Copy and Edit

Exam 1 - CCSA 156-215 v7

Description

Checkpoint
Gustavo Gonçalves
Quiz by Gustavo Gonçalves, updated more than 1 year ago
Gustavo Gonçalves
Created by Gustavo Gonçalves over 6 years ago
74
1
0

Resource summary

Question 1

Question
QUESTION 1 Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Answer
  • A. TACACS
  • B. Captive Portal
  • C. Check Point Password
  • D. Windows password

Question 2

Question
QUESTION 2 Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Answer
  • A. Check Point Password
  • B. TACACS
  • C. LDAP
  • D. Windows password

Question 3

Question
QUESTION 3 What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?
Answer
  • A. Captive Portal is more secure than standard LDAP
  • B. Nothing, LDAP query is required when configuring Captive Portal
  • C. Captive Portal works with both configured users and guests
  • D. Captive Portal is more transparent to the user

Question 4

Question
QUESTION 4 How granular may an administrator filter an Access Role with identity awareness? Per:
Answer
  • A. Specific ICA Certificate
  • B. AD User
  • C. Radius Group
  • D. Windows Domain

Question 5

Question
QUESTION 5 Can you use Captive Portal with HTTPS?
Answer
  • A. No, it only works with FTP
  • B. No, it only works with FTP and HTTP
  • C. Yes
  • D. No, it only works with HTTP

Question 6

Question
QUESTION 6 Which of the following is NOT defined by an Access Role object?
Answer
  • A. Source Network
  • B. Source Machine
  • C. Source User
  • D. Source Server

Question 7

Question
QUESTION 7 In which Rule Base can you implement an Access Role?
Answer
  • A. DLP
  • B. Mobile Access
  • C. IPS
  • D. Firewall

Question 8

Question
QUESTION 8 Access Role objects define users, machines, and network locations as:
Answer
  • A. Credentialed objects
  • B. Linked objects
  • C. One object
  • D. Separate objects

Question 9

Question
QUESTION 9 Where do you verify that UserDirectory is enabled?
Answer
  • A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
  • D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Question 10

Question
QUESTION 10 Which of the following statements is TRUE about management plug-ins?
Answer
  • A. A management plug-in interacts with a Security Management Server to provide new features and support for new products
  • B. Installing a management plug-in is just like an upgrade process.
  • C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
  • D. The plug-in is a package installed on the Security Gateway.

Question 11

Question
QUESTION 11 You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?
Answer
  • A. One
  • B. Only one with full access and one with read-only access
  • C. As many as you want
  • D. Depends on the license installed on the Security Management Server

Question 12

Question
QUESTION 12 During which step in the installation process is it necessary to note the fingerprint for first-time verification?
Answer
  • A. When configuring the Gateway in the WebUI
  • B. When configuring the Security Management Server using cpconfig
  • C. When establishing SIC between the Security Management Server and the Gateway
  • D. When configuring the Security Gateway object in SmartDashboard

Question 13

Question
QUESTION 13 How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?
Answer
  • A. From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
  • B. Use SmartUpdate to retype the Security Gateway activation key. This will automatically sync SIC to both the Security Management Server and Gateway.
  • C. From the Security Management Server's command line, type fw putkey -p <shared key> <IP Address of Security Gateway>.
  • D. Run the command fwm sic_reset to reinitialize the Security Management Server Internal Certificate Authority (ICA). Then retype the activation key on the Security Gateway from SmartDashboard.

Question 14

Question
QUESTION 14 How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?
Answer
  • A. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account.
  • B. Type cpm -a, and provide the existing Administrator's account name. Reset the Security Administrator's password.
  • C. Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.
  • D. Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.

Question 15

Question
QUESTION 15 The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?
Answer
  • A. Check if some intermediate network device has a wrong routing table entry, VLAN assignment, duplexmismatch, or trunk issue.
  • B. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client.
  • C. Verify the SIC initialization.
  • D. Verify that the Rule Base explicitly allows management connections.

