Q1. - (Topic 3)
Which do you configure to give remote access VPN users a local IP address?
A. Office mode IP pool
B. Encryption domain pool
C. NAT pool
D. Authentication pool
Answer: A
Q2. - (Topic 1)
When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?
A. Firewall logging and ICA key-exchange information
B. RIP traffic
C. Outgoing traffic originating from the Security Gateway
D. SmartUpdate connections
Answer: B
Q3. - (Topic 3)
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
A. 256
B. 514
C. 258
D. 257
Answer: D
Q4. - (Topic 3)
A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
A. SmartView Tracker
B. This information can only be viewed with the command fw ctl pstat from the CLI.
C. SmartView Monitor
D. Eventia Analyzer
Answer: C
Q5. - (Topic 3)
How many packets does the IKE exchange use for Phase 1 Aggressive Mode?
A. 1
B. 12
C. 6
D. 3
Answer: D
Q6. - (Topic 1)
Certificates for Security Gateways are created during a simple initialization from _____________.
A. The ICA management tool
B. SmartUpdate
C. sysconfig
D. SmartDashboard
Answer: D
Q7. - (Topic 2)
You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
A. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
B. No extra configuration is needed.
C. The NAT IP address must be added to the external Gateway interface anti-spoofing group.
D. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.
Answer: D
Q8. - (Topic 2)
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. Install the View Implicit Rules package using SmartUpdate.
B. Define two log servers on the R77 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
D. Check the Log Implied Rules Globally box on the R77 Gateway object.
Answer: C
Q9. - (Topic 2)
What information is found in the SmartView Tracker Management log?
A. Destination IP address
B. Most accessed Rule Base rule
C. Policy rule modification date/time stamp
D. Historical reports log
Answer: C
Q10. - (Topic 3)
Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?
A. Translates many destination IP addresses into one destination IP address
B. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
C. Translates many source IP addresses into one source IP address
D. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
Answer: C