|
niceee one visit ITCertkeys thanks
|
Question 1.
Which VPN-1 NGX feature or command allows Security Administrators to revert to earlier versions of the same Security Policy?
A. Policy Package management
B. cpinfo
C. cpconfig
D. Database Revision Control
E. upgrade_export/import
Answer: D
Question 2.
In SmartView Tracker, you see an entry for an outbound connection showing address translation. But when setting SmartView Tracker to show all entries for that connection, only outbound entries show.
What is the possible cause for this?
A. The entry is for a Manual Dynamic NAT connection, from a specific host infected by a worm.
B. The entry is for a Manual Static NAT connection, where inbound traffic is managed by a
separate rule.
C. The entry is for a Static NAT connection, from a specific host that has been infected by a
worm.
D. The entry is for a Dynamic NAT connection from a specific host.
Answer: B
Question 3.
Which of the following commands is used to restore VPN-1 NGX configuration information?
A. gunzip
B. cpconfig
C. fw ctl pstat
D. cpinfo
E. upgrade_import
Answer: E
Question 4.
Which OPSEC server is used to prevent users from accessing certain Web sites?
A. CVP
B. DEFENDER
C. URI
D. FTP
E. UFP
Answer: E
Question 5.
Your organization ITCertKeys.com's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.
How would you request and apply the license?
A. Request a central license, using the remote Security Gateway's IP address. Apply he
license locally with the fwputlic command.
B. Request a central license, using the SmartCenter Server's IP address. Apply the license
locally on the remote Gateway with the fwputlic command.
C. Request a central license, using your SmartCenter Server's IP address. Attach the
license to the remote Gateway via SmartUpdate.
D. Request a central license, using the remote Gateway's IP address. Attach the license to
the remote Gateway via SmartUpdate.
E. Request local licenses for all Gateways separately. Apply the license locally on the
remote Gateways with the fwputlic command.
Answer: C
Question 6.
How do you create more granular control over commands, such as CWD and FIND, in FTP data connections?
A. Use Global Properties > Security Server settings.
B. Use the gateway object's Security Server settings.
C. Use the Service field of the Rule Base.
D. Use an FTP resource object.
E. Use FTP Security Server settings in SmartDefense.
Answer: E
Question 7.
Which of the following is the final step in a VPN-1 NGX backup?
A. Test restoration in a non-production environment, using the upgrade_import command.
B. Move the *.tgz file to another location.
C. Copy the conf directory to another location.
D. Run the upgrade_export command.
E. Run the cpstop command.
Answer: B
Question 8.
Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server:
A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP server using an OPSEC application.
B. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and
configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
E. Configure a workstation object for the LDAP server, configure a server object for the LDAP
Account Unit, and enable LDAP in Global Properties.
Answer: C
340, Check Point Security Administration NGX I Student Handbook
Question 9.
You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway.
Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?
A. Hide NAT
B. None
C. Dynamic NAT
D. Static NAT
E. Manual NAT
Answer: B
Question 10.
Yoav is a Security Administrator preparing to implement a VPN solution for his multisite organization. To comply with industry regulations, Yoav's VPN solution must meet the following requirement:
* Portability: Standard
* Key management: Automatic, external PKI
* Session keys: Changed at configured times during a connection's lifetime
* Key length: No less that 128-bit
* Data integrity: Secure against inversion and brute-force attacks
What is the most appropriate setting Yoav should choose?
A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash
C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
D. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
E. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash
Answer: E
Question 11.
How are cached usernames and passwords cleared from the memory of a VPN-1 NGX Security Gateway?
A. By pushing new user information from the LDAP server.
B. By retrieving LDAP user information, using the fwfetchldap command.
C. By using the Clear User Cache button in SmartDashboard.
D. Usernames and passwords only clear from memory aftere they time out.
E. By installing Security Policy
Answer: E
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.