EnsurepassQUESTION 261 Which tool CANNOT be launched from SmartUpdate R77?   A. SecurePlatform WebUI B. cpinfo C. IP Appliance Voyager D. snapshot   Correct Answer: D     QUESTION 262 How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?   A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion Read more [...]
EnsurepassQUESTION 251 All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?   A. RLOGIN B. HTTP C. SMTP D. FTP   Correct Answer: C   QUESTION 252 You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?   A. Rules Read more [...]
EnsurepassQUESTION 241 Identity Awareness can be deployed in which of the following modes?   A. Router B. Detect C. Load Sharing D. High Availability   Correct Answer: B   QUESTION 242 Which rule is responsible for the installation failure?     A. Rule 3 B. Rule 4 C. Rule 5 D. Rule 6   Correct Answer: B     QUESTION 243 Match the terms with their definitions:   ;   A. A-3, B-4, C-1, D-2 B. A-2, B-3, C-4, D-1 Read more [...]
EnsurepassQUESTION 231 Which of the following authentication methods can be configured in the Identity Awareness setup wizard?   A. TACACS B. Check Point Password C. Windows password D. LDAP Correct Answer: D     QUESTION 232 You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.     When you attempt to configure Read more [...]
EnsurepassQUESTION 221 Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.     A. Rule 4 B. Rule 7 C. Rule 8 D. Rule 5   Correct Answer: A     QUESTION 222 You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?     A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest Read more [...]
EnsurepassQUESTION 211 Reviewing the Rule Base, you see that ________ is responsible for the installation failure.     A. Rule 4 B. Rule 5 C. Rule 7 D. Rule 8   Correct Answer: A     QUESTION 212 You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the Read more [...]
EnsurepassQUESTION 201 Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?   A. SmartView Monitor B. SmartUpdate C. SmartView Status D. None, SmartConsole applications only communicate with the Security Management Server.   Correct Answer: A   QUESTION 202 You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy; but SecureClient Read more [...]
EnsurepassQUESTION 191 Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?   A. Audit Tab B. All Records Query C. Active Tab D. Account Query   Correct Answer: C     QUESTION 192 All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:   A. Exclusion of specific services for reporting purposes. B. Specific traffic that facilitates Read more [...]
EnsurepassQUESTION 181 What information is found in the SmartView Tracker Management log?   A. Administrator SmartDashboard logout event B. SecurePlatform expert login event C. Creation of an administrator using cpconfig D. FTP username authentication failure   Correct Answer: A   QUESTION 182 Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.     A. This is an example of Hide NAT. B. This is an example Read more [...]
EnsurepassQUESTION 171 You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?   A. Eventia Tracker B. SmartView Monitor C. Eventia Monitor D. SmartView Tracker   Correct Answer: D     QUESTION 172 SmartView Tracker logs the following Security Administrator activities, EXCEPT:   A. Object creation, deletion, and editing B. Rule Read more [...]
EnsurepassQUESTION 161 In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:   A. VLAN tagging cannot be defined for any hosts protected by the Gateway. B. The Security Gateway's ARP file must be modified. C. It is not necessary to add a static route to the Gateway's routing table. D. It is necessary to add a static route to the Gateway's routing table.   Correct Answer: C     QUESTION 162 Read more [...]
EnsurepassQUESTION 151 One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?   A. There is no connection between the Security Management Server and the remote Read more [...]
EnsurepassQUESTION 141 You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?   1. Upgrade_export and upgrade_import utilities 2. Database revision control 3. SecurePlatform backup utilities 4. Policy package management 5. Manual copies of the $CPDIR/conf directory   A. 2, 4, and 5 B. 1, 3, and 4 C. 1, 2, and 3 D. 1, 2, 3, 4, and 5   Correct Read more [...]
EnsurepassQUESTION 131 Which answers are TRUE? Automatic Static NAT CANNOT be used when:   1. NAT decision is based on the destination port. 2. Both Source and Destination IP's have to be translated. 3. The NAT rule should only be installed on a dedicated Gateway. 4. NAT should be performed on the server side.   A. 2 and 3 B. 1, 3, and 4 C. 1 and 2 D. 2 and 4   Correct Answer: C     QUESTION 132 Which of the following is a viable consideration when determining Read more [...]
