Q1. - (Topic 3)
Which of the following actions do NOT take place in IKE Phase 1?
A. Each side generates a session key from its private key and the peer's public key.
B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
C. Peers agree on integrity method.
D. Peers agree on encryption method.
Answer: B
Q2. - (Topic 1)
John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
"Trust established"
SIC still does not seem to work because the policy won't install and interface fetching does not work. What might be a reason for this?
A. It always works when the trust is established
B. This must be a human error.
C. SIC does not function over the network.
D. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.
Answer: D
Q3. - (Topic 2)
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
A. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
Answer: D
Q4. - (Topic 1)
You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
A. GAiA back up utilities
B. upgrade_export and upgrade_import commands
C. Database Revision Control
D. Manual copies of the directory $FWDIR/conf
Answer: A
Q5. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
D. selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
Answer: C
Q6. - (Topic 3)
Can you use Captive Portal with HTTPS?
A. No, it only works with FTP
B. Yes
C. No, it only works with FTP and HTTP
D. No, it only works with HTTP
Answer: B
Q7. - (Topic 2)
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.
What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?
A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
B. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
C. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ's interface.
Answer: C
Q8. - (Topic 1)
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
B. Log in as the default user expert and start cpinfo.
C. No action is needed because cpshell has a timeout of one hour by default.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.
Answer: A
Q9. - (Topic 3)
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
A. Users must use the SecuRemote Client, to use the User Authentication Rule.
B. You checked the cache password on desktop option in Global Properties.
C. Another rule that accepts HTTP without authentication exists in the Rule Base.
D. You have forgotten to place the User Authentication Rule before the Stealth Rule.
Answer: C
Q10. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate via LDAP?
A. Windows logon password
B. Active Directory Server object
C. WMI object
D. Check Point Password
Answer: B