Question1: Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?
Question2: Which of the following is true of a Stealth Rule?
Question3: Can you use Captive Portal with HTTPS?
Question4: An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
Question5: You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?

Question6: With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms).
How do you solve this problem?
Question7: Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
Question8: What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?
Question9: The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?
Question10: How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?
Question11: Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address.
Which answer below will accomplish the steps needed to complete this task?
Question12: Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?
Question13: You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error:
Could not save <query-name> (Error: Database is Read Only)
Which of the following is a likely explanation for this?
Question14: Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?
Question15: If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?
Question16: Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
Question17: Exhibit:

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?
Question18: Choose the correct statement regarding Implied Rules:
Question19: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Question20: Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?
Question21: Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?
Question22: Where do you verify that UserDirectory is enabled?
Question23: In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?
Question24: When attempting to connect with SecureClient Mobile you get the following error message:
The certificate provided is invalid. Please provide the username and password.
What is the probable cause of the error?
Question25: Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?
Question26: One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
Question27: Which authentication type requires specifying a contact agent in the Rule Base?
Question28: Match the terms with their definitions:
Exhibit:

Question29: You would use the Hide Rule feature to:
Question30: What does SmartUpdate allow you to do?
Question31: Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
Ms. McHanry tries to access the resource but is unable. What should she do?
Question32: You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?
Question33: Choose the SmartLog property that is TRUE.
Question34: ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:
Question35: Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of the correct URL to enter; which one below will she need to use?
Question36: If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?
Question37: Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the command cpconfig and put in the same activation key in the Gateway's object on the Security Management Server.
Unfortunately, SIC can not be established. What is a possible reason for the problem?
Question38: Which of the following methods is NOT used by Identity Awareness to catalog identities?
Question39: You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target.
What is the problem?
Question40: Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?
Question41: When restoring R77 using the command upgrade_import, which of the following items are NOT restored?
Question42: What is the difference between Standard and Specific Sign On methods?
Question43: Which of the following describes the default behavior of an R77 Security Gateway?
Question44: Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
Question45: Which command allows Security Policy name and install date verification on a Security Gateway?
Question46: You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.
How can you do this?
Question47: What command syntax would you use to turn on PDP logging in a distributed environment?
Question48: The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
Question49: The customer has a small Check Point installation which includes one Windows 7 workstation as the SmartConsole, one GAiA device working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):
Question50: You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

Unfortunately, you get the message.
"There are no machines that contain Firewall Blade and SmartView Monitor."

What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
Question51: Which of the following items should be configured for the Security Management Server to authenticate via LDAP?
Question52: During which step in the installation process is it necessary to note the fingerprint for first-time verification?
Question53: You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastest method to block this intruder from accessing your network indefinitely?
Question54: Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.
Question55: Match the following commands to their correct function. Each command has one function only listed.
Exhibit:

Question56: In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.
Question57: Which of the following methods will provide the most complete backup of an R77 configuration?
Question58: Which of the following is a CLI command for Security Gateway R77?
Question59: Static NAT connections, by default, translate on which firewall kernel inspection point?
Question60: You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?
Question61: By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:
Question62: A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?
Question63: To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
Question64: Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.
Exhibit:

Exhibit:
Question65: Anti-Spoofing is typically set up on which object type?
Question66: Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
Question67: A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway.
With the default settings in place for NAT, the initiating packet will translate the _________.
Question68: What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
Question69: You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?
Exhibit:

Question70: Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?
Question71: Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?
Question72: Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
Question73: You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?
Question74: The SIC certificate is stored in the directory _______________.
Question75: Which of the following is NOT a valid option when configuring access for Captive Portal?
Question76: NAT can NOT be configured on which of the following objects?
Question77: When you change an implicit rule's order from Last to First in Global Properties, how do you make the change take effect?
Question78: What port is used for communication to the User Center with SmartUpdate?
Question79: A _______ rule is used to prevent all traffic going to the R77 Security Gateway.
Question80: Which of the following is an authentication method used by Identity Awareness?
Question81: SmartUpdate is mainly for which kind of work -
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Creating a Rule Base
Question82: Exhibit:

Of the following, what parameters will not be preserved when using Database Revision Control?
Question83: What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
Question84: Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
Question85: Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?
Question86: Which component functions as the Internal Certificate Authority for R77?
Question87: How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activity during production hours?
Question88: To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?
Question89: You want to configure a mail alert for every time the policy is installed to a specific Gateway.
Where would you configure this alert?
Question90: The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign- On (SSO).
What is not a recommended usage of this method?
Question91: How granular may an administrator filter an Access Role with identity awareness? Per:
Question92: You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base.
Which of the following is the most likely cause?
Question93: Which set of objects have an Authentication tab?
Question94: After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
Question95: You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas.
Management wants a report detailing the current software level of each Enterprise class Security Gateway.
You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
Question96: You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner's access?
Question97: What statement is true regarding Visitor Mode?
Question98: Exhibit:

You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
Question99: Message digests use which of the following?
Question100: Where does the security administrator activate Identity Awareness within SmartDashboard?
Question101: When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?
Exhibit:

Question102: Which of the following is a viable consideration when determining Rule Base order?
Question103: What command syntax would you use to see accounts the gateway suspects are service accounts?
Question104: Which R77 GUI would you use to see the number of packets accepted since the last policy install?
Question105: Where would an administrator enable Implied Rules logging?
Question106: You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?
Question107: Identify the ports to which the Client Authentication daemon listens by default.
Question108: Which command displays the installed Security Gateway version?
Question109: Which command gives an overview of your installed licenses?
Question110: What is the purpose of an Identity Agent?
Question111: An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG.
Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep- alive packet every minute.
Which of the following is the BEST explanation for this behavior?
Question112: An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP address of the Security Gateway.
You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
Question113: The INSPECT engine inserts itself into the kernel between which two OSI model layers?
Question114: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Question115: You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
Question116: What information is found in the SmartView Tracker Management log?
Question117: When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?
Question118: Which directory holds the SmartLog index files by default?
Question119: An advantage of using central instead of local licensing is:
Question120: The User Directory Software Blade is used to integrate which of the following with Security Gateway R77?
Question121: Which of these Security Policy changes optimize Security Gateway performance?
Question122: As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
Question123: Lilly needs to review VPN History counters for the last week.
Where would she do this?
Question124: Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?
Question125: Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?
Question126: All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:
Question127: You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?
Question128: Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?
Question129: Certificates for Security Gateways are created during a simple initialization from _____________.
Question130: What happens if the identity of a user is known?
Question131: You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface.
You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?
Question132: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Question133: You have a diskless appliance platform. How do you keep swap file wear to a minimum?
Question134: You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install a Security Policy.
Which of the following is a possible cause?
Question135: What happens when you run the command. fw sam -J src [Source IP Address]?
Question136: How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
Question137: Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?
Exhibit:

Question138: What happens when you open the Gateway object window Trusted Communication and press and confirm Reset?
Exhibit:

Question139: Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
Question140: Which of the following statements BEST describes Check Point's Hide Network Address Translation method?
Question141: A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
Question142: Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
Question143: Which authentication type permits five different sign-on methods in the authentication properties window?
Question144: Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?
Question145: Which feature in R77 permits blocking specific IP addresses for a specified time period?
Question146: How can you check whether IP forwarding is enabled on an IP Security Appliance?
Question147: Which tool CANNOT be launched from SmartUpdate R77?
Question148: What happens if the identity of a user is known?
Question149: The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway.
This is an example of a(n):
Question150: ______________ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.
Question151: When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?
Question152: How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?
Question153: The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
Question154: Identity Awareness is implemented to manage access to protected resources based on a user's
_____________.
Question155: The R77 fw monitor utility is used to troubleshoot which of the following problems?
Question156: When using LDAP as an authentication method for Identity Awareness, the query:
Question157: Tom has been tasked to install Check Point R77 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Question158: When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to
00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

