NEW QUESTION 1
Is it possible to track the number of connections each rule matches in a Rule Base?

• A. Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client.
• B. Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.
• C. Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client.
• D. No, due to an architecture limitation it is not possible to track the number of connections each rule matches.

Answer: B

NEW QUESTION 2
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker’s specific active connection?

• A. Change the Rule Base and install the Policy to all Security Gateways
• B. Block Intruder feature of SmartView Tracker
• C. Intrusion Detection System (IDS) Policy install
• D. SAM - Suspicious Activity Rules feature of SmartView Monitor

Answer: B

NEW QUESTION 3
How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

• A. 12
• B. 6
• C. 3
• D. 1

Answer: C

NEW QUESTION 4
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP's have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.

• A. 1 and 2
• B. 2 and 4
• C. 1, 3, and 4
• D. 2 and 3

Answer: A

NEW QUESTION 5
Central license management allows a Security Administrator to perform which of the following functions?
1. Check for expired licenses.
2. Sort licenses and view license properties.
3. Attach both R77 Central and Local licesnes to a remote module.
4. Delete both R77 Local Licenses and Central licenses from a remote module.
5. Add or remove a license to or from the license repository.
6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).

• A. 1, 2, 5, & 6
• B. 2, 3, 4, & 5
• C. 2, 5, & 6
• D. 1, 2, 3, 4, & 5

Answer: D

NEW QUESTION 6
For which service is it NOT possible to configure user authentication?

• A. Telnet
• B. SSH
• C. FTP
• D. HTTPS

Answer: B

NEW QUESTION 7
When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?

• A. Login Distinguished Name and password
• B. Windows logon password
• C. Check Point Password
• D. WMI object

Answer: A

NEW QUESTION 8
What does SmartUpdate allow you to do?

• A. SmartUpdate only allows you to update Check Point and OPSEC certified products.
• B. SmartUpdate only allows you to manage product licenses.
• C. SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses.
• D. SmartUpdate is not a Check Point product.

Answer: C

NEW QUESTION 9
You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?

• A. The object was created with Node > Gateway.
• B. No Masters file is created for the new Gateway.
• C. The Gateway object is not specified in the first policy rule column Install On.
• D. The new Gateway's temporary license has expired.

Answer: A

NEW QUESTION 10
You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

• A. database revision
• B. snapshot
• C. upgrade_export
• D. backup

Answer: D

NEW QUESTION 11
Packages and licenses are loaded into the SmartUpdate repositories from which sources?

• A. Download Center, Check Point DVD, User Center, and from command cplic
• B. FTP server, User Center from a file
• C. User Center, manually, SCP server
• D. command cplic, manually, from a file

Answer: A

NEW QUESTION 12
What is the syntax for uninstalling a package using newpkg?

• A. -u <pathname of package>
• B. -i <full pathname of package>
• C. -S <pathname of package>
• D. newpkg CANNOT be used to uninstall a package

Answer: D

NEW QUESTION 13
What is a Consolidation Policy?

• A. The collective name of the Security Policy, Address Translation, and IPS Policies.
• B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
• C. The collective name of the logs generated by SmartReporter.
• D. A global Policy used to share a common enforcement policy for multiple Security Gateways.

Answer: B

NEW QUESTION 14
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

• A. FTP
• B. SMTP
• C. HTTP
• D. RLOGIN

Answer: B

NEW QUESTION 15
Which statement is TRUE about implicit rules?

• A. You create them in SmartDashboard.
• B. The Gateway enforces implicit rules that enable outgoing packets only.
• C. Changes to the Security Gateway’s default settings do not affect implicit rules.
• D. They are derived from Global Properties and explicit object properties.

Answer: D

NEW QUESTION 16
Which of the following methods is NOT used by Identity Awareness to catalog identities?

• A. AD Query
• B. Captive Portal
• C. Identity Agent
• D. GPO

Answer: D

NEW QUESTION 17
Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1.
How do you add a new administrator account?

• A. Using SmartDashboard, under Users, select Add New Administrator
• B. Using SmartDashboard or cpconfig
• C. Using the Web console on GAiA under Product configuration, select Administrators
• D. Using cpconfig on the Security Management Server, choose Administrators

Answer: A

NEW QUESTION 18
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

• A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
• B. She needs to run sysconfig and restart the SSH process.
• C. She needs to edit /etc/scpusers and add the Standard Mode account.
• D. She needs to run cpconfig to enable the ability to SCP files.

Answer: C

NEW QUESTION 19
You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?

• A. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
• B. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
• C. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
• D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface.

Answer: B

NEW QUESTION 20
Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?

• A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Serve
• B. You must initialize SIC on both the Security Gateway and the Management Server.
• C. You first need to run the command fw unloadlocal on the new Security Gateway.
• D. You first need to initialize SIC in SmartUpdate.
• E. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Serve
• F. You must initialize SIC on the Security Management Server.

Answer: D