EnsurepassQuestion 601 How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway? A. Add the restricted commands to the aftpd.conf file in the Security Management Server. B. Modify the desired profile in the FTP commands under Protection Details in the IPS tab. C. Configure the restricted FTP commands in the Security Servers screen of the Global Properties. D. Enable FTP Bounce checking / Application Intelligence / Protocol Protections from the IPS tab. Read more [...]
EnsurepassQuestion 591 Which internal user authentication protocols are supported in SSL VPN? A. Check Point Password, SecurID, LDAP, RADIUS, TACACS B. Check Point Password, SecurID, L2TP, RADIUS, TACACS C. Check Point Password, SecurID, Active Directory, RADIUS, TACACS D. Point Password, SecurID, OS Password, RADIUS, TACACS   Answer: D     Question 592 Which Remote Desktop protocols are supported natively in SSL VPN? A. Microsoft RDP only B. AT&T VNC and Microsoft RDP C. Citrix Read more [...]
EnsurepassQuestion 581 To configure a Security Management Server for an SSL VPN Gateway, you can set up log forwarding from that Gateway. All of the following tasks must be performed to accomplish this, EXCEPT: A. Defining a remote log server in the "Remote Log Server" box. B. Establishing SIC between the Security Management Server and the SSL VPN Gateway. C. Initiating the put key process in order to facilitate Secure Internal Communications (SIC). D. Providing the Security Management Server's IP Read more [...]
EnsurepassQuestion 571 Which of the following is a supported deployment for Connectra? A. IPSO 4.9 build 88 B. VMWare ESX C. Solaris 10 D. Windows server 2007   Answer: B     Question 572 To force clients to use Integrity Secure Workspace when accessing sensitive applications, the Administrator can configure Connectra: A. Via protection levels B. To implement Integrity Clientless Security C. To force the user to re-authenticate at login D. Without a special setting. Secure Workspace Read more [...]
EnsurepassQuestion 561 While using the SmartProvisioning Wizard to create a new profile, you cannot continue because there are no devices to select. What is a possible reason for this? i) All devices already have a profile assigned to them ii) Provisioning Blade is not enabled on the devices iii) No UTM- 1/Power- 1/Secure Platform devices are defined in SmartDashboard iv) SIC is not established on the devices. A. (ii), (iii) or (iv) B. (ii) only C. (iii) or (iv) D. (i) or (iii)   Answer: D Read more [...]
EnsurepassQuestion 551 In SmartWorkflow, what is NOT a valid possibility? A. Task Flow without Session and without Role Segregation B. Task Flow without Session but with Role Segregation C. Task Flow with Session but without Role Segregation D. Task Flow with Session and with Role Segregation   Answer: B     Question 552 What is a possible reason for the grayed out Restore Version button in the screenshot of the Database Revision Control while trying to restore Old_Structure? A. Old_Structure Read more [...]
EnsurepassQuestion 541 When a security administrator logs in to SmartDashboard and selects Continue without session from the following window, what kind of access will be granted to him in SmartDashboard? A. He will get read-only access to the policy, network objects and session management. B. He will get read-only access to the policy and network objects; however, he can still manage the sessions, i.e. Approve, Request Repair etc. C. A new session will automatically be created with a default session Read more [...]
EnsurepassQuestion 531 What is the significance of the depicted icon in the SmartWorkflow toolbar? A. Submit for Approval B. Check the consistency of SmartWorkflow sessions. C. Overall status information: Everything is OK. D. Session has been approved.   Answer: A     Question 532 When selecting a backup target using SmartProvisioning, which target is NOT available? A. Locally on device B. FTP C. SCP D. TFTP   Answer: B     Question 533 Which of the following can NOT Read more [...]
EnsurepassQuestion 521 If SmartWorkflow is configured to work without Sessions or Role Segregation, how does the SmartDashboard function? A. The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available. B. The SmartDashboard will function without SmartWorkflow, with no session and no audit trail functionality. C. The SmartDashboard will have no session but SmartView Tracker Read more [...]
EnsurepassQuestion 511 What happens when an Administrator activates the DLP Portal for Self Incident Handling and enters its fully qualified domain name (DNS name)? A. Connections created between the user and the DLP Gateway when clicking links within e-mail notifications to send or discard quarantined e-mails (matched for an Ask User rule) are encrypted. B. The daemon running DLP Portal starts to run and can cater requests from users' browsers (following links from e-mail notifications) and from Read more [...]
