Q1. - (Topic 3) 

Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The: 

A. FTP connection is dropped by Rule 2. 

B. user is prompted from that FTP site only, and does not need to enter his username and password for Client Authentication. 

C. user is prompted for authentication by the Security Gateway again. 

D. FTP data connection is dropped after the user is authenticated successfully. 

View Answer

Q2. - (Topic 1) 

Which of the following statements accurately describes the command snapshot? 

A. snapshot creates a Security Management Server full system-level backup on any OS. 

B. snapshot stores only the system-configuration settings on the Gateway. 

C. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server. 

D. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway. 

View Answer

Q3. - (Topic 1) 

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support? 

A. cpstat - date.cpstat.txt 

B. fw cpinfo 

C. cpinfo -o date.cpinfo.txt 

D. diag 

View Answer

Q4. - (Topic 3) 

You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community? 

Exhibit: 

A. The VPN Community will perform IKE Phase 1 key-exchange encryption using the longest key Security Gateway R77 supports. 

B. Changing the setting Perform key exchange encryption with from AES-256 to 3DES will enhance the VPN Community's security , and reduce encryption overhead. 

C. Change the data-integrity setting for this VPN Community because MD5 is incompatible with AES. 

D. Changing the setting Perform IPsec data encryption with from AES-128 to 3Des will increase the encryption overhead. 

View Answer

Q5. - (Topic 3) 

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). 

Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval. 

If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. 

Which of the following is the BEST explanation for this behavior? 

A. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day. 

B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation. 

C. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way. 

D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging. 

View Answer

Q6. - (Topic 2) 

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue? 

A. A SmartDefense module has blocked the packet. 

B. It is due to NAT. 

C. An IPSO ACL has blocked the packet's outbound passage. 

D. The packet has been sent out through a VPN tunnel unencrypted. 

View Answer

Q7. - (Topic 2) 

SmartView Tracker R77 consists of three different modes. They are: 

A. Log, Track, and Management 

B. Log, Active, and Management 

C. Network and Endpoint, Active, and Management D. Log, Active, and Audit 

View Answer

Q8. - (Topic 3) 

You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard? 

A. All users 

B. Internal user Group 

C. A group with generic user 

D. LDAP Account Unit Group 

View Answer

Q9. - (Topic 2) 

How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activity during production hours? 

A. View total packets passed through the Security Gateway. 

B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway. 

C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. 

D. Select Tunnels view, and generate a report on the statistics. 

View Answer

Q10. - (Topic 3) 

The R77 fw monitor utility is used to troubleshoot which of the following problems? 

A. User data base corruption 

B. Traffic issues 

C. Phase two key negotiation 

D. Log Consolidation Engine 

View Answer