You are establishing a ClusterXL environment, with the following topology: VIP internal cluster IP = 172.16.10.3; VIP external cluster IP = 192.168.10.3 ClusterMember1:4NICs,3enabled: hme(): 192.168.10.1/24, hmel: 10.10.10.1/24, qfe2: 172.16.10.1/24 Cluster Member 2: 5 NICs, 3 enabled; hme3: 192.168.10.2/24, hmel: 10.10.10.2/24, hme2: 172.16.10.2/24 External interfaces
192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The SmartCenter Server is located on the internal network with IP
172.16.10.3. What is the problem with this configuration?
A. There is an IP address conflict.
B. Cluster members cannot use the VLAN switch. They must use hubs.
C. The Cluster interface names must be identical across all cluster members.
D. The SmartCenter Server must be in the dedicated synchronization network, not the internal network.
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations: Cluster Member 1: OS: SecurePlatform, NICs: QuadCard, memory: 512 MB, Security Gateway only, and version: VPN-1 NGX R65
Cluster Member 2: OS: SecurePlatform, NICs: 4 Intel 3Com, memory: 512 MB, Security Gateway only, and version: VPN-1 NGX R65 Cluster Member 3: OS: SecurePlatform, NICs: 4 other manufacturers, memory: 256 MB, Security Gateway only, and version: VPN-1 NGX R65 SmartCenter Server: MS Windows 2000, NIC: Intel NIC (1), Security Gateway and primary SmartCenter Server installed, version: VPN-1 NGX R65 Are these machines correctly configured for a ClusterXL deployment?
A. No, Cluster Member 3 does not have the required memory.
B. NO, the Security Gateway cannot be installed on the SmartCenter Pro Server.
C. Yes, these machines are configured correctly for a ClusterXL deployment.
D. NO, the SmartCenter Pro Server is not running the same operating system as the cluster members.
What port is used for communication to the User Center with SmartUpdate?
B. TCP 8080
Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?
B. fw stat
C. fw ctl pstat
The Check Point Security Gateway’s virtual machine (kernel) exists between which two layers of the OSI model?
A. Physical and Data Link layers
B. Application and Presentation layers
C. Network and Data Link layers
D. Session and Network layers
What physical machine must have access to the User Center public IP when checking for new packages with SmartUpdate?
A. SmartUpdate installed SmartCenter Server PC
B. SmartUpdate GUI PC
C. VPN.1 Security Gateway getting the new upgrade package
D. SmartUpdate Repository SQL database Server
Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Why?
A. Users must use the SecuRemote Client, to use the User Authentication Rule.
B. YOU have forgotten to place the User Authentication Rule before the Stealth Rule.
C. You checked the “cache password on desktop” option in Global Properties.
D. Another rule that accepts HTTP without authentication exists in the Rule Base.
When you check “Web Server” in a host.node object, what happens to the host?
A. The Web server daemon is enabled on the host.
B. More granular controls are added to the host, in addition to Web Intelligence tab settings.
C. You can specify allowed ports in the Web server’s node.object properties. You then do not need to list all allowed ports in the Rule Base
D. SmartDefense Web Intelligence is enabled to check on the host.
What command displays the version of an already installed Security Gateway?
B. fw printver
D. fw stat
Multi-Corp wants to implement IKE DoS protection to prevent a denial-of-service (DoS) attack from paralyzing its VPN Communities. Jerry needs to minimize the performance impact of implementing this new protection. Which of the following configurations would BEST enable this new protection with minimal impact to the organization?
A. Set “Support IKE DoS protection from identified source” to “Puzzles”, and “Support IKE DoS protection from unidentified source” to “Stateless”.
B. Set both “Support IKE Dos protection from identified source”, and “Support IKE DoS protection from unidentified source” to “Puzzles”.
C. Set both “Support IKE DoS protection from identified source”, and “Support IKE DoS protection from unidentified source” to “Stateless”
D. Set “Support IKE DoS protection from identified source” to “Stateless”, and “Support IKE DoS protection from unidentified source” to “None”.