EnsurepassQUESTION 261 Which tool CANNOT be launched from SmartUpdate R77?   A. SecurePlatform WebUI B. cpinfo C. IP Appliance Voyager D. snapshot   Correct Answer: D     QUESTION 262 How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?   A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion Read more [...]
EnsurepassQUESTION 251 All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?   A. RLOGIN B. HTTP C. SMTP D. FTP   Correct Answer: C   QUESTION 252 You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?   A. Rules Read more [...]
EnsurepassQUESTION 241 Identity Awareness can be deployed in which of the following modes?   A. Router B. Detect C. Load Sharing D. High Availability   Correct Answer: B   QUESTION 242 Which rule is responsible for the installation failure?     A. Rule 3 B. Rule 4 C. Rule 5 D. Rule 6   Correct Answer: B     QUESTION 243 Match the terms with their definitions:   ;   A. A-3, B-4, C-1, D-2 B. A-2, B-3, C-4, D-1 Read more [...]
EnsurepassQUESTION 231 Which of the following authentication methods can be configured in the Identity Awareness setup wizard?   A. TACACS B. Check Point Password C. Windows password D. LDAP Correct Answer: D     QUESTION 232 You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.     When you attempt to configure Read more [...]
EnsurepassQUESTION 221 Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.     A. Rule 4 B. Rule 7 C. Rule 8 D. Rule 5   Correct Answer: A     QUESTION 222 You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?     A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest Read more [...]
EnsurepassQUESTION 211 Reviewing the Rule Base, you see that ________ is responsible for the installation failure.     A. Rule 4 B. Rule 5 C. Rule 7 D. Rule 8   Correct Answer: A     QUESTION 212 You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the Read more [...]
EnsurepassQUESTION 201 Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?   A. SmartView Monitor B. SmartUpdate C. SmartView Status D. None, SmartConsole applications only communicate with the Security Management Server.   Correct Answer: A   QUESTION 202 You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy; but SecureClient Read more [...]
EnsurepassQUESTION 191 Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?   A. Audit Tab B. All Records Query C. Active Tab D. Account Query   Correct Answer: C     QUESTION 192 All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:   A. Exclusion of specific services for reporting purposes. B. Specific traffic that facilitates Read more [...]
EnsurepassQUESTION 181 What information is found in the SmartView Tracker Management log?   A. Administrator SmartDashboard logout event B. SecurePlatform expert login event C. Creation of an administrator using cpconfig D. FTP username authentication failure   Correct Answer: A   QUESTION 182 Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.     A. This is an example of Hide NAT. B. This is an example Read more [...]
EnsurepassQUESTION 171 You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?   A. Eventia Tracker B. SmartView Monitor C. Eventia Monitor D. SmartView Tracker   Correct Answer: D     QUESTION 172 SmartView Tracker logs the following Security Administrator activities, EXCEPT:   A. Object creation, deletion, and editing B. Rule Read more [...]
EnsurepassQUESTION 161 In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:   A. VLAN tagging cannot be defined for any hosts protected by the Gateway. B. The Security Gateway's ARP file must be modified. C. It is not necessary to add a static route to the Gateway's routing table. D. It is necessary to add a static route to the Gateway's routing table.   Correct Answer: C     QUESTION 162 Read more [...]
EnsurepassQUESTION 151 One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?   A. There is no connection between the Security Management Server and the remote Read more [...]
EnsurepassQUESTION 141 You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?   1. Upgrade_export and upgrade_import utilities 2. Database revision control 3. SecurePlatform backup utilities 4. Policy package management 5. Manual copies of the $CPDIR/conf directory   A. 2, 4, and 5 B. 1, 3, and 4 C. 1, 2, and 3 D. 1, 2, 3, 4, and 5   Correct Read more [...]
EnsurepassQUESTION 131 Which answers are TRUE? Automatic Static NAT CANNOT be used when:   1. NAT decision is based on the destination port. 2. Both Source and Destination IP's have to be translated. 3. The NAT rule should only be installed on a dedicated Gateway. 4. NAT should be performed on the server side.   A. 2 and 3 B. 1, 3, and 4 C. 1 and 2 D. 2 and 4   Correct Answer: C     QUESTION 132 Which of the following is a viable consideration when determining Read more [...]
EnsurepassQUESTION 121 You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?   A. The POP3 rule is disabled. B. The POP3 rule is hidden. C. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75. D. POP3 is accepted in Global Properties.   Correct Answer: Read more [...]
EnsurepassQUESTION 111 To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?   A. Apply a source filter by adding both endpoint IP addresses with the equal option set. B. Use a regular expression to filter out relevant logging entries. C. Double-click an entry representing a connection between both endpoints. D. Press CTRL+F in order to open the find dialog, and then search the corresponding Read more [...]
EnsurepassQUESTION 101 How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?   A. Custom scripts cannot be executed through alert scripts. B. Pop-up alert script C. SNMP trap alert script D. User-defined alert script   Correct Answer: D     QUESTION 102 What CANNOT be configured for existing connections during a policy install?   A. Reset all connections Read more [...]
EnsurepassQUESTION 91 Which item below in a Security Policy would be enforced first?   A. Network Address Translation B. Security Policy First rule C. Administrator-defined Rule Base D. IP spoofing/IP options   Correct Answer: D     QUESTION 92 You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to Read more [...]
EnsurepassQUESTION 81 Match the following commands to their correct function. Each command has one function only listed.     A. C1>F2; C2>F1; C3>F6; C4>F4 B. C1>F4; C2>F6; C3>F3; C4>F2 C. C1>F2; C2>F4; C3>F1; C4>F5 D. C1>F6; C2>F4; C3>F2; C4>F5   Correct Answer: D     QUESTION 82 The ____________ and ____________ rules are the two basic rules which should be used by all Security Administrators.   A. Read more [...]
EnsurepassQUESTION 71 Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:   Required Objective. The Security Policy repository must be backed up no less frequently than every 24 hours.   Desired Objective. The R77 components that enforce the Security Policies should be backed up at least once a week.   Desired Objective. Read more [...]
EnsurepassQUESTION 61 When launching SmartDashboard, what information is required to log into R77?   A. User Name, Management Server IP, certificate fingerprint file B. User Name, Password, Management Server IP C. Password, Management Server IP D. Password, Management Server IP, LDAP Server IP   Correct Answer: B           QUESTION 62 Which of the following commands can provide the most complete restoration of a R77 configuration?   A. cpinfo Read more [...]
EnsurepassQUESTION 51 What is the officially accepted diagnostic tool for IP Appliance Support?   A. ipsoinfo B. cpinfo C. uag-diag D. CST   Correct Answer: D     QUESTION 52 Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.   A. Check Point GAiA and SecurePlatform, and Microsoft Windows B. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows C. Check Point GAiA, Read more [...]