10,11

Asdmnaskjldkjlasdjldhjsd
What destination address of the DNAT-related policy should be configured when
publishing an internal server to Internet :

1. None of the other

2. Public IP address the server mapped
3. IP address of the egress interface
4. Private IP address of the server
StoneOS could be upgraded by :

1. Using command “import image from ftp server server-ip” in CLI

2. Using a upgrade wizard in WebUI
3. Entering sysloader
4. Using command “upgrade image from ftp server server-ip” in CLI

When publishing an internal server to Internet, the real IP address of the server
is 10.0.0.2 in zone DMZ, and the mapped address in DNAT rule is 200.0.0.2 in
zone UNTRUST, which policy will make sure the server is published
successfully :

1. src-zone: DMZ, dst-zone: UNTRUST; src-address: any, dst-address:

200.0.0.2; action: permit
2. src-zone: UNTRUST, dst-zone: DMZ; src-address: any, dst-address:
200.0.0.2; action: permit
3. src-zone: UNTRUST, dst-zone: DMZ; src-address: any, dst-address:
10.0.0.2; action: permit
4. src-zone: UNTRUST, dst-zone: DMZ; src-address: 10.0.0.2, dst-
address: any; action: permit

Which command could be used to perform a factory reset :

 1. unset all
2. clear all
3. erase all
4. reset all

Following policies have been configured in the device, which one of these users
could access to the Internet after passing the WebAuth :

1. None of them
2. User3
3. User1
4. User2

M login/logout log is belonged to :

1. Traffic log
2. NBC log
3. Network log
4. Security log

what does AAA mean ?

1. Accounting
2. Authentication
3. Authorization
4. Audit
Which of the below answers is not the QoS matching conditions:

1. VLAN tag
2. IP address
3. Queue
4. Application and Service

What types of VPN Stone OS support:

1. SSL VPN
2. MPLS VPN
3. PPTP VPN
4. L2TP VPN

The types of StoneOS statistics include :

1. User-based Statistics
2. Policy-based Statistics
3. Threats-based Statistics
4. Application-based Statistics

Correct statements about StoneOS are :

1. A real-time OS
2. Based on NP architecture
3. A 64-bit OS
4. Modular parallel security architecture

Which protocol can be used to trigger the WebAuth :

1. HTTP
2. DNS
3. ICMP
4. RPC

What is the function of “sticky” of the SNAT configuration :

 1. Make sure every packet with the same destination IP address will be
translated to the same IP address
2. As one-to-one IP translate
3. Make sure every packet with the same source IP address will be
translated to the same IP address
4. StoneOS will poll the SNAT address pool to translate packets

In a multi-link environment, what function could be used to lead traffic of

different protocols to different paths :

1. Policy-based route
2. Source route
3. Source interface route
4. ISP route

How to enter the global configuration mode :

1. In the execution mode, use the command “enable”

2. In the execution mode, use the command “configure”
3. In the execution mode, use the command “configure terminal”
4. In the execution mode, use the command “sys”

Which protocal can not perform the AV filter function in Hillstone device?

1. SMTP
2. HTTP
3. SMB
4. FTP

Which one is not the action of a policy in StoneOS :

1. Tunnel
2. VPN
3. Deny
4. Webauth

Correct statement about trial platform license is:

 1. When a trial platform license expired, the device will auto power off
2. When a trial platform license expired, a reminder of the expiration
will appear. And admin could not change the setting of the device after
the expiration
3. When a trial platform license expired, the device will work continually
without any effect
4. When a trial platform license expired, the device will work continually
and can be configured, also can be upgraded to new Stone OS

Which SNAT mode should be used when the public IP address is not enough
when accessing the Internet :

1. Static IP
2. Sticky
3. Dynamic IP
4. Dynamic port

How to change the default http administration service port to 8080 by using
CLI :

1. http 8080
2. admin http port 8080
3. http port number 8080
4. http port 8080

What is the default IP address of the admin interface in Hillstone devices :

1. 192.168.1.1
2. 192.168.1.254
3. 192.168.0.1
4. 192.168.0.254

In a layer 2 environment, what are the necessary actions when StoneOS

processing a packet :

1. Matching SNAT rule

2. Matching policy
3. Matching route tables
4. Searching session
A new factory product has a ( ) days trial license.

1. 60
2. 45
3. 15
4. 30

Which predefined zones could bind to VSwitch interface:

1. trust
2. untrust
3. L2-untrust
4. L2-trust

What kind of information would not show up when typing command “show
interface” :

1. Zone of interface
2. Bandwidth of interface
3. IP address of interface
4. MAC address of interface

Correct statements about the relationship among interface, zone, VSwithch,

VRouter are :

1. VSwitch interfaces are bound to L3-zone

2. Zones are bound to VSwitch or VRouter
3. L2-zones are bound to L3-zone
4. Interfaces are bound to zone

All PCs in the LAN are configured with the same gateway which is the interface
IP address of device. And the device has bound all the PC’s IP Addresses and
MAC Addresses(IP-MAC binding). In this condition, which method could make
the user who has changed the IP address of PC manually offline?

