EMT Practice Test

1. Question Content...


Question List

Question1: What is the default setting when you use NAT?

Question2: Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

Question3: Which statement below describes the most correct strategy for implementing a Rule Base?

Question4: You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?

Question5: Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?
Exhibit:

Question6: What is the appropriate default Gaia Portal address?

Question7: NAT can NOT be configured on which of the following objects?

Question8: You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

Question9: SmartUpdate is mainly for which kind of work -
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Creating a Rule Base

Question10: You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base.
Which of the following is the most likely cause?

Question11: Study the Rule base and Client Authentication Action properties screen -

After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user?

Question12: Which R77 GUI would you use to see the number of packets accepted since the last policy install?

Question13: What is a possible reason for the IKE failure shown in this screenshot?

Question14: Where can an administrator configure the notification action in the event of a policy install time change?

Question15: Certificates for Security Gateways are created during a simple initialization from _____________.

Question16: Where do you configure Anti-spoofing?

Question17: What information is found in the SmartView Tracker Management log?

Question18: Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

Question19: Where does the security administrator activate Identity Awareness within SmartDashboard?

Question20: You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.

Question21: You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?

Question22: Which of the following is a hash algorithm?

Question23: SmartView Tracker R77 consists of three different modes. They are:

Question24: You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.

Question25: You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?

Question26: Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the command cpconfig and put in the same activation key in the Gateway's object on the Security Management Server.
Unfortunately, SIC can not be established. What is a possible reason for the problem?

Question27: Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?

Question28: What is the officially accepted diagnostic tool for IP Appliance Support?

Question29: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.
The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk.
The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?

Question30: Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?

Question31: Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?

Question32: You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway's VPN domain?

Question33: Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES
256 for IKE phase 2. Why is this a problematic setup?

Question34: How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?

Question35: Which of the following statements BEST describes Check Point's Hide Network Address Translation method?

Question36: What is the syntax for uninstalling a package using newpkg?

Question37: Which of the following objects is a valid source in an authentication rule?

Question38: Which of the following commands can provide the most complete restoration of a R77 configuration?

Question39: An advantage of using central instead of local licensing is:

Question40: True or FalsE. SmartView Monitor can be used to create alerts on a specified Gateway.

Question41: Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP's have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.

Question42: How do you configure an alert in SmartView Monitor?

Question43: Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?

Question44: The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway.
This is an example of a(n):

Question45: The User Directory Software Blade is used to integrate which of the following with Security Gateway R77?

Question46: Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of the correct URL to enter; which one below will she need to use?

Question47: How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?

Question48: Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?

Question49: Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.

Question50: Which of these attributes would be critical for a site-to-site VPN?

Question51: A Cleanup rule:

Question52: Which of the following is an authentication method used by Identity Awareness?

Question53: You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.
How can you do this?

Question54: What is also referred to as Dynamic NAT?

Question55: When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External. What does the option Interface leads to DMZ mean? Exhibit:

Question56: Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?

Question57: Your company is still using traditional mode VPN configuration on all Gateways and policies. Your manager now requires you to migrate to a simplified VPN policy to benefit from the new features. This needs to be done with no downtime due to critical applications which must run constantly. How would you start such a migration?

Question58: Exhibit:

You plan to create a backup of the rules, objects, policies, and global properties from an R77 Security Management Server. Which of the following backup and restore solutions can you use?

Question59: Exhibit:

Of the following, what parameters will not be preserved when using Database Revision Control?

Question60: John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
"Trust established ?
SIC still does not seem to work because the policy won't install and interface fetching does not work. What might be a reason for this?

Question61: With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms).
How do you solve this problem?

Question62: In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs.
What can you do to keep old log files, when free space falls below 45 MB?

Question63: Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?

Question64: Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?

Question65: You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?

Question66: Which of the following is a viable consideration when determining Rule Base order?

Question67: Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server.
Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?

Question68: What CANNOT be configured for existing connections during a policy install?

Question69: Which of the following is a viable consideration when determining Rule Base order?

Question70: Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?

Question71: Which of the following is true of the Cleanup rule?

Question72: You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?

Question73: You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

Question74: What information is found in the SmartView Tracker Management log?

Question75: Which SmartConsole tool would you use to see the last policy pushed in the audit log?

Question76: Which of the following methods will provide the most complete backup of an R77 configuration?

Question77: When you change an implicit rule's order from Last to First in Global Properties, how do you make the change take effect?

Question78: What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?

Question79: Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

Question80: What is one potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?

Question81: When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?

Question82: How granular may an administrator filter an Access Role with identity awareness? Per:

Question83: Which of these Security Policy changes optimize Security Gateway performance?

Question84: How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address?

Question85: Is it possible to see user activity in SmartView Tracker?

Question86: Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?

Question87: Where are custom queries stored in R77 SmartView Tracker?

Question88: What happens when you select File > Export from the SmartView Tracker menu?

Question89: You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.
The Security Management Server is running under GAiA, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?

Question90: When using LDAP as an authentication method for Identity Awareness, the query:

Question91: Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:

Question92: In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

Question93: Match the terms with their definitions:
Exhibit:

Question94: While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.

Question95: A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

Question96: A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio- streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?

Question97: Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

Question98: The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?

Question99: Identify the ports to which the Client Authentication daemon listens by default.

Question100: After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?

Question101: A Security Policy has several database versions. What configuration remains the same no matter which version is used?

Question102: Which command enables IP forwarding on IPSO?

Question103: In which Rule Base can you implement an Access Role?

Question104: When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?
Exhibit:

Question105: Peter is your new Security Administrator. On his first working day, he is very nervous and enters the wrong password three times. His account is locked. What can be done to unlock Peter's account? Give the BEST answer.

Question106: Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?

Question107: To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

Question108: How are cached usernames and passwords cleared from the memory of a R77 Security Gateway?

Question109: Why are certificates preferred over pre-shared keys in an IPsec VPN?

Question110: Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

Question111: Static NAT connections, by default, translate on which firewall kernel inspection point?

Question112: The customer has a small Check Point installation which includes one Windows 7 workstation as the SmartConsole, one GAiA device working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):

Question113: You have a diskless appliance platform. How do you keep swap file wear to a minimum?

Question114: Which of the following is true of a Stealth Rule?

Question115: If you are experiencing LDAP issues, which of the following should you check?

Question116: Which of the following statements is TRUE about management plug-ins?

Question117: When launching SmartDashboard, what information is required to log into R77?

Question118: ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

Question119: Which NAT option is available for Manual NAT as well as Automatic NAT?

Question120: You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas.
Management wants a report detailing the current software level of each Enterprise class Security Gateway.
You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?

Question121: How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?

Question122: With the User Directory Software Blade, you can create R77 user definitions on a(n) _________ Server.

Question123: Which of the following tools is used to generate a Security Gateway R77 configuration report?

Question124: One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

Question125: UDP packets are delivered if they are ___________.

Question126: You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?

Question127: Which of the following is NOT true for Clientless VPN?

Question128: A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?

Question129: Which authentication type requires specifying a contact agent in the Rule Base?

Question130: You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?

Question131: The Captive Portal tool:

Question132: Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

Question133: Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.

Question134: SmartView Tracker logs the following Security Administrator activities, EXCEPT:

Question135: When restoring R77 using the command upgrade_import, which of the following items are NOT restored?

Question136: You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?

Question137: Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows:

Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using
200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

Question138: What happens when you run the command. fw sam -J src [Source IP Address]?

Question139: Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?

Question140: You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
SourcE. Any || Destination: web_public_IP || ServicE. Any || Translated SourcE. original || Translated Destination: web_private_IP || ServicE. Original
"web_public_IP ? is the node object that represents the new Web server's public IP address.
"web_private_IP ? is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed ?.
Which of the following is NOT a possible reason?

Question141: Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

Question142: What port is used for communication to the User Center with SmartUpdate?

Question143: Complete this statement. The block Intruder option in the Active log is available ____________.

