Q1. - (Topic 2)
One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
A. There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.
B. The time on the Security Management Server's clock has changed, which invalidates the remote Gateway's Certificate.
C. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
D. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
Answer: A
152. - (Topic 2)
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database, and then create the new user and user group.
B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
C. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
D. Restore the entire database, except the user database.
Q2. - (Topic 1)
When launching SmartDashboard, what information is required to log into R77?
A. User Name, Management Server IP, certificate fingerprint file
B. User Name, Password, Management Server IP
C. Password, Management Server IP
D. Password, Management Server IP, LDAP Server IP
Answer: B
Q3. - (Topic 3)
When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?
A. Leveraging identity in the application control blade
B. Identity-based enforcement for non-AD users (non-Windows and guest users)
C. Identity-based auditing and logging
D. Basic identity enforcement in the internal network
Answer: B
Q4. - (Topic 3)
Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
A. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
B. Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.
C. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
Answer: B
Q5. - (Topic 3)
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Answer: A
Q6. - (Topic 3)
How do you configure an alert in SmartView Monitor?
A. By right-clicking on the Gateway, and selecting Properties.
B. By choosing the Gateway, and Configure Thresholds.
C. An alert cannot be configured in SmartView Monitor.
D. By right-clicking on the Gateway, and selecting System Information.
Answer: B
Q7. - (Topic 3)
An advantage of using central instead of local licensing is:
A. The license must be renewed when changing the IP address of a Security Gateway. Each module's license has a unique IP address.
B. A license can be taken from one Security Management Server and given to another Security Management Server.
C. Licenses are automatically attached to their respective Security Gateways.
D. Only one IP address is used for all licenses.
Answer: D
Q8. - (Topic 3)
Which authentication type requires specifying a contact agent in the Rule Base?
A. Session Authentication
B. User Authentication
C. Client Authentication with Partially Automatic Sign On
D. Client Authentication with Manual Sign On
Answer: A
Q9. - (Topic 2)
The fw monitor utility is used to troubleshoot which of the following problems?
A. Address translation
B. Log Consolidation Engine
C. User data base corruption D. Phase two key negotiation
Answer: A
Q10. - (Topic 1)
You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:
A. Default filter.
B. Last policy that was installed.
C. Standard policy.
D. Initial policy.
Answer: D