EnsurepassQuestion 341 What happens if you select Web Server in the dialog box? <!--[if !vml]--><!--[endif]--> A. An implied rule will be added allowing HTTP request from and to the host. B. Anti-virus settings will be applied to the host. C. An implied rule will be added allowing HTTP requests to the host. D. Web Intelligence will be applied to the host.   Answer: D     Question 342 When configuring the Check Point Gateway network interfaces, you can define the direction Read more [...]
EnsurepassQuestion 331 If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange? A. 9 B. 6 C. 3 D. 2   Answer: B     Question 332 How many packets does the IKE exchange use for Phase 1 Main Mode? A. 6 B. 12 C. 1 D. 3   Answer: A     Question 333 How many packets does the IKE exchange use for Phase 1 Aggressive Mode? A. 1 B. 12 C. 6 D. 3   Answer: D     Question 334 Which of the following Read more [...]
EnsurepassQuestion 321 Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration? A. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage. B. This cannot be done without downtime as a VPN between Read more [...]
EnsurepassQuestion 311 What command syntax would you use to turn on PDP logging in a distributed environment? A. pdp tracker on B. pdp log=1 C. pdp track=1 D. pdp logging on   Answer: A     Question 312 Which of the following authentication methods can be configured in the Identity Awareness setup wizard? A. Captive Portal B. TACACS C. Check Point Password D. Windows password   Answer: A     Question 313 Which of the following authentication methods can be configured Read more [...]
EnsurepassQuestion 301 What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server? A. RCP B. LDAP C. WMI D. CIFS   Answer: C     Question 302 Which of the following items should be configured for the Security Management Server to authenticate via LDAP? A. Windows logon password B. Active Directory Server object C. WMI object D. Check Point Password   Answer: B     Question 303 Which of the Read more [...]
EnsurepassQuestion 291 Which of the following methods is NOT used by Identity Awareness to catalog identities? A. AD Query B. GPO C. Captive Portal D. Identity Agent   Answer: B     Question 292 When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method? A. Leveraging identity in the application control blade B. Identity-based enforcement for non-AD users Read more [...]
EnsurepassQuestion 281 Identity Awareness can be deployed in which of the following modes? A. Router B. Detect C. Load Sharing D. High Availability   Answer: B     Question 282 What happens if the identity of a user is known? A. If the user credentials do not match an Access Role, the gateway moves onto the next rule. B. If the user credentials do not match an Access Role, the system displays the Captive Portal. C. If the user credentials do not match an Access Role, the traffic is Read more [...]
EnsurepassQuestion 271 Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict? A. Select Intersect with user database or Ignore Database in the Action Properties window. B. Permit access to Finance_net. C. Select Ignore Database in the Action Properties window. D. Select Intersect with user database Read more [...]
EnsurepassQuestion 261 Which type of R76 Security Server does not provide User Authentication? A. FTP Security Server B. SMTP Security Server C. HTTPS Security Server D. HTTP Security Server   Answer: B     Question 262 You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? A. All users B. Internal user Group C. A group with generic user D. LDAP Account Unit Group   Answer: C     Question Read more [...]
EnsurepassQuestion 251 Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a: A. Client Authentication rule using the manual sign-on method, using HTTP on port 900 B. Client Authentication rule, using partially automatic sign on C. Client Authentication for fully automatic sign on D. Session Authentication Read more [...]
EnsurepassQuestion 241 If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate? A. SmartEvent Intro B. IPS C. SSL: VPN D. Data Loss Prevention   Answer: B     Question 242 Central license management allows a Security Administrator to perform which of the following functions? 1. Check for expired licenses. 2. Sort licenses and view license properties. 3. Attach both R76 Central Read more [...]
EnsurepassQuestion 231 What port is used for communication to the User Center with SmartUpdate? A. TCP 8080 B. HTTPS 443 C. HTTP 80 D. CPMI 200   Answer: B     Question 232 You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA? A. Send a CD-ROM with the HFA to each location and have local personnel install it. B. Use SmartUpdate to install Read more [...]
EnsurepassQuestion 221 Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection? A. Intrusion Detection System (IDS) Policy install B. SAM - Suspicious Activity Rules feature of SmartView Monitor C. Block Intruder feature of SmartView Tracker D. Change the Rule Base and install the Policy to all Security Gateways   Answer: C     Question 222 Which R75 component displays the number Read more [...]
EnsurepassQuestion 211 Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? A. SmartUpdate B. SmartView Status C. SmartView Monitor D. None, SmartConsole applications only communicate with the Security Management Server.   Answer: C     Question 212 Which R76 GUI would you use to see the number of packets accepted since the last policy install? A. SmartView Monitor B. SmartView Status C. SmartView Tracker D. SmartDashboard   Read more [...]
