A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins.
D. Making packets appear as if they come from an authorized IP address.
Answer: D
QUESTION NO: 122
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Restore the entire database, except the user database.
B. Runfwm dbexport filename. Restore the database. Then, run fwm dbimport filename to import the users.
C. Runfwm_dbexport to export the user database. Select "restore the entire database" in the Database Revision screen. Then, run fwm_dbimport.
D. Restore the entire database, except the user database, and then create the new user and user group.
Answer: A
ActualTests.com
QUESTION NO: 123
How do you recover communications between your SmartCenter Server and Security Gateway if you "lock" yourself out via a rule or policy mis-configuration?
A. fw delete all.all B. cpstop
C. fw unloadlocal D. fw unload policy
Answer: C
QUESTION NO: 124
What information is found in the SmartView Tracker audit log?
A. Historical reports log B. ClusterXL sync failure C. Destination IP address
D. Policy Package rule modification date/time stamp
Answer: D
QUESTION NO: 125
Which Check Point QoS feature allows a Security Administrator to define special classes of service for delay-sensitive applications?
A. Guarantees
B. Differentiated Services C. Weighted Fair Queuing D. Low Latency Queuing
Answer: D
QUESTION NO: 126
Assuming all connections that are allocated bandwidth in your Check Point QoS Rule Base are open, what would be the corresponding bandwidth percentage of the Kazza Rule in the following example?
ActualTests.com
A. 5%
B. 20%
C. 8%
D. 14%
Answer: D
QUESTION NO: 127
A third-shift Security Administrator configured and installed a new Security Policy early this
morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. How would you check this using SmartConsole?
A. SmartView Monitor
B. This information can only be viewed withfw ctl pstat command from the CLI.
C. Eventia Analyzer D. SmartView Tracker
Answer: A
QUESTION NO: 128
Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram
shows:Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how do you achieve this requirement?
ActualTests.com
A. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object;
Destination ?any; Service ?any; Translated source - 200.200.200.5; Destination ?original; Service
?original.
B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the Address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter
200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
Answer: B
QUESTION NO: 129
You have just been hired as the Security Administrator for the Insure-It-All insurance company.
Your manager gives you the following requirements for controlling DNS traffic:
Required Result #1: Accept domain-name-over-TCP traffic (zone-transfer traffic).
Required Result #2: Log domain-name-over-TCP traffic (zone-transfer traffic).
Desired Result #1: Accept domain-name-over-UDP traffic (queries traffic).
Desired Result #2: Do not log domain-name-over-UDP traffic (queries traffic).
ActualTests.com
Desired Result #3: Do not clutter the Rule Base by creating explicit rules for traffic that can be controlled using Global Properties.
To begin, you make the following configuration changes, and install the Security Policy:
?Select the box "Accept Domain Name over TCP (Zone Transfer)" in Global Properties.
?Select the box "Accept Domain Name over UDP (Queries)" in Global Properties.
?Select the box "Log Implied Rules" in Global Properties.
Do your initial actions meet the required and desired results?
A. The actions meet all required results, and none of the desired results.
B. The actions meet the required results, and two of the desired results.
C. The actions meet all required and desired results.
D. The actions meet not meet the required results.
Answer: B
QUESTION NO: 130
You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked?
A. Highlight the suspicious connection inSmartView Tracker > Active mode. Block it using Tools >
Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".
B. Highlight the suspicious connection inSmartView Tracker > Active mode. Block it using Tools >
Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
C. Highlight the suspicious connection inSmartView Tracker > Log mode. Block it using Tools >
Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
D. Highlight the suspicious connection inSmartView Tracker > Log mode. Block it using Tools >
Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".
Answer: B
QUESTION NO: 131
ActualTests.com
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Hidden rules are already effectively disabled from Security Gateway enforcement.
B. Right-click on the Hidden rule place-holder bar in the Rule Base and select "Disable Rule(s)".
C. Right-click on the Hidden rule place-holder bar in the Rule Base and uncheck "hide", then right-click and select "Disable Rule(s)", re-hide the rule.
D. Use the search utility in theSmartDashboard to view all hidden rules. Select the relevant rule and select "Disable Rule (s)".
Answer: C
QUESTION NO: 132
You enable Sweep Scan Protection and Host port scan in SmartDefense to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user's system infected with a worm. Will you get all the information you need from these actions?
A. No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
B. No. TheseSmartDefense protections will only block the traffic, but it will not provide a detailed analysis of the traffic.
C. No. The logs and alert can provide a further level information, but determining whether the attack is intentional or a worm requires further research.
D. Yes.SmartDefense will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
Answer: C
QUESTION NO: 133
Which of the following commands can provide the most complete restore of an NGX R65 configuration?
A. upgrade_import B. cpconfig
C. cpinfo -i D. fwm dbimport
Answer: A
QUESTION NO: 134
ActualTests.com
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
A. Place a static host route on the ISP router from the valid IP address to the firewall's external address
B. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address C. Place a static host route on the firewall from the valid IP address to the internal web server D. Publish a proxy ARP entry on the internal web server instead of the firewall for the valid IP address
Answer: A
QUESTION NO: 135
Your online bookstore has customers connecting to a variety of Web servers to place or change orders, and check order status. You ran penetration tests through the Security Gateway, to determine if the Web servers were protected from a recent series of cross-site scripting attacks.
The penetration testing indicated the Web servers were still vulnerable. You have checked every box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. The penetration software you are using is malfunctioning and is reporting a false-positive.
B. Configure the Security Gateway protecting the Web servers as a Web server.
C. Check the "Products > Web Server" box on the host node objects representing your Web servers.
D. Check the "Web Intelligence" box in theSmartDefense > HTTP Protocol Inspection.
Answer: D
QUESTION NO: 136
Upon checking SmartView Monitor, you find the following Critical Problem notification.What is the reason?
ActualTests.com
A. No Security Policy installed on the Security Gateway
B. Time not synchronized between theSmartCenter Server and Security Gateway
C. No Secure Internal Communications established between theSmartCenter Server and Security Gateway
D. Version mismatch between theSmartCenter Server and Security Gateway
Answer: A
QUESTION NO: 137
Which of the following statements accurately describes the upgrade_export command?
A. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
B. upgrade_export stores network-configuration data, all settings configured by the WebUI, and the database of user settings prior to upgrading the SmartCenter Server.
C. Used when upgrading the Security Gateway,upgrade_export includes modified files, such as in the /lib directory.
D. Used primarily when upgrading theSmartCenter Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of VPN-1.
Answer: D
QUESTION NO: 138
What are the results of the command: fw sam [Target IP Address]?
ActualTests.com
A. Connections from the specified target are blocked without the need to change the Security Policy
B. Connections to the specified target are blocked without the need to change the Security Policy C. The Security Policy is compiled and installed on the target's embedded VPN/FireWall Modules D. Connections to and from the specified target are blocked without the need to change the Security Policy
Answer: D
QUESTION NO: 139
In a distributed management environment, the administrator has removed the default check from
"Accept VPN-1 Power/UTM Control Connections" under the Policy > Global Properties > Firewall tab. In order for the SmartCenter Server to install a policy to the Firewall an explicit rule must be created to allow the SmartCenter Server to communicate to the Security Gateway on port ______
A. 900 B. 259 C. 256 D. 80
Answer: C
QUESTION NO: 140
When you change an implicit rule's order from "last" to "first" in Global Properties, how do you make the change take effect?
A. Select save from the file menu.
B. Reinstall the Security Policy.
C. Select install database from the Policy menu.
D. Runfw fetch from the Security Gateway.
Answer: B
QUESTION NO: 141
Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate
layer 4 awareness in packet inspection?
ActualTests.com
A. Stateful Inspection B. SmartDefense
C. Application Intelligence D. Packet filtering
Answer: A
QUESTION NO: 142
Which SmartConsole component can Administrators use to track remote administrative activities?
A. TheWebUI
B. SmartView Monitor C. Eventia Reporter D. SmartView Tracker
Answer: D
QUESTION NO: 143
Which statement below is TRUE about management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
C. A management plug-in interacts with aSmartCenter Server to provide new features and support for new products.
D. Installing a management plug-in is just like an upgrade process. (It overwrites existing components.)
Answer: C
QUESTION NO: 144
It is required to completely reboot the OS after which of the following changes are made on the Security
Gateway?
i.e. cprestart command is not sufficient
1. Adding a hot-swappable NIC to the OS for the first time.
2. Uninstalling the VPN-1 Power/UTM package.
ActualTests.com
3. Installing the VPN-1 Power/UTM package.
4. Re-establishing SIC to the SmartCenter Server.
5. Doubling the maximum number of connections accepted by the Security Gateway
A. 1, 2, 3 only B. 3 only
C. 3, 4, and 5 only D. 1, 2, 3, 4, and 5
Answer: A
QUESTION NO: 145
In a "Stand-Alone Installation" the functionality of the SmartCenter Server would be installed together with which other Check Point architecture component?
A. SecureClient B. SmartConsole C. Security Gateway
D. None,SmartCenter Server would be installed by itself
Answer: C
QUESTION NO: 146
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a
central license for one remote Security Gateway. You must request a central license:
A. Using yourSmartCenter Server's IP address, attach the license to the remote Gateway via SmartUpdate.
B. Using the remote Gateway's IP address, attach the license to the remote Gateway viaSmartUpdate.
C. Using each of the Gateways' IP addresses, apply the licenses on theSmartCenter Server with the cprlic
put command.
D. Using the remote Gateway's IP address, apply the license locally with thecplic put command.
Answer: A
ActualTests.com
QUESTION NO: 147
You are installing a SmartCenter server. Your security plan calls for three administrators for this particular server. How many can you create during installation?
A. As many as you want
B. Depends on the license installed on theSmartCenter Server C. Only one with full access and one with read-only access D. Only one
Answer: D
QUESTION NO: 148
When launching SmartDashboard, what information is required to log into VPN-1 NGX R65?
A. User Name,SmartCenter Server IP, certificate fingerprint file B. Password,SmartCenter Server IP
C. User Name, Password,SmartCenter Server IP D. Password,SmartCenter Server IP, LDAP Server
Answer: C
QUESTION NO: 149
Your bank's distributed VPN-1 NGX R65 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
A. SmartUpdate B. SmartPortal C. SmartDashboard D. SmartView Tracker
Answer: A
QUESTION NO: 150
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas.
Management wants a report detailing the current software level of each Enterprise class Security Gateway.
You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to
ActualTests.com
upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
A. SmartView Monitor and SmartUpdate B. SmartLSM and SmartUpdate
C. SmartView Tracker and SmartView Monitor D. SmartDashboard and SmartView Tracker
Answer: A
QUESTION NO: 151
Which of the following are available SmartConsole clients which can be installed from the R65 NGX
Windows CD? Read all answers and select the most complete and valid list.
A. SmartView Tracker, CPINFO, SmartUpdate
B. Security Policy Editor, Log Viewer, Real Time Monitor GUI
C. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status D. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
Answer: D
QUESTION NO: 152
Which R65 SmartConsole tool would you use to verify the current installed Security Policy name on a
Security Gateway?
A. SmartView Status B. SmartUpdate C. SmartView Monitor
D. None,SmartConsole applications only communicate with the SmartCenter Server.
Answer: C
QUESTION NO: 153
Which R65 SmartConsole tool would you use to verify the installed Security Policy name on a Security
Gateway?
ActualTests.com
A. SmartUpdate
B. None,SmartConsole applications only communicate with the SmartCenter Server.
C. SmartView Server D. SmartView Tracker
Answer: D
QUESTION NO: 154
Which SmartConsole tool would you use to see the last policy pushed in the audit log?
A. SmartView Status B. SmartView Server C. SmartView Monitor D. SmartView Tracker
Answer: D
QUESTION NO: 155
VPN-1 NGX R65's INSPECT Engine inserts itself into the kernel between which two layers of the OSI
model?
A. Presentation and Application B. Session and Transport C. Data and Network D. Physical and Data
Answer: C
QUESTION NO: 156
Your current security scenario gives you the option to choose between a stand-alone installation and a distributed installation. Which of the following factors would cause you to decide in favor of the distributed installation?
A. You are forced to use Windows as operating system.
B. You cannot upgrade software packages on a stand-alone Security Gateway viaSmartUpdate.
C. Clientless VPN would not work in a stand-alone installation.
D. TheSmartCenter Server must be a secondary server. You are forced to install a separate primary server.
ActualTests.com
Answer: B
QUESTION NO: 157
The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model?
A. Network and Data Link layers B. Session and Network layers
C. Application and Presentation layers D. Physical and Data Link layers
Answer: A
QUESTION NO: 158
UDP packets are delivered if they are ___________.
A. bypassing the kernel by the "forwarding layer" ofClusterXL
B. a legal response to an allowed request on the inverse UDP ports and IP C. astateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP D. referenced in the SAM related dynamic tables
Answer: B
QUESTION NO: 159
UDP packets are delivered if they are ___________.
A. a new client > server packet allowed by the Rule Base B. a new server > client packet allowed by the Rule Base
C. astateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
D. any UDP packet in any direction (client > server; server > client) allowed by the Rule Base
Answer: A
QUESTION NO: 160
Once installed, the VPN-1 NGX R65 kernel resides directly below what layer of the TCP/IP stack?
Note: Application is the top and Physical is the bottom of the IP stack.
ActualTests.com
A. Data Link B. Network C. Session D. Transport
Answer: B
QUESTION NO: 161
How do you view a Security Administrator's activities, using SmartConsole tools?
A. Eventia Suite
B. SmartView Monitor using the Administrator Activity filter C. SmartView Tracker in Audit mode
D. SmartView Tracker in Log mode
Answer: C