Q1. - (Topic 1)
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. ipsofwd on admin
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. clish -c set routing active enable
Answer: B
Q2. - (Topic 3)
If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?
A. 9
B. 6
C. 3
D. 2
Answer: B
Q3. - (Topic 2)
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
A. Hide Address Translation
B. Static Destination Address Translation
C. Port Address Translation
D. Dynamic Source Address Translation
Answer: B
Q4. - (Topic 3)
You have a diskless appliance platform. How do you keep swap file wear to a minimum?
A. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
B. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
C. Use PRAM flash devices, eliminating the longevity.
D. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
Answer: D
Q5. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:
A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
B. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
C. SmartUpdate wizard walks the Administrator through a distributed installation.
D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
Answer: D
Q6. - (Topic 2)
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
C. Manual NAT rules are not configured correctly.
D. Routing is not configured correctly.
Answer: B
Q7. - (Topic 3)
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen….
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
Answer: D
Q8. - (Topic 1)
Which rule position in the Rule Base should hold the Cleanup Rule? Why?
A. Last. It explicitly drops otherwise accepted traffic.
B. First. It explicitly accepts otherwise dropped traffic.
C. Last. It serves a logging function before the implicit drop.
D. Before last followed by the Stealth Rule.
Answer: C
Q9. - (Topic 2)
You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?
1) Upgrade_export and upgrade_import utilities
2) Database revision control
3) SecurePlatform backup utilities
4) Policy package management
5) Manual copies of the $CPDIR/conf directory
A. 2, 4, and 5
B. 1, 3, and 4
C. 1, 2, and 3
D. 1, 2, 3, 4, and 5
Answer: C
Q10. - (Topic 1)
What is the syntax for uninstalling a package using newpkg?
A. -u <pathname of package>
B. newpkg CANNOT be used to uninstall a package
C. -i <full pathname of package>
D. -S <pathname of package>
Answer: B