Control connections between the Security Management Server and the Gateway are not encrypted by the VPN Community.
How are these connections secured?
- A . They are encrypted and authenticated using SIC.
- B . They are not encrypted, but are authenticated by the Gateway
- C . They are secured by PPTP
- D . They are not secured.
If Bob wanted to create a Management High Availability configuration, what is the minimum number of Security Management servers required in order to achieve his goal?
- A . Three
- B . Two
- C . Four
- D . One
David wants to manage hundreds of gateways using a central management tool.
What tool would David use to accomplish his goal?
- A . Smart Provisioning
- B . Smart Blade
- C . Smart Dashboard
- D . Smart LSM
From the following output of cphaprob state, which Cluster XL mode is this?
- A . New mode
- B . Multicast mode
- C . Legacy mode
- D . Unicast mode
Which of the following is NOT a feature of Cluster XL?
- A . Enhanced throughput in all Cluster XL modes (2 gateway cluster compared with 1 gateway)
- B . Transparent failover in case of device failures
- C . Zero downtime for mission-critical environments with State Synchronization
- D . Transparent upgrades
In which case is a Sticky Decision Function relevant?
- A . Load Sharing – Unicast
- B . Load Balancing – Forward
- C . High Availability
- D . Load Sharing – Multicast
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10.
If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?
- A . 80%
- B . 40%
- C . 100%
- D . 50%
You have pushed a policy to your firewall and you are not able to access the firewall.
What command will allow you to remove the current policy from the machine?
- A . fw purge policy
- B . fw fetch policy
- C . fw purge active
- D . fw unload local
How do you verify the Check Point kernel running on a firewall?
- A . fw ctl get kernel
- B . fw ctl pstat
- C . fw kernel
- D . fw ver -k
The process ________________ compiles $FWDIR/conf/*. W files into machine language.
- A . fw gen
- B . cpd
- C . fwd
- D . fwm
Which of the following is NOT part of the policy installation process?
- A . Code compilation
- B . Code generation
- C . Initiation
- D . Validation
When, during policy installation, does the atomic load task run?
- A . It is the first task during policy installation.
- B . It is the last task during policy installation.
- C . Before CPD runs on the Gateway.
- D . Immediately after fwm load runs on the Smart Center.
What process is responsible for transferring the policy file from Smart Center to the Gateway?
- A . FWD
- B . FWM
- C . CPRID
- D . CPD
What firewall kernel table stores information about port allocations for Hide NAT connections?
- A . NAT_dst_any_list
- B . host_ip_addrs
- C . NAT_src_any_list
- D . fwx_alloc
Where do you define NAT properties so that NAT is performed either client side or server side?
- A . In Smart Dashboard under Gateway setting
- B . In Smart Dashboard under Global Properties > NAT definition
- C . In Smart Dashboard in the NAT Rules
- D . In file $DFWDIR/lib/table.def
The process ___________ is responsible for all other security server processes run on the Gateway.
- A . FWD
- B . CPLMD
- C . FWM
- D . CPD
The process ________ is responsible for GUI Client communication with the Smart Center.
- A . FWD
- B . FWM
- C . CPD
- D . CPLMD
The process ________ is responsible for Policy compilation.
- A . FWM
- B . Fwcmp
- C . CPLMD
- D . CPD
The process ________ is responsible for Management High Availability synchronization.
- A . CPLMD
- B . FWM
- C . Fwsync
- D . CPD
_________ is the called process that starts when opening Smart View Tracker application.
- A . logtrackerd
- B . fwlogd
- C . CPLMD
- D . FWM
Anytime a client initiates a connection to a server, the firewall kernel signals the FWD process using a trap. FWD spawns the ________ child service, which runs the security server.
- A . FWD
- B . FWSD
- C . In.httpd
- D . FWSSD
Security server configuration settings are stored in _______________ .
- A . $FWDIR/conf/AMT.conf
- B . $FWDIR/conf/fwrl.conf
- C . $FWDIR/conf/fwauthd.conf
- D . $FWDIR/conf/fwopsec.conf
User definitions are stored in ________________ .
- A . $FWDIR/conf/fwmuser
- B . $FWDIR/conf/users.NDB
- C . $FWDIR/conf/fwauth.NDB
- D . $FWDIR/conf/fwusers.conf
Jon is explaining how the inspection module works to a colleague.
If a new connection passes through the inspection module and the packet matches the rule, what is the next step in the process?
- A . Verify if the packet should be moved through the TCP/IP stack.
- B . Verify if any logging or alerts are defined.
- C . Verify if the packet should be rejected.
- D . Verify if another rule exists.
Which of the following statements accurately describes the upgrade export command?
- A . Used primarily when upgrading the Security Management Server, upgrade export stores all object databases and the conf directories for importing to a newer version of the Security Gateway.
- B . Used when upgrading the Security Gateway, upgrade export includes modified files, such as in the directories /lib and /conf.
- C . upgrade export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
- D . upgrade export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
What are you required to do before running upgrade export?
- A . Run a cpstop on the Security Gateway.
- B . Run cpconfig and set yourself up as a GUI client.
- C . Run a cpstop on the Security Management Server.
- D . Close all GUI clients.
A snapshot delivers a complete backup of Secure Platform. The resulting file can be stored on servers or as a local file in /var/CP snapshot/snapshots.
How do you restore a local snapshot named MySnapshot.tgz?
- A . As Expert user, type command snapshot – R to restore from a local file. Then, provide the correct file name.
- B . As Expert user, type command revert –file MySnapshot.tgz.
- C . As Expert user, type command snapshot -r MySnapshot.tgz.
- D . Reboot the system and call the start menu. Select option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
What is the primary benefit of using upgrade export over either backup or snapshot?
- A . The commands backup and snapshot can take a long time to run whereas upgrade export will take a much shorter amount of time.
- B . upgrade export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
- C . upgrade export has an option to backup the system and Smart View Tracker logs while backup and snapshot will not.
- D . upgrade export is operating system independent and can be used when backup or snapshot is not available.
Your R7x-series Enterprise Security Management Server is running abnormally on Windows Server 2003 R2. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration?
A)
B)
C)
D)
- A . Exhibit A
- B . Exhibit B
- C . Exhibit C
- D . Exhibit D
Your primary Security Management Server runs on GAiA.
What is the easiest way to back up your Security Gateway R76 configuration, including routing and network configuration files?
- A . Using the native GAiA backup utility from command line or in the Web-based user interface.
- B . Using the command upgrade export.
- C . Run the command pre_ upgrade verifier and save the file *.tgz to the directory c:/temp.
- D . Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
You need to back up the routing, interface, and DNS configuration information from your R76 Secure Platform Security Gateway.
Which backup-and-restore solution do you use?
- A . Secure Platform back up utilities
- B . Manual copies of the directory $FWDIR/conf
- C . Database Revision Control
- D . Commands upgrade export and upgrade import
Which of the following methods will provide the most complete backup of an R76 configuration?
- A . Database Revision Control
- B . Policy Package Management
- C . Copying the directories $FWDIRconf and $CPDIRconf to another server
- D . upgrade export command
Which of the following commands can provide the most complete restore of an R76 configuration?
- A . upgrade import
- B . fwm dbimport -p <export file>
- C . cpconfig
- D . cpinfo -recover
When restoring R76 using the command upgrade import, which of the following items are NOT restored?
- A . Global properties
- B . Route tables
- C . Licenses
- D . SIC Certificates
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R76 installation.
Your plan must meet the following required and desired objectives:
Upon evaluation, your plan:
- A . Meets the required objective and only one desired objective
- B . Meets the required objective and both desired objectives
- C . Meets the required objective but does not meet either desired objective
- D . Does not meet the required objective
You are running a R76 Security Gateway on Secure Platform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed.
What backup method could be used to quickly put the secondary firewall into production?
- A . upgrade export
- B . manual backup
- C . snapshot
- D . backup
Before upgrading Secure Platform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problems after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed.
Can the administrator use a restore to fix the errors in static routing?
- A . The restore is not possible because the backup file does not have the same build number (version).
- B . The restore is done by selecting Snapshot Management from the Secure Platform boot menu.
- C . The restore can be done easily by the command restore and selecting the appropriate backup file.
- D . A back up cannot be restored, because the binary files are missing.
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
You intend to upgrade a Check Point Gateway from R65 to R76. To avoid problems, you decide to back up the Gateway.
Which approach allows the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
- A . snapshot
- B . database revision
- C . backup
- D . upgrade export
True or false? After creating a snapshot of a Windows 2003 SP2 Security Management Server, you can restore it on a Secure Platform R76 Security Management Server, except you must load interface information manually.
- A . True, but only when the snapshot file is restored to a Secure Platform system running R76.20.
- B . False, you cannot run the Check Point snapshot utility on a Windows gateway.
- C . True, but only when the snapshot file is restored to a Secure Platform system running R76.10.
- D . False, all configuration information conveys to the new system, including the interface configuration settings.
Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment.
Which back up method does Check Point recommend before major changes, such as upgrades?
- A . snapshot
- B . upgrade export
- C . backup
- D . migrate export
Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment.
Which back up method does Check Point recommend every couple of months, depending on how frequently you make changes to the network or policy?
- A . backup
- B . migrate export
- C . upgrade export
- D . snapshot
Check Point recommends that you back up systems running Check Point products. Run your back ups during maintenance windows to limit disruptions to services, improve CPU usage, and simplify time allotment.
Which back up method does Check Point recommend anytime outside a maintenance window?
- A . backup
- B . migrate export
- C . backup export
- D . snapshot
Snapshot is available on which Security Management Server and Security Gateway platforms?
- A . Solaris
- B . Windows 2003 Server
- C . Windows XP Server
- D . Secure Platform
The file snapshot generates is very large, and can only be restored to:
- A . The device that created it, after it has been upgraded
- B . Individual members of a cluster configuration
- C . Windows Server class systems
- D . A device having exactly the same Operating System as the device that created the file
Restoring a snapshot-created file on one machine that was created on another requires which of the following to be the same on both machines?
- A . Windows version, objects database, patch level, and interface configuration
- B . Windows version, interface configuration, and patch level
- C . State, Secure Platform version, and patch level
- D . State, Secure Platform version, and objects database
When restoring a Security Management Server from a backup file, the restore package can be retrieved from which source?
