉ en Allemagne – PRINTED in Germany Dépôt légol : À parution /N”ISS : 1291-78 34

Jl.
www,aprll,org

Commission parieaire: K78 976 Périodki,’;: Mensuel Prix de vente:6 0 , 5

un na! puroponubIc:des tt:rtl’I.,Ulurnationlct photOfqW lui IO!I.I conunwtiqlJbparlcwtlUlalra.U n toWeOlJ partie1IedesanickspubUts dans Linux?l.bguine FranoeCll intc:miteunsacconl«riloeb.1Oci DimlOud EditiOOJ.Saufaa:onJ pIItI’ticuUa-, les manUJCrib,phorOi CI dessin,.drtSSb l Linux Magazine FI’2I\oe, publib ou non, ne JOni ni rmd ni rcnYO)’b. La indicariOl\f de prix ct d’adreucs figurant d;w Les paga: r6:bcti0nnd1es IOnt donnfcs i hm d’information.wu: aUOJn but pub1icir.ûre. Toufrf ln ma.rquo:s citicl dan) ce num600 IOnl dé:potéa par leu! proprimm: rapectil. ToUiIcs klgoe reprbmln mM k magazine ,ont 1.1 proprié de leur ‘fI.n1 droit n:tp«bÎ.

Bodor

QO open u

2009

· Sébastien

Aperghis-Tramoni

Jeudi 16 avri l
anglais pour s’excuser de ce fait. Ce n’est que par la suite qu’on m’expliquera que la seconde femme qui avait succédé à la première au micro était une ministre, plus précisément Heidi Grande Reys, ministre de l’Administration et de la Réforme du Gouvernement. Problème d’organisation, les détails sur le salon ne seront donnés qu’après (alors que je me serai déjà éclipsé pour écouter Larry Wall). Cela m’aura néanmoins permis de voir la grande salle et son écran géant affichant une belle liste de sponsors.

Détail amusant, cette double conférence est organisée dans le bâtiment du Sosialistisk Venstreparti (Parti socialiste de gauche), et, plus précisément, dans un théâtre pour la partie Go Open, et dans des salles de conférence au 1 1 e et 1 2e étages du bâtiment pour la partie Nordic Perl Workshop. On ne pouvait pas traîner longtemps en fin d’après-midi, car avaient lieu le soir des représentations de la pièce de théâtre Mamma mia !

Larry Wall – The Future of Laziness, Impatience and Hubris
Salve Nielsen ouvre la partie Perl de cette conférence dans un restaurant en face du théâtre, où une partie de la salle est aménagée pour cela. Larry commence comme souvent avec des généralités qu’il s’amuse à détourner, tel le modèle en cascade. Il trouve que ce dernier avec les nombreux retours, en particulier si on ajoute de l’XP, ressemble à une pelote de laine. Comment savoir si on a terminé? Larry

Il

Ope n i ng togethe r with G o Open

L’ouverture de Go O p e n se déroule en norvégien, avec seulement une phrase en

compare avec des états d’énergie: c’est quand on atteint un minimum. Mais, pour passer d’un minimum local à un autre minimum, inférieur, cela demande de l’énergie. . . ou un tunnel quantique.

et les exceptions ont été fusionnés puisqu’il s’agit à la base de la même chose, ne différant que dans la poursuite ou l’arrêt du programme. Les opérateurs ont été rationalisés, mais s’il y en a une

Il rappelle le pourquoi de Perl 6 : hormis une longue liste de défauts qu’il fait défiler, Perl 5 est parfait :-) 3 6 1 RFC avaient été recueillies en 2000. Très difficile de répondre à tout ce qui été demandé, autant tout changer. Le but de Perl 6 est d’être «the Martha Stewart of languages
»;

grande quantité, et même encore plus avec les combinaisons de méta-opérateurs, le tout suit une certaine logique, qu’on retrouve dans la table périodique des opérateurs assemblés par Mark Lentczner. Dans les nouveautés, un peu pêle-mêle: les blocs peuvent maintenant prendre plusieurs arguments; le support objet est augmenté des traits (vérifiés à la compilation) et des

ne pas essayer d’être meilleur que les autres, mais d’être plus souple, plus facilement adaptable. Il montre sro. pm (le fichier qui décrit la syntaxe standard de Perl 6) et la facilité pour modifier et faire muter le langage. On peut facilement concevoir un

use COBOL ou n’importe quoi d’autre, tout

n’étant plus finalement que des DSL ( Domain -Specifie

mixins à la Ruby (vérifiés à l’exécution) ; l’opérateur smart ma tch –; les méta-opérateurs; les junctions ; les feeds, comparables aux tubes Unix (pipes), mais au sein du langage
(et bidirectionnel).

