Q1. - (Topic 3)
Match the following commands to their correct function. Each command has one function only listed.
Exhibit:
A. C1>F6; C2>F4; C3>F2; C4>F5
B. C1>F2; C2>F1; C3>F6; C4>F4
C. C1>F2; C2>F4; C3>F1; C4>F5
D. C1>F4; C2>F6; C3>F3; C4>F2
Answer: A
Q2. - (Topic 2)
Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?
A. Display Capture Action
B. This is not a SmartView Tracker feature.
C. Display Payload View
D. Network and Endpoint Tab
Answer: B
Q3. - (Topic 2)
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Translate destination on client-side
B. Enable IP Pool NAT
C. Allow bi-directional NAT
D. Automatic ARP configuration
Answer: A
Q4. - (Topic 3)
The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and the Security Gateway. This is an example of a(n):
A. Distributed Installation
B. Unsupported configuration
C. Hybrid Installation
D. Stand-Alone Installation
Answer: D
Q5. - (Topic 2)
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
A. VLAN tagging cannot be defined for any hosts protected by the Gateway.
B. The Security Gateway's ARP file must be modified.
C. It is not necessary to add a static route to the Gateway's routing table.
D. It is necessary to add a static route to the Gateway's routing table.
Answer: C
Q6. - (Topic 3)
How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
A. By retrieving LDAP user information using the command fw fetchldap.
B. By installing a Security Policy.
C. By using the Clear User Cache button in SmartDashboard.
D. Usernames and passwords only clear from memory after they time out.
Answer: B
Q7. - (Topic 3)
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
A. Bridge
B. High Availability
C. Load Sharing
D. Fail Open
Answer: A
Q8. - (Topic 1)
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
A. fw delete all.all@localhost
B. fw unload policy
C. fwm unloadlocal
D. fw unloadlocal
Answer: D
Q9. - (Topic 1)
You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?
A. The new Gateway's temporary license has expired.
B. The object was created with Node > Gateway.
C. The Gateway object is not specified in the first policy rule column Install On.
D. No Masters file is created for the new Gateway.
Answer: B
Q10. - (Topic 2)
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. A static route for the NAT IP must be added to the Gateway's upstream router.
B. Automatic ARP must be unchecked in the Global Properties.
C. Nothing else must be configured.
D. A static route must be added on the Security Gateway to the internal host.
Answer: D