When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of the following commands should you run to save the SmartEvent data base files on the new server?
Review the cphaprob state command output from a New Mode High Availability cluster member. Which machine has the highest priority?
John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties. What’s happening?
Review the R77 configuration. Is it correct for Management High Availability?
When using ClusterXL in Load Sharing, what is the default sharing method based on?
A connection is said to be Sticky when:
Which of the following is NOT a feature of ClusterXL?
The _____ contains the Events Data Base.
What is a requirement for setting up R77 Management High Availability?
When migrating the SmartEvent data base from one server to another, the first step is to back up the files on the original server. Which of the following commands should you run to back up the SmartEvent data base?
Which is NOT a valid option when upgrading Cluster Deployments?
What tool exports the Management Configuration into a single file?
MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:
Required: Security Policy repository must be backed up no less frequently than every 24 hours.
Desired: Back up R77 components enforcing the Security Policies at least once a week.
Desired: Back up R77 logs at least once a week.
You develop a disaster recovery plan proposing the following:
The corporate IT change review committee decides your plan:
An administrator has installed the latest HFA on the system for fixing traffic problems after creating a backup file. A large number of routes were added or modified, causing network problems. The Check Point configuration has not been changed. What would be the most efficient way to revert to a working configuration?
John is upgrading a cluster from NGX R65 to R77. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he sees the warning message:
Title: Incompatible pattern.
What is happening?
The file snapshot generates is very large, and can only be restored to:
A snapshot delivers a complete backup of GAiA. How do you restore a local snapshot named MySnapshot.tgz?
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is
A Full Connectivity Upgrade of a cluster:
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations:
Cluster Member 1: OS - GAiA; NICs - QuadCard; Memory - 1 GB; Security Gateway only, version: R77
Cluster Member 2: OS - GAiA; NICs - 4 Intel 3Com; Memory - 1 GB; Security Gateway only, version: R77
Cluster Member 3: OS - GAiA; NICs - 4 other manufacturers; Memory: 512 MB; Security Gateway only, version: R77
Security Management Server: MS Windows 2008; NIC - Intel NIC (1); Security Gateway and primary Security Management Server installed, version: R77
Are these machines correctly configured for a ClusterXL deployment?
If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended?
MultiCorp has bought company OmniCorp and now has two active AD domains. How would you deploy Identity Awareness in this environment?
Which is NOT a method through which Identity Awareness receives its identities?
Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). Which of the following is NOT a recommended use for this method?
Which two processes are responsible on handling Identity Awareness?
When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?
Which of the following access options would you NOT use when configuring Captive Portal?
In the following cluster configuration; if you reboot sglondon_1 which device will be active when sglondon_1 is back up and running? Why?
For best performance in Event Correlation, you should use:
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:
Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
At what router prompt would you save your OSPF configuration?
Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:
Which statement defines Public Key Infrastructure? Security is provided:
Which command will erase all CRL’s?
A VPN Tunnel Interface (VTI) is defined on GAiA as:
vpn shell interface add numbered 10.10.0.1 10.10.0.2 madrid.cp
What do you know about this VTI?
VPN routing can also be configured by editing which file?
The following rule contains an FTP resource object in the Service field:
Service: FTP-resource object
How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?
Which of the following SSL Network Extender server-side prerequisites are correct? Select all that apply.
The following configuration is for VPN-1 NGX:1s this configuration correct for Management High Availability (HA)?
How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?
In ClusterXL, which of the following are defined by default as a critical device?
Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server runs on SecurePlatform.
You plan to implement VPN-1 NGX R65 in a distributed environment, where the new machine will be the SmartCenter Server, and the existing machine will be the VPN-1 Pro Gateway only.
You need to migrate the NG with AI R55 SmartCenter Server configuration, including licensing.
How do you handle licensing for this NGX R65 upgrade?
Where is the ideal place to deploy your SSL VPN?
Which Remote Desktop protocols are supported natively in SSL VPN?
The London office just upgraded their DNS servers so their Gateway needs to be updated with the new settings. What would be the BEST way for Henry to change the DNS settings for London's Gateway?
How should Check Point packages be uninstalled?
Fill in the blank.
Type the full cphaprob command and syntax that will show full synchronization status.
cphaprob -i list
Fill in the blank.
Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment.
cphaprob -ia list
Steve is troubleshooting a connection problem with an internal application. If he knows the source IP address is 192.168.4.125, how could he filter this traffic?
Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.
Fill in the blank.
To view the number of concurrent connections going through core 0 on the firewall, you would use the command and syntax _____ _____ _____ _____ _____ _____ _____.
fw -i 0 tab -t connections -s
You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?
How would you set the debug buffer size to 1024?
Fill in the blank.
Type the command and syntax that you would use to view the virtual cluster interfaces of a ClusterXL environment.
cphaprob -a if
Fill in the blank.
To enter the router shell, use command _____.
Fill in the blank.
To verify the SecureXL status, you would enter command _____.
In Gaia, the operating system can be changed to 32-bit or 64-bit, provided the processor supports 64-bit. What command toggles to 64-bit.
What does the command vpn crl_zap do?
Frank is concerned with performance and wants to configure the affinities settings. His gateway does not have the Performance pack running. What would Frank need to perform in order configure those settings?
You configure a Check Point QoS Rule Base with two rules: an HTTP rule with a weight of 40, and the Default Rule with a weight of 10. If the only traffic passing through your QoS Module is HTTP traffic, what percent of bandwidth will be allocated to the HTTP traffic?
MicroCorp experienced a security appliance failure. (LEDs of all NICs are off.) The age of the unit required that the RMA-unit be a different model. Will a revert to an existing snapshot bring the new unit up and running?
Katie has enabled User Directory and applied the license to Security Management Server, Green. Her supervisor has asked her to configure the Password Strength options of the least one digit, one symbol, 8 characters long and include an uppercase character. How should she accomplish this?
Choose the ClusterXL process that is defined be default as a critical device?
A Threat Prevention profile is a set of configurations based on the following. Select the right answer.
Fill in the blank.
You can set Acceleration to ON or OFF using command syntax _____.
In GAiA, if one is unsure about a possible command, what command lists all possible commands.
Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a new administrator account for Paul in SmartDashboard and installs the policy. When Paul tries to login it fails. How can Natalie verify whether Paul’s IP address is predefined on the security management server?
MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first?
MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R77. Which migration tool is recommended?
Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:
Which of the following is a CLI command for Security Gateway R77?
Which of the following describes the default behavior of an R77 Security Gateway?
A Fast Path Upgrade of a cluster:
When you use the Global Properties' default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?
Which of the following statements about the Port Scanning feature of IPS is TRUE?
Using the output below, what does the red flag indicate for the MS08-067 Protection?
You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization link (cross-over cable). Which of the following commands is the BEST for testing the connectivity of the crossover cable?
Where do you define NAT properties so that NAT is performed either client side or server side? In SmartDashboard under:
What firewall kernel table stores information about port allocations for Hide NAT connections?
What is the proper CLISH syntax to configure a default route via 192.168.255.1 in GAiA?
The “MAC Magic” value must be modified under the following condition:
Control connections between the Security Management Server and the Gateway are not encrypted by the VPN Community. How are these connections secured?
What is the proper command for importing users into the R77 User Database?
While authorization for users managed by SmartDirectory is performed by the gateway, the authentication mostly occurs in _____.
The process that performs the authentication for legacy session authentication is:
When using a template to define a user in SmartDirectory, the user’s password should be defined in the _____ object.