Q1. - (Topic 3) 

Which of the following items should be configured for the Security Management Server to authenticate using LDAP? 

A. Domain Admin password 

B. Check Point Password 

C. Windows logon password 

D. WMI object 

View Answer

Q2. - (Topic 3) 

When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)? 

A. (6) Delete all IPsec SAs for a given User (Client) 

B. (7) Delete all IPsec+IKE SAs for a given peer (GW) 

C. (8) Delete all IPsec+IKE SAs for a given User (Client) 

D. (5) Delete all IPsec SAs for a given peer (GW) 

View Answer

Q3. - (Topic 1) 

The customer has a small Check Point installation, which includes one SecurePlatform server working as the SmartConsole, and a second server running Windows 2008 as both Security Management Server and Security Gateway. This is an example of a(n): 

A. Distributed Installation 

B. Stand-Alone Installation 

C. Hybrid Installation 

D. Unsupported configuration 

View Answer

Q4. - (Topic 3) 

Which do you configure to give remote access VPN users a local IP address? 

A. Office mode IP pool 

B. Encryption domain pool 

C. NAT pool 

D. Authentication pool 

View Answer

Q5. - (Topic 3) 

For which service is it NOT possible to configure user authentication? 

A. FTP 

B. Telnet 

C. HTTPS 

D. SSH 

View Answer

Q6. - (Topic 3) 

Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of: 

A. Three star Communities: The first one is between New York headquarters and its branches. The second star Community is between London headquarters and its branches. The third star Community is between New York and London headquarters but it is irrelevant which site is "center" and which "satellite". 

B. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the "mesh center Gateways" option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window. 

C. Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite. 

D. Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters. 

View Answer

Q7. - (Topic 1) 

The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts? 

A. Reinstall the Security Management Server and restore using upgrade_import. 

B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/. 

C. Type fwm lock_admin -ua from the Security Management Server command line. 

D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock. 

View Answer

Q8. - (Topic 3) 

What is the purpose of an Identity Agent? 

A. Manual entry of user credentials for LDAP authentication 

B. Audit a user's access, and send that data to a log server 

C. Disable Single Sign On 

D. Provide user and machine identity to a gateway 

View Answer

Q9. - (Topic 1) 

Spoofing is a method of: 

A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation. 

B. Making packets appear as if they come from an authorized IP address. 

C. Detecting people using false or wrong authentication logins. 

D. Hiding your firewall from unauthorized users. 

View Answer

Q10. - (Topic 3) 

Identity Awareness can be deployed in which of the following modes? 

A. Router 

B. Detect 

C. Load Sharing 

D. High Availability 

View Answer