Q1. - (Topic 3) 

Which of the following is NOT a valid option when configuring access for Captive Portal? 

A. According to the Firewall Policy 

B. From the Internet C. Through internal interfaces 

D. Through all interfaces 

View Answer

Q2. - (Topic 3) 

Which tool CANNOT be launched from SmartUpdate R77? 

A. SecurePlatform WebUI 

B. cpinfo 

C. IP Appliance Voyager 

D. snapshot 

View Answer

Q3. - (Topic 1) 

Your primary Security Gateway runs on SecurePlatform. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files? 

A. Using the native SecurePlatform backup utility from command line or in the Web based user interface. 

B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location. 

C. Using the command upgrade_export. 

D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp. 

View Answer

Q4. - (Topic 2) 

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server? 

A. A static route for the NAT IP must be added to the Gateway's upstream router. 

B. Automatic ARP must be unchecked in the Global Properties. 

C. Nothing else must be configured. 

D. A static route must be added on the Security Gateway to the internal host. 

View Answer

Q5. - (Topic 3) 

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly? 

A. 256 

B. 514 

C. 258 

D. 257 

View Answer

Q6. - (Topic 3) 

Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________. 

A. ICA Certificate 

B. SecureClient 

C. Full Endpoint Client 

D. Identity Awareness Agent 

View Answer

Q7. - (Topic 2) 

Which of the following statements BEST describes Check Point's Hide Network Address Translation method? 

A. Translates many source IP addresses into one source IP address 

B. Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation 

C. Translates many destination IP addresses into one destination IP address 

D. One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation 

View Answer

Q8. - (Topic 2) 

You would use the Hide Rule feature to: 

A. View only a few rules without the distraction of others. 

B. Hide rules from read-only administrators. 

C. Hide rules from a SYN/ACK attack. 

D. Make rules invisible to incoming packets. 

View Answer

Q9. - (Topic 3) 

Which feature in R77 permits blocking specific IP addresses for a specified time period? 

A. Block Port Overflow 

B. Suspicious Activity Monitoring 

C. HTTP Methods 

D. Local Interface Spoofing 

View Answer

Q10. - (Topic 3) 

In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. 

Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect to a server on the Internet? 

A. Eric will be blocked because LDAP is not allowed in the Rule Base. 

B. Eric will be authenticated and get access to the requested server. 

C. Eric will be dropped by the Stealth Rule. 

D. None of these things will happen. 

View Answer