Q1. - (Topic 1)
When Jon first installed his new security system, he forgot to configure DNS servers on his Security Gateway. How could Jon configure DNS servers now that his Security Gateway is in production?
A. Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces > Domain Name Servers.
B. Login to the firewall using SSH and run cpconfig, then select Domain Name Servers.
C. Login to the firewall using SSH and run fwm, then select System Configuration > Domain Name Servers.
D. Login to the firewall using SSH and run sysconfig, then select Domain Name Servers.
Answer: D
Q2. - (Topic 3)
What happens if you select Web Server in the dialog box?
A. An implied rule will be added allowing HTTP request from and to the host.
B. Anti-virus settings will be applied to the host.
C. An implied rule will be added allowing HTTP requests to the host.
D. Web Intelligence will be applied to the host.
Answer: D
Q3. - (Topic 2)
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
A. Object creation, deletion, and editing
B. Rule Base changes
C. Administrator login and logout
D. Tracking SLA compliance
Answer: D
Q4. - (Topic 1)
Which of the following describes the default behavior of an R77 Security Gateway?
A. Traffic is filtered using controlled port scanning.
B. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.
C. All traffic is expressly permitted via explicit rules.
D. Traffic not explicitly permitted is dropped.
Answer: D
Q5. - (Topic 3)
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
A. RLOGIN
B. HTTP
C. SMTP
D. FTP
Answer: C
Q6. - (Topic 1)
An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
B. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway's topology.
C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
D. You first need to run the command fw unloadlocal on the R75 Security Gateway appliance in order to remove the restrictive default policy.
Answer: B
Q7. - (Topic 3)
What statement is true regarding Visitor Mode?
A. All VPN traffic is tunneled through UDP port 4500.
B. VPN authentication and encrypted traffic are tunneled through port TCP 443.
C. Only ESP traffic is tunneled through port TCP 443.
D. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
Answer: B
Q8. - (Topic 3)
Which set of objects have an Authentication tab?
A. Users, User Groups
B. Networks, Hosts
C. Users, Networks
D. Templates, Users
Answer: D
Q9. - (Topic 1)
Message digests use which of the following?
A. SHA-1 and MD5
B. IDEA and RC4
C. SSL and MD4
D. DES and RC4
Answer: A
Q10. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
A. WMI object
B. Check Point Password
C. Domain Admin username
D. Windows logon password
Answer: C