EnsurepassQuestion 291 The following is cphaprob state command output from one New Mode High Availability ClusterXL cluster member:Which member will be active after member 192.168.1.2 fails over and is rebooted? A. Both members' state will be collision. B. 192.168.1.1 C. 192.168.1.2 D. Both members' state will be active.   Answer: B     Question 292 Match the remote-access VPN Connection mode features with their descriptions: A. A 3, B 4, C 2, D 1 B. A 2, B 3, C 4, D 1 Read more [...]
EnsurepassQuestion 281 Which of the following is a supported Sticky Decision function of Sticky Connections for Load Sharing? A. Multi-connection support for VPN-1 cluster members B. Support for Performance Pack acceleration C. Support for all VPN deployments (except those with third-party VPN peers) D. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections   Answer: D     Question 282 Look at the Advanced Properties screen exhibit. What settings can Read more [...]
EnsurepassQuestion 271 You are concerned that your company's servers might be vulnerable to an attack where a client fools a server into sending large amounts of data, using small packets. Which SmartDefense option should you use to protect the servers? A. Network Security > Denial of Service > Non-TCP Flooding B. Network Security > Denial of Service > LAND C. Network Security > IP and ICMP > Block Null Payload ICMP D. Network Security > TCP > Small PMTU   Answer: Read more [...]
EnsurepassQuestion 261 You are establishing a ClusterXL environment, with the following topology: VIP internal cluster IP = 172.16.10.3; VIP external cluster IP = 192.168.10.3 ClusterMember1:4NICs,3enabled: hme(): 192.168.10.1/24, hmel: 10.10.10.1/24, qfe2: 172.16.10.1/24 Cluster Member 2: 5 NICs, 3 enabled; hme3: 192.168.10.2/24, hmel: 10.10.10.2/24, hme2: 172.16.10.2/24 External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Read more [...]
EnsurepassQuestion 251 How do you define a service object for a TCP port range? A. Manage Services, New Other, Provide name and define Protocol: x-y B. Manage Services, New TCP, Provide name and define Port: x-y C. Manage Services, New Other, Provide name and define Protocol: 17, Range: x-y D. Manage Services, New Group, Provide name and Add all service ports for range individually to the group object   Answer: B     Question 252 Which of these components does NOT require a Read more [...]
EnsurepassQuestion 241 How do you recover communications between your SmartCenter Server and Security Gateway if you "lock" yourself out via a rule or policy mis-configuration? A. cpstop B. fw unload policy C. fw delete all.all D. fwunloadlocal   Answer: D     Question 242 Which command is used to uninstall the Security Policy directly from the Security Gateway? A. fwm unload.local B. fw kill policy C. cpstop D. fwunloadlocal   Answer: D     Question 243 Read more [...]
EnsurepassQuestion 231 Which SmartView Tracker mode allows you to read the SMTP email body sent from the Chief Executive Officer (CEO)? A. Log Tab B. Display Capture Action C. This is not a SmartView Tracker feature D. Account Query   Answer: B     Question 232 If you are experiencing LDAP issues, which of the following should you check? A. Connectivity between the NGX gateway and LDAP server B. Secure Internal Communications (SIC) C. VPN Load Balancing D. Overlapping VPN Read more [...]
EnsurepassQuestion 221 What tools CANNOT be launched from SmartUpdate NGX R65? A. cpinfo B. SecurePlatform WebUI C. snapshot D. Nokia Voyager   Answer: C     Question 222 Your VPN-1 NGX R65 primary SmartCenter Server is installed on SecurePlatform. You plan to schedule the SmartCenter Server to run fw logswitch automatically every 48 hours. How do you create this schedule? A. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties Read more [...]
EnsurepassQuestion 211 You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations: Cluster Member 1: OS: SecurePlatform, NICs: Quad Card, memory: 512 MB, Security Gateway, version: VPN-1 NGX R65 and primary Smart Center Server installed, version: VPN-1 NGX R65 Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway only, and version: VPN-1 NGX R65 Cluster Member 3: OS: SecurePlatform, Read more [...]
EnsurepassQuestion 201 The customer has a small Check Point installation which includes one Window XP workstation working as SmartConsole . one Solaris server working as SmartCenter, and a third server running SecurePlatform working as Security Gateway. This is an example of: A. Hybrid Installation B. Unsupported configuration C. Stand-Alone Installation D. Distributed Installation   Answer: A     Question 202 Which VPN-1 NGX R65 component displays the number of packets accepted, Read more [...]
EnsurepassQuestion 191 What is a task of the IPS Event Analysis Client? A. Add events to the events database. B. Assign a severity level to an event. C. Display the received events. D. Analyze each IPS log entry as it enters the Log server   Answer: C     Question 192 When upgrading to NGX R65, which Check Point products do not require a license upgrade to be current? A. None, all versions require a license upgrade B. VPN-1 NGX(R64) and later C. VPN-1 NGX(R60) and later Read more [...]
EnsurepassQuestion 181 When a security administrator logs in to SmartDashboard and selects Continue without session from the following window, what kind of access will be generated in SmartDashboard? A. He will get read4 only access to the policy, network objects and session management B. He will get read-only access to the policy and network objects; however, He can still manage the sessions, i.e. Approve, Request Repair etc C. A new session will automatically be created with a default session Read more [...]