Question 601

How do you block some seldom-used FTP commands, such as CWD, and FIND from passing

through the Gateway?

A. Add the restricted commands to the aftpd.conf file in the Security Management Server.

B. Modify the desired profile in the FTP commands under Protection Details in the IPS tab.

C. Configure the restricted FTP commands in the Security Servers screen of the Global Properties.

D. Enable FTP Bounce checking / Application Intelligence / Protocol Protections from the IPS tab.


Answer: B



Question 602

Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:

A. Malware Scan protection

B. Sweep Scan protection

C. Host Port Scan

D. Malicious Code Protector


Answer: B



Question 603

What is the meaning of the option Connect to the Internet?

A. SmartDashboard will retrieve information from Check Point over the Internet. No information will be sent.

B. SmartDashboard will retrieve information from Check Point over the Internet. Your information will be sent anonymously to Check Point.

C. SmartDashboard will retrieve information from Check Point over the Internet using your User Center login.

D. SmartDashboard will retrieve information from Check Point over the Internet.


Answer: C



Question 604

Refer to the network topology below.

clip_image002You have IPS Software Blades active on the Security Gateways sglondon, sgla, and sgny, but still experience attacks on the Web server in the New York DMZ. How is this possible?

A. All of these options are possible.

B. The attacker may have used a bunch of evasion techniques like using escape sequences instead of cleartext commands. It is also possible that there are entry points not shown in the network layout, like rogue access points.

C. Since other Gateways do not have IPS activated, attacks may originate from their networks without anyone noticing.

D. An IPS may combine different detection technologies, but is dependent on regular signature updates and well-tuned anomaly algorithms. Even if this is accomplished, no technology can offer 100% protection.


Answer: A



Question 605

Your online bookstore has customers connecting to a variety of Web servers to place or change orders and check order status. You ran penetration tests through the Security Gateway to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every

box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?

A. Configure the Security Gateway protecting the Web servers as a Web server.

B. Check the Products / Web Server box on the host node objects representing your Web servers.

C. Add Port (TCP 443) as an additional port on the Web Server tab for the host node.

D. The penetration software you are using is malfunctioning and is reporting a false-positive.


Answer: B



Question 606

The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw- Chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how Matt can correct the problem.

A. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile.

B. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.

C. Matt should re-create the Chicago_Profile and select Activate protections manually instead of per the IPS Policy.

D. Matt should activate the Chicago_Profile as it is currently not activated.


Answer: A



Question 607

If Victor wanted to edit new Signature Protections, what tab would he need to access in SmartDashboard?

A. QoS Tab

B. SmartDefense Tab

C. IPSec VPN Tab

D. IPS Tab


Answer: D



Question 608

Using the output below, what does the red flag indicate for the MS08-067 Protection?

A. It indicates this is for follow up

B. It indicates this protection is for a new 0-day vulnerability

C. It indicates this protection’s severity level was modified from the default setting by the administrator

D. It indicates this protection is a critical


Answer: A



Question 609

In R71, how would you define a rule to block all traffic sent to or from Germany?

A. This action is not possible.

B. Create a policy rule with destination being a custom dynamic object representing Germany and action block. You must also create a rule in the opposite direction.

C. Create a country specific policy within IPS Geo Protections with Germany as the country, block as the action, and from and to country for direction.

D. Go to Policy / Global Properties / Geographical Protection Enforcement and add Germany to

the blocked countries list.


Answer: C



Question 610

In a particular IPS protection in R76 in the Logging Settings, what does the Capture Packets option do?

A. This is not a valid selection in R76

B. Attaches a packet capture of the traffic that matches this particular protection to each log that the protection generates.

C. Starts a packet capture at the time of policy install to capture all of the traffic until this protection is hit.

D. Collects all of the logs for packets that have matched this protection within the last 30 days


Answer: B



Comments are closed.