Question144: Looking at the SYN packets in the Wireshark output, select the statement that is true about NAT.
Exhibit:

Question145: Which component functions as the Internal Certificate Authority for R77?

Question146: Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

Question147: Which of the following is true of Hit Count?

Question148: What is the Manual Client Authentication TELNET port?

Question149: Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources' servers should have its own Policy Package. These rules must be installed on this machine and not on the Internet Firewall. How can this be accomplished?

Question150: Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

Question151: Which of the following methods is NOT used by Identity Awareness to catalog identities?

Question152: You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.

Question153: When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?

Question154: You have a mesh VPN Community configured to create a site-to-site VPN. Given the displayed VPN properties, what can you conclude about this community? Exhibit:

Question155: Which utility allows you to configure the DHCP service on GAiA from the command line?

Question156: Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:
Required ObjectivE. The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired ObjectivE. The R77 components that enforce the Security Policies should be backed up at least once a week.
Desired ObjectivE. Back up R77 logs at least once a week.
Your disaster recovery plan is as follows:
- Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
- Configure the organization's routine back up software to back up the files created by the command upgrade_export.
- Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
- Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
- Configure an automatic, nightly logswitch.
- Configure the organization's routine back up software to back up the switched logs every night.
Upon evaluation, your plan:

Question157: Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address.
Which answer below will accomplish the steps needed to complete this task?

Question158: You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.

When you attempt to configure the Express Report, you are unable to select this Gateway.

What is the reason for this behavior? Give the BEST answer.

Question159: How can you activate the SNMP daemon on a Check Point Security Management Server?

Question160: What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?

Question161: Which of the following items should be configured for the Security Management Server to authenticate using LDAP?

Question162: What happens if the identity of a user is known?

Question163: How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?

Question164: Which of the following is a viable consideration when determining Rule Base order?

Question165: VPN gateways must authenticate to each other prior to exchanging information.
What are the two types of credentials used for authentication?

Question166: Which of the following statements accurately describes the command snapshot?

Question167: What CLI utility allows an administrator to capture traffic along the firewall inspection chain?

Question168: Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:

Question169: The fw monitor utility is used to troubleshoot which of the following problems?

Question170: Access Role objects define users, machines, and network locations as:

Question171: All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?

Question172: You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner's access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner's access?

Question173: Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?

Question174: What is the purpose of an Identity Agent?

Question175: What information is found in the SmartView Tracker Management log?

Question176: The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?

Question177: Jack has been asked do enable Identify Awareness.
What are the three methods for Acquiring Identify available in the Identify Awareness Configuration Wizard?

Question178: An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.

Question179: Which of the following describes the default behavior of an R77 Security Gateway?

Question180: Which of the following options is available with the GAiA cpconfig utility on a Management Server?

Question181: A digital signature:

Question182: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?

Question183: All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:

Question184: When translation occurs using automatic Hide NAT, what also happens?

Question185: When attempting to connect with SecureClient Mobile you get the following error message:
The certificate provided is invalid. Please provide the username and password.
What is the probable cause of the error?

Question186: You would use the Hide Rule feature to:

Question187: The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign- On (SSO).
What is not a recommended usage of this method?

Question188: Which authentication type permits five different sign-on methods in the authentication properties window?

Question189: Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:

Question190: Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.

Question191: What are you required to do before running the command upgrade_export?

Question192: You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

Unfortunately, you get the message.
"There are no machines that contain Firewall Blade and SmartView Monitor."

What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

Question193: Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

Question194: Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?

Question195: You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Question196: The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

Question197: Which rule is responsible for the installation failure? Exhibit:

Question198: Which answer below best describes the Administrator Auditing options available in SmartView Tracker?

Question199: ______________ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.

Question200: Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

Question201: You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:

Question202: You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA.
You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.

Question203: Which of the following statements accurately describes the command upgrade_export?

Question204: Which directory holds the SmartLog index files by default?

Question205: Exhibit:

You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?

Question206: What action can be performed from SmartUpdate R77?

Question207: You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?

Question208: MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?

Question209: When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?

