Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
Study the Rule base and Client Authentication Action properties screen -
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. FTP connection is dropped by Rule 2.
B. user is prompted from that FTP site only, and does not need to enter his username and password for Client Authentication.
C. user is prompted for authentication by the Security Gateway again.
D. FTP data connection is dropped after the user is authenticated successfully.
Answer: B
Q2. - (Topic 3)
Which rule is responsible for the client authentication failure? Exhibit:
A. Rule 4
B. Rule 6
C. Rule 3
D. Rule 5
Answer: A
Q3. - (Topic 2)
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?
A. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.
B. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
C. If you chose Automatic NAT instead, all necessary entries are done for you.
D. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
Answer: A
Q4. - (Topic 3)
With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?
A. Allow traffic outside the encrypted domain
B. Allow your users to turn off SecureClient
C. Allow for unencrypted traffic
D. Enable Hot Spot/Hotel Registration
Answer: D
Q5. - (Topic 2)
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
A. A static route for the NAT IP must be added to the Gateway's upstream router.
B. Automatic ARP must be unchecked in the Global Properties.
C. Nothing else must be configured.
D. A static route must be added on the Security Gateway to the internal host.
Answer: D
Q6. - (Topic 2)
A Security Policy has several database versions. What configuration remains the same no matter which version is used?
A. Objects_5_0.C
B. fwauth.NDB
C. Rule Bases_5_0.fws
D. Internal Certificate Authority (ICA) certificate
Answer: D
Q7. - (Topic 3)
An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.
A. client side NAT
B. source NAT
C. destination NAT
D. None of these
Answer: B
Q8. - (Topic 3)
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
Answer: B
Q9. - (Topic 3)
The Captive Portal tool:
A. Allows access to users already identified.
B. Acquires identities from unidentified users.
C. Is deployed from the Identity Awareness page in the Global Properties settings.
D. Is only used for guest user authentication.
Answer: B
Q10. - (Topic 3)
An advantage of using central instead of local licensing is:
A. The license must be renewed when changing the IP address of a Security Gateway. Each module's license has a unique IP address.
B. A license can be taken from one Security Management Server and given to another Security Management Server.
C. Licenses are automatically attached to their respective Security Gateways.
D. Only one IP address is used for all licenses.
Answer: D
Q11. - (Topic 1)
You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
A. GAiA back up utilities
B. upgrade_export and upgrade_import commands
C. Database Revision Control
D. Manual copies of the directory $FWDIR/conf
Answer: A
Q12. - (Topic 3)
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
A. TACACS
B. Check Point Password
C. Windows password
D. LDAP
Answer: D
Q13. - (Topic 1)
Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.
A. Check Point GAiA and SecurePlatform, and Microsoft Windows
B. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
C. Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
D. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
Answer: A
Q14. - (Topic 3)
You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error:
Could not save <query-name> (Error: Database is Read Only)
Which of the following is a likely explanation for this?
A. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally.
B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization.
C. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.
D. You have read-only rights to the Security Management Server database.
Answer: D
Q15. - (Topic 2)
Where can an administrator configure the notification action in the event of a policy install time change?
A. SmartDashboard > Policy Package Manager
B. SmartView Monitor > Gateway Status > System Information > Thresholds
C. SmartDashboard > Security Gateway Object > Advanced Properties Tab
D. SmartView Monitor > Gateways > Thresholds Settings
Answer: B