Hi..

Ok, so I have the Testking answers as well (my coworker recently took the exam and printed them out), and here are 5 questions (2 we already talked about in class) where Testking differs from Testkeys in the answer. (And I think Testking is right).

From the Testkeys printout:

4. to identify AAA servers

31. 1

32. The answer that Testkeys has as "LAN cable-based failover" should actually read "LAN based failover". Which makes the correct answers, "Active/Active Failover" and "LAN based failover".

45. aa-server statistics for a particular host in server group group1

49. Failover unit type-primary and secondary

Tim

it appears you are correct about 49. I am looking at my firewalls (which are in failover because an admin rebooted a switch) and it says:

Last Failover at: 23:08:10 PST Mar 9 2007
This host: Secondary - Active
Active time: 1027740 (sec)
Interface outside ...(omit)

Other host: Primary - Standby Ready
Active time: 8464320 (sec)
Interface ...(omit)

Hi Tim,

The correct answer to Question 31 looks indeed "one".



# Provides increased flexibility when defining security policies and eases overall integration into switched network environments by supporting the creation of logical interfaces based on IEEE 802.1q VLAN tags, and the creation of security policies based on these virtual interfaces
# Supports multiple virtual interfaces on a single physical interface through VLAN trunking
# Supports multiple VLAN trunks per Cisco PIX Security Appliance
# Supports up to 8 VLANs on Cisco PIX 515 and 515E Security Appliances, 10 VLANs on Cisco PIX 520 and 525 Security Appliances, and 24 VLANs on Cisco PIX 535 Security Appliances

ref: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080148714.html

Robert


31. 1

Tim I am not sure that "Failover unit type-primary and secondary" is right.

Question 49 is;
During failover, which security appliance attribute does not change?

Is active or standby is a state a FW is in or is it considered as an attribute?.

I found the following information:

"
Active/Standby Failover Overview

Active/Standby Failover lets you use a standby security appliance to take over the functionality of a failed unit. When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The unit that becomes active assumes the IP addresses (or, for a transparent firewall, the management IP address) and MAC addresses of the failed unit and begins to pass traffic. The unit that is now in standby state takes over the standby IP addresses and MAC addresses. Because network devices see no change in the MAC to IP address pairing, no ARP entries change or time out anywhere on the network. "

If the IP and MAC addresses are not changing than two answers for Q49 could be valid.....

Robert

ref:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.sht ml

also see: FW student guide vol.2 ch. 11-36 FW v.5






49. Failover unit type-primary and secondary