Question 16

Question
QUESTION 16 You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.) 1. Adding a hot-swappable NIC to the Operating System for the first time. 2. Uninstalling the R77 Power/UTM package. 3. Installing the R77 Power/UTM package. 4. Re-establishing SIC to the Security Management Server. 5. Doubling the maximum number of connections accepted by the Security Gateway.
Answer
  • A. 3 only
  • B. 1, 2, 3, 4, and 5
  • C. 2, 3 only
  • D. 3, 4, and 5 only

Question 17

Question
QUESTION 17 The Security Gateway is installed on GAiA R77 The default port for the Web User Interface is _______.
Answer
  • A. TCP 18211
  • B. TCP 443
  • C. TCP 4433
  • D. TCP 257

Question 18

Question
QUESTION 18 Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?
Answer
  • A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server.
  • B. You first need to run the command fw unloadlocal on the new Security Gateway.
  • C. You first need to initialize SIC in SmartUpdate.
  • D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

Question 19

Question
QUESTION 19 An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
Answer
  • A. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
  • B. You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
  • C. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway's topology.
  • D. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

Question 20

Question
QUESTION 20 How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?
Answer
  • A. Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
  • B. As expert user Type fwm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.
  • C. Type cpm -a, and provide the existing administrator's account name. Reset the Security Administrator's password.
  • D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.

Question 21

Question
QUESTION 21 You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
Answer
  • A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
  • B. An office mode address must be obtained by the client.
  • C. The SNX client application must be installed on the client.
  • D. Active-X must be allowed on the client.

Question 22

Question
QUESTION 22 The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka. Which of the following lists the BEST sequence of steps to troubleshoot this issue?
Image:
22 (binary/octet-stream)
Answer
  • A. Check for matching OS and product versions of the Security Management Server and the client. Then, ping the Gateways to verify connectivity. If successful, scan the log files for any denied management packets.
  • B. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machine. Then, test for firewall rules that deny management access to the target. If successful, verify that pcosaka is a valid client IP address.
  • C. Check the allowed clients and users on the Security Management Server. If pcosaka and your user account are valid, check for network problems. If there are no network related issues, this is likely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful, open a case with Technical Support.
  • D. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo, verify management connectivity and Rule Base. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic.

Question 23

Question
QUESTION 23 Where is the fingerprint generated, based on the output display?
Image:
23 (binary/octet-stream)
Answer
  • A. SmartConsole
  • B. SmartUpdate
  • C. Security Management Server
  • D. SmartDashboard

Question 24

Question
QUESTION 24 Match the following commands to their correct function. Each command has one function only listed. Exhibit:
Image:
24 (binary/octet-stream)
Answer
  • A. C1>F6; C2>F4; C3>F2; C4>F5
  • B. C1>F2; C2>F1; C3>F6; C4>F4
  • C. C1>F2; C2>F4; C3>F1; C4>F5
  • D. C1>F4; C2>F6; C3>F3; C4>F2

Question 25

Question
QUESTION 25 Which command displays the installed Security Gateway version?
Answer
  • A. fw printver
  • B. fw ver
  • C. fw stat
  • D. cpstat -gw

Question 26

Question
QUESTION 26 Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?
Answer
  • A. cpstat fwd
  • B. fw ver
  • C. fw stat
  • D. fw ctl pstat

Question 27

Question
QUESTION 27 Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?
Answer
  • A. Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.
  • B. Run the command revert to restore the snapshot, establish SIC, and install the Policy.
  • C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
  • D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.

Question 28

Question
QUESTION 28 Which of the following statements accurately describes the command upgrade_export?
Answer
  • A. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
  • B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
  • C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • D. This command is no longer supported in GAiA.

Question 29

Question
QUESTION 29 What are you required to do before running the command upgrade_export?
Answer
  • A. Run a cpstop on the Security Gateway.
  • B. Run a cpstop on the Security Management Server.
  • C. Close all GUI clients.
  • D. Run cpconfig and set yourself up as a GUI client.

Question 30

Question
QUESTION 30 A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?
Answer
  • A. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
  • B. As expert user, type the command snapshot -r MySnapshot.tgz.
  • C. As expert user, type the command revert --file MySnapshot.tgz.
  • D. As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.

Question 31

Question
QUESTION 31 What is the primary benefit of using the command upgrade_export over either backup or snapshot?
Answer
  • A. upgrade_export is operating system independent and can be used when backup or snapshot is not available.
  • B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
  • D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.

Question 32

Question
QUESTION 32 What is the syntax for uninstalling a package using newpkg?
Answer
  • A. -u <pathname of package>
  • B. -i <full pathname of package>
  • C. -S <pathname of package>
  • D. newpkg CANNOT be used to uninstall a package

Question 33

Question
QUESTION 33 Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?
Answer
  • A. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
  • B. Using the native GAiA backup utility from command line or in the Web based user interface.
  • C. Using the command upgrade_export.
  • D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Question 34

Question
QUESTION 34 You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
Answer
  • A. Manual copies of the directory $FWDIR/conf
  • B. GAiA back up utilities
  • C. upgrade_export and upgrade_import commands
  • D. Database Revision Control

Question 35

Question
QUESTION 35 You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?
Answer
  • A. manual backup
  • B. upgrade_export
  • C. backup
  • D. snapshot

Question 36

Question
QUESTION 36 Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?
Answer
  • A. The restore is not possible because the backup file does not have the same build number (version).
  • B. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
  • C. The restore can be done easily by the command restore and copying netconf.C from the production environment.
  • D. A backup cannot be restored, because the binary files are missing.

Question 37

Question
QUESTION 37 Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.
Answer
  • A. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
  • B. Check Point GAiA and SecurePlatform, and Microsoft Windows
  • C. Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
  • D. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows

Question 38

Question
QUESTION 38 You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
Answer
  • A. database revision
  • B. snapshot
  • C. upgrade_export
  • D. backup

Question 39

Question
QUESTION 39 An advantage of using central instead of local licensing is:
Answer
  • A. A license can be taken from one Security Management Server and given to another Security Management Server.
  • B. Only one IP address is used for all licenses
  • C. The license must be renewed when changing the IP address of a Security Gateway. Each module's license has a unique IP address.
  • D. Licenses are automatically attached to their respective Security Gateways.

Question 40

Question
QUESTION 40 You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?
Answer
  • A. Perform the actual license-upgrade process
  • B. Simulate the license-upgrade process
  • C. View the licenses in the SmartUpdate License Repository
  • D. View the status of currently installed licenses

Question 41

Question
QUESTION 41 If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?
Answer
  • A. The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot <object name> <filename>.
  • B. The Administrator must reinstall the last version via the command cprinstall revert <object name> <file name>.
  • C. The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
  • D. GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.

Question 42

Question
QUESTION 42 Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?
Answer
  • A. SmartUpdate will start a new installation process if the machine is rebooted.
  • B. It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten
  • C. It contains your security configuration, which could be exploited.
  • D. It will conflict with any future upgrades when using SmartUpdate.

Question 43

Question
QUESTION 43 Which of these components does NOT require a Security Gateway R77 license?
Answer
  • A. Security Management Server
  • B. Check Point Gateway
  • C. SmartConsole
  • D. SmartUpdate upgrading/patching

Question 44

Question
QUESTION 44 If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?
Answer
  • A. IPS
  • B. SSL: VPN
  • C. SmartEvent Intro
  • D. Data Loss Prevention

Question 45

Question
QUESTION 45 Central license management allows a Security Administrator to perform which of the following functions? 1. Check for expired licenses. 2. Sort licenses and view license properties. 3. Attach both R77 Central and Local licesnes to a remote module. 4. Delete both R77 Local Licenses and Central licenses from a remote module. 5. Add or remove a license to or from the license repository. 6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).
Answer
  • A. 1, 2, 5, & 6
  • B. 2, 3, 4, & 5
  • C. 2, 5, & 6
  • D. 1, 2, 3, 4, & 5

Question 46

Question
QUESTION 46 Which command gives an overview of your installed licenses?
Answer
  • A. cplicense
  • B. showlic
  • C. fw lic print
  • D. cplic print

Question 47

Question
QUESTION 47 Where are SmartEvent licenses installed?
Answer
  • A. SmartEvent server
  • B. Log Server
  • C. Security Management Server
  • D. Security Gateway

Question 48

Question
QUESTION 48 ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:
Answer
  • A. Export setup
  • B. DHCP Server configuration
  • C. Time & Date
  • D. GUI Clients

Question 49

Question
QUESTION 49 Which of the following options is available with the GAiA cpconfig utility on a Management Server?
Answer
  • A. Export setup
  • B. DHCP Server configuration
  • C. GUI Clients
  • D. Time & Date

Question 50

Question
QUESTION 50 Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
Answer
  • A. fw cpinfo
  • B. cpinfo -o date.cpinfo.txt
  • C. diag
  • D. cpstat - date.cpstat.txt

Question 51

Question
QUESTION 51 Which of the following statements accurately describes the command snapshot?
Answer
  • A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
  • B. snapshot creates a Security Management Server full system-level backup on any OS.
  • C. snapshot stores only the system-configuration settings on the Gateway
  • D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.

