Question 581

To configure a Security Management Server for an SSL VPN Gateway, you can set up log forwarding from that Gateway. All of the following tasks must be performed to accomplish this, EXCEPT:

A. Defining a remote log server in the “Remote Log Server” box.

B. Establishing SIC between the Security Management Server and the SSL VPN Gateway.

C. Initiating the put key process in order to facilitate Secure Internal Communications (SIC).

D. Providing the Security Management Server’s IP address.


Answer: A



Question 582

Among the authentication schemes SSL VPN employs for users, which scheme does Check Point recommend so all servers are replicated?

A. User certificates


C. Username and password



Answer: D



Question 583

You have configured an LDAP account unit and confirmed the Apply & Fetch Branches option works in SSL VPN, but end users still cannot be authenticated. What is the MOST LIKELY cause?

A. The Administrator’s login is incorrect.

B. The LDAP server is incorrectly configured.

C. The user is not defined in Active Directory.

D. The LDAP account unit’s login Distinguished Name is incorrectly configured.


Answer: D



Question 584

You are a SSL VPN administrator. Your users complain that their Outlook Web Access is running extremely slowly, and their overall browsing experience continues to worsen. You suspect it could be a logging problem. Which of the following logs does Check Point recommend you turn off?

A. Alert

B. Event

C. Trace

D. Traffic


Answer: C



Question 585

When connecting to the SSL VPN portal, you receive a pop-up message indicating that the server hostname does not match the certificate hostname, and the certificate is not signed by a known Certificate Authority (CA). How would you solve this problem?

A. Acquire and install an SSL server certificate from a known CA.

B. Ignore the message. It only occurs before the portal synchronizes with the GUI.

C. Resolve the certificate-hostname conflict between the Connectra portal and the administration GUI.

D. The administration GUI is pointing to the wrong certificate-hostname location.


Answer: A



Question 586

You are using tracelogger to debug SSL VPN’s server side and obtain a textual traffic dump. Which type of traffic will you NOT see in the output?

A. Traffic outbound from the internal networks

B. Traffic to the portal

C. Traffic outbound to the external networks

D. Traffic inbound from the external networks


Answer: B



Question 587

You are a SSL VPN Administrator. Your users complain that their Outlook Web Access is running extremely slowly, and their overall browsing experience continues to worsen. You suspect it could be a logging problem. Which of the following log files does Check Point recommend you purge?

A. httpd*.log

B. event_ws.log

C. mod_ws_owd.log

D. alert_owd.log


Answer: A



Question 588

Network applications accessed using SSL Network Extender have been found to fail after one of their TCP connections has been left idle for more than one hour.  You determine that you must enable sending reset (RST) packets upon TCP time-out expiration.  Where is it necessary to change the setting?

A. $FWDIR/conf/objects_5_0.C

B. $FWDIR/conf/objects.C

C. $WEBISDIR/conf/cpadmin.elg

D. $CVPNDIR/conf/cvpnd.C


Answer: A



Question 589

Even after configuring central logging on Connectra, Connectra logs are not displaying in

SmartView Tracker. What could be the cause of this problem?

A. You must reestablish logging from Connectra to the Management Server, using a dummy log- server object.

B. R70 does not support a host object with the same IP address as a Management Server used as secondary log server or management station.

C. You must install the Management Server database.

D. You must install the Security Policy, and try again.


Answer: C



Question 590

Which procedure enables the SSL VPN blade on the gateway?

A. Log into SmartDashboard, Create a new rule with the source and destination addresses of the needed remote network, set the action to Encrypt and push the policy to that gateway.

B. Log into SmartDashboard, edit the properties of the Gateway, and select the SSL VPN check box.

C. Log into SmartDashboard, Select the VPN Communities tab and add the gateway to the appropriate community.

D. Log into WebUI on the gateway and check the SSL VPN Blade check box.


Answer: B



Comments are closed.