- A . HTTP server, FTP server, or TFTP server
- B . Disk, SCP server, or TFTP server
- C . Local folder, TFTP server, or FTP server
- D . Local folder, TFTP server, or Disk
When upgrading Check Point products in a distributed environment, in which order should you upgrade these components?
1 GUI Client
2 Security Management Server
3 Security Gateway
- A . 3, 2, 1
- B . 1, 2, 3
- C . 3, 1, 2
- D . 2, 3, 1
When using migrate to upgrade a Secure Management Server, which of the following is included in the migration?
- A . Smart Event database
- B . Smart Reporter database
- C . classes. C file
- D . System interface configuration
Typically, when you upgrade the Security Management Server, you install and configure a fresh R76 installation on a new computer and then migrate the database from the original machine.
When doing this, what is required of the two machines?
They must both have the same:
- A . Products installed.
- B . Interfaces configured.
- C . State.
- D . Patch level.
Typically, when you upgrade the Security Management Server, you install and configure a fresh R76 installation on a new computer and then migrate the database from the original machine.
Which of the following statements are TRUE?
- A . Both machines must have the same number of interfaces installed and configured before migration can be attempted.
- B . The new machine may not have more Check Point products installed than the original Security Management Server.
- C . All product databases are included in the migration.
- D . The Security Management Server on the new machine must be the same or greater than the version on the original machine.
Typically, when you upgrade the Security Management Server, you install and configure a fresh R76 installation on a new computer and then migrate the database from the original machine.
What is the correct order of the steps below to successfully complete this procedure?
1) Export databases from source.
2) Connect target to network.
3) Prepare the source machine for export.
4) Import databases to target.
5) Install new version on target.
6) Test target deployment.
- A . 6, 5, 3, 1, 4, 2
- B . 3, 1, 5, 4, 2, 6
- C . 5, 2, 6, 3, 1, 4
- D . 3, 5, 1, 4, 6, 2
During a Security Management Server migrate export, the system:
- A . Creates a backup file that includes the Smart Event database.
- B . Creates a backup file that includes the Smart Reporter database.
- C . Creates a backup archive for all the Check Point configuration settings.
- D . Saves all system settings and Check Point product configuration settings to a file.
If no flags are defined during a back up on the Security Management Server, where does the system store the *.tgz file?
- A . /var/opt/backups
- B . /var/backups
- C . /var/CPbackup/backups
- D . /var/tmp/backups
Which is NOT a valid option when upgrading Cluster Deployments?
- A . Full Connectivity Upgrade
- B . Fast path Upgrade
- C . Minimal Effort Upgrade
- D . Zero Downtime
In a zero downtime firewall cluster environment what command do you run to avoid switching problems around the cluster.
- A . cphaconf set mc_relod
- B . cphaconf set clear_subs
- C . cphaconf set_ccp broadcast
- D . cphaconf set_ccp multicast
In a "zero downtime" scenario, which command do you run manually after all cluster members are upgraded?
- A . cphaconf set_ccp broadcast
- B . cphaconf set clear_subs
- C . cphaconf set mc_relod
- D . cphaconf set_ccp multicast
Which command provides cluster upgrade status?
- A . cphaprob status
- B . cphaprob ldstat
- C . cphaprob fcustat
- D . cphaprob tablestat
John is upgrading a cluster from NGX R65 to R76. John knows that you can verify the upgrade process using the pre-upgrade verifier tool.
When John is running Pre-Upgrade Verification, he sees the warning message:
Title: Incompatible pattern.
What is happening?
- A . R76 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.
- B . Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.
- C . Pre-Upgrade Verification tool only shows that message but it is only informational.
- D . The actual configuration contains user defined patterns in IPS that are not supported in R76. If the patterns are not fixed after upgrade, they will not be used with R76 Security Gateways.
Which command would you use to save the interface information before upgrading a GAiA Gateway?
- A . netstat Crn > [filename].txt
- B . ipconfig Ca > [filename].txt
- C . ifconfig > [filename].txt
- D . cp /etc/sysconfig/network.C [location]
Which command would you use to save the routing information before upgrading a Secure Platform Gateway?
- A . cp /etc/sysconfig/network.C [location]
- B . netstat Crn > [filename].txt
- C . ifconfig > [filename].txt
- D . ipconfig Ca > [filename].txt
Which command would you use to save the routing information before upgrading a Windows Gateway?
- A . ipconfig Ca > [filename].txt
- B . ifconfig > [filename].txt
- C . cp /etc/sysconfig/network.C [location]
- D . netstat Crn > [filename].txt
Which command would you use to save the interface information before upgrading a Windows Gateway?
- A . cp /etc/sysconfig/network.C [location]
- B . ipconfig Ca > [filename].txt
- C . ifconfig > [filename].txt
- D . netstat Crn > [filename].txt
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed.
Which command should you run?
- A . fw fcu
- B . cphaprob fcustat
- C . cpconfig
- D . fw ctl conn Ca
A Minimal Effort Upgrade of a cluster:
- A . Is only supported in major releases (R70 to R71, R71 to R76).
- B . Is not a valid upgrade method in R76.
- C . Treats each individual cluster member as an individual gateway.
- D . Upgrades all cluster members except one at the same time.
A Zero Downtime Upgrade of a cluster:
- A . Upgrades all cluster members except one at the same time.
- B . Is only supported in major releases (R70 to R71, R71 to R76).
- C . Treats each individual cluster member as an individual gateway.
- D . Is not a valid upgrade method in R76.
A Full Connectivity Upgrade of a cluster:
- A . Treats each individual cluster member as an individual gateway.
- B . Upgrades all cluster members except one at the same time.
- C . Is only supported in minor version upgrades (R70 to R71, R71 to R76).
- D . Is not a valid upgrade method in R76.
A Fast Path Upgrade of a cluster:
- A . Upgrades all cluster members except one at the same time.
- B . Treats each individual cluster member as an individual gateway.
- C . Is not a valid upgrade method in R76.
- D . Is only supported in major releases (R70 to R71, R75 to R76).
How does Check Point recommend that you secure the sync interface between gateways?
- A . Configure the sync network to operate within the DMZ.
- B . Secure each sync interface in a cluster with Endpoint.
- C . Use a dedicated sync network.
- D . Encrypt all sync traffic between cluster members.
How would you set the debug buffer size to 1024?
- A . Run fw ctl set buf 1024
- B . Run fw ctl kdebug 1024
- C . Run fw ctl debug -buf 1024
- D . Run fw ctl set int print_cons 1024
Steve is troubleshooting a connection problem with an internal application.
If he knows the source IP address is 192.168.4.125, how could he filter this traffic?
- A . Run fw monitor -e "accept dsrc=192.168.4.125;"
- B . Run fw monitor -e "accept dst=192.168.4.125;"
- C . Run fw monitor -e "accept ip=192.168.4.125;"
- D . Run fw monitor -e "accept src=192.168.4.125;"
Check Point support has asked Tony for a firewall capture of accepted packets.
What would be the correct syntax to create a capture file to a filename called monitor. out?
- A . Run fw monitor -e "accept;" -f monitor.out
- B . Run fw monitor -e "accept;" -c monitor.out
- C . Run fw monitor -e "accept;" -o monitor.out
- D . Run fw monitor -e "accept;" -m monitor.out
What is NOT a valid LDAP use in Check Point Smart Directory?
- A . Retrieve gateway CRL’s
- B . External users management
- C . Enforce user access to internal resources
- D . Provide user authentication information for the Security Management Server
There are several Smart Directory (LDAP) features that can be applied to further enhance Smart Directory (LDAP) functionality, which of the following is NOT one of those features?
- A . High Availability, where user information can be duplicated across several servers
- B . Support multiple Smart Directory (LDAP) servers on which many user databases are distributed
- C . Encrypted or non-encrypted Smart Directory (LDAP) Connections usage
- D . Support many Domains under the same account unit
Choose the BEST sequence for configuring user management in Smart Dashboard, using an LDAP server.
- A . Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
- B . Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
- C . Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
- D . Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
The User Directory Software Blade is used to integrate which of the following with a R76 Security Gateway?
- A . LDAP server
- B . RADIUS server
- C . Account Management Client server
- D . User Authority server
Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule.
Which kind of user group do you need in the Client Authentication rule in R76?
- A . LDAP group
- B . External-user group
- C . A group with a generic user
- D . All Users
Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?
- A . query ldap Cname administrator
- B . dsquery user Cname administrator
- C . ldapquery Cname administrator
- D . cpquery Cname administrator
In Smart Directory, what is each LDAP server called?
- A . Account Server
- B . Account Unit
- C . LDAP Server
- D . LDAP Unit
What is the default port number for standard TCP connections with the LDAP server?
- A . 398
- B . 636
- C . 389
- D . 363
What is the default port number for Secure Sockets Layer connections with the LDAP Server?
- A . 363
- B . 389
- C . 398
- D . 636
When defining an Organizational Unit, which of the following are NOT valid object categories?
- A . Domains
- B . Resources
- C . Users
- D . Services
When defining Smart Directory for High Availability (HA), which of the following should you do?
- A . Replicate the same information on multiple Active Directory servers.
- B . Configure Secure Internal Communications with each server and fetch branches from each.
- C . Configure a Smart Directory Cluster object.
- D . Configure the Smart Directory as a single object using the LDAP cluster IP. Actual HA functionality is configured on the servers.
The set of rules that governs the types of objects in the directory and their associated attributes is called the:
- A . LDAP Policy
- B . Schema
- C . Access Control List
- D . Smart Database
When using Smart Dashboard to manage existing users in Smart Directory, when are the changes applied?
- A . Instantaneously
- B . At policy installation
- C . Never, you cannot manage users through Smart Dashboard
- D . At database synchronization
Where multiple Smart Directory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority.
By what category can this priority be defined?
- A . Gateway or Domain
- B . Location or Account Unit
- C . Location or Domain
- D . Gateway or Account Unit
Each entry in Smart Directory has a unique _______________ ?
- A . Distinguished Name
- B . Organizational Unit
- C . Port Number Association
- D . Schema
With the User Directory Software Blade, you can create R76 user definitions on a(n) _________ Server.
- A . Secure ID
- B . LDAP
- C . NT Domain
- D . Radius
Which describes the function of the account unit?
- A . An Account Unit is the Check Point account that Smart Directory uses to access an (LDAP) server
- B . An Account Unit is a system account on the Check Point gateway that Smart Directory uses to access an (LDAP) server
- C . An Account Unit is the administration account on the LDAP server that Smart Directory uses to access to (LDAP) server
- D . An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the Smart Directory (LDAP) server.
