Q1. - (Topic 3)
Identity Awareness is implemented to manage access to protected resources based on a user’s _____________.
A. Application requirement
B. Computer MAC address
C. Identity
D. Time of connection
Answer: C
Q2. - (Topic 3)
What action CANNOT be run from SmartUpdate R77?
A. Reboot Gateway
B. Fetch sync status
C. Get all Gateway Data
D. Preinstall verifier
Answer: B
Q3. - (Topic 3)
What is the Manual Client Authentication TELNET port?
A. 264
B. 259
C. 900
D. 23
Answer: B
Q4. - (Topic 3)
Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:
A. Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet,
using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you
achieve these requirements?
B. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on
both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for
200.200.200.3 for the MAC address of 200.200.200.5.
C. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable
Hide NAT on the NAT page of the address range object. Enter Hiding IP address
200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of
200.200.200.3.
D. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC
address of 200.200.200.3.
Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network
objects to a group object. Create a manual NAT rule like the following: Original source -group object; Destination - any; Service - any; Translated source - 200.200.200.5;
Destination - original; Service - original.
Answer: B
Q5. - (Topic 3)
Access Role objects define users, machines, and network locations as:
A. One object
B. Credentialed objects
C. Separate objects
D. Linked objects
Answer: A
Q6. - (Topic 3)
You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?
A. Send a CD-ROM with the HFA to each location and have local personnel install it.
B. Use SmartUpdate to install the packages to each of the Security Gateways remotely.
C. Send a Certified Security Engineer to each site to perform the update.
D. Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
Answer: B
Q7. - (Topic 2)
Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?
A. Network and Endpoint tab
B. Custom filter
C. Management tab
D. Active tab
Answer: C
Q8. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
A. Login Distinguished Name and password
B. Windows logon password
C. Check Point Password
D. WMI object
Answer: A
Q9. - (Topic 2)
What CANNOT be configured for existing connections during a policy install?
A. Reset all connections
B. Re-match connections
C. Keep all connections D. Keep data connections
Answer: A
Q10. - (Topic 1)
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
A. Run cpconfig, and click Reset.
B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
C. Click Communication > Reset on the Gateway object, and type a new activation key.
D. Run cpconfig, and select Secure Internal Communication > Change One Time Password.
Answer: B