Q1. - (Topic 3)
When using vpn tu, which option must you choose if you want to rebuild your VPN for a
specific IP (gateway)? Exhibit:
A. (6) Delete all IPsec SAs for a given User (Client)
B. (5) Delete all IPsec SAs for a given peer (GW)
C. (8) Delete all IPsec+IKE SAs for a given User (Client)
D. Delete all IPsec+IKE SAs for a given peer (GW)
Answer: D
Q2. - (Topic 1)
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
A. SmartLSM and SmartUpdate
B. SmartView Tracker and SmartView Monitor
C. SmartView Monitor and SmartUpdate
D. SmartDashboard and SmartView Tracker
Answer: D
Q3. - (Topic 3)
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Create a Suspicious Activity Rule in SmartView Monitor.
B. Select Block intruder from the Tools menu in SmartView Tracker.
C. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
D. Add a temporary rule using SmartDashboard and select hide rule.
Answer: A
Q4. - (Topic 1)
Tom has been tasked to install Check Point R77 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does not include a SmartConsole machine in his calculations?
A. Three machines
B. One machine
C. One machine, but it needs to be installed using SecurePlatform for compatibility purposes
D. Two machines
Answer: D
Q5. - (Topic 3)
A Cleanup rule:
A. logs connections that would otherwise be dropped without logging by default.
B. drops packets without logging connections that would otherwise be dropped and logged by default.
C. logs connections that would otherwise be accepted without logging by default.
D. drops packets without logging connections that would otherwise be accepted and logged by default.
Answer: A
Q6. - (Topic 3)
Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?
A. Agent Automatic Sign On
B. Partially Automatic Sign On
C. Standard Sign On
D. Manual Sign On
Answer: B
Q7. - (Topic 1)
Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?
A. fw stat
B. fw ctl pstat
C. fw ver
D. cpstat fwd
Answer: A
Q8. - (Topic 2)
All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:
A. Exclusion of specific services for reporting purposes.
B. Specific traffic that facilitates functionality, such as logging, management, and key exchange.
C. Acceptance of IKE and RDP traffic for communication and encryption purposes.
D. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
Answer: A
Q9. - (Topic 3)
Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.
B. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.
C. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.
Answer: B
Q10. - (Topic 1)
Your primary Security Gateway runs on SecurePlatform. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?
A. Using the native SecurePlatform backup utility from command line or in the Web based user interface.
B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
C. Using the command upgrade_export.
D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
Answer: A