NEW QUESTION 1
Your company has two headquarters, one in London, and one in New York. Each office includes several branch offices. The branch offices need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly.
What is the BEST configuration for establishing VPN Communities for this company? VPN Communities comprised of:

• A. One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the mesh center Gateways option checked; all London branch offices defined in one satellite window, but, all New York branch offices defined in another satellite window.
• B. Two mesh and one star Community: One mesh Community is set up for each of the headquarters and its branch office
• C. The star Community is configured with London as the center of the Community and New York is the satellite.
• D. Two star and one mesh Community: One star Community is set up for each site, with headquarters as the Community center, and its branches as satellite
• E. The mesh Community includes only New York and London Gateways.
• F. Three mesh Communities: One for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.

Answer: C

NEW QUESTION 2
As a Security Administrator, you must refresh the Client Authentication authorization time- out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

• A. in the user object's Authentication screen.
• B. in the Gateway object's Authentication screen.
• C. in the Limit tab of the Client Authentication Action Properties screen.
• D. in the Global Properties Authentication screen.

Answer: C

NEW QUESTION 3
Which of the following is true of the Cleanup rule?

• A. The Cleanup rule must be the last rule in a policy
• B. The Cleanup rule is an example of an Implied rule
• C. The Cleanup rule is important for blocking unwanted connections
• D. The Cleanup rule should not be logged

Answer: C

NEW QUESTION 4
Which of the following commands can provide the most complete restoration of a R77 configuration?

• A. upgrade_import
• B. cpinfo -recover
• C. cpconfig
• D. fwm dbimport -p <export file>

Answer: A

NEW QUESTION 5
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

• A. John should install the Identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Answer: B

NEW QUESTION 6
When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?

• A. Run fw fetch from the Security Gateway.
• B. Select Install Database from the Policy menu.
• C. Select Save from the File menu.
• D. Reinstall the Security Policy.

Answer: D

NEW QUESTION 7
Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.

• A. Proxied, User, Dynamic, Session
• B. Connection, User, Client
• C. User, Client, Session
• D. User, Proxied, Session

Answer: C

NEW QUESTION 8
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?

• A. Bridge
• B. Load Sharing
• C. High Availability
• D. Fail Open

Answer: A

NEW QUESTION 9
Where does the security administrator activate Identity Awareness within SmartDashboard?

• A. Gateway Object > General Properties
• B. Security Management Server > Identity Awareness
• C. Policy > Global Properties > Identity Awareness
• D. LDAP Server Object > General Properties

Answer: A

NEW QUESTION 10
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?

• A. SNMP trap alert script
• B. Custom scripts cannot be executed through alert scripts.
• C. User-defined alert script
• D. Pop-up alert script

Answer: C

NEW QUESTION 11
Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours.
How do you create this schedule?

• A. On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
• B. Create a time object, and add 48 hours as the interva
• C. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.
• D. Create a time object, and add 48 hours as the interva
• E. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
• F. Create a time object, and add 48 hours as the interva
• G. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.

Answer: B

NEW QUESTION 12
What is the purpose of a Stealth Rule?

• A. To prevent users from connecting directly to the gateway.
• B. To permit management traffic.
• C. To drop all traffic to the management server that is not explicitly permitted.
• D. To permit implied rules.

Answer: A

NEW QUESTION 13
You are the Security Administrator for MegaCorp and would like to view network activity using SmartReporter. You select a standard predefined report. As you can see here, you can select the london Gateway.

When you attempt to configure the Express Report, you are unable to select this Gateway.

What is the reason for this behavior? Give the BEST answer.

• A. You must enable the Eventia Express Mode on the london Gateway.
• B. You have the license for Eventia Reporter in Standard mode only.
• C. You must enable the Express Mode inside Eventia Reporter.
• D. You must enable Monitoring in the london Gateway object’s General Properties.

Answer: D

NEW QUESTION 14
For which service is it NOT possible to configure user authentication?

