Q1. - (Topic 3)
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
Ms. McHanry tries to access the resource but is unable. What should she do?
A. Have the security administrator select the Action field of the Firewall Rule "Redirect HTTP connections to an authentication (captive) portal"
B. Install the Identity Awareness agent on her iPad
C. Have the security administrator reboot the firewall
D. Have the security administrator select Any for the Machines tab in the appropriate Access Role
Answer: A
Q2. - (Topic 1)
You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.)
1.
Adding a hot-swappable NIC to the Operating System for the first time.
2.
Uninstalling the R75 Power/UTM package.
3.
Installing the R75 Power/UTM package.
4.
Re-establishing SIC to the Security Management Server.
5.
Doubling the maximum number of connections accepted by the Security Gateway.
A. 2, 3 only
B. 3 only
C. 3, 4, and 5 only
D. 1, 2, 3, 4, and 5
Answer: A
Q3. - (Topic 2)
A Cleanup rule.
A. drops packets without logging connections that would otherwise be dropped and logged by default.
B. logs connections that would otherwise be accepted without logging by default.
C. drops packets without logging connections that would otherwise be accepted and logged by default.
D. logs connections that would otherwise be dropped without logging by default.
Answer: D
Q4. - (Topic 1)
You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
A. upgrade_export
B. snapshot
C. backup
D. database revision
Answer: C
Q5. - (Topic 3)
You start to use SmartView Monitor to analyze the packet size distribution of your traffic.
Unfortunately, you get the message:
"There are no machines that contain Firewall Blade and SmartView Monitor."
What should you do to analyze the packet size distribution of your traffic? Give the BEST
answer.
A. Enable Monitoring on your Security Management Server.
B. Enable Monitoring on your Security Gateway.
C. Purchase the SmartView Monitor license for your Security Gateway.
D. Purchase the SmartView Monitor license for your Security Management Server.
Answer: B
Q6. - (Topic 3)
True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.
A. True, by right-clicking on the Gateway and selecting Configure Thresholds.
B. True, by choosing the Gateway and selecting System Information.
C. False, an alert cannot be created for a specified Gateway.
D. False, alerts can only be set in SmartDashboard Global Properties.
Answer: A
Q7. - (Topic 3)
The R77 fw monitor utility is used to troubleshoot which of the following problems?
A. User data base corruption
B. Traffic issues
C. Phase two key negotiation
D. Log Consolidation Engine
Answer: B
Q8. - (Topic 1)
Which of the following options is available with the SecurePlatform cpconfig utility?
A. Time & Date
B. GUI Clients
C. DHCP Server configuration
D. Export setup
Answer: B
Q9. - (Topic 1)
The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):
A. Stand-Alone Installation.
B. Distributed Installation.
C. Hybrid Installation.
D. Unsupported configuration.
Answer: B
Q10. - (Topic 3)
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
Answer: B