Question210: Where is the fingerprint generated, based on the output display? Exhibit:

Question211: Where are SmartEvent licenses installed?

Question212: What statement is true regarding Visitor Mode?

Question213: How can you activate the SNMP daemon on a Check Point Security Management Server?

Question214: Where do we need to reset the SIC on a gateway object?

Question215: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Question216: As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

Question217: You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:

Question218: You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object's Remote Access properties and install policy. What additional steps are required for this to function correctly?

Question219: Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
Ms. McHanry tries to access the resource but is unable. What should she do?

Question220: Packages and licenses are loaded into the SmartUpdate repositories from which sources?

Question221: Security Gateway R77 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.

Question222: You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

Question223: If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?

Question224: In the Rule Base displayed for fwsingapore, user authentication in Rule 4 is configured as fully automatic.
Eric is a member of the LDAP group, MSD_Group. What happens when Eric tries to connect to a server on the Internet?

Question225: Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?

Question226: When using an encryption algorithm, which is generally considered the best encryption method?

Question227: Which item below in a Security Policy would be enforced first?

Question228: Which rule is responsible for the client authentication failure? Exhibit:

Question229: Which R77 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?

Question230: Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:

Question231: Which of the following actions do NOT take place in IKE Phase 1?

Question232: You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.

Question233: What command with appropriate switches would you use to test Identity Awareness connectivity?

Question234: How many packets are required for IKE Phase 2?

Question235: One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

Question236: Spoofing is a method of:

Question237: Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

Question238: Which set of objects have an Authentication tab?

Question239: What command syntax would you use to see accounts the gateway suspects are service accounts?

Question240: In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.

Question241: John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect.
How does he solve this problem?

Question242: Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:

Question243: Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

Question244: Which rules are not applied on a first-match basis?

Question245: An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?

Question246: Which of the following is a CLI command for Security Gateway R77?

Question247: You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?

Question248: Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?

Question249: The R77 fw monitor utility is used to troubleshoot which of the following problems?

Question250: Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

Question251: How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?

Question252: What is the purpose of a Stealth Rule?

Question253: What is the difference between Standard and Specific Sign On methods?

Question254: Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?

Question255: You review this Security Policy because Rule 4 is inhibited. Which Rule is responsible? Exhibit:

Question256: For which service is it NOT possible to configure user authentication?

Question257: Which feature in R77 permits blocking specific IP addresses for a specified time period?

Question258: Which command displays the installed Security Gateway version?

Question259: You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface.
You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

Question260: Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?

Question261: What happens when you open the Gateway object window Trusted Communication and press and confirm Reset?
Exhibit:

Question262: Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:

Question263: Which of these components does NOT require a Security Gateway R77 license?

Question264: Which command allows you to view the contents of an R77 table?

Question265: Identity Awareness is implemented to manage access to protected resources based on a user's
_____________.

Question266: Where would an administrator enable Implied Rules logging?

Question267: How many packets does the IKE exchange use for Phase 1 Main Mode?

Question268: Central license management allows a Security Administrator to perform which of the following functions?
1. Check for expired licenses.
2. Sort licenses and view license properties.
3. Attach both R77 Central and Local licesnes to a remote module.
4. Delete both R77 Local Licenses and Central licenses from a remote module.
5. Add or remove a license to or from the license repository.
6. Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).

Question269: Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

Question270: Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?

Question271: A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?

Question272: Choose the SmartLog property that is TRUE.

Question273: Match the following commands to their correct function. Each command has one function only listed.
Exhibit:

Question274: Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?

Question275: When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to
00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?

As expert user, issue these commands:

Question276: What is the only SmartConsole you can open without a license?

Question277: The SIC certificate is stored in the directory _______________.

Question278: You have three servers located in a DMZ, using private IP addresses. You want internal users from
10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

Question279: Which command allows Security Policy name and install date verification on a Security Gateway?

Question280: What command syntax would you use to turn on PDP logging in a distributed environment?

Question281: Which of the following can be found in cpinfo from an enforcement point?

Question282: How do you view a Security Administrator's activities with SmartConsole?

