156-315 - Check Point Security Administration NGX II
Go back to CheckPoint
Which technology is responsible for assembling packet streams and passing ordered data to the protocol parsers in IPS?
Packet Streaming Layer
VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is NOT provided by a CIFS resource?
Allow MS print shares
You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?
Define the two port-scan detections as an exception.
Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:
Accept, Drop, Reject, Client Auth
Which protocol can be used to provide logs to third-party reporting?
LEA (Log Export API)
Which of the following does NOT happen when using Pivot Mode in ClusterXL?
The Security Gateway analyzes the packet and forwards it to the Pivot.
Which statement defines Public Key Infrastructure? Security is provided:
by Certificate Authorities, digital certificates, and public key encryption.
If you are experiencing LDAP issues, which of the following should you check?
What is the best tool to produce a report which represents historical system information?
Due to some recent performance issues, you are asked to add additional processors to your firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?
Use cpconfig to reconfigure CoreXL.
What is the SmartEvent Analyzer's function?
Assign severity levels to events.
The file snapshot generates is very large, and can only be restored to:
A device having exactly the same Operating System and hardware as the device that created the file.
Which Remote Desktop protocols are supported natively in SSL VPN?
Citrix ICA and Microsoft RDP
Which of the following is NOT supported by CoreXL?
The SmartEvent Client:
displays the received events.
Which of the following is a supported Sticky Decision Function of Sticky Connections for Load Sharing?
Support for SecureClient/SecuRemote/SSL Network Extender encrypted connections
Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company's file server, on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the shared partition, unless they use the file server's IP address. Which of the following is a possible cause?
The CIFS resource is not configured to use Windows name resolution
By default Check Point High Availability components send updates about their state every:
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
internal_clear > All_communities
Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server runs on SecurePlatform. You plan to implement VPN-1 NGX R65 in a distributed environment, where the new machine will be the SmartCenter Server, and the existing machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including licensing. How do you handle licensing for this NGX R65 upgrade?
Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter Server's IP address.
Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?
It contains your security configuration, which could be exploited.
When does the SmartWorkflow Policy Installation window appear?
When the administrator installs an unapproved policy
Which of the following does IPSec use during IPSec key negotiation?
During a Security Management Server migrate export, the system:
Creates a backup archive for all the Check Point configuration settings.
How does Check Point recommend that you secure the sync interface between gateways?
Use a dedicated sync network.
What is the benefit to running SmartEvent in Learning Mode?
To generate a report with system Event Policy modification suggestions
MEP VPNs use the Proprietary Probing Protocol to send special UDP RDP packets to port ____ to discover if an IP is accessible.
You want to upgrade a cluster with two members to R77. The Security Management Server and both members are version NGX R65, with the latest Hotfix Accumulator. What is the correct upgrade procedure? 1. Change the version in the General Properties of the Gateway-cluster object. 2. Upgrade the Security Management Server, and reboot. 3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time and reboot after upgrade. 4. Install the Security Policy.
2, 3, 1, 4
You want to upgrade an NG with Application Intelligence R55 Security Gateway running on SecurePlatform to VPN-1 NGX R65 via SmartUpdate. Which package(s) is(are) needed in the Repository prior to upgrade?
SecurePlatform NGX R65 package
Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:
Sweep Scan protection
Check Point New Mode HA is a(n) _________ solution.
When running DLP Wizard for the first time, which of the following is a mandatory configuration?
E-mail Domain in My Organization
In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when: 1. The Security Policy is installed. 2. The Security Policy is saved. 3. The Security Administrator logs in to the secondary SmartCenter Server, and changes its status to active. 4. A scheduled event occurs. 5. The user database is installed. Select the BEST response for the synchronization trigger.
1, 2, 4
A user attempts to initialize a network application using SSL Network Extender. The application fails to start. What is the MOST LIKELY solution?
Select the option Enable SSL Network Extender Application Mode only.
In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when: 1. The Security Policy is installed. 2. The Security Policy is saved. 3. The Security Administrator logs in to the seconday Security Management Server and changes its status to Active. 4. A scheduled event occurs. 5. The user data base is installed. Select the BEST response for the synchronization trigger.
1, 2, 4
Which of the listed load-balancing methods is NOT valid?
They are all valid
What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL inter-module communication?
Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for route-based VPN's?
IPSO 3.9 and higher
User definitions are stored in ________________ .
You have a High Availability ClusterXL configuration. Machines are not synchronized. What happens to connections on failover?
Open connections are lost but can be reestablished.
Which of the following are valid reasons for beginning with a fresh installation VPN-1 NGX R65, instead of upgrading a previous version to VPN-1 NGX R65? Select all that apply.
You see a more logical way to organize your rules and objects
Your Security Policy includes rules and objects whose purpose you do not know.
Objects and rules' naming conventions have changed over time.
You must set up SIP with proxy for your network. IP phones are in the 172.16.100.0 network. The Rigistrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following object: * Network object: SIP-net 172.16.100.0/24 * SIP-gateway: 172.16.100.100 * VoIP Domain Object: VoIP_domain_A 1. End-point domain: SIP-net 2. VoIP gateway installed at: SIP-gateway host object How should you configure the rule`?
You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization link (cross-over cable). Which of the following commands is the BEST for testing the connectivity of the crossover cable?
arping <IP address of the synchronization interface on the other cluster member>
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
SmartDashboard Log Consolidator
A snapshot delivers a complete backup of GAiA. How do you restore a local snapshot named MySnapshot.tgz?
As Expert user, type command revert --file MySnapshot.tgz.
The process ________ is responsible for Policy compilation.
What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?
SmartUpdate GUI PC
Which procedure creates a new administrator in SmartWorkflow?
In SmartDashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
You are a Security Administrator preparing to deploy a new HFA (Hot fix Accumulator) to ten Security Gateways at five geographically separated locations. What is the BEST method to implement this HFA?
Use SmartUpdate to install the packages to each of the Security Gateways remotely
If Bob wanted to create a Management High Availability configuration, what is the minimum number of Security Management servers required in order to achieve his goal?