Question 52

Question
QUESTION 52 How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
Answer
  • A. fw unload policy
  • B. fw unloadlocal
  • C. fw delete all.all@localhost
  • D. fwm unloadlocal

Question 53

Question
QUESTION 53 How can you check whether IP forwarding is enabled on an IP Security Appliance?
Answer
  • A. clish -c show routing active enable
  • B. cat /proc/sys/net/ipv4/ip_forward
  • C. echo 1 > /proc/sys/net/ipv4/ip_forward
  • D. ipsofwd list

Question 54

Question
QUESTION 54 Which command allows you to view the contents of an R77 table?
Answer
  • A. fw tab -a <tablename>
  • B. fw tab -t <tablename>
  • C. fw tab -s <tablename>
  • D. fw tab -x <tablename>

Question 55

Question
QUESTION 55 Which of the following tools is used to generate a Security Gateway R77 configuration report?
Answer
  • A. fw cpinfo
  • B. infoCP
  • C. cpinfo
  • D. infoview

Question 56

Question
QUESTION 56 Which of the following is a CLI command for Security Gateway R77?
Answer
  • A. fw tab -u
  • B. fw shutdown
  • C. fw merge
  • D. fwm policy_print <policyname>

Question 57

Question
QUESTION 57 You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
Answer
  • A. ethtool
  • B. set interface <options>
  • C. mii_tool
  • D. ifconfig -a

Question 58

Question
QUESTION 58 Which command enables IP forwarding on IPSO?
Answer
  • A. ipsofwd on admin
  • B. echo 0 > /proc/sys/net/ipv4/ip_forward
  • C. clish -c set routing active enable
  • D. echo 1 > /proc/sys/net/ipv4/ip_forward

Question 59

Question
QUESTION 59 Which of the following objects is a valid source in an authentication rule?
Answer
  • A. Host@Any
  • B. User@Network
  • C. User_group@Network
  • D. User@Any

Question 60

Question
QUESTION 60 You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
Answer
  • A. You checked the cache password on desktop option in Global Properties.
  • B. Another rule that accepts HTTP without authentication exists in the Rule Base.
  • C. You have forgotten to place the User Authentication Rule before the Stealth Rule
  • D. Users must use the SecuRemote Client, to use the User Authentication Rule

Question 61

Question
QUESTION 61 Which authentication type requires specifying a contact agent in the Rule Base?
Answer
  • A. Client Authentication with Partially Automatic Sign On
  • B. Client Authentication with Manual Sign On
  • C. User Authentication
  • D. Session Authentication

Question 62

Question
QUESTION 62 What is the difference between Standard and Specific Sign On methods?
Answer
  • A. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties.
  • B. Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user reauthenticate for each service.
  • C. Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect
  • D. Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.

Question 63

Question
QUESTION 63 Which set of objects have an Authentication tab?
Answer
  • A. Templates, Users
  • B. Users, Networks
  • C. Users, User Groups
  • D. Networks, Hosts

Question 64

Question
QUESTION 64 How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
Answer
  • A. By using the Clear User Cache button in SmartDashboard.
  • B. Usernames and passwords only clear from memory after they time out.
  • C. By retrieving LDAP user information using the command fw fetchldap.
  • D. By installing a Security Policy.

Question 65

Question
QUESTION 65 Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
Answer
  • A. External-user group
  • B. LDAP group
  • C. A group with a generic user
  • D. All Users

Question 66

Question
QUESTION 66 Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?
Answer
  • A. Select Ignore Database in the Action Properties window.
  • B. Permit access to Finance_net.
  • C. Select Intersect with user database in the Action Properties window.
  • D. Select Intersect with user database or Ignore Database in the Action Properties window.

Question 67

Question
QUESTION 67 For remote user authentication, which authentication scheme is NOT supported?
Answer
  • A. Check Point Password
  • B. RADIUS
  • C. TACACS
  • D. SecurID

Question 68

Question
QUESTION 68 Review the rules. Assume domain UDP is enabled in the impled rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
Image:
68 (binary/octet-stream)
Answer
  • A. can connect to the Internet successfully after being authenticated.
  • B. is prompted three times before connecting to the Internet successfully.
  • C. can go to the Internet after Telnetting to the client authentication daemon port 259.
  • D. can go to the Internet, without being prompted for authentication.

Question 69

Question
QUESTION 69 Study the Rule base and Client Authentication Action properties screen - After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user?
Image:
66 (binary/octet-stream)
Answer
  • A. user is prompted for authentication by the Security Gateway again.
  • B. FTP data connection is dropped after the user is authenticated successfully.
  • C. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
  • D. FTP connection is dropped by Rule 2.

Question 70

Question
QUESTION 70 One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
Answer
  • A. The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • B. The time on the Security Management Server's clock has changed, which invalidates the remote Gateway's Certificate.
  • C. The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
  • D. There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

Question 71

Question
QUESTION 71 What information is found in the SmartView Tracker Management log?
Answer
  • A. SIC revoke certificate event
  • B. Destination IP address
  • C. Most accessed Rule Base rule
  • D. Number of concurrent IKE negotiations

Question 72

Question
QUESTION 72 What information is found in the SmartView Tracker Management log?
Answer
  • A. Historical reports log
  • B. Policy rule modification date/time stamp
  • C. Destination IP address
  • D. Most accessed Rule Base rule

Question 73

Question
QUESTION 73 What information is found in the SmartView Tracker Management log?
Answer
  • A. Creation of an administrator using cpconfig
  • B. GAiA expert login event
  • C. FTP username authentication failure
  • D. Administrator SmartDashboard logout event

Question 74

Question
QUESTION 74 How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activity during production hours?
Answer
  • A. Select Tunnels view, and generate a report on the statistics.
  • B. Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
  • C. Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.
  • D. View total packets passed through the Security Gateway.

Question 75

Question
QUESTION 75 What happens when you run the command. fw sam -J src [Source IP Address]?
Answer
  • A. Connections from the specified source are blocked without the need to change the Security Policy.
  • B. Connections to the specified target are blocked without the need to change the Security Policy.
  • C. Connections to and from the specified target are blocked without the need to change the Security Policy.
  • D. Connections to and from the specified target are blocked with the need to change the Security Policy.

Question 76

Question
QUESTION 76 An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval. If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keepalive packet every minute. Which of the following is the BEST explanation for this behavior?
Answer
  • A. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
  • B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
  • C. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
  • D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

Question 77

Question
QUESTION 77 Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
Answer
  • A. 514
  • B. 257
  • C. 256
  • D. 258

Question 78

Question
QUESTION 78 You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway. Imag 01: When you attempt to configure the Express Report, you are unable to select this Gateway. imag02 What is the reason for this behavior? Give the BEST answer.
Image:
78 1 (binary/octet-stream)
Answer
  • A. You must enable the Eventia Express Mode on the london Gateway.
  • B. You have the license for Eventia Reporter in Standard mode only.
  • C. You must enable the Express Mode inside Eventia Reporter.
  • D. You must enable Monitoring in the london Gateway object's General Properties.

Question 79

Question
QUESTION 79 In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
Answer
  • A. Rule 0
  • B. Blank field under Rule Number
  • C. Rule 1
  • D. Cleanup Rule

Question 80

Question
QUESTION 80 A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?
Answer
  • A. Eventia Analyzer
  • B. SmartView Tracker
  • C. SmartView Monitor
  • D. This information can only be viewed with the command fw ctl pstat from the CLI.

Question 81

Question
QUESTION 81 You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
Answer
  • A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
  • B. Select Block intruder from the Tools menu in SmartView Tracker.
  • C. Create a Suspicious Activity Rule in SmartView Monitor.
  • D. Add a temporary rule using SmartDashboard and select hide rule.

Question 82

Question
QUESTION 82 In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?
Answer
  • A. Do nothing. Old logs are deleted, until free space is restored.
  • B. Use the command fwm logexport to export the old log files to another location.
  • C. Configure a script to run fw logswitch and SCP the output file to a separate file server.
  • D. Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.

Question 83

Question
QUESTION 83 How do you configure an alert in SmartView Monitor?
Answer
  • A. An alert cannot be configured in SmartView Monitor.
  • B. By choosing the Gateway, and Configure Thresholds.
  • C. By right-clicking on the Gateway, and selecting Properties.
  • D. By right-clicking on the Gateway, and selecting System Information

Question 84

Question
QUESTION 84 True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.
Answer
  • A. True, by right-clicking on the Gateway and selecting Configure Thresholds.
  • B. True, by choosing the Gateway and selecting System Information.
  • C. False, an alert cannot be created for a specified Gateway.
  • D. False, alerts can only be set in SmartDashboard Global Properties.

Question 85

Question
QUESTION 85 Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
Answer
  • A. SmartView Monitor
  • B. SmartUpdate
  • C. SmartView Status
  • D. None, SmartConsole applications only communicate with the Security Management Server.

Question 86

Question
QUESTION 86 Which R77 GUI would you use to see the number of packets accepted since the last policy install?
Answer
  • A. SmartView Monitor
  • B. SmartView Tracker
  • C. SmartDashboard
  • D. SmartView Status

Question 87

Question
QUESTION 87 You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error: Could not save <query-name> (Error: Database is Read Only) Which of the following is a likely explanation for this?
Answer
  • A. Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.
  • B. You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally
  • C. You have read-only rights to the Security Management Server database.
  • D. You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization.

Question 88

Question
QUESTION 88 The R77 fw monitor utility is used to troubleshoot which of the following problems?
Answer
  • A. Traffic issues
  • B. Log Consolidation Engine
  • C. User data base corruption
  • D. Phase two key negotiation

Question 89

Question
QUESTION 89 You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.
Answer
  • A. In the SmartView Tracker, if you activate the column Matching Rate.
  • B. In SmartReporter, in the section Firewall Blade - Activity > Network Activity with information concerning Top Matched Logged Rules.
  • C. SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
  • D. It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

Question 90

Question
QUESTION 90 A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?
Answer
  • A. SmartReporter analyzes all network traffic, logged or not.
  • B. Network traffic cannot be analyzed when the Security Management Server has a high load.
  • C. Turn the field Track of each rule to LOG.
  • D. Configure Additional Logging on an additional log server.

Question 91

Question
QUESTION 91 What is a Consolidation Policy?
Answer
  • A. The collective name of the Security Policy, Address Translation, and IPS Policies.
  • B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
  • C. The collective name of the logs generated by SmartReporter.
  • D. A global Policy used to share a common enforcement policy for multiple Security Gateways.

Question 92

Question
QUESTION 92 Which feature in R77 permits blocking specific IP addresses for a specified time period?
Answer
  • A. Suspicious Activity Monitoring
  • B. HTTP Methods
  • C. Local Interface Spoofing
  • D. Block Port Overflow

Question 93

Question
QUESTION 93 You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:
Answer
  • A. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • B. Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as "dropped?.
  • C. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • D. Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped?.

Question 94

Question
QUESTION 94 Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?
Answer
  • A. Intrusion Detection System (IDS) Policy install
  • B. Change the Rule Base and install the Policy to all Security Gateways
  • C. SAM - Block Intruder feature of SmartView Tracker
  • D. SAM - Suspicious Activity Rules feature of SmartView Monitor

Question 95

Question
QUESTION 95 Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
Answer
  • A. Change the Rule Base and install the Policy to all Security Gateways
  • B. Block Intruder feature of SmartView Tracker
  • C. Intrusion Detection System (IDS) Policy install
  • D. SAM - Suspicious Activity Rules feature of SmartView Monitor

Question 96

Question
QUESTION 96 ______________ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.
Answer
  • A. SmartEvent
  • B. SmartView Status
  • C. SmartUpdate
  • D. SmartView Monitor

Question 97

Question
QUESTION 97 You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor. "There are no machines that contain Firewall Blade and SmartView Monitor." What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
Image:
97 01 (binary/octet-stream)
Answer
  • A. Purchase the SmartView Monitor license for your Security Management Server.
  • B. Enable Monitoring on your Security Management Server.
  • C. Purchase the SmartView Monitor license for your Security Gateway.
  • D. Enable Monitoring on your Security Gateway.

Question 98

Question
QUESTION 98 You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert?
Answer
  • A. In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands
  • B. In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.
  • C. You cannot create a mail alert for Policy installation
  • D. In SmartView Monitor, select Gateway > Configure Thresholds.

Question 99

Question
QUESTION 99 Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
Answer
  • A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.
  • B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.
  • C. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.
  • D. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Question 100

Question
QUESTION 100 You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy. What additional steps are required for this to function correctly?
Answer
  • A. You need to start SSL Network Extender first, then use Visitor Mode.
  • B. Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
  • C. Office mode is not configured.
  • D. The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multi-port no additional changes are necessary.
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

Spanish: Talking About Everyday Things
Niat Habtemariam
OCR AS Biology - Enzymes
Chris Osmundse
CHEMISTRY C1 4
x_clairey_x
English Grammatical Terminology
Fionnghuala Malone
Psychology A1
Ellie Hughes
GCSE Chemistry C4 (OCR)
Usman Rauf
Poetry revision quiz
Sarah Holmes
“The knower’s perspective is essential in the pursuit of knowledge.” To what extent do you agree with this statement?
Lucia Rocha Mejia
AN ECONOMIC OVERVIEW OF IRELAND AND THE WORLD 2015/16
John O'Driscoll
The Skeleton and Muscles
james liew
1PR101 2.test - Část 4.
Nikola Truong
Browse Library