An organization may be distributed across several Smart Directory (LDAP) servers.
What provision do you make to enable a Gateway to use all available resources?
Each Smart Directory (LDAP) server must be:
- A . a member in the LDAP group.
- B . a member in a group that is associated with one Account Unit.
- C . represented by a separate Account Unit.
- D . represented by a separate Account Unit that is a member in the LDAP group.
Which is NOT a method through which Identity Awareness receives its identities?
- A . GPO
- B . Captive Portal
- C . AD Query
- D . Identity Agent
If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended?
- A . Leveraging identity in Internet application control
- B . Identity-based auditing and logging
- C . Basic identity enforcement in the internal network
- D . Identity-based enforcement for non-AD users (non-Windows and guest users)
When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?
- A . Identity-based enforcement for non-AD users (non-Windows and guest users)
- B . For deployment of Identity Agents
- C . Basic identity enforcement in the internal network
- D . Leveraging identity in Internet application control
Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO).
Which of the following is NOT a recommended use for this method?
- A . When accuracy in detecting identity is crucial
- B . Identity based enforcement for non-AD users (non-Windows and guest users)
- C . Protecting highly sensitive servers
- D . Leveraging identity for Data Center protection
Which of the following access options would you NOT use when configuring Captive Portal?
- A . Through the Firewall policy
- B . From the Internet
- C . Through all interfaces
- D . Through internal interfaces
Where do you verify that Smart Directory is enabled?
- A . Global properties > Authentication> Use Smart Directory (LDAP) for Security Gateways is checked
- B . Gateway properties> Smart Directory (LDAP) > Use Smart Directory (LDAP) for Security Gateways is checked
- C . Gateway properties > Authentication> Use Smart Directory (LDAP) for Security Gateways is checked
- D . Global properties > Smart Directory (LDAP) > Use Smart Directory (LDAP) for Security Gateways is checked
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization.
Which gateway process is responsible for the authentication?
- A . vpnd
- B . cpvpnd
- C . fwm
- D . fwd
Remote clients are using SSL VPN to authenticate via LDAP server to connect to the organization.
Which gateway process is responsible for the authentication?
- A . vpnd
- B . cpvpnd
- C . fwm
- D . fwd
Which of the following is NOT a LDAP server option in Smart Directory?
- A . Novell_DS
- B . Netscape_DS
- C . OPSEC_DS
- D . Standard_DS
An Account Unit is the interface between the __________ and the __________.
- A . Users, Domain
- B . Gateway, Resources
- C . System, Database
- D . Clients, Server
Which of the following is a valid Active Directory designation for user John Doe in the Sales department of AcmeCorp.com?
- A . Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
- B . Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
- C . Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
- D . Cn=john_doe,ou=Sales,dc=acmecorp,dc=com
Which of the following is a valid Active Directory designation for user Jane Doe in the MIS department of AcmeCorp.com?
- A . Cn= jane_doe, ou=MIS, DC=acmecorp, dc=com
- B . Cn= jane_doe, ou=MIS, cn=acmecorp, dc=com
- C . Cn=jane_doe, ou=MIS, dc=acmecorp, dc=com
- D . Cn= jane_doe, ou=MIS, cn=acme,cn=corp, dc=com
Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?
- A . fw monitor
- B . ping
- C . um_core enable
- D . fw debug fwm
Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?
- A . fw monitor
- B . ping
- C . um_core enable
- D . fw debug fwm
Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?
- A . fw monitor
- B . ping
- C . um_core enable
- D . fw debug fwm
Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?
- A . fw monitor
- B . ping
- C . um_core enable
- D . fw debug fwm
Check that the Login Distinguished Name configured has root (Administrator) permission (or at least write permission) in the access control configuration of the LDAP server.
- A . 1 and 3
- B . 2 and 3
- C . 1 and 2
- D . 1, 2, and 3
If you are experiencing LDAP issues, which of the following should you check?
- A . Secure Internal Communications (SIC)
- B . Domain name resolution
- C . Overlapping VPN Domains
- D . Connectivity between the R76 Gateway and LDAP server
How are cached usernames and passwords cleared from the memory of a R76 Security Gateway?
- A . By using the Clear User Cache button in Smart Dashboard
- B . By retrieving LDAP user information using the command fw fetch dap
- C . Usernames and passwords only clear from memory after they time out
- D . By installing a Security Policy
When an Endpoint user is able to authenticate but receives a message from the client that it is unable to enforce the desktop policy, what is the most likely scenario?
- A . The user’s rights prevent access to the protected network.
- B . A Desktop Policy is not configured.
- C . The gateway could not locate the user in Smart Directory and is allowing the connection with limitations based on a generic profile.
- D . The user is attempting to connect with the wrong Endpoint client.
When using a template to define a Smart Directory, where should the user’s password be defined?
In the:
- A . Template object
- B . VPN Community object
- C . User object
- D . LDAP object
When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?
- A . All Account-Unit’s Users
- B . Only Group in Branch
- C . Group Agnostic
- D . OU Accept and select appropriate domain
When configuring an LDAP Group object, which option should you select if you do NOT want the gateway to reference the groups defined on the LDAP server for authentication purposes?
- A . OU Accept and select appropriate domain
- B . Only Sub Tree
- C . Only Group in Branch
- D . Group Agnostic
When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?
- A . Only Group in Branch
- B . Only Sub Tree
- C . OU Auth and select Group Name
- D . All Account-Unit’s Users
The process that performs the authentication for Smart Dashboard is:
- A . fwm
- B . vpnd
- C . cvpnd
- D . cpd
The process that performs the authentication for Remote Access is:
- A . cpd
- B . vpnd
- C . fwm
- D . cvpnd
The process that performs the authentication for SSL VPN Users is:
- A . cvpnd
- B . cpd
- C . fwm
- D . vpnd
The process that performs the authentication for legacy session authentication is:
- A . cvpnd
- B . fwm
- C . vpnd
- D . fwssd
While authorization for users managed by Smart Directory is performed by the gateway, the authentication is mostly performed by the infrastructure in which of the following?
- A . ldapd
- B . cpauth
- C . cpShared
- D . ldapauth
When troubleshooting user authentication, you may see the following entries in a debug of the user authentication process.
In which order are these messages likely to appear?
- A . make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser
- B . cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
- C . make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth
- D . au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck
Which of the following is NOT a Cluster XL mode?
- A . Multicast
- B . Legacy
- C . Broadcast
- D . New
In an R76 Cluster, some features such as VPN only function properly when:
- A . All cluster members have the same policy
- B . All cluster members have the same Hot Fix Accumulator pack installed
- C . All cluster members’ clocks are synchronized
- D . All cluster members have the same number of interfaces configured
In Cluster XL R76; when configuring a cluster synchronization network on a VLAN interface what is the supported configuration?
- A . It is supported on VLAN tag 4095
- B . It is supported on VLAN tag 4096
- C . It is supported on the lowest VLAN tag of the VLAN interface
- D . It is not supported on a VLAN tag
Which process is responsible for delta synchronization in Cluster XL?
- A . fw kernel on the security gateway
- B . fwd process on the security gateway
- C . cpd process on the security gateway
- D . Clustering process on the security gateway
Which process is responsible for full synchronization in Cluster XL?
- A . fwd on the Security Gateway
- B . fw kernel on the Security Gateway
- C . Clustering on the Security Gateway
- D . cpd on the Security Gateway
Which process is responsible for kernel table information sharing across all cluster members?
- A . fwd daemon using an encrypted TCP connection
- B . CPHA using an encrypted TCP connection
- C . fw kernel using an encrypted TCP connection
- D . cpd using an encrypted TCP connection
By default, a standby Security Management Server is automatically synchronized by an active Security Management Server, when:
- A . The user data base is installed.
- B . The standby Security Management Server starts for the first time.
- C . The Security Policy is installed.
- D . The Security Policy is saved.
The ________ Check Point Cluster XL mode must synchronize the physical interface IP and MAC addresses on all clustered interfaces.
- A . New Mode HA
- B . Pivot Mode Load Sharing
- C . Multicast Mode Load Sharing
- D . Legacy Mode HA
__________ is a proprietary Check Point protocol. It is the basis for Check Point Cluster XL inter-module communication.
- A . HA OPCODE
- B . RDP
- C . CKPP
- D . CCP
After you add new interfaces to a cluster, how can you check if the new interfaces and the associated virtual IP address are recognized by Cluster XL?
- A . By running the command cphaprob state on both members
- B . By running the command cpconfig on both members
- C . By running the command cphaprob -I list on both members
- D . By running the command cphaprob -a if on both members
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?
- A . Multi-connection support for VPN-1 cluster members
- B . Support for all VPN deployments (except those with third-party VPN peers)
- C . Support for Secure Client/Secure mote/SSL Network Extender encrypted connections
- D . Support for Performance Pack acceleration
Included in the customer’s network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (Load Sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.
- A . Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.
- B . Cluster XL always supports the Sticky Decision Function in the Load Sharing mode.
- C . The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the Smart Dashboard cluster object in the Cluster XL page, Advanced Load Sharing Configuration window.
- D . The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the Cluster XL_SDF_enable command.
A connection is said to be Sticky when:
- A . The connection information sticks in the connection table even after the connection has ended.
- B . A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
- C . A connection is not terminated by either side by FIN or RST packet.
- D . All the connection packets are handled, in either direction, by a single cluster member.
How does a cluster member take over the VIP after a failover event?
- A . Broadcast storm
- B . iflist -renew
- C . Ping the sync interface
- D . Gratuitous ARP
Check Point Clustering protocol, works on:
- A . UDP 500
- B . UDP 8116
- C . TCP 8116
- D . TCP 19864
A customer is calling saying one member’s status is Down.
What will you check?
- A . cphaprob list (verify what critical device is down)
- B . fw ctl pstat (check sync)
- C . fw ctl debug -m cluster + forward (forwarding layer debug)
- D . tcpdump/snoop (CCP traffic)
A customer calls saying that a Load Sharing cluster shows drops with the error First packet is not SYN. Complete the following sentence.
I will recommend:
- A . turning on SDF (Sticky Decision Function)
- B . turning off SDF (Sticky Decision Function)
- C . changing the load on each member
- D . configuring flush and ack
Which of the following commands can be used to troubleshoot Cluster XL sync issues?
