156-815-70 Demo and Sample
Note: Answers are below each question.
Samples are taken from full version.
A search is not possible using a GUI because a Cross-CMA search must be done at the CLI of the MDS only.
In the MDG, open the Cross-CMA Search window via Menu > Manage > Cross- CMA Search. Then select the query you want to use and define what you want to find. Select customers and start the search.
For searching a Global object in a CMA, the SmartDashboard needs to connect to each CMA. Only by using SmartDashboard connected to a CMA can an administrator find these objects.
You decide to remove a globally defined node object. Before you do this, you check to see if it is used locally by "Customer1" or "Customer2". What is the BEST way to do this?
At the CLI of the MDS, run the command mdscmd runcrosscmaquery with corresponding parameters.
Open the Global SmartDashboard, select the globally defined Node in the Object Tree and right-click. In the menu that opens, select Where used. This will show where this Node is used, globally and locally.
There is no possibility to find the usage of an object, except by connecting to all CMAs separately.
At the CLI of the MDS, run the command mdscmd searchobject with corresponding parameters.
You configure a Global Rule Base for some of your customers. Certain connections are needed to configure devices of the customers, i.e. SSH is needed from administrative PCs. Due to emergency configuration changes, authenticated access should be necessary from anywhere. How do you configure this in a Global Rule Base?
In the MDG, right-click on the user group you want to use in the Global SmartDashboard and select Enable Global use. Then, this user group will show up in the Global SmartDashboard.
In the Global Rule Base, it is not possible to configure Remote Access, which would be needed for authentication. These rules have to be configured locally at the corresponding CMA.
In the Global SmartDashboard, it is only possible to configure "User Auth", no other methods are possible. It is not rel5e6vant for administration, because relevant
protocols like SSH and Remote Desktop are not supported.
Open the User Manager of the Global SmartDashboard and define the Template, User Group, Users as well as the rule for authentication as it is done in a local CMA. When assigning the Global policy to a customer, these changes will be transferred to the local CMA.
Harry has recently joined a MSP and is asked to subscribe a customer to the Global IPS service in Multi-Domain Management with Provider-1 R70. He goes to the Customer Configuration screen > Assign Global Policy tab and notices the following settings:
He is searching for the Merge and Override options but could not find them. Where can he find those options or how can he get those options in place of the 'Exclusive' message?
These options have now been added to the CMA SmartDashboard in the IPS tab.
The Merge and Override options are no5t7supported in R70.
The options are available in Global SmartDashboad / IPS tab in Profiles options.
From the Provider-1 Properties in MDG, select the Global Policies tab and enable the check box 'Enable legacy SmartDefense merging options'.
You are the responsible administrator for two customers managed by your MSP. You must configure each CMA with local objects as well as rules. You have to configure the IPS accordingly. In addition, you will configure and assign Global Rules for your customers.
What minimum rights do you need at the MDS?
One of your customers will not renew the5i8r subscription for the IPS Software Blade, and decides to cancel their subscription early.
What happens if they don't allow the IPS service to expire?
When the subscription has ended, the IPS falls back to run only checks that were active with the first version published.
Since the customer is still subscribed to IPS service via MDG, all things run as before. The MSP has to take care that customers will renew their subscription.
New updates are not possible after the IPS service blade has ended, but all checks being downloaded before are still configured and active.
IPS update service is free of charge and therefore there is no time limit for it.
You manage several customers with Multi-Domain Management with Provider-1. Two of the customers need to be connected via a global VPN using VPN Communities in a Global Rule. In the MDG, you configure both Gateways to be enabled for Global use. Then you define a Global VPN Community in the Global SmartDashboard. How do you configure a rule so that encrypted HTTP traffic is accepted between the corresponding Gateways?
In the menu of the Global SmartDashboard, select Policy > Convert To Simplified Mode, follow the Wizard and define a rule accepting HTTP traffic that fits to the community listed in the column VPN.
It's possible to define Global VPN Communities, but it is not possible to use them in a Global Rule Base.
In the Global SmartDashboard, define a rule accepting the wanted traffic. In the column VPN select the VPN community you have defined.
After having defined a Global VPN Community, the Global Rule Base needs to be assigned to both customers. The VPN can only be defined in each (local) CMA individually.
Steve is the Multi-Domain Management with Provider-1 Superuser of an MSP having a Provider-1 R70 environment with 2 MDS Manager systems, 4 MDS Containers and 2 MLM's. One of the customers of the MSP requires redundancy for the CMA's. Steve has already added a secondary CMA, but the customer insists on having one more CMA. What is the best way to do this?
Steve can add a third CMA on the same MDS as the secondary CMA as a single customer can only use up to two MDS Containers for CMA's
Provider-1 only supports 2 CMA's per customer, so Steve will have to install a Securitym Management Server for backing up the CMA
This is not possible as Provider-1 supports only one backup / secondary CMA
Steve can add a third CMA on another MDS Container
Select the correct statement about the following Multi-Domain Management with Provider-1 environment example.