As expert user, issue these commands:

Question159: Which of these components does NOT require a Security Gateway R77 license?
Question160: Exhibit:

You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?
Question161: You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.
Question162: Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:
Question163: Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?
Question164: Which command allows you to view the contents of an R77 table?
Question165: Which command enables IP forwarding on IPSO?
Question166: Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
Exhibit:

Question167: In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
Question168: How do you configure an alert in SmartView Monitor?
Question169: You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicions?
Question170: Which of the following options is available with the GAiA cpconfig utility on a Management Server?
Question171: What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?
Question172: Which of the following objects is a valid source in an authentication rule?
Question173: Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
Question174: Which of the following is a viable consideration when determining Rule Base order?
Question175: While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.
Question176: A digital signature:
Question177: When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External. What does the option Interface leads to DMZ mean? Exhibit:

Question178: What is the syntax for uninstalling a package using newpkg?
Question179: How can you activate the SNMP daemon on a Check Point Security Management Server?
Question180: Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?
Question181: You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
Question182: You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?
Question183: Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
Question184: Review the rules.

Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
Question185: What are you required to do before running the command upgrade_export?
Question186: Which of the following is NOT defined by an Access Role object?
Question187: The Captive Portal tool:
Question188: Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:
Question189: Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP's have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.
Question190: In which Rule Base can you implement an Access Role?
Question191: Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server.
Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?
Question192: Select the TRUE statements about the Rule Base shown? Exhibit:

1) HTTP traffic from webrome to websingapore will be encrypted.
2) HTTP traffic from websingapore to webrome will be encrypted.
3) HTTP traffic from webrome to websingapore will be authenticated.
4) HTTP traffic from websingapore to webrome will be blocked.
Question193: Central license management allows a Security Administrator to perform which of the following functions?
1. Check for expired licenses.
2. Sort licenses and view license properties.
3. Attach both R77 Central and Local licesnes to a remote module.
4. Delete both R77 Local Licenses and Central licenses from a remote module.
5. Add or remove a license to or from the license repository.
6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).
Question194: Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?
Question195: Which NAT option is available for Manual NAT as well as Automatic NAT?
Question196: When you hide a rule in a Rule Base, how can you then disable the rule?
Question197: You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?
Question198: Which of the following commands can provide the most complete restoration of a R77 configuration?
Question199: What is a Consolidation Policy?
Question200: A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?
Question201: Where are SmartEvent licenses installed?
Question202: A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?
Question203: What happens if you select Web Server in the dialog box? Exhibit:

Question204: What information is found in the SmartView Tracker Management log?
Question205: Which statement is TRUE about implicit rules?
Question206: How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?
Question207: You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible? Exhibit:

Question208: Which of the following tools is used to generate a Security Gateway R77 configuration report?
Question209: What type of traffic can be re-directed to the Captive Portal?
Question210: The customer has a small Check Point installation which includes one Windows 2008 server as the SmartConsole and a second server running GAiA as both Security Management Server and the Security Gateway. This is an example of a(n):
Question211: An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.
Question212: Which of the following uses the same key to decrypt as it does to encrypt?
Question213: Which of the following is true of the Cleanup rule?
Question214: You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy. What additional steps are required for this to function correctly?
Question215: What is a possible reason for the IKE failure shown in this screenshot?

Question216: You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
Question217: You have three servers located in a DMZ, using private IP addresses. You want internal users from
10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?
Question218: Where can you find the Check Point's SNMP MIB file?
Question219: You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
Question220: Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
Question221: You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?
Question222: When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?
Question223: What action can be performed from SmartUpdate R77?
Question224: MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?
Question225: VPN gateways must authenticate to each other prior to exchanging information.
What are the two types of credentials used for authentication?
Question226: How many packets are required for IKE Phase 2?
Question227: Choose the correct statement regarding Stealth Rules:
Question228: Which command displays the installed Security Gateway kernel version?
Question229: You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community? Exhibit:

Question230: Which of the following statements accurately describes the command upgrade_export?
Question231: One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
Question232: Jack has been asked do enable Identify Awareness.
What are the three methods for Acquiring Identify available in the Identify Awareness Configuration Wizard?
Question233: Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using
200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
Question234: SmartView Tracker R77 consists of three different modes. They are:
Question235: You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?
Question236: Which rule is responsible for the client authentication failure? Exhibit:

Question237: You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
Question238: Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
Question239: What action CANNOT be run from SmartUpdate R77?
Question240: True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.
Question241: Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?
Question242: In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.
Question243: Which rule is responsible for the installation failure? Exhibit:

Question244: SmartView Monitor is mainly for which kind of work -
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Managing VPN Tunnels
Question245: You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
SourcE. Any || Destination: web_public_IP || ServicE. Any || Translated SourcE. original || Translated Destination: web_private_IP || ServicE. Original
"web_public_IP ? is the node object that represents the new Web server's public IP address.
"web_private_IP ? is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed ?.
Which of the following is NOT a possible reason?
Question246: Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?
Question247: Which rule is responsible for the installation failure? Exhibit:

Question248: Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:
Question249: Where is the fingerprint generated, based on the output display? Exhibit:

Question250: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.
The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk.
The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?
Question251: All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
Question252: You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:
Question253: Which of these attributes would be critical for a site-to-site VPN?
Question254: Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
Question255: As you review this Security Policy, what changes could you make to accommodate Rule 4? Exhibit:

Question256: Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?
Question257: Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?
Question258: Which of the following statements is TRUE about management plug-ins?
Question259: Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
Question260: Where is the easiest and BEST place to find information about connections between two machines?
Question261: Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?
Question262: You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.)
1. Adding a hot-swappable NIC to the Operating System for the first time.
2. Uninstalling the R77 Power/UTM package.
3. Installing the R77 Power/UTM package.
4. Re-establishing SIC to the Security Management Server.
5. Doubling the maximum number of connections accepted by the Security Gateway.
Question263: Which of the following is a viable consideration when determining Rule Base order?
Question264: How many packets does the IKE exchange use for Phase 1 Aggressive Mode?
Question265: Central license management allows a Security Administrator to perform which of the following functions?
1. Check for expired licenses.
2. Sort licenses and view license properties.
3. Attach both R77 Central and Local licesnes to a remote module.
4. Delete both R77 Local Licenses and Central licenses from a remote module.
5. Add or remove a license to or from the license repository.
6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).
Question266: What CANNOT be configured for existing connections during a policy install?
Question267: In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
Question268: What is the default setting when you use NAT?
Question269: How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?
Question270: Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?
Question271: John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
"Trust established ?
SIC still does not seem to work because the policy won't install and interface fetching does not work. What might be a reason for this?
Question272: What is the officially accepted diagnostic tool for IP Appliance Support?
Question273: You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.
Question274: You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
Question275: Which of the following is a hash algorithm?
Question276: Security Gateway R77 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.
Question277: Which of the below is the MOST correct process to reset SIC from SmartDashboard?
Question278: How many packets does the IKE exchange use for Phase 1 Main Mode?
Question279: UDP packets are delivered if they are ___________.
Question280: Which type of R77 Security Server does not provide User Authentication?
Question281: Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
Question282: The fw monitor utility is used to troubleshoot which of the following problems?
Question283: If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?
Question284: Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?
Question285: Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
Question286: When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?
Question287: Where do we need to reset the SIC on a gateway object?
Question288: Which of the following can be found in cpinfo from an enforcement point?
Question289: You are MegaCorp's Security Administrator. There are various network objects which must be NATed.
Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method.
What is the rule order if both methods are used together? Give the BEST answer.
Question290: Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.
Question291: SmartView Tracker logs the following Security Administrator activities, EXCEPT:
Question292: Which item below in a Security Policy would be enforced first?
Question293: Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
Question294: When launching SmartDashboard, what information is required to log into R77?
Question295: You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.
Question296: Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?
Question297: In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs.
What can you do to keep old log files, when free space falls below 45 MB?
Question298: When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?
Exhibit:

Question299: You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?
Question300: Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?
Question301: A Cleanup rule:
Question302: Which rule position in the Rule Base should hold the Cleanup Rule? Why?
Question303: The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect.