EnsurepassQuestion 201 What happens when you run the commanD. fw sam -J src [Source IP Address]? A. Connections to and from the specified target are blocked without the need to change the Security Policy. B. Connections to and from the specified target are blocked with the need to change the Security Policy. C. Connections from the specified source are blocked without the need to change the Security Policy. D. Connections to the specified target are blocked without the need to change the Security Read more [...]
EnsurepassQuestion 191 Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network? A. Network and Endpoint tab B. Custom filter C. Management tab D. Active tab   Answer: C     Question 192 You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity? A. SmartView Tracker in Network and Endpoint Mode B. SmartView Tracker Read more [...]
EnsurepassQuestion 181 You can include External commands in SmartView Tracker by the menu Tools > Custom Commands. The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address? A. There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup. B. Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list. C. Use the Read more [...]
EnsurepassQuestion 171 You plan to create a backup of the rules, objects, policies, and global properties from an R76 Security Management Server. Which of the following backup and restore solutions can you use? A. 2, 4, and 5 B. 1, 3, and 4 C. 1, 2, and 3 D. 1, 2, 3, 4, and 5   Answer: C     Question 172 Which R76 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations? A. Policy Package management B. Database Read more [...]
EnsurepassQuestion 161 You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause? A. The POP3 rule is disabled. B. The POP3 rule is hidden. C. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75. D. POP3 is accepted in Global Properties.   Answer: B     Question 162 Read more [...]
EnsurepassQuestion 151 Which statement below describes the most correct strategy for implementing a Rule Base? A. Place a network-traffic rule above the administrator access rule. B. Limit grouping to rules regarding specific access. C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down. D. Add the Stealth Rule before the last rule.   Answer: C     Question 152 Which of the following is a viable consideration when determining Read more [...]
EnsurepassQuestion 141 After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue? A. A SmartDefense module has blocked the packet. B. It is due to NAT. C. An IPSO ACL has blocked the packet's outbound passage. D. The packet has been sent out through a VPN tunnel unencrypted.   Answer: B     Question 142 Your internal network is configured to be Read more [...]
EnsurepassQuestion 131 A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server? A. A static route for the NAT IP must be added to the Gateway's upstream router. B. Automatic ARP must be unchecked in the Global Properties. C. Nothing Read more [...]
EnsurepassQuestion 121 Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity? A. Static Source B. Static Destination C. Dynamic Destination D. Hide   Answer: D     Question 122 NAT can NOT be configured on which of the following objects? A. Host B. HTTP Logical Server C. Address Range D. Gateway   Answer: B     Question 123 Which Check Point address Read more [...]
EnsurepassQuestion 111 A  rule is used to prevent all traffic going to the R75 Security Gateway. A. Cleanup B. Stealth C. Reject D. IPS   Answer: B     Question 112 In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to Read more [...]
EnsurepassQuestion 101 A Cleanup rulE. A. drops packets without logging connections that would otherwise be dropped and logged by default. B. logs connections that would otherwise be accepted without logging by default. C. drops packets without logging connections that would otherwise be accepted and logged by default. D. logs connections that would otherwise be dropped without logging by default.   Answer: D     Question 102 Which statement is TRUE about implicit rules? A. You create Read more [...]
EnsurepassQuestion 91 Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the command cpconfig and put in the same activation key in the Gateway's object on the Security Management Server. Unfortunately, SIC cannot be established. What is a possible reason for the problem? A. Joe forgot to exit from cpconfig. B. The installed policy blocks the communication. C. The old Gateway Read more [...]
EnsurepassQuestion 81 How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address? A. Route Table B. Address resolution (ARP, RARP) C. Name resolution (hosts file, DNS, cache) D. SNMP Get   Answer: C     Question 82 Anti-Spoofing is typically set up on which object type? A. Network B. Security Management object C. Host D. Security Gateway   Answer: D     Question 83 Spoofing is a method of: A. Disguising an illegal Read more [...]
EnsurepassQuestion 71 Which command would provide the most comprehensive diagnostic information to Check Point Technical Support? A. cpstat - date.cpstat.txt B. fw cpinfo C. cpinfo -o date.cpinfo.txt D. diag   Answer: C     Question 72 Which of the following statements accurately describes the command snapshot? A. snapshot creates a Security Management Server full system-level backup on any OS. B. snapshot stores only the system-configuration settings on the Gateway. C. A Gateway snapshot Read more [...]
EnsurepassQuestion 61 When restoring R76 using the command upgrade_import, which of the following items are NOT restored? A. Licenses B. SIC Certificates C. Global properties D. Route tables   Answer: D     Question 62 Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R76 installation benefits. Your plan must meet the following required and desired objectives: Required ObjectivE. The Security Policy repository must Read more [...]