Question283: You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install a Security Policy.
Which of the following is a possible cause?

Question284: If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you see for normal Phase 1 exchange?

Question285: Where do you verify that UserDirectory is enabled?

Question286: You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target.
What is the problem?

Question287: How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

Question288: Your company is running Security Management Server R77 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?

Question289: How many packets does the IKE exchange use for Phase 1 Aggressive Mode?

Question290: You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?
Exhibit:

Question291: You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?

Question292: A _______ rule is used to prevent all traffic going to the R77 Security Gateway.

Question293: Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?

Question294: Which rule position in the Rule Base should hold the Cleanup Rule? Why?

Question295: The INSPECT engine inserts itself into the kernel between which two OSI model layers?

Question296: Which statement is TRUE about implicit rules?

Question297: The Security Gateway is installed on GAiA R77 The default port for the Web User Interface is _______.

Question298: Is it possible to track the number of connections each rule matches in a Rule Base?

Question299: During which step in the installation process is it necessary to note the fingerprint for first-time verification?

Question300: You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastest method to block this intruder from accessing your network indefinitely?

Question301: When you hide a rule in a Rule Base, how can you then disable the rule?

Question302: You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?

Question303: Exhibit:

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?

Question304: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question305: Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?

Question306: Review the rules.

Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

Question307: Where is the easiest and BEST place to find information about connections between two machines?

Question308: Choose the correct statement regarding Stealth Rules:

Question309: An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP address of the Security Gateway.
You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?

Question310: Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?

Question311: Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

Question312: Captive Portal is a __________ that allows the gateway to request login information from the user.

Question313: You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?

Question314: Which of the following uses the same key to decrypt as it does to encrypt?

Question315: Which of the below is the MOST correct process to reset SIC from SmartDashboard?

Question316: You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.

Question317: Can you use Captive Portal with HTTPS?

Question318: Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

Question319: What happens if you select Web Server in the dialog box? Exhibit:

Question320: You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed. What action do you need to take regarding timeout?

Question321: Which SmartConsole component can Administrators use to track changes to the Rule Base?

Question322: Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

Question323: Which tool CANNOT be launched from SmartUpdate R77?

Question324: Which of the following is NOT a valid option when configuring access for Captive Portal?

Question325: What type of traffic can be re-directed to the Captive Portal?

Question326: In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.

Question327: To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?

Question328: You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?

Question329: You want to configure a mail alert for every time the policy is installed to a specific Gateway.
Where would you configure this alert?

Question330: What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?

Question331: How can you check whether IP forwarding is enabled on an IP Security Appliance?

Question332: You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.)
1. Adding a hot-swappable NIC to the Operating System for the first time.
2. Uninstalling the R77 Power/UTM package.
3. Installing the R77 Power/UTM package.
4. Re-establishing SIC to the Security Management Server.
5. Doubling the maximum number of connections accepted by the Security Gateway.

Question333: Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?

Question334: For remote user authentication, which authentication scheme is NOT supported?

Question335: An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG.
Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep- alive packet every minute.
Which of the following is the BEST explanation for this behavior?

Question336: You are troubleshooting NAT entries in SmartView Tracker. Which column do you check to view the new source IP?
Exhibit:

Question337: When using vpn tu, which option must you choose if you want to rebuild your VPN for a specific IP (gateway)?
Exhibit:

Question338: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Question339: If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?

Question340: What happens if the identity of a user is known?

Question341: Where can you find the Check Point's SNMP MIB file?

Question342: Which of the following is NOT defined by an Access Role object?

Question343: Which command gives an overview of your installed licenses?

Question344: Select the TRUE statements about the Rule Base shown? Exhibit:

1) HTTP traffic from webrome to websingapore will be encrypted.
2) HTTP traffic from websingapore to webrome will be encrypted.
3) HTTP traffic from webrome to websingapore will be authenticated.
4) HTTP traffic from websingapore to webrome will be blocked.

Question345: What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?

Question346: Which command displays the installed Security Gateway kernel version?

Question347: A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

Question348: A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?

Question349: You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?

Question350: You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicions?