Sie sind auf Seite 1von 178

156-215.

75
Number: 000000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Checkpoint 156215.75

Check Point Certified Security Administrator R75 Version: 3.0 Checkpoint 156215.75 Exam Topic 1, Volume A

Exam A QUESTION 1 Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection? A. B. C. D. IPS Packet filtering Stateful Inspection Application Intelligence

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 2 Which of the following statements about Bridge mode is TRUE? A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for Network Address Translation. B. Assuming a new installation, bridge mode requires changing the existing IP routing of the network. C. All ClusterXL modes are supported. D. A bridge must be configured with a pair of interfaces. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 3 Which SmartConsole component can Administrators use to track remote administrative activities? A. B. C. D. WebUI Eventia Reporter SmartView Monitor SmartView Tracker

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 2 Checkpoint 156215.75 Exam

QUESTION 4 Which of the following statements is TRUE about management plugins?

A. The plugin is a package installed on the Security Gateway. B. A management plugin interacts with a Security Management Server to provide new features and support for new products. C. Using a plugin offers full central management only if special licensing is applied to specific features of the plugin. D. Installing a management plugin is just like an upgrade process. (It overwrites existing components.) Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 5 UDP packets are delivered if they are _________. A. B. C. D. A legal response to an allowed request on the inverse UDP ports and IP A Stateful ACK to a valid SYNSYN/ACK on the inverse UDP ports and IP Reference in the SAM related Dynamic tables Bypassing the Kernel by the "forwarding layer" of clusterXL

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 6 The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model? A. B. C. D. Session and Network layers Application and Presentation layers Physical and Datalink layers Network and Datalink layers

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 7 "Pass Any Exam. Any Time." www.actualtests.com 3 Checkpoint 156215.75 Exam The customer has a small Check Point installation, which includes one Linux Enterprise 3.0 server working as the SmartConsole, and a second server running Windows 2003 as both Security Management Server running Windows 2003 as both Security Management Server and Security Gateway. This is an example of a(n). A. StandAlone Installation

B. Distributed Installation C. Hybrid Installation D. Unsupported configuration Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 8 The customer has a small Check Point installation which includes one Windows 2003 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. This is an example of a(n): A. B. C. D. Unsupported configuration. Hybrid Installation. Distributed Installation. StandAlone Installation.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 9 The customer has a small Check Point installation which includes one Windows XP workstation as the SmartConsole, one Solaris server working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n): A. B. C. D. StandAlone Installation. Unsupported configuration Distributed Installation. Hybrid Installation.

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 4 Checkpoint 156215.75 Exam

QUESTION 10 The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n): A. Hybrid Installation.

B. Unsupported configuration. C. Distributed Installation. D. StandAlone Installation. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 11 When doing a StandAlone Installation, you would install the Security Management Server with which other Check Point architecture component? A. B. C. D. SecureClient Security Gateway SmartConsole None, Security Management Server would be installed by itself

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 12 You are a security architect and need to design a secure firewall, VPN and IPS solution. Where would be the best place to install IPS in the topology if the internal network is already protected? A. B. C. D. On the firewall itself to protect all connected networks centrally. On each network segment separately. On the LAN is enough, the DMZ does not need to be protected. In front of the firewall is enough.

Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 5 Checkpoint 156215.75 Exam

QUESTION 13 You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation? A. B. C. D. Depends on the license installed on the Security Management Server Only one with full access and one with readonly access One As many as you want

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 14 During which step in the installation process is it necessary to note the fingerprint for firsttime verification? A. B. C. D. When establishing SIC between the Security Management Server and the Gateway When configuring the Security Management Server using cpconfig When configuring the Security Gateway object in SmartDashboard When configuring the Gateway in the WebUl

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 15 How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway? A. Run the command fwm sicreset to initialize the Internal Certificate Authority (ICA) of the Security Management Server. Then retype the activation key on the Security Gateway from SmartDashboard. B. Use SmartDashboard to retype the activation key on the Security Gateway. This will automatically Sync SIC to both the Security Management Server and Gateway. C. From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC). "Pass Any Exam. Any Time." www.actualtests.com 6 Checkpoint 156215.75 Exam D. From the Security Management Server's command line, Type fw putkey p <shared key> < IP Address of security Gateway>. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 16 How can you recreate the account of the Security Administrator, which was created during initial installation of the Management Server on SecurePlatform? A. Launch cpconfig and delete the Administrator's account. Recreate the account with the same name. B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account. C. Type cpm a, and provide the existing Administrator's account name. Reset the Security Administrator's password.

D. Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 17 You are running the Security Gateway on SecurePlatform and configure SNX with default settings. The client fails to connect to the Security Gateway. What is wrong? A. B. C. D. The routing table on the client does not get modified. The client has ActiveX blocked. The client is configured incorrectly. The SecurePlatform Web User Interface is listening on port 443.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 18 When Jon first installed the system, he forgot to configure DNS servers on his Security Gateway. "Pass Any Exam. Any Time." www.actualtests.com 7 Checkpoint 156215.75 Exam How could Jon configure DNS servers now that his Security Gateway is in production? A. Login to the firewall using SSH and run cpconfig, then select Domain Name Servers. B. Login to the firewall using SSH and run fwm, then select System Configuration and Domain Name Servers. C. Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces, then Domain Name Servers. D. Login to the firewall using SSH and run sysconfig, then select Domain Name Servers. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 19 Once installed, the R75 kernel resides directly below which layer of the OSI model? Note: Application is the top and Physical is the bottom of the IP stack. A. B. C. D. Network Transport Data Link Session

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 20 R75's INSPECT Engine inserts itself into the kernel between which two layers of the OSI model? A. B. C. D. Presentation and Application Physical and Data Session and Transport Data and Network

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 21 "Pass Any Exam. Any Time." www.actualtests.com 8 Checkpoint 156215.75 Exam What would be the benefit of upgrading from SmartDefense to IPS R75? A. B. C. D. The SmartDefense is replaced by the technology of IPS1. The SmartDefense technology expands IPS1 to IPS R75. Completely rewritten engine provides improved security performance and reporting. There is no difference IPS R75is the new name.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 22 You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? i.e. the command cprestart is not sufficient. A. B. C. D. 3 only 1, 2, 3, 4, and 5 2, 3 only 3, 4, and 5 only

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 23 The Security Gateway is installed on SecurePlatform R75. The default port for the Web User Interface is _______. A. B. C. D. TCP 18211 TCP 257 TCP 4433 TCP 443

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 24 "Pass Any Exam. Any Time." www.actualtests.com 9 Checkpoint 156215.75 Exam Your customer wishes to install the SmartConsole on a Windows system. What are the minimum hardware requirements for R75? Give the BEST answer. A. B. C. D. 500 MB Free disk space and 512 MB RAM 1 GB Free disk space and 512 MB RAM 1 GB Free disk space and 1 GB RAM 512 MB Free disk space and 1 GB RAM

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 25 From the output below, where is this fingerprint generated?

A. B. C. D.

SmartUpdate Security Management Server SmartDashboard SmartConsole

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 10 Checkpoint 156215.75 Exam

QUESTION 26 Tom has been tasked to install Check Point R75 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does not include a SmartConsole machine in his calculations? A. B. C. D. One machine One machine, but it needs to be installed using SecurePlatform for compatibility purposes Three machines Two machines

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 27 Over the weekend, an Administrator without access to SmartDashboard installed a new R75 Security Gateway using SecurePlatform. You want to confirm communication between the Gateway and the Management Server

by installing the Security Policy. What might prevent you from installing the Policy? A. You first need to initialize SIC in SmartUpdate. B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server. C. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server. D. You first need to run the fw unloadlocal command on the new Security Gateway. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 28 An Administrator without access to SmartDashboard installed a new IPSObased R75 Security Gateway over the weekend. He emailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy? "Pass Any Exam. Any Time." www.actualtests.com 11 Checkpoint 156215.75 Exam A. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway's topology. B. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server You must initialize SIC on the Security Management Server. C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance Resolve by running the tw unloadlocal command on the local Security Gateway. D. You first need to run the fw unloadlocal command on theR75Security Gateway appliance in order to remove the restrictive default policy. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 29 How can you reset the password of the Security Administrator that was created during initial installation of the Security Management Server on SecurePlatform? A. Type cpm a, and provide the existing administrator's account name. Reset the Security Administrator's password. B. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the "Password" portion of the file. Then log in to the account without a password. You will be prompted to assign a new password. C. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator. D. Type fwm a, and provide the existing administrator's account name. Reset the Security Administrator's password Answer: D

Section: (none) Explanation/Reference: Explanation:

QUESTION 30 You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain? A. B. C. D. ActiveX must be allowed on the client. An office mode address must be obtained by the client. SNX modifies the routing table to forward VPN traffic to the Security Gateway. The SNX client application must be installed on the client. "Pass Any Exam. Any Time." www.actualtests.com 12 Checkpoint 156215.75 Exam

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 31 The Administrator of the Tokyo Security Management Server cannot connect from his workstation in Osaka. Which of the following lists the BEST sequence of steps to troubleshoot this issue?

A. Check for matching OS and product versions of the Security Management Server and the client. Then, ping the Gateways to verify connectivity. If successful, scan the log files for any denied management packets. B. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo, verify management connectivity and Rule Base. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic. C. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machine. Then, test for firewall rules that deny management access to the target. If successful, verify that pcosaka is a valid client IP address.

D. Check the allowed clients and users on the Security Management Server. If pcosaka and your user account are valid, check for network problems. If there are no network related issues, this is likely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful, open a case with Technical Support. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 32 The Internal Certificate Authority (ICA) CANNOT be used for: "Pass Any Exam. Any Time." www.actualtests.com 13 Checkpoint 156215.75 Exam A. B. C. D. Virtual Private Network (VPN) Certificates for gateways NAT rules Remoteaccess users SIC connections

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 33 Match each of the following command to there correct function. Each command has one function only listed.

A. B. C. D.

C1>F2; C2>F1; C3>F6; C4>F4 C1>F6; C2>F4; C3>F2; C4>F5 C1>F2; C4>F4; C3>F1; C4>F5 C1>F4; C2>F6, C3>F3; C4>F2

Answer: B Section: (none)

Explanation/Reference: Explanation:

QUESTION 34 Which command displays the installed Security Gateway version? A. B. C. D. fw stat cpstat gw fw ver tw printver "Pass Any Exam. Any Time." www.actualtests.com 14 Checkpoint 156215.75 Exam

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 35 Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module? A. B. C. D. fw ctl pstat fw stat cpstat fwd fw ver

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 36 The command fw fetch causes the: A. Security Management Server to retrieve the IP addresses of the target Security Gateway. B. Security Gateway to retrieve the compiled policy and inspect code from the Security Management Server and install it to the kernel. C. Security Gateway to retrieve the user database information from the tables on the Security Management Server D. Security Management Server to retrieve the debug logs of the target Security Gateway Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 37 Which command is used to uninstall the Security Policy directly from the Security Gateway? A. fwm unload.local B. cpstop C. fwm load <gtwynamesIP> NULL "Pass Any Exam. Any Time." www.actualtests.com 15 Checkpoint 156215.75 Exam D. fw unloadlocal Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 38 Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly? A. Run the revert command to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy. B. Run the revert command to restore the snapshot, establish SIC, and install the Policy. C. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy. D. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 39 Which of the following statements accurately describes the upgrade_export command? A. Upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included before exporting. B. Used when upgrading the Security Gateway, upgrade_export includes modified files directory. C. Upgrade_export stores networkconfiguration data, objects, global properties, and the data base revisions prior to upgrading the security Management Server. D. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of the Security Gateway. Answer: D Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 16 Checkpoint 156215.75 Exam

QUESTION 40 What are you required to do before running upgrade__ export? A. B. C. D. Run cpconfig and set yourself up as a GUI client. Run a cpstop on the Security Management Server Run a cpstop on the Security Gateway. Close all GUI clients

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 41 A snapshot delivers a complete backup of SecurePlatform. The resulting file can be stored on servers or as a local file in /var/cpsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz? A. B. C. D. As expert user, type the command snapshot r MySnapshot.tgz. As expert user, type the command snapshot R to restore from a local file. Then, provide the correct name. As expert user, type the command revert file MySnapshot.tgz. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 42 What is the primary benefit of using upgrade_export over either backup of snapshot? A. The backup and snapshot commands can take long time to run whereas upgrade_export will take a much shorter amount of time. B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not. C. upgrade_export is operating system independent and can be used when backup or snapshot is "Pass Any Exam. Any Time." www.actualtests.com 17 Checkpoint 156215.75 Exam not available. D. upgrade_export has an option to backup the system and SmartView tracker logs while back and snapshot will not. Answer: C Section: (none) Explanation/Reference:

Explanation:

QUESTION 43 Amy is unsure that her nightly backup configured from the Check Point backup tool is working. If she logged into her Gateway using SSH, in which directory would she find her nightly backups? A. B. C. D. /opt/backups /var/CPbackup/backups /backups /var/backups

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 44 What is the syntax for uninstalling a package using newpkg? A. B. C. D. s (pathname of package) u (pathname of package) newpkg CANNOT be used to uninstall i (full pathname of package)

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 45 Which utility allows you to configure the DHCP service on SecurePlatform from the command line? A. sysconfig B. dhcp_cfg "Pass Any Exam. Any Time." www.actualtests.com 18 Checkpoint 156215.75 Exam C. cpconfig D. ifconfig Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 46 Which utility is necessary for reestablishing SIC?

A. B. C. D.

fwm sic_reset cpconfig cplic sysconfig

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 47 You are consulting with an Administrator who has locked himself out of SmartDashboard installed on a standalone SecurePlatform Security Gateway. Now, he cannot access the Security Management Server via SmartDashboard or any other SmartConsole tools. How can you get him reconnected to SmartDashboard? A. B. C. D. Run fw uninstall localhost on the Security Gateway. Run fw unloadlocal on the Security Gateway. Run fw unlocklocal on the Security Management Server. Delete the $fwdir/database/manage.lock file and run cprestart.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 48 The thirdshift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account? "Pass Any Exam. Any Time." www.actualtests.com 19 Checkpoint 156215.75 Exam A. B. C. D. Type fwm lock_admin u <account name> from the command line of the Security Management Server. Type fwm unlock_admin u from the command line of the Security Gateway. Delete the file admin.lock in the $FWDIR/tmp/ directory of the Security Management Server. Type fwm unlock_admin from the command line of the Security Management Server.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 49 The third shift administrator was updating security management server access setting in global properties. He managed to lock the entire Administrator out of their accounts. How should you unlock these accounts? A. Logging to smart dash board as special cpconfig_admin account. Right click on each administrator object and select Unlock.

B. Type fwm lock_admin ua from the command line of the security management server C. Reinstall the security management Server and restore using upgrade _imort D. Delete the file admin .lock in the sfwdir/ tmp/directory of the security managem,ent server. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 50 You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer. A. B. C. D. /etc/conf/route.C /etc/sysconfig/netconf.C /etc/sysconfig/networkscripts/ifcfgethx /etc/sysconfig/network

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 20 Checkpoint 156215.75 Exam

QUESTION 51 When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change? A. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings. B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56 D. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field (conf : (conns :( conn :hwaddr ("00:0C:29:12:34:56") Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 52 Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished? A. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy / Install on Target. B. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the row Install On of the Rule Base. C. In the menu of SmartDashboard, go to Policy / Policy Installation Targets and select the correct firewall via Specific Targets. D. When selecting the correct Firewall in each line of the row Install On of the Rule Base, only this Firewall is shown in the list of possible installation targets after selecting Policy / Install on Target. Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 21 Checkpoint 156215.75 Exam

QUESTION 53 Where is the IPSO Boot Manager physically located on an IP Appliance? A. B. C. D. In the / nvram directory On an external jump drive On the platform's BIOS On builtin compact Flash memory

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 54 ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT: A. B. C. D. DHCP Server configuration GUI Clients Time & Date Export setup

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 55 Which of the following options is available with the SecurePlatform cpconfig utility? A. B. C. D. GUI Clients Time & Date Export setup DHCP Server configuration

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 56 "Pass Any Exam. Any Time." www.actualtests.com 22 Checkpoint 156215.75 Exam Which command would provide the most comprehensive diagnostic information to Check Point Technical Support? A. B. C. D. diag cpinfo o date.cpinfo.txt netstat > date.netstat.txt cpstat > date.cpatat.txt

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 57 Which of the following statements accurately describes the snapshot command? A. snapshot creates a full OSlevel backup, including networkinterface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway. B. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server. C. snapshot creates a full systemlevel backup of the Security Management Server on any OS D. snapshot stores only the systemconfiguration settings on the Gateway. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 58 How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out via a rule or policy misconfiguration?

A. B. C. D.

fw delete all.all@localhost cpstop fw unloadlocal fw unload policy

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 23 Checkpoint 156215.75 Exam

QUESTION 59 How can you check whether IP forwarding is enabled on an IP Security Appliance? A. B. C. D. clish c show routing active enable echo 1 > /proc/sys/net/ipv4/ip_forwarding ipsofwd list cat/proc/sys/net/ipv4/ip_forward

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 60 For normal packet transmission of an accepted communication to a host protected by a Security Gateway, how many lines per packet are recorded on a packet analyzer like Wireshark using fw monitor? A. B. C. D. 2 4 3 None

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 61 How can I verify the policy version locally installed on the Firewall? A. fw ver B. fw ctl iflist C. fw ver k

D. fw stat Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 24 Checkpoint 156215.75 Exam

QUESTION 62 If you run fw monitor without any parameters, what does the output display? A. B. C. D. In /var/adm/monitor. Out On the console In /tmp/log/monitor out In / var/log/monitor. out

Answer: B Section: (none) Explanation/Reference: Explanation: From user guide: ExampleThe easiest way to usefw monitoris to invoke it without any parameter. This will output every packet from every interface that passes (or at least reaches) the Check Point gateway. Please note that the same packet is appearing several times (two times in the example below). This is caused byfw monitorcapturing the packets at different capture points. Output cpmodule]# fw monitor monitor: getting filter (from command line) monitor: compiling monitorfilter: Compiled OK. monitor: loading monitor: monitoring (controlC to stop) eth0:i[285]: 172.16.1.133 > 172.16.1.2 (TCP) len=285 id=1075 TCP: 1050 > 18190 ...PA. seq=bf8bc98e ack=941b05bc eth0:I[285]: 172.16.1.133 > 172.16.1.2 (TCP) len=285 id=1075 TCP: 1050 > 18190 ...PA. seq=bf8bc98e ack=941b05bc eth0:o[197]: 172.16.1.2 > 172.16.1.133 (TCP) len=197 id=44599 TCP: 18190 > 1050 ...PA. seq=941b05bc ack=bf8bca83 eth0:O[197]: 172.16.1.2 > 172.16.1.133 (TCP) len=197 id=44599 TCP: 18190 > 1050 ...PA. seq=941b05bc ack=bf8bca83 eth0:o[1500]: 172.16.1.2 > 172.16.1.133 (TCP) len=1500 id=44600 TCP ^C 18190 > 1050 ....A. seq=941b0659 ack=bf8bca83 monitor: caught sig 2 monitor: unloading "Pass Any Exam. Any Time." www.actualtests.com 25 Checkpoint 156215.75 Exam

QUESTION 63 What is the desired outcome when running the command cpinfo z o cpinfo.out? A. B. C. D. Send output to a file called cpinfo.out in compressed format. Send output to a file called cpinfo.out in usable format for the CP InfoView utility. Send output to a file called cpinfo.out without address resolution. Send output to a file called cpinfo.out and provide a screen print at the same time.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 64 Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you are both locked out of the firewall that is called myfw1. What command would you execute on your system console on myfw1 in order for you to push out a new Security Policy? A. B. C. D. fw dbloadlocal fw unloadlocal cpstop fw ctl filter

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 65 Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway? A. B. C. D. fw unload fw unloadlocal cpstop fw unload local

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 26 Checkpoint 156215.75 Exam

QUESTION 66 Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy?

A. B. C. D.

fw monitor fw ctl pstat cp stat fw stat

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 67 A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point? A. B. C. D. I O o i

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 68 To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use? A. B. C. D. snoop cpinfo infoview tcpdump

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 27 Checkpoint 156215.75 Exam

QUESTION 69 You are creating an output file with the following command: fw monitor e "accept (src=10.20.30.40 or dst=10.20.30.40);" o ~/output Which tool do you use to analyze this file?

A. B. C. D.

You can analyze it with Wireshark or Ethereal. You can analyze the output file with any ASCI editor. The output file format is CSV, so you can use MS Excel to analyze it. You cannot analyze it with any tool as the syntax should be:fw monitor e accept ([12,b]=10.20.30.40 or [16, b]=10.20.30.40); o ~/output.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 70 You issue the fw monitor command with no arguments. Which of the following inspection points will be displayed? A. B. C. D. Before the virtual machine, in the inbound direction After the virtual machine, in the outbound direction All inspection points Before the virtual machine, in the outbound direction

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 71 What is the command used to view which policy is installed? A. fw ctl install B. fwm stat C. fw ctl pstat "Pass Any Exam. Any Time." www.actualtests.com 28 Checkpoint 156215.75 Exam D. fw stat Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 72 How can you view cpinfo on a SecurePlatform machine? A. tcpdump B. snoop i C. infotab

D. Text editor, such as vi Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 73 How is wear on the flash storage device mitigated on appliance diskless platforms? A. A RAM drive reduces the swap file thrashing which causes fast wear on the device. B. The external PCMCIAbased flash extension has the swap file mapped to it, allowing easy replacement. C. Issue FW1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted. D. PRAM flash devices are used, eliminating the longevity. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 74 In previous versions, the full TCP threeway handshake was sent to the firewall kernel for inspection. How is this improved in the current version of IPSO Flows/SecureXL? A. Only the initial SYN packet is inspected. The rest are handled by IPSO. B. Packets are offloaded to a thirdparty hardware card for nearline inspection. "Pass Any Exam. Any Time." www.actualtests.com 29 Checkpoint 156215.75 Exam C. Packets are virtualized to a RAM drivebased FW VM. D. Resources are proactively assigned using predictive algorithmic techniques. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 75 Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates are created: A. And used for securing internal network communications between SmartView Tracker and an OPSEC device. B. For the Security Management Server during the Security Management Server installation. C. For Security Gateways during the Security Gateway installation. D. To decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 76 Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates: A. Increase network security by securing administrative communication with a twofactor challenge response authentication. B. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates. C. Are for Security Gateways created during the Security Management Server installation. D. Can be used for securing internal network communications between the Security Gateway and an OPSEC device. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 77 "Pass Any Exam. Any Time." www.actualtests.com 30 Checkpoint 156215.75 Exam Which of the following statements regarding SecureXL and CoreXL is TRUE? A. B. C. D. SecureXL is an application for accelerating connections. CoreXL enables multicore processing for program interfaces. SecureXL is only available inR75. CoreXL is included in SecureXL.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 78 Beginning with R75, Software Blades were introduced. One of the Software Blades is the IPS Software Blade as a replacement for SmartDefense. When buying or upgrading to a bundle, some blades are included, e.g. FW, VPN, IPS in SG103. Which statement is NOT true? A. B. C. D. The license price includes IPS Updates for the first year. The IPS Software Blade can be used for an unlimited time. There is no need to renew the service contract after one year. After one year, it is mandatory to renew the service contract for the IPS Software Blade because it has been bundled with the license when purchased.

Answer: D

Section: (none) Explanation/Reference: Explanation:

QUESTION 79 You need to plan the company's new security system. The company needs a very high level of security and also high performance and high throughput for their applications. You need to turn on most of the integrated IPS checks while maintaining high throughput. What would be the BEST solution for this scenario? A. You need to buy a strong multicore machine and run R70 or later on SecurePlatform with CoreXL technology enabled. B. Bad luck, both together can not be achieved. C. The IPS does not run when CoreXL is enabled. D. The IPS system does not affect the firewall performance and CoreXL is not needed in this scenario. Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 31 Checkpoint 156215.75 Exam Explanation:

QUESTION 80 John is the Security Administrator in his company. He needs to maintain the highest level of security on the firewalls he manages. He is using Check Point R75. Does he need the IPS Software Blade for achieving this goal? A. B. C. D. No, all IPS protections are active, but can't be uploaded without the license like SmartDefense. Yes, otherwise no protections can be enabled. Yes, otherwise the firewall will pass all traffic unfiltered and unchecked. No, the Gateway will always be protected and the IPS checks can't be managed without a license.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 81 Which command allows you to view the contents of an R75 table? A. B. C. D. fw tab x <tablename> fw tab a <tablename> fw tab s <tablename> fw tab t <tablename>

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 82 Your R75 enterprise Security Management Server is running abnormally on Windows 2003 Server. You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc.) What is the BEST method to reinstall the Server and keep its critical configuration? A. 1) Run the latest upgrade_export utility to export the configuration "Pass Any Exam. Any Time." www. actualtests.com 32 Checkpoint 156215.75 Exam 2) Leave the exported tgz file in %FWDIR\bin. 3) Install the primary security Management Server on top of the current installation 4) Run upgrade_import to Import the configuration. B. 1) Insert theR75CDROM. and select the option to export the configuration into a . tgz file 2) Skip any upgrade verification warnings since you are not upgrading. 3) Transfer the. tgz file to another networked machine. 4) Download and run the cpclean utility and reboot. 5) Use theR75CD_ROM to select the upgrade__import option to import the c C. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration. 2) Perform any requested upgrade verification suggested steps. 3) Uninstall allR75packages via Add/Remove Programs and reboot 4) Use smartUpdate to reinstall the Security Management server and reboot 5) Transfer the .tgz file back to the local \ temp. 6) Run upgrade_import to import the configuration. D. 1) Download the latest upgrade_export utility and run it from a \ temp directory to export the Configuration. 2) Transferee .tgz file to another network machine 3) Uninstall allR75packages via Add/Remove Programs and reboot 4) Install again using theR75CD ROM as a primary security management server 5) Reboot and than transfer the .tgz file back to the local\ tem p 6) Run upgcade_import to import the configuration. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 83 Your primary Security Management Server runs on SecurePlatform. What is the easiest way to back up your Security Gateway R75 configuration, including routing and network configuration files? A. B. C. D. Using the upgrade_export command. Copying the $FWDIR/conf and $FWDIR/lib directory to another location. Run the pre_upgrade_verifier and save the .tgz file to the /temp directory. Using the native SecurePlatform backup utility from command line or in the Web based user interface.

Answer: D Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 33 Checkpoint 156215.75 Exam

QUESTION 84 You need to back up the routing, interface, and DNS configuration information from your R75 SecurePlatform Security Gateway. Which backupandrestore solution do you use? A. B. C. D. SecurePlatform backup utilities upgrade_export and upgrade_import commands Database Revision Control Manual copies of the $FWDIR/conf directory

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 85 Your R75 primary Security Management Server is installed on SecurePlatform. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule? A. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object. B. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object. C. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch. D. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the fw logswitch command via the cron utility. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 86 Which of the following methods will provide the most complete backup of an R75 configuration? A. B. C. D. Policy Package Management Copying the $PWDIR\conf and $CPDIR\conf directories to another server upgrade_export command Database Revision Control "Pass Any Exam. Any Time." www.actualtests.com 34 Checkpoint 156215.75 Exam

Answer: C Section: (none)

Explanation/Reference: Explanation:

QUESTION 87 Which of the following commands can provide the most complete restore of an R75 configuration? A. B. C. D. Cpconfig Upgrade_import fwm dbimport p cpinfo recover

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 88 When restoring R75 using the command upgrade > Port. Which of the following items is NOT restored? A. B. C. D. Licenses Global properties SIC Certificates Route tables

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 89 Your organization's disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R75 installation. Your plan must meet the following required and desired objectives: Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours. Desired Objective: The R75 components that enforce the Security Polices should be blocked up at "Pass Any Exam. Any Time." www.actualtests.com 35 Checkpoint 156215.75 Exam least once a week. Desired Objective: Back up R75 logs at least once a week Your disaster recovery plan is as follows: Use the cron utility to run the upgrade_ export command each night on the Security Management Servers. Configure the organization's routine backup software to back up the files created by the upgrade_ export command.

Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers Configure an automatic, nightly loqswitch Configure the organization's routine backup software to back up the switched logs every night Upon evaluation, your plan: A. B. C. D. Meets the required objective but does not meet either desired objective. Does not meet the required objective. Meets the required objective and only one desired objective. Meets the required objective and both desired objectives.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 90 Your company is running Security Management Server R75 on SecurePlatform, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account? A. B. C. D. Using SmartDashboard, under Users, select Add New Administrator Using the Web console on SecurePlatform under Product configuration, select Administrators Using SmartDashboard or cpconf ig Using cpconftg on the Security Management Server, choose Administrators

Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 36 Checkpoint 156215.75 Exam Explanation:

QUESTION 91 Which of the following tools is used to generate a Security Gateway R75 configuration report? A. B. C. D. ethereal cpinfo licview infoview

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 92 Which of the following is a CLI command for Security Gateway R75? A. B. C. D. fwm policy_print <policyname> fw shutdown fw merge fw tab u

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 93 What information is provided from the options in this screenshot? "Pass Any Exam. Any Time." www.actualtests.com 37 Checkpoint 156215.75 Exam

(i)Whether a SIC certificate was generated for the Gateway (ii)Whether the operating system is SecurePlatform or SecurePlatform Pro (iii)Whether this is a standalone or distributed installation A. B. C. D. (i), (ii) and (iii) (i) and (iii) (i) and (ii) (ii) and (iii)

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 94 Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer. A. You can unlock Peter's account by using the command fwm unlock_admin u Peter on the Security Gateway. B. It is not possible to unlock Peter's account. You have to install the firewall once again or abstain from Peter's help. C. You can unlock Peter's account by using the command fwm lock_admin u Peter on the Security Management Server. D. You can unlock Peter's account by using the command fwm unlock_admin u Peter on the Security Management Server. "Pass Any Exam. Any Time." www.actualtests.com 38 Checkpoint 156215.75 Exam Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 95 Which CLI command verifies the number of cores on your firewall machine? A. B. C. D. fw ctl pstat fw ctl core stat fw ctl multik stat cpstat fw f core

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 96 John currently administers a network using NGX R65.4 on the Security Management Server and NGX R65.2.100 (the VOIP release with the VOIP plugins enabled). He wants to upgrade to R75 to get the benefits of Check Point's Software Blades. What would be the best way of doing this? A. This can not be done yet asR75can not manage NGX R65 Gateways due to SmartDefense and IPS mismatch problems. B. Run upgrade_export on R65 management, then installR75on this machine and run upgrade_import and re license the systems to use software blades. C. Just insert theR75CDROM and run the inplace upgrade. D. This is not supported today as currently the VOIP Software Blade and VOIP plugin is not available inR75. Answer: D

Section: (none) Explanation/Reference: Explanation:

QUESTION 97 John currently administers a network using single CPU single core servers for the Security Gateways and is running R75. His company is now going to implement VOIP and needs more performance on the Gateways. He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in the server. He wants to use CoreXL technology to benefit "Pass Any Exam. Any Time." www.actualtests.com 39 Checkpoint 156215.75 Exam from the new performance benchmarks of this technology. How can he achieve this? A. Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all the settings automatically. B. He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required to benefit from CoreXL technology. C. He needs to reinstall the Gateways because during the initial installation, it was a singlecore CPU but the wrong Linux kernel was installed. There is no other upgrade path available. D. He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefit from the new technology. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 98 You are running a R75 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production? A. B. C. D. upgrade_export manual backup snapshot backup

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 99 Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

A. The restore can be done easily by the command restore and selecting the appropriate backup file. "Pass Any Exam. Any Time." www.actualtests.com 40 Checkpoint 156215.75 Exam B. A backup cannot be restored, because the binary files are missing. C. The restore is not possible because the backup file does not have the same build number (version). D. The restore is done by selecting Snapshot Management from the boot menu of SecurePlatform. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 100 Which operating systems are supported by a Check Point Security Gateway on an open server? A. B. C. D. Check Point SecurePlatform and Microsoft Windows Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

Answer: A Section: (none) Explanation/Reference: Explanation: Topic 2, Volume B

QUESTION 101 You intend to upgrade a Check Point Gateway from R65 to R75. Prior to upgrading, you want to backup the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time? A. B. C. D. Backup Snapshot Upgrade_export Database_revision

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 102 "Pass Any Exam. Any Time." www.actualtests.com 41 Checkpoint 156215.75 Exam Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?

A. B. C. D.

fw fwd routing ipsofwd on admin fw load routed ipsofwd slowpath

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 103 Where can you find the Check Point's SNMP MIB file? A. B. C. D. $FWDIR/conf/snmp.mib It is obtained only by request from the TAC. $CPDIR/lib/snmp/chkpt.mib There is no specific MIB file for Check Point products.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 104 You want to generate a cpinfo file via CLI on a system running SecurePlatform. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? A. B. C. D. Log in as the default user expert and start cpinfo. No action is needed because cpshell has a timeout of one hour by default. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinto.

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 42 Checkpoint 156215.75 Exam

QUESTION 105 Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?

A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here. B. In the General Properties of the object representing the specific Firewall, go to the Software Blades product list and select Firewall. Rightclick in the menu, select Administrator to Install to define only this administrator. C. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced / Permission to Install. D. Rightclick on the object representing the specific administrator, and select that Firewall in Policy Targets. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 106 What is the officially accepted diagnostic tool for IP appliance support? A. B. C. D. Ipsinfo Uagdiag CST cpinfo

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 107 You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a SecurePlatform. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer. "Pass Any Exam. Any Time." www.actualtests.com 43 Checkpoint 156215.75 Exam A. B. C. D. cthtool ifconfig a eth_set mii_tool

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 108 Which command enables IP forwarding on IPSO?

A. B. C. D.

echo 1 > /proc/sys/net/ipv4/ip_forward clish c set routing active enable echo 0 > /proc/sys/net/ipv4/ip_forward ipsofwd on admin

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 109 How many inspection capture points are shown in fw monitor? A. B. C. D. 2 1 Depends on the number of interfaces on the Gateway 4

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 110 Looking at an fw monitor capture in Wireshark, the initiating packet in Hide NAT translates on________. A. I "Pass Any Exam. Any Time." www.actualtests.com 44 Checkpoint 156215.75 Exam B. O C. o D. i Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 111 You want to create an ASCII formatted output file of the fw monitor command. What is the correct syntax to accomplish this task? A. B. C. D. fw monitor e "accept;" > /tmp/monitor.txt fw monitor e "accept;" f > /tmp/monitor.txt fw monitor m iO e "accept;" o /tmp/monitor.txt fw monitor e "accept;" w /tmp/monitor.txt

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 112 When you run the fw monitor e "accept;" command, what type of traffic is captured? A. B. C. D. Only inbound traffic, before and after the inbound inspection. All traffic coming in all directions, before and after inbound and outbound inspection. All traffic accepted by the Rule Base. Only outbound traffic, before and after the outbound inspection.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 113 The Get Address button, found on the Host Node Object / General Properties page, will retrieve what? A. The IP address "Pass Any Exam. Any Time." www.actualtests.com 45 Checkpoint 156215.75 Exam B. The domain name C. The fully qualified domain name D. The Mac address Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 114 You have just been hired as the Security Administrator for the InsureItAll insurance company. Your manager gives you the following requirements for controlling DNS traffic: Required Result #1: Accept domainnameoverTCP traffic (zonetransfer traffic) Required Result #2: Log domainnameoverTCP traffic (zonetransfer traffic) Desired Result #1: Accept domainnameoverUDP traffic (queries traffic) Desired Result #2: Do not log domainnameoverUDP traffic (queries traffic) Desired Result #3: Do not clutter the Rule Base try creating explicit rules for traffic that can be controlled using Global Properties To begin, you make the following configuration changes, and install the Security Policy

Select the box Accept Domain Name over TCP (Zone Transfer) in Global Properties Select the box Accept Domain Name over UDP (Queries) in Global Properties Select the box Log Implied Rules in Global Properties Do your initial actions meet the required and desired results? A. B. C. D. The actions achieve the required results, and two of the desired results. The actions achieve all required results, but none of the desired results. The actions do not achieve the required results. The actions meet all required and desired results.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 115 When you change an implicit rule's order from last to first in global properties, how do you make "Pass Any Exam. Any Time." www.actualtests.com 46 Checkpoint 156215.75 Exam the change take effect? A. B. C. D. Select save from the file menu Reinstall the security policy Select install database from the policy menu Run fw fetch from the security gateway

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 116 You create implicit and explicit rules for the following network. The group object internalnetworks includes networks 10.10.10.0 and 10.10.20.0. Assume Accept ICMP requests is enabled as Before last in Global Properties. Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address? ICMP will be: A. B. C. D. dropped by rule 0. dropped by rule 2, the Cleanup Rule. accepted by rule 1. dropped by the last Implicit rule.

Answer: C Section: (none) Explanation/Reference:

Explanation:

QUESTION 117 How does the Get Address button, found on the Host Node Object > General Properties page retrieve the address? A. B. C. D. Route Table SNMP Get Address resolution (ARP. RARP) Name resolution (hosts file, DNS, cache)

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 47 Checkpoint 156215.75 Exam

QUESTION 118 AntiSpoofing is typically set up on which object type? A. B. C. D. Host Domain Network Security Gateway

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 119 Spoofing is a method of: A. B. C. D. Hiding your firewall from unauthorized users. Disguising an illegal IP address behind an authorized IP address through port address Translation. Making packets appear as if they come from an authorized IP address Detecting people using false or wrong authentication logins.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 120 Certificates for Security Gateways are created during a simple initialization from______.

A. B. C. D.

SmartUpdate sysconfig The ICA management tool. SmartDashboard

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 48 Checkpoint 156215.75 Exam

QUESTION 121 Which of the below is most correct process to reset SIC from SmartDashboard? A. Run cpconfig, and click reset B. Click the Communication > button for the firewall object, then click Reset Run cpconfig and type a new activation key C. Click Communication > Reset on the Gateway object, and type a new activation key D. Run cpconfig, and select Secure Internal Communication > Change One Time Password Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 122 You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it? 1) Run cpconfig on the gateway, set secure internal communication, enter the activation key and reconfirm. 2) Initialize internal certificate authority (ICA) on the security Management server. 3) Confirm the gateway object with the host name and IP address for the remote site. 4) Click the communication button in the gateway object's general screen, enter the activation key, and click initialize and ok. 5) Install the security policy. A. B. C. D. 2, 3, 4, 5, 1 1, 3, 2, 4, 5 2, 3, 4, 1, 5 2, 1, 3, 4, 5

Answer: B

Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 49 Checkpoint 156215.75 Exam

QUESTION 123 Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the cpconfig command and put in the same activation key in the Gateway's object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem? A. B. C. D. The installed policy blocks the communication. Joe forgot to reboot the Gateway. Joe forgot to exit from cpconfig. The old Gateway object should have been deleted and recreated.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 124 You want to reset SIC between smberlin and sgosaka. In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message: What is the reason for this behavior? A. You must first initialize the Gateway object in SmartDashboard (i.e., rightclick on the object, choose Basic Setup / Initialize). B. The Gateway was not rebooted, which is necessary to change the SIC key. C. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility. D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 125 Which rule should be the Cleanup Rule in the Rule Base? "Pass Any Exam. Any Time." www.actualtests.com 50 Checkpoint 156215.75 Exam

A. B. C. D.

Last. It serves a logging function before the implicit drop. Last, it explicitly drops otherwise accepted traffic Before last followed by the Stealth Rule. First, it explicitly accepts otherwise dropped traffic.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 126 What are the two basic rules which should be used by all Security Administrators? A. B. C. D. Administrator Access and Stealth rules Cleanup and Administrator Access rules Network Traffic and Stealth rules Cleanup and Stealth rules

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 127 Which item below in a Security Policy would be enforced first? A. B. C. D. Administratordefined Rule Base Network Address Translation IP spoofing/IP options Security Policy "First" rule

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 128 When you hide a rule in a Rule Base, how can you then disable the rule? A. Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click Disable Rule(s). "Pass Any Exam. Any Time." www.actualtests.com 51 Checkpoint 156215.75 Exam B. Rightclick on the hidden rule placeholder bar and select Disable Rule(s). C. Rightclick on the hidden rule placeholder bar and uncheck Hide, then rightclick and select Disable Rule(s); rehide the rule.

D. Hidden rules are already effectively disabled from Security Gateway enforcement. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 129 A Stealth rule is used to: A. B. C. D. Use the Security Gateway to hide the border router from internal attacks. Cloak the type of Web server in use behind the Security Gateway. Prevent communication to the Security Gateway itself. Prevent tracking of hosts behind the Security Gateway.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 130 A Cleanup rule is used to: A. B. C. D. Drop without logging connections that would otherwise be dropped and logged fry default Log connections that would otherwise be accepted without logging by default. Log connections that would otherwise be dropped without logging by default. Drop without logging connections that would otherwise be accepted and logged by default

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 131 A ____________ rule is designed to log and drop all other communication that does not match another rule. A. Stealth "Pass Any Exam. Any Time." www.actualtests.com 52 Checkpoint 156215.75 Exam B. Cleanup C. Reject D. AntiSpoofing Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 132 Which statement is TRUE about implicit rules? A. B. C. D. They are derived from Global Properties and explicit object properties. The Gateway enforces implicit rules that enable outgoing packets only. You create them in SmartDashboard. Changes to the Security Gateway's default settings do not affect implicit rules.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 133 You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect? A. B. C. D. First Before Last Last After Stealth Rule

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 134 All of the following are Security Gateway control connections defined by default implied rules, EXCEPT: A. Acceptance of IKE and RDP traffic for communication and encryption purposes. "Pass Any Exam. Any Time." www.actualtests.com 53 Checkpoint 156215.75 Exam B. Exclusion of specific services for reporting purposes. C. Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP. D. Specific traffic that facilitates functionality, such as logging, management, and key exchange. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 135 In a distributed management environment, the administrator has removed all default check boxes from the Policy / Global Properties / Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.

A. B. C. D.

259 257 900 256

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 136 Examine the following Security Policy. What, if any, changes could be made to accommodate Rule 4?

A. Nothing at all "Pass Any Exam. Any Time." www.actualtests.com 54 Checkpoint 156215.75 Exam B. Modify the Source or Destination columns in Rule 4 C. Remove the service HTTPS from the Service column in Rule A D. Modify the VPN column in Rule 2 to limit access to specific traffic Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 137 A Security Policy has several database versions. What configuration remains the same no matter which version is used? A. Rule Bases_5_0.fws

B. Internal Certificate Authority (ICA) certificate C. Fwauth.NDB D. Objects_5_0.C Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 138 You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify Security administration, which one of the following would you choose to do? A. B. C. D. Create a separate Security Policy package for each remote Security Gateway Run separate SmartConsole instances to login and configure each Security Gateway directly Eliminate all possible contradictory rules such as the Stealth or Cleanup rules Create network objects that restrict all applicable rules to only certain networks

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 139 You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do? "Pass Any Exam. Any Time." www.actualtests.com 55 Checkpoint 156215.75 Exam A. Install a separate local Security Management Server and SmartConsole for each remote Security Gateway. B. Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways. C. Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway. D. Run separate SmartDashbord instance to login and configure each Security Gateway directly. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 140 Which rules are not applied on a firstmatch basis? A. Cleanup B. User Authentication C. Session Authentication

D. Client Authentication Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 141 Installing a policy usually has no impact on currently existing connections. Which statement is TRUE? A. B. C. D. Users being authenticated by Client Authentication have to reauthenticate. SitetoSite VPNs need to reauthenticate, so Phase 1 is passed again after installing the Security Policy. All FTP downloads are reset; users have to start their downloads again. All connections are reset, so a policy install is recommended during announced downtime only.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 142 "Pass Any Exam. Any Time." www.actualtests.com 56 Checkpoint 156215.75 Exam Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured? A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base. B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install. C. In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets. D. A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 143 Which of these security policy changes optimize Security Gateway performance? A. B. C. D. Use Automatic NAT rules instead of Manual NAT rules whenever possible Putting the leastused rule at the top of the Rule Base Using groups within groups in the manual NAT Rule Base Using domain objects in rules when possible

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 144 Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows: "Pass Any Exam. Any Time." www.actualtests.com 57 Checkpoint 156215.75 Exam

Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200. 200.200.5. The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements? A. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add and ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5. C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. D. Create two network objects: 192.168.10.0/24. and 192.168.20.0/24. Add the two network objects. Create a manual NAT rule like the following Original source group object; Destination any Service any, Translated source 200.200.200.5; Destination original, Service original. Answer: C Section: (none)

Explanation/Reference: Explanation:

QUESTION 145 "Pass Any Exam. Any Time." www.actualtests.com 58 Checkpoint 156215.75 Exam Because of a preexisting design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of antispoofing settings. What is causing this? A. B. C. D. Allow bidirectional NAT is not checked in Global Properties. Manual NAT rules are not configured correctly. Translate destination on client side is not checked in Global Properties under manual NAT rules. Routing is not configured correctly.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 146 You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker? A. B. C. D. Only one, outbound Two, one for outbound, one for inbound Only one, inbound Two, both outbound, one for the real IP connection and one for the NAT IP connection

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 147 Which of the following statements BEST describes Check Point's Hide Network Address Translation method? A. Manytoone NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation B. Translates many destination IP addresses into one destination IP address C. Translates many source IP addresses into one source IP address D. Onetoone NAT which implements PAT (Port Address Translation) for accomplishing both "Pass Any Exam. Any Time." www.actualtests.com 59 Checkpoint 156215.75 Exam Source and Destination IP address translation Answer: C Section: (none)

Explanation/Reference: Explanation:

QUESTION 148 Which Check Point address translation method allows an administrator to use fewer ISPassigned IP addresses than the number of internal hosts requiring Internet connectivity? A. B. C. D. Static Destination Hide Dynamic Destination Static Source

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 149 NAT can NOT be configured on which of the following objects? A. B. C. D. Address Range HTTP Logical Server Host Gateway

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 150 NAT can be implemented on which of the following lists of objects? A. B. C. D. Domain network Host network Host user Network, Dynamic Object "Pass Any Exam. Any Time." www.actualtests.com 60 Checkpoint 156215.75 Exam

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 151

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ? A. B. C. D. Static Destination Address Translation Port Address Translation Dynamic Source Address Translation Hide Address Translation

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 152 You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway? A. B. C. D. Place a static host route on the firewall for the valid IP address to the internal Web server. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 153 After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti "Pass Any Exam. Any Time." www.actualtests.com 61 Checkpoint 156215.75 Exam spoofing protections. Which of the following is the MOST LIKELY cause? A. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +. B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External C. The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side D. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side. Answer: D

Section: (none) Explanation/Reference: Explanation:

QUESTION 154 Which NAT option applicable for Automatic NAT applies to Manual NAT as well? A. B. C. D. Allow bidirectional NAT Automatic ARP configuration Enable IP Pool NAT Translate destination on clientside

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 155 Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet? A. Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service B. Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24 C. Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in "Pass Any Exam. Any Time." www.actualtests.com 62 Checkpoint 156215.75 Exam the NAT Rule Base on the automatic rule D. Configure Automatic Static NAT on network 10.10.20.0/24 Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 156 You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface. What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers. C. When connecting to internal network 10 10.10 x. configure Hide NAT for the DMZ servers. D. When connecting to the internal network 10.10.10x, configure Hide Nat for the DMZ network behind the DMZ interface of the Security Gateway Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 63 Checkpoint 156215.75 Exam

QUESTION 157 An internal host initiates a session to www.google.com and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________. A. B. C. D. Client side NAT Destination NAT Source NAT None of these

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 158 A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________. A. B. C. D. source on client side destination on server side destination on client side source on server side

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 159 A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server? A. B. C. D. Automatic ARP must be unchecked in the Global Properties. A static route must be added on the Security Gateway to the internal host. Nothing else must be configured. A static route for the NAT IP must be added to the Gateway's upstream router. "Pass Any Exam. Any Time." www.actualtests.com 64 Checkpoint 156215.75 Exam

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 160 When translation occurs using automatic Hide NAT, what also happens? A. B. C. D. Nothing happens. The source port is modified. The destination port is modified. The destination is modified.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 161 The fw monitor utility is used to troubleshoot which of the following problems?

A. B. C. D.

Phase two key negotiation User data base corruption Address translation Log Consolidation Engine

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 162 The fw monitor utility would be best to troubleshoot which of the following problems? A. B. C. D. An error occurs when editing a network object in SmartDashboard A statically NATed Web server behind a Security Gateway cannot be reached from the Internet. You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiations. A user in the user database is corrupt.

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 65 Checkpoint 156215.75 Exam

QUESTION 163 Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.

A. B. C. D.

There is not enough information provided in the Wireshark capture to determine NAT settings. This is an example hide NAT. There is an example of Static NAT and translate destination on client side unchecked in Global Properties. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 164 In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used: A. B. C. D. It is necessary to add a static route to the Gateway's routing table. The Security Gateway's ARP file must be modified. It is not necessary to add a static route to the Gateway's routing table. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 165 Secure Internal Communications (SIC) is completely NATtolerant because it is based on: "Pass Any Exam. Any Time." www.actualtests.com 66 Checkpoint 156215.75 Exam A. B. C. D. MAC addresses. SIC names. SIC is not NATtolerant. IP addresses.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 166 Static NAT connections, by default, translate on which inspection point of the firewall kernel? A. B. C. D. Outbound Eitherbound Inbound Postinbound

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 167

In a Hide NAT connection outbound, which portion of the packet is modified? A. B. C. D. Source IP address and destination port Destination IP address and destination port Source IP address and source port Destination IP address and destination port

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 168 You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the order of the rules if both methods are used together? Give the best answer. "Pass Any Exam. Any Time." www.actualtests.com 67 Checkpoint 156215.75 Exam A. The Administrator decides on the order of the rules by shifting the corresponding rules up and down. B. The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range C. The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range D. The position of the rules depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 169 Which answers are TRUE? Automatic Static NAT CANNOT be used when: i) NAT decision is based on the destination port ii) Source and Destination IP both have to be translated iii) The NAT rule should only be installed on a dedicated Gateway only iv) NAT should be performed on the server side A. B. C. D. (i), (ii), and (iii) (i), and (ii) (ii) and (iv) only (i)

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 170 In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which is of the following is NOT true? A. When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address. B. When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address. "Pass Any Exam. Any Time." www.actualtests.com 68 Checkpoint 156215.75 Exam C. When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses. D. If you chose Automatic NAT instead, all necessary entries are done for you. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 171 After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue? A. B. C. D. The packet has been sent out through a VPN tunnel unencrypted. An IPSO ACL has blocked the outbound passage of the packet. A SmartDefense module has blocked the packet It is an issue with NAT

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 172 A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules? A. B. C. D. SmartView Tracker SmartView Status SmartView Monitor SmartDashboard

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 173 Which statement below describes the most correct strategy for implementing a Rule Base? "Pass Any Exam. Any Time." www.actualtests.com 69 Checkpoint 156215.75 Exam A. Add the Stealth Rule before the last rule. B. Umit grouping to rules regarding specific access. C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down. D. Place a networktraffic rule above the administrator access rule. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 174 Which of the following is a viable consideration when determining Rule Base order? A. B. C. D. Grouping functionally related rules together Grouping rules by date of creation Grouping authentication rules with address translation rules Grouping reject and drop rules after the cleanup rule

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 175 Which of the following is a viable consideration when determining Rule Base order? A. B. C. D. Grouping rules by date of creation Adding SAM rules at the top of the Rule Base Placing frequently accessed rules before less frequently accessed rules Grouping IPS rules with dynamic drop rules

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 176

Which of the following is a viable consideration when determining Rule Base order? A. Grouping authentication rules with QOS rules "Pass Any Exam. Any Time." www.actualtests.com 70 Checkpoint 156215.75 Exam B. Grouping IPS rules with dynamic drop rules C. Placing more restrictive rules before more permissive rules D. Grouping reject and drop rules after the Cleanup Rule Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 177 You would use the Hide Rule feature to: A. B. C. D. Make rules invisible to incoming packets. View only a few rules without the distraction of others Hide rules from readonly administrators. Hide rules from a SYN/ACK attack.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 178 When you add a resource object to a rule, which of the following occurs? A. B. C. D. All packets that match the resource will be dropped. All packets matching that rule are either encrypted or decrypted by the defined resource. All packets matching the resource service are analyzed through an applicationlayer proxy. Users attempting to connect to the destination of the rule will be required to authenticate.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 179 You are a Security Administrator using one Security Management Server managing three different firewalls. One of the firewalls does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause? A. The firewall object has been created but SIC has not yet been established. "Pass Any Exam. Any Time." www.actualtests.com 71 Checkpoint 156215.75 Exam

B. The license for this specific firewall has expired. C. The firewall has failed to sync with the Security Management Server for 60 minutes. D. The firewall is not listed in the Policy Installation Targets screen for this policy package. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 180 Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose? A. B. C. D. SmartView Monitor Threshold SNMP trap Logging implied rules Userdefined alert script

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 181 The fw stat l command includes all of the following except: A. B. C. D. The number of packets that have been inspected The date and time of the policy that is installed. The number of times the policy has been installed The number of packets that have been dropped

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 182 Which command allows verification of the Security Policy name and install date on a Security "Pass Any Exam. Any Time." www.actualtests.com 72 Checkpoint 156215.75 Exam Gateway? A. fw show policy B. fw ctl pstat policy

C. fw stat l D. fwverp Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 183 You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this? A. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport. B. Restore the entire database, except the user database, and then create the new user and user group. C. Restore the entire database, except the user database. D. Run fwm dbexport l filename. Restore the database. Then, run fwm dbimport l filename to import the users. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 184 Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration? A. B. C. D. Policy Package management dbexport/dbimport Database Revision Control upgrade_export/upgrade_import

Answer: C Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 73 Checkpoint 156215.75 Exam Explanation:

QUESTION 185 Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?

A. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway. B. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway. C. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic. D. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 186 How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy? A. B. C. D. Popup alert script Userdefined alert script Custom scripts cannot be executed through alert scripts SNMP trap alert script

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 187 Which of the following is NOT useful to verify whether or NOT a Security Policy is active on a Gateway? "Pass Any Exam. Any Time." www.actualtests.com 74 Checkpoint 156215.75 Exam A. B. C. D. Check the name of Security Policy of the appropriate Gateway in Smart Monitor. Cpstat fw f policy fw stat fw ctl get string active_secpol

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 188 Of the following, what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases

2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses A. B. C. D. 3, 4, 5, 6, 9, 12, 13 5, 6, 9, 12, 13 1, 2, 8, 10, 11 2, 4, 7, 10, 11

Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 75 Checkpoint 156215.75 Exam

QUESTION 189 Which of the following describes the default behavior of an R75 Security Gateway? A. B. C. D. Traffic is filtered using controlled port scanning. All traffic is expressly permitted via explicit rules. Traffic not explicitly permitted is dropped. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 190 When you use the Global Properties' default settings on R75, which type of traffic will be dropped if no explicit

rule allows the traffic? A. B. C. D. SmartUpdate connections Firewall logging and ICA keyexchange information Outgoing traffic originating from the Security Gateway RIP traffic

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 191 You have installed a R75 Security Gateway on SecurePlatform. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem? A. B. C. D. The object was created with Node / Gateway. The Gateway object is not specified in the Install On column of the first policy rule. The new Gateway's temporary license has expired. No Masters file is created for the new Gateway. "Pass Any Exam. Any Time." www.actualtests.com 76 Checkpoint 156215.75 Exam

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 192 Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates: A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server. B. ForR75Security Gateways are created during the Security Management Server installation. C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway. D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 193 John is the Security Administrator in his company. He installs a new R75 Security Management Server and a new R75 Gateway. He now wants to establish SIC between them. After entering the activation key, the message "Trust established" is displayed in SmartDashboard, but SIC still does not seem to work because the policy

won't install and interface fetching still does not work. What might be a reason for this? A. B. C. D. This must be a human error. The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid. SIC does not function over the network. It always works when the trust is established.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 194 "Pass Any Exam. Any Time." www.actualtests.com 77 Checkpoint 156215.75 Exam A _______ rule is used to prevent all traffic going to the R75 Security Gateway. A. B. C. D. Cleanup Reject Stealth IPS

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 195 In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______. A. B. C. D. 256 80 900 259

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 196 Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R75 Gateway, which connections to your ISP provider. How do you configure the Gateway to allow this network to go out to the internet?

A. B. C. D.

Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway. Use automatic Static NAT for network 10.1.1.0/24. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 78 Checkpoint 156215.75 Exam

QUESTION 197 Which specific R75 GUI would you use to add an address translation rule? A. B. C. D. SmartConsole SmartDashboard SmartNAT SmartView Monitor

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 198 You are a Security Administrator who has installed Security Gateway R75 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following: 1. Created manual Static NAT rules for the Web server. 2. Created the following settings in the Global Properties' Network Address Translation screen Allow bidirectional NAT* Translate destination on client side Do you above settings limit the partner's access? A. Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet. B. Yes, Both of these settings are only application to automatically NAT rules. C. No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server. D. No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and antispoofing. Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 199 "Pass Any Exam. Any Time." www.actualtests.com 79 Checkpoint 156215.75 Exam You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYNACK packet translated from 216.216.216.5 back into 10.10.10.5? A. B. C. D. i=inbound kernel, before the virtual machine O=outbound kernel, after the virtual machine o=outbound kernel, before the virtual machine I=inbound kernel, after the virtual machine

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 200 You have configured a remote site Gateway that supports your boss's access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in "nobody has touched anything", which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it? A. You cannot use NAT and a dialup connection. B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup. C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here. D. According to published limitations of Security GatewayR75, there's a bug with NAT. A restart of the Gateway will help here. Answer: C Section: (none) Explanation/Reference: Explanation: Topic 3, Volume C

QUESTION 201 A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for? "Pass Any Exam. Any Time." www.actualtests.com 80 Checkpoint 156215.75 Exam

A. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box. B. Antispoofing not configured on the interfaces on the Gateway object. C. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object. D. Secure Internal Communications (SIC) not configured for the object. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 202 A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the standalone installation of R75. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block? A. B. C. D. A Stealth Rule has been configured for theR75Gateway. The Allow Control Connections setting in Policy / Global Properties has been unchecked. The Security Policy installed to the Gateway had no rules in it The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 203 Which of the following is NOT a valid selection for tracking and controlling packets in R75? A. B. C. D. Reject Accept Hold Session Auth

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 81 Checkpoint 156215.75 Exam

QUESTION 204 When configuring antispoofing on the Security Gateway object interfaces, which of the following is NOT a valid R75 topology configuration? A. Specific

B. External C. Any D. Not Defined Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 205 You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause? A. B. C. D. The POP3 rule is disabled. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object inR75. POP3 is accepted in Global Properties. The POP3 rule is hidden.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 206 You are about to test some rule and object changes suggested in an R75 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes? A. B. C. D. upgrade export command Manual copies of the $FWDIR/conf directory SecurePlatform backup utilities Database Revision Control

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 82 Checkpoint 156215.75 Exam

QUESTION 207 Which R75 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations? A. fwm dbexport/fwm dbimport B. Policy Package management

C. upgrade_export/upgrade,,import D. Database Revision Control Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 208 What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security gateway? A. Install the View Implicit Rules package using SmartUpdate B. Define two log serves on the R75 Gateway object Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits. C. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting. D. Check the Log Implied Rules Globally box on the R75 Gateway object. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 209 You have configured Automatic Static NAT on an internal hostnode object. You clear the box Translate destination on client site from Global Properties / NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host? "Pass Any Exam. Any Time." www.actualtests.com 83 Checkpoint 156215.75 Exam A. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. B. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface. C. The NAT IP address must be added to the antispoofing group of the external gateway interface D. No extra configuration is needed Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 210 Cara wants to monitor the top services on her Security Gateway (fwchicago), but she is getting an error

message. Other Security Gateways are reporting the information except a new Security Gateway that was just recently deployed. Analyze the error message from the output below and determine what Cara can do to correct the problem.

A. She should reinstall the security policy on the security Gateway since it was using the default "Pass Any Exam. Any Time." www.actualtests.com 84 Checkpoint 156215.75 Exam rule base B. She should create a firewall rule to allow the CPMI traffic back to her smart console. C. She should let the monitoring run longer in order for it to collect sampled data D. She should edit the security Gateway object and enable the monitoring Software Blade. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 211 What will happen when Reset is pressed and confirmed?

A. The gateway certificate will be revoked on the security management server only B. SIC will be reset on the Gateway only C. The Gateway certificate will be revoked on the security management server and SIC will be reset on the Gateway D. The gateway certificate on the gateway only Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 85 Checkpoint 156215.75 Exam

QUESTION 212 Which rule is responsible for the installation failure?

A. B. C. D.

Rule 4 Rule 3 Rule 5 Rule 6

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 213 What happens if Web Server is checked? A. B. C. D. Web Intelligence will be applied to the host. An implied rule will be added allowing HTTP requests to the host. Antivirus settings will be applied to the host. An implied rule will be added allowing HTTP request from and to the host.

Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 86 Checkpoint 156215.75 Exam Explanation:

QUESTION 214

When configuring the network interfaces of a Check Point Gateway, the direction can be defined as Internal or External. What is the meaning of Interface leads to DMZ?

A. It defines the DMZ Interface since this information is necessary for Content Control. B. Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface C. When selecting this option. AnnSpoofing is configured automatically to this net. D. Activating this option automatically turns this interface to External "Pass Any Exam. Any Time." www. actualtests.com 87 Checkpoint 156215.75 Exam Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 215 Security Administrator, Anna has done the following: What will happen when she recreates the firewall object?

A. B. C. D.

Creating the object will result in a duplicate IP address warning. Get interfaces will show all interfaces. Establishing the SIC will fail. Get interfaces will still show only the old interfaces but not the newly added ones.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 216 The SIC certificate is stored in the________ directory. A. B. C. D. $FUIDIR/conf $CPDIR/conf $FWDIR/database $CPDIR/registry

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 217 You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the: A. Last policy that was installed B. Default filter "Pass Any Exam. Any Time." www.actualtests.com 88 Checkpoint 156215.75 Exam C. Standard policy D. Initial policy Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 218 Nancy has lost SIC communication with her Security Gateway and she needs to reestablish SIC. What would be the correct order of steps needed to perform this task? 1) Create a new activation key on the Security Gateway, then exit cpconfig. 2) Click the Communication tab on the Security Gateway object, and then click Reset. 3) Run the cpconfig tool, and then select Secure Internal Communication to reset.

4) Input the new activation key in the Security Gateway object, and then click initialize 5) Run the cpconfig tool, then select source Internal Communication to reset. A. B. C. D. 5, 4, 1, 2 2, 3, 1, 4 2, 5, 1, 4 3, 1, 4, 2

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 219 To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this? A. In SmartDashboard menu, select Search / Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. B. This cannot be configured since two selections (Service, Action) are not possible. C. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the cpinfo file of the "Pass Any Exam. Any Time." www.actualtests.com 89 Checkpoint 156215.75 Exam Security Management Server. D. In SmartDashboard, rightclick in the column field Service and select Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 220 What CANNOT be configured for existing connections during a policy install? A. B. C. D. Keep all connections Keep data connections Reset all connections Rematch connections

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 221

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

"web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT. When you try to browse the Web server from the Internet, you see the error "page cannot be "Pass Any Exam. Any Time." www.actualtests.com 90 Checkpoint 156215.75 Exam displayed". Which statements are possible reasons for this? i) There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server. ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server. iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries. iv) There is no ARP table entry for the public IP address of the protected Web server. A. B. C. D. (iii) (i), (ii), (iii), (iv) (i), (ii), (iv) (i), (ii)

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 222 You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: "web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all

settings from Global Properties > NAT. When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason? A. There is no NAT rule translating the source IP address of packets coming from the protected Web server. B. There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server. C. There is no ARP table entry for the public IP address of the protected Web server. D. There is no Security Policy defined that allows HTTP traffic to the protected Web server. Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 91 Checkpoint 156215.75 Exam

QUESTION 223 You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer. A. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT). B. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet belonging to a concentration, it compares it against the first rule in the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule. C. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT) D. Yes, there are always as many active NAT rules as there are connections. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 224 You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules? "Pass Any Exam. Any Time." www.actualtests.com 92 Checkpoint 156215.75 Exam

A. B. C. D.

Rules 1 and 5 will be appear in the new package Rules 1, 3, 4 and 5 will appear in the new package Rules 2, 3 and 4 will appear in the new package NAT rules will be empty in the new package

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 225 A Hide NAT rule has been created which includes a source address group of ten (10) networks and three (3) other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non repetitive, how many effective rules have you created? A. B. C. D. 1 25 2 13

Answer: B Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 93 Checkpoint 156215.75 Exam

QUESTION 226 What is a Stealth rule used for? A. B. C. D. To permit implied rules To permit management traffic To prevent users from connecting directly to the gateway To drop all traffic to the management server that is not explicitly permitted

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 227 Where are automatic NAT rules added to the Rule Base? A. B. C. D. Before last Middle First Last

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 228 What is the default setting when you use NAT? A. B. C. D. Manual NAT Serverside NAT Hide NAT Clientside NAT

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 229 "Pass Any Exam. Any Time." www.actualtests.com 94 Checkpoint 156215.75 Exam You receive a notification that longlasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

"Unknown established connection" How do you resolve this problem without causing other security issues? Choose the BEST answer. A. Increase the servicebased session timeout of the default Telnet service to 24hours. B. Create a new TCP service object on port 23 called Telnetmainframe. Define a servicebased session Timeout of 24hours. Use this new object only in the rule that allows the Telnet connections to the mainframe. C. Ask the mainframe users to reconnect every time this error occurs. D. Increase the TCP session timeout under Global Properties > Stateful Inspection. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 230 Which SmartConsole tool would you use to see the last policy pushed in the audit log? A. B. C. D. SmartView Tracker None, SmartConsole applications only communicate with the Security Management Server. SmartView Status SmartView Server

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 231 SmartView Tracker logs the following Security Administrator activities, EXCEPT: A. B. C. D. Administrator login and logout Object creation, deletion, and editing Tracking SLA compliance Rule Base changes

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 95 Checkpoint 156215.75 Exam

QUESTION 232 A security audit has determined that your unpatched Web application server is accessing a SQL server. You believe that you have enabled the proper IPS setting but would like to verify this using SmartView Tracker. Which of the following entries confirms that this information is being blocked against attack?

A. B. C. D.

ASCII Only Response Header detected: SQL Fingerprint Scrambling: Changed [SQL] to [Perl] Concealed HTTP response [SQL Server]. (Error Code WSE0160003) HTTP response spoofing: remove signature [SQL Server]

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 233 What happens when you select File / Export from the SmartView Tracker menu? A. B. C. D. Logs in fw.log are exported to a file that can be opened by Microsoft Excel. Exported log entries are not viewable in SmartView Tracker. Current logs are exported to a new *.log file. Exported log entries are deleted from fw.log.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 234 By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server: A. B. C. D. Purges the current log file, and prompts you for the new log's mode. Saves the current log file, names the log file by date and time, and starts a new log file. Purges the current log file and starts the new log file. Prompts you to enter a filename, and then saves the log file. "Pass Any Exam. Any Time." www.actualtests.com 96 Checkpoint 156215.75 Exam

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 235 You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators? A. B. C. D. Eventia Monitor SmartView Monitor SmartView Tracker Eventia Tracker

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 236 Which SmartView Tracker mode allows you to read the SMTP email body sent from the Chief Executive Officer (CEO) of a company? A. B. C. D. This is not a SmartView Tracker feature. Display Payload View Display Capture Action Network and Endpoint Tab

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 237 You want to display log entries containing information from a specific column in the SmartView Tracker. If you want to see ONLY those entries, what steps would you take? A. B. C. D. Rightclick column, Search.../ Add string / Apply Filter Rightclick column, Edit Filter / Specific / Add / OK Leftclick column, Search / Add string / Apply Filter Leftclick column, Specific / Add / Apply Filter "Pass Any Exam. Any Time." www.actualtests.com 97 Checkpoint 156215.75 Exam

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 238 How do you define a service object for a TCP port range? A. Manage Services / New TCP, provide name and define port: xy B. Manage Services / New Group, provide name and add all service ports for range individually to the group object C. Manage Services / New Other, provide name and define protocol: 17, Range: xy D. Manage Services / New Other, provide name and define protocol: xy Answer: A Section: (none)

Explanation/Reference: Explanation:

QUESTION 239 External commands can be included in SmartView Tracker via the menu Tools / Custom Commands. The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command, traceroute on an IP address? A. Use the program GUIdbedit to add the command traceroute to the properties of the Security Management Server. B. Go to the menu Tools / Custom Commands and configure the Windows command tracert.exe to the list. C. There is no possibility to expand the three predefined options Ping, Whois, and Nslookup. D. Go to the menu, Tools / Custom Commands and configure the Linux command traceroute to the list. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 240 Where is the best place to find information about connections between two machines? "Pass Any Exam. Any Time." www.actualtests.com 98 Checkpoint 156215.75 Exam A. B. C. D. On a Security Management Server, using SmartView Tracker All options are valid. On a Security Gateway using the command fw log. On a Security Gateway Console interface; it gives you detailed access to log files and state table information

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 241 Which of the following can be found in cpinfo from an enforcement point? A. B. C. D. The complete file objects_5_0. c Policy file information specific to this enforcement point Everything NOT contained in the file r2info VPN keys for all established connections to all enforcement points

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 242 One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object you receive an error message. What is the problem? A. There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection. B. The remote Gateway's IP address has changed, which invalidates the SIC Certificate. C. The time on the Security Management Server's clock has changed, which invalidates the remote Gateway's Certificate. D. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C. Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 99 Checkpoint 156215.75 Exam

QUESTION 243 What information is found in the SmartView Tracker Management log? A. B. C. D. Most accessed Rule Base rule Number of concurrent IKE negotiations SIC revoke certificate event Destination IP address

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 244 What information is found in the SmartView Tracker Management log? A. B. C. D. Destination IP address Policy Package rule modification date/time stamp Historical reports log Most accessed Rule Base rule

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 245

How do you use SmartView Monitor to compile traffic statistics for your company's Internet activity during production hours? A. View total packets passed through the security gateway B. Use the Traffic Counters settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. C. Select the Tunnels view, and generate a report on the statistics D. Configure a suspicious activity rule which triggers an alert when HTTP traffic pass through gateway Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 100 Checkpoint 156215.75 Exam

QUESTION 246 What are the results of the command: fw sam [Target IP Address]? A. B. C. D. Connections from the specified target are blocked without the need to change the Security Policy. Connections to and from the specified target are blocked with the need to change the Security Policy. Connections to and from the specified target are blocked without the need to change the Security Policy. Connections to the specified target are blocked without the need to change the Security Policy.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 247 An internal router is sending UDP keepalive packets that are being encapsulated with GRE and sent through your R70 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keepalive packets are being sent every 1 minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). Your partner site indicates they are successfully receiving the GRE encapsulated keepalive packets on the 1 minute interval. If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keepalive packet every minute. Which of the following is the BEST explanation for this behavior? A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keepalive packet is considered part of the original logged connection at the beginning of the day. B. The Log Server is failing to log GRE traffic property because it is VPN traffic. Disable all VPN configurations to the partner site to enable proper logging.

C. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, theR75Security Gateway cannot distinguish between GRE sessions. This is a known issue with the GRE. Use IPSEC instead of the non GRE protocol for encapsulation. D. The setting Log does not capture this level of details for GRE Set the rule tracking a action to "Pass Any Exam. Any Time." www.actualtests.com 101 Checkpoint 156215.75 Exam audit since certain types of traffic can only tracked this way. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 248 Which of the following explanations best describes the command fw logswitch [h target] [+ | ] [oldlog]? A. B. C. D. Display a remote machine's logfile list. Control Kernel Display protocol Hosts Create a new Log file. The old log has moved

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 249 You are the Security Administrator for MegaCorp and are enjoying your holiday. One day, you receive a call that some connectivity problems have occurred. Before the holiday, you configured the access from the holiday hotel to your Management Portal. You can see and analyze various objects. Which objects can you create? A. B. C. D. None. SmartPortal access is readonly. Network objects and services Security rules only Network objects, services and internal users

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 250 Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly? "Pass Any Exam. Any Time." www.actualtests.com 102 Checkpoint 156215.75 Exam A. 514

B. 256 C. 257 D. 258 Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 251 In SmartView Tracker, which rule shows when a packet is dropped due to antispoofing? A. B. C. D. Blank field under Rule Number Rule 0 Cleanup Rule Rule 1

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 252 Each grocery store in a regional chain is protected by a Security Gateway. The information technology audit department wants a report including: The name of the Security Policy installed on each remote Security Gateway. The date and time the Security Policy was installed. General performance statistics (CPU Use, average CPU time, active real memory, etc) Which one SmartConsole application can you use to gather all this information? A. B. C. D. SmartView Tracker SmartView Monitor SmartDashboard SmartUpdate

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 103 Checkpoint 156215.75 Exam

QUESTION 253 You administer a large, geographically distributed network. The Internet connection at a remote site failed during

the weekend, and the Security Gateway logged locally for over 48 hours. It is possible that the logs may have consumed most of the free space on the Gateway's hard disk. Which SmartConsole application displays the percent of free harddisk space on the remote Security Gateway? A. B. C. D. SmartView Tracker SmartView Monitor This information can only be viewed with fw ctl pstat command from the CLI Eventia Analyzer

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 254 You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this? A. B. C. D. Add a "temporary" rule using SmartDashboard and select hide rule. Create a Suspicious Activity Rule in SmartView Monitor Use dbedit to script the addition of a rule directly into the Rule Bases_5_0. fws configuration file. Select block intruder from the tools menu in SmartView Tracker.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 255 You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you view the blocked addresses? "Pass Any Exam. Any Time." www.actualtests.com 104 Checkpoint 156215.75 Exam A. Run f wm blockedview. B. In SmartView Monitor, select the Blocked Intruder option from the query tree view C. In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list. D. In SmartView Tracker, click the Active tab. and the actively blocked connections displays Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 256 In SmartDashboard, you configure 45 MB as the required free harddisk space to accommodate logs. What can

you do to keep old log files, when free space falls below 45 MB? A. B. C. D. Configure a script to run fw logswitch and SCP the output file to a separate file server. Do nothing. Old logs are deleted, until free space is restored. Use the fwm logexport command to export the old log files to another location. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 257 You are Security Administrator for a large call center. The management team is concerned that employees may be installing and attempting to use peertopeer filesharing utilities, during their lunch breaks. The call center's network is protected by an internal Security Gateway, configured to drop peertopeer filesharing traffic. Which option do you use to determine the number of packets dropped by each Gateway? A. B. C. D. SmartView Monitor SmartView Tracker SmartView Status SmartDashboard

Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 105 Checkpoint 156215.75 Exam

QUESTION 258 How do you configure an alert in SmartView Monitor? A. B. C. D. By choosing the Gateway, and Configure Thresholds. By rightclicking on the Gateway, and selecting System Information. An alert cannot be configured in SmartView Monitor. By rightclicking on the Gateway, and selecting Properties.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 259 True or False: SmartView Monitor can be used to create alerts on a specified Gateway.

A. B. C. D.

True, by choosing the Gateway and selecting System Information. True, by rightclicking on the Gateway and selecting Configure Thresholds. False, alerts can only be set in SmartDashboard Global Properties. False, an alert cannot be created for a specified Gateway.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 260 Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? A. B. C. D. SmartView Status SmartView Monitor None, SmartConsole applications only communicate with the Security Management Server. SmartUpdate

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 261 "Pass Any Exam. Any Time." www.actualtests.com 106 Checkpoint 156215.75 Exam Which R75 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? A. B. C. D. SmartUpdate SmartView Server SmartView Tracker None, SmartConsole applications only communicate with the Security Management Server.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 262 You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastest method to block this intruder from accessing your network indefinitely? A. In SmartDashbourd, select IPS / Network Security Denial of Service B. In SmartView Tracker, select Tools / Block Intruder C. In SmartView Monitor, select Tool / Suspicious Activity Rules.

D. Modify the Rule Base to drop these connections from the network. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 263 Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%? A. B. C. D. Real Time Monitor / Gateway Settings / Status Monitor SmartView Tracker / Audit Tab / Gateway Counters This can only be monitored by a userdefined script. SmartView Monitor / Gateway Status / Threshold Settings

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 264 "Pass Any Exam. Any Time." www.actualtests.com 107 Checkpoint 156215.75 Exam Where can an administrator configure the notification action in the event of a policy install time change? A. B. C. D. SmartView Tracker / Audit Log SmartView Monitor / Gateways / Thresholds Settings SmartDashboard / Security Gateway Object / Advanced Properties Tab SmartDashboard / Policy Package Manager

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 265 Where are custom queries stored in R75 SmartView Tracker? A. B. C. D. On the Security Management Server tied to the Administrator User Database login name. On the SmartView Tracker PC local file system under the user's profile. On the Security Management Server tied to the GUI client IP. On the SmartView Tracker PC local file system shared by all users of that local PC.

Answer: A Section: (none) Explanation/Reference:

Explanation:

QUESTION 266 How do you view a Security Administrator's activities with SmartConsole? A. B. C. D. SmartView Tracker in the Management tab SmartView Tracker in the Network and Endpoint tabs SmartView Monitor using the Administrator Activity filter Eventia Suite

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 267 Which SmartView Tracker selection would most effectively show who installed a Security Policy "Pass Any Exam. Any Time." www.actualtests.com 108 Checkpoint 156215.75 Exam blocking all traffic from the corporate network? A. B. C. D. Custom filter Network and Endpoint tab Management Tab Active tab

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 268 You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity? A. SmartView Tracker cannot display Security Administrator activity: instead, view the system logs on the Security Management Server's Operating System B. SmartView Tracker in Management Mode C. SmartView Tracker in Active Mode D. SmartView Tracker in Network and Endpoint Mode Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 269

Which of the following R75 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway? A. B. C. D. Active Tab Audit Tab Account Query All Records Query

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 270 "Pass Any Exam. Any Time." www.actualtests.com 109 Checkpoint 156215.75 Exam While in Smart View Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 but cannot remember all the steps. What is the correct order of steps needed to perform this? 1) Select the Active Mode tab In Smart view Tracker 2) Select Tools > Block Intruder 3) Select the Log Viewing tab in SmartView Tracker 4) Set the Blocking Time out value to 60 minutes 5) Highlight the connection he wishes to block A. B. C. D. 3, 2, 5, 4 3, 5, 2, 4 1, 5, 2, 4 1, 2, 5, 4

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 271 What information is found in the SmartView Tracker Management log? A. B. C. D. Rule author TCP handshake average duration TCP source port Top used QOS rule

Answer: A Section: (none)

Explanation/Reference: Explanation:

QUESTION 272 Where do you enable popup alerts for IPS settings that have detected suspicious activity? A. In SmartView Monitor, select Tools / Alerts B. In SmartView Tracker, select Tools / Custom Commands C. In SmartDashboard, edit the Gateway object, and select IPS / Alerts "Pass Any Exam. Any Time." www. actualtests.com 110 Checkpoint 156215.75 Exam D. In SmartDashboard, select Global Properties / Log and Alert / Alert Commands Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 273 Which R75 GUI would you use to see the number of packets accepted since the last policy install? A. B. C. D. SmartView Monitor SmartView Status SmartView Tracker SmartDashboard

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 274 You are trying to save a custom log query in R75 SmartView Tracker, but getting the following error "Could not save 'queryname' (Error Database is Read only). Which of the following is a likely explanation for this? A. You have readonly rights to the Security Management Server database. B. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization C. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally D. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 275 The R75 fw monitor utility is used to troubleshoot which of the following problems? "Pass Any Exam. Any Time." www.actualtests.com 111 Checkpoint 156215.75 Exam A. B. C. D. Phase two key negotiation User data base corruption Log Consolidation Engine Traffic issues

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 276 You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer. A. In SmartReporter, in the section Firewall Blade Activity / Network Activity with information concerning Top Matched Logged Rules. B. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter. C. In the SmartView Tracker, if you activate the column Matching Rate. D. SmartReporter provides this information in the section Firewall Blade Security / Rule Base Analysis with information concerning Top Matched Logged Rules. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 277 A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter? A. B. C. D. Turn the field Track of each rule to LOG. Network traffic cannot be analyzed when the Security Management Server has a high load. Configure Additional Logging on a separate log server. SmartReporter analyzes all network traffic, logged or not.

Answer: C Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 112 Checkpoint 156215.75 Exam

QUESTION 278 What is a Consolidation Policy? A. The collective name of the Security Policy, Address Translation, and IPS Policies. B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. C. The collective name of the logs generated by SmartReporter. D. A global Policy used to share a common enforcement policy for multiple Security Gateways. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 279 Which feature in R75 permits blocking specific IP addresses for a specified time period? A. B. C. D. Suspicious Activity Monitoring HTTP Methods Block Port Overflow Local Interface Spoofing

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 280 You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? A. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools / Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped". B. Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools / Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view. C. Highlight the suspicious connection in SmartView Tracker > Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view. D. Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools / Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear "Pass Any Exam. Any Time." www.actualtests.com 113 Checkpoint 156215.75 Exam again in this SmartView Tracker view. Answer: B

Section: (none) Explanation/Reference: Explanation:

QUESTION 281 Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day? A. B. C. D. SAM Block Intruder feature of SmartView Tracker Intrusion Detection System (IDS) Policy install SAM Suspicious Activity Rules feature of SmartView Monitor Change the Rule Base and install the Policy to all Security Gateways

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 282 Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection? A. B. C. D. SAM Suspicious Activity Rules feature of SmartView Monitor Change the Rule Base and install the Policy to all Security Gateways Intrusion Detection System (IDS) Policy install Block Intruder feature of SmartView Tracker

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 283 What do you use to view a R75 Security Gateway's status, including CPU use, amount of virtual memory, percent of free harddisk space, and version? A. Only possible via command line tools "Pass Any Exam. Any Time." www.actualtests.com 114 Checkpoint 156215.75 Exam B. SmartView Tracker C. SmartView Monitor D. SmartUpdate Answer: C Section: (none) Explanation/Reference:

Explanation:

QUESTION 284 Which R75 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time? A. B. C. D. Smart Event SmartView Monitor SmartView Status SmartUpdate

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 285 SmartView Tracker R75 consists of three different modes. They are: A. B. C. D. Log, Active, and Audit Log, Active, and Management Log, Track, and Management Network & Endpoint, Active, and Management

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 286 You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert? A. In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard Select "Pass Any Exam. Any Time." www.actualtests.com 115 Checkpoint 156215.75 Exam Global Properties > Log and alerts > Alert Commands. B. In SmartView Monitor, select Gateway > Configure Thresholds. C. In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands. D. You cannot create a mail alert for Policy installation Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 287 Your boss wants you to closely monitor an employee suspected of transferring company secrets to the

competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is best to accomplish this task? A. Watch his IP in SmartView monitor by setting an alert action to any packet that matches your Rule base and his IP Address for inbound and outbound traffic. B. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP source or destination port. Then, export the corresponding entries to a separate log file for documentation. C. Use SmartDashboard to add a rule in the firewall rule Base that matches his IP address and those of potential target and suspucious9 protocols. Apply the alert action or customized messaging. D. Send the suspect an email with a key logging Trojan attached, to get direct information about his wrong doing Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 288 MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license? A. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate. B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. C. Using each of the Gateways' IP addresses, and applying the license on the Security Management Server with the cprlic put command. D. Using the remote Gateway's IP address and applying the license locally with the cplic put command. "Pass Any Exam. Any Time." www.actualtests.com 116 Checkpoint 156215.75 Exam Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 289 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the: A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. C. SmartUpdate wizard walks the Administrator through a distributed installation. D. selected package is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed. Answer: A Section: (none) Explanation/Reference:

Explanation:

QUESTION 290 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the: A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. C. SmartUpdate wizard walks the Administrator through a distributed installation. D. selected package is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 291 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After "Pass Any Exam. Any Time." www.actualtests.com 117 Checkpoint 156215.75 Exam selecting Packages / Distribute and Install Selected Package and choosing the target Gateway, the: A. selected package is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed. B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. C. SmartUpdate wizard walks the Administrator through a distributed installation. D. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 292 Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages Select / Add from CD, the: A. entire contents of the CDROM arc copied to the packages directory on the selected remote Security Gateway B. selected package is copied to the Package Repository on the Security Management Server. C. entire contents of the CDROM are copied to the Package Repository on the Security Management Server D. selected package is copied to the packages directory on the selected remote Security Gateway Answer: B

Section: (none) Explanation/Reference: Explanation:

QUESTION 293 What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate? A. B. C. D. SmartUpdate GUI PC SmartUpdate Repository SQL database Server A Security Gateway retrieving the new upgrade package SmartUpdate installed Security Management Server PC

Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 118 Checkpoint 156215.75 Exam Explanation:

QUESTION 294 What port is used for communication to the User Center with SmartUpdate? A. B. C. D. CPMI 200 HTTPS 443 HTTP 80 TCP 8080

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 295 You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA? A. Send a Certified Security Engineer to each site to perform the update. B. Use SmartUpdate to install the packages to each of the Security Gateways remotely. C. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote installation command and monitor the installation progress with SmartView Monitor D. Send a CDROM with the HFA to each location and have local personnel install it. Answer: B Section: (none) Explanation/Reference:

Explanation:

QUESTION 296 An advantage of using central instead of local licensing is: A. A license can be taken from one Security Management server and given to another Security Management Server. B. Only one IP address is used for all licenses. C. Licenses are automatically attached to their respective Security Gateways. D. The license must be renewed when changing the IP address of security Gateway. Each "Pass Any Exam. Any Time." www.actualtests.com 119 Checkpoint 156215.75 Exam module's license has a unique IP address. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 297 You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool? A. B. C. D. View the status of currently installed licenses Perform the actual licenseupgrade process View the licenses in the SmartUpdate License Repository Simulate the licenseupgrade process

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 298 If a SmartUpdate upgrade or distribution operation fails on SecurePlatfom, how is the system recovered? A. The Administrator must remove the rpm packages manually, and reattempt the upgrade. B. The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>. C. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>. D. SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 299 Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process? "Pass Any Exam. Any Time." www.actualtests.com 120 Checkpoint 156215.75 Exam A. B. C. D. It will conflict with any future upgrades when using SmartUpdate. SmartUpdate will start a new installation process if the machine is rebooted. It contains your security configuration, which could be exploited. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 300 Which of these components does NOT require a Security Gateway R75 license? A. B. C. D. SmartUpdate upgrading/patching Security Management Server SmartConsole Check Point Gateway

Answer: C Section: (none) Explanation/Reference: Explanation: Topic 4, Volume D

QUESTION 301 You plan to migrate a Windows NG with Application Intelligence (AI) R55 SmartCenter Server to R75. You also plan to upgrade four VPN1 Pro Gateways at remote offices, and one local VPN1 Pro Gateway at your company's headquarters to R75. The Management Server configuration must be migrated. What is the correct procedure to migrate the configuration? A. 1. Upgrade the remote gateway via smartUpdate. 2. upgrade the security management server, using theR75CD B. 1. From theR75CDROM on the security management server, select Upgrade 2. Reboot after installation and upgrade all licenses via SmartUpdate 3. Reinstall all gateways using R 70 and install a policy C. 1. Copy the $PWDIR\ conf directory from the security management server 2. Save directory contents to another file server 3. Uninstall the security management server, and install anew security management server 4. Move the saved directory contents to $ PWDIR\conf replacing the default installation files 5. Reinstall all gateways usingR75and install a security policy

D. 1. From theR75CD ROM in the security management server, select export 2. Install R 70 on a new PC using the option installation using imported configuration 3. Reboot after installation and update all licenses via smartUpdate "Pass Any Exam. Any Time." www. actualtests.com 121 Checkpoint 156215.75 Exam 4. Upgrade software on all five remote Gateway via SmartUpdate Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 302 You are using SmartUpdate to fetch data and perform a remote upgrade to a R75 Security Gateway. Which of the following statements is FALSE? A. A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway. B. If SmartDashboard is open during package upload and upgrade, the upgrade will fail. C. SmartUpdate can query the Security Management Server and Gateway for product information. D. SmartUpdate can query license information running locally on the Gateway. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 303 What action can be performed from SmartUpdate R75? A. B. C. D. remote_uninstall_verifier upgrade_export fw stat l cpinfo

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 304 Which tool CANNOT be launched from SmartUpdate R75? A. snapshot B. SecurePlatform WebUI C. cpinfo "Pass Any Exam. Any Time." www.actualtests.com 122 Checkpoint 156215.75 Exam

D. IP Appliance Voyager Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 305 If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate? A. B. C. D. Data Loss Prevention SmartEvent Intro SSL: VPN IPS

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 306 Central license management allows a Security Administrator to perform which of the following functions? 1) Check for expired licenses. 2) Sort licenses and view license properties 3) Attach both R75 Central and Local licenses to a remote module 4) Delete both R75 Local licenses and Central licenses from a remote module 5) Add or remove a license to or from the license repository 6) Attach and/or delete only R75 Central licenses to a remote module (not local licenses) A. B. C. D. 2, 5, & 6 2, 3, 4, & 5 1, 2, 5, & 6 1, 2, 3, 4, & 5

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 123 Checkpoint 156215.75 Exam

QUESTION 307 Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with SecurePlatform, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so? A. B. C. D. She needs to run cpconfig to enable the ability to SCP files. She needs to edit /etc/scpusers and add the Standard Mode account. She needs to run sysconfig and restart the SSH process. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 308 Which command gives an overview of your installed licenses? A. B. C. D. cplic print showlic cplicense lic print

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 309 Where are SmartEvent licenses installed? A. B. C. D. Security Gateway SmartEvent server Security Management Server Log Server

Answer: B Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 124 Checkpoint 156215.75 Exam Explanation:

QUESTION 310 You currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?

A. B. C. D.

The license will be upgraded with a warning It is deleted It is upgraded with new available features, but cannot be activated The license is not upgraded

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 311 Which of the following statements about service contracts, i.e., Certificate, software subscription, or support contract, is FALSE? A. A service contract can apply only for a single set of Security Gateways managed by the same Security Management Server. B. The contract file is stored on the Security Management Server and downloaded to all Security Gateways during the upgrade process. C. Most softwaresubscription contracts are permanent, and need not be renewed after a certain time passes. D. Service Contracts can apply for an entire User Center account. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 312 You have an NGX R65 Gateway running on SecurePlatform. The Gateway also serves as a Policy Server. When you run patch add CD from the Security Gateway R75 CDROM, what does this command allow you to upgrade? A. Only theR75Security Gateway "Pass Any Exam. Any Time." www.actualtests.com 125 Checkpoint 156215.75 Exam B. Only the patch utility is upgraded using this command C. All products, except the Policy Server D. Both the operating system and all Check Point products Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 313 Your network includes a SecurePlatform machine running NG with Application Intelligence (AI) R55. This configuration acts as both the primary Security Management Server and VPN1 Pro Gateway. You add one machine, so you can implement Security Gateway R75 in a distributed environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500GB hard drive. How do you use these two machines to successfully migrate the NG with AI R55 configuration?

A. 1. On the existing machine, export the NG with AJ R55 configuration to a network share. 2. Insert theR75CDROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. Complete sysconfig. 3. On the new machine, install SecurePlatform as the primary Security Management Server only. 4. Transfer the exported. tgz file into the new machine, import the configuration, and then reboot 5. Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gateway object. B. 1. Export the configuration on the existing machine to a tape drive 2. Uninstall the Security Management Server from the existing machine, using sysconfig. 3. Insert theR75CDROM. run the patch add CDROM command to upgrade the existing machine to theR75Security Gateway, and reboot 4. Install a new primary Security Management Server on the new machine 5. Change the Gateway object to the new version, and reset SIC C. 1. Export the configuration on the existing machine to a network share 2. Uninstall the Security Gateway from the existing machine, using sysconfig 3. Insert theR75CD ROM. and run the patch add CDHGM command to upgrade the Security Management Server to Security Gateway R 70 4. Select upgrade with imported file, and reboot 5. Install a newR75Security Gateway as the only module on the new machine, and reset SIC to the new Gateway D. 1. Export the configuration on the existing machine as a backup only 2. Edit $FWDIR\product. conf on the existing machine, to disable the VPN1 Pro Gateway package 3. Reboot the existing machine 4. Perform an in place upgrade on the Security Management Server using the command "patch odd cd" 5. On the new machine, install SecurePlatform as theR75Security Gateway only 6. Run sysconfig to complete the configuration "Pass Any Exam. Any Time." www.actualtests.com 126 Checkpoint 156215.75 Exam 7. From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 314 After installing Security Gateway R75, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a Get Topology request. What is the most likely cause and solution? A. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatformR75Hotfix Accumulator (HFA). B. The NIC is faulty. Replace it and reinstall. C. Make sure the driver for your particular NIC is available, and reinstall. You will be prompted for the driver. D. If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 315 You are installing your R75Security Gateway. Which is NOT a valid option for the hardware platform? A. B. C. D. Crossbeam Solaris Windows IPSO

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 316 You plan to upgrade from R65 to R75 Software Blades. Do you need new licenses and license strings for this scenario? "Pass Any Exam. Any Time." www.actualtests.com 127 Checkpoint 156215.75 Exam A. No, the upgrade will preserve licenses. B. Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgraded systems with the new Software Blades licenses. C. Yes, the upgrade will do an automatic conversion in the User Center, but you will need to reattach the new licenses. D. No, the upgrade will convert all licenses toR75. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 317 What is the command to upgrade a SecurePlatform NG with Application Intelligence R55 Management Server to R75? A. B. C. D. fwm upgrade_tool upgrade_mgmt patch add cd fw install_mgmt

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 318 Jeff wanted to upgrade his Security Gateway to R75, but he remembers that he needs to have a contracts file from the User Center before he can start the upgrade. If Jeff wants to download the contracts file from the User

Center, what is the correct order of steps needed to perform this? 1) Select Update Contracts from User Center. 2) Enter your Username for your User Center account. 3) Enter your Password for your User Center account. 4) Click the Browse button to specify the path to your download contracts file. 5) Enter your Username and Password for your Security Gateway. A. 2, 3, 4 B. 1, 5, 4 "Pass Any Exam. Any Time." www.actualtests.com 128 Checkpoint 156215.75 Exam C. 5, 2, 3 D. 1, 2, 3 Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 319 Your current Check Point enterprise consists of one Management Server and four Gateways in four different locations with the following versions: All devices are running SecurePlatform. You are upgrading your enterprise to R75. Place the required tasks from the following list in the correct order for upgrading your enterprise to R75. 1) Upgrade all gateways to R75 2) Upgrade all gateways 3 and 4 to R 65 3) Upgrade all gateways 2, 3, and 4 to R 65 4) Upgrade all gateway 4 to R 65 5) Perform preupgrade verifier on Security management server 6) Perform preupgrade verifier on all Gateways 7) Perform License upgrade checker on Gateway 2 8) Perform License upgrade checker on Gateway 3 9) Perform License upgrade checker on Gateway 4 10) Perform License upgrade checker on Security Management Server 11) Perform License upgrade checker on all devices 12) Upgrade security management server to R 70

A. B. C. D.

11, 5, 12, 3, 1 9, 4, 5, 12, 1 5, 6, 12, 1 11, 5, 12, 2, 1

Answer: B Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 129 Checkpoint 156215.75 Exam Explanation:

QUESTION 320 In which directory do you install the R75 preupgrade verifier on a SecurePlatform Security Management Server? A. It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations. B. In $PWDIR/ conf. C. It does not matter as long as the Administrator uses chmod to permit the file to execute. D. in $PWDIR/ bin Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 321 What happens to evaluation licenses during the licenseupgrade process? A. B. C. D. They are dropped. They remain untouched, but may not activate all features of a new version. They automatically expire. They are upgraded with new available features.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 322 One of your licenses is set for an IP address no longer in use. What happens to this license during the license upgrade process? A. It is upgraded with new available features but the IP remains the same B. It remains untouched. C. It is upgraded with the previous features using the new IP address

D. It is dropped "Pass Any Exam. Any Time." www.actualtests.com 130 Checkpoint 156215.75 Exam Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 323 All Check Point Suite products before version RXX need to be upgraded to RXX before you can upgrade them to R75. RXX is: A. B. C. D. R55 R65 R61 R60

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 324 R75 is compatible with UTM1 Edge gateways X.X and above. X.X is: A. B. C. D. 6.5 7.5 7.0 8.5

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 325 Can you upgrade a clustered deployment with zero downtime? A. B. C. D. No, this is not possible. Yes, if you select the option zero downtime, it will keep one member active No, you must bring all gateways down. Yes, this is the default setting.

Answer: B Section: (none) Explanation/Reference:

"Pass Any Exam. Any Time." www.actualtests.com 131 Checkpoint 156215.75 Exam Explanation:

QUESTION 326 As a Security Administrator, you must refresh the Client Authentication authorization timeout every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting: A. B. C. D. in the user object's Authentication screen in the Gateway object's Authentication screen in the Limit tab of the Client Authentication Action Properties screen in the Global Properties Authentication screen

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 327 Your Rule Base includes a Client Authentication rule, using partial authentication and standard signon for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error page cannot be displayed in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What caused Client Authentication to fail? A. B. C. D. You added a rule below the Client Authentication rule, blocking HTTP from the internal network. You added the Stealth Rule before the Client Authentication rule. You disabledR75Control Connections in Global Properties. You enabled Static NAT on the problematic machines.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 328 The technicalsupport department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember? "Pass Any Exam. Any Time." www.actualtests.com 132 Checkpoint 156215.75 Exam A. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server. B. Once a user is first authenticated, the user will not be prompted for authentication again until logging out. C. You can only use the rule for Telnet, FTP, SMTP, and rlogin services. D. You can limit the authentication attempts in the Authentication tab of the User Properties screen. Answer: A

Section: (none) Explanation/Reference: Explanation:

QUESTION 329 Which column in the Rule Base is used to define authentication parameters? A. B. C. D. Source Action Track Service

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 330 Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server. A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties B. Configure a workstation object for the LDAP server; configure a server object for the LDAP in global properties. C. Enable LDAP in Global Properties, configure a hostnode object for the LDAP server, and configure a server object for the LDAP Account Unit. D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object. Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 133 Checkpoint 156215.75 Exam

QUESTION 331 You cannot use SmartDashboard's SmartDirectory features to connect to the LDAP server. What should you investigate? A. B. C. D. 1 and 3 1 and 2 2 and 3 1, 2, and 3

Answer: C Section: (none) Explanation/Reference:

Explanation:

QUESTION 332 Identify the ports to which the Client Authentication daemon listens by default. A. B. C. D. 8080, 529 259,900 80, 256 256,600

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 333 What is the Manual Client Authentication TELNET Port? A. B. C. D. 23 259 264 900

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 134 Checkpoint 156215.75 Exam

QUESTION 334 Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a: A. B. C. D. Client Authentication for fully automatic sign on Client Authentication rule using the manual signon method, using HTTP on port 900 Client Authentication rule, using partially automatic sign on Session Authentication rule

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 335 Which authentication type permits five different signon methods in the authentication properties window?

A. B. C. D.

Manual Authentication Client Authentication Session Authentication User Authentication

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 336 Which of the following objects is a valid source in an authentication rule? A. B. C. D. User@Network User@Any Host@Any User_group@Network

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 135 Checkpoint 156215.75 Exam

QUESTION 337 Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Why? A. B. C. D. Users must use the SecuRemote Client, to use the User Authentication Rule. Another rule that accepts HTTP without authentication exists in the Rule Base. You checked the cache password on desktop option in Global Properties. You have forgotten to place the User Authentication Rule before the Stealth Rule.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 338 Which authentication type requires specifying a contact agent in the Rule Base? A. Client Authentication with Partially Automatic Sign On B. User Authentication C. Session Authentication

D. Client Authentication with Manual Sign On Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 339 What is the difference between Standard and Specific Sign On methods? A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re authenticate for each service. B. Standard Sign On requires the user to reauthenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address. C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user reauthenticate for each service and each host to which he is trying to connect. D. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user reauthenticate for each service specifically defined in the window Specific Action Properties. "Pass Any Exam. Any Time." www.actualtests.com 136 Checkpoint 156215.75 Exam Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 340 Which set of objects have an Authentication tab? A. B. C. D. Networks. Hosts Users, Networks Users, User Groups Templates, Users

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 341 As a Security Administrator, you are required to create users for authentication. When you create a user for user authentication, the data is stored in the ___________. A. SmartUpdate repository B. User Database C. Rules Database

D. Objects Database Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 342 Review the following rules. Assume domain UDP is enabled in the implied rules. What happens when a user from the internal network tries to browse to the Internet using HTTP? The user: "Pass Any Exam. Any Time." www.actualtests.com 137 Checkpoint 156215.75 Exam

A. B. C. D.

is prompted three times before connecting to the Internet successfully. can go to the Internet after Telnetting to the client auth daemon port 259. can connect to the Internet successfully after being authenticated. can go to the Internet, without being prompted for authentication.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 343 Reviews the following rules and note the Client Authentication Action properties screen, as shown below:

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The: A. user is prompted from that FTP site only, and does not need to enter his username and "Pass Any Exam. Any Time." www.actualtests.com 138 Checkpoint 156215.75 Exam password for Client Authentication. B. User is prompted for Authentication by the Security Gateway again. C. FTP data connection is dropped after the user is authenticated successfully. D. FTP connection is dropped by rules 2. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 344 Which Security Gateway R75 configuration setting forces the Client Authentication authorization timeout to refresh, each time a new user is authenticated? The: A. B. C. D. Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 345 All R75 Security Servers can perform authentication with the exception of one. Which of the Security Servers cannot perform authentication? A. B. C. D. RLOGIN HTTP SMTP FTP

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 346 "Pass Any Exam. Any Time." www.actualtests.com 139 Checkpoint 156215.75 Exam Which of the following are authentication methods that Security Gateway R75 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods. A. B. C. D. Proxied, User, Dynamic, Session Connection, User, Client User, Client, Session Connection, Proxied, Session

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 347 Security Gateway R75 supports User Authentication for which of the following services? Select the response below that contains the MOST complete list of supported services. A. B. C. D. FTP, HTTP, TELNET FTP, TELNET SMTP, FTP, HTTP, TELNET SMTP, FTP, TELNET

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 348 With the User Directory Software Blade, you can create R75 user definitions on a(n) _______Server. A. B. C. D. Radius NT Domain LDAP SecureID

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 140 Checkpoint 156215.75 Exam

QUESTION 349 The User Directory Software Blade is used to integrate which of the following with Security Gateway R75? A. B. C. D. RADIUS server Account management client server User authority server LDAP server

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 350 If you are experiencing LDAP issues, which of the following should you check? A. B. C. D. Domain name resolution Overlapping VPN Domains Secure Internal Communications (SIC) Connectivity between theR75Gateway and LDAP server

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 351 How are cached usernames and passwords cleared from the memory of a R75 Security Gateway? A. By retrieving LDAP user information using the command fw fetchldap B. By using the Clear User Cache button in Smart Dashboard C. Usernames and password only clear from memory after they time out

D. By installing a Security Policy Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 352 "Pass Any Exam. Any Time." www.actualtests.com 141 Checkpoint 156215.75 Exam Your users are defined in a Windows 2003 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R75? A. B. C. D. LDAP group All Users A group with a generic user Externaluser group

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 353 Which type of R75 Security Server does not provide User Authentication? A. B. C. D. FTP Security Server SMTP Security Server HTTP Security Server HTTPS Security Server

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 354 Mr. Smith needs access to other networks and should be able to use all services, but session authentication is not suitable. The Security Administrator selects client authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. The Security Administrator wants to use the Port 9001, but there are some connectivity problems. What is the reason for the connectivity problems? Give the BEST answer. A. B. C. D. The configuration of the service FW1_clntauth_http is not correct. The Security Policy is not correct. The configuration file $FWDIR/conf/fwauthd.conf is wrong. It is not possible to use any port other than the standard port 900 for the client authentication via HTTP.

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 142 Checkpoint 156215.75 Exam

QUESTION 355 You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? A. B. C. D. internet user group A group with generic user LDAP account unit Group All users

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 356 User Marc is requesting a Website while he is using a computer out of the net_singapore network. What is TRUE about his location restriction?

"Pass Any Exam. Any Time." www.actualtests.com 143 Checkpoint 156215.75 Exam

A. Source setting in User Properties always takes precedence. B. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence. C. Source setting in Source column always takes precedence D. As location restrictions add up, he would be allowed from net_singapore and net_sydney. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 357 In the given Rule Base, the client authentication in rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSAD_Group. When Eric tries to connect to a server on the Internet, what will happen? A. B. C. D. Eric will be blocked because LDAP is not allowed in the Rule Base. None of these things will happen. Eric will be authenticated and get access to the requested server. Eric will be blocked by the Stealth Rule.