1. disable MAC learning

2. disable ARP learning
3. shutdown the interface
 4. disable ARP inspection

After using a QoS function to limit the traffic of P2P, the Administrator find out
that the QoS seems doesn’t work. Possible reasons are :

1. Choose the wrong condition of Application about P2P

2. Application signature database has not been update recently
3. A deny policy has not been created to block p2p traffic
4. The actual bandwidth has not been configured in the egress
interface

About SNAT from LAN to WAN, which description is wrong :

1. It will allow multiple PCs to access the Internet at the same time
2. It will hide the real IP address of LAN PCs
3. It will change the source IP address of the packet
4. It will change the destination IP address of the packet

What types of interface are supported by StoneOS :

1. Aggregate interface
2. Loopback interface
3. Redundant interface
4. VSwitch interface

How to view current configuration in CLI :

1. show running-config
2. show configuration saved
3. show configuration record
4. show configuration

200.0.0.1 and 200.0.0.2 are two public IP addresses owned by a user, and the
user has configured 200.0.0.1 as the IP address of egress interface. When the
user tries to publish an internal server on public IP 200.0.0.2, correct operations
are :
 1. Create a new DNAT related policy with destination IP address
200.0.0.1
2. Create a new DNAT related policy with destination IP address
200.0.0.2
3. Create a new DNAT rule with taking 200.0.0.2 as the translate-to
address
4. Must configure the interface’s IP address with 200.0.0.2

Hillstone device selects a route in the following sequence :

1. PBR > SIBR > SBR > DBR

2. DBR > SIBR > SBR > PBR
3. PBR > SBR > SIBR > DBR
4. DBR > SBR > SIBR > PBR

Which of the below statement about policy is correct :

1. Policy from a L2-trust to l2-trust is legal

2. Policy from TRUST to UNTRUST is illegal
3. Policy between a L2-trust and a untrust(L3) is legal
4. Policy between L2-zones belonged to different VSwitches is legal

StoneOS supports following versions of SNMP :

1. None of them
2. SNMP V3
3. SNMP V2C
4. SNMP V1

Laptop and smartphone could communicate with a Hillstone device via ( ) VPN.

1. GRE
2. L2TP
3. PPTP
4. SSL

If you want to store device logs for a long time, the best output would be :
 1. Syslog server
2. Email
3. USB driver
4. Buffer

Here is an instance of a Hillstone device’s routing table :

Hostname# show ip route

Codes: K - kernel route, C - connected, S - static, I -
ISP, R - RIP, O - OSPF,
B - BGP, D - DHCP, P - PPPoE, H - HOST, G - SCVPN, V - VPN,
M - IMPORT,
> - selected route, * - FIB route
Routing Table for Virtual Router <trust-vr>
===========================================================
============
S>* 0.0.0.0/0 [1/0/1] via 200.100.100.1, ethernet0/0
O 0.0.0.0/0 [110/1/1] via 10.1.1.1, ethernet0/1, 08:43:02
B>* 10.0.0.0/8 [200/0/1] via 10.2.2.2, ethernet0/2,
00:00:15
O>* 10.10.0.0/16 [110/29/1] via 10.3.3.3, ethernet0/3,
07:20:00
O>* 10.10.5.0/24 [110/29/1] via 10.4.4.3, ethernet0/4,
07:20:00

What’s the next hop of a packet with destination address 10.10.6.1 :

1. 10.4.4.4
2. 10.1.1.1
3. 10.2.2.2
4. 10.3.3.3

In a site to site(LAN to LAN) IPSec VPN instance, which IKE phase 2 mode
should be chose:

1. tunnel mode
2. aggressive mode
3. main mode
4. transparent mode

What’s the purpose of QoS :

 1. To make the best use of bandwidth resources
2. To protect essential services
3. To limit user for using bandwidth resources
4. To protect essential servers

When the admin has configured 2 AV profiles, one is bound to the traffic related
policy, another one is bound to the destination zone of the traffic. Which profile
will take effect:

1. First profile 2 and then profile 1

2. Profile 1
3. First profile 1 and then profile 2
4. Profile 2

How to configure the address of the tunnel interface when creating a new SSL
VPN instance (select correct answers):

1. There is no need to assign an IP address for the tunnel interface

2. The tunnel interface should not be overlap with the address pool
3. The tunnel interface and address pool should be in the same IP
address segment
4. The tunnel interface should not be overlap with the interfaces exist in
the device

Without any policy, what will happen to packets between two different interfaces
:

1. If the two interfaces are in different L3-zones of same VRouter, the

IP packets will be transmitted
2. If the two interfaces are in the same L3-zone, the IP packets will be
transmitted
3. If the two interfaces are in different L2-zones of same VSwitch, the
ARP packets will be transmitted
4. If the two interfaces are in the same L2-zone, the ARP packets will
be transmitted
What types of AAA server are supported by StoneOS :

1. local
2. RADIUS
3. LDAP
4. Active Directory

Which protocol is used to translate a domain name to an ip address :

1. DMZ
2. DNAT
3. DHCP
4. DNS

Are the function ARP learning and MAC learning enabled or disabled by default
in the interface ?

1. ARP learning is enabled; MAC learning is enabled

2. ARP learning is enabled; MAC learning is disabled
3. ARP learning is disabled; MAC learning is disabled
4. ARP learning is disabled; MAC learning is enabled

After creating a new policy, the position of the new policy is :

1. After the highest number ID

2. On the position where your mouse pointed at
3. On the bottom of the policy list
4. On the top of the policy list

With only one public IP address, which NAT mode should be used when we
trying to publish a Mail server and a Web server as different LAN servers at the
same time :

1. IP-based DNAT
2. Port-based DNAT
3. Port-based SNAT
 4. IP-based SNAT

A user found out that the device’s IPS signature database, AV signature
database and URL-DB could not be updated. What may cause this situation :

1. No DNS server is configured in the device

2. The related license is expired
3. The user has not assigned an update server for the device manually
4. The device is not connected to the Internet

What is the default username and password in Hillstone devices :

1. root/root
2. admin/admin
3. hillstone/hillstone
4. admin/hillstone