Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
D. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
Answer: B
Q2. - (Topic 3)
How granular may an administrator filter an Access Role with identity awareness?
A. Windows Domain
B. AD User
C. Radius Group
D. Specific ICA Certificate
Answer: B
Q3. - (Topic 1)
Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired ObjectivE. The R77 components that enforce the Security Policies should be backed up at least once a week.
Desired ObjectivE. Back up R77 logs at least once a week.
Your disaster recovery plan is as follows:
-Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
-
Configure the organization's routine back up software to back up the files created by the command upgrade_export.
-
Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
-Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
-
Configure an automatic, nightly logswitch.
-
Configure the organization's routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
A. Meets the required objective and only one desired objective.
B. Meets the required objective but does not meet either desired objective.
C. Meets the required objective and both desired objectives.
D. Does not meet the required objective.
Answer: C
Q4. - (Topic 2)
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
A. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
Answer: D
Q5. - (Topic 3)
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:
A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
B. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
C. SmartUpdate wizard walks the Administrator through a distributed installation.
D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
Answer: D
Q6. - (Topic 3)
What command with appropriate switches would you use to test Identity Awareness connectivity?
A. test_ad
B. test_ldap
C. test_ad_connectivity
D. test_ldap_connectivity
Answer: C
Q7. - (Topic 3)
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
A. John should lock and unlock his computer
B. John should install the Identity Awareness Agent
C. Investigate this as a network connectivity issue
D. The access should be changed to authenticate the user instead of the PC
Answer: D
Q8. - (Topic 2)
Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?
A. Audit Tab
B. All Records Query
C. Active Tab
D. Account Query
Answer: C
Q9. - (Topic 3)
Identity Awareness is implemented to manage access to protected resources based on a user's _____________.
A. Time of connection
B. Application requirement
C. Identity
D. Computer MAC address
Answer: C
Q10. - (Topic 2)
Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
C. In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule.
D. A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install.
Answer: C
Q11. - (Topic 3)
Where do you verify that UserDirectory is enabled?
A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
Answer: D
Q12. - (Topic 3)
If you are experiencing LDAP issues, which of the following should you check?
A. Domain name resolution
B. Overlapping VPN Domains C. Connectivity between the R77 Gateway and LDAP server
D. Secure Internal Communications (SIC)
Answer: C
Q13. - (Topic 1)
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. SecureClient
B. Security Gateway
C. None, Security Management Server would be installed by itself.
D. SmartConsole
Answer: B
Q14. - (Topic 2)
Looking at the SYN packets in the Wireshark output,
select the statement that is true about NAT.
A. This is an example of Hide NAT.
B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.
Answer: D
Q15. - (Topic 2)
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
A. A SmartDefense module has blocked the packet.
B. It is due to NAT.
C. An IPSO ACL has blocked the packet's outbound passage.
D. The packet has been sent out through a VPN tunnel unencrypted.
Answer: B