EnsurepassQuestion 341 What happens if you select Web Server in the dialog box? <!--[if !vml]--><!--[endif]--> A. An implied rule will be added allowing HTTP request from and to the host. B. Anti-virus settings will be applied to the host. C. An implied rule will be added allowing HTTP requests to the host. D. Web Intelligence will be applied to the host.   Answer: D     Question 342 When configuring the Check Point Gateway network interfaces, you can define the direction Read more [...]
EnsurepassQuestion 331 If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange? A. 9 B. 6 C. 3 D. 2   Answer: B     Question 332 How many packets does the IKE exchange use for Phase 1 Main Mode? A. 6 B. 12 C. 1 D. 3   Answer: A     Question 333 How many packets does the IKE exchange use for Phase 1 Aggressive Mode? A. 1 B. 12 C. 6 D. 3   Answer: D     Question 334 Which of the following Read more [...]
EnsurepassQuestion 321 Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration? A. This can not be done as it requires a SIC- reset on the Gateways first forcing an outage. B. This cannot be done without downtime as a VPN between Read more [...]
EnsurepassQuestion 311 What command syntax would you use to turn on PDP logging in a distributed environment? A. pdp tracker on B. pdp log=1 C. pdp track=1 D. pdp logging on   Answer: A     Question 312 Which of the following authentication methods can be configured in the Identity Awareness setup wizard? A. Captive Portal B. TACACS C. Check Point Password D. Windows password   Answer: A     Question 313 Which of the following authentication methods can be configured Read more [...]
EnsurepassQuestion 301 What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server? A. RCP B. LDAP C. WMI D. CIFS   Answer: C     Question 302 Which of the following items should be configured for the Security Management Server to authenticate via LDAP? A. Windows logon password B. Active Directory Server object C. WMI object D. Check Point Password   Answer: B     Question 303 Which of the Read more [...]
EnsurepassQuestion 291 Which of the following methods is NOT used by Identity Awareness to catalog identities? A. AD Query B. GPO C. Captive Portal D. Identity Agent   Answer: B     Question 292 When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method? A. Leveraging identity in the application control blade B. Identity-based enforcement for non-AD users Read more [...]
EnsurepassQuestion 281 Identity Awareness can be deployed in which of the following modes? A. Router B. Detect C. Load Sharing D. High Availability   Answer: B     Question 282 What happens if the identity of a user is known? A. If the user credentials do not match an Access Role, the gateway moves onto the next rule. B. If the user credentials do not match an Access Role, the system displays the Captive Portal. C. If the user credentials do not match an Access Role, the traffic is Read more [...]
EnsurepassQuestion 271 Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict? A. Select Intersect with user database or Ignore Database in the Action Properties window. B. Permit access to Finance_net. C. Select Ignore Database in the Action Properties window. D. Select Intersect with user database Read more [...]
EnsurepassQuestion 261 Which type of R76 Security Server does not provide User Authentication? A. FTP Security Server B. SMTP Security Server C. HTTPS Security Server D. HTTP Security Server   Answer: B     Question 262 You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? A. All users B. Internal user Group C. A group with generic user D. LDAP Account Unit Group   Answer: C     Question Read more [...]
EnsurepassQuestion 251 Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a: A. Client Authentication rule using the manual sign-on method, using HTTP on port 900 B. Client Authentication rule, using partially automatic sign on C. Client Authentication for fully automatic sign on D. Session Authentication Read more [...]
EnsurepassQuestion 241 If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate? A. SmartEvent Intro B. IPS C. SSL: VPN D. Data Loss Prevention   Answer: B     Question 242 Central license management allows a Security Administrator to perform which of the following functions? 1. Check for expired licenses. 2. Sort licenses and view license properties. 3. Attach both R76 Central Read more [...]
EnsurepassQuestion 231 What port is used for communication to the User Center with SmartUpdate? A. TCP 8080 B. HTTPS 443 C. HTTP 80 D. CPMI 200   Answer: B     Question 232 You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA? A. Send a CD-ROM with the HFA to each location and have local personnel install it. B. Use SmartUpdate to install Read more [...]