|
Question 1.
In order to obtain attack information so that you can create a new attack object definition, you must follow certain steps. Given the following steps, assume you have acquired the attack source code.
a. On target machine, start capturing packets with a protocol analyzer.
b. On sensor, examine scio ccap output.
c. Compile attack code on attacker machine.
d. On sensor, run scio ccap all.
e. On attacker machine, run attack code against target.
What is the correct order for these steps?
A. e, c, d, b, a
B. c, d, a, e, b
C. c, e, b, d, a
D. c, d, e, a, b
Answer: B
Question 2.
Which three devices support clustering? (Choose three.)
A. IDP 10
B. IDP 50
C. IDP 200
D. IDP 600
E. IDP 1100
Answer: C, D, E
Question 3.
Which sensor utility is used to decode the contexts of a sequence of packets?
A. netstat
B. scio pcap
C. tcpreplay
D. scio ccap
Answer: D
Question 4.
Which sensor command will capture packets on a particular interface?
A. sctop
B. tcpdump
C. netstat
D. tcpreplay
Answer: B
Question 5.
Which two statements are true? (Choose two.)
A. A virtual circuit is not a forwarding interface.
B. A virtual circuit is a communications path in and out of the sensor.
C. Virtual circuits on a sensor can be listed using the command sctop vc list.
D. In transparent mode, a virtual circuit maps one-to-one with a physical interface.
Answer: B, D
Question 6.
What does the action "drop packet" instruct the sensor to do?
A. Drop all packets from the attacker's IP address.
B. Drop the specific session containing the attack pattern.
C. Drop only the specific packet matching the attack object.
D. Drop any packet matching this source IP, destination IP, and service.
Answer: C
Question 7.
On a sensor in transparent mode, how many virtual circuits are assigned to a virtual router?
A. 1
B. 1 or 2
C. 2
D. 3 or more
Answer: C
Question 8.
In IDP Sensor clustering, which port is used to send state synchronization information to other devices in the cluster?
A. eth0
B. eth1
C. eth2
D. console port
Answer: B
Question 9.
Which statement is true regarding IDP rule matching on a sensor?
A. Each rule in the IDP rule base that matches on the source IP, destination IP, and service will
be processed further.
B. Each rule in the IDP rule base that matches on the source IP, destination IP, service, and
attack object will be processed further.
C. Each rule in the IDP rule base that matches on the source IP, destination IP, and service will
be processed further, unless the particular rule is terminal.
D. Each rule in the IDP rule base that matches on the source IP, destination IP, service, and
attack object will be processed further, unless the particular rule is terminal.
Answer: C
Question 10.
Exhibit:
In the exhibit, which SYN protector mode is the IDP using?
A. relay
B. passive
C. protective
D. handshake
Answer: B
Question 11.
Which three actions should be taken on a rule in the IDP rule base when the sensor is in transparent mode? (Choose three.)
A. Drop stream.
B. Drop packet.
C. Drop connection.
D. Close client and server.
Answer: B, C, D
Question 12.
You can remotely administer the IDP sensor using which two methods? (Choose two.)
A. a telnet connection
B. an SSH connection
C. the WebUI ACM over HTTP
D. the WebUI ACM over HTTPS
Answer: B, D
Question 13.
You have a rule in your IDP policy that detects all HTTP signatures that are targeted towards your Web server. You notice a log message is generated each time a Web user accesses the SQL database with the default passwords. Your Webmaster does not want to reprogram the Web page to use more secure SQL passwords.
How do you disable alerts on this false positive?
A. Create a rule in the Exempt rule base; specify target address of your Web server; include only
the specific HTTP SQL default password signature.
B. Create a rule at the top of the IDP rule base for any traffic destined to your Web server; specify
action of Exempt.
C. Create a rule at the top of the Exempt rule base; specify target address of your Web server;
include all HTTP signatures.
D. Create a rule at the top of the Exempt rule base; specify target address of your Web server;
include all HTTP signatures; make this a terminal rule.
Answer: A
Question 14.
If an IDP sensor finds that a packet matchesa particular IDP rule, and then finds a matching exempt rule, what does the sensor do?
A. Does not create a log entry, does not perform the action in the matching rule, and then
examines the next IDP rule in the list.
B. Creates a log entry for the matching rule, performs the action in the IDP rule, and then
examines the next IDP rule in the list.
C. Creates a log entry for the matching rule, does not perform the action in the IDP rule, and then
examines the next IDP rule in the list.
D. Does not create a log entry or perform the action in the matching rule, and then stops
examining the remainder of the IDP rules for that particular packet.
Answer: A
Question 15.
You want Enterprise Security Profiler (ESP) to capture layer 7 data of packets traversing the network.
Which two steps must you perform? (Choose two.)
A. Start or restart the profiler process.
B. Create a filter in the ESP to show only tracked hosts.
C. Configure ESP to enable application profiling, and select the contexts to profile.
D. Under the Violation Viewer tab, create a permitted object, select that object, and then click
Apply.
Answer: A, C
Question 16.
Which three statements are true as they relate to a transparent mode IDP deployment? (Choose three.)
A. Can actively prevent attacks on all traffic.
B. An IP address must be defined on each forwarding interface.
C. Can be installed in the network without changing IP addresses or routes.
D. Uses paired ports, such that packets arriving on one port go out the other associated port.
Answer: A, C, D
Question 17.
Which two statements are true about the Enterprise Security Profiler (ESP)? (Choose two.)
