EnsurepassQUESTION 181 What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL inter-module communication?   A. RDP B. IPSec C. CCP D. HA OPCODE E. CKPP   Answer: C     QUESTION 182 Which of the following is part of the PKI? Select all that apply.   A. User certificate B. Attribute Certificate C. Certificate Revocation Lists D. Public-key certificate   Answer: A,C,D     QUESTION 183 Which of the following Read more [...]
EnsurepassQUESTION 171 VPN traffic control would fall under which VPN component?   A. Performance B. Management C. Security D. QoS   Answer: D     QUESTION 172 Which of the following is an example of the hash function?   A. DES and CBC B. DAC and MAC C. SHA and 3DES D. MD5 and SHA-1   Answer: D     QUESTION 173 When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?   A. MEP Gateways cannot Read more [...]
EnsurepassQUESTION 161 What is the greatest benefit derived from VPNs compared to frame relay, leased lines any other types of dedicated networks?   A. lower cost B. stronger authentication C. Less failure/downtime D. Greater performance   Answer: A     QUESTION 162 What is the bit size of DES?   A. 56 B. 112 C. 168 D. 128 E. 32 F. 64   Answer: A     QUESTION 163 In cryptography, the Rivest, Shamir, Adelman (RSA) scheme has which of the following? Read more [...]
EnsurepassQUESTION 151 What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?   A. VPN-1 Security Gateway getting the new upgrade package B. SmartUpdate installed SmartCenter Server PC C. SmartUpdate Repository SQL database Server D. SmartUpdate GUI PC   Answer: D     QUESTION 152 What action CANNOT be run from SmartUpdate NGX R65?   A. Get all Gateway Data B. Reboot gateway C. Preinstall verifier... Read more [...]
EnsurepassQUESTION 151 What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?   A. VPN-1 Security Gateway getting the new upgrade package B. SmartUpdate installed SmartCenter Server PC C. SmartUpdate Repository SQL database Server D. SmartUpdate GUI PC   Answer: D     QUESTION 152 What action CANNOT be run from SmartUpdate NGX R65?   A. Get all Gateway Data B. Reboot gateway C. Preinstall verifier... Read more [...]
EnsurepassQUESTION 141 Which of these components does NOT require a VPN-1 NGX R65 license?   A. SmartConsole B. Check Point Gateway C. SmartCenter Server D. SmartUpdate upgrading/patching   Answer: A     QUESTION 142 Which of the following is a TRUE statement concerning contract verification?   A. Your contract file is stored on the User Center and fetched by the Gateway as needed. B. Your contract file is stored on theSmartConsole and downloaded to the SmartCenter Read more [...]
EnsurepassQUESTION 131 How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queues when using a Check Point QoS solution?   A. Low latency class B. DiffServrule C. guaranteed per connection D. Weighted Fair Queuing E. guaranteed per VoIP rule   Answer: A     QUESTION 132 To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?   A. Change the Read more [...]
EnsurepassQUESTION 121 Which of the following QoS rulE. action properties is an Advanced action type, only available in Traditional mode?   A. Guarantee Allocation B. Rule weight C. Apply rule only to encrypted traffic D. Rule limit E. Rule guarantee   Answer: A     QUESTION 122 Which OPSEC server is used to prevent users from accessing certain Web sites?   A. LEA B. URI C. UFP D. AMON E. CVP   Answer: C     QUESTION 123 Regarding QoS guarantees Read more [...]
EnsurepassQUESTION 111 The following configuration is for VPN-1 NGX:ls this configuration correct for Management High Availability (HA)? A. No, theSmartCenter Servers must be installed on the same operating system. B. No, a VPN-1 NGXSmartCenter Server cannot run on Red Hat Linux 7.3. C. No, the SmartCenter Servers must reside on the same network. D. No, A VPN-1 NGX SmartCenter Server can only be in a Management HA configuration, if the operating system is Solaris. E. No, theSmartCenter Servers Read more [...]
EnsurepassQUESTION 101 Which service type does NOT invoke a Security Server?   A. HTTP B. FTP C. Telnet D. CIFS E. SMTP   Answer: D     QUESTION 102 When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?   A. All cluster members process all packets, and members synchronize with each other. B. All members receive all packets. TheSmartCenter Server decides which member will process the packets. Read more [...]
EnsurepassQUESTION 91 You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects: Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.100.100 VoIP Domain object: VolP_domain_A 1 .EnD. point domain: SIP-net 2.VoIP gateway installed at: SIP-gateway host object Read more [...]
EnsurepassQUESTION 81 You have an internal FTP server, and you allow uploading, but not downloading. Assume Network Address Translation (NAT) is set up correctly and you want to add an inbound rule with: Source: Any Destination: FTP server Service: an FTP resource object. How do you configure the FTP resource object and the action column in the rule to achieve this goal?   A. Disable "Get" and "Put" methods in the FTP Resource Properties and use them in the rule, with action accept. B. Read more [...]