- A . fw debug cxl connections > file_name
- B . fw tab -s -t connections > file_name
- C . fw tab -u connections > file_name
- D . fw ctl -s -t connections > file_name
Which of the following commands shows full synchronization status?
- A . fw hastat
- B . cphaprob -i list
- C . cphaprob -a if
- D . fw ctl iflist
Which of the following commands shows full synchronization status?
- A . cphaprob -a if
- B . fw ctl iflist
- C . fw hastat
- D . fw ctl pstat
John is configuring a new R76 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.
What’s happening?
- A . Third Party Clustering is not available for R76 Security Gateways.
- B . John is not using third party hardware as IP Clustering is part of Check Point’s IP Appliance.
- C . Cluster XL needs to be unselected to permit 3rd party clustering configuration.
- D . John has an invalid Cluster XL license.
In Cluster XL, _______ is defined by default as a critical device.
- A . fwd
- B . fwm
- C . assld
- D . cpp
In Cluster XL, _______ is defined by default as a critical device.
- A . fw.d
- B . protect.exe
- C . PROT_SRV.EXE
- D . Filter
Refer to Exhibit below: Match the Cluster XL modes with their configurations.
- A . A – 3, B – 2, C – 4, D – 1
- B . A – 2, B – 3, C – 1, D – 4
- C . A – 2, B – 3, C – 4, D – 1
- D . A – 3, B – 2, C – 1, D – 4
When synchronizing clusters, which of the following statements is NOT true?
- A . The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
- B . In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
- C . Only cluster members running on the same OS platform can be synchronized.
- D . Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
When synchronizing clusters, which of the following statements is NOT true?
- A . User Authentication connections will be lost by the cluster.
- B . An SMTP resource connection using CVP will be maintained by the cluster.
- C . In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
- D . Only cluster members running on the same OS platform can be synchronized.
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
- A . It will try to take the policy from one of the other cluster members.
- B . It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
- C . If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
- D . It compares its local policy to the one on the Security Management Server.
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
- A . It will try to take the policy from one of the other cluster members.
- B . It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
- C . If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
- D . It compares its local policy to the one on the Security Management Server.
When a failed cluster member recovers, which of the following actions is NOT taken by the recovering member?
- A . It will try to take the policy from one of the other cluster members.
- B . It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.
- C . If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.
- D . It compares its local policy to the one on the Security Management Server.
You are the Mega Corp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization cluster link (cross-over cable).
Which of the following commands is the best for testing the connectivity of the crossover cable?
- A . telnet <IP address of the synchronization interface on the other cluster member>
- B . ifconfig -a
- C . ping <IP address of the synchronization interface on the other cluster member>
- D . arping <IP address of the synchronization interface on the other cluster member>
You have a High Availability Cluster XL configuration. Machines are not synchronized.
What happens to connections on failover?
- A . Connections cannot be established until cluster members are fully synchronized.
- B . It is not possible to configure High Availability that is not synchronized.
- C . Old connections are lost but can be reestablished.
- D . Old connections are lost but are automatically recovered whenever the failed machine recovers.
What command will allow you to disable sync on a cluster firewall member?
- A . fw ctl syncstat stop
- B . fw ctl setsync off
- C . fw ctl setsync 0
- D . fw ctl syncstat off
When using Cluster XL in Load Sharing, what is the default method?
- A . IPs, Ports, SPIs
- B . IPs
- C . IPs, Ports
- D . IPs, SPIs
If Cluster XL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?
- A . The connections are dropped as Load Sharing does not support High Availability.
- B . The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).
- C . There is no state synchronization on Load Sharing, only on High Availability.
- D . The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?
- A . Sglondon_1, because it is up again, sglondon_2 took over during reboot
- B . Sglondon_2 because I has highest IP
- C . Sglondon_2 because it has highest priority
- D . Sglondon_1 because it the first configured object with the lowest IP
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
What is a "sticky" connection?
- A . A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet.
- B . A Sticky Connection is a VPN connection that remains up until you manually bring it down.
- C . A Sticky Connection is a connection that remains the same.
- D . A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection.
Match the Best Management High Availability synchronization-status descriptions for your Security Management Server (SMS):
- A . A – 3, B – 1, C – 2, D – 4
- B . A – 3, B – 1, C – 4, D – 2
- C . A – 4, B – 3, C – 1, D – 2
- D . A – 3, B – 2, C – 1, D – 4
Review the R76 configuration.
Is it correct for Management High Availability?
- A . No, the Security Management Servers must reside on the same network.
- B . No, the Security Management Servers must be installed on the same operating system.
- C . No, the Security Management Servers do not have the same number of NICs.
- D . No, a R71 Security Management Server cannot run on Red Hat Linux 9.0.
Check Point New Mode HA is a(n) _________ solution.
- A . primary-domain
- B . hot-standby
- C . acceleration
- D . load-balancing
What is the behavior of Cluster XL in a High Availability environment?
- A . The active member responds to the virtual address and is the only member that passes traffic.
- B . The active member responds to the virtual address and, using sync network forwarding, both members pass traffic.
- C . Both members respond to the virtual address but only the active member is able to pass traffic.
- D . Both members respond to the virtual address and both members pass traffic.
Review the cphaprob state command output from one New Mode High Availability Cluster XL cluster member.
Which member will be active after member 192.168.1.2 fails over and is rebooted?
- A . 192.168.1.2
- B . Both members’ state will be in collision.
- C . 192.168.1.1
- D . Both members’ state will be active.
Review the cphaprob state command output from a New Mode High Availability cluster member.
Which machine has the highest priority?
- A . 192.168.1.2, because its state is active
- B . 192.168.1.1, because its number is 1
- C . 192.168.1.1, because it is <local>
- D . This output does not indicate which machine has the highest priority.
By default Check Point High Availability components send updates about their state every:
- A . 5 seconds.
- B . 0.5 second.
- C . 0.1 second.
- D . 1 second.
You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R76. cphaprob stat shows:
Which of the following is not a possible cause of this?
- A . You have a different number of cores defined for Core XL between the two members
- B . Member 1 has Core XL disabled and member 2 does not
- C . Member 1 is at a lower version than member 2
- D . You have not run cpconfig on member 2 yet.
In Management High Availability, what is an Active SMS?
- A . Active Security Master Server
- B . Active Smart Management Server
- C . Active Security Management Server
- D . Active Smart Master Server
For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?
- A . Yes, if you set up Cluster XL
- B . Yes, if you set up Secure XL
- C . No, the transition should be initiated manually
- D . Yes, if you set up VRRP
For Management High Availability synchronization, what does the Advance status mean?
- A . The peer SMS has not been synchronized properly.
- B . The peer SMS is properly synchronized.
- C . The active SMS and its peer have different installed policies and databases.
- D . The peer SMS is more up-to-date.
Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?
- A . The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
- B . Allows for faster seamless failover: from active-to-active instead of standby-to-active.
- C . An error notification will popup during Smart Dashboard login if the two machines can communicate indicating Collision status.
- D . Creates a High Availability implementation between the Gateways installed on the Security Management Servers.
You want to verify that your Check Point cluster is working correctly.
Which command line tool can you use?
- A . cphastart -status
- B . cphainfo -s
- C . cphaprob state
- D . cphaconf state
How can you view the virtual cluster interfaces of a Cluster XL environment?
- A . cphaprob -ia if
- B . cphaprob -a if
- C . cphaprob -a list
- D . cphaprob -ia list
How can you view the critical devices on a cluster member in a Cluster XL environment?
- A . cphaprob -ia list
- B . cphaprob -a if
- C . cphaprob -a list
- D . cphaprob -ia if
When Load Sharing Multicast mode is defined in a Cluster XL cluster object, how are packets being handled by cluster members?
- A . All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.
- B . All cluster members process all packets and members synchronize with each other.
- C . All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.
- D . Only one member at a time is active. The active cluster member processes all packets.
Which of the following does NOT happen when using Pivot Mode in Cluster XL?
- A . The Security Gateway analyzes the packet and forwards it to the Pivot.
- B . The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.
- C . The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.
- D . The Pivot forwards the packet to the appropriate cluster member.
When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?
- A . Load Sharing based on IP addresses, ports, and serial peripheral interfaces
- B . Load Sharing based on SPIs
- C . Load Sharing based on ports, VTI, and IP addresses
- D . Load Sharing based on IP addresses, ports, and security parameter indexes
By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.
- A . Broadcast
- B . Unicast
- C . Multicast
- D . Shout cast
To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:
- A . set_ccp cpcluster broadcast
- B . ccp broadcast
- C . clusterconfig set_ccp broadcast
- D . cphaconf set_ccp broadcast
What cluster mode is represented in this case?
- A . Load Sharing (multicast mode)
- B . HA (New mode).
- C . 3rd party cluster
- D . Load Sharing Unicast (Pivot) mode
What cluster mode is represented in this case?
- A . 3rd party cluster
- B . Load Sharing (multicast mode)
- C . Load Sharing Unicast (Pivot) mode
- D . HA (New mode)
Which of the listed load-balancing methods is NOT valid?
- A . Random
- B . Domain
- C . They are all valid
- D . Round Trip
Which method of load balancing describes "Round Robin"?
- A . Assigns service requests to the next server in a series.
- B . Assigns service requests to servers at random.
- C . Measures the load on each server to determine which server has the most available resources.
- D . Ensures that incoming requests are handled by the server with the fastest response time.
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies.
Review the ARP table from the internal Windows host 10.4.8.108. According to the output, which member is the standby machine?
- A . 10.4.8.3
- B . The standby machine cannot be determined by this test.
- C . 10.4.8.1
- D . 10.4.8.2
In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108.
Based on this information, what is the active cluster member’s IP address?
- A . The active cluster member’s IP address cannot be determined by this ARP cache.
- B . 10.4.8.3
- C . 10.4.8.1
- D . 10.4.8.2
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for selective sync. Review the fw tab -t connections -s output from both members.
Is State Synchronization working properly between the two members?
- A . Members A and B are not synchronized, because #VALS in the connections table are not close.
- B . Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
- C . Members A and B are synchronized, because #SLINKS are identical in the connections table.
- D . Members A and B are synchronized, because ID for both members is identical in the connections table.
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment.
Can they be members of a Gateway Cluster?
- A . No, because the Security Gateways must be installed in a stand-alone installation.
- B . No, because IP does not have a cluster option.
- C . Yes, as long as they have the same IPSO and Check Point versions.