EnsurepassQUESTION 121 You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?   A. The POP3 rule is disabled. B. The POP3 rule is hidden. C. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75. D. POP3 is accepted in Global Properties.   Correct Answer: Read more [...]
EnsurepassQUESTION 111 To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?   A. Apply a source filter by adding both endpoint IP addresses with the equal option set. B. Use a regular expression to filter out relevant logging entries. C. Double-click an entry representing a connection between both endpoints. D. Press CTRL+F in order to open the find dialog, and then search the corresponding Read more [...]
EnsurepassQUESTION 101 How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?   A. Custom scripts cannot be executed through alert scripts. B. Pop-up alert script C. SNMP trap alert script D. User-defined alert script   Correct Answer: D     QUESTION 102 What CANNOT be configured for existing connections during a policy install?   A. Reset all connections Read more [...]
EnsurepassQUESTION 91 Which item below in a Security Policy would be enforced first?   A. Network Address Translation B. Security Policy First rule C. Administrator-defined Rule Base D. IP spoofing/IP options   Correct Answer: D     QUESTION 92 You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to Read more [...]
EnsurepassQUESTION 81 Match the following commands to their correct function. Each command has one function only listed.     A. C1>F2; C2>F1; C3>F6; C4>F4 B. C1>F4; C2>F6; C3>F3; C4>F2 C. C1>F2; C2>F4; C3>F1; C4>F5 D. C1>F6; C2>F4; C3>F2; C4>F5   Correct Answer: D     QUESTION 82 The ____________ and ____________ rules are the two basic rules which should be used by all Security Administrators.   A. Read more [...]
EnsurepassQUESTION 71 Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:   Required Objective. The Security Policy repository must be backed up no less frequently than every 24 hours.   Desired Objective. The R77 components that enforce the Security Policies should be backed up at least once a week.   Desired Objective. Read more [...]
EnsurepassQUESTION 61 When launching SmartDashboard, what information is required to log into R77?   A. User Name, Management Server IP, certificate fingerprint file B. User Name, Password, Management Server IP C. Password, Management Server IP D. Password, Management Server IP, LDAP Server IP   Correct Answer: B           QUESTION 62 Which of the following commands can provide the most complete restoration of a R77 configuration?   A. cpinfo Read more [...]
EnsurepassQUESTION 51 What is the officially accepted diagnostic tool for IP Appliance Support?   A. ipsoinfo B. cpinfo C. uag-diag D. CST   Correct Answer: D     QUESTION 52 Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.   A. Check Point GAiA and SecurePlatform, and Microsoft Windows B. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows C. Check Point GAiA, Read more [...]
EnsurepassQUESTION 41 You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?   A. GAiA back up utilities B. upgrade_export and upgrade_import commands C. Database Revision Control D. Manual copies of the directory $FWDIR/conf   Correct Answer: A     QUESTION 42 Yo u need to completely reboot the Operating System after making which of the following changes on Read more [...]
EnsurepassQUESTION 31 Which of the following methods will provide the most complete backup of an R75 configuration?   A. Execute command upgrade_export B. Database Revision Control C. Policy Package Management D. Copying the directories $FWDIRconf and $CPDIRconf to another server   Correct Answer: A     QUESTION 32 Your primary Security Gateway runs on SecurePlatfor m. What is the easiest way to back up your Security Gateway R77 configuration, including routing and Read more [...]
EnsurepassQUESTION 21 Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?   A. You first need to run the command fw unloadlocal on the new Security Gateway. B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Read more [...]
EnsurepassQUESTION 11 Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore Read more [...]
EnsurepassQUESTION 1 Which of the following statements accurately describes the command snapshot?   A. snapshot creates a Security Management Server full system-level backup on any OS. B. snapshot stores only the system-configuration settings on the Gateway. C. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server. D. snapshot creates a full OS-level backup, including network-interface data, Check Read more [...]