NEW QUESTION 1
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?

• A. IPsec VPN blade should be enabled on both Security Gateway.
• B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
• C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
• D. The Security Gateways are pre-R75.40.

Answer: C

NEW QUESTION 2
Which of the following is NOT an advantage to using multiple LDAP servers?

• A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
• B. Information on a user is hidden, yet distributed across several servers
• C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
• D. You gain High Availability by replicating the same information on several servers

Answer: B

NEW QUESTION 3
Which two Identity Awareness commands are used to support identity sharing?

• A. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
• B. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
• C. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
• D. Policy Activation Point (PAP) and Policy Decision Point (PDP)

Answer: A

NEW QUESTION 4
Fill in the blank: Gaia can be configured using the _____ or _____.

• A. Gaia; command line interface
• B. WebUI; Gaia Interface
• C. Command line interface; WebUI
• D. Gaia Interface; GaiaUI

Answer: C

Explanation: Configuring Gaia for the First Time In This Section:
Running the First Time Configuration Wizard in WebUI Running the First Time Configuration Wizard in CLI
After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

NEW QUESTION 5
On the following picture an administrator configures Identity Awareness:

After clicking “Next” the above configuration is supported by:

• A. Kerberos SSO which will be working for Active Directory integration
• B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
• C. Obligatory usage of Captive Portal
• D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication

Answer: B

Explanation: To enable Identity Awareness:
Log in to R80 SmartConsole.
From the Awareness.
Gateway&s
Servers
view, double-click the Security Gateway on which to enable Identity
On the Network Security tab, select Identity Awareness.
The Identity Awareness
Configuration wizard opens.
Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address).

NEW QUESTION 6
What does the “unknown” SIC status shown on SmartConsole mean?

• A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.
• B. SIC activation key requires a reset.
• C. The SIC activation key is not known by any administrator.
• D. There is no connection between the Security Gateway and SMS.

Answer: D

Explanation: The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway an the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established.

NEW QUESTION 7
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?

• A. https://<Device_IP_Address>
• B. https://<Device_IP_Address>:443
• C. https://<Device_IP_Address>:10000
• D. https://<Device_IP_Address>:4434

Answer: A

Explanation: Access to Web UI Gaia administration interface, initiate a connection from a browser to the default administration IP address: Logging in to the WebUI
Logging in
To log in to the WebUI:
Enter this URL in your browser: https://<Gaia IP address>
Enter your user name and password. References:

NEW QUESTION 8
What is the main difference between Threat Extraction and Threat Emulation?

• A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
• B. Threat Extraction always delivers a file and takes less than a second to complete
• C. Threat Emulation never delivers a file that takes less than a second to complete
• D. Threat Extraction never delivers a file and takes more than 3 minutes to complete

Answer: B

NEW QUESTION 9
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

• A. Pentagon
• B. Combined
• C. Meshed
• D. Star

Answer: D

Explanation: VPN communities are based on Star and Mesh topologies. In a Mesh community, there are VPN connections between each Security Gateway. In a Star community, satellites have a VPN connection with the center Security Gateway, but not to each other.

NEW QUESTION 10
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

• A. The firewall topologies
• B. NAT Rules
• C. The Rule Base
• D. The VPN Domains

Answer: C

NEW QUESTION 11
When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

• A. Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.
• B. The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.
• C. The entire Management Database and all sessions and other administrators can connect only as Read-only.
• D. Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Answer: D

NEW QUESTION 12
Which of the following is NOT a license activation method?

• A. SmartConsole Wizard
• B. Online Activation
• C. License Activation Wizard
• D. Offline Activation

Answer: A

NEW QUESTION 13
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address?

• A. High Availability
• B. Load Sharing Multicast
• C. Load Sharing Pivot
• D. Master/Backup

Answer: B

Explanation: ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.

NEW QUESTION 14
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

• A. UDP port 265
• B. TCP port 265
• C. UDP port 256
• D. TCP port 256

Answer: B

NEW QUESTION 15
Which repositories are installed on the Security Management Server by SmartUpdate?

• A. License and Update
• B. Package Repository and Licenses
• C. Update and License and Contract
• D. License and Contract and Package Repository

Answer: D

NEW QUESTION 16
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?

• A. Change the Rule Base and install the Policy to all Security Gateways
• B. Block Intruder feature of SmartView Tracker
• C. Intrusion Detection System (IDS) Policy install
• D. SAM – Suspicious Activity Rules feature of SmartView Monitor

Answer: B

NEW QUESTION 17
Which policy type has its own Exceptions section?

• A. Thread Prevention
• B. Access Control
• C. Threat Emulation
• D. Desktop Security

Answer: A

Explanation: The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.

NEW QUESTION 18
Fill in the blank: To create policy for traffic to or from a particular location, use the_____ .

• A. DLP shared policy
• B. Geo policy shared policy
• C. Mobile Access software blade
• D. HTTPS inspection

Answer: B

Explanation: Shared Policies
The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. T are shared between all Policy packages.
Shared policies are installed with the Access Control Policy. Software Blade
Description Mobile Access
Launch Mobile Access policy in a SmartConsole. Configure how your remote users access internal resources, such as their email accounts, when they are mobile.
DLP Launch Data Loss Prevention policy in a SmartConsole. Configure advanced tools to automatically identify data that must not go outside the network, to block the leak, and to educate users.
Geo Policy
Create a policy for traffic to or from specific geographical or political locations. References:

NEW QUESTION 19
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.

• A. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
• B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
• C. SmartView Tracker, CPINFO, SmartUpdate
• D. Security Policy Editor, Log Viewer, Real Time Monitor GUI

Answer: C

NEW QUESTION 20
Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.

• A. Shared policy packages
• B. Shared policies
• C. Concurrent policy packages
• D. Concurrent policies

Answer: A