- D . No, because the appliances must be of the same model (both should be IP565 or IP395).
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment.
Can they be members of a Gateway Cluster?
- A . No, because the Security Gateways must be installed in a stand-alone installation.
- B . No, because IP does not have a cluster option.
- C . Yes, as long as they have the same IPSO and Check Point versions.
- D . No, because the appliances must be of the same model (both should be IP565 or IP395).
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment.
Can they be members of a Gateway Cluster?
- A . No, because the Security Gateways must be installed in a stand-alone installation.
- B . No, because IP does not have a cluster option.
- C . Yes, as long as they have the same IPSO and Check Point versions.
- D . No, because the appliances must be of the same model (both should be IP565 or IP395).
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment.
Can they be members of a Gateway Cluster?
- A . No, because the Security Gateways must be installed in a stand-alone installation.
- B . No, because IP does not have a cluster option.
- C . Yes, as long as they have the same IPSO and Check Point versions.
- D . No, because the appliances must be of the same model (both should be IP565 or IP395).
You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment.
Can they be members of a Gateway Cluster?
- A . No, because the Security Gateways must be installed in a stand-alone installation.
- B . No, because IP does not have a cluster option.
- C . Yes, as long as they have the same IPSO and Check Point versions.
- D . No, because the appliances must be of the same model (both should be IP565 or IP395).
Reinstall the Security Policy.
- A . 3, 2, 1, 4
- B . 2, 4, 3, 1
- C . 1, 3, 2, 4
- D . 2, 3, 1, 4
- E . 1, 2, 3, 4
Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches.
Which of the following answers does NOT lead to a successful solution?
- A . Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
- B . Configure static CAMs to allow multicast traffic on specific ports.
- C . Cluster XL supports IGMP snooping by default. There is no need to configure anything.
- D . Disable IGMP registration in switches that rely on IGMP packets
The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast.
Is it possible to install a cluster in this situation?
- A . Yes, you can toggle on Cluster XL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast on¦off. The default setting is broadcast.
- B . Yes, you can toggle on Cluster XL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.
- C . No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.
- D . Yes, the Cluster XL changes automatically to the broadcast mode if the multicast is not forwarded.
What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?
- A . You did not activate synchronization within Global Properties.
- B . You are using different time zones.
- C . You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
- D . If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
What is the proper command for importing users into the R76 User Database?
- A . fwm dbimport
- B . fwm importusrs
- C . fwm import
- D . fwm importdb
The user database is installed.
Select the BEST response for the synchronization trigger.
- A . 1, 2, 4
- B . 1, 2, 3, 4
- C . 1, 2, 5
- D . 1, 3, 4
What is a requirement for setting up R76 Management High Availability?
- A . All Security Management Servers must have the same number of NICs.
- B . All Security Management Servers must have the same operating system.
- C . State synchronization must be enabled on the secondary Security Management Server.
- D . All Security Management Servers must reside in the same LAN.
You are preparing computers for a new Cluster XL deployment.
For your cluster, you plan to use three machines with the following configurations:
Are these machines correctly configured for a Cluster XL deployment?
- A . No, the Security Gateway cannot be installed on the Security Management Server.
- B . No, the Security Management Server is not running the same operating system as the cluster members.
- C . Yes, these machines are configured correctly for a Cluster XL deployment.
- D . No, Cluster Member 3 does not have the required memory.
You are preparing computers for a new Cluster XL deployment.
For your cluster, you plan to use four machines with the following configurations:
Cluster Member 1: OS: Secure Platform, NICs: Quad Card, memory: 1 GB, Security Gateway only, version: R76
Cluster Member 2: OS: Secure Platform, NICs: 4 Intel 3Com, memory: 1 GB, Security Gateway only, version: R76
Cluster Member 3: OS: Secure Platform, NICs: 4 other manufacturers, memory: 512 MB, Security Gateway only, version: R76
Security Management Server: MS Windows 2003, NIC. Intel NIC (1), Security Gateway and primary Security Management Server installed, version: R76
Are these machines correctly configured for a Cluster XL deployment?
- A . No, the Security Gateway cannot be installed on the Security Management Pro Server.
- B . No, Cluster Member 3 does not have the required memory.
- C . Yes, these machines are configured correctly for a Cluster XL deployment.
- D . No, the Security Management Server is not running the same operating system as the cluster members.
You are establishing a Cluster XL environment, with the following topology:
External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3.
What is the problem with this configuration?
- A . Cluster members cannot use the VLAN switch. They must use hubs.
- B . The Cluster interface names must be identical across all cluster members.
- C . There is an IP address conflict.
- D . The Security Management Server must be in the dedicated synchronization network, not the internal network.
What is the reason for the following error?
- A . A third-party cluster solution is implemented.
- B . Cluster membership is not enabled on the gateway.
- C . Objects. C does not contain a cluster object.
- D . Device Name contains non-ASCII characters.
You find that Gateway fw2 can NOT be added to the cluster object.
What are possible reasons for that?
- A . (i) or (ii)
- B . (ii) or (iii)
- C . (i) or (iii)
- D . All
In which Cluster XL Load Sharing mode, does the pivot machine get chosen automatically by Cluster XL?
- A . Hot Standby Load Sharing
- B . Unicast Load Sharing
- C . Multicast Load Sharing
- D . CCP Load Sharing
What configuration change must you make to change an existing Cluster XL cluster object from Multicast to Unicast mode?
- A . Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
- B . Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
- C . Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.
- D . Change the cluster mode to Unicast on each of the cluster-member objects.
In a R76 Cluster XL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?
- A . Multicast MAC address response to a Unicast IP request
- B . Unicast MAC address response to a Multicast IP request
- C . Multicast MAC address response to a RARP request
- D . MGCP MAC address response to a Multicast IP request
In Load Sharing Unicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108.
Review the exhibit and identify the member serving as the pivot machine.
- A . 10.4.8.3
- B . 10.4.8.2
- C . The pivot machine cannot be determined by this test.
- D . 10.4.8.1
Which of the following commands will stop acceleration on a Security Gateway running on Secure Platform?
- A . splat_accel off
- B . perf_pack off
- C . fw accel off
- D . fwaccel off
How do new connections get established through a Security Gateway with Secure XL enabled?
- A . New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through Secure XL
- B . The new connection will be first inspected by Secure XL and if it does not match the drop table of Secure XL, then it will be passed to the firewall module for a rule match.
- C . New connection packets never reach the Secure XL module.
- D . If the connection matches a connection or drop template in Secure XL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.
Which of the following commands can be used to bind a NIC to a single processor when using a Performance Pack on Secure Platform?
- A . sim affinity
- B . splat proc
- C . set proc
- D . fw fat path nic
Review the Rule Base displayed.
For which rules will the connection templates be generated in Secure XL?
- A . Rule nos. 2 and 5
- B . Rule no. 2 only
- C . All rules except rule no. 3
- D . Rule nos. 2 to 5
Your customer asks you about the Performance Pack. You explain to him that a Performance Pack is a software acceleration product which improves the performance of the Security Gateway.
You may enable or disable this acceleration by either:
1) the command: cpconfig
2) the command .fwaccel on off
What is the difference between these two commands?
- A . The fwaccel command determines the default setting. The command cpconfig can dynamically change the setting, but after the reboot it reverts to the default setting.
- B . Both commands function identically.
- C . The command cpconfig works on the Security Platform only. The command fwaccel can be used on all platforms.
- D . The cpconfig command enables acceleration. The command fwaccel can dynamically change the setting, but after the reboot it reverts to the default setting.
Your customer complains of the weak performance of his systems. He has heard that Connection Templates accelerate traffic.
How do you explain to the customer about template restrictions and how to verify that they are enabled?
- A . To enhance connection-establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fwaccel stat.
- B . To enhance connection-establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fwacel templates.
- C . To enhance connection-establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the destination port. To test if connection templates are enabled, use the command fw ctl templates.
- D . To enhance connection-establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the source port. To test if connection templates are enabled, use the command fw ctl templates.
Frank is concerned with performance and wants to configure the affinities settings. His gateway does not have the Performance Pack running.
What would Frank need to perform in order configure those settings?
- A . Edit $FWDIR/conf/fwaffinity.conf and change the settings.
- B . Edit affinity.conf and change the settings.
- C . Run fw affinity and change the settings.
- D . Run sim affinity and change the settings.
You are concerned that the processor for your firewall running NGX R71 Secure Platform may be overloaded.
What file would you view to determine the speed of your processor(s)?
- A . cat /etc/cpuinfo
- B . cat /proc/cpuinfo
- C . cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
- D . cat /etc/sysconfig/cpuinfo
Which of the following is NOT a restriction for connection template generation?
- A . SYN Defender
- B . ISN Spoofing
- C . UDP services with no protocol type or source port mentioned in advanced properties
- D . VPN Connections
In Core XL, what process is responsible for processing incoming traffic from the network interfaces, securely accelerating authorized packets, and distributing non-accelerated packets among kernel instances?
- A . NAD (Network Accelerator Daemon)
- B . SND (Secure Network Distributor)
- C . SSD (Secure System Distributor)
- D . SNP (System Networking Process)
Due to some recent performance issues, you are asked to add additional processors to your firewall.
If you already have Core XL enabled, how are you able to increase Kernel instances?
- A . Once Core XL is installed you cannot enable additional Kernel instances without reinstalling R76.
- B . In Smart Update, right-click on Firewall Object and choose Add Kernel Instances.
- C . Use cpconfig to reconfigure Core XL.
- D . Kernel instances are automatically added after process installed and no additional configuration is needed.
Which of the following platforms does NOT support Secure XL?
- A . Power-1 Appliance
- B . IP Appliance
- C . UTM-1 Appliance
- D . UNIX
Which of the following is NOT supported by Core XL?
- A . Smart View Tracker
- B . Route-based VPN
- C . IPS
- D . IPV4
If the number of kernel instances for Core XL shown is 6, how many cores are in the physical machine?
- A . 6
- B . 8
- C . 4
- D . 12
Which of the following is NOT accelerated by Secure XL?
- A . Telnet
- B . FTP
- C . SSH
- D . HTTPS
To verify Secure XL statistics you would use the command ________?
- A . fwaccel stats
- B . fw ctl pstat
- C . fwaccel top
- D . cphaprob stat
How can you disable Secure XL via the command line (it does not need to survive a reboot)?