Answer: B Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 144 Checkpoint 156215.75 Exam

QUESTION 358 Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict? A. B. C. D. Permit access to Finance_net Select ignore database in action properties window Select intersect with user database in the action properties window Select Intersect with user database or Ignore Database in the Action Properties window.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 359 When selecting an authentication scheme for a user, which scheme would you use if you only want the password to be stored locally? (The password is not stored at a third party component.) A. B. C. D. Check Point Password TACACS SecurID OS Password

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 360 For which service is it NOT possible to configure user authentication? A. B. C. D. HTTPS FTP SSH Telnet

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 145 Checkpoint 156215.75 Exam

QUESTION 361 For remote user authentication, which authentication scheme is NOT supported? A. B. C. D. SecurlD TACACS Check Point Password RADIUS

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 362 For information to pass securely between a Security Management Server and another Check Point component, what would NOT be required? A. B. C. D. The communication must be authenticated The communication must use twofactor or biometric authentication. The communication must be encrypted The component must be timeanddate synchronized with the security management server.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 363 What is the bit size of a DES key? A. B. C. D. 112 168 56 64

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 146 Checkpoint 156215.75 Exam

QUESTION 364 What is the size of a hash produced by SHA1? A. 128 B. 56

C. 40 D. 160 Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 365 Public keys and digital certificates do NOT provide which of the following? A. B. C. D. Authentication Nonrepudiation Data integrity Availability

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 366 If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard: A. B. C. D. threepacket IKE Phase 2 exchange Is replaced by a sixpacket exchange threepacket IKE Phase 2 exchange is replaced by a twopacket exchange sixpacket IKE Phase 1 exchange is replaced by a threepacket exchange threepacket IKE Phase 1 exchange is replaced by a sixpacket exchange

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 367 "Pass Any Exam. Any Time." www.actualtests.com 147 Checkpoint 156215.75 Exam You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n): A. B. C. D. diffieHelman verification digital signature private key AES flag

Answer: B Section: (none)

Explanation/Reference: Explanation:

QUESTION 368 Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. In addition, you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. How would you configure this scenario? A. This can not be achieved at all as all algorithms need to be the very same for all VPNs. B. This can only be done in traditional mode VPNs while not using simplified VPN settings. C. This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities. D. This can be done in a single community, but the encrypt action in the security Rule Base needs to be configured for exceptions. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 369 Whitfield Diffie and martin Hellman gave their names to what standard? A. B. C. D. An encryption scheme that makes preshared keys obsolete An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS) A Key Exchange Protocol for the advanced Encryption Standard A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel. "Pass Any Exam. Any Time." www.actualtests.com 148 Checkpoint 156215.75 Exam

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 370 If you need strong protection for the encryption of user data, what option would be the BEST choice? A. When you need strong encryption, IPsec is not the best choice. SSL VPNs are a better choice. B. Disable Diffie Hellman by using stronger certificate based keyderivation. Use AES256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols. C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol. D. Use Diffie Hellman for key construction and preshared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode. Answer: C Section: (none)

Explanation/Reference: Explanation:

QUESTION 371 What is used to validate a digital certificate? A. B. C. D. IPsec CRL S/MIME PKCS

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 372 Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder's access after the next Phase 2 exchange occurs? A. Perfect Forward Secrecy "Pass Any Exam. Any Time." www.actualtests.com 149 Checkpoint 156215.75 Exam B. SHA1 Hash Completion C. Phase 3 Key Revocation D. M05 Hash Completion Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 373 Which statement defines Public Key Infrastructure? Security is provided: A. B. C. D. By authentication By Certificate Authorities, digital certificates, and twoway symmetric key encryption By Certificate Authorities, digital certificates, and public key encryption. Via both private and public keys, without the use of digital Certificates.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 374 Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy

Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions: A. B. C. D. Accept, Drop, Encrypt, Session Auth Accept, Reject, Encrypt, Drop Accept, Drop, Reject, Client Auth Accept, Hold, Reject, Proxy

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 375 Your organization maintains several IKE VPNs. Executives in your organization want to know which mechanism Security Gateway R75 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives? "Pass Any Exam. Any Time." www.actualtests.com 150 Checkpoint 156215.75 Exam A. B. C. D. Keyexchange protocols Digital signatures Certificate Revocation Lists Application Intelligence

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 376 Which of the following provides confidentiality services for data and messages in a Check Point VPN? A. B. C. D. Cryptographic checksums Digital signatures Asymmetric Encryption Symmetric Encryption

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 377 Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

A. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the center of the Community and its branches as satellites. The mesh Community includes only New York and London Gateways. B. One star Community with the option to "mesh" the center of the star: New York and London Gateways added to the center of the star with the mesh canter Gateways option checked, all London branch offices defined m one satellite window, but all New York branch offices defined m another satellite window. C. Two mesh and one star Community One mesh Community is set up for each of the headquarters and its branch offices The star Community is configured with London as the center of the Community and New York is the satellite. D. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one f;or London and New York headquarters. "Pass Any Exam. Any Time." www.actualtests.com 151 Checkpoint 156215.75 Exam Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 378 Which of these attributes would be critical for a sitetosite VPN? A. B. C. D. Strong authentication Centralized management Strong data encryption Scalability to accommodate user groups

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 379 Which of the following is NOT true for Clientless VPN? A. B. C. D. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN Secure communication is provided between clients and servers that support HTTP User Authentication is supported The Gateway can enforce the use of strong encryption

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 380 You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

A. Manually import your partner's Certificate Revocation List. B. Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA). "Pass Any Exam. Any Time." www.actualtests.com 152 Checkpoint 156215.75 Exam C. Create a new logicalserver object to represent your partner's CA D. Manually import your partner's Control List. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 381 Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration? A. This cannot be done without downtime as a VPN between a traditional mode Gateway and a simplified mode Gateway does not work. B. You first need to completely rewrite all policies in simplified mode and then push this new policy to all Gateways at the same time. C. This can not be done as it requires a SIC reset on the Gateways first forcing an outage. D. Convert the required Gateway policies using the simplified VPN wizard, check their logic and then migrate Gateway per Gateway. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 382 Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup? A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel. B. All is fine and can be used as is. C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1. D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No proposal chosen...." Answer: C Section: (none) Explanation/Reference: Explanation:

"Pass Any Exam. Any Time." www.actualtests.com 153 Checkpoint 156215.75 Exam

QUESTION 383 Why are certificates preferred over preshared keys in an IPsec VPN? A. B. C. D. Weak scalability: PSKs need to be set on each and every Gateway Weak performance: PSK takes more time to encrypt than DrffieHellman Weak security: PSKs can only have 112 bit length. Weak Security: PSK are static and can be bruteforced.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 384 MultiCorp must comply with industry regulations in implementing VPN solutions among multiple sites. The corporate Information Assurance policy defines the following requirements: What is the most appropriate setting to comply with these requirements? Portability Standard Key management Automatic, external PKI Session keys changed at configured times during a connection's lifetime Key length No less than 128bit Data integrity Secure against inversion and bruteforce attacks What is the most appropriate setting to comply with theses requirements? A. B. C. D. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for phase 2, AES hash IKE VPNs: DES encryption for IKE phase 1, and 3DES encryption for phase 2, MD 5 hash IKE VPNs: CAST encryption for IKE Phase 1, and SHA 1 encryption for phase 2, DES hash IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 154 Checkpoint 156215.75 Exam

QUESTION 385 What happens in relation to the CRL cache after a cpstop and cpstart have been initiated?

A. B. C. D.

The Gateway retrieves a new CRL on startup, and discards the old CRL as invalid. The Gateway continues to use the old CRL, as long as it is valid. The Gateway continuous to use the old CRL even if it is not valid, until a new CRL is cashed. The Gateway issues a crl_zap on startup, which empties the cache and forces certificate retrieval.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 386 Which of the following is TRUE concerning control connections between the Security Management Server and the Gateway in a VPN Community? Control Connections are: A. B. C. D. encrypted using SIC and reencrypted again by the Community regardless of VPN domain configuration. encrypted by the Community. not encrypted, only authenticated. encrypted using SIC.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 387 How many times is the firewall kernel invoked for a packet to be passed through a VPN connection? A. B. C. D. Three times Twice Once None The IPSO kernel handles it

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 155 Checkpoint 156215.75 Exam

QUESTION 388 You have traveling salesmen connecting to your VPN community from all over the world. Which technology would you choose? A. SSL VPN: It has more secure and robust encryption schemes than IPsec. B. IPsec: It allows complex setups that match any network situation available to the client, i.e. connection from a private customer network or various hotel networks.

C. SSL VPN: It only requires HTTPS connections between client and server. These are most likely open from all networks, unlike IPsec, which uses protocols and ports which are blocked by many sites. D. IPsec: It offers encryption, authentication, replay protection and all algorithms that are state of the art (AES) or that perform very well. It is native to many client operating systems, so setup can easily be scripted. Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 389 You wish to configure a VPN and you want to encrypt not just the data packet, but the original header. Which encryption scheme would you select? A. Both encrypt the data and header B. Tunnelingmode encryption C. Inplace encryption Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 390 You wish to view the current state of the customer's VPN tunnels, including those that are down and destroyed. Which SmartConsole application will provide you with this information? A. SmartView Monitor B. SmartView Status C. SmartView Tracker "Pass Any Exam. Any Time." www.actualtests.com 156 Checkpoint 156215.75 Exam D. SmartUpdate Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 391 Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard? A. B. C. D. Mesh Star Routed Remote Access

Answer: B

Section: (none) Explanation/Reference: Explanation:

QUESTION 392 When a user selects to allow Hotspot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable Hotspot registration. Which of the following is NOT true concerning this modification? A. B. C. D. IP addresses accessed during registration are recorded. Ports accessed during registration are recorded. The number of IP addresses accessed is unrestricted. The modification is restricted by time.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 393 For VPN routing to succeed, what must be configured? A. VPN routing is not configured in the Rule Base or Community objects. Only the nativerouting mechanism on each Gateway can direct the traffic via its VTI configured interfaces. B. No rules need to be created; implied rules that cover inbound and outbound traffic on the "Pass Any Exam. Any Time." www.actualtests.com 157 Checkpoint 156215.75 Exam central (HUB) Gateway are already in place from Policy > Properties > Accept VPN1 Control Connections. C. At least two rules in the Rule Base must be created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway. D. A single rule in the Rule Base must cover all traffic on the central (HUB) Security Gateway for the VPN domain. Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 394 What can NOT be selected for VPN tunnel sharing? A. B. C. D. One tunnel per subnet pair One tunnel per Gateway pair One tunnel per pair of hosts One tunnel per VPN domain pair

Answer: D Section: (none)

Explanation/Reference: Explanation:

QUESTION 395 Marc is a Security Administrator configuring a VPN tunnel between his site and a partner site. He just created the partner city's firewall object and a community. While trying to add the firewalls to the community only his firewall could be chosen. The partner city's firewall does not appear. What is a possible reason for the problem? A. B. C. D. IPsec VPN Software Blade on the partner city's firewall object is not activated. The partner city's firewall object was created as an interoperable device. The partner city's Gateway is running VPN1 NG AI. Only Check Point Gateways could be added to a community.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 396 "Pass Any Exam. Any Time." www.actualtests.com 158 Checkpoint 156215.75 Exam If Henry wanted to configure Perfect Forward Secrecy for his VPN tunnel, in which phase would he be configuring this? A. B. C. D. Aggressive Mode DiffieHellman Phase 2 Phase 1

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 397 You install and deploy SecurePlatform with default settings. You allow Visitor Mode in the Remote Access properties of the Gateway object and install policy, but SecureClient refuses to connect. What is the cause of this? A. Set Visitor Mode in Policy > Global Properties / RemoteAccess / VPN Advanced. B. Office mode is not configured. C. The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port. D. You need to start SSL Network Extender first, than use Visitor Mode. Answer: C Section: (none) Explanation/Reference:

Explanation:

QUESTION 398 With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem? A. B. C. D. Allow your users to turn off SecureClient Allow for unencrypted traffic Allow traffic outside the encrypted domain Enable Hot Spot/Hotel Registration

Answer: D Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 159 Checkpoint 156215.75 Exam Explanation:

QUESTION 399 What statement is true regarding Visitor Mode? A. B. C. D. VPN authentication and encrypted traffic are tunneled through port TCP 443. All VPN traffic is tunneled through UDP port 4500. Only Main mode and Quick mode traffic are tunneled on TCP port 443. Only ESP traffic is tunneled through port TCP 443.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 400 Phase 1 uses________. A. B. C. D. Conditional Sequential Asymmetric Symmetric

Answer: C Section: (none) Explanation/Reference: Explanation: Topic 5, Volume E

QUESTION 401 If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange? A. B. C. D. 6 2 3 9

Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 160 Checkpoint 156215.75 Exam Explanation:

QUESTION 402 How many packets does the IKE exchange use for Phase 1 Main Mode? A. B. C. D. 6 1 3 12

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 403 How many packets does the IKE exchange use for Phase 1 Aggressive Mode? A. B. C. D. 12 3 1 6

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 404 Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled? A. The DH public keys are exchanged. B. Peers authenticate using certificates or preshared secrets.

C. Symmetric IPsec keys are generated. D. Each Security Gateway generates a private DiffieHellman (DH) key from random pools. Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 161 Checkpoint 156215.75 Exam

QUESTION 405 Which of the following commands can be used to remove sitetosite IPsec Security Association (SA)? A. B. C. D. fw ipsec tu vpn ipsec vpn debug ipsec vpn tu

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 406 In which IKE phase are IKE SA's negotiated? A. B. C. D. Phase 4 Phase 1 Phase 3 Phase 2

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 407 In which IKE phase are IPsec SA's negotiated? A. B. C. D. Phase 3 Phase 1 Phase 2 Phase 4

Answer: C Section: (none)

Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 162 Checkpoint 156215.75 Exam

QUESTION 408 You wish to configure an IKE VPN between two R75 Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type of address translation should you use to ensure the two networks access each other through the VPN tunnel? A. B. C. D. Hide NAT Static NAT Manual NAT None

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 409 Which operating system is not supported by SecureClient? A. B. C. D. MacOS X Windows XP SP2 Windows Vista IPSO 3.9

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 410 Which of the following SSL Network Extender serverside prerequisites is NOT correct? A. B. C. D. The Gateway must be configured to work with Visitor Mode. There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users. To use Integrity Clientless Security (ICS), you must install the IC3 server or configuration tool. The specific Security Gateway must be configured as a member of the Remote Access Community

Answer: B Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 163 Checkpoint 156215.75 Exam

QUESTION 411 Which of the following is NOT supported with Office Mode? A. B. C. D. SecuRemote SSL Network Extender SecureClient Endpoint Connect

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 412 Which of the following is NOT supported with office mode? A. B. C. D. Transparent mode L2TP Secure Client SSL Network Extender

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 413 Your organization has many Edge Gateways at various branch offices allowing users to access company resources. For security reasons, your organization's Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters' R75 Security Gateway. How do you configure VPN routing in this star VPN Community? A. B. C. D. To Internet and other targets only To center or through the center to other satellites, to Internet and other VPN targets To center and other satellites, through center To center only

Answer: B Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 164 Checkpoint 156215.75 Exam Explanation:

QUESTION 414 Of the following VPN Community options, which is most likely to provide a balance between IKE compatibility to

VPNcapable devices (Check Point and nonCheck Point) and preserving resources on the R75 Gateway? VPN tunnel sharing per: A. B. C. D. pair of hosts, no permanent tunnels, DiffieHellman Group 1 for Phase 1. subnet, no permanent tunnels, DiffieHellman Group 2 for Phase 1. subnet, permanent tunnels, DiffieHellman Group 1 for Phase 1. pair of hosts, permanent tunnels, DiffieHellman Group 2 for Phase 1.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 415 There are three options available for configuring a firewall policy on the SecureClient Mobile device. Which of the following is NOT an option? A. B. C. D. Configured on endpoint client No Configured on server yes

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 416 When attempting to connect with SecureClient Mobile the following error message is received. The certificate provided is invalid. Please provide the username and password. What is the probable cause of the error? A. The certificate provided is invalid. "Pass Any Exam. Any Time." www.actualtests.com 165 Checkpoint 156215.75 Exam B. The user's credentials are invalid. C. The user attempting to connect is not configured to have an office mode IP address so the connection failed. D. There is no connection to the server, and the client disconnected. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 417 Which operating system is NOT supported by Endpoint Connect R75?

A. B. C. D.

MacOS X Windows XP SP2 O C. Windows Vista 64bit SP1 Windows 2000 SP1

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 418 Using the output below, what type of VPN Community is configured for fwstlouis? A. B. C. D. Traditional Meshed DomainBased Star

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 419 You are evaluating the configuration of a mesh VPN Community used to create a sitetosite VPN. This graphic displays the VPN properties in this mesh Community. "Pass Any Exam. Any Time." www.actualtests.com 166 Checkpoint 156215.75 Exam

Which of the following would be the most valid conclusion? A. The VPN Community will perform IKE Phase 1 keyexchange encryption using the longest key Security GatewayR75supports. B. Changing the setting Perform IPsec data encryption with from AES128 to 3DES will increase the encryption overhead. C. Changing the setting Perform key exchange encryption with 3DES to DES will enhance the VPN Community's security, and reduce encryption overhead. D. Change the dataintegrity settings for this VPN CommunitybecauseMD5 is incompatible with AES. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 420 What is a possible reason for the IKE failure shown in this screenshot? "Pass Any Exam. Any Time." www.actualtests.com 167 Checkpoint 156215.75 Exam

A. B. C. D.

Mismatch in VPN Domains. Mismatch in DiffieHellman group. Mismatch in encryption schemes. Mismatch in preshared secrets.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 421 How can you access the Certificate Revocation List (CRL) on the firewall, if you have configured a Stealth Rule as the first explicit rule? A. You can access the Revocation list by means of a browser using the URL: http://IP FW:18264/ICA CRL1.crl1 provided the implied rules are activated per default. B. The CRL is encrypted, so it is useless to attempt to access it. C. You cannot access the CRL, since the Stealth Rule will drop the packets D. You can only access the CRI via the Security Management Server as the internal CA is located on that server Answer: A Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 168 Checkpoint 156215.75 Exam

QUESTION 422 Which could be an appropriate solution for assigning a unique Office Mode IP address to Endpoint Connect users? A. Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil. B. Edit $ PWDIA/conf/SCM_ assignment. conf on the management server with the correct user name and office mode ip address C. Create a DHCP resource with the fixed IP address to use name mapping. D. Fixed office mode IP can be configured as a user property in smart dash board Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 423 In the SmartView Tracker you receive the error, ...peer send invalid ID information... while trying to establish an IKE VPN tunnel. Where does this error normally result from and how can you solve it? This error normally results from: A. a mismatch in the authentication algorithms used in IKE phase one and can be corrected by changing them to match. B. an invalid IP address configured on one tunnel endpoint; normally the internal one in the General tab. This can be solved with link selection or by changing this IP to the one facing the other tunnel endpoint. C. an invalid IP address configured on one tunnel endpoint, normally the internal one in the General tab. This can be resolved by adding the correct IPs to the Topology tab of both Gateways on both sites. D. a mismatch in the IPs of the VPN tunnel endpoints and can not be resolved. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 424 How many packets are required for IKE Phase 2? A. 2 B. 12 C. 6 "Pass Any Exam. Any Time." www.actualtests.com 169 Checkpoint 156215.75 Exam D. 3 Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 425 Which of the following actions do NOT take place in IKE Phase 1? A. B. C. D. Each side generates a session key from its private key and peer's public key Peers agree on integrity method DiffieHillman key is combined with the key material to produce the symmetrical IPsec key. Peers agree on encryption method

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 426 When using an encryption algorithm, which is generally considered the best encryption method? A. B. C. D. DES AES Triple DES CAST cipher

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 427 Fill in the blank: When you want to create a VPN community where all participating gateways are able to connect to each other, you need to set up a ___________ community. A. B. C. D. Remote Access Meshed SSL VPN Star "Pass Any Exam. Any Time." www.actualtests.com 170 Checkpoint 156215.75 Exam

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 428 Which do you configure to give remote access VPN users a local IP address? A. Office mode IP pool B. NAT pool

C. Encryption domain pool D. Authentication pool Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 429 When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)? A. B. C. D. (6) Delete all IPsec SAs for a given User (Client) (7) Delete all IPsec+IKE SAs for a given peer (GW) (8) Delete all IPsec+IKE SAs for a given User (Client) (5) Delete all IPsec SAs for a given peer (GW)

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 430 When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)? "Pass Any Exam. Any Time." www.actualtests.com 171 Checkpoint 156215.75 Exam

A. B. C. D.

(6) Delete all IPsec SAs for a given User (Client) (7) Delete all IPsec+IKE SAs for a given peer (GW) (5) Delete all IPsec SAs for a given peer (GW) (8) Delete all IPsec+IKE SAs for a given User (Client)

Answer: B Section: (none)

Explanation/Reference: Explanation:

QUESTION 431 Which of the following statements about filetype recognition in Content Inspection is TRUE? A. B. C. D. Antivirus status is monitored using SmartView Tracker. A scan failure will only occur if the antivirus engine fails to initialize. All file types are considered "at risk", and are not configurable by the Administrator or the Security Policy. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 432 Which antivirus scanning method does not work if the Gateway is connected as a node in proxy mode? A. Scan by Direction B. Scan by File Type C. Scan by Server "Pass Any Exam. Any Time." www.actualtests.com 172 Checkpoint 156215.75 Exam D. Scan by IP Address Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 433 Which OPSEC server can be used to prevent users from accessing certain Web sites? A. B. C. D. LEA AMON UFP CVP

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 434 How do you control the maximum number of mail messages in a spool directory?

