NEW QUESTION 1
CORRECT TEXT
Fill in the blank. To enter the router shell, use command .

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:

• A. Analyzing traffic patterns against public resources.
• B. Possible worm/malware activity.
• C. Analyzing access attempts via social-engineering.
• D. Tracking attempted port scans.

Answer: C

NEW QUESTION 3

MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:
Required: Security Policy repository must be backed up no less frequently than every 24 hours.
Desired: Back up R77 components enforcing the Security Policies at least once a week. Desired: Back up R77 logs at least once a week.
You develop a disaster recovery plan proposing the following:
* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.
* Configure the organization's routine backup software to back up files created by the command upgrade_export.
* Configure GAiA back up utility to back up Security Gateways every Saturday night.
* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.
* Configure an automatic, nightly logswitch.
* Configure the organization's routine back up software to back up the switched logs every night.
The corporate IT change review committee decides your plan:

• A. meets the required objective and only one desired objective.
• B. meets the required objective and both desired objectives.
• C. meets the rquired objective but does not meet either deisred objective.
• D. does not meet the required objective.

Answer: B

NEW QUESTION 4
4.8.2

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

A ClusterXL configuration is limited to members.

• A. There is no limit.
• B. 16
• C. 6
• D. 2

Answer: C

NEW QUESTION 6

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able
to connect to the HR Web server. What is the next BEST troubleshooting step?

• A. Investigate this as a network connectivity issue
• B. Install the Identity Awareness Agent
• C. Set static IP to DHCP
• D. After enabling Identity Awareness, reboot the gateway

Answer: C

NEW QUESTION 7
CORRECT TEXT
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

Which process should you debug if SmartDashboard login fails?

• A. sdm
• B. cpd
• C. fwd
• D. fwm

Answer: D

NEW QUESTION 9

Which of the following statements accurately describes the command snapshot?

• A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
• B. snapshot creates a Security Management Server full system-level backup on any OS.
• C. snapshot stores only the system-configuration settings on the Gateway.
• D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.

Answer: A

NEW QUESTION 10

MegaCorp is using SmartCenter Server with several gateways. Their requirements result in a heavy log load. Would it be feasible to add the SmartEvent Correlation Unit and SmartEvent Server to their SmartCenter Server?

• A. N
• B. SmartCenter SIC will interfere with the function of SmartEvent.
• C. N
• D. If SmartCenter is already under stress, the use of a separate server for SmartEvent is recommended.
• E. No, SmartEvent and Smartcenter cannot be installed on the same machine at the same time.
• F. Ye
• G. SmartEvent must be installed on your SmartCenter Server.

Answer: B

NEW QUESTION 11

What gives administrators more flexibility when configuring Captive Portal instead of LDAP
query for Identity Awareness authentication?

• A. Captive Portal is more secure than standard LDAP
• B. Nothing, LDAP query is required when configuring Captive Portal
• C. Captive Portal works with both configured users and guests
• D. Captive Portal is more transparent to the user

Answer: C

NEW QUESTION 12

If you need strong protection for the encryption of user data, what option would be the BEST choice?

• A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mod
• B. Choose SHA in Quick Mode and encrypt with AE
• C. Use AH protoco
• D. Switch to Aggressive Mode.
• E. When you need strong encryption, IPsec is not the best choic
• F. SSL VPN’s are a better choice.
• G. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
• H. Disable Diffie-Hellman by using stronger certificate based key-derivatio
• I. Use AES-256 bit on all encrypted channels and add PFS to QuickMod
• J. Use double encryption by implementing AH and ESP as protocols.

Answer: C

NEW QUESTION 13
CORRECT TEXT
In a zero downtime scenario, which command do you run manually after all cluster members are upgraded?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14
Re-enable "Cluster membership" on the Gateway.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15
Reboot both gateways.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16
......