Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
Which component functions as the Internal Certificate Authority for R77?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM
Answer: B
69. - (Topic 1)
Which command allows you to view the contents of an R77 table?
A. fw tab -s <tablename>
B. fw tab -t <tablename>
C. fw tab -x <tablename>
D. fw tab -a <tablename>
Q2. - (Topic 1)
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
A. fw delete all.all@localhost
B. fw unload policy
C. fwm unloadlocal
D. fw unloadlocal
Answer: D
Q3. - (Topic 3)
Which utility allows you to configure the DHCP service on GAiA from the command line?
A. ifconfig
B. sysconfig
C. cpconfig
D. dhcp_cfg
Answer: B
Q4. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
A. SmartUpdate wizard walks the Administrator through a distributed installation.
B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
C. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
D. selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
Answer: C
Q5. - (Topic 1)
The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka.
Which of the following lists the BEST sequence of steps to troubleshoot this issue?
A. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo, verify management connectivity and Rule Base. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic.
B. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machine. Then, test for firewall rules that deny management access to the target. If successful, verify that pcosaka is a valid client IP address.
C. Check for matching OS and product versions of the Security Management Server and the client. Then, ping the Gateways to verify connectivity. If successful, scan the log files for any denied management packets.
D. Check the allowed clients and users on the Security Management Server. If pcosaka and your user account are valid, check for network problems. If there are no network related issues, this is likely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful, open a case with Technical Support.
Answer: B
Q6. - (Topic 2)
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
A. Allow bi-directional NAT is not checked in Global Properties.
B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.
C. Manual NAT rules are not configured correctly.
D. Routing is not configured correctly.
Answer: B
Q7. - (Topic 3)
The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?
A. Leveraging identity for Data Center protection
B. Protecting highly sensitive servers
C. When accuracy in detecting identity is crucial
D. Identity based enforcement for non-AD users (non-Windows and guest users)
Answer: D
Q8. - (Topic 2)
You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
-Allow bi-directional NAT
-Translate destination on client side
Do the above settings limit the partner's access?
A. No. The first setting is not applicable. The second setting will reduce performance.
B. Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
C. Yes. Both of these settings are only applicable to automatic NAT rules.
D. No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.
Answer: D
Q9. - (Topic 1)
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.
Answer: C
Q10. - (Topic 2)
What is the purpose of a Stealth Rule?
A. To permit implied rules.
B. To drop all traffic to the management server that is not explicitly permitted.
C. To prevent users from connecting directly to the gateway.
D. To permit management traffic.
Answer: C
Q11. - (Topic 3)
Captive Portal is a __________ that allows the gateway to request login information from the user.
A. LDAP server add-on
B. Transparent network inspection tool
C. Separately licensed feature
D. Pre-configured and customizable web-based tool
Answer: D
Q12. - (Topic 1)
How can you activate the SNMP daemon on a Check Point Security Management Server?
A. Using the command line, enter snmp_install.
B. Any of these options will work.
C. In SmartDashboard, right-click a Check Point object and select Activate SNMP.
D. From cpconfig, select SNMP extension.
Answer: D
Q13. - (Topic 1)
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. cpconfig
B. ifconfig
C. dhcp_cfg
D. sysconfig
Answer: D
Q14. - (Topic 1)
The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?
A. Check if some intermediate network device has a wrong routing table entry, VLAN
assignment, duplex-mismatch, or trunk issue.
B. Verify that the Rule Base explicitly allows management connections.
C. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client.
D. Verify the SIC initialization.
Answer: B
Q15. - (Topic 3)
Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the Community center, and its branches as satellites. The mesh Community includes only New York and London Gateways.
B. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
C. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the mesh center Gateways option checked; all London branch offices defined in one satellite window, but, all New York branch offices defined in another satellite window.
D. Two mesh and one star Community: One mesh Community is set up for each of the headquarters and its branch offices. The star Community is configured with London as the center of the Community and New York is the satellite.
Answer: A