- A . cphaprob off
- B . fw ctl accel off
- C . Secure XL off
- D . fwaccel off
Which of these is a type of acceleration in Secure XL?
- A . FTP
- B . connection rate
- C . GRE
- D . QoS
The Core XL SND (Secure Network Distributor) is responsible for:
- A . distributing non-accelerated packets among kernel instances
- B . accelerating VPN traffic
- C . shutting down cores when they are not needed
- D . changing routes to distribute the load across multiple firewalls
How can you verify that Secure XL is running?
- A . cpstat os
- B . fw ver
- C . fwaccel stat
- D . Secure XL stat
Which of the following services will cause Secure XL templates to be disabled?
- A . TELNET
- B . FTP
- C . HTTPS
- D . LDAP
How do you enable Secure XL (command line) on GAiA?
- A . fw Secure XL on
- B . fw accel on
- C . fwaccel on
- D . fwSecure XL on
The following graphic illustrates which command being issued on Secure Platform?
- A . fwaccel stats
- B . fw accel stats
- C . fw Secure XL stats
- D . fwSecure XL stats
After Travis added new processing cores on his server, Core XL did not use them.
What would be the most plausible reason why? Travis did not:
- A . Edit the Gateway Properties and increase the kernel instances.
- B . Run cpconfig to increase the number of CPU cores.
- C . Edit the Gateway Properties and increase the number of CPU cores.
- D . Run cpconfig to increase the kernel instances.
Steve tries to configure Directional VPN Rule Match in the Rule Base. But the Match column does not have the option to see the Directional Match. Steve sees the following screen.
What is the problem?
- A . Steve must enable directional_match(true) in the objects_5_0.C file on SmartCenter Server.
- B . Steve must enable Advanced Routing on each Security Gateway.
- C . Steve must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
- D . Steve must enable a dynamic routing protocol, such as OSPF, on the Gateways.
- E . Steve must enable VPN Directional Match on the gateway object’s VPN tab.
A Smart Provisioning Gateway could be a member of which VPN communities?
(i) Center In Star Topology
(ii) Satellite in Star Topology
(iii) Carter in Remote Access Community
(iv) Meshed Community
- A . (ii) and (iii)
- B . All
- C . (i), (ii) and (iii)
- D . (ii) only
What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?
- A . Gated
- B . There’s no separate process, but the Linux default router can take care of that.
- C . Routerd
- D . Arouted
What is the command to enter the router shell?
- A . gated
- B . routerd
- C . clirouter
- D . router
Which statement is TRUE for route-based VPN’s?
- A . Route-based VPN’s replace domain-based VPN’s.
- B . Route-based VPN’s are a form of partial overlap VPN Domain.
- C . Dynamic-routing protocols are not required.
- D . IP Pool NAT must be configured on each Gateway.
VPN routing can also be configured by editing which file?
- A . $FWDIRconfvpn_route.c
- B . $FWDIRbinvpn_route.conf
- C . $FWDIRconfvpn_route.conf
- D . $FWDIRVPNroute_conf.c
If both domain-based and route-based VPN’s are configured, which will take precedence?
- A . Must be chosen/configured manually by the Administrator in the Policy > Global Properties
- B . Must be chosen/configured manually by the Administrator in the VPN community object
- C . Domain-based
- D . Route-based
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
- A . They are only supported on the IPSO Operating System.
- B . VTIs cannot be assigned a proxy interface.
- C . VTIs can only be physical, not loopback.
- D . Local IP addresses are not configured, remote IP addresses are configured.
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
- A . VTIs must be assigned a proxy interface.
- B . VTIs can only be physical, not loopback.
- C . VTIs are only supported on Secure Platform.
- D . Local IP addresses are not configured, remote IP addresses are configured.
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
- A . Local IP addresses are not configured, remote IP addresses are configured
- B . VTI specific additional local and remote IP addresses are not configured
- C . VTIs are only supported on Secure Platform
- D . VTIs cannot be assigned a proxy interface
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
- A . VTIs are assigned only local addresses, not remote addresses
- B . VTIs are only supported on IPSO
- C . VTIs cannot share IP addresses
- D . VTIs cannot use an already existing physical-interface IP address
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
- A . VTIs can use an already existing physical-interface IP address
- B . VTIs cannot share IP addresses
- C . VTIs are supported on Secure Platform Pro
- D . VTIs are assigned only local addresses, not remote addresses
When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?
- A . 1, 3, and 4
- B . 2 and 3
- C . 1, 2, and 4
- D . 1, 2, 3 and 4
How do you verify a VPN Tunnel Interface (VTI) is configured properly?
- A . vpn shell display <VTI name> detailed
- B . vpn shell show <VTI name> detailed
- C . vpn shell show interface detailed <VTI name>
- D . vpn shell display interface detailed <VTI name>
What is used to validate a digital certificate?
- A . S/MIME
- B . CRL
- C . IPsec
- D . PKCS
Which statement defines Public Key Infrastructure? Security is provided:
- A . by Certificate Authorities, digital certificates, and two-way symmetric-key encryption.
- B . by Certificate Authorities, digital certificates, and public key encryption.
- C . via both private and public keys, without the use of digital Certificates.
- D . by authentication.
Match the VPN-related terms with their definitions:
- A . A-3, B-2, C-1, D-4
- B . A-3, B-4, C-1, D-2
- C . A-3, B-2, C-4, D-1
- D . A-2, B-3, C-4, D-1
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner.
Which of the following activities should you do first?
- A . Manually import your partner’s Access Control List.
- B . Manually import your partner’s Certificate Revocation List.
- C . Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).
- D . Create a new logical-server object to represent your partner’s CA.
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities.
How should you configure the VPN match rule?
- A . Communities > Communities
- B . internal_clear > All_GwToGw
- C . internal_clear > All_communities
- D . Internal_clear > External_Clear
Which of the following statements is FALSE regarding OSPF configuration on Secure Platform Pro?
- A . router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.
- B . router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
- C . router ospf 1 creates an OSPF routing instance and this process ID should be different for each Security Gateway.
- D . router ospf 1 creates an OSPF routing instance and this process ID should be the same on all Gateways.
If you need strong protection for the encryption of user data, what option would be the BEST choice?
- A . When you need strong encryption, IPSec is not the best choice. SSL VPN’s are a better choice.
- B . Use Daffier-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
- C . Disable Differ-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to Quick Mode. Use double encryption by implementing AH and ESP as protocols.
- D . Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
Review the following list of actions that Security Gateway R76 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:
- A . Accept, Drop, Encrypt, Session Auth
- B . Accept, Drop, Reject, Client Auth
- C . Accept, Hold, Reject, Proxy
- D . Accept, Reject, Encrypt, Drop
Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R76 uses to guarantee the authenticity and integrity of messages.
Which technology should you explain to the executives?
- A . Digital signatures
- B . Certificate Revocation Lists
- C . Key-exchange protocols
- D . Application Intelligence
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:
- A . Probe links for availability.
- B . Use links based on Day/Time.
- C . Assign links to specific VPN communities.
- D . Use links based on authentication method.
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:
- A . Assign links to use Dynamic DNS.
- B . Use links based on authentication method.
- C . Use links based on Day/Time.
- D . Use Load Sharing to distribute VPN traffic.
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:
- A . Assign links to specific VPN communities.
- B . Assign links to use Dynamic DNS.
- C . Use links based on services.
- D . Prohibit Dynamic DNS.
There are times when you want to use Link Selection to manage high-traffic VPN connections.
With Link Selection you can:
- A . Use links based on Day/Time.
- B . Set up links for Remote Access.
- C . Assign links to specific VPN communities.
- D . Assign links to use Dynamic DNS.
What type of object may be explicitly defined as a MEP VPN?
- A . Mesh VPN Community
- B . Any VPN Community
- C . Remote Access VPN Community
- D . Star VPN Community
MEP VPN’s use the Proprietary Probing Protocol to send special UDP RDP packets to port ____ to discover if an IP is accessible.
- A . 259
- B . 256
- C . 264
- D . 201
Which of the following statements is TRUE concerning MEP VPN’s?
- A . State synchronization between Security Gateways is required.
- B . MEP VPN’s are not restricted to the location of the gateways.
- C . The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
- D . MEP Security Gateways cannot be managed by separate Management Servers.
Which of the following statements is TRUE concerning MEP VPN’s?
- A . The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
- B . MEP Security Gateways can be managed by separate Management Servers.
- C . MEP VPN’s are restricted to the location of the gateways.
- D . State synchronization between Security Gateways is required.
Which of the following statements is TRUE concerning MEP VPN’s?
- A . State synchronization between Security Gateways is NOT required.
- B . MEP Security Gateways cannot be managed by separate Management Servers.
- C . The VPN Client is assigned a Security Gateway to connect to based on a priority list, should the first connection fail.
- D . MEP VPN’s are restricted to the location of the gateways.
Which of the following statements is TRUE concerning MEP VPN’s?
- A . MEP Security Gateways cannot be managed by separate Management Servers.
- B . MEP VPN’s are restricted to the location of the gateways.
- C . The VPN Client selects which Security Gateway takes over, should the first connection fail.
- D . State synchronization between Security Gateways is required.
You need to publish GAiA routes using the OSPF routing protocol.
What is the correct command structure, once entering the route command, to implement OSPF successfully?
- A . Run cpconfig utility to enable ospf routing
- B . – ip route ospf
– ospf network1
– ospf network2 - C . – Enable
– Configure terminal
– Router ospf [id]
– Network [network] [wildmask] area [id] - D . Use DBedit utility to either the objects_5_0.c file
At what router prompt would you save your OSPF configuration?
- A . localhost.localdomain(config)#
- B . localhost.localdomain(config-if)#
- C . localhost.localdomain#
- D . localhost.localdomain(config-router-ospf)#
What is the router command to save your OSPF configuration?
- A . save memory
- B . write config
- C . save
- D . write mem
What is the command to show OSPF adjacencies?
- A . show ospf interface
- B . show ospf summary-address
- C . show running-config
- D . show ip ospf neighbor
A VPN Tunnel Interface (VTI) is defined on Secure Platform Pro as:
vpn shell interface add numbered 10.10.0.1 10.10.0.2 madrid.cp
What do you know about this VTI?
- A . 10.10.0.1 is the local Gateway’s internal interface, and 10.10.0.2 is the internal interface of the remote Gateway.
- B . The peer Security Gateway’s name is madrid.cp.
- C . The VTI name is madrid.cp.
