EnsurepassQUESTION 291 The following is cphaprob state command output from one New Mode High Availability ClusterXL cluster member:Which member will be active after member fails over and is rebooted? A. Both members' state will be collision. B. C. D. Both members' state will be active.   Answer: B     QUESTION 292 Match the remote-access VPN Connection mode features with their descriptions:   A. A 3, B 4, C 2, D 1 B. A 2, B 3, C 4, D 1 C. Read more [...]
EnsurepassQUESTION 281 Which of the following is a supported Sticky Decision function of Sticky Connections for Load Sharing?   A. Multi-connection support for VPN-1 cluster members B. Support for Performance Pack acceleration C. Support for all VPN deployments (except those with third-party VPN peers) D. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections   Answer: D     QUESTION 282 Look at the Advanced Properties screen exhibit. What settings can Read more [...]
EnsurepassQUESTION 271 You are concerned that your company's servers might be vulnerable to an attack where a client fools a server into sending large amounts of data, using small packets. Which SmartDefense option should you use to protect the servers?   A. Network Security > Denial of Service > Non-TCP Flooding B. Network Security > Denial of Service > LAND C. Network Security > IP and ICMP > Block Null Payload ICMP D. Network Security > TCP > Small PMTU   Answer: Read more [...]
EnsurepassQUESTION 261 You are establishing a ClusterXL environment, with the following topology: VIP internal cluster IP =; VIP external cluster IP = ClusterMember1:4NICs,3enabled: hme():, hmel:, qfe2: Cluster Member 2: 5 NICs, 3 enabled; hme3:, hmel:, hme2: External interfaces and connect to a VLAN switch. The upstream router connects to the same VLAN switch. Read more [...]
EnsurepassQUESTION 251 How do you define a service object for a TCP port range?   A. Manage Services, New Other, Provide name and define Protocol: x-y B. Manage Services, New TCP, Provide name and define Port: x-y C. Manage Services, New Other, Provide name and define Protocol: 17, Range: x-y D. Manage Services, New Group, Provide name and Add all service ports for range individually to the group object   Answer: B     QUESTION 252 Which of these components does NOT require a Read more [...]
EnsurepassQUESTION 241 How do you recover communications between your SmartCenter Server and Security Gateway if you "lock" yourself out via a rule or policy mis-configuration?   A. cpstop B. fw unload policy C. fw delete all.all D. fwunloadlocal   Answer: D     QUESTION 242 Which command is used to uninstall the Security Policy directly from the Security Gateway?   A. fwm unload.local B. fw kill policy C. cpstop D. fwunloadlocal   Answer: D     QUESTION 243 Read more [...]
EnsurepassQUESTION 231 Which SmartView Tracker mode allows you to read the SMTP email body sent from the Chief Executive Officer (CEO)?   A. Log Tab B. Display Capture Action C. This is not a SmartView Tracker feature D. Account Query   Answer: B     QUESTION 232 If you are experiencing LDAP issues, which of the following should you check?   A. Connectivity between the NGX gateway and LDAP server B. Secure Internal Communications (SIC) C. VPN Load Balancing D. Overlapping Read more [...]
EnsurepassQUESTION 221 What tools CANNOT be launched from SmartUpdate NGX R76?   A. cpinfo B. SecurePlatform WebUI C. snapshot D. Nokia Voyager   Answer: C     QUESTION 222 Your VPN-1 NGX R76 primary SmartCenter Server is installed on SecurePlatform. You plan to schedule the SmartCenter Server to run fw logswitch automatically every 48 hours. How do you create this schedule?   A. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties Read more [...]
EnsurepassQUESTION 211 You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations: Cluster Member 1: OS: SecurePlatform, NICs: Quad Card, memory: 512 MB, Security Gateway, version: VPN-1 NGX R76 and primary Smart Center Server installed, version: VPN-1 NGX R76 Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway only, and version: VPN-1 NGX R76 Cluster Member 3: OS: SecurePlatform, Read more [...]
EnsurepassQUESTION 201 The customer has a small Check Point installation which includes one Window XP workstation working as SmartConsole ? one Solaris server working as SmartCenter, and a third server running SecurePlatform working as Security Gateway. This is an example of:   A. Hybrid Installation B. Unsupported configuration C. Stand-Alone Installation D. Distributed Installation   Answer: A     QUESTION 202 Which VPN-1 NGX R76 component displays the number of packets accepted, Read more [...]
