web analytics

An Account Unit is the interface between the __________ and the __________.

An Account Unit is the interface between the __________ and the __________. A. Users, Domain B. Gateway, Resources C. System, Database D. Clients, Server Answer: D

Which of the following is NOT a LDAP server option in Smart Directory?

Which of the following is NOT a LDAP server option in Smart Directory? A. Novell_DS B. Netscape_DS C. OPSEC_DS D. Standard_DS Answer: D

Remote clients are using SSL VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?

Remote clients are using SSL VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication? A. vpnd B. cpvpnd C. fwm

Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?

Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication? A. vpnd B. cpvpnd C. fwm

Where do you verify that Smart Directory is enabled?

Where do you verify that Smart Directory is enabled? A. Global properties > Authentication> Use Smart Directory(LDAP) for Security Gateways is checked B. Gateway properties> Smart Directory (LDAP) > Use

Which of the following access options would you NOT use when configuring Captive Portal?

Which of the following access options would you NOT use when configuring Captive Portal? A. Through the Firewall policy B. From the Internet C. Through all interfaces D. Through internal

Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). Which of the following is NOT a recommended use for this method?

Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). Which of the following is NOT a recommended use for this method? A. When accuracy in

When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?

When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method? A. Identity-based enforcement for

If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended?

If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended? A. Leveraging identity in Internet application

Which is NOT a method through which Identity Awareness receives its identities?

Which is NOT a method through which Identity Awareness receives its identities? A. GPO B. Captive Portal C. AD Query D. Identity Agent Answer: A

An organization may be distributed across several Smart Directory (LDAP) servers. What provision do you make to enable a Gateway to use all available resources? Each Smart Directory (LDAP) server must be:

An organization may be distributed across several Smart Directory (LDAP) servers. What provision do you make to enable a Gateway to use all available resources? Each Smart Directory (LDAP) server

Which describes the function of the account unit?

Which describes the function of the account unit? A. An Account Unit is the Check Point account that Smart Directory uses to access an (LDAP) server B. An Account Unit

With the User Directory Software Blade, you can create R76 user definitions on a(n) _________ Server.

With the User Directory Software Blade, you can create R76 user definitions on a(n) _________ Server. A. Secure ID B. LDAP C. NT Domain D. Radius Answer: B

Each entry in Smart Directory has a unique _______________ ?

Each entry in Smart Directory has a unique _______________ ? A. Distinguished Name B. Organizational Unit C. Port Number Association D. Schema Answer: A

Where multiple Smart Directory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority. By what category can this priority be defined?

Where multiple Smart Directory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority. By what

When using Smart Dashboard to manage existing users in Smart Directory, when are the changes applied?

When using Smart Dashboard to manage existing users in Smart Directory, when are the changes applied? A. Instantaneously B. At policy installation C. Never, you cannot manage users through Smart

The set of rules that governs the types of objects in the directory and their associated attributes is called the:

The set of rules that governs the types of objects in the directory and their associated attributes is called the: A. LDAP Policy B. Schema C. Access Control List D.

When defining Smart Directory for High Availability (HA), which of the following should you do?

When defining Smart Directory for High Availability (HA), which of the following should you do? A. Replicate the same information on multiple Active Directory servers. B. Configure Secure Internal Communications

When defining an Organizational Unit, which of the following are NOT valid object categories?

When defining an Organizational Unit, which of the following are NOT valid object categories? A. Domains B. Resources C. Users D. Services Answer: A

What is the default port number for Secure Sockets Layer connections with the LDAP Server?

What is the default port number for Secure Sockets Layer connections with the LDAP Server? A. 363 B. 389 C. 398 D. 636 Answer: D

What is the default port number for standard TCP connections with the LDAP server?

What is the default port number for standard TCP connections with the LDAP server? A. 398 B. 636 C. 389 D. 363 Answer: C

In Smart Directory, what is each LDAP server called?

In Smart Directory, what is each LDAP server called? A. Account Server B. Account Unit C. LDAP Server D. LDAP Unit Answer: B

Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?

Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway? A. query ldap ­name administrator

Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R76?

Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in

The User Directory Software Blade is used to integrate which of the following with a R76 Security Gateway?

The User Directory Software Blade is used to integrate which of the following with a R76 Security Gateway? A. LDAP server B. RADIUS server C. Account Management Client server D.

Choose the BEST sequence for configuring user management in Smart Dashboard, using an LDAP server.

Choose the BEST sequence for configuring user management in Smart Dashboard, using an LDAP server. A. Configure a workstation object for the LDAP server, configure a server object for the

There are several Smart Directory (LDAP) features that can be applied to further enhance Smart Directory (LDAP) functionality, which of the following is NOT one of those features?

There are several Smart Directory (LDAP) features that can be applied to further enhance Smart Directory (LDAP) functionality, which of the following is NOT one of those features? A. High

What is NOT a valid LDAP use in Check Point Smart Directory?

