True or False: You can install Global security rules on Security Gateways, Edge gateways, SmartProvisioning profiles, and Open Security Extensions (OSE) devices.
A. True. Global security rules can be installed on any Check Point device including CMA’s,
Security Management Servers, Log Servers, etc.
B. True. Global security rules can be installed on Security Gateways, Edge gateways, SmartProvisioning profiles, and Open Security Extensions (OSE) devices.
C. False. Global security rules cannot be installed on OSE devices.
D. False. Global security rules cannot be installed on OSE devices and SmartProvisioning profiles.
Tom has been asked to add a rule that applies to only the perimeter firewalls and not the internal firewalls of all the customers managed by Multi-Domain Management with Provider-1. He sees that there is one single global policy assigned to all the customers and feels very happy that he will have to just add one rule in that global policy and reassign and install the policy to all the customers at once. While doing so, he realizes that this action will also install the rule on the internal firewalls managed by the CMA’s. He’s afraid that he will now have to put the rule in each individual policy applied to perimeter gateways. Is he right or is there a better way?
A. He can create a single rule in the global policy with install on policy targets. While reassigning the policy to the customers, there is a button on the right side, Select Groups; he can select that button and designate the perimeter gateways for each customer.
B. He is right, there is no other way to do it.
C. He can create a single rule in the global policy with a dynamic object with _global suffix in the Install On column. Then at each CMA, he can create a group with the same name as the dynamic object and include the perimeter gateway in that group. Reassigning and installing the policy to all customers will only install the rule to the perimeter gateway.
D. He can create a single rule in the global policy and use the negate option in the Install On column to exclude all the internal firewalls.
In the Global Rule Base, global objects are used. Suppose that one of these objects is a Host Node that you would like to remove. However, an older Global Rule Base is using this object, and this policy is currently assigned to a customer.
what happens if this host is deleted within the Global SmartDashboard?
A. The host is deleted in the Global SmartDashboard but not in the local Rule Base where it has been assigned. New Global rules cannot be assigned to this customer until further steps are taken.
B. The host is deleted in the Global SmartDashboard and if it has been assigned to a customer before, it is deleted automatically in the customers SmartDashboard when the change is saved in the Global SmartDashboard.
C. If a globally defined host is assigned to a customer, it cannot be deleted in the Global SmartDashboard because its status is “locked”.
D. The host is deleted in the Global SmartDashboard and when reassigning the Global Policy to the customer, it will be deleted at the local Rule Base automatically.
When configuring a Global Rule Base, you discover that it is necessary to define a NAT rule. How do you configure this requirement?
A. Select the NAT tab in the Global SmartDashboard to define manual NAT rules.
B. Automatic NAT rules cannot be configured with the Global SmartDashboard. Manual NAT rules can be configured by switching to the NAT tab.
C. In the Global SmartDashboard there is no NAT tab, so no manual rules can be defined ¨C but it is possible to configure automatic NAT rules in the properties of a Network or Host, respectively.
D. It is not possible to define a NAT Rule Base in the Global SmartDashboard. Global objects might be defined, but NAT has to be configured at the local CMA.
In some cases, it might be necessary to delete a Global Object such as a host node. This is possible, but some aspects need to be considered before deleting it. Please select the answer that is NOT correct.
A. In the Global SmartDashboard, go to the Object list. Right-click on the object and select Where used. If the result states that the object is not used, it can be deleted without any further consequences.
B. Find out where the object is used by issuing the command mdscmd runcrosscmaquery with corresponding parameters at the CLI of the MDS. Connect to the CMAs found and delete the object locally first.
C. Use the MDG to start a Cross-CMA search by selecting Menu > Manage > Cross-CMA search.
D. Connect to each CMA individually to find out if the corresponding object is assigned to this customer or CMA, respectively. Delete the object in the local CMA before it will be deleted globally.
You are the administrator at a MSP. One of your customers has asked you to follow a strict naming policy. Due to requirements, you have defined some Global rules that are assigned specifically to this customer.
Which of the following statements is TRUE?
A. To rename a Global object, open it and configure a new name for it. This works for all Global objects.
B. To rename a Global object, open it and configure a new name for it. This is not possible for Check Point objects, but only for nodes or networks.
C. If a Global object needs to be renamed, it is only possible in the corresponding CMA.
D. Global objects cannot be renamed. If this is necessary, the object needs to be deleted and newly defined.
Before deleting a Global object, it is recommended to search the MDS for CMA’s that use this object or at least have the object assigned. If the object is not used or defined locally, it can be deleted in the Global SmartDashboard. Which selection below describes the correct steps?
A. In the Global SmartDashboard, open the Cross-CMA Search window via Menu > Manage > Cross-CMA Search. Then select the query you want to use and define what you want to find. Select customers and start the search.
B. A search is not possible using a GUI because a Cross-CMA search must be done at the CLI of the MDS only.
C. In the MDG, open the Cross-CMA Search window via Menu > Manage > Cross-CMA Search. Then select the query you want to use and define what you want to find. Select customers and start the search.
D. For searching a Global object in a CMA, the SmartDashboard needs to connect to each CMA. Only by using SmartDashboard connected to a CMA can an administrator find these objects.
You decide to remove a globally defined node object. Before you do this, you check to see if it is used locally by “Customer1” or “Customer2”. What is the BEST way to do this?
A. At the CLI of the MDS, run the command mdscmd runcrosscmaquery with corresponding parameters.
B. Open the Global SmartDashboard, select the globally defined Node in the Object Tree and right-click. In the menu that opens, select Where used. This will show where this Node is used, globally and locally.
C. There is no possibility to find the usage of an object, except by connecting to all CMAs separately.
D. At the CLI of the MDS, run the command mdscmd searchobject with corresponding parameters.
You configure a Global Rule Base for some of your customers. Certain connections are needed to configure devices of the customers, i.e. SSH is needed from administrative PCs. Due to emergency configuration changes, authenticated access should be necessary from anywhere.
How do you configure this in a Global Rule Base?
A. In the MDG, right-click on the user group you want to use in the Global SmartDashboard and select Enable Global use. Then, this user group will show up in the Global SmartDashboard.
B. In the Global Rule Base, it is not possible to configure Remote Access, which would be needed for authentication. These rules have to be configured locally at the corresponding CMA.
C. In the Global SmartDashboard, it is only possible to configure “User Auth”, no other methods are possible. It is not relevant for administration, because relevant protocols like SSH and Remote Desktop are not supported.
D. Open the User Manager of the Global SmartDashboard and define the Template, User Group, Users as well as the rule for authentication as it is done in a local CMA. When assigning the Global policy to a customer, these changes will be transferred to the local CMA.
Harry has recently joined a MSP and is asked to subscribe a customer to the Global IPS service in Multi-Domain Management with Provider-1 R70. He goes to the Customer Configuration screen > Assign Global Policy tab and notices the following settings:
He is searching for the Merge and Override options but could not find them. Where can he find those options or how can he get those options in place of the ‘Exclusive’ message?
A. These options have now been added to the CMA SmartDashboard in the IPS tab.
B. The Merge and Override options are not supported in R70.
C. The options are available in Global SmartDashboad / IPS tab in Profiles options.
D. From the Provider-1 Properties in MDG, select the Global Policies tab and enable the check box ‘Enable legacy SmartDefense merging options’.