Exam A
QUESTION 1
Which of the following statements about IKE Encryption are TRUE? (Choose three )
A. The final packet size is increased after it is encrypted.
B. TCP and IP headers are encrypted, along with the payload.
C. IKE uses in-place encryption.
D. IKE can use the FWZ1 encryption algorithm.
E. IKE uses tunneling encryption.
Correct Answer: ABE
QUESTION 2
When upgrading a configuration to NG with Application Intelligence: (Choose the FALSE answer)
A. Upgrade the SmartConsole.
B. Upgrade each module’s version in SmartDashboard manually.
C. Upgrade the VPN-1/Firewall-1 Enforcement Modules.
D. Copy $FWDIR/state from one version of VPN-1/FireWall-1 to another version of VPN-1/FireWall-1.
E. Upgrade the SmartCenter server. The version is set during the upgrade.
Correct Answer: D
QUESTION 3
When you upgrade VPN-1/FireWall-1, what components are carried over to the new version? (Choose two)
A. Licenses
B. VPN-1/FireWall-1 database
C. OPSEC database
D. Backward Compatibility
E. Rule Base
Correct Answer: AB
QUESTION 4
Which of the following is NOT a function of the Internal Certificate Authority (ICA)?
A. Provides certificates for users and Security Administrators.
B. Generated certificates for HTTPS Web server.
C. Establishes SIC between OPSEC applications and Check Point products.
D. Authentications SecureClient traffic to Enforcement Modules for VPNs.
E. Establishes SIC between Check Point products.
Correct Answer: B
QUESTION 5
Which of the following FTP Content Security settings prevents internal users from sending corporate files to external FTP Servers, while allowing users to retrieve files?
A. Use an FTP resource, and enable the GET and PUT methods.
B. Use an FTP resource and enable the GET method.
C. Use an FTP resource and enable the PUT method.
D. Block FTP_PASV.
E. Block all FTP traffic.
Correct Answer: B
QUESTION 6
All of the following are steps for implementing UFP, EXCEPT:
A. While the UFP Server is analyzing the requests, the Enforcement Module HTTP Proxy Server initiates a request to the destination. The HTTP Proxy server then waits for a response from the UFP Server before allowing the request.
B. The client invokes a connection through the VPN-1/FireWall-1 Enforcement Module.
C. The Content Server inspects the URLs and returns the validation result message to the Enforcement Module.
D. The Enforcement Module takes the action defined in the Rule Base for the resource.
E. The Security Server uses UFP to send the URL to a third-party UFP Server categorization.
Correct Answer: A
QUESTION 7
The _______ algorithm determines the load of each physical server and requires a Load Measuring Agent be installed on each server.
A. Server Load
B. Server Relay
C. Round Robin
D. Domain
E. Round Trip
Correct Answer: A
QUESTION 8
Which of the following is NOT a method of Load Balancing with VPN-1/FireWall-1?
A. Domain Load Balancing
B. Round Robin
C. Server Load
D. Round Trip
E. Quantum Load Balancing
Correct Answer: E
QUESTION 9
Which of the following does NOT require definition for a Voice over IP (VoIP) Domain SIP object?
A. SIP Proxy
B. IP Address Range
C. VoIP Gateway
D. Related Endpoint Domain
E. Name
Correct Answer: A
QUESTION 10
Which of the following is NOT a valid VPN configuration option available in the VPN Manager of the Simplified Rule Base?
A. Point-to-Point
B. Mesh
C. Remote Access
D. Star with Meshed Center
E. Star
Correct Answer: A
QUESTION 11
Which of the following is TRUE of the relationship between the RemoteAccess VPN Community and the Security Policy Rule Base?
A. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections. The Security Policy Rule Base is used to allow access to protected resources.
B. The RemoteAccess VPN Community is used to allow access to protected resources. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections.
C. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. The RemoteAccess VPN Community applies only SecureClient.
D. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. Security Policy Rules are not defined for SecuRemote.
Correct Answer: A
QUESTION 12
Exhibit Jacob configured a meshed VPN Community, with VPN properties set as shown below. Which of the following statements are TRUE? (Choose two)
A. Jacob is using the default VPN property settings for a VPN-1/FireWall-1 meshed VPN Community.
B. Jacob’s community will perform IKE Phase 1 key-exchange encryption, using the longest key VPN-1/ FireWall-1 supports.
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES.
D. If Jacob changes the setting Perform IPsec data encryption with: from AES-128 to 3DES, he will increase the encryption overhead.
E. If Jacob changes the setting, Perform key exchange encryption with: from 3DES to DES, he will enhance the VPN Community’s security and reduce encryption overhead.
Correct Answer: AB
QUESTION 13
Which of the following statements BEST explains the difference between VPN-1/FireWall-1 logs and
alerts?
The difference between VPN-1/FireWall-1 logs and alerts is that:
A. Log entries contain detailed information about traffic. Alerts contain only brief descriptions of problems. And links to the appropriate log entries.
B. Log entries are recorded in SmartView Tracker, and are persistent. Alerts appear only in SmartView Status, and are not persistent.
C. Logs are recorded sequentially, by date and time received. Alerts are arranged by priority and magnitude.
D. Logging allows a Security Administrator to view historical connection information. Alerts are real-time and can be applied to a Security Policy’s predefined tracking properties.
E. Logs are generated for explicit rules, defined by Security Administrators in the Security Policy. Alerts are automatically generated by implicit rules, created as a result of Global Properties settings.
Correct Answer: D
QUESTION 14
Which of the following statements BEