Q1. - (Topic 1) 

How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address? 

A. Route Table 

B. Address resolution (ARP, RARP) 

C. Name resolution (hosts file, DNS, cache) 

D. SNMP Get 

View Answer

Q2. - (Topic 3) 

What command with appropriate switches would you use to test Identity Awareness connectivity? 

A. test_ad 

B. test_ldap 

C. test_ad_connectivity 

D. test_ldap_connectivity 

View Answer

Q3. - (Topic 3) 

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway? 

A. SmartUpdate 

B. SmartView Status 

C. SmartView Monitor 

D. None, SmartConsole applications only communicate with the Security Management Server. 

View Answer

Q4. - (Topic 1) 

Where can you find the Check Point's SNMP MIB file? 

A. $CPDIR/lib/snmp/chkpt.mib 

B. There is no specific MIB file for Check Point products. 

C. $FWDIR/conf/snmp.mib 

D. It is obtained only by request from the TAC. 

View Answer

Q5. - (Topic 2) 

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured? 

A. A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base. 

B. When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install. 

C. In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule. 

D. A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install. 

View Answer

Q6. - (Topic 2) 

You enable Automatic Static NAT on an internal host node object with a private IP address 

of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) 

When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5? 

A. O=outbound kernel, after the virtual machine 

B. i=inbound kernel, before the virtual machine 

C. I=inbound kernel, after the virtual machine 

D. o=outbound kernel, before the virtual machine 

View Answer

Q7. - (Topic 1) 

A snapshot delivers a complete SecurePlatform backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz? 

A. As expert user, type the command revert --file MySnapshot.tgz. 

B. As expert user, type the command snapshot -r MySnapshot.tgz. 

C. As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name. 

D. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name. 

View Answer

Q8. - (Topic 2) 

Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations? 

A. Policy Package management 

B. Database Revision Control 

C. upgrade_export/upgrade_import 

D. fwm dbexport/fwm dbimport 

View Answer

Q9. - (Topic 1) 

Where is the IPSO Boot Manager physically located on an IP Appliance? 

A. On the platform's BIOS 

B. In the directory /nvram 

C. On an external jump drive 

D. On built-in compact Flash memory 

View Answer

Q10. - (Topic 1) 

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this? 

A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here. 

B. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install. 

C. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets. 

D. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator. 

View Answer