|
Question 1. What are the results of the command: fw sam [Target IP Address]? A. Connections to the specified target are blocked without the need to change the Security Policy B. Connections to and from the specified target are blocked without the need to change the Security Policy C. The Security Policy is compiled and installed on the target's embedded VPN/FireWall Modules D. Connections from the specified target are blocked without the need to change the Security Policy Answer: B Question 2. The command fw fetch causes the: A. Security Gateway to retrieve the user database information from the tables on theSmartCenter Server. B. SmartCenter Server to retrieve the debug logs of the target Security Gateway C. Security Gateway to retrieve the compiled policy and inspect code from theSmartCenter Server and install it to the kernel. D. SmartCenter Server to retrieve the IP addresses of the target Security Gateway Answer: C Question 3. Which of the following deployment scenarios CANNOT be managed by Check Point QoS? A. Two lines connected directly to the Gateway through a hub B. Two lines connected to separate routers, and each router is connected to separate interfaces on the Gateway C. One LAN line and one DMZ line connected to separate Gateway interfaces D. Two lines connected to a single router, and the router is connected directly to the Gateway Answer: D Question 4. Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow Telnet service to itself from any location. How would you set up the authentication method? With a: A. Session Authentication rule B. Client Authentication rule using the manual sign-on method, using HTTP on port 900 C. Client Authentication for fully automatic sign on D. Client Authentication rule, using partially automatic sign on Answer: B Question 5. You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and Proxy are installed on the host, 172.16.101.100. To allow handover enforcement for outbound calls from SIP-net to the Internet, you have defined the following objects: Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.101.100 VoIP Domain object: VoIP_domain_A End-point domain: SIP-net VoIP gateway installed at: SIP-gateway host object How would you configure the rule? A. VoIP_domain_A / any / sip_any / accept B. VoIP_Gateway_A / any / sip / accept C. Unsupported because the SIP Registrar and the SIP Proxy are installed on the same host. Separate and create two VoIP Domain objects. D. SIP-net & SIP-gateway / any / sip / accept Answer: A Question 6. A _______ rule is used to prevent all traffic going to the VPN-1 NGX Security Gateway A. Stealth B. Cleanup C. SmartDefense D. Reject Answer: A Question 7. An advantage of using central vs local licensing is: A. Only one IP address is used for all licenses. B. Licenses are automatically attached to their respective Security Gateways. C. The license must be renewed when changing the IP address of a Security Gateway. D. A license can be taken from oneSmartCenter Server and given to SmartCenter Server. Answer: A Question 8. Which command allows verification of the Security Policy name and install date on a Security Gateway? A. fw ver -p B. fw show policy C. fw stat -l D. fw ctl pstat -policy Answer: C Question 9. What command displays the version of an already installed Security Gateway? A. cpstat -gw B. fw printver C. fw ver D. fw stat Answer: C Question 10. When configuring objects in SmartMap, it is helpful to ____________ the objects so that they are properly defined for use in a policy rule. A. Save B. Actualize C. Physically connect to D. Expand Answer: B
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.