Q1. - (Topic 2)
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
A. Secure Internal Communications (SIC) not configured for the object.
B. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
C. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
D. Anti-spoofing not configured on the interfaces on the Gateway object.
Answer: C
Q2. - (Topic 3)
When using an encryption algorithm, which is generally considered the best encryption method?
A. DES
B. CAST cipher
C. AES-256
D. Triple DES
Answer: C
Q3. - (Topic 1)
Which of the following commands can provide the most complete restoration of a R77 configuration?
A. cpinfo -recover
B. fwm dbimport -p <export file>
C. upgrade_import
D. cpconfig
Answer: C
Q4. - (Topic 2)
You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.
The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?
A. There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.
B. Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.
C. Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.
D. Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.
Answer: B
Q5. - (Topic 3)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. John should install the Identity Awareness Agent
C. Investigate this as a network connectivity issue
D. The access should be changed to authenticate the user instead of the PC
Answer: D
Q6. - (Topic 2)
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
A. The POP3 rule is disabled.
B. The POP3 rule is hidden.
C. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.
D. POP3 is accepted in Global Properties.
Answer: B
Q7. - (Topic 1)
Which command displays the installed Security Gateway version?
A. fw ver
B. fw stat
C. fw printver
D. cpstat -gw
Answer: A
Q8. - (Topic 2)
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.
What is TRUE about the new package's NAT rules?
A. NAT rules will be empty in the new package.
B. Rules 4 and 5 will appear in the new package.
C. Rules 1, 2, 3 will appear in the new package.
D. Only rule 1 will appear in the new package.
Answer: C
Q9. - (Topic 3)
Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the Community center, and its branches as satellites. The mesh Community includes only New York and London Gateways.
B. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
C. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the mesh center Gateways option checked; all London branch offices defined in one satellite window, but, all New York branch offices defined in another satellite window.
D. Two mesh and one star Community: One mesh Community is set up for each of the headquarters and its branch offices. The star Community is configured with London as the center of the Community and New York is the satellite.
Answer: A
Q10. - (Topic 3)
What is the purpose of an Identity Agent?
A. Manual entry of user credentials for LDAP authentication
B. Audit a user's access, and send that data to a log server
C. Disable Single Sign On
D. Provide user and machine identity to a gateway
Answer: D