You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
A. /etc/sysconfig/netconf.C
B. /etc/conf/route.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network
Your organization's disaster recovery plan needs an update to the backup and restore section to reap the new distributed R77 installation benefits. Your plan must meet the following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The R77 components that enforce the Security Policies should be backed up at least once a week.
Desired Objective: Back up R77 logs at least once a week.
Your disaster recovery plan is as follows:
-Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
-
Configure the organization's routine back up software to back up the files created by the command upgrade_export.
-
Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
-Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
-
Configure an automatic, nightly logswitch.
-
Configure the organization's routine back up software to back up the switched logs every night. Upon evaluation, your plan:
A.
Meets the required objective and only one desired objective.
B.
Meets the required objective but does not meet either desired objective.
C.
Does not meet the required objective.
D.
Meets the required objective and both desired objectives.
Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?
A. Select Ignore Database in the Action Properties window.
B. Permit access to Finance_net.
C. Select Intersect with user database in the Action Properties window.
D. Select Intersect with user database or Ignore Database in the Action Properties window.
Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?
A. Access Policy
B. Access Role
C. Access Rule
D. Access Certificate
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
B. If the user credentials do not match an Access Role, the system displays a sandbox.
C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
Where do you verify that UserDirectory is enabled?
A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
A. Check Point Password
B. TACACS
C. LDAP
D. Windows password
Can you implement a complete IPv6 deployment without IPv4 addresses?
A. No. SmartCenter cannot be accessed from everywhere on the Internet.
B. Yes. Only one TCP stack (IPv6 or IPv4) can be used at the same time.
C. Yes, There is no requirement for managing IPv4 addresses.
D. No. IPv4 addresses are required for management.
If you need strong protection for the encryption of user data, what option would be the BEST choice?
A. Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
B. When you need strong encryption, IPsec is not the best choice. SSL VPN's are a better choice.
C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP protocol.
D. Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH and ESP as protocols.
Control connections between the Security Management Server and the Gateway are not encrypted by the VPN Community. How are these connections secured?
A. They are encrypted and authenticated using SIC.
B. They are not encrypted, but are authenticated by the Gateway
C. They are secured by PPTP
D. They are not secured.