In the Rule Base displayed for fwsingapore, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.
What happens when Eric tries to connect to a server on the Internet? None of these things will happen Eric will be authenticated and get access to the requested server Eric will be blocked because LDAP is not allowed in the Rule Base. Eric will be dropped by the Stealth Rule.
How do you use SmartView Monitor to compile traffic statistics for your company’s Interne Web activity during production hours? Select Tunnels view, and generate a report on the statistics Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. View total packets passed through the Security Gateway.
Which of the following is true of the Cleanup rule? The Cleanup rule must be the last rule in a policy The Cleanup rule is an example of an Implied rule The Cleanup rule is important for blocking unwanted connections The Cleanup rule should not be logged.
Jack has been asked do enable Identify Awareness
What are the three methods for Acquiring Identify available in the Identify Awareness
Configuration Wizard? LDAP Query, Terminal Servers, Light-weight Identity Agent AD Query, Browser-Based Authentication, Light-Weight Identity Agent AD Query, Browser-Based Authentication, Terminal Servers LDAP Query, Browser-Based Authentication, Terminal Servers.
Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict? Select Ignore Database in the Action Properties window Permit access to Finance_net Select Intersect with user database in the Action Properties window Select Intersect with user database or Ignore Database in the Action Properties window.
Is it possible to track the number of connections each rule matches in a Rule Base? Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client. Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client. No, due to an architecture limitation it is not possible to track the number of connections each rule matches.
What does SmartUpdate allow you to do? SmartUpdate only allows you to update Check Point and OPSEC certified products SmartUpdate only allows you to manage product licenses. SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses. SmartUpdate is not a Check Point product.
What CLI utility allows an administrator to capture traffic along the firewall inspection chain? show interface (interface) - chain tcpdump tcpdump/ snoop fw monitor.
Which directory holds the SmartLog index files by default? $ SMARTLOGDIR/ data $ SMARTLOG/ dir $ FWDIR/ smartlog $ FWDIR/ log.
Complete this statement. The block Intruder option in the Active log is available in the SmartView Monitor client in the SmartView Tracker client since R75.40 release only if you have the IPS blade enabled at least in one gateway.
Which of the following is NOT an option for internal network definition of Anti-spoofing? Specific – derived from a selected object Route-based – derived from gateway routing table Network defined by the interface IP and Net Mask Not-defined.
Choose the SmartLog property that is TRUE. SmartLog has been an option since release R71.10. SmartLog is not a Check Point product. SmartLog and SmartView Tracker are mutually exclusive SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.
SmartUpdate is mainly for which kind of work –
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Creating a Rule Base
2, 3 1, 2 1, 3 2, 4.
A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter? SmartReporter analyzes all network traffic, logged or not Network traffic cannot be analyzed when the Security Management Server has a high load. Turn the field Track of each rule to LOG Configure Additional Logging on an additional log server.
SmartView Monitor is mainly for which kind of work –
1. Monitoring Performance and traffic
2. Provision Package
3. Managing licenses
4. Managing VPN Tunnels
2, 3 2, 4 1, 4 1, 3.
Where do we need to reset the SIC on a gateway object? SmartDashboard > Edit Gateway Object > General Properties > Communication SmartUpdate > Edit Security Management Server Object > SIC SmartUpdate > Edit Gateway Object > Communication SmartDashboard > Edit Security Management Server Object > SIC.
Study the Rule base and Client Authentication Action properties screen -
After being authenticated by the Security Gateway, when a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? user is prompted for authentication by the Security Gateway again FTP data connection is dropped after the user is authenticated successfully. user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication FTP connection is dropped by Rule 2.
Where would an administrator enable Implied Rules logging? In Smart Log Rules View In SmartDashboard on each rule In Global Properties under Firewall In Global Properties under log and alert.
Can a Check Point gateway translate both source IP address and destination IP address in a given packet? Yes No Yes, but only when using Automatic NAT Yes, but only when using Manual NAT.
Which of the following is true of a Stealth Rule? The Stealth rule should not be logged The Stealth rule is required for proper firewall protection The Stealth rule should be located just before the Cleanup rule The Stealth rule must be the first rule in a policy.
Packages and licenses are loaded into the SmartUpdate repositories from which sources? Download Center, Check Point DVD, User Center, and from command cplic FTP server, User Center from a file User Center, manually, SCP server command cplic, manually, from a file.
Is it possible to see user activity in SmartView Tracker? Yes, seeing user activity is enabled when using the Identity Awareness blade No, a Check Point Gateway can only see IP addresses. Yes, but you have to enable the option: See user information in SmartView Tracker. Yes, but you need to use the SPLAT operating system.
Choose the correct statement regarding Implied Rules: To edit Implied rules you go to: Launch Button > Policy > Global Properties > Firewall Implied rules are fixed rules that you cannot change You can directly edit the Implied rules by double-clicking on a specific Implicit rule You can edit the Implied rules but only if requested by Check Point support personnel.
Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address
Which answer below will accomplish the steps needed to complete this task? Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object andservice of HTTPS”. Katie will create a host node object with an IP address of 192.168.126.3 and willconfigure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS Katie will create a Network object with an IP address of 192.168.126.3 and will configure a Hide NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS” Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Apothos Host Object Source, Destination of Any andservice of HTTPS”.
What is also referred to as Dynamic NAT? Automatic NAT Static NAT Manual NAT Hide NAT.
Lilly needs to review VPN History counters for the last week.
Where would she do this? SmartView Monitor > Tunnels > VPN History SmartView Monitor > System Counters > VPN History SmartView Monitor > System Counters > Firewall Security History SmartView Monitor > System Counters > VPN.
Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of
the correct URL to enter; which one below will she need to use? http://192.168.12.12 https://192.168.12.12:4433 https://192.168.12.12 https://192.168.12.12:8080.
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication? 3DES and MD5 Certificates and IPsec Certificates and pre-shared secret IPsec and VPN Domains.
Which NAT option is available for Manual NAT as well as Automatic NAT? Allow bi-directional NAT Automatic ARP configuration Translate destination on client-side Enable IP Pool NAT.
Which command displays the installed Security Gateway kernel version? fw printver fw ver fw ver -k cpstat -gw.
Choose the correct statement regarding Stealth Rules The Stealth Rule is a default rule that always exists when using Check Point products The Stealth Rule is part of the Implicit rules. Check Point recommends you include a Stealth Rule as a best practice The Stealth Rule is a rule that hides your internal networks.
Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server.
Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?
Kirk> fw unload local Kirk> fw unloadlocal Kirk> fw unload policy Kirk> fw fetch policy.
|