- D . The local Gateway’s object name is madrid.cp.
Which of the following operating systems support numbered VTI’s?
- A . Secure Platform Pro
- B . Solaris
- C . IPSO 4.0 +
- D . Windows Server 2008
Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?
- A . Domain-based VPN
- B . Route-based VPN
- C . Subnet-based VPN
- D . Host-based VPN
You have installed Secure Platform R76 as Security Gateway operating system. As company requirements changed, you need the VTI features of R76.
What should you do?
- A . Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances.
- B . In Smart Dashboard click on the OS drop down menu and choose Secure Platform Pro. You have to reboot the Security Gateway in order for the change to take effect.
- C . Type pro enable on your Security Gateway and reboot it.
- D . You have to re-install your Security Gateway with Secure Platform Pro R76, as Secure Platform R76 does not support VTIs.
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based VPN’s?
- A . Solaris 9 and higher
- B . IPSO 3.9 and higher
- C . Red Hat Linux
- D . Secure Platform for NGX and higher
You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.
You want to test the route-based VPN, so you created VTIs among the Gateways and created static route entries for the VTIs.
However, when you test the VPN, you find out the VPN still go through the regular domain IPsec tunnels instead of the routed VTI tunnels.
What is the problem and how do you make the VPN use the VTI tunnels?
- A . Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
- B . Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
- C . Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI, use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
- D . Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway’s VPN Domain
When configuring a Permanent Tunnel between two gateways in a Meshed VPN community, in what object is the tunnel managed?
- A . VPN Community object
- B . Each participating Security Gateway object
- C . Security Management Server
- D . Only the local Security Gateway object
Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?
- A . vpn tu
- B . ikeoff
- C . vpn export_p12
- D . vpn accel off
Which of the following log files contains information about the negotiation process for encryption?
- A . ike.elg
- B . iked.elg
- C . vpnd.elg
- D . vpn.elg
Which of the following log files contains verbose information regarding the negotiation process and other encryption failures?
- A . iked.elg
- B . ike.elg
- C . vpn.elg
- D . vpnd.elg
What is the most common cause for a Quick mode packet 1 failing with the error "No Proposal Chosen" error?
- A . The OS and patch level of one gateway does not match the other.
- B . The previously established Permanent Tunnel has failed.
- C . There is a network connectivity issue.
- D . The encryption strength and hash settings of one peer does not match the other.
Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?
- A . Smart Event Analysis Data Server
- B . Smart Event Client
- C . Smart Event Correlation Unit
- D . Smart Event Server
The ______________ contains the Events Data Base.
- A . Smart Event Client
- B . Smart Event Correlation Unit
- C . Smart Event Data Server
- D . Smart Event Server
The Smart Event Correlation Unit:
- A . adds events to the events database.
- B . assigns a severity level to an event.
- C . analyzes each IPS log entry as it enters the Log server.
- D . displays the received events.
The Smart Event Server:
- A . analyzes each IPS log entry as it enters the Log server.
- B . displays the received events.
- C . forwards what is known as an event to the Smart Event Server.
- D . assigns a severity level to an event.
The Smart Event Client:
- A . analyzes each IPS log entry as it enters the Log server.
- B . displays the received events.
- C . adds events to the events database.
- D . assigns a severity level to an event.
The Smart Event Correlation Unit:
- A . adds events to the events database.
- B . display a the received events.
- C . looks for patterns according to the installed Event Policy.
- D . assigns a severity level to an event.
The Smart Event Correlation Unit:
- A . adds events to the events database.
- B . assigns a severity level to an event.
- C . forwards what is identified as an event to the Smart Event server.
- D . displays the received events.
The Smart Event Server:
- A . displays the received events
- B . adds events to the events database
- C . invokes defined automatic reactions
- D . analyzes each IPS log entry as it enters the Log server
What are the 3 main components of the Smart Event Software Blade?
- A . I, ii, iii
- B . iv, v, vi
- C . i, iv, v
- D . i, iii, iv
How many Events can be shown at one time in the Event preview pane?
- A . 5,000
- B . 30,000
- C . 15,000
- D . 1,000
You are reviewing computer information collected in Client Info.
You can NOT:
- A . Enter new credential for accessing the computer information.
- B . Save the information in the active tab to an .exe file.
- C . Copy the contents of the selected cells.
- D . Run Google.com search using the contents of the selected cell.
Which of the following is NOT a Smart Event Permission Profile type?
- A . Events Database
- B . View
- C . No Access
- D . Read/Write
What is the Smart Event Correlation Unit’s function?
- A . Assign severity levels to events.
- B . Display received threats and tune the Events Policy.
- C . Analyze log entries, looking for Event Policy patterns.
- D . Invoke and define automatic reactions and add events to the database.
What is the Smart Event Analyzer’s function?
- A . Assign severity levels to events.
- B . Analyze log entries, looking for Event Policy patterns.
- C . Display received threats and tune the Events Policy.
- D . Generate a threat analysis report from the Analyzer database.
What is the Smart Event Client’s function?
- A . Display received threats and tune the Events Policy.
- B . Generate a threat analysis report from the Reporter database.
- C . Invoke and define automatic reactions and add events to the database.
- D . Assign severity levels to events.
A tracked Smart Event Candidate in a Candidate Pool becomes an Event.
What does NOT happen in the Analyzer Server?
- A . Smart Event provides the beginning and end time of the Event.
- B . The Correlation Unit keeps adding matching logs to the Event.
- C . The Event is kept open, but condenses many instances into one Event.
- D . Smart Event stops tracking logs related to the Candidate.
How many pre-defined exclusions are included by default in Smart Event R76 as part of the product installation?
- A . 3
- B . 0
- C . 5
- D . 10
What is the purpose of the pre-defined exclusions included with Smart Event R76?
- A . To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.
- B . To allow Smart Event R76 to function properly with all other R71 devices.
- C . To give samples of how to write your own exclusion.
- D . As a base for starting and building exclusions.
What is the benefit to running Smart Event in Learning Mode?
- A . There is no Smart Event Learning Mode
- B . To run Smart Event with preloaded sample data in a test environment
- C . To run Smart Event, with a step-by-step online configuration guide for training/setup purposes
- D . To generate a report with system Event Policy modification suggestions
______________ is NOT an Smart Event event-triggered Automatic Reaction.
- A . SNMP Trap
- B . Mail
- C . Block Access
- D . External Script
For best performance in Event Correlation, you should use:
- A . IP address ranges
- B . Large groups
- C . Nothing slows down Event Correlation
- D . Many objects
What access level cannot be assigned to an Administrator in Smart Event?
- A . No Access
- B . Write only
- C . Read only
- D . Events Database
_______________ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.
- A . Smart Dashboard Log Consolidator
- B . Smart Reporter
- C . Security Management Server
- D . Smart Reporter Database
_____________ generates a Smart Event Report from its SQL database.
- A . Smart Event Client
- B . Security Management Server
- C . Smart Reporter
- D . Smart Dashboard Log Consolidator
Which Smart Reporter report type is generated from the Smart View Monitor history file?
- A . Custom
- B . Express
- C . Traditional
- D . Standard
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
- A . Smart Reporter Client
- B . Security Management Server
- C . Smart Dashboard Log Consolidator
- D . Smart Event Server
Which Check Point product implements a Consolidation Policy?
- A . Smart Reporter
- B . Smart View Monitor
- C . Smart LSM
- D . Smart View Tracker
You have selected the event Port Scan from Internal Network in Smart Event, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other.
How would you accomplish this?
- A . Define the two port-scan detections as an exception.
- B . Select the two port-scan detections as a new event.
- C . Select the two port-scan detections as a sub-event.
- D . You cannot set Smart Event to detect two port scans from a host within 10 seconds of each other.
When do modifications to the Event Policy take effect?
- A . When saved on the Correlation Units, and pushed as a policy.
- B . As soon as the Policy Tab window is closed.
- C . When saved on the Smart Event Client, and installed on the Smart Event Server.
- D . When saved on the Smart Event Server and installed to the Correlation Units.
To back up all events stored in the Smart Event Server, you should back up the contents of which folder (s)?
- A . $RTDIR/distrib
- B . $RTDIR/distrib_db and $FWDIR/events
- C . $RTDIR/distrib and $RTDIR/events_db
- D . $RTDIR/events_db
To clean the system of all events, you should delete the files in which folder(s)?
- A . $RTDIR/distrib and $RTDIR/events_db
- B . $RTDIR/events_db
- C . $FWDIR/distrib_db and $FWDIR/events
- D . $FWDIR/distrib
What Smart Console application allows you to change the Log Consolidation Policy?
- A . Smart Dashboard
- B . Smart Reporter
- C . Smart Update
- D . Smart Event Server
Where is it necessary to configure historical records in Smart View Monitor to generate Express reports in Smart Reporter?
- A . In Smart View Monitor, under Global Properties > Log and Masters
- B . In Smart Reporter, under Express > Network Activity
- C . In Smart Dashboard, the Smart View Monitor page in the R76 Security Gateway object
- D . In Smart Reporter, under Standard > Custom
In a UNIX environment, Smart Reporter Data Base settings could be modified in:
- A . $FWDIR/Eventia/conf/ini.C
- B . $RTDIR/Database/conf/my.cnf
- C . $CPDIR/Database/conf/conf.C
- D . $ERDIR/conf/my.cnf
In a Windows environment, Smart Reporter Data Base settings could be modified in:
- A . %RTDIR%Databaseconfmy.ini
- B . $ERDIR/conf/my.cnf
- C . $CPDIR/Database/conf/conf.C
- D . $FWDIR/Eventia/conf/ini.C
Which specific R76 GUI would you use to view the length of time a TCP connection was open?
- A . Smart View Tracker
- B . Smart View Status
- C . Smart Reporter
- D . Smart View Monitor
Smart Reporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:
- A . Possible worm/malware activity.
- B . Analyzing traffic patterns against public resources.
- C . Analyzing access attempts via social-engineering.
- D . Tracking attempted port scans.
What is the best tool to produce a report which represents historical system information?
- A . Smart View Tracker
- B . Smart view Monitor
- C . Smart Reporter-Standard Reports
- D . Smart Reporter-Express Reports
If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?
- A . Consolidation Policy
- B . Log Consolidator Policy
- C . Log Sequence Policy
- D . Report Policy
Your company has the requirement that Smart Event reports should show a detailed and accurate view of network activity but also performance should be guaranteed.
