Q1. - (Topic 3) 

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. 

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. 

To make this scenario work, the IT administrator: 

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. 

John plugged in his laptop to the network on a different network segment and he is not able to connect. 

How does he solve this problem? 

A. John should lock and unlock the computer 

B. Investigate this as a network connectivity issue 

C. John should install the Identity Awareness Agent 

D. The firewall admin should install the Security Policy 

View Answer

Q2. - (Topic 3) 

Which of these components does NOT require a Security Gateway R77 license? 

A. SmartConsole 

B. SmartUpdate upgrading/patching 

C. Check Point Gateway 

D. Security Management Server 

View Answer

Q3. - (Topic 3) 

Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems? 

A. The Security Policy is not correct. 

B. You can't use any port other than the standard port 900 for Client Authentication via HTTP. 

C. The service FW_clntauth_http configuration is incorrect. 

D. The configuration file $FWDIR/conf/fwauthd.conf is incorrect. 

View Answer

Q4. - (Topic 2) 

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________. 

A. source on client side 

B. source on server side 

C. destination on client side 

D. destination on server side 

View Answer

Q5. - (Topic 3) 

How are cached usernames and passwords cleared from the memory of a R77 Security Gateway? 

A. By retrieving LDAP user information using the command fw fetchldap. 

B. By installing a Security Policy. 

C. By using the Clear User Cache button in SmartDashboard. 

D. Usernames and passwords only clear from memory after they time out. 

View Answer

Q6. - (Topic 3) 

Central license management allows a Security Administrator to perform which of the following functions? 

1.

 Check for expired licenses. 

2.

 Sort licenses and view license properties. 

3.

 Attach both R77 Central and Local licesnes to a remote module. 

4.

 Delete both R77 Local Licenses and Central licenses from a remote module. 

5.

 Add or remove a license to or from the license repository. 

6.

 Attach and/or delete only R77 Central licenses to a remote module (not Local licenses). 

A. 1, 2, 3, 4, & 5 

B. 2, 3, 4, & 5 

C. 2, 5, & 6 

D. 1, 2, 5, & 6 

View Answer

Q7. - (Topic 1) 

During which step in the installation process is it necessary to note the fingerprint for first-time verification? 

A. When configuring the Security Gateway object in SmartDashboard 

B. When configuring the Security Management Server using cpconfig 

C. When establishing SIC between the Security Management Server and the Gateway 

D. When configuring the Gateway in the WebUI 

View Answer

Q8. - (Topic 2) 

Which statement below describes the most correct strategy for implementing a Rule Base? 

A. Place a network-traffic rule above the administrator access rule. 

B. Limit grouping to rules regarding specific access. 

C. Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down. 

D. Add the Stealth Rule before the last rule. 

View Answer

Q9. - (Topic 1) 

What is the officially accepted diagnostic tool for IP Appliance Support? 

A. ipsoinfo 

B. cpinfo C. uag-diag 

D. CST 

View Answer

Q10. - (Topic 2) 

What happens when you select File > Export from the SmartView Tracker menu? 

A. Exported log entries are not viewable in SmartView Tracker. 

B. Logs in fw.log are exported to a file that can be opened by Microsoft Excel. 

C. Exported log entries are deleted from fw.log. 

D. Current logs are exported to a new *.log file. 

View Answer