Testking Q&A Cont..
QUESTION NO: 91
You create two Policy Packages for two NGX Security Gateways. For the first
Policy Package, you select Security and Address Translation and QoS Policy. For
the second Policy Package, you selected Security and Address Translation and
Desktop Security Policy. In the first Policy Package, you enable host-based port
scan from the SmartDefense tab. You save and install the policy to the relevant
Gateway object. How is the port scan configured on the second Policy Package's
SmartDefense tab?
A. Host-based port scan is disabled by default.
B. Host-based port scan is enabled, because SmartDefense settings are global.
C. Host-based port scan is enabled but it is not highlighted.
D. There is no SmartDefense tab in the second Policy Package.
Answer: B
Explanation: Smart defense setting are global.
QUESTION NO: 92
Leading the way in IT testing and certification tools,
www.testking.com - 52 -
A digital signature:
A. Uniquely encodes the receiver of the key.
B. Provides a secure key exchange mechanism over the Internet.
C. Guarantees the authenticity and integrity of a message.
D. Automatically changes the shared keys.
E. Decrypts data to its original form.
Answer: C
QUESTION NO: 93
You are setting up a Virtual Private Network, and must select an encryption
scheme. Your data is extremely business sensitive and you want maximum security
for your data communications. Which encryption scheme would you select?
A. Tunneling mode encryption
B. In-place encryption
C. Either one will work without compromising performance
Answer: A
Explanation: It says you want maximum security, in this case you would use tunnel
encryption which encrypts all of the packet not just the payload (more secure). C is
wrong because tunnel encryption puts more of a processing overhead on the server
than in-place encryption.
QUESTION NO: 94
You have just started a new job as the Security Administrator for TestKing. Your
boss has asked you to ensure that peer-to-peer file sharing is not allowed past the
corporate Security Gateway. Where should you configure this?
A. SmartDashboard > SmartDefense
B. SmartDashboard > WebDefense
C. By editing the file $FWDIR/conf/application_intelligence.C
D. SmartDashboard > Policy > Global Properties > Malicious Activity Detection
E. SmartDashboard > Web Intelligence
Leading the way in IT testing and certification tools,
www.testking.com - 53 -
Answer: A
QUESTION NO: 95
Amy is configuring a User Authentication rule for the technical-support department
to access an intranet server. What is the correct statement?
A. The Security Server first checks if there is any rule tat does not require authentication
for this type of connection.
B. The User Authentication rule must be placed above the Stealth Rule.
C. Once a user is first authenticated, the user will not be prompted for authentication
again until logging out.
D. Amy can only use the rule for Telnet, FTP, and rlogin services.
E. Amy can limit the authentication attempts in the Authentication tab of the User
Properties screen.
Answer: B
QUESTION NO: 96
How can you unlock an administrator's account, which was been locked due to
SmartCenter Access settings in Global Properties?
A. Type fwm lock_admin -ua from the command line of the SmartCenter Server.
B. Clear the "locked" box from the user's General Properties in SmartDashboard.
C. Type fwm unlock_admin -ua from the command line of the SmartCenter Server.
D. Type fwm unlock_admin -ua from the command line of the Security Gateway.
E. Delete the file admin.lock in the $FWDIR/tmp/ directory of the SmartCenter Server.
Answer: A
Explanation: You can unlock administrator just using "fwm lock_admin
<options>"
The options are:
[-v] # view names of all locked Administrators
[-u Administrator] # unlock a single Administrator
[-ua] # unlock all locked Administrators
Leading the way in IT testing and certification tools,
www.testking.com - 54 -
Thus, the correct answer is A.
Example:
[Expert@cpmodule]# fwm lock_admin -ua
Operation finished successfully
[Expert@cpmodule]# fwm lock_admin -va
No Administrators are currently locked.
Not C: The command "fwm unlock_admin -ua" does not exist.
QUESTION NO: 97
How many administrators can be created during installation of the SmartCenter
Server?
A. Only one
B. Only one with full access and one with read-only access
C. As many as you want
D. Depends on the license installed on the SmartCenter Server
E. Specified in the Global Properties
Answer: A
QUESTION NO: 98
Which SmartConsole tool verifies the installed Security Policy name?
A. SmartView Status
B. Eventia Reporter
C. SmartView Server
D. SmartUpdate
E. SmartView Tracker
Answer: E
QUESTION NO: 99
Ilse
Leading the way in IT testing and certification tools,
www.testking.com - 55 -
manages a distributed NGX installation for TestKing.com. Ilse needs to know
which Security Gateways have licenses that will expire within the next 30 days.
Which SmartConsole application should Ilse use to gather this information?
A. SmartView Monitor
B. SmartUpdate
C. SmartDashboard
D. SmartView Tracker
E. SmartView Status
Answer: B
QUESTION NO: 100
Herman is attempting to configure a site-to-site VPN with one of his firm's business
partner. Herman thinks Phase 2 negotiations are failing. Which SmartConsole
application should Herman use to confirm his suspicions?
A. SmartUpdate
B. SmartView Tracker
C. SmartView Monitor
D. SmartDashboard
E. SmartView Status
Answer: C
QUESTION NO: 101
How can you reset the password of the Security Administrator, which was created
during initial installation of the SmartCenter Server on SecurePlatform?
A. Launch cpconfig and select "Administrators".
B. Launch SmartDashboard, click the admin user account, and overwrite the existing
Check Point Password.
C. Type cpm -a, and provide the existing administration account name. Reset the Security
Administrator's password.
D.
Leading the way in IT testing and certification tools,
www.testking.com - 56 -
Export the user database into an ASCII file with fwm dbexport. Open this file with an
editor, and delete the "Password" portion of the file. The log in to the account without
password. You will be prompted to assign a new password.
E. Launch cpconfig and delete the Administrator's account. Recreate the account with the
same name.
Answer: B
QUESTION NO: 102
What happens when you select File > Export from the SmartView Tracker menu?
A. It is not possible to export an old log file, only save and switch in SmartView Tracker.
B. Current logs are exported to a new *.log file.
C. Exported log entries are still viewable in SmartView Tracker.
D. Exported log entries are deleted from fw.log.
E. Logs in fw.log are exported to a file that can be opened by Microsoft Excel.
Answer: C
QUESTION NO: 103
Which type of TCP attack is a bandwidth attack, where a client fools a server into
sending large amount of data, using small packets?
A. SMURF
B. Small PMTU
C. Host System Hogging
D. LAN
E. SYN-Flood
Answer: B
QUESTION NO: 104
What is the proper command for exporting users in LDAP format?
Leading the way in IT testing and certification tools,
www.testking.com - 57 -
A. fw dbexport -f c:\temp\users.txt
B. fw dbimport -f c:\temp\users.ldif -l -s "o=YourCity.com,c=YourCountry"
C. fw dbimport -f c:\temp\users.ldap
D. fw dbexport -f c:\temp\users.ldap -l -s
E. fw dbexport -f c:\temp\users.ldif -l -s "o=YourCity.com,c=YourCountry"
Answer: E
Explanation:
In check point Security administration NGX1 1.1 on page 417 in Chapter 9: LDAP User
Management with SMARTDIRECTORY (official courseware/book)
Fwm dbexport -f c:\temp\users.ldif -l -s "o=yourcity.com,c=yourcountry"
This command exports all attributes for all users to the users.ldif file, in LDF format.
Export allows users to be imported into an LDAP server.
QUESTION NO: 105
Shauna is troubleshooting a Security Gateway that is dropping all traffic whenever
the most recent Security Policy is installed. Working at the Security Gateway,
Shauna needs to uninstall the Policy, but keep the processes running so she can see
if there is an issue with the Gateway's firewall tables. Which of the following
commands will do this?
A. fw dbload 10.1.1.5
B. fw unload 10.1.1.5
C. cprestart
D. fw tab -x -u
E. cpstop
Answer: D
Explanation: tab -x -u displays kernel table content.
You want to uninstall not to load something.
Leading the way in IT testing and certification tools,
www.testking.com - 58 -
Incorrect answers:
Not A, B: The question did not tell us anything about node 10.1.1.5.
Not A: Definitely wouldn't be A as fw dbload is used to download user/network objects
to specific targets, and it specifically says in the question she wants to uninstall the
security policy.
QUESTION NO: 106
You have blocked an IP address via the Block Intruder feature of SmartView
Tracker. How can you see the addresses you have blocked?
A. In SmartView Status click the Blocked Intruder tab.
B. Run fwm blocked_view.
C. Run fw sam -va.
D. Run fw tab -t sam_blocked_ips.
E. In SmartView Tracker, click the Active tab, and the actively blocked connections
display.
Answer: D
QUESTION NO: 107
Your internal Web server in the DMZ has IP address 172.16.10.1/24. A particular
network from the Internet tries to access this Web server. You need to set up some
type of Network Address Translation (NAT), so that NAT occurs only from the
HTTP service, and only from the remote network as the source. The public IP
address for the Web server is 200.200.200.1. All properties in the NAT screen of
Global Properties are enabled.
Select the correct NAT rules, so NAT happens ONLY between "web_dallas" and
the remote network.
A. 1. Create another node object named "web_dallas_valid", and enter "200.200.200.1"
in the General Properties screen.
2. Create two manual NAT rules above the automatic Hide NAT rules for the
172.16.10.0 network.
3. Select "HTTP" in the Service column of both manual NAT rules.
4. Enter an ARP entry and route on the Security Gateway's OS.
Leading the way in IT testing and certification tools,
www.testking.com - 59 -
B. 1. Enable NAT on the web_dallas object, select "static", and enter "200.200.200.1" in
the General Properties screen.
2. Specify "HTTP" in the automatic Static Address Translation rules.
3. Create incoming and outgoing rules for the web_dallas server, for the HTTP service
only.
C. 1. Enable NAT on the web_dallas object, select "hide", and enter "200.200.200.1" for
the Hide NAT IP address.
2. Specify "HTTP" in the Address Translation rules that are generated automatically.
3. Create incoming and outgoing rules for the web_dallas server, for the HTTP service
only.
D. 1. Create another node object named "web_dallas_valid", and enter "200.200.200.1"
in the General Properties screen.
2. Create two manual NAT rules below the Automatic Hide NAT rules for network
172.16.10.0, in the Address Translation Rule Base.
3. Select "HTTP" in the Service column of both manual NAT rules.
4. Enter an ARP entry and route on the Security Gateway's OS.
Answer: A
Explanation: Note Automatic NAT has defined order for placing rules into the rule
base. The gateway installs Static NAT rules first, then Hide NAT rules. Within
Static and NAT rules, node objects are first,then address ranges, and finally
networks.
See configuring _check_point_NGX_VPN-1_Firewall-1-R page 235
QUESTION NO: 108
Using SmartDefense how do you notify the Security Administrator that malware is
scanning specific ports? By enabling:
A. Network Port scan
B. Host Port scan
C. Malware Scan protection
D. Sweep Scan protection
E. Malicious Code Protector
Answer: D
Explanation:
Leading the way in IT testing and certification tools,
www.testking.com - 60 -
The question is tricky and a play on words, a 'sweep' is a scan on specific ports
across multiple servers - which fits the answer.
QUESTION NO: 109
Jack's project is to define the backup and restore section of his organization's
disaster recovery plan for his organization's distributed NGX installation. Jack
must meet the following required and desired objectives:
Required objective: The security policy repository must be backed up no less
frequently than every 24 hours.
Desired objective: The NGX components that enforce the Security Policies should
be backed up no less frequently than once a week.
Desired objective: Back up NGX logs no less frequently than once a week.
Administrators should be able to view backed up logs in SmartView Tracker.
Jack's disaster recovery plan is as follows:
Use the cron utility to run the upgrade_export command each night on the
SmartCenter Servers. Configure the organization's routine backup software to back
up the files created by the upgrade_export command.
Configure the SecurePlatform backup utility to back up the Security Gateways
every Saturday night.
Use the cron utility to run the upgrade_export command each Saturday night on the
Log Servers. Configure an automatic, nightly logexport. Configure the
organization's routine backup software to back up the export log every night.
Jack's plan:
A. Meets the required objective but does not meet either desired objective.
B. Meets the required objective and both desired objectives.
C. Meets the required objective and only one desired objective.
D. Does not meet the required objective.
Answer:
Explanation: Pending. Send your suggestion to
feedback@testking.com Leading the way in IT testing and certification tools,
www.testking.com - 61 -
QUESTION NO: 110
Anna is working at TestKing.com, together with three other Security
Administrators. Which SmartConsole tool should she use to check changes to rules
or object properties other administrators made?
A. SmartDashboard
B. SmartView Tracker
C. Eventia Tracker
D. Eventia Monitor
E. SmartView Monitor
Answer: B
QUESTION NO: 111
When you find a suspicious connection from a problematic host, you want to block
everything from that whole network, not just the host. You want to block this for an
hour, but you do not want to add any rules to the Rule Base. How do you achieve
this?
A. Create a Suspicious Activity rule in SmartView Tracker.
B. Create a Suspicious Activity Rule in SmartView.
C. Create an "FW SAM" rule in SmartView Monitor.
D. Select "block intruder" from the Tools menu in the SmartView Tracker.
Answer: B
Explanation: They want to block the whole network not from specific node.
It is indeed possible to block for an hour using the Suspicious Activity Rule. See
screenshot:
Monitor
Leading the way in IT testing and certification tools,
www.testking.com - 62 -
Not D: Block intruder block the source only.
Leading the way in IT testing and certification tools,
www.testking.com - 63 -
QUESTION NO: 112
Your internal network is using 10.1.1.0/24. This network is behind your perimeter
NGX VPN-1 Gateway, which connects to your ISP provider. How do you configure
the Gateway to allow this network to go out to the Internet?
A. Use automatic Static NAT for network 10.1.1.0/24.
B. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter
Gateway.
C. Use manual Static NAT on the client side for network 10.1.1.0/24
D. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your
perimeter Gateway.
E. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
Answer: D
QUESTION NO: 113
Which of these changes to a Security Policy optimizes Security Gateway
performance?
A. Using domain objects in rules when possible
B. Using groups within groups in the manual NAT Rule Base
C. Putting the least-used rule at the top of the Rule Base
D. Logging rules as much as possible
E. Removing old or unused Security Policies from Policy Packages
Answer: E
QUESTION NO: 114
Nelson is a consultant. He is at a customer's site reviewing configuration and logs as
a part of a security audit. Nelson sees logs accepting POP3 traffic, but he does not
see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most
likely cause? The POP3:
A. service is a VPN-1 Control Connection.
B. rule is hidden.
C. service is accepted in Global Properties.
Leading the way in IT testing and certification tools,
www.testking.com - 64 -
D. service cannot be controlled by NGX.
E. rule is disabled.
Answer: B
QUESTION NO: 115
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and View hidden rules. Select the rule,
right-click, and select Disable.
B. Uninstall the Security Policy, and the disable the rule.
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule
again.
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule.
E. Clear Hide from Rules drop-down menu, then right-click and select "Disable Rule(s)".
Answer: A
QUESTION NO: 116
Mary is the IT auditor for a bank. One of her responsibilities is reviewing the
Security Administrators activity and comparing it to the change log. Which
application should Mary use to view Security Administrator activity?
A. NGX cannot display Security Administrator activity
B. SmartView Tracker in Real-Time Mode
C. SmartView Tracker in Audit Mode
D. SmartView Tracker in Log Mode
E. SmartView Tracker in Activity Mode
Answer: C
QUESTION NO: 117
Leading the way in IT testing and certification tools,
www.testking.com - 65 -
Andrea has created a new gateway object that she will be managing at a remote
location. She attempts to install the Security Policy to the new gateway object, but
the object does not appear in the "install on" box. Which of the following is the
most likely cause?
A. Andrea has created the object using "New Check Point > VPN-1 Edge Embedded
Gateway"
B. Andrea created the gateway object using the "New Check Point > Externally Managed
VPN Gateway" option from the Network Objects dialog box.
C. Andrea has not configured anti-spoofing on the interfaces on the gateway object.
D. Andrea has not configure Secure Internal Communications (SIC) for the oject.
E. Andrea created the Object using "New Check Point > VPN-1 Pro/Express Security
Gateway" option in the network objects, dialog box, but still needs to configure the
interfaces for the Security Gateway object.
Answer: B
Explanation: Anti-spoofing configuration does not affect the ability to install the
security policy on a gatway. No SIC configuration is required to install the security
policy on a gateway. Both VPN-1 Edge gateways and VPN-1 Pro/Express gateways
will appear in the list of selectable targets in SmartDashboard, but gateways created
as externally managed will not (see screenshot)
Leading the way in IT testing and certification tools,
www.testking.com - 66 -
QUESTION NO: 118
Mary is recently hired as the Security Administrator for TestKing.com. Mary's
manager has asked her to investigate ways to improve the performance of the firm's
perimeter Security Gateway. Mary must propose a plan based on the following
required and desired results:
Required Result #1: Do not purchase new hardware.
Required Result #2: Use configuration changes the do not reduce security.
Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway's performance.
Leading the way in IT testing and certification tools,
www.testking.com - 67 -
Proposed solution:
* Replace all domain objects with network and group objects.
* Check "Log implied rules" and "Accept ICMP requests" in Global Properties.
* Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP.
Does Mary's proposed solution meet the required and desired results?
A. The solution meets all required and desired results.
B. The solution meets all required, and one of the desired results.
C. The solution meets all required, and two of the desired results.
D. The solution meets all required, and none of the desired results.
E. The solution does not meet the required results.
Answer: E
QUESTION NO: 119
You create implicit and explicit rules for the following network. The group object
"internal-networks" include networks 10.10.10.0 and 10.10.20.0. Assume "Accept
ICMP requests" is enabled as before last in the Global Properties.
Leading the way in IT testing and certification tools,
www.testking.com - 68 -
Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the
Internet, by IP address? ICMP will be:
A. dropped by rule 0
B. dropped by rule 2, the Cleanup Rule
C. accepted by rule 1
D. dropped by the last implicit rule
E. accepted by the implicit rule
Answer: C
QUESTION NO: 120
What does schema checking do?
A.
Leading the way in IT testing and certification tools,
www.testking.com - 69 -
Authenticates users attempting to access resources protected by an NGX Security
Gateway.
B. Verifies that every object class, and its associated attributes, is defined in the directory
schema.
C. Maps LDAP objects to objects in the NGX objects_5_0.c files.
D. Verifies the Certificate Revocation List for Certificate Validity.
E. Provides topology downloads for SecuRemote and SecureClient users authenticated
by an LDAP server.
Answer: B
QUESTION NO: 121
Jill is about to test some rule and object changes suggested in an NGX newsgroup.
Which backup and restore solution should Jill use, to ensure she can most easily
restore her Security Policy to its previous configuration, after testing the changes?
A. SecurePlatform backup utilities
B. Manual copies of the $FWDIR/conf directory
C. Upgrade_export and upgrade_import commands
D. Policy Package management
E. Database Revision Control
Answer: E