quiz 3

Questions and Answers

Which feature is used to ensure the firewall licenses are the same as in the respective mysonicwall.com account?

• enter keyset
• manual upgrade
• Generate security services summary
• synchronize (correct)

What options are used to preempt an admin logged into the firewall (select all)

• both admins can manage simultaneously
• drop into non config mode (correct)
• change to read only access
• logout (correct)

What are some of the key features of sonicwall next gen firewalls (select all)

• application intelligence and control (correct)
• network segmentation (correct)
• operational complexity
• flexible deployment (correct)

What are some of the key features of sonicos 7 architecture? Select all that

advanced protection against encrypted threats (A), simple integration (B), easy zero touch deployment (C), tls 1.3 (D)

slect TWO best practices that should be implemented before updating the firmware

Use the create a backup option built into the firewall (A), download a setting file locally (C)

The public server guide assigns the server automatically to the zone to which its IP address belongs

True (A)

When configuring a site-to-site policy, the local network option must match the destination network on the other side of the tunnel in order to avoid tunnel negotiation errors or even a total failure

True (A)

Match the Quick configuration guide option with the tasks that they enable

Public Server = Providing public access to an internal server VPN = Configuring a new site to site policy SD-WAN = Configuring software-based control over the internet

Which of the following is the default public server type?

Web Server (D)

What type of mapping does ARP enable?

IP addresses to MAC addresses (C)

Which firewall network settings allows the current state of the DHCP leases in the network to be periodically written to flash?

Enable DHCP server persistence (B)

Which advanced network interface setting on the SonicWALL firewall allows initial packets or response packets to pass through other interfaces?

enable asymmetric route support (B)

Which of the following DDNS providers are supported in SonicOS? Select all that apply

dyn.com (A), no-IP.com (C)

The sonicos nsv scheme of interface addressing works in conjunction with address objects, service objects, and network zones.

True (A)

Who among the following can manage guest accounts and sessions?

guest admins (D)

Which of the following are the default user groups to which a new user is automatically added in a SonicWALL? Select all that apply.

Everyone (A), Trusted Users (D)

Whic user authenticatin methods are available in a sonicwall? Select all that apply

Local User (A), RADIUS (B), TACACS (C), LDAP (D)

The default guest profile cannot be deleted.

True (A)

Match the user authentication methods with their respective features

Local User Data base = Suitable for a relatively small number of users RADIUS = Enables central authentication and accounting LDAP = Scalable user authentication method

Static routes be default take precedence over VPN traffic

True (A)

TOS (type of service) routing applies to packets as they exit the firewall

False (B)

Advanced routing is enabled by default

True (A)

which of the following variables are used to configure static routes to forward traffic? Select all that apply

interfaces (A), services (B)

which protocols are supported by the advanced routing mode of sonicwall? Select all that apply

RIP (B), OSPFv3 (D)

as a general practice all inbound connections should be logged

True (A)

setting the event priority level lower than the logging level will cause those events to be filtered out from event logs

True (A)

if the logging level filter is defined as error, which of the following alert messages will also be displayed in the results?

Emergency (A), critical (B), alert (D)

Match the following log types with their contents

System Logs = all network and user activity in real time connections = active inbound and outbound connections appflow monitor = information about incoming and outgoing data packets in real time auditing logs = all the configuration changes performed by an administrator

which log settings option is used to create a predefined email notification with a defined subject in firewall log management

email log automation (A)

the connection count monitor periodically updates the outgoing and incoming connection rates for each interface

False (B)

What type of information is displayed on the protocol monitor?

TCP Rate (A), IPv4 Rate (B), ARP Rate (D)

Match the live monitors with the type of data they display

multicore monitor = utilization of the individual cores of the firewall applications bandwidth = frequently used applications connection rate = rate of each interface connection interface usage = bandwidth traffic and the respective packet rate

the real time monitoring features of the NSv firewall rely on the flow collection mechanisms to collect and display data

True (A)

Which of the following are included in the output of a network monitor (select all that apply)

IP version (A), interface (B), probe type (C), probe target (D)

what type of intermediate traffic is monitored by the packet monitor? select all that

IP helper generated packets (A), encrypted packets (C), multicast packets that are replicated (D)

What export formats are available for a snapshot of the packet monitor. select all that apply

HTML (A), PCAP (B), Plain text (D)

Which packet status types are indicated by the packet monitor

dropped (A), forwarded (B), consumed (D)

which feature protects against both file based and file less malware and delivers a 360-degree attack view with actionable intelligence relevant for investigations

continuous behavioral monitoring (A)

which of the following are available in with the basic capture client license? select all that apply

windows server support (A), Integration with capture security center (C), role based access control (D)

match the user authentication methods with their respective features

advanced static analysis = scans files, model attributes, or indicators, to classify files as benign, suspicious, or threats rollback = removes the threat completely and restores a targeted client to its original state device control = blocks potentially infected devices from connecting to the endpoint with the help of granular whitelisting policies

application vulnerability intelligence helps catalog every application on each protected endpoint

True (A)

policy inheritance refers to the ability of a policy at a child scop to be automatically inherited from the policy of the parent scope.

True (A)

how would you categorize the new features unified policy management support and multidevice firmware upgrade

usability enhancements (C)

NSM on prem offers large scale centralized management of sonicwall gen 7 devices only

False (B)

the NSM closed network support feature is ideal for customers who run:

one or more private networks that are completely shut off from the outside environment (D)

Which feature is designed to prevent unauthorized access to the NSM environment by disabling the user account if incorrect passwords are entered after a specified number of failed attempts, during a given period

account lockout (D)

NSM on prem requires a separate license for the reporting and analytic features

True (A)

Flashcards

Firewall License Management

Ensures the firewall licenses match the account on mysonicwall.com.

Account Lockout

Repeated incorrect password attempts lock out admin access, improving security.

Session Timeout

Automatic termination of admin sessions after inactivity, enhancing security.

Advanced Threat Protection (ATP)

Protects against known and unknown threats through layered security.

Intrusion Prevention System (IPS)

Detects and blocks malicious traffic based on rules.

Unified Threat Management (UTM)

Integrates various security functions into a single platform for simplified management.

Content Filtering

Controls access to websites and online content according to predefined categories.

Virtual Private Networking (VPN)

Provides secure access to remote networks and resources.

Application Control

Allows administrators to control application access for users or groups.

Simplified Management Console

Intuitive user interface for easy firewall configuration and monitoring.

Improved Performance

Enhanced network processing capabilities for faster performance and lower latency.

Enhanced Security

Advanced security features like deep packet inspection and threat protection.

Back Up Configuration

Create a backup of the firewall configuration before updating firmware.

Test in a Lab Environment

Thoroughly test new firmware in a separate environment before applying it to the live firewall.

Server Automatic Assignment

The public server guide automatically assigns the server to the correct zone based on its IP address.

Matching Local and Destination Networks

The local VPN network must match the destination network for successful tunnel connection.

Site-to-Site VPN Wizard

Creates a secure connection between two SonicWALL firewalls.

Virtual Private Network (VPN) Client Wizard

Configures VPN client connection to the SonicWALL firewall.

Remote Access VPN Wizard

Sets up VPN access for individual users to remotely access network resources.

Firewall Rules Wizard

Simplifies firewall rule creation for basic security policies.

Packet Monitor Wizard

Configures the packet monitor for troubleshooting and traffic analysis.

WAN Interface Settings Wizard

Configures the WAN interface for internet connectivity.

Security Services Wizard

Enables various security features like IPS, anti-malware, and content filtering.

Default Public Server Type

The default server type for public servers.

ARP Mapping

Facilitates dynamic mapping between IP addresses and MAC addresses on the network.

DHCP Leases Persistence

Saves the current state of DHCP leases to flash for troubleshooting.

Packet Routing

Enables routing of specific packets through other network interfaces.

Supported DDNS Providers

SonicOS supports DDNS providers like Dyn and No-IP.

NSv Interface Addressing

Interface addressing scheme that integrates with address objects, service objects, and network zones for network management.

Guest Account Management

Guest account and session management is controlled by the SonicWALL administrator.

Default User Groups

New users are automatically added to these user groups.

Authentication Methods

SonicWALL supports various authentication methods for users.

Study Notes

Firewall License Management

• Feature: License Management
• Purpose: Ensures that the firewall licenses match the account on mysonicwall.com
• Preemptive Measures:
  • Account Lockout: Prevents unauthorized access by locking out an admin after repeated incorrect password attempts
  • Session Timeout: Automatically terminates admin sessions after a set period of inactivity, enhancing security

SonicWALL NGFW Features

• Key Features:
  • Advanced Threat Protection (ATP): Protects against known and unknown threats through multiple layers of security
  • Intrusion Prevention System (IPS): Detects and blocks malicious traffic based on predefined rules
  • Unified Threat Management (UTM): Integrates multiple security functions into a single platform, simplifying management
  • Content Filtering: Controls access to websites and online content based on pre-defined categories
  • Virtual Private Networking (VPN): Provides secure access to remote networks and resources
  • Application Control: Allows administrators to control access to specific applications by users or groups

SonicOS 7 Architecture Features

• Key Features:
  • Simplified Management Console: Offers intuitive user interface for easy configuration and monitoring
  • Improved Performance: Enhanced network processing capabilities for higher throughput and reduced latency
  • Enhanced Security: Advanced security features, such as deep packet inspection and advanced threat protection

Firmware Update Best Practices

• Best Practices:
  • Back Up Configuration: Create a backup of the firewall configuration before upgrading firmware
  • Test in a Lab Environment: Conduct a thorough test in a lab environment before applying the new firmware to the production firewall

Public Server Configuration

• Server Automatic Assignment: The public server guide automatically assigns the server to the zone based on its IP address.

Site-to-Site VPN Configuration

• Matching Local and Destination Networks: The local network defined in the site-to-site VPN policy must match the destination network on the other side of the tunnel. This avoids tunnel negotiation errors and ensures successful VPN connectivity.

Quick Configuration Guide

• Options and Their Functions:
  • Site-to-Site VPN Wizard: Creates a secured connection between two SonicWALL firewalls
  • Virtual Private Network (VPN) Client Wizard: Configures a VPN client connection to the SonicWALL firewall
  • Remote Access VPN Wizard: Sets up VPN access for individuals to remotely access resources on the network
  • Firewall Rules Wizard: Simplifies firewall rule creation for basic security policies
  • Packet Monitor Wizard: Configures the packet monitor for network troubleshooting and traffic analysis
  • WAN Interface Settings Wizard: Configures the WAN interface for internet connectivity
  • Security Services Wizard: Enables various security features like IPS, anti-malware, and content filtering

Server Management

• Default Public Server Type: The default public server type is "NAT" (Network Address Translation).

ARP and Network Settings

• ARP Mapping: ARP facilitates dynamic IP address to MAC address mapping in a network.
• DHCP Leases Persistence: The "DHCP Lease File" setting allows saving the current state of DHCP leases to flash, providing a record for troubleshooting.
• Packet Routing: The "Pass Through" setting in advanced network interface settings enables specific packets to be routed through other network interfaces.

DDNS and Interface Addressing

• Supported DDNS Providers: SonicOS supports various DDNS providers, including Dyn, No-IP, and others.
• NSv Interface Addressing: The NSv interface addressing scheme works in conjunction with address objects, service objects, and network zones to provide streamlined network management.

User Accounts and Authentication

• Guest Account Management: The guest account and sessions can be managed by the SonicWALL administrator.
• Default User Groups: New users are automatically added to the following default user groups: "Administrators," "Users," and "Guests."
• Authentication Methods: SonicWALL supports a range of user authentication methods:
  • Local Authentication: Users authenticate directly against the firewall.
  • LDAP Authentication: User authentication is managed through LDAP directory services.
  • RADIUS Authentication: Users authenticate against a RADIUS server.
  • TACACS+ Authentication: Uses TACACS+ protocol for user authentication.
  • SAML Authentication: Integrates with Security Assertion Markup Language (SAML) for single sign-on.
  • Active Directory Authentication: Users authenticate against an Active Directory server.

User Authentication Features

• User Authentication Features:
  • Local User Authentication: Users authenticate directly using username and password stored on the firewall.
  • LDAP Authentication: Utilizes an LDAP directory service to authenticate users.
  • RADIUS Authentication: Uses a RADIUS server for centralized user authentication.
  • TACACS+ Authentication: Employs the TACACS+ protocol for user authentication and authorization.

Network Routing

• Static Route Precedence: Static routes take precedence over VPN traffic by default.
• TOS Routing: TOS (Type of Service) routing is used to prioritize traffic based on its importance as it exits the firewall.
• Advanced Routing Enabled by Default: Advanced routing features are enabled by default in SonicWALL firewalls.
• Static Route Variables: The following variables are used to configure static routes to forward traffic:
  • Destination Network: The specific IP address range to which traffic is forwarded.
  • Next Hop: The IP address of the next device in the routing path.
  • Interface: The outbound interface on the SonicWALL firewall.
  • Metric: A numerical value assigned to the route to determine its priority.
• Supported Advanced Routing Protocols: The SonicWALL firewall supports the following protocols for advanced routing:
  • RIP: Routing Information Protocol
  • OSPF: Open Shortest Path First
  • ISIS: Intermediate System to Intermediate System
  • BGP: Border Gateway Protocol

