Q1. - (Topic 1) 

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout? 

A. Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo. 

B. Log in as the default user expert and start cpinfo. 

C. No action is needed because cpshell has a timeout of one hour by default. 

D. Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo. 

View Answer

Q2. - (Topic 2) 

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for? 

A. Secure Internal Communications (SIC) not configured for the object. 

B. A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object. 

C. A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box. 

D. Anti-spoofing not configured on the interfaces on the Gateway object. 

View Answer

Q3. - (Topic 1) 

What are you required to do before running the command upgrade_export? 

A. Run a cpstop on the Security Management Server. 

B. Run a cpstop on the Security Gateway. 

C. Close all GUI clients. 

D. Run cpconfig and set yourself up as a GUI client. 

View Answer

Q4. - (Topic 2) 

Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this? 

A. Allow bi-directional NAT is not checked in Global Properties. 

B. Translate destination on client side is not checked in Global Properties under Manual NAT Rules. 

C. Manual NAT rules are not configured correctly. 

D. Routing is not configured correctly. 

View Answer

Q5. - (Topic 3) 

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process? 

A. It contains your security configuration, which could be exploited. 

B. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten. 

C. SmartUpdate will start a new installation process if the machine is rebooted. 

D. It will conflict with any future upgrades when using SmartUpdate. 

View Answer

Q6. - (Topic 1) 

When Jon first installed his new security system, he forgot to configure DNS servers on his Security Gateway. How could Jon configure DNS servers now that his Security Gateway is in production? 

A. Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces > Domain Name Servers. 

B. Login to the firewall using SSH and run cpconfig, then select Domain Name Servers. 

C. Login to the firewall using SSH and run fwm, then select System Configuration > Domain Name Servers. 

D. Login to the firewall using SSH and run sysconfig, then select Domain Name Servers. 

View Answer

Q7. - (Topic 3) 

Which rule is responsible for the installation failure? A. Rule 3 

B. Rule 4 

C. Rule 5 

D. Rule 6 

View Answer

Q8. - (Topic 3) 

Which of the following is NOT true for Clientless VPN? 

A. User Authentication is supported. 

B. Secure communication is provided between clients and servers that support HTTP. 

C. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN. 

D. The Gateway can enforce the use of strong encryption. 

View Answer

Q9. - (Topic 2) 

A Security Policy has several database versions. What configuration remains the same no matter which version is used? 

A. Objects_5_0.C 

B. fwauth.NDB 

C. Rule Bases_5_0.fws 

D. Internal Certificate Authority (ICA) certificate 

View Answer

Q10. - (Topic 3) 

Which of the following actions do NOT take place in IKE Phase 1? 

A. Each side generates a session key from its private key and the peer's public key. 

B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key. 

C. Peers agree on integrity method. 

D. Peers agree on encryption method. 

View Answer