Get Address button, found in the host Knots Object> General Properties page, searching for what?
Options are :
- Domain Name
- MAC address
- IP address
(Correct)
- The fully qualified domain name
- None
Answer : IP address
What rule would Cleanup rule Rule Base?
Options are :
- The other followed Stealth Rule
- Take. It specifically accepted by other traffic drops
- None
- First. It specifically approves otherwise fallen into traffic
- Take. It is served by a logging function before the implicit drop.
(Correct)
Answer : Take. It is served by a logging function before the implicit drop.
156-215.77 Check Point Certified Security Administrator Exam Set 6
The
internal network configuration is set to 10.1.1.0/24. This network is
behind a perimeter Gateway R70, which connects the ISP provider. How to
configure a gateway to provide this network to go online?
Options are :
- Do not do anything, as long as the 10.1.1.0 network is the correct default gateway.
- Use the Hide NAT network 10.1.1.0/24 behind the external IP address of the perimeter Gateway.
(Correct)
- Use the Hide NAT network 10.1.1.0/24 behind the internal interface on the perimeter of your Gateway.
- The use of automatic static NAT network 10.1.1.0/24.
- None
Answer : Use the Hide NAT network 10.1.1.0/24 behind the external IP address of the perimeter Gateway.
You acknowledge FW monitor command with no arguments. Which of the following checkpoints will be displayed?
Options are :
- Prior to the virtual machine, the outgoing direction,
- None
- After the virtual machine, the outgoing direction,
- Before a virtual machine, the inbound direction
- All check points
(Correct)
Answer : All check points
Clean-up rule is used:
Options are :
- Log connections that would otherwise be dropped without logging by default.
- Drop logging connections that would otherwise be accepted and recorded by default.
(Correct)
- None
- .Drop logging connections that would otherwise be dropped and logged by default.
- Log connections that would otherwise be acceptable without being logged in by default.
Answer : Drop logging connections that would otherwise be accepted and recorded by default.
Those rules are not applied in the first match?
Options are :
- user authentication
(Correct)
- None
- Clean up
- session authentication
- client authentication
Answer : user authentication
NAT will NOT be able to configure which of the following objects?
Options are :
- Logical HTTP server
(Correct)
- host
- None
- port
- address range
Answer : Logical HTTP server
When you run the fw monitor -e "to accept;" command, what type of traffic is captured?
Options are :
- Only outbound traffic before and after the outgoing core.
- All traffic is accepted rule base.
- All traffic coming from all directions, before and after the incoming and outgoing cores
(Correct)
- Only incoming traffic, before and after the incoming core.
- None
Answer : All traffic coming from all directions, before and after the incoming and outgoing cores
156-315.77 Check Point Certified Security Expert Exam Set 8
Which of the following describes the default behavior of the R70 Security Gateway?
Options are :
- Traffic is filtered is controlled by the gate
- Traffic expressly approved by dropped.
(Correct)
- All traffic is explicitly allowed through clear rules
- IP protocol is listed as safe are allowed by default, that is, ICMP, TCP, UDP sessions is checked.
- None
Answer : Traffic expressly approved by dropped.
When
the network configuration interfaces Check Point Gateway, the direction
can be defined as internal or external. What is the significance leads
to the DMZ Interface?
Options are :
- None
- It defines the DMZ interface since this information is necessary for Content Control.
(Correct)
- Using a Gateway limited, this option is switched off automatically calculating the IP addresses that are derived from this interface.
- .Activating this option will automatically switch to this interface External
- When you select this option, the anti-spoofing is automatically assigned to this network.
Answer : It defines the DMZ interface since this information is necessary for Content Control.
You
have worked with a number of security gateways that strengthen the
extensive set of rules. To simplify security administration, which of
the following would you choose to do?
Options are :
- Create a network of objects that restrict any valid only for certain networks.
- Smart Console to run separate instances of each log and configure the security gateway directly.
- Remove any possible conflicting such as stealth or cleanup rules.
- None
- Create a separate package for each security remote security gateway.
(Correct)
Answer : Create a separate package for each security remote security gateway.
John
is the Security Administrator in his company. He installs a new
Security Management Server R70 and R70 of the new Gateway. He now wants
to create the SIC between them. after entering the activation key, the
message â € € Established śTrust displayed SmartDashboard, SIC, but
still does not seem to be working, because the policy wonâ € ™ t be
installed and the user interface fetching is still not working. What
might be the reason?
Options are :
- This is human error.
- None
- It always works when trust is established.
- Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid.
(Correct)
- SIC does not work over the network.
Answer : Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid.
Security is the number of database versions. What settings will remain the same regardless of which version you are using?
Options are :
- Objects_5_0.C
- The rule Bases_5_0.fws
- None
- Internal Certificate Authority (ICA) certificate
(Correct)
- fwauth.NDB
Answer : Internal Certificate Authority (ICA) certificate
Stealth rule is used:
Options are :
- Prevents monitoring of hosts behind the security gateway.
- Cloak type behind the Web server using the security gateway.
- Preventing The Communication Security Gateway itself.
(Correct)
- None
- Use Security Gateway hide the border router's internal attacks
Answer : Preventing The Communication Security Gateway itself.
Check Point Certified Security Expert Exam Set 7
Every
checkpoint address translation method is necessary if you want to
connect to a host on the Internet HTTP server, which is reserved (RFC
1918) IP address of the DMZ?
Options are :
- Hide Address Translation
- Port Address Translation
- Dynamic Address Translation Source
- None
- Static Destination Address Translation
(Correct)
Answer : Static Destination Address Translation
Several
security policies can be used in various installation targets. Firewall
to protect human Resources € ™ servers should be unique in Policy
Package. These rules may only be installed on this machine and not by
accident on the internet firewall. How can this be configured?
Options are :
- In choosing the right firewall for each row line to install the rule base, only this firewall displays a list of possible installation sites after selecting Policy> Install.
- In SmartDashboard the main menu, go to Policy> Policy Installation> Goals and choose the correct Firewall to be taken through a list of specific goals.
(Correct)
- None
- Base rule can always be installed on any Check Point firewall object. It is necessary to choose the appropriate item immediately, select Policy> Install.
- Base rule is always installed on all potential targets. Install the firewall rules defined by the row selection to install the rule base.
Answer : In SmartDashboard the main menu, go to Policy> Policy Installation> Goals and choose the correct Firewall to be taken through a list of specific goals.
Installing the policy does not usually affect the currently existing connections. Which statements are true?
Options are :
- Site-to-site VPNs need to re-authenticate, so the phase I is conducted again after the installation of security policy.
- None
- All connections are reset, so it is recommended to install the policy will be announced during the downtime only.
- All FTP downloads will be reset; users have to start the download again.
- Users are authenticated Client Authentication need to re-authenticate.
(Correct)
Answer : Users are authenticated Client Authentication need to re-authenticate.
You
have set the Automatic Static NAT internal host node object. Removing
the box Translate to destination client site Global Properties> NAT.
Assuming that all other NAT settings Global Properties is selected, what
else must be configured so that the host on the Internet can initiate
an incoming connection to this host?
Options are :
- Static route, ensure packets destined for the public IP address of the NAT gateway to reach the internal interface
(Correct)
- None
- No additional configuration required.
- Proxy ARP entry, ensure packets destined for the public IP address to reach the security gateway's external interface.
- NAT IP address must be added via an external gateway anti-spoofing group.
Answer : Static route, ensure packets destined for the public IP address of the NAT gateway to reach the internal interface
What is below is most correct process to reset the SIC from SmartDashboard?
Options are :
- Click the Communication button to the firewall object, then click Restore. Run cpconfig and enter a new activation key.
(Correct)
- Run cpconfig and select Restore.
- Click the Reset Communication Gateway object from the window and enter a new activation key.
- Run cpconfig and select Secure Internal Communications> Other one time password.
- None
Answer : Click the Communication button to the firewall object, then click Restore. Run cpconfig and enter a new activation key.
Check
the rule base, some rules can be hidden so that they do not interfere
with the administrator is unhidden rules. Assume that the only rules are
accepted as HTTP or SSH will be displayed. How to implement?
Options are :
- None
- .In SmartDashboard menu Search> rule base queries. In the window that opens, create a new query, give it a name (eg HTTP_SSH) and define the clause regarding two services HTTP and SSH. When it is applied that determines the operation of the second expression to accept and combine them with Boolean operator AND.
(Correct)
- Ask the dealer to get a ticket checkpoint SMARTUS and provide him with cpinfo Information Security Management Server.
- .In SmartDashboard, right-click a column in field service, and then click Query column. Then put the services HTTP and SSH on the list. Do the same for the field to accept the Action, and then click here.
- This can not be set because the two choices (Service, Action) are not possible.
Answer : .In SmartDashboard menu Search> rule base queries. In the window that opens, create a new query, give it a name (eg HTTP_SSH) and define the clause regarding two services HTTP and SSH. When it is applied that determines the operation of the second expression to accept and combine them with Boolean operator AND.
Check Point Certified Security Administrator Set 3
You
create implicit and explicit rules for the next network. The group
object includes internal networks of networks 10.10.10.0 and 10.10.20.0.
Suppose Accept ICMP requests placed on the boards of Global
Properties.Based these rules, what happens if you ping a host 10.10.10.5
host on the Internet IP address? ICMP is:
Options are :
- rule fell 0.
- decreased 2 Cleanup rule rule
- None
- fell in the last implicit rule
- accepted rule 1.
(Correct)
Answer : accepted rule 1.
You
have worked with a number of Security Gateway, which adhere to common
rules. Minimize the number of policy packages, which of the following
would you choose to do?
Options are :
- SmartDashboard to run separate instances of each log and configure the security gateway directly
- Create a single package Install Security> Target is defined as an individual rule always requires a certain Gateway.
(Correct)
- Lead .install separate local Security Management Server and the Smart Console for each remote Security Gateway
- None
- Create a separate package for each security remote security gateway and configure the install> Gateway.
Answer : Create a single package Install Security> Target is defined as an individual rule always requires a certain Gateway.
Every
Checkpoint Address Translation method allows the system administrator
to use less ISPassigned IP addresses as the number of internal hosts
require an Internet connection?
Options are :
- None
- dynamic Target
- static object
- Hide
(Correct)
- static Source
Answer : Hide
To create the output data of the monitor FW command in ASCII format. What is the correct syntax for this task?
Options are :
- FW follow -e "to accept;" -f> /tmp/monitor.txt
- None
- FW follow iO -m -e "to accept;" -o /tmp/monitor.txt
- FW follow -e "to accept;" -W /tmp/monitor.txt
- FW follow -e "to accept;" > /tmp/monitor.txt
(Correct)
Answer : FW follow -e "to accept;" > /tmp/monitor.txt
Anti-Spoofing is typically set up every object type?
Options are :
- domain
- None
- network
- host
- Security Gateway
(Correct)
Answer : Security Gateway
Security Administrator, Anna has done the following: What happens when he creates the Firewall object?
Options are :
- Creating an object lead to a "duplicate IP address" warning.
- The interfaces will show all the interfaces.
- None
- The interfaces will continue to appear only old interfaces, but not the newly added ones.
- The establishment of SIC fails.
(Correct)
Answer : The establishment of SIC fails.
156-215.70 Check Point Certified Security Administrator Exam Set 2
You
perimeter security gateway's external IP is 200.200.200.3. The network
diagram shows: Required: Only network 192.168.10.0 and 192.168.20.0 to
go out through the Internet 200.200.200.5. The local network
192.168.1.0/24 need to use 200.200.200.3 go out to the Internet.
Assuming you take all the settings for the NAT Global Properties page,
how could you achieve these requirements?
Options are :
- Create two mesh objects: 192.168.10.0/24 and 192.168.20.0/24. Add two network objects in a group object. Create a manual NAT rule as follows: The original source - a group object; Destination - any; Service - any; Translated from source - 200.200.200.5; Destination - the original; Service - the original.
- Create a network object 192.168.0.0/16. Contact Hide NAT NAT page. Enter 200.200.200.5 as the IP address hidden. Add ARP entry MAC address 200.200.200.5 200.200.200.3.
- None
- Create network objects 192.168.10.0/24 and 192.168.20.0/24. In order to hide the NAT and network objects using 200.200.200.5 as the IP address is hidden. Add ARP entry MAC address 200.200.200.3 200.200.200.5.
- Create an address range object from 192.168.10.1 and 192.168.20.254. Contact Hide NAT NAT address of the page area of the object. Enter hiding the IP address of 200.200.200.5. Add ARP entry MAC address 200.200.200.5 200.200.200.3.
(Correct)
Answer : Create an address range object from 192.168.10.1 and 192.168.20.254. Contact Hide NAT NAT address of the page area of the object. Enter hiding the IP address of 200.200.200.5. Add ARP entry MAC address 200.200.200.5 200.200.200.3.
_______ rule is designed to record and give up all the other communications which does not correspond to the second rule.
Options are :
- None
- Stealth
- anti-spoofing
- Reject
- Clean up
(Correct)
Answer : Clean up
You
have installed the R70 Security Gateway is a Secure Platform. Gateway
to manage a company Security Management Server, you create a new Gateway
object and security. When you install a new policy from the policy menu
Gateway object is not visible Install Policy window target. What is the
problem?
Options are :
- .No Masters file is created in the new Gateway
- The object is created Node> Gateway.
(Correct)
- Gateway object is not configured to be installed in the column of the first policy rule.
- The new Gateway temporary license has expired.
- None
Answer : The object is created Node> Gateway.
Monitor all traffic between the network and the Internet Secure Gateway Platform, which is the best utility to use?
Options are :
- snoop
- InfoView
- None
- cpinfo
- tcpdump
(Correct)
Answer : tcpdump