Exam A QUESTION 1
________ is a globally unique name of an entry in a LDAP directory structure.
A. CN – Common Name
B. DCN – Distinguished Common Name
C. RDN – Relative Distinguished Name
D. DN- Distinguished Name
E. O – Organization
Correct Answer: D QUESTION 2
When defining a new user group in CP2000 VPN-1/FireWall-1, you can nest groups inside of groups to create group hierarchy, but you can NOT modify the contents of the nested group in the new group’s property settings.
A. True
B. False
Correct Answer: A QUESTION 3
In a MEP configuration, using the Check Point VPN-1/FireWall-1 High Availability solution, each participating gateway must use ________.
A. DHCP
B. Certificates
C. The same IP pool address.
D. Unique IP pool addresses.
E. Third party redundant gateway software.
Correct Answer: D QUESTION 4
Which command do you run to verify that state tables on primary and secondary firewalls are being synchronized?
A. $FWDIR/bin/base tab -t connections -s
B. $FWDIR/fw tab -t connections -s
C. $FWDIR/bin/fw tab -s connections -t
D. $FWDIR/bin/fw tab -t connections -s
E. $FWDIR/bin/base tab -s connections -t
Correct Answer: D QUESTION 5
Before you can implement SEP, you must disable state synchronization between gateways of the backup gateways will be unable to continue connections that were originally handles by the failed gateway?
A. True
B. False
Correct Answer: A QUESTION 6
If the state tables on two or more gateways are synchronized for VPN failover, the gateways are defined as members of _________.
A. An IP pool.
B. A MEP configuration.
C. A gateway cluster.
D. A network range.
E. A proper subset.
Correct Answer: C
QUESTION 7
When you configure overlapping encryption in a proper subset configuration, SecuRemote packets should be _______ as they pass through the exterior gateway(s) to the internal subset domains.
A. unmodified
B. modified
C. fragmented
D. de-fragmented
E. decrypted
Correct Answer: A
QUESTION 8
Assume you have a SecuRemote client who is trying to connect to a server in a fully overlapping
encryption domain. The client can connect to the server through Gateway A, but the host’s reply packet
are being sent to default gateway, Gateway B.
Which of the following is an appropriate solution to this problem?
A. Set IP Pool addresses routable to Gateway A or the gateway.
B. Use DHCP on the internal network.
C. Use Manual IPSEC encryption.
D. Disable IP Pools on the primary gateway.
E. Include the SecuRemote host as a member of the gateway cluster.
Correct Answer: A
QUESTION 9
To reduce the effectiveness of traffic sniffing inside the LAN, internal users should have _______ installed on their desktop.
A. Session Authentication Client
B. SecureClient
C. Real Secure
D. Encryption
E. Policy Server
Correct Answer: B
QUESTION 10
You are logging into a Policy Server in order to update or download a new Desktop Policy. Which of The following requires the user to initiate an EXPLICIT LOGIN?
A. SecuRemote
B. SecureClient
C. SecuRemote Server
D. Policy Server
E. Firewall Administrator
Correct Answer: B