This will never work because all the MDS containers must be on the same LAN and it is also a license violation
This setup will not work as the MDS Container-HA can only host CMA-HA's
This will not work as the number of CMA-HA's must be equal to the number of primary CMA's
This setup will work without any issues as Provider-1 supports a mix of Primary and Secondary CMA's on the same MDS Container as long as they are of different customers
In Multi-Domain Management with Provider-1 R70, the Security Management backup server can be installed on:
any platform where Security Management Server is supported.
any platform where Security Management Server is supported except Windows or Nokia IPSO.
SecurePlatform or Windows Server.
only SecurePlatform Pro.
As in the example below,
MDS-ManagerAndContainer is Active whereas MDS-Manager2 is in Standby mode. If a Multi-Domain Management with Provider-1 Superuser logs into MDS- ManagerAndContainer in Read/Write mode using the MDG while the first user is still logged in, and another Provider-1 Superuser tries to log in to MDS-Manager2, what will happen? The second user will:
get an application error and the MDG will close.
get a message informing him that another user is logged in with Read/Write access. Hence, he will be allowed to log in with Read-Only access.
also be allowed to log in through the MDG in Read/Write mode and they can both make changes to the Provider-1 configuration within the MDG.
get a message informing him that another user is logged in with Read/Write access, and an option to disconnect the first user will be given.
Which of the following is the correct syntax for mirroring all CMA's from FirstMDS to SecondMDS?
cma_mirror_all -s FirstMDS -t SecondMDS
p1shell/mirrorcma -s FirstMDS -t SecondMDS -c 2
mdscmd mirrorcma -s FirstMDS -t SecondMDS -c 2
mirrorcma -s FirstMDS -t SecondMDS -c 2
Let's assume that your Multi-Domain Management with Provider-1 configuration has only one MDS. You want the installation to be redundant, so you decide to set up a secondary MDS Container and Manager. While completing the installation, you need to provide the activation key. The installation is completed after a reboot. The final steps are taken with the MDG connecting to the primary MDS. Which of the following statements is TRUE?
When the activation key is provided, 6s2ynchronization at MDS as well as CMA level is started automatically.
The first step is to define the secondary MDS in the MDG and to provide the activation key. After this is done, it is not possible to synchronize at MDS level only because only the complete configuration of a MDS can be synchronized (including all CMAs).
Before synchronization can start, both the activation key and performing an Install Database are necessary.
When the secondary MDS is defined in the MDG and the activation key has been correct, synchronization at the MDS level can be started immediately.
NetSec MSP has Multi-Domain Management with Provider-1 R70 in their New York network. They have 1 MDS Manager and 1 MDS Container on a Solaris server with 10 CMA's. NetSec has recently setup a network in Dallas and wants to use the Provider-1 MDS Container hosting backup CMA's for all the 10 customers. The management is not in favor of buying a Solaris Server, hence they are asking if they can use SecurePlatform on Intel hardware. How can NetSec implement this requirement?
NetSec will have to install a new Primary MDS Manager and a MDS Container on SecurePlatform in Dallas and then associate the two to enable High Availability'
As it is not possible to have a secondary CMA on a different operating system, NetSec will have to install 10 Security Management Servers to backup the CMA's'
They can have the new Provider-1 R70 MDS Container on SecurePlatform and host all the secondary CMA's on this MDS; Provider-1 R70 HA supports different operating systems'
They will have to buy a Solaris Server to install the MDS Container and host the secondary CMA's on that as it is required for the HA systems to be running the same operating system and version'
When importing the configuration of a Management Server, the CMA is also imported. The name of the CMA is the same name that the Management Server had before. How do you configure a name change to the CMA before the CA is re- established again?
At the MDS, change to the corresponding CMA context using the mdsenv command. Then issue the command fwm sic_reset to reset the CA completely.
In the MDG, select the CMA you want to change. With a right-click on the object, select edit and change the name in the win6d3ow that opens.
In the CLI of the MDS environment, issue the command fwm sic_reset. You will be asked which SIC you want to reset. Select the appropriate CMA and the name as well as the CMA will be changed.
The name of a CMA cannot be changed by design because this name is used in certificates.
Importing an existing Management Server configuration into a MDS via CLI might be useful. First, the new customer needs to be defined. After having defined the CMA, an existing configuration can be imported. How can this be done?
At the CLI of the MDS type\linecma_migrate <source_TGZarchive>
It is not possible to import a configuration using CLI. This can only done using the MDG.
At the CLI of the MDS type\linecma_migrate –s <source_TGZarchive> -t
At the CLI of the MDS type\linecma_migrate -t <target_CMAdirectory> –s
Read more Details »