Lan gua ge).
Le méta-méta-méta-but de Perl 6 est

– O f u n, c’est-à-dire

rester amusant. Cela n’est pas toujours évident, et Larry indique que, dans l’édition japonaise de Pro grammin g Perl, on trouve une note à côté du slogan « lazyness, impatience,

h ubris » signalant qu’il s’agit d’un trait d’humour :-)

Juste après le déjeuner (très tôt, à seulement 11h15 ! ), Jonathan complète la présentation assez générale de Larry par une présentation plus en détail de Perl 6. Il rappelle que Perl 6 est défini par une spécification sous
opérateur de l i ste any ( S a , S b , Sc) a l l ( S a , S b , Sc) one ( S a , Sb, Sc) none ( Sa , Sb, Sc) if Sx = 11213 { . . , } 112 t 4=5 1 6

opérateur i nfixe Sa 1 Sb 1 Sc Sa & Sb & Sc Sa $b Sc
· ·

Variables. Le sigil fait maintenant partie du nom de la
variable, et définit un genre de contrat d’interface.

·

Boucles. Les boucles de parcours s’appuient sur les arguments de bloc et s’écrivent maintenant:
for %ages . kv -> Sname , Sage { . . . }

# vrai s i $x vaut l, 2 ou 3

Les boucles de style C s’écrivent quant à elles ainsi:

Quand on passe une jonction à une fonction qui ne sait gérer que des scalaires normaux, cette fonction est appelée autant de fois qu’il y a de valeurs dans la jonction, et les résultats sont recombinés en une jonction .
·

l oop ( S i = 0 ; Si < 10; Si++) { . . . } l oop { . . . } # boucl e infi n i e
·

Chaînage d e conditions. O n peut fusionner plusieurs
conditions en une seule :

M éta-opérateurs. Le méta-opérateur de réduction [.. ] prend un opérateur et un tableau, et agit comme
si l’opérateur était entre tous les éléments.

if 1 <= S rol l l
·

=

Srol l 2 <= 6 { . . . }

Paramètres. Les tableaux et hashes sont maintenant
correctement passés aux fonctions, les paramètres peuvent être nommés et accepter des valeurs par défaut.

Ssum = [t] Ova l ue s ; $tact = [ * ] = 1 . . 10 ;

# somme des v a l eurs # factoriel l e de 10

Les hyper-opérateurs ” .. ” permettent d’exécuter l’opérateur sur chaque élément des listes en argument. Les listes doivent avoir la même taille, sauf si on dirige une des pointes vers l’extérieur.

sub substr ( Sstr, Sfrom = 0 , S l en = InO { . . . } # Sfrom vaut par défaut 0, et S l en l ‘ infi ni sub formalize ( $text ! , : Scase, : Sjustify ) { . . . } # Stext est un paramètre pos i ti onnel obl igatoi re # Scase et Sjust i fy sont des paramètres nommés optionnel s
·

Objets. À peu près tout en Perl 6 peut être manipulé
comme un objet (autoboxin g) . Les méthodes se définissent maintenant avec le mot-clé traditionnel courant par le mot-clé

( l , 2 , 3) “t” ( 2 , 4 , 6 ) ; ( l , 2 ) “t” m, 20) “*” ( 2 , 3 ) -” ( l , 2, 3 ) ; Oarray °t=” 42 ; $1 eft ‘*” Sri ght;

# # # # #

(3, 6, 9) (21 , 62) ( – l , -2, -3) ajoute 42 à chaque él ément ça marche aussi

method, qui est comme le

sub, mais permet en plus d’accéder à l’objet self.

Le méta-opérateur croix X réalise un produit cartésien des éléments en arguments. Il produit toutes les permutations possibles et applique l’opérateur entre les paires d’éléments obtenues.

·

Types. La méthode. WHAT peut être invoquée sur 1z0-040 pdf n’importe
quoi, et indique quel est le type du bidule.

4 2 . WHAT

=

Int

“beer” . WHAT

=

Str

<a b> x- <1 2> ; l , 2 X* 3, 4 ;

# <al a2 bl b2> # 3,4,6,8