What is NOT a valid LDAP use in Check Point Smart Directory? A. Retrieve gateway CRL’s B. External users management C. Enforce user access to internal resources D. Provide user

Check Point support has asked Tony for a firewall capture of accepted packets. What would be the correct syntax to create a capture file to a filename called monitor. out?

Check Point support has asked Tony for a firewall capture of accepted packets. What would be the correct syntax to create a capture file to a filename called monitor. out?

Steve is troubleshooting a connection problem with an internal application. If he knows the source IP address is 192.168.4.125, how could he filter this traffic?

Steve is troubleshooting a connection problem with an internal application. If he knows the source IP address is 192.168.4.125, how could he filter this traffic? A. Run fw monitor -e

How would you set the debug buffer size to 1024?

How would you set the debug buffer size to 1024? A. Run fw ctl set buf 1024 B. Run fw ctl kdebug 1024 C. Run fw ctl debug -buf 1024

How does Check Point recommend that you secure the sync interface between gateways?

How does Check Point recommend that you secure the sync interface between gateways? A. Configure the sync network to operate within the DMZ. B. Secure each sync interface in a

A Fast Path Upgrade of a cluster:

A Fast Path Upgrade of a cluster: A. Upgrades all cluster members except one at the same time. B. Treats each individual cluster member as an individual gateway. C. Is

A Full Connectivity Upgrade of a cluster:

A Full Connectivity Upgrade of a cluster: A. Treats each individual cluster member as an individual gateway. B. Upgrades all cluster members except one at the same time. C. Is

A Zero Downtime Upgrade of a cluster:

A Zero Downtime Upgrade of a cluster: A. Upgrades all cluster members except one at the same time. B. Is only supported in major releases (R70 to R71, R71 to

A Minimal Effort Upgrade of a cluster:

A Minimal Effort Upgrade of a cluster: A. Is only supported in major releases (R70 to R71, R71 to R76). B. Is not a valid upgrade method in R76. C.

When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed. Which command should you run?

When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed. Which command should you run?

Which command would you use to save the interface information before upgrading a Windows Gateway?

Which command would you use to save the interface information before upgrading a Windows Gateway? A. cp /etc/sysconfig/network.C [location] B. ipconfig ­a > [filename].txt C. ifconfig > [filename].txt D. netstat

Which command would you use to save the routing information before upgrading a Windows Gateway?

Which command would you use to save the routing information before upgrading a Windows Gateway? A. ipconfig ­a > [filename].txt B. ifconfig > [filename].txt C. cp /etc/sysconfig/network.C [location] D. netstat

Which command would you use to save the routing information before upgrading a Secure Platform Gateway?

Which command would you use to save the routing information before upgrading a Secure Platform Gateway? A. cp /etc/sysconfig/network.C [location] B. netstat ­rn > [filename].txt C. ifconfig > [filename].txt D.

Which command would you use to save the interface information before upgrading a GAiA Gateway?

Which command would you use to save the interface information before upgrading a GAiA Gateway? A. netstat ­rn > [filename].txt B. ipconfig ­a > [filename].txt C. ifconfig > [filename].txt D.

What is happening?

John is upgrading a cluster from NGX R65 to R76. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification,

Which command provides cluster upgrade status?

Which command provides cluster upgrade status? A. cphaprob status B. cphaprob ldstat C. cphaprob fcustat D. cphaprob tablestat Answer: C

In a “zero downtime” scenario, which command do you run manually after all cluster members are upgraded?

In a “zero downtime” scenario, which command do you run manually after all cluster members are upgraded? A. cphaconf set_ccp broadcast B. cphaconf set clear_subs C. cphaconf set mc_relod D.

In a zero downtime firewall cluster environment what command do you run to avoid switching problems around the cluster.

In a zero downtime firewall cluster environment what command do you run to avoid switching problems around the cluster. A. cphaconf set mc_relod B. cphaconf set clear_subs C. cphaconf set_ccp

Which is NOT a valid option when upgrading Cluster Deployments?

Which is NOT a valid option when upgrading Cluster Deployments? A. Full Connectivity Upgrade B. Fast path Upgrade C. Minimal Effort Upgrade D. Zero Downtime Answer: B

If no flags are defined during a back up on the Security Management Server, where does the system store the *.tgz file?

If no flags are defined during a back up on the Security Management Server, where does the system store the *.tgz file? A. /var/opt/backups B. /var/backups C. /var/CPbackup/backups D. /var/tmp/backups

During a Security Management Server migrate export, the system:

During a Security Management Server migrate export, the system: A. Creates a backup file that includes the Smart Event database. B. Creates a backup file that includes the Smart Reporter

What is the correct order of the steps below to successfully complete this procedure?

Typically, when you upgrade the Security Management Server, you install and configure a fresh R76 installation on a new computer and then migrate the database from the original machine. What

Which of the following statements are TRUE?

Typically, when you upgrade the Security Management Server, you install and configure a fresh R76 installation on a new computer and then migrate the database from the original machine. Which