Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
What happens when you run the commanD. fw sam -J src [Source IP Address]?
A. Connections to and from the specified target are blocked without the need to change the Security Policy.
B. Connections to and from the specified target are blocked with the need to change the Security Policy.
C. Connections from the specified source are blocked without the need to change the Security Policy.
D. Connections to the specified target are blocked without the need to change the Security Policy.
Answer: C
Q2. - (Topic 3)
When attempting to connect with SecureClient Mobile you get the following error message:
The certificate provided is invalid. Please provide the username and password.
What is the probable cause of the error?
A. Your user configuration does not have an office mode IP address so the connection failed.
B. There is no connection to the server, and the client disconnected.
C. Your certificate is invalid.
D. Your user credentials are invalid.
Answer: C
Q3. - (Topic 1)
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/network-scripts/ifcfg-ethx
C. /etc/sysconfig/netconf.C
D. /etc/sysconfig/network
Answer: C
Q4. - (Topic 1)
Your primary Security Gateway runs on SecurePlatform. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?
A. Using the native SecurePlatform backup utility from command line or in the Web based user interface.
B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
C. Using the command upgrade_export.
D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
Answer: A
Q5. - (Topic 2)
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. upgrade_export/upgrade_import
B. dbexport/dbimport
C. Database Revision Control
D. Policy Package management
Answer: C
Q6. - (Topic 1)
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the command cpconfig and put in the same activation key in the Gateway's object on the Security Management Server. Unfortunately, SIC cannot be established. What is a possible reason for the problem?
A. Joe forgot to exit from cpconfig.
B. The installed policy blocks the communication.
C. The old Gateway object should have been deleted and recreated.
D. Joe forgot to reboot the Gateway.
Answer: A
Q7. - (Topic 3)
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
A. RLOGIN
B. HTTP
C. SMTP
D. FTP
Answer: C
Q8. - (Topic 2)
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
A. Translate destination on client-side
B. Enable IP Pool NAT
C. Allow bi-directional NAT
D. Automatic ARP configuration
Answer: A
Q9. - (Topic 1)
Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?
A. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
B. A backup cannot be restored, because the binary files are missing.
C. The restore can be done easily by the command restore and selecting the file netconf.C.
D. The restore is not possible because the backup file does not have the same build number (version).
Answer: C
Q10. - (Topic 3)
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
A. Intrusion Detection System (IDS) Policy install
B. SAM - Suspicious Activity Rules feature of SmartView Monitor
C. Block Intruder feature of SmartView Tracker
D. Change the Rule Base and install the Policy to all Security Gateways
Answer: C
Q11. - (Topic 3)
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
A. Track
B. Action
C. Source
D. User
Answer: C
Q12. - (Topic 3)
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
B. All is fine and can be used as is.
C. The two algorithms do not have the same key length and so don't work together. You will get the error …. No proposal chosen….
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
Answer: D
Q13. - (Topic 3)
You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community?
Exhibit:
A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R77 supports.
B. Changing the setting Perform key exchange encryption with from AES-256 to 3DES will enhance the VPN Community's security , and reduce encryption overhead.
C. Change the data-integrity setting for this VPN Community because MD5 is incompatible with AES.
D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the encryption overhead.
Answer: D
Q14. - (Topic 1)
When you change an implicit rule's order from Last to First in Global Properties, how do you make the change take effect?
A. Run fw fetch from the Security Gateway.
B. Select Install Database from the Policy menu.
C. Reinstall the Security Policy.
D. Select Save from the File menu.
Answer: C
Q15. - (Topic 3)
Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
A. Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.
B. Refreshable Timeout setting, in Client Authentication Action Properties > Limits.
C. IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.
Answer: B