Which actions should be taken to achieve that?
(i) Use same hard driver for database directory, log files and temporary directory
(ii) Use Consolidation Rules
(iii) Limit logging to blocked traffic only
(iv) Using Multiple Database Tables
- A . (i) and (ii)
- B . (ii) and (iv)
- C . (i), (ii) and (iv)
- D . (i), (iii) and (iv)
To help organize events, Smart Reporter uses filtered queries.
Which of the following is NOT an Smart Event property you can query?
- A . Event: Critical, Suspect, False Alarm
- B . Time: Last Hour, Last Day, Last Week
- C . State: Open, Closed, False Alarm
- D . Type: Scans, Denial of Service, Unauthorized Entry
When migrating the Smart Event data base from one server to another, the first step is to back up the files on the original server.
Which of the following commands should you run to back up the Smart Event data base?
- A . migrate export
- B . snapshot
- C . backup
- D . eva_db_backup
When migrating the Smart Event data base from one server to another, the last step is to save the files on the new server.
Which of the following commands should you run to save the Smart Event data base files on the new server?
- A . cp
- B . migrate import
- C . eva_db_restore
- D . restore
How could you compare the Fingerprint shown to the Fingerprint on the server?
- A . Run cpconfig, select the Certificate’s Fingerprint option and view the fingerprint
- B . Run cpconfig, select the GUI Clients option and view the fingerprint
- C . Run cpconfig, select the Certificate Authority option and view the fingerprint
- D . Run sysconfig, select the Server Fingerprint option and view the fingerprint
Which file defines the fields for each object used in the file objects. C (color, num/string, default value…)?
- A . $FWDIR/conf/classes.C
- B . $FWDIR/conf/scheam.C
- C . $FWDIR/conf/table.C
- D . $FWDIR/conf/fields.C
Which procedure creates a new administrator in Smart Workflow?
- A . Run cpconfig, supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
- B . In Smart Dashboard, click Smart Workflow / Enable Smart Workflow and the Enable Smart Workflow wizard will start. Supply the Login Name, Profile Properties, Name, Access Applications and Permissions when prompted.
- C . On the Provider-1 primary MDS, run cpconfig, supply the Login Name, Profile Properties, Name, Access Applications and Permissions.
- D . In Smart Dashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
When you check Web Server in a host-node object, what happens to the host?
- A . The Web server daemon is enabled on the host.
- B . More granular controls are added to the host, in addition to Web Intelligence tab settings.
- C . You can specify allowed ports in the Web server’s node-object properties. You then do not need to list all allowed ports in the Rule Base.
- D . IPS Web Intelligence is enabled to check on the host.
Which external user authentication protocols are supported in SSL VPN?
- A . LDAP, Active Directory, SecurID
- B . DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS
- C . LDAP, RADIUS, Active Directory, SecurID
- D . LDAP, RADIUS, TACACS, SecurID
Which of the following commands can be used to stop Management portal services?
- A . fw stopportal
- B . cpportalstop
- C . cpstop / portal
- D . smartportalstop
Which of the following manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server?
- A . Smart Dashboard Log Consolidator
- B . Security Management Server
- C . Smart Reporter Database
- D . Smart Reporter
What is a task of the Smart Event Correlation Unit?
- A . Add events to the events database.
- B . Look for patterns according to the installed Event Policy.
- C . Assign a severity level to an event
- D . Display the received events.
Based on the following information, which of the statements below is FALSE?
A DLP Rule Base has the following conditions:
Data Type =Password Protected File
Source=My Organization
Destination=Outside My Organization
Protocol=Any
Action=Ask User
Exception: Data Type=Any,
– Source=Research and Development (R&D)
– Destination=Pratner1.com
– Protocol=Any
All other rules are set to Detect. User Check is enabled and installed on all client machines.
- A . When a user from R&D sends an e-mail with a password protected PDF file as an attachment to xyz@partner1 .com, he will be prompted by User Check.
- B . When a user from Finance sends an e-mail with an encrypted ZIP file as an attachment to. He will be prompted by User Check.
- C . Another rule is added: Source = R&D, Destination = partner1.com, Protocol = Any, Action = Inform. When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to, he will be prompted by User Check.
- D . When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to , he will NOT be prompted by User Check.
You use the snapshot feature to store your Connecter SSL VPN configuration.
What do you expect to find?
- A . Nothing; snapshot is not supported in Connector SSL VPN.
- B . The management configuration of the current product, on a management or stand-alone machine
- C . A complete image of the local file system
- D . Specified directories of the local file system.
When running DLP Wizard for the first time, which of the following is a mandatory configuration?
- A . Mail Server
- B . E-mail Domain in My Organization
- C . DLP Portal URL
- D . Active Directory
When using Connecter with Endpoint Security Policies, what option is not available when configuring DAT enforcement?
- A . Maximum DAT file version
- B . Maximum DAT file age
- C . Minimum DAT file version
- D . Oldest DAT file timestamp
Which specific R76 GUI would you use to view the length of time a TCP connection was open?
- A . Smart Reporter
- B . Smart View Monitor
- C . Smart View Status
- D . Smart View Tracker
What is not available for Express Reports compared to Standard Reports?
- A . Filter
- B . Period
- C . Content
- D . Schedule
Based on the following information, which of the statements below is TRUE?
A DLP Rule Base has the following conditions:
– Data Type = Large file (> 500KB)
– Source = My Organization
– Destination = Free Web Mails
– Protocol = Any
– Action = Ask User
All other rules are set to Detect. User Check is enabled and installed on all client machines.
- A . When a user uploads a 600 KB file to his Yahoo account via Web Mail (via his browser), he will be prompted by User Check
- B . When a user sends an e-mail with a small body and 5 attachments, each of 200 KB to, he will be prompted by User Check.
- C . When a user sends an e-mail with an attachment larger than 500 KB to, he will be prompted by User Check.
- D . When a user sends an e-mail with an attachment larger than 500KB to, he will be prompted by User Check.
Which of the following statements is FALSE about the DLP Software Blade and Active Directory (AD) or LDAP?
- A . When a user authenticates in the DLP Portal to view all his unhandled incidents, the portal authenticates the user using only AD/LDAP.
- B . Check Point User Check client authentication is based on AD.
- C . For SMTP traffic, each recipient e-mail address is translated using AD/LDAP to a user name and group that is checked vs. the destination column of the DLP rule base.
- D . For SMTP traffic, the sender e-mail address is translated using AD/LDAP to a user name and group that is checked vs. the source column of the DLP rule base.
You are running R71 and using the new IPS Software Blade. To maintain the highest level of security, you are doing IPS updates regularly.
What kind of problems can be caused by the automatic updates?
- A . None; updates will not add any new security checks causing problematic behavior on the systems.
- B . None, all new updates will be implemented in Detect only mode to avoid unwanted traffic interruptions. They have to be activated manually later.
- C . None, all the checks will be activated from the beginning, but will only detect attacks and not disturb any non-malicious traffic in the network.
- D . All checks will be activated from the beginning and might cause unwanted traffic outage due to false positives of the new checks and non-RFC compliant self-written applications.
Which of the following deployment scenarios CANNOT be managed by Check Point QoS?
- A . Two lines connected to a single router, and the router is connected directly to the Gateway
- B . Two lines connected to separate routers, and each router is connected to separate interfaces on the Gateway
- C . One LAN line and one DMZ line connected to separate Gateway interfaces
- D . Two lines connected directly to the Gateway through a hub
Given the following protection detailed and the enforcing gateways list, is the Tool many DNS queries with the RD flag set protection enabled on the Gateway R76?
Please choose the answer with the correct justification.
- A . yes because it is set to prevent on the Default_Protrction, which R76 gateway has applied.
- B . No because the protection is only supported on IPS-1 Sensor
- C . No enough information to determine one way or other
- D . No, because the Too many DNS queries with the flag set protection is not a valid protection in R76
Which technology is responsible for assembling packet streams and passing ordered data to the protocol parsers in IPS?
- A . Pattern Matcher
- B . Content Management Infrastructure
- C . Accelerated INSPECT
- D . Packet Streaming Layer
You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps. and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties.
If traffic is passing through the QoS Module matches both rules, which of the following statements is TRUE?
- A . Each H.323 connection will receive at least 512 Kbps of bandwidth.
- B . The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
- C . 50% of available bandwidth will be allocated to the Default Rule.
- D . Neither rule will be allocated more than 10% of available bandwidth.
Which of the following is the default port for Management Portal?
- A . 4434
- B . 443
- C . 444
- D . 4433
How is Smart Workflow enabled?
- A . In Smart View Monitor, click on Smart Workflow / Enable Smart Workflow. The Enabling Smart Workflow wizard launches and prompts for Smart Workflow Operation Mode. Once a mode is selected, the wizard finishes.
- B . In Smart View Tracker, click on Smart Workflow / Enable Smart Workflow. The Enabling Smart Workflow wizard launches and prompts for Smart Workflow Operation Mode Once a mode is selected, the wizard finishes.
- C . In Smart Dashboard, click on Smart Workflow / Enable Smart Workflow The Enabling Smart Workflow wizard launches and prompts for Smart Workflow Operation Mode. Once a mode is selected, the wizard finishes.
- D . In Smart Event, click on Smart Workflow/ Enable Smart Workflow. The Enabling Smart Workflow wizard launches and prompts for Smart Workflow Operation Mode. Once a mode is selected, the wizard finishes.
What could the following regular expression be used for in a DLP rule?
$([0-9]*,[0-9] [0-9] [0-9]. [0-9] [0-9]
Select the best answer
- A . As a Data Type to prevent programmers from leaking code outside the company
- B . As a compound data type representation.
- C . As a Data Type to prevent employees from sending an email that contains a complete price-list of nine products.
- D . As a Data Type to prevent the Finance Department from leaking salary information to employees
Exhibit:
UserA is able to create a Smart LSM Security Cluster Profile, you must select the correct justification.
- A . False. The user must have at least Read permissions for the Smart LSM Gateways Database
- B . True Only Object Database Read/Write permissions are required to create Smart LSM Profiles
- C . False The user must have Read/Write permissions for the Smart LSM Gateways Database.
- D . Not enough information to determine. You must know the user’s Provisioning permissions to determine whether they are able to create a Smart LSM Security Cluster Profile
Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?
- A . Guarantees
- B . Weighted Fair Queuing
- C . Low Latency Queuing
- D . Differentiated Services