Q1. - (Topic 1)
The Security Gateway is installed on SecurePlatform R77. The default port for the Web User Interface is ____________.
A. TCP 443
B. TCP 4433
C. TCP 18211
D. TCP 257
Answer: A
Topic 2, Volume B
Q2. - (Topic 2)
You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
A. After Stealth Rule
B. First
C. Before Last
D. Last
Answer: D
Q3. - (Topic 3)
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package’s NAT rules?
Exhibit:
A. Rules 1, 2, 3 will appear in the new package.
B. Only rule 1 will appear in the new package.
C. NAT rules will be empty in the new package.
D. Rules 4 and 5 will appear in the new package.
Answer: A
Q4. - (Topic 2)
Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?
A. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
B. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
C. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.
D. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
Answer: C
Q5. - (Topic 3)
The Captive Portal tool:
A. Allows access to users already identified.
B. Acquires identities from unidentified users.
C. Is deployed from the Identity Awareness page in the Global Properties settings.
D. Is only used for guest user authentication.
Answer: B
Q6. - (Topic 3)
If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?
A. The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
B. GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.
C. The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>.
D. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>.
Answer: B
Q7. - (Topic 3)
Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
A. Three star Communities: The first one is between New York headquarters and its branches. The second star Community is between London headquarters and its branches. The third star Community is between New York and London headquarters but it is irrelevant which site is "center" and which "satellite".
B. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways" option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.
C. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.
D. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.
Answer: A
Q8. - (Topic 1)
The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. This is an example of a(n):
A. Stand-Alone Installation
B. Distributed Installation
C. Unsupported configuration
D. Hybrid Installation
Answer: A
Q9. - (Topic 2)
Which of these Security Policy changes optimize Security Gateway performance?
A. Use Automatic NAT rules instead of Manual NAT rules whenever possible.
B. Using domain objects in rules when possible.
C. Using groups within groups in the manual NAT Rule Base.
D. Putting the least-used rule at the top of the Rule Base.
Answer: A
Q10. - (Topic 3)
You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway
object's Remote Access properties and install policy; but SecureClient refuses to connect. What is the cause of this?
A. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
B. Office mode is not configured.
C. You need to start SSL Network Extender first, then use Visitor Mode.
D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.
Answer: D