Which of the following is a supported Sticky Decision function of Sticky Connections for Load Sharing?


A. Multi-connection support for VPN-1 cluster members

B. Support for Performance Pack acceleration

C. Support for all VPN deployments (except those with third-party VPN peers)

D. Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections


Answer: D




Look at the Advanced Properties screen exhibit. What settings can you change to reduce the encryption overhead and improve performance for your mesh VPN Community?


A. Check the box “Use aggressive mode”

B. Change the “Renegotiate IPSec security associations every 3600 seconds” to 7200

C. Change the setting “Use Diffie-Hellman group:” to “Group 5 (1536 bit)”

D. Check the box “Use Perfect Forward Secrecy”


Answer: B




You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separated locations What is the BEST method to implement this HFA?


A. Send a Certified Security Engineer to each site to perform the update

B. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.

C. Use SmartUpdate to install the packages to each of the Security Gateways remotely

D. Send a CDROM with the HFA to each location and have local personnel install it


Answer: C




How does a standby SmartCenter Server receive logs from all Security Gateways, when an active SmartCenter Server fails over?


A. Establish Secure Internal Communications (SIC) between the primary and secondary Servers. The secondary Server can then receive logs from the Gateways, when the active Server fails over.

B. Add the secondary SmartCenter Server object as a backup log server in the “Log Servers” window (under the “Logs and Masters” tab on the Gateway object). Reinstall the Security Policy.

C. The secondary Server’s host name and IP address must be added to the Masters file on the remote Gateways.

D. Create a Check Point host object to represent the standby SmartCenter Server. Then select “Secondary SmartCenter Server” and “Log Server”, from the list of Check Point Products on the General Properties window.


Answer: B




SmartView Tracker logs the following Security Administrator activities, EXCEPT


A. Administrator login and logout.

B. Object creation, deletion, and editing.

C. Tracking SLA compliance.

D. Rule Base changes.


Answer: C




What information is found in the SmartView Tracker audit log?


A. SIC revoke certificate event

B. Number of concurrent IKE negotiations

C. Destination IP address

D. Most accessed Rule Base rule


Answer: A




You want to upgrade a cluster with two members to VPN-1 NGX R76. The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure?

(1) Change the version, in the General Properties of the gateway-cluster object.

(2) Upgrade the SmartCenter Server, and reboot after upgrade.

(3) Run cpstop on one member, while leaving the other member running. Upgrade one member At a time, and reboot after upgrade. (4)Reinstall the Security Policy.


A. 1, 3, 2, 4

B. 2, 3, 1, 4

C. 2, 4, 3, 1

D. 3, 2, 1, 4


Answer: B




Your network includes a SecurePlatform machine running NG with Application Intelligence (Al) R55. This configuration acts as both the primary SmartCent Server and VPN-1 Pro Gateway. You add one machine, so you can implement VPN-1 NGX R76 in a distributed environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500-GB hard drive. How do you use these two machines to successfully migrate the NG with Al R55 configuration?


A. 1. On the existing machine, export the NG with Al R55 configuration to a network share.

2. Insert the NGXR76 CD-ROM in the old machine. Install the NGXR76 Security Gateway only while reinstalling the SecurePlatform OS over the to of the existing installation. Complete sysconfig.

4. On the new machine, install SecurePlatform as the primary SmartCenter Server only.

5. Transfer the exported .tgzfile into the new machine, import the configuration, and then reboot.

6. Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gateway object.

B. 1. Export the configuration on the existing machine to a network share.

2. Uninstall the Security Gateway from the existing machine, using sysconfig.

3. Insert the NGX R76 CD-ROM, and run the patch add cd command to upgrade the SmartCenter Server to VPN-1 NGX R76.

4. Select “upgrade with imported file”, and reboot.

5. Install a new NGX R76 Security Gateway as the only module on the new machine, and reset SIC to the new Gateway.

C. 1. Export the configuration on the existing machine to a tape drive.

2. Uninstall the SmartCenter Server from the existing machine, using sysconfig.

3. Insert the NGX R76 CD-ROM, run the patch add cd command to upgrade the existing machine to the NGX R76 Security Gateway, and reboot.

4. Install a new primary SmartCenter Server on the new machine.

5. Change the gateway object to the new version, and reset SIC.

D. 1. Export the configuration on the existing machine as a backup only.

2. Edit $FWDIRproduct.conf on the existing machine, to disable the Pro gateway package.

3. Reboot the existing machine.

4. Perform an in-place-upgrade on the SmartCenter using the command “patch add cd”.

5. On the new machine, install SecurePlatform as the NGX R76 Security Gateway only.

6. Run sysconfig to complete the configuration.

7. From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC.


Answer: B




Which of the following is NOT true for Management High Availability (HA)?


A. The HA SmartCenter Servers must all be the same OS and OS Service Pack

B. The HA SmartCenter Servers must all be the same Check Point Version

C. If the active SmartCenter Server is down, a standby SmartCenter Servers needs to become active in order to be able to edit and install the Security Policy

D. The HA SmartCenter Servers are synchronized so matching data is maintained and ready to be used.


Answer: A





A. internal host successfully pings its Legacy Mode Cluster and receives replies. The following is the ARP table from the internal Windows host Based on this information, what is the active cluster member’s IP address?

According to the output, which member is the standby machine?




C. The active cluster member’s IP address cannot be determined by this arp cache



Answer: C



Comments are closed.