Q1. - (Topic 1)
Which component functions as the Internal Certificate Authority for R77?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM
Answer: B
69. - (Topic 1)
Which command allows you to view the contents of an R77 table?
A. fw tab -s <tablename>
B. fw tab -t <tablename>
C. fw tab -x <tablename>
D. fw tab -a <tablename>
Q2. - (Topic 2)
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
A. All connections are reset, so a policy install is recommended during announced downtime only.
B. Users being authenticated by Client Authentication have to re-authenticate.
C. Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
D. All FTP downloads are reset; users have to start their downloads again.
Answer: B
Topic 3, Volume C
Q3. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?
A. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
B. Type fwm lock_admin -u <account name> from the Security Management Server command line.
C. Type fwm unlock_admin -u from the Security Gateway command line.
D. Type fwm unlock_admin from the Security Management Server command line.
Answer: B
Q4. - (Topic 3)
Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?
A. Access Role
B. Access Rule
C. Access Policy
D. Access Certificate
Answer: A
374. - (Topic 3)
In which Rule Base can you implement a configured Access Role?
A. DLP
B. Mobile Access
C. Firewall
D. IPS
Q5. - (Topic 3)
What happens when you run the commanD. fw sam -J src [Source IP Address]?
A. Connections to and from the specified target are blocked without the need to change the Security Policy.
B. Connections to and from the specified target are blocked with the need to change the Security Policy.
C. Connections from the specified source are blocked without the need to change the Security Policy.
D. Connections to the specified target are blocked without the need to change the Security Policy.
Answer: C
Q6. - (Topic 1)
What is the officially accepted diagnostic tool for IP Appliance Support?
A. ipsoinfo
B. cpinfo C. uag-diag
D. CST
Answer: D
Q7. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
A. Check Point Password
B. WMI object
C. Domain Admin username
D. Windows logon password
Answer: A
Q8. - (Topic 2)
Which statement below describes the most correct strategy for implementing a Rule Base?
A. Place a network-traffic rule above the administrator access rule.
B. Limit grouping to rules regarding specific access.
C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.
D. Add the Stealth Rule before the last rule.
Answer: C
Q9. - (Topic 3)
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?
A. Allow traffic outside the encrypted domain
B. Allow your users to turn off SecureClient
C. Allow for unencrypted traffic
D. Enable Hot Spot/Hotel Registration
Answer: D
Q10. - (Topic 3)
Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
A. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.
B. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.
C. Two star communities and one mesh: A star community for each city with headquarters as center, and branches as satellites. Then one mesh community for the two headquarters.
D. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the “mesh center Gateways? option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.
Answer: C