NEW QUESTION 1
Which of the following is NOT defined by an Access Role object?

• A. Source Network
• B. Source Machine
• C. Source User
• D. Source Server

Answer: D

NEW QUESTION 2
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

• A. You checked the cache password on desktop option in Global Properties.
• B. Another rule that accepts HTTP without authentication exists in the Rule Base.
• C. You have forgotten to place the User Authentication Rule before the Stealth Rule.
• D. Users must use the SecuRemote Client, to use the User Authentication Rule.

Answer: B

NEW QUESTION 3
Which directory holds the SmartLog index files by default?

• A. $SMARTLOGDIR/data
• B. $SMARTLOG/dir
• C. $FWDIR/smartlog
• D. $FWDIR/log

Answer: A

NEW QUESTION 4
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _____.

• A. Firewall policy install
• B. Threat Prevention policy install
• C. Anti-bot policy install
• D. Access Control policy install

Answer: B

Explanation: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents

NEW QUESTION 5
The fw monitor utility is used to troubleshoot which of the following problems?

• A. Phase two key negotiation
• B. Address translation
• C. Log Consolidation Engine
• D. User data base corruption

Answer: B

NEW QUESTION 6
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?

• A. No, since “maintain current active cluster member” option on the cluster object properties is enabled by default
• B. No, since “maintain current active cluster member” option is enabled by default on the Global Properties
• C. Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
• D. Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties

Answer: A

Explanation: What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security Gateway.

NEW QUESTION 7
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

• A. Full
• B. Light
• C. Custom
• D. Complete

Answer: A

Explanation: Endpoint Identity Agents – dedicated client agents installed on users’ computers that acquire and report identities to the Security Gateway.

NEW QUESTION 8
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?

• A. Dynamic ID
• B. RADIUS
• C. Username and Password
• D. Certificate

Answer: A

NEW QUESTION 9
Choose the SmartLog property that is TRUE.

• A. SmartLog has been an option since release R71.10.
• B. SmartLog is not a Check Point product.
• C. SmartLog and SmartView Tracker are mutually exclusive.
• D. SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

Answer: D

NEW QUESTION 10
What is NOT an advantage of Packet Filtering?

• A. Low Security and No Screening above Network Layer
• B. Application Independence
• C. High Performance
• D. Scalability

Answer: A

Explanation: Packet Filter Advantages and Disadvantages

NEW QUESTION 11
Using R80 Smart Console, what does a “pencil icon” in a rule mean?

• A. I have changed this rule
• B. Someone else has changed this rule
• C. This rule is managed by check point’s SOC
• D. This rule can’t be changed as it’s an implied rule

Answer: A

NEW QUESTION 12
Which of the following is NOT an alert option?

• A. SNMP
• B. High alert
• C. Mail
• D. User defined alert

Answer: B

Explanation: In Action, select:
none - No alert.
log - Sends a log entry to the database.
alert - Opens a pop-up window to your desktop.
mail - Sends a mail alert to your Inbox.
snmptrap - Sends an SNMP alert.
useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.

NEW QUESTION 13
Choose what BEST describes the Policy Layer Traffic Inspection.

• A. If a packet does not match any of the inline layers, the matching continues to the next Layer.
• B. If a packet matches an inline layer, it will continue matching the next layer.
• C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.
• D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.

Answer: B

NEW QUESTION 14
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?

• A. External-user group
• B. LDAP group
• C. A group with a genetic user
• D. All Users

Answer: B

NEW QUESTION 15
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

• A. Run fwm dbexport -1 filenam
• B. Restore the databas
• C. Then, run fwm dbimport -1 filename to import the users.
• D. Run fwm_dbexport to export the user databas
• E. Select restore the entire database in the Database Revision scree
• F. Then, run fwm_dbimport.
• G. Restore the entire database, except the user database, and then create the new user and user group.
• H. Restore the entire database, except the user database.

Answer: D

NEW QUESTION 16
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
4) Install policy.
Ms McHanry tries to access the resource but is unable. What should she do?

• A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”.
• B. Have the security administrator reboot the firewall.
• C. Have the security administrator select Any for the Machines tab in the appropriate Access Role.
• D. Install the Identity Awareness agent on her iPad.

Answer: A

NEW QUESTION 17
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

• A. 18210
• B. 18184
• C. 257
• D. 18191

Answer: B

NEW QUESTION 18
Under which file is the proxy arp configuration stored?

• A. $FWDIR/state/proxy_arp.conf on the management server
• B. $FWDIR/conf/local.arp on the management server
• C. $FWDIR/state/_tmp/proxy.arp on the security gateway
• D. $FWDIR/conf/local.arp on the gateway

Answer: D