NEW QUESTION 1
You cannot use SmartDashboard’s User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.

• A. 1, 2, and 3
• B. 2 and 3
• C. 1 and 2
• D. 1 and 3

Answer: B

NEW QUESTION 2
Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?

• A. 514
• B. 257
• C. 256
• D. 258

Answer: B

NEW QUESTION 3
What is a possible reason for the IKE failure shown in this screenshot?

• A. Mismatch in VPN Domains.
• B. Mismatch in preshared secrets.
• C. Mismatch in Diffie-Hellman group.
• D. Mismatch in encryption schemes.

Answer: B

NEW QUESTION 4
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package’s NAT rules?
Exhibit:

• A. Rules 1, 2, 3 will appear in the new package.
• B. Only rule 1 will appear in the new package.
• C. NAT rules will be empty in the new package.
• D. Rules 4 and 5 will appear in the new package.

Answer: A

NEW QUESTION 5
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the command cpconfig and put in the same activation key in the Gateway’s object on the Security Management Server. Unfortunately, SIC can not be established. What is a possible reason for the problem?

• A. The installed policy blocks the communication.
• B. The old Gateway object should have been deleted and recreated.
• C. Joe forgot to exit from cpconfig.
• D. Joe forgot to reboot the Gateway.

Answer: C

NEW QUESTION 6
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

• A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
• B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
• C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
• D. Place a static host route on the firewall for the valid IP address to the internal Web server.

Answer: B

NEW QUESTION 7
Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?

• A. fw ctl get string active_secpol
• B. fw stat
• C. cpstat fw -f policy
• D. Check the Security Policy name of the appropriate Gateway in SmartView Monitor.

Answer: A

NEW QUESTION 8
Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours.
How do you create this schedule?

• A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
• B. Create a time object, and add 48 hours as the interva
• C. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
• D. Create a time object, and add 48 hours as the interva
• E. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
• F. Create a time object, and add 48 hours as the interva
• G. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.

Answer: B

NEW QUESTION 9
What command with appropriate switches would you use to test Identity Awareness connectivity?

• A. test_ldap
• B. test_ad_connectivity
• C. test_ldap_connectivity
• D. test_ad

Answer: B

NEW QUESTION 10
You are about to test some rule and object changes suggested in an R77 news group.
Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?

• A. Manual copies of the directory $FWDIR/conf
• B. upgrade_export command
• C. Database Revision Control
• D. GAiA backup utilities

Answer: C

NEW QUESTION 11
Where are custom queries stored in R77 SmartView Tracker?

• A. On the SmartView Tracker PC local file system under the user's profile.
• B. On the Security Management Server tied to the GUI client IP.
• C. On the Security Management Server tied to the Administrator User Database login name.
• D. On the SmartView Tracker PC local file system shared by all users of that local PC.

Answer: C

NEW QUESTION 12
When using LDAP as an authentication method for Identity Awareness, the query:

• A. Requires client and server side software.
• B. Prompts the user to enter credentials.
• C. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
• D. Is transparent, requiring no client or server side software, or client intervention.

Answer: D

NEW QUESTION 13
How many packets are required for IKE Phase 2?

• A. 12
• B. 2
• C. 6
• D. 3

Answer: D

NEW QUESTION 14
Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed.
Can the administrator use a restore to fix the errors in static routing?

• A. The restore is not possible because the backup file does not have the same buildnumber (version).
• B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
• C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
• D. A backup cannot be restored, because the binary files are missing.

Answer: C

NEW QUESTION 15
Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

• A. vpn debug ipsec
• B. vpn ipsec
• C. fw ipsec tu
• D. vpn tu

Answer: D

NEW QUESTION 16
Which item below in a Security Policy would be enforced first?

• A. IP spoofing/IP options
• B. Security Policy First rule
• C. Administrator-defined Rule Base
• D. Network Address Translation

Answer: A

NEW QUESTION 17
What port is used for communication to the User Center with SmartUpdate?

• A. CPMI 200
• B. TCP 8080
• C. HTTP 80
• D. HTTPS 443

Answer: D

NEW QUESTION 18
Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server.
Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?

• A. Kirk> fw unload local
• B. Kirk> fw unloadlocal
• C. Kirk> fw unload policy
• D. Kirk> fw fetch policy

Answer: B

NEW QUESTION 19
Which of the following is true of a Stealth Rule?

• A. The Stealth rule should not be logged
• B. The Stealth rule is required for proper firewall protection
• C. The Stealth rule should be located just before the Cleanup rule
• D. The Stealth rule must be the first rule in a policy

Answer: B

NEW QUESTION 20
Which of the following options is available with the GAiA cpconfig utility on a Management Server?

• A. Export setup
• B. DHCP Server configuration
• C. GUI Clients
• D. Time & Date

Answer: C