A. The ESP indicates when a specific machine has been attacked.
B. The ESP indicates when existing hosts or protocols are being used.
C. The ESP provides a summary of protocols and contexts on each host.
D. The ESP indicates which hosts are talking with each other, and which protocols are being
used.
Answer: C, D
Question 18.
Which tool will allow you to change a sensor's deployment mode?
A. ACM
B. sctop
C. ifconfig
D. Security Manager
Answer: A
Question 19.
Within the SYN protector rule base, what is the function of relay action?
A. It will not monitor incoming SYN requests.
B. It will relay all SYN connections to a fake IP.
C. It will monitor new connections to a protected server, but not prevent them.
D. It will create a session with the server only if the client completes the three-step TCP
handshake with the sensor.
Answer: D
Question 20.
Which three fields in a packet must match an IDP rule before that packet is examined for an attack? (Choose three.)
A. service
B. attack object
C. source address
D. terminate match
E. destination address
Answer: A, C, E
|
Question 1.
You have two Nokia Appliances one IP530 and one IP380. Both Appliances have IPSO 39 and VPN-1 Pro NGX installed in a distributed deployment Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be installed as stand-alone
deployments
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version
or not
E. No, because the appliances must be of the same model (Both should be IP530orIP380.)
Answer: B
Question 2.
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities.
How should you configure the VPN match rule?
A. Internal_clear>- All_GwToGw
B. Communities >- Communities
C. Internal_clear>- External_Clear
D. Internal_clear>- Communitis
E. Internal_clear>-All_communitis
Answer: E
Question 3.
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site the user tries to FTP to another site using the command line.
What happens to the user? The....
A. FTP session is dropped by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username and password
for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Answer: B
Question 4.
After being authenticated by the Security Gateway, When a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line.
What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule
B. user is prompted from that FTP site on~, and does not need to enter username and password
for Client Authentication
C. FTP connection is dropped by rule2
D. FTP data connection is dropped, after the user is authenticated successfully
E. User is prompted for authentication by the Security Gateway aqain
Answer: B
Question 5.
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlalform NGX R60 via SmartUpdate.
Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlalform NGX R60
D. SVN Foundation
E. VPN-1 ProfExpress NGX R60
Answer: C
Explanation:
SecurePlatform Upgrade
An IBM e305 server is configured as a SecurePlatform firewall with NG-AI HFA- 12. A new VPN-1 Pro/Express Gateway object is created in SmartDashboard. SIC is initialized and NG and NGX licenses are attached to the module.The starting point for the upgrade is illustrated in Figure 13.16.
Figure 13.16 The Package Management View SecurePlatform Pre-Upgrade
The next step is to add the SecurePlatform NGX to the Package Repository using the Add Package From CD option. Insert NGX CD1 containing the SmartUpdate client and click the Add Package From CD button in the toolbar to open a browse window. Select the appropriate drive and the packages are listed as displayed in Figure 13.17. p480, Configuring Check Point NGX VPN-1/FireWall-1, Syngress, 1597490318
Question 6.
What is the command to see the licenses of the Security Gateway ITCertKeys from your SmartCenter Server?
A. print ITCertKeys
B. fw licprint ITCertKeys
C. fw tab -t fwlic ITCertKeys
D. cplic print ITCertKeys
E. fw lic print ITCertKeys
Answer: D
Explanation:
cplic print - prints details of Check Point licenses on the local machine. On a Module, this command will print all licenses that are installed on the local machine - both Local and Central licenses.
P456, .
NG COMMAND LINE INTERFACE
Advanced Technical Reference Guide - NG FP3
Question 7.
You set up a mesh VPN Community, so your internal network can access your partners network, and vice versa . Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All traffic among your internal and partner networks is sent in clear text.
How do you configure VPN Community?
A. Disable 'accept all encrypted traffic', and put FTP and http in the Excluded services in the
Community object Add a rule in the Security Policy for services FTP and http, with the
Community object in the VPN field
B. Disable "accept all encrypted traffic" in the Community, and add FTP and http services to the
Security Policy, with that Community object in the VPN field
C. Enable "accept all encrypted traffic", but put FTP and http in the Excluded services in the
Community. Add a rule in the Security Policy with services FTP and http, and the Community
object in theVPN field
D. Put FTP and http in the Excluded services in the Community object Then add a rule in the
Security Policy to allow any as the service, with the Community object in the VPN field
Answer: B
Question 8.
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via a text message to her cellular phone, whenever traffic is accepted on this rule.
Which of the following options is MOST appropriate for Ophelia's requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Answer: A
Question 9.
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule.
What causes the Connection Rejection?
A. No QoS rule exists to match the rejected traffic
B. The number of guaranteed connections is exceeded. The rule's action properties are not set to
accept additional connections
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and
the Maximal Delay is set below requirements
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet
buffers
E. The guarantee of one of the rule's sub-rules exceeds the guarantee in the rule itself
Answer: B
Explanation:
QoS rules with the track field set to Log can generate the following types of log events:
QoS rejects a connection when the number of guaranteed connections is exceeded, and/or when the rule's action properties are not set to accept additional connections. 359, accel_ccse_ngx
Question 10.
Choose the BEST sequence for configuring user management on Smart Dash board, for use with an LDAP server
A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and
configure a server object for the LDAP Account Unit
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP
Account Unit, and enable LDAP in Global Properties
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP server using an OPSEC application
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP resource object
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
Answer: A
Explanation:
340, Check Point Security Administration NGX I Student Handbook
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.