• A. Telnet
• B. SSH
• C. FTP
• D. HTTPS

Answer: B

NEW QUESTION 15
Which of the following can be found in cpinfo from an enforcement point?

• A. Everything NOT contained in the file r2info
• B. VPN keys for all established connections to all enforcement points
• C. The complete file objects_5_0.c
• D. Policy file information specific to this enforcement point

Answer: D

NEW QUESTION 16
The SIC certificate is stored in the directory .

• A. $CPDIR/registry
• B. $CPDIR/conf
• C. $FWDIR/database
• D. $FWDIR/conf

Answer: B

NEW QUESTION 17
Which of the following is NOT true for Clientless VPN?

• A. The Gateway can enforce the use of strong encryption.
• B. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.
• C. Secure communication is provided between clients and servers that support HTTP.
• D. User Authentication is supported.

Answer: C

NEW QUESTION 18
What is the Manual Client Authentication TELNET port?

• A. 23
• B. 264
• C. 900
• D. 259

Answer: D

NEW QUESTION 19
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 20
Your Security Gateways are running near performance capacity and will get upgraded
hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?

• A. Intrusion Detection System (IDS) Policy install
• B. Change the Rule Base and install the Policy to all Security Gateways
• C. SAM - Block Intruder feature of SmartView Tracker
• D. SAM - Suspicious Activity Rules feature of SmartView Monitor

Answer: D

NEW QUESTION 21
Captive Portal is a that allows the gateway to request login information from the user.

• A. Pre-configured and customizable web-based tool
• B. Transparent network inspection tool
• C. LDAP server add-on
• D. Separately licensed feature

Answer: A

NEW QUESTION 22
Where are custom queries stored in R77 SmartView Tracker?

• A. On the SmartView Tracker PC local file system under the user's profile.
• B. On the Security Management Server tied to the GUI client IP.
• C. On the Security Management Server tied to the Administrator User Database login name.
• D. On the SmartView Tracker PC local file system shared by all users of that local PC.

Answer: C

NEW QUESTION 23
Which tool CANNOT be launched from SmartUpdate R77?

• A. IP Appliance Voyager
• B. snapshot
• C. GAiA WebUI
• D. cpinfo

Answer: B

NEW QUESTION 24
To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?

• A. Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
• B. In SmartDashboard, right-click in the column field Service > Query Colum
• C. Then, put the services HTTP and SSH in the lis
• D. Do the same in the field Action and select Accept here.
• E. In SmartDashboard menu, select Search > Rule Base Querie
• F. In the window that opens, create a new Query, give it a name (e.
• G. “HTTP_SSH”?) and define a clause regarding the two services HTTP and SS
• H. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.
• I. This cannot be configured since two selections (Service, Action) are not possible.

Answer: C

NEW QUESTION 25
How can you activate the SNMP daemon on a Check Point Security Management Server?

• A. Using the command line, enter snmp_install.
• B. From cpconfig, select SNMP extension.
• C. Any of these options will work.
• D. In SmartDashboard, right-click a Check Point object and select Activate SNMP.

Answer: B

NEW QUESTION 26
Charles requests a Website while using a computer not in the net_singapore network.
What is TRUE about his location restriction? Exhibit:

• A. Source setting in Source column always takes precedence.
• B. Source setting in User Properties always takes precedence.
• C. As location restrictions add up, he would be allowed from net_singapore and net_sydney.
• D. It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

Answer: D

NEW QUESTION 27
A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?

• A. SmartReporter analyzes all network traffic, logged or not.
• B. Network traffic cannot be analyzed when the Security Management Server has a high load.
• C. Turn the field Track of each rule to LOG.
• D. Configure Additional Logging on an additional log server.

Answer: D

NEW QUESTION 28
John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
“Trust established?”
SIC still does not seem to work because the policy won’t install and interface fetching does not work. What might be a reason for this?

• A. SIC does not function over the network.
• B. It always works when the trust is established
• C. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
• D. This must be a human error.

Answer: C

NEW QUESTION 29
......