Which component of NGFW is supported in active/passive design but not in active/active design?
Correct Answer: A
Explanation:
Single floating IP address (also known as a floating IP or shared IP) is supported only in an active/passive HA pair. In active/active HA, both firewalls are forwarding traffic simultaneously and thus do not share a single floating IP. “In active/passive HA, a single floating IP address is used for seamless failover. Active/active HA requires separate IP addresses and does not support a single floating IP.” (Source: Active/Passive vs. Active/Active HA) This simplifies failover in active/passive deployments by using a single shared IP that moves to the active peer upon failover.
Question 2
Which two security services are required for configuration of NGFW Security policies to protect against malicious and misconfigured domains? (Choose two.)
Correct Answer: A, D
Explanation:
Protecting against malicious and misconfigured domains requires two critical services: Advanced Threat Prevention Provides signature-based and advanced analysis to identify threats, including DNS-based attacks. “Advanced Threat Prevention enables the NGFW to detect and prevent exploits and malware-based communications, including those leveraging DNS.” (Source: Advanced Threat Prevention) Advanced DNS Security Specifically designed to detect and sinkhole malicious and misconfigured DNS queries. “DNS Security uses real-time intelligence to block DNS-based threats, protect against data exfiltration, and automatically sinkhole suspicious domain lookups.” (Source: DNS Security) By combining these services in security policies, NGFWs ensure robust protection against domain-based threats and misconfigurations.
Demo Practice Mode
You are viewing only the questions marked as Demo.