If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?
When you hide a rule in a Rule Base, how can you then disable the rule?
A Cleanup rule:
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?
Which of the following objects is a valid source in an authentication rule?
Which of the following is a CLI command for Security Gateway R77?
What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?
Which command gives an overview of your installed licenses?
Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed.
Can the administrator use a restore to fix the errors in static routing?
What is the primary benefit of using the command upgrade_export over either backup or snapshot?
Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:
Which of the following is NOT defined by an Access Role object?
You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -
SIC still does not seem to work because the policy won’t install and interface fetching does not work. What might be a reason for this?
Which of the following is a viable consideration when determining Rule Base order?
Which of the following methods is NOT used by Identity Awareness to catalog identities?
Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:
Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?
Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?
When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?
All R77 Security Servers can perform authentication with the exception of one.
Which of the Security Servers can NOT perform authentication?
Anti-Spoofing is typically set up on which object type?
Why are certificates preferred over pre-shared keys in an IPsec VPN?
Which of the following actions do NOT take place in IKE Phase 1?
Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.
How many packets are required for IKE Phase 2?
Which do you configure to give remote access VPN users a local IP address?
When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External. What does the option Interface leads to DMZ mean?
What is the appropriate default Gaia Portal address?
What happens when you run the command. fw sam -J src [Source IP Address]?
What is the only SmartConsole you can open without a license?
Which of the following is true of the Cleanup rule?
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base.
How do you achieve this?
Is it possible to see user activity in SmartView Tracker?
Which tool CANNOT be launched from SmartUpdate R77?
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.
Unfortunately, you get the message.
"There are no machines that contain Firewall Blade and SmartView Monitor."
What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
What information is found in the SmartView Tracker Management log?
How do you configure an alert in SmartView Monitor?
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet Web activity during production hours?
Choose the correct statement regarding Stealth Rules:
Which of the following is true of a Stealth Rule?
Complete this statement. The block Intruder option in the Active log is available ____________.
Lilly needs to review VPN History counters for the last week.
Where would she do this?
Which of the following can be found in cpinfo from an enforcement point?
The customer has a small Check Point installation which includes one Windows 7 workstation as the SmartConsole, one GAiA device working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):
By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:
The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway. This is an example of a(n):
Which utility allows you to configure the DHCP service on GAiA from the command line?
Where can an administrator configure the notification action in the event of a policy install time change?
Where can you find the Check Point’s SNMP MIB file?
You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:
Unknown established connection
How do you resolve this problem without causing other security issues? Choose the BEST answer.
Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways.
Which two SmartConsole applications will you use to create this report and outline?
Which SmartConsole tool would you use to see the last policy pushed in the audit log?
After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?
Which NAT option applicable for Automatic NAT applies to Manual NAT as well?