Exam A QUESTION 1
If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:
A. three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
B. three-packet IKE Phase 2 exchange is replaced by a two-packet exchange
C. six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
D. three-packet IKE Phase 1 exchange is replaced by a six-packet exchange
Correct Answer: C QUESTION 2
Of the following, what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases 2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles
ActualTests.com 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses
A. 3, 4, 5, 6, 9, 12, 13
B. 5, 6, 9, 12, 13
C. 1, 2, 8, 10, 11
D. 2, 4, 7, 10, 11
Correct Answer: B QUESTION 3
You believe Phase 2 negotiations are railing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners. Which SmartConsole application should you use to confirm your suspicions?
A. SmartDashboard
B. SmartView Tracker
C. SmartUpdate
D. SmartView Status Correct Answer: B
QUESTION 4
You are running a R71 Security Gateway on SecurePlatform, in case of a hardware failure. You have a server with the exact same hardware and firewall version Installed. What backup method could be used to quickly put the secondary firewall into production?
A. Upgrade_export
B. Manual backup
C. Snapshot
D. Backup
Correct Answer: C QUESTION 5
What happens hi relation to the CRL cache after a cpstop and cpstart have been initiated?
A. The Gateway retrieves a new CRL on startup, and then discards the old CRL as invalid
B. The Gateway continues to use the old CRL, as long as it is valid.
C. The Gateway continues to use the old CRL even if it is not valid, until a new CRL is cached
D. The Gateway issues a crl_zap on startup, which empties the cache and forces Certificate retrieval
Correct Answer: B QUESTION 6
What physical machine must have access to the User Center public IP address when checking for new packages with smartUpdate?
A. SmartUpdate GUI PC
B. SmartUpdate Repository SQL database Server
C. A Security Gateway retrieving the new upgrade package
D. SmartUpdate installed Security Management Server PC
Correct Answer: A QUESTION 7
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Blank field under Rule Number
B. Rule 0
C. Cleanup Rule
D. Rule 1
Correct Answer: B QUESTION 8
The URL Filtering Policy can be configured to monitor URLs in order to:
A. Log sites from blocked categories.
B. Redirect users to a new URL.
C. Block sites only once.
D. Alert the Administrator to block a suspicious site.
Correct Answer: A QUESTION 9
The Customer has a small Check Point installation which includes one Windows XP workstation as SmartConsole, one Solaris server working as security Management Server, and a third server running SecurePlatform as Security Gateway. This is an Example of a (n):
A. Stand-Alone Installation.
B. Unsupported configuration
C. Distributed Installation
D. Hybrid Installation.
Correct Answer: A
QUESTION 10
You want to implement Static Destination NAT in order to provide external. Internet users access to an internal Webserver that has a reserved (RFC 1918) IP address You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
ActualTests.com
A. Place a static host route on the firewall for the valid IP address to the internal Web server.
B. Place a static ARP entry on the ISP router for the valid IP address to the firewall’s external address.
C. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
D. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
Correct Answer: C