EnsurepassQuestion 501 Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based VPNs? A. Red Hat Linux B. SecurePlatform for NCjX and higher C. Solaris 9 and higher D. IPSO 3.9 and higher   Answer: D     Question 502 Which of the following items can be provisioned via a Profile through SmartProvisioning? i) Backup Schedule ii) DNS Entries iii) Hosts Table iv) Domain Name v) Interface IP's A. i, ii, iii, iv, v B. i, ii, iii, iv C. i D. i, ii, iv Read more [...]
EnsurepassQuestion 491 What can be said about RSA algorithms? Select all that apply. A. Long keys can be used in RSA for enhances security B. Short keys can be used for RSA efficiency. C. RSA is faster to compute than DES D. RSA¡¯s key length is variable.   Answer: A,B,D     Question 492 What is the most typical type of configuration for VPNs with several externally managed Gateways? A. star community B. mesh community C. domain community D. Hybrid community E. SAT community   Read more [...]
EnsurepassQuestion 481 What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL inter-module communication? A. RDP B. IPSec C. CCP D. HA OPCODE E. CKPP   Answer: C     Question 482 Which of the following is part of the PKI? Select all that apply. A. User certificate B. Attribute Certificate C. Certificate Revocation Lists D. Public-key certificate   Answer: A,C,D     Question 483 Which of the following are valid PKI architectures? Read more [...]
EnsurepassQuestion 471 When synchronizing clusters, which of the following statements are true? Select all that apply. A. Only cluster members running on the same OS platform can be synchronized. B. Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails. C. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized. D. In the case of a failover, accounting information on the failed member Read more [...]
EnsurepassQuestion 461 Public-key cryptography is considered which of the following? A. two-key/symmetric B. one-key/asymmetric C. two-key/asymmetric D. one-key/symmetric   Answer: C     Question 462 What is the greatest benefit derived from VPNs compared to frame relay, leased lines any other types of dedicated networks? A. lower cost B. stronger authentication C. Less failure/downtime D. Greater performance   Answer: A     Question 463 What is the bit size of DES? Read more [...]
EnsurepassQuestion 451 What port is used for communication to the UserCenter with SmartUpdate? A. HTTP B. HTTPS C. TCP 8080 D. CPMI   Answer: B     Question 452 What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate? A. VPN-1 Security Gateway getting the new upgrade package B. SmartUpdate installed SmartCenter Server PC C. SmartUpdate Repository SQL database Server D. SmartUpdate GUI PC   Answer: D     Question Read more [...]
EnsurepassQuestion 441 When upgrading to NGX R65, which Check Point products do not require a license upgrade to be current? A. VPN-1 NGX (R64) and later B. VPN-1 NGX (R60) and later C. VPN-1 NG with Application Intelligence (R54) and later D. None, all versions require a license upgrade   Answer: B     Question 442 Which of these components does NOT require a VPN-1 NGX R65 license? A. SmartConsole B. Check Point Gateway C. SmartCenter Server D. SmartUpdate upgrading/patching   Read more [...]
EnsurepassQuestion 421 Your current stands alone VPN-1 NG with Application Intelligence (Al) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with Al R55 SmartCenter Server configuration to VPN-1 NGX. How do you upgrade to VPN-1 NGX? A. Insert the NGX Read more [...]
EnsurepassQuestion 411 You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first? A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed B. An object to represent the PSTN phone network, AND an object to represent the IP phone network C. An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed D. An object to represent Read more [...]
EnsurepassQuestion 401 You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade? A. Only VPN-1 Pro Security Gateway B. Both the operating system (OS) and all Check Point products C. All products, except the Policy Server D. Only the patch utility is upgraded using this command E. Only the OS   Answer: B     Question Read more [...]
EnsurepassQuestion 391 You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection? A. The guarantee of one of the rule's sub-rules exceeds the guarantee in the rule itself. B. The number of guaranteed connections is exceeded. The rule's action properties are not set to accept additional connections. C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below Read more [...]
EnsurepassQuestion 381 A cluster contains two members, with external interfaces and The internal interfaces are and The external cluster's IP address is, and the internal cluster's IP address is The synchronization interfaces are and The Security Administrator discovers State Synchronization is not working properly, cphaprob if command output displays as follows: What is causing the State Synchronization Read more [...]