Q1. - (Topic 1)
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
A. 2, 1, 3, 4, 5
B. 2, 3, 4, 5, 1
C. 1, 3, 2, 4, 5
D. 2, 3, 4, 1, 5
Answer: A
Q2. - (Topic 3)
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
A. Track
B. User
C. Destination
D. Action
Answer: C
Q3. - (Topic 3)
In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic.
Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect to a server on the Internet?
A. Eric will be blocked because LDAP is not allowed in the Rule Base.
B. Eric will be authenticated and get access to the requested server.
C. Eric will be dropped by the Stealth Rule.
D. None of these things will happen.
Answer: C
Q4. - (Topic 1)
The customer has a small Check Point installation, which includes one SecurePlatform server working as the SmartConsole, and a second server running Windows 2008 as both Security Management Server and Security Gateway. This is an example of a(n):
A. Distributed Installation
B. Stand-Alone Installation
C. Hybrid Installation
D. Unsupported configuration
Answer: D
Q5. - (Topic 3)
How granular may an administrator filter an Access Role with identity awareness?
A. Windows Domain
B. AD User
C. Radius Group
D. Specific ICA Certificate
Answer: B
Q6. - (Topic 3)
Which authentication type permits five different sign-on methods in the authentication properties window?
A. Manual Authentication
B. Client Authentication
C. Session Authentication
D. User Authentication
Answer: B
Q7. - (Topic 3)
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains C. Connectivity between the R77 Gateway and LDAP server
D. Secure Internal Communications (SIC)
Answer: C
Q8. - (Topic 3)
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
A. She needs to edit /etc/scpusers and add the Standard Mode account.
B. She needs to run sysconfig and restart the SSH process.
C. She needs to run cpconfig to enable the ability to SCP files.
D. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
Answer: A
Q9. - (Topic 3)
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
B. If the user credentials do not match an Access Role, the system displays the Captive Portal.
C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
D. If the user credentials do not match an Access Role, the system displays a sandbox.
Answer: A
Q10. - (Topic 1)
What are you required to do before running the command upgrade_export?
A. Run a cpstop on the Security Management Server.
B. Run a cpstop on the Security Gateway.
C. Close all GUI clients.
D. Run cpconfig and set yourself up as a GUI client.
Answer: C