156-915.77 Check Point Certified Security Expert Update Questions and Answers

Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?

What is Check Point's CoreXL?

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

Fill in the blank.

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member’s IP address?

John is configuring a new R77 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

What’s happening?

Which two processes are responsible on handling Identity Awareness?

Which process should you debug if SmartDashboard login fails?

Complete this statement. To save interface information before upgrading a Windows Gateway, use command

MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:

Required: Security Policy repository must be backed up no less frequently than every 24 hours.

Desired: Back up R77 components enforcing the Security Policies at least once a week.

Desired: Back up R77 logs at least once a week.

You develop a disaster recovery plan proposing the following:

* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.

* Configure the organization's routine backup software to back up files created by the command upgrade_export.

* Configure GAiA back up utility to back up Security Gateways every Saturday night.

* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.

* Configure an automatic, nightly logswitch.

* Configure the organization's routine back up software to back up the switched logs every night.

The corporate IT change review committee decides your plan:

Which of the following options is available with the GAiA cpconfig utility on a Management Server?

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:

Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ .

Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R77 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

When do modifications to the Event Policy take effect?

Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that?

1) Use same hard drive for database directory, log files, and temporary directory.

2) Use Consolidation Rules.

3) Limit logging to blocked traffic only.

4) Use Multiple Database Tables.

Charles requests a Website while using a computer not in the net_singapore network.

What is TRUE about his location restriction?

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

What command syntax would you use to turn on PDP logging in a distributed environment?

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

Where do you verify that UserDirectory is enabled?

How granular may an administrator filter an Access Role with identity awareness? Per:

What are you required to do before running the command upgrade_export?

You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

The Identity Agent is a lightweight endpoint agent that authenticates securely with Single Sign-On (SSO). What is not a recommended usage of this method?