Q1. - (Topic 1)
Which command enables IP forwarding on IPSO?
A. echo 1 > /proc/sys/net/ipv4/ip_forward
B. ipsofwd on admin
C. echo 0 > /proc/sys/net/ipv4/ip_forward
D. clish -c set routing active enable
Answer: B
Q2. - (Topic 1)
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.
B. Log in as the default user expert and start cpinfo.
C. No action is needed because cpshell has a timeout of one hour by default.
D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.
Answer: A
Q3. - (Topic 3)
In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
A. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
B. Use the command fwm logexport to export the old log files to another location.
C. Configure a script to run fw logswitch and SCP the output file to a separate file server.
D. Do nothing. Old logs are deleted, until free space is restored.
Answer: C
Q4. - (Topic 2)
By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:
A. Purges the current log file, and prompts you for the new log's mode.
B. Purges the current log file, and starts a new log file.
C. Saves the current log file, names the log file by date and time, and starts a new log file.
D. Prompts you to enter a filename, and then saves the log file.
Answer: C
Q5. - (Topic 1)
You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in Expert Mode to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
A. eth_set
B. mii_tool
C. ifconfig -a
D. ethtool
Answer: A
Q6. - (Topic 1)
The Security Gateway is installed on SecurePlatform R77. The default port for the Web User Interface is ____________.
A. TCP 443
B. TCP 4433
C. TCP 18211
D. TCP 257
Answer: A
Topic 2, Volume B
Q7. - (Topic 1)
Which of the following describes the default behavior of an R77 Security Gateway?
A. Traffic is filtered using controlled port scanning.
B. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.
C. All traffic is expressly permitted via explicit rules.
D. Traffic not explicitly permitted is dropped.
Answer: D
Q8. - (Topic 1)
You are running a R77 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?
A. manual backup
B. snapshot
C. upgrade_export
D. backup
Answer: B
Q9. - (Topic 3)
Where do you verify that SmartDirectory is enabled?
A. Verify that Global Properties > SmartDirectory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked
B. Verify that Global Properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
C. Verify that Security Gateway > General Properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
D. Verify that Security Gateway > General Properties > SmartDirectory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked
Answer: A
Q10. - (Topic 3)
A Cleanup rule:
A. logs connections that would otherwise be dropped without logging by default.
B. drops packets without logging connections that would otherwise be dropped and logged by default.
C. logs connections that would otherwise be accepted without logging by default.
D. drops packets without logging connections that would otherwise be accepted and logged by default.
Answer: A
Q11. - (Topic 3)
Identify the ports to which the Client Authentication daemon listens by default.
A. 80, 256
B. 8080, 529
C. 259, 900
D. 256, 600
Answer: C
Q12. - (Topic 2)
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
A. Database Revision Control
B. Manual copies of the directory $FWDIR/conf
C. upgrade_export command
D. SecurePlatform backup utilities
Answer: A
Q13. - (Topic 3)
Which of the following is NOT defined by an Access Role object?
A. Source Network
B. Source User
C. Source Machine
D. Source Server
Answer: D
Q14. - (Topic 3)
Central license management allows a Security Administrator to perform which of the following functions?
1.
Check for expired licenses.
2.
Sort licenses and view license properties.
3.
Attach both R77 Central and Local licesnes to a remote module.
4.
Delete both R77 Local Licenses and Central licenses from a remote module.
5.
Add or remove a license to or from the license repository.
6.
Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).
A. 1, 2, 3, 4, & 5
B. 2, 3, 4, & 5
C. 2, 5, & 6
D. 1, 2, 5, & 6
Answer: A
Q15. - (Topic 3)
When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?
A. (6) Delete all IPsec SAs for a given User (Client)
B. (7) Delete all IPsec+IKE SAs for a given peer (GW)
C. (8) Delete all IPsec+IKE SAs for a given User (Client)
D. (5) Delete all IPsec SAs for a given peer (GW)
Answer: B