Firewall Logging and Event Management

• Inbound Connection Logging Best Practice: It is a general practice to log all inbound connections for security monitoring.
• Event Priority and Logging Level: If the event priority level is lower than the logging level, the events will be filtered out from the event logs..
• Error Logging: If the logging level filter is set to "error," only error messages will be displayed in the event logs.
• Log Types and Their Contents:
  • Firewall Logs: Capture events related to firewall activity, including connection attempts, rule actions, and security incidents.
  • VPN Logs: Record VPN connections, disconnections, and tunnel status changes.
  • System Logs: Track system events, such as hardware failures, software updates, and system errors.
  • Traffic Logs: Capture network traffic details, including source and destination IP addresses, protocols, and port numbers.
• Email Notification for Firewall Logs: "Email Alert" settings allow creating pre-configured email notifications with custom subjects in the firewall log management interface.

Real-Time Monitoring Features

• Connection Count Monitor: Tracks connection rates for each interface (incoming and outgoing) and updates the count periodically.
• Protocol Monitor Information: The protocol monitor displays statistics about the network traffic on the firewall's interfaces, including:
  • Protocol: The specific network protocol being used (e.g., TCP, UDP, ICMP)
  • Port: The source and destination port numbers used for communication
  • Direction: Whether the traffic is inbound or outbound
  • Bytes: The data volume transferred in bytes.
  • Packets: The total number of packets transmitted.
• NSv Firewall Monitoring: The NSv firewall's real-time monitoring features rely on flow collection mechanisms to gather and display data.
• Network Monitor Output: The network monitor displays the following information:
  • Interface: The network interface being monitored
  • Protocol: The network protocol being used
  • Source IP: The source IP address of the connection
  • Destination IP: The destination IP address of the connection
  • Port: The source and destination port numbers
  • Bytes: The amount of data transferred in bytes.
  • Packets: The total number of packets exchanged.
• Packet Monitor Intermediate Traffic: The packet monitor can monitor a variety of intermediate traffic, including:
  • ICMP (Internet Control Message Protocol): Used for error reporting and network diagnostics.
  • DNS (Domain Name System): Used for resolving domain names to IP addresses.
  • HTTP (Hypertext Transfer Protocol): Used for website traffic and file transfers.
  • HTTPS (Hypertext Transfer Protocol Secure): Used for secure website traffic.
• Packet Monitor Export Formats: The packet monitor supports multiple export formats for snapshots:
  • CSV (Comma-Separated Values): A plain text file format suitable for spreadsheet applications.
  • XML (Extensible Markup Language): A structured data format commonly used for data exchange.
  • TXT (Plain Text): A simple text file format.
• Packet Monitor Status Types: The packet monitor indicates packet status types like:
  • Allowed: This indicates that the firewall has permitted the packet to pass through.
  • Blocked: The firewall has blocked the packet based on security policies.
  • Dropped: The firewall has dropped the packet due to various reasons, such as network errors or exceeding resource limits.

SonicWALL Security Features

• SonicWALL Anti-Malware: Protects against both file-based and fileless malware, providing a comprehensive defense against evolving threats.
• Basic Capture Client License Features: The basic Capture Client license includes:
  • Live Packet Monitoring: View real-time network traffic in a graphical interface.
  • Packet Filtering: Apply filters to focus on specific types of traffic.
  • Packet Tracing: Follow the path of individual packets through the network.

Application Control and Policy Management

Application Vulnerability Intelligence: This feature provides a comprehensive catalog of applications running on protected endpoints, enabling better security decisions.

• Policy Inheritance: Policy inheritance in SonicWALL firewalls allows policies at lower scopes (e.g., individual devices) to automatically inherit settings from policies at higher scopes (e.g., the organization).
• New Features: Unified Policy Management and Multi-Device Firmware Upgrade: These features streamline device management through centralized policy control and facilitate simultaneous firmware updates across multiple devices.

SonicWALL Network Security Manager (NSM)

• NSM on-Premise Support: NSM on-premise offers centralized management for SonicWALL Gen 7 devices.
• NSM Closed Network Support: The NSM closed network support feature is ideal for customers operating isolated networks.
• Account Lockout Feature: To prevent unauthorized access, the NSM environment includes a feature that disables user accounts after multiple incorrect password attempts within a specified period.
• NSM Reporting License: NSM on-premise requires a separate license for reporting and analytics features.