NEW QUESTION 1
Access Role objects define users, machines, and network locations as:

• A. Credentialed objects
• B. Linked objects
• C. One object
• D. Separate objects

Answer: C

NEW QUESTION 2
Identity Awareness is implemented to manage access to protected resources based on a user’s .

• A. Application requirement
• B. Computer MAC address
• C. Identity
• D. Time of connection

Answer: C

NEW QUESTION 3
Which of the following is a CLI command for Security Gateway R77?

• A. fw tab -u
• B. fw shutdown
• C. fw merge
• D. fwm policy_print <policyname>

Answer: A

NEW QUESTION 4
Match the following commands to their correct function. Each command has one function only listed.
Exhibit:

• A. C1>F6; C2>F4; C3>F2; C4>F5
• B. C1>F2; C2>F1; C3>F6; C4>F4
• C. C1>F2; C2>F4; C3>F1; C4>F5
• D. C1>F4; C2>F6; C3>F3; C4>F2

Answer: A

NEW QUESTION 5
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:

• A. It is not necessary to add a static route to the Gateway’s routing table.
• B. It is necessary to add a static route to the Gateway’s routing table.
• C. The Security Gateway’s ARP file must be modified.
• D. VLAN tagging cannot be defined for any hosts protected by the Gateway.

Answer: A

NEW QUESTION 6
Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

• A. Check Point Password
• B. Active Directory Server object
• C. Windows logon password
• D. WMI object

Answer: B

NEW QUESTION 7
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?

• A. The POP3 rule is disabled.
• B. POP3 is accepted in Global Properties.
• C. The POP3 rule is hidden.
• D. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.

Answer: C

NEW QUESTION 8
The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway. This is an example of a(n):

• A. Stand-Alone Installation.
• B. Distributed Installation.
• C. Unsupported configuration.
• D. Hybrid Installation.

Answer: B

NEW QUESTION 9
SmartUpdate is mainly for which kind of work –
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Creating a Rule Base

• A. 2, 3
• B. 1, 2
• C. 1, 3
• D. 2, 4

Answer: A

NEW QUESTION 10
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?

• A. fw unload policy
• B. fw unloadlocal
• C. fw delete all.all@localhost
• D. fwm unloadlocal

Answer: B

NEW QUESTION 11
When attempting to connect with SecureClient Mobile you get the following error message: The certificate provided is invalid. Please provide the username and password.
What is the probable cause of the error?

• A. Your user configuration does not have an office mode IP address so the connection failed.
• B. Your certificate is invalid.
• C. There is no connection to the server, and the client disconnected.
• D. Your user credentials are invalid.

Answer: B

NEW QUESTION 12
Which component functions as the Internal Certificate Authority for R77?

• A. Security Gateway
• B. Management Server
• C. Policy Server
• D. SmartLSM

Answer: B

NEW QUESTION 13
What CANNOT be configured for existing connections during a policy install?

• A. Keep all connections
• B. Keep data connections
• C. Re-match connections
• D. Reset all connections

Answer: D

NEW QUESTION 14
When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

• A. SIC Certificates
• B. Licenses
• C. Route tables
• D. Global properties

Answer: C

NEW QUESTION 15
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?

• A. SNMP trap alert script
• B. Custom scripts cannot be executed through alert scripts.
• C. User-defined alert script
• D. Pop-up alert script

Answer: C

NEW QUESTION 16
When you use the Global Properties’ default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?

• A. SmartUpdate connections
• B. Outgoing traffic originating from the Security Gateway
• C. Firewall logging and ICA key-exchange information
• D. RIP traffic

Answer: D

NEW QUESTION 17
Static NAT connections, by default, translate on which firewall kernel inspection point?

• A. Inbound
• B. Outbound
• C. Post-inbound
• D. Eitherbound

Answer: A

NEW QUESTION 18
Where is the fingerprint generated, based on the output display? Exhibit:

• A. SmartConsole
• B. SmartUpdate
• C. Security Management Server
• D. SmartDashboard

Answer: C

NEW QUESTION 19
Which of the following can be found in cpinfo from an enforcement point?

• A. Everything NOT contained in the file r2info
• B. VPN keys for all established connections to all enforcement points
• C. The complete file objects_5_0.c
• D. Policy file information specific to this enforcement point

Answer: D

NEW QUESTION 20
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

• A. The Global Properties setting Translate destination on client side is unchecke
• B. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• C. Check the Global Properties setting Translate destination on client side.
• D. The Global Properties setting Translate destination on client side is unchecke
• E. But the topology on the external interface is set to Others +. Change topology to External.
• F. The Global Properties setting Translate destination on client side is checke
• G. But the topology on the external interface is set to Externa
• H. Change topology to Others +.
• I. The Global Properties setting Translate destination on client side is checke
• J. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mas
• K. Uncheck the Global Properties setting Translate destination on client side.

Answer: A