Question 191

What is a task of the IPS Event Analysis Client?

A. Add events to the events database.

B. Assign a severity level to an event.

C. Display the received events.

D. Analyze each IPS log entry as it enters the Log server


Answer: C



Question 192

When upgrading to NGX R65, which Check Point products do not require a license upgrade to be current?

A. None, all versions require a license upgrade

B. VPN-1 NGX(R64) and later

C. VPN-1 NGX(R60) and later

D. VPN-1 NG with Application Intelligence (R54) and later


Answer: C



Question 193

A security audit has determined that your unpatched web application server is revealing the fact that it accesses a SQL server. You believe that you have enabled the proper SmartDefense setting but would like to verily this fact using SmartView Tracker. Which of the following entries confirms the proper blocking of this leaked information to an attacker?

A. “Fingerprint Scrambling: Changed [SQL] to [Perl]”

B. “HTTP response spoofing: remove signature [SQL Server]”

C. “Concealed HTTP response [SQL Server]. (Error Code WSE0160003)”

D. “ASCII Only Response Header detected: SQL”


Answer: C



Question 194

Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in Eventia Reporter?

A. In SmartDashboard, the SmartView Monitor page in the VPN-1 Security Gateway object

B. In Eventia Reporter, under Express > Network Activity

C. In Eventia Reporter, under Standard > Custom

D. In SmartView Monitor, under Global Properties > Log and Masters


Answer: A



Question 195

Where do you enable popup alerts for SmartDefense settings that have detected suspicious activity?

A. In SmartView Monitor, select Tools > Alerts

B. In SmartView Tracker, select Tools > Custom Commands

C. In SmartDashboard, edit the Gateway object, select SmartDefense > Alerts

D. In SmartDashboard, select Global Properties > Log and Alert > Alert Commands


Answer: A



Question 196

When configuring VPN High Availability (HA) with MEP, which of the following is correct?

A. The decision on which MEP Security Gateway to use is made on the remote gateway’s side (non-MEP side).

B. MEP Gateways must be managed by the same Smart Center Server.

C. MEP VPN Gateways cannot be geographically separated machines.

D. If one Gateway fails, the synchronized connection fails over to another Gateway and the connection continues


Answer: A



Question 197

Which of the following would NOT be a reason for beginning with a fresh installation of VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65?

A. You see a more logical way to organize your rules and objects.

B. YOU want to keep your Check Point configuration.

C. Your Security Policy includes rules and objects whose purpose you do not know.

D. Objects and rules’ naming conventions have changed overtime.


Answer: B



Question 198

How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?

A. Use FTP Security Server settings in SmartDefense.

B. Add the restricted commands to the aftpd.conf file in the Smart Center Server.

C. Configure the restricted FTP commands in the Security Servers screen of the Global properties.

D. Enable FTP Bounce checking in SmartDefense.


Answer: A



Question 199

Match each of the following commands to their correct function. Each command only has one function listed


A. C1>F6; C2>F4; C3>F2; C4>F5

B. C1>F4; C2>F6; C3>F3; C4>F2

C. C1>F2; C2>F4; C3>F1; C4>F5

D. C1>F2; C2>F1; C3>F6; C4>F4


Answer: A



Question 200

Which NGX R65 logs can you configure to send to DShield.org?

A. SNMP and account logs

B. Alert and user-defined alert logs

C. Account and alert logs

D. Audit and alert logs


Answer: B



Comments are closed.