A. B. C. D.

In the Gateway object's SMTP settings under the Advanced window in the smtp.conf file on the Security Management Server In the Security Server window in Global Properties In IPS SMTP settings

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 435 If you experience unwanted traffic from a specific IP address, how can you stop it most quickly? A. B. C. D. Check antispoofing settings Configure a rule to block the address Create a SAM rule Activate an IPS protection "Pass Any Exam. Any Time." www.actualtests.com 173 Checkpoint 156215.75 Exam

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 436 URL filtering policy can make exceptions for specific sites by being enforced: A. B. C. D. Only for specific sources and destinations. For all traffic, except on specific sources and destinations. For alt traffic, except blocked sites. For all traffic. There are no exceptions.

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 437 The URL Filtering Policy can be configured to monitor URLs in order to: A. B. C. D. Log sites from blocked categories. Redirect users to a new URL. Block sites only once. Alert the Administrator to block a suspicious site.

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 438 Which type of resource could a Security Administrator use to control access to specific file shares on target machines? A. B. C. D. URI CIFS Telnet FTP

Answer: B Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 174 Checkpoint 156215.75 Exam Explanation:

QUESTION 439 What rules send log information to Dshield.org when Storm Center is configured? A. Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts B. Determined by the Global Properties configuration: Log defined in the Log and Alerts section, rules with tracking sent to Account or SNMP trap. C. Determined in Web Intelligence, configuration: Information Disclosure is configured; rules with tracking set to User Defined Alerts or SNMP trap. D. Determined by the Dshield Storm Center Logging setting in Logs and Master of the Security Management Server object rules with tracking set to Log or None. Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 440 A security audit has determined that your unpatched Web application server is accessing a SQL server. Which IPS setting will allow the Security Gateway to prevent this error page from displaying information about the SQL server in your DMZ? A. In Web Intelligence / General / HTTP Protocol Inspection, enables ASCII only response headers. B. In web intelligence / HTTP Protocol Inspection, select the box Enforce Strict HTTP response parsing. C. In application intelligence / FingerPrint Scrambling / WEB Apps, Select the Scramble error message checkbox. D. In Web Intelligence / Information Disclosure / Error Concealment

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 441 Antivirus protection on a Check Point Gateway is available for all of the following protocols, "Pass Any Exam. Any Time." www.actualtests.com 175 Checkpoint 156215.75 Exam EXCEPT: A. B. C. D. FTP SMTP HTTP TELNET

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 442 Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks? A. B. C. D. RHV HTTPS FTP RLOGIN HTTP

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 443 Which Security Servers can perform authentication tasks, but CANNOT perform content security tasks? A. B. C. D. HTTPS Telnet FTP HTTP

Answer: B Section: (none) Explanation/Reference:

Explanation:

QUESTION 444 "Pass Any Exam. Any Time." www.actualtests.com 176 Checkpoint 156215.75 Exam When using the AntiVirus Content Security, how are different file types analyzed? A. B. C. D. They are analyzed by their unencoded format. They are analyzed by their magic number. They are analyzed by the MIME header. They are analyzed by their file extension (i.e. .bat, .exe. .doc)

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 445 For which protocol is antivirus not available? A. B. C. D. SMTP FTP HTTPS HTTP

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 446 Where can you view antispam status? A. B. C. D. SmartView Monitor SmartDashboard SmartView Tracker SmartUpdate

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 447 Where can you view the antivirus status? "Pass Any Exam. Any Time." www.actualtests.com 177 Checkpoint 156215.75 Exam

A. B. C. D.

SmartDashboard SmartView Tracking SmartView Monitor SmartUpdate

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 448 How would you create a temporary user bypass to the URL Filtering policy in Security Gateway? A. B. C. D. By adding an exception in URL Filtering / Advanced I Network Exceptions By enabling it in URL Filtering /Advanced / Bypass By creating an authentication rule in the Firewall It is not possible

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 449 You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants to report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline listing the most cost effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline? A. B. C. D. SmartLSM and SmartUpdate SmartView Tracker and SmartView Monitor SmartView Monitor and SmartUpdate SmartDashboard and SmartView Tracker

Answer: D Section: (none) Explanation/Reference: Explanation:

QUESTION 450 Message digests use which of the following? "Pass Any Exam. Any Time." www.actualtests.com 178 Checkpoint 156215.75 Exam A. SHA1 and MD5 B. IDEA and RC4

C. SSL and MD4 D. DES and RC4 Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 451 Which of the following is a hash algorithm? A. B. C. D. DES IDEA MD5 3DES

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 452 Which of the following uses the same key to decrypt as it does to encrypt? A. B. C. D. Asymmetric encryption Symmetric encryption Certificatebased encryption Dynamic encryption

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 453 You believe Phase 2 negotiations are failing while you are attempting to configure a sitetosite VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicions? A. SmartDashboard "Pass Any Exam. Any Time." www.actualtests.com 179 Checkpoint 156215.75 Exam B. SmartView Tracker C. SmartUpdate D. SmartView Status Answer: B Section: (none)

Explanation/Reference: Explanation:

QUESTION 454 A digital signature: A. B. C. D. Provides a secure key exchange mechanism over the Internet Automatically exchanges shared keys. Guarantees the authenticity and integrity of a message. Decrypts data to its original form.

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 455 Your bank's distributed R75 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days? A. B. C. D. SmartView Tracker Smart Portal SmartUpdate SmartDashboard

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 456 When launching SmartDashboard, what information is required to log into R75? A. User Name, Management Server IP, certificate fingerprint file "Pass Any Exam. Any Time." www. actualtests.com 180 Checkpoint 156215.75 Exam B. User Name, Password. Management Server IP C. Password. Management Server IP D. Password, Management Server IP, LDAP Server IP Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 457 Which component functions as the Internal Certificate Authority for R75?

A. B. C. D.

Security Gateway Management Server Policy Server SmartLSM

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 458 To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo? A. B. C. D. Doubleclick an entry representing a connection between both endpoints. Press CTRL+F in order to open the find dialog, and then search the corresponding IP addresses. Apply a source filter by adding both endpoint IP addresses with the equal option set. Use a regular expression to filter out relevant logging entries. "Pass Any Exam. Any Time." www.actualtests.com 181 Checkpoint 156215.75 Exam

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 459 A thirdshift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this? A. B. C. D. SmartView Tracker SmartView Monitor This information can only be viewed with fw ctl pstat command from the CLI. Eventia Analyzer

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 460 You wish to analyze the packet size distribution of your traffic with SmartView Monitor. Unfortunately, the message, There are no machines that contain Firewall Blade and SmartView Monitor appears.

A. B. C. D. E.

What should you do to analyze the packet size distribution of your traffic? Give the BEST answer. Purchase the SmartView Monitor license for your Security Management Server. Purchase the SmartView Monitor license for your Security Gateway. Enable Monitoring on your Security Gateway. Enable Monitoring on your Security Management Server.

Answer: C Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 182 Checkpoint 156215.75 Exam

QUESTION 461 When troubleshooting NAT entries in SmartView Tracker, which column do we need to check to view the new source IP when using NAT? A. B. C. D. XlateSrc XlateSPort XlateDst XlateDPort

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 462 When troubleshooting NAT entries in SmartView Tracker, which column do we need to check to view the NAT'd source port when using source NAT? A. B. C. D. XlateDst XlateDPort XlateSPort XlateSrc

Answer: C Section: (none) Explanation/Reference: Explanation:

QUESTION 463 Which Client Authentication signon method requires the user to first authenticate via the User Authentication mechanism when logging in to a remote server with Telnet? A. Standard Sign On B. Manual Sign On

C. Agent Automatic Sign On D. Partially Automatic Sign On Answer: D Section: (none) Explanation/Reference: Explanation: "Pass Any Exam. Any Time." www.actualtests.com 183 Checkpoint 156215.75 Exam

QUESTION 464 Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of: A. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters. B. Three star Communities: The first one is between New York headquarters and its branches. The second star Community is between London headquarters and its branches. The third star Community is between New York and London headquarters but it is irrelevant which site is "center" and which "satellite". C. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite. D. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways" option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window. Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 465 Phase 2 uses ___________, if not using Perfect Forward Secrecy. A. B. C. D. Symmetric Conditional Sequential Asymmetric

Answer: A Section: (none) Explanation/Reference: "Pass Any Exam. Any Time." www.actualtests.com 184 Checkpoint 156215.75 Exam Explanation:

New Questions

QUESTION 466 The SIC certificate is stored in the directory______________. A. B. C. D. $CPDIR/conf $FWDIR/database $CPDIR/registry $FWDIR/conf

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 467 Access Role objects define users, machines, and network locations as: A. B. C. D. One object Credentialed objects Separate objects Linked objects

Answer: A Section: (none) Explanation/Reference: Explanation:

QUESTION 468 What command syntax would you use to see accounts the gateway suspects are service accounts? A. B. C. D. pdp check_log adlog check__acoounts pdp show service adlog service_accounts "Pass Any Exam. Any Time." www.actualtests.com 185 Checkpoint 156215.75 Exam Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 469 If a security gateway enforces three protections, LDAP injection, Malicious Code Protector Rejection, which checkpoint license is required in SmartPhone?

A. B. C. D.

SmallEvent intro IPS SSL VPN Data Loss Prevention

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 470 Using Captive Portal, unidentified users may be blocked, allowed to enter required credentials, or required to download: A. B. C. D. ICA Certificate SecureClient Full Endpoint Client Identity Awareness Agent Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 471 What is true about the Rule Base shown?

"Pass Any Exam. Any Time." www.actualtests.com 186 Checkpoint 156215.75 Exam (i). HTTP traffic from webrome to websingapore will be encrypted (ii). HTTP traffic from websingapore to webrome will be encrypted (iii). HTTP traffic from webrome ro websingapore will be encrypted (iv). HTTP traffic from websingapore to webromw will be blocked A. B. C. D. (ii) and (iii) (iii) and (iv) (i), (ii) and (iii) (iii) only Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 472 The thirdshift Administrator was updating Security Management Server Access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account? A. B. C. D. Delete the file sdmin.lock in the Security Management Server directory $PWDIR/tmp/ The fwn lock_admin u <account name> from Security Management Server command line Type fwn unlock_admin u from the Security Gateway command line Type fwn unlock_admin from the Security Management Server Command line

Answer: B Section: (none) Explanation/Reference: Explanation:

QUESTION 473 What command syntax would you use to turn on PDP logging in a distributed environment? A. B. C. D. pdp tracker on pdp log = l pdp track = l pdp logging on Explanation: "Pass Any Exam. Any Time." www.actualtests.com 187 Checkpoint 156215.75 Exam

Answer: Section: (none) Explanation/Reference:

QUESTION 474 Once an Access Role is configured, in which Rule Bases can it be implemented? A. B. C. D. DLP Mobile Access Firewall IPS Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 475 Identity Awareness is implemented to manage access to protected resources based on a user's _____________. A. B. C. D. Location Application requirement Computer MAC address Time of connection Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 476 Which of the following is NOT defined by an Access Role object? A. Source Network B. Source Logging and/or Alerting Rule C. Source Machine

D. Source Server Explanation: QUESTIONNO: 477 Which rule is responsible for installation feature? "Pass Any Exam. Any Time." www.actualtests.com 188 Checkpoint 156215.75 Exam

E. F. G. H.

C:\Documents and Settings\usernwz\Desktop\1.JPG Rule 4 Rule 8 Rule 7 Rule 5

Answer: Section: (none) Explanation/Reference:

QUESTION 477 What information is found in the SmartView Tracker Management log? A. Administrator SmartDashboard logout event B. SecurePlatform expert login event C. Creation of an administrator using cpconfig

D. FTP username authentication failure Explanation: Answer: Section: (none) Explanation/Reference:

QUESTION 478 Captive Portal is a _____________ that allows the gateway to request login information from the user. A. B. C. D. LDAP server addon Transparent network inspection tool Separately licensed feature Preconfigured and customizable webbased tool "Pass Any Exam. Any Time." www.actualtests.com 189 Checkpoint 156215.75 Exam Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 479 Which of the following items should be configured for the Security Management Server to authenticate via LDAP? A. B. C. D. Windows logon password Active Directory Server object WMI object Check Point Password Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 480 You plan to create a backup of the rules, objects, policies, and global properties from an R75 Security Management Server. Which of the following backup and restore solution can you use? 1. Upgrade_export and upgrade_import utilities 2. Database revision control 3. SecurePlatform backup utilities

4. Policy package management 5. Manual copies of the $CPDIR/conf directory A. B. C. D. 2, 4, 5 1, 3, 4 1, 2, 3 1, 2, 3, 4, 5 Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 481 You install and deploy SecurePlatform with default settings. You allow visitor Mode in the Gateway object's Remote Access properties and install policy, but SecureClient refuses to connect. What is the cause of this? "Pass Any Exam. Any Time." www.actualtests.com 190 Checkpoint 156215.75 Exam A. B. C. D. Set the Visitor Mode Policy > Global Properties > RemoteAccess > VPN Advanced Offline mode is not configured You need to start SSL Network Extended first, then use Visitor Mode The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port. Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 482 Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials? A. B. C. D. Access Role Access Rule Access Policy Access Certificate Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 483 What are you required to do before running the command upgrade_export? A. B. C. D. Run a cpatop on the Security Management Server Run a cpstop on the Security Gateway Close all GUI clients Run cpconfig and set yourself up as a GUI client Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 484 What action CANNOT be run from SmartUpdate R75? A. B. C. D. Reboot Gateway Fetch sync status Get all Gateway Data Preinstall verifier "Pass Any Exam. Any Time." www.actualtests.com 191 Checkpoint 156215.75 Exam Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 485 What happens if the identity of a user is known? A. B. C. D. If the user credentials do not match an Access Role, the gateway moves onto the next rule. If the user credentials do not match an Access Role, the system displays the Captive Portal If the user credentials do not match an Access Role, the traffic is automatically dropped If the user credentials do not match an Access Role, the system displays a sandbox. Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 486 My Awareness is implemented to manage access to protected resources based on a user's _____________.

A. B. C. D.

Time of connection Application requirement Identity Computer MAC address Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 487 You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard report as you can see here, you can select the London Gateway. "Pass Any Exam. Any Time." www.actualtests.com 192 Checkpoint 156215.75 Exam

When you attempt to configure the Express Report, you are unable to select Gateway.

What is the reason for this behavior? Give the BEST answer A. B. C. D. You must enable the Eventia Express Mode on the London Gateway You must enable Monitoring in the London Gateway object's General Properties You have the license for Eventia Reporter in Standard mode only You must enable the Express Mode inside Eventia Reporter. Explanation: "Pass Any Exam. Any Time." www.actualtests.com 193 Checkpoint 156215.75 Exam

Answer: Section: (none) Explanation/Reference:

QUESTION 488 The identity is a lightweight endpoint agent that authenticates securely with Single SignOn (SSO). What is not recommended usage of this method? A. Leveraging identity for Data Center protection B. Protecting highly sensitive identity is crucial C. Identity based enforcement for nonAD users (nonwindows and guest users) Explanation: Answer: Section: (none) Explanation/Reference:

QUESTION 489 Certificates for Security Gateways are created during a simple initialization from ___________. A. B. C. D. The ICA management tool SmartUpdate Sysconfig SmartDashboard Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 490 What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server? A. B. C. D. RCP LDAP WMI CIFS Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 491 Which of the following are available SmartConsole clients which can be installed from the R75 "Pass Any Exam. Any Time." www.actualtests.com 194 Checkpoint 156215.75 Exam Windows CD? Read all answer and select the most complete and valid list. A. B. C. D. SmartView Tracker, CPINFO, SmartUpdate SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status Security Policy Editor, Log viewer, Real Time Monitor GUI Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 492 Which of the following items should be configured for the Security Management Server to authenticate using LDAP? A. B. C. D. Domain Admin password Check Point Password Windows logon password WM1 object Explanation:

Answer: Section: (none) Explanation/Reference:

QUESTION 493 The Captive Portal tool A. B. C. D. Allows access to users already identified Acquires identities from unidentified users Is deployed from the Identity Awareness page in the Global Properties settings Is only used for guest user authentication Explanation: "Pass Any Exam. Any Time." www.actualtests.com 195

Answer: Section: (none) Explanation/Reference: