An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
Where is the easiest and BEST place to find information about connections between two machines?
NAT can NOT be configured on which of the following objects?
Which of the following commands can provide the most complete restoration of a R77 configuration?
Which component functions as the Internal Certificate Authority for R77?
When launching SmartDashboard, what information is required to log into R77?
Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?
You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed.
What action do you need to take regarding timeout?
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
SmartView Tracker logs the following Security Administrator activities, EXCEPT:
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.
How can you do this?
Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?
You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners.
Which SmartConsole application should you use to confirm your suspicions?
Which command allows you to view the contents of an R77 table?
You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?
Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.
Can you use Captive Portal with HTTPS?
MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.
How do you apply the license?
Access Role objects define users, machines, and network locations as:
When you hide a rule in a Rule Base, how can you then disable the rule?
Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?
Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server.
What is the correct procedure for rebuilding the Gateway quickly?
A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Which of the following options is available with the GAiA cpconfig utility on a Management Server?
What is the purpose of a Stealth Rule?
Where does the security administrator activate Identity Awareness within SmartDashboard?
What is the syntax for uninstalling a package using newpkg?
Exhibit:
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office.
What is the correct order for pushing SIC certificates to the Gateway before shipping it?
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?
Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?
Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.
Exhibit:
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the command cpconfig and put in the same activation key in the Gateway’s object on the Security Management Server. Unfortunately, SIC can not be established. What is a possible reason for the problem?
Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.
Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?
The SIC certificate is stored in the directory _______________.
Exhibit:
Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?
Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?
Which rule is responsible for the installation failure?
Exhibit:
What type of traffic can be re-directed to the Captive Portal?
Identify the ports to which the Client Authentication daemon listens by default.
When using an encryption algorithm, which is generally considered the best encryption method?
Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
What information is found in the SmartView Tracker Management log?
Is it possible to see user activity in SmartView Tracker?
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):
Choose the correct statement regarding Implied Rules:
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address.
Which answer below will accomplish the steps needed to complete this task?
Which of the following is true of the Cleanup rule?
One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?
What action can be performed from SmartUpdate R77?
What is one potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?
Which authentication type requires specifying a contact agent in the Rule Base?
Review the rules.
Assume domain UDP is enabled in the impled rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?