Which troubleshooting suggestion will NOT help him?
Question304: Where can an administrator configure the notification action in the event of a policy install time change?
Question305: What is also referred to as Dynamic NAT?
Question306: What command with appropriate switches would you use to test Identity Awareness connectivity?
Question307: You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
Question308: You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.
The Security Management Server is running under GAiA, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?
Question309: You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
Question310: When using an encryption algorithm, which is generally considered the best encryption method?
Question311: Which answer below best describes the Administrator Auditing options available in SmartView Tracker?
Question312: Which rules are not applied on a first-match basis?
Question313: Is it possible to track the number of connections each rule matches in a Rule Base?
Question314: When translation occurs using automatic Hide NAT, what also happens?
Question315: You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
Question316: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
Question317: Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?
Question318: Which of the following is NOT true for Clientless VPN?
Question319: Which SmartConsole component can Administrators use to track changes to the Rule Base?
Question320: You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.

When you attempt to configure the Express Report, you are unable to select this Gateway.

What is the reason for this behavior? Give the BEST answer.
Question321: In the Rule Base displayed for fwsingapore, user authentication in Rule 4 is configured as fully automatic.
Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect to a server on the Internet?

Question322: What happens when you select File > Export from the SmartView Tracker menu?
Question323: What is the primary benefit of using the command upgrade_export over either backup or snapshot?
Question324: How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?
Question325: Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer.
Question326: Spoofing is a method of:
Question327: Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.
Question328: Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.
Question329: For which service is it NOT possible to configure user authentication?
Question330: Which SmartConsole tool would you use to see the last policy pushed in the audit log?
Question331: You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
Question332: Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.
Question333: If you are experiencing LDAP issues, which of the following should you check?
Question334: Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user?
Question335: Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?
Question336: Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES
256 for IKE phase 2. Why is this a problematic setup?
Question337: Complete this statement. The block Intruder option in the Active log is available ____________.
Question338: Which utility allows you to configure the DHCP service on GAiA from the command line?
Question339: Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?
Question340: Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.
Question341: Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:
Question342: For remote user authentication, which authentication scheme is NOT supported?
Question343: Which of the following actions do NOT take place in IKE Phase 1?
Question344: You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
Question345: How can you activate the SNMP daemon on a Check Point Security Management Server?
Question346: You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:
Question347: You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?
Question348: The Security Gateway is installed on GAiA R77 The default port for the Web User Interface is _______.
Question349: Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
Question350: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect.
How does he solve this problem?
Question351: Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?
Question352: Packages and licenses are loaded into the SmartUpdate repositories from which sources?
Question353: After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
Question354: What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?
Question355: A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
Question356: What is the Manual Client Authentication TELNET port?
Question357: A Security Policy has several database versions. What configuration remains the same no matter which version is used?
Question358: Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?
Question359: Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired ObjectivE. The R77 components that enforce the Security Policies should be backed up at least once a week.
Desired ObjectivE. Back up R77 logs at least once a week.
Your disaster recovery plan is as follows:
- Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
- Configure the organization's routine back up software to back up the files created by the command upgrade_export.
- Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
- Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
- Configure an automatic, nightly logswitch.
- Configure the organization's routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
Question360: A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio- streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?
Question361: You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA.
You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
Question362: You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
Question363: How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address?
Question364: The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka.

Which of the following lists the BEST sequence of steps to troubleshoot this issue?
Question365: Why are certificates preferred over pre-shared keys in an IPsec VPN?