NEW QUESTION 1

When do modifications to the Event Policy take effect?

• A. As soon as the Policy Tab window is closed.
• B. When saved on the SmartEvent Server and installed to the Correlation Units.
• C. When saved on the Correlation Units, and pushed as a policy.
• D. When saved on the SmartEvent Client, and installed on the SmartEvent Server.

Answer: B

NEW QUESTION 2

Which of the following tools is used to generate a Security Gateway R77 configuration report?

• A. fw cpinfo
• B. infoCP
• C. cpinfo
• D. infoview

Answer: C

NEW QUESTION 3

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

• A. Automatic ARP must be unchecked in the Global Properties.
• B. Nothing else must be configured.
• C. A static route must be added on the Security Gateway to the internal host.
• D. A static route for the NAT IP must be added to the Gateway’s upstream router.

Answer: C

NEW QUESTION 4

What gives administrators more flexibility when configuring Captive Portal instead of LDAP
query for Identity Awareness authentication?

• A. Captive Portal is more secure than standard LDAP
• B. Nothing, LDAP query is required when configuring Captive Portal
• C. Captive Portal works with both configured users and guests
• D. Captive Portal is more transparent to the user

Answer: C

NEW QUESTION 5

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?

• A. WMI
• B. CIFS
• C. RCP
• D. LDAP

Answer: A

NEW QUESTION 6

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

• A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
• B. For R75 Security Gateways are created during the Security Management Server installation.
• C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
• D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Answer: D

NEW QUESTION 7
CORRECT TEXT
Fill in the blank. To save your OSPF configuration in GAiA, enter the command _____.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8
Update the topology in the cluster object for the cluster and both members.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9
CORRECT TEXT
To stop acceleration on a GAiA Security Gateway, enter command:

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

• A. Leveraging identity in the application control blade
• B. Basic identity enforcement in the internal network
• C. Identity-based auditing and logging
• D. Identity-based enforcement for non-AD users (non-Windows and guest users)

Answer: D

NEW QUESTION 11

What happens if the identity of a user is known?

• A. If the user credentials do not match an Access Role, the traffic is automatically dropped.
• B. If the user credentials do not match an Access Role, the system displays a sandbox.
• C. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
• D. If the user credentials do not match an Access Role, the system displays the Captive Portal.

Answer: C

NEW QUESTION 12

Which of the following CLISH commands would you use to set the admin user's shell to bash?

• A. set user admin shell bash
• B. set user admin shell /bin/bash
• C. set user admin shell = /bin/bash
• D. set user admin /bin/bash

Answer: B

NEW QUESTION 13

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of .

• A. client side NAT
• B. source NAT
• C. destination NAT
• D. None of these

Answer: B

NEW QUESTION 14

Which two processes are responsible on handling Identity Awareness?

• A. pdp and lad
• B. pdp and pdp-11
• C. pep and lad
• D. pdp and pep

Answer: D

NEW QUESTION 15
CORRECT TEXT
Write the full fw command and syntax that you would use to troubleshoot ClusterXL sync issues.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

Which of the following commands can provide the most complete restoration of a R77 configuration?

• A. upgrade_import
• B. cpinfo -recover
• C. cpconfig
• D. fwm dbimport -p <export file>

Answer: A

NEW QUESTION 17

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

• A. fw cpinfo
• B. cpinfo -o date.cpinfo.txt
• C. diag
• D. cpstat - date.cpstat.txt

Answer: B

NEW QUESTION 18
CORRECT TEXT
Fill in the blank. What is the correct command and syntax used to view a connection table summary on a Check Point Firewall?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 19
......