EnsurepassQUESTION 191 What is a task of the IPS Event Analysis Client?   A. Add events to the events database. B. Assign a severity level to an event. C. Display the received events. D. Analyze each IPS log entry as it enters the Log server   Answer: C     QUESTION 192 When upgrading to NGX R76, which Check Point products do not require a license upgrade to be current?   A. None, all versions require a license upgrade B. VPN-1 NGX(R64) and later C. VPN-1 NGX(R60) and later Read more [...]
EnsurepassQUESTION 181 When a security administrator logs in to SmartDashboard and selects Continue without session from the following window, what kind of access will be generated in SmartDashboard?   A. He will get read4 only access to the policy, network objects and session management B. He will get read-only access to the policy and network objects; however, He can still manage the sessions, i.e. Approve, Request Repair etc C. A new session will automatically be created with a default session Read more [...]
EnsurepassQUESTION 171 Your customer wishes to use SmartWorkflow Software Blade, but he also wishes to install a policy during an emergency without an approval. Is it possible? Select the BEST answer   A. Yes, it is possible but the administrator must receive special administrator permission i.e, can install in emergency. You can use the new CUI to set the administration security setting. B. Yes, it is possible, but this feature must be configured in the Global Properties. The administrator Read more [...]
EnsurepassQUESTION 161 While using the SmartProvisioning to create a new profile, you cannot continue because there are no devices to select. What is the possible reason for this? i) All devices already have a profile assigned to them ii) Provisioning Blade is not enabled on the devices iii) No UTM- 1/Power- 1/Secure Platform devices are defined in SmartDashboard iv) SIC is not established on the devices.   A. ii, iii, iv B. ii only C. iii, and iv D. i, iii   Answer: B     QUESTION Read more [...]
EnsurepassQUESTION 151 To help organize events, Eventia Analyzer uses filtered queries. Which of the following is NOT an Eventia Analyzer event property you can query?   A. Even Critical, Suspect, False Alarm B. Time: Last hour, Last Day, Last Week C. State Open, Closed, False Alarm D. Type Scans, Denial of Services, Unauthorized Entry   Answer: A     QUESTION 152 Using the Backup Target functionality in SmartProvisioning, what targets are available? i) FTP ii) TFTP iii) SFTP Read more [...]
EnsurepassQUESTION 141 Using the output below, what does the red flag indicate for the MS08-067 Protection? A. It indicates it is for follow up. B. It indicates this protection is for new 0-day vulnerability. C. It indicates the protection¡¯s Security Level was modified from the default setting by the administrator. D. It indicates this protection is critical.   Answer: A     QUESTION 142 Which OPSEC server can be used to prevent users from accessing certain Web sites?   A. Read more [...]
EnsurepassQUESTION 131 You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicions?   A. SmartDashboard B. SmartView Tracker C. SmartUpdate D. SmartView Status   Answer: B     QUESTION 132 The ¡®We-Make-Widgets¡¯ company has purchased twenty UTM-1 Edge appliances for their remote offices. Kim decides the best way to Read more [...]
EnsurepassQUESTION 121 Reporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT   A. Possible worm/malware activity. B. Tracking attempted port scans. C. Analyzing traffic patterns against public resources. D. Analyzing access attempts via social-engineering.   Answer: D     QUESTION 122 Laura notices the Microsoft Visual Basic kill Bits protection is sent to inactive. She wants to set the micro soft Visual Basic Read more [...]
EnsurepassQUESTION 111 You have pushed a policy to your firewall and you are not able to access the firewall. What command will allow you to remove the current policy from the machine?   A. Fw purge policy B. Fw fetch policy C. Fw purge active D. Fw unload local   Answer: D     QUESTION 112 In smart workflow, what is not valid possibility?   A. Task Flow without Session and without role segregation. B. Task Flow without Session but with Role Segregation C. Task Flow with Read more [...]
EnsurepassQUESTION 101 Smart provisioning can provision the Operating System and network settings on which of the following?   A. R76 HFA 40 Security Gateways and above B. IPSO 42. Security Gateways C. NGX Security Appliances D. Edge firmware 6x and above   Answer: D     QUESTION 102 You are using smart update and perform a remote upgrade to a R/1 Security. Gateway which of the following statements is false   A. Smart dashboard is open during package upload and upgrade, Read more [...]
EnsurepassQUESTION 91 What port is used for communication to the User Center with Smart update?   A. CPM200 B. HTTPS 443 C. HTTP 80 D. TCP 8080   Answer: B     QUESTION 92 You are using tracelogger to debug SSL VPN¡¯s server and obtain a textual traffic dump. Which type of traffic will you not see in output?   A. Traffic outbound from internal networks B. Traffic to the portal C. Traffic outbound to external networks D. Traffic inbound from external networks   Answer: Read more [...]
EnsurepassQUESTION 81 When does it mean when a Security Gateway is labeled untrusted in the Smart provisioning status view?   A. the Security Gateway is down. B. SIC has not been established between the Security Gateway and the Security management. C. Smart Provisioning is not enabled on the Security Gateway D. cpd is not running at the Security Gateway   Answer: B     QUESTION 82 Pushing a SmartPravisoning Profile to a gateway failed. What are possible reasons for that? (i) Read more [...]
EnsurepassQUESTION 71 How many Events can be shown at one tame m the Event preview pane?   A. 5000 B. 15000 C. 30000 D. 1000   Answer: C     QUESTION 72 What access level cannot be assigned to an administrator in smart event?   A. Event database B. Write only C. No access D. Read only   Answer: B     QUESTION 73 You need to publish secured platform routes using the OSPF routing protocol. What is the correct command structure, once entering the router command, Read more [...]
EnsurepassQUESTION 61 Which procedure creates a new administrator in smartworkflow?   A. run the cpconfig, supply the login name, profile properties, name. access applications and permissions. B. In smart dashboard, click smartworkflow / enable smartworkflow and the enable smartworkflow wizard will start. Supply the login name, profile properties, name, access applications and prompted. C. On the provider-1 primary MDS, run cpconfig, supply the lgin name, profile properties, name access applications Read more [...]
EnsurepassQUESTION 51 When selecting a backup target using SmartProvisioning, which target is NOT available?   A. TFTP B. Locally on device C. SCP D. FTP   Answer: A     QUESTION 52 Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?   A. VTIs must be assigned a proxy interface. B. VTIs can only be physical, not loopback C. Local IP addresses are not configured, remote IP addresses are configured D. VTIa are only supported on SecuredPlatform. Read more [...]
EnsurepassQUESTION 41 The CoreXL SND (Secure Network Distributor) is responsible for:   A. shutting down cores when they are not needed B. changing routes to distribute the load across multiple firewalls. C. accelerating VPN traffic D. distributing non-accelerated packets among kernel instances   Answer: D     QUESTION 42 SmartWorkflow has been enabled with the following configuration: If a security administrator opens a new session and after making changes to the policy, submits Read more [...]
EnsurepassQUESTION 31 SSL termination takes place:   A. In a DMZ and LAN deployment on a Security Gateway B. In a DMZ and LAN department scenario on a Security Gateway C. In a DMZ and LAN deployment scenario fin a Connectra Gateway D. In a DMZ deployment on a Connectra Gateway   Answer: C     QUESTION 32 Which component functions as the Internal Certificate Authority for R76?   A. Security Gateway B. Management Server C. Policy Server D. SmartLSM   Answer: B   Read more [...]
EnsurepassQUESTION 21 A customer is calling saying one member's status is Down. What will you check?   A. cphaprob list (verify what critical device is down) B. Fw ctl debug ¨Cm cluster + forward (forwarding layer debug) C. tcpdump/snoop (CCP traffic) D. fw ctl pstat (check sync)   Answer: A     QUESTION 22 You have a High Availability ClusterXL configuration. Machines are not synchronizer. What happens to connections on failover?   A. It is not possible to configure High Read more [...]
EnsurepassQUESTION 11 Which of the following is NOT an Smartevent event-triggered Automatic Reaction?   A. Mail B. Block Access C. External Script D. SNMP Trap   Answer: B     QUESTION 12 Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that? - Use same hard drive for database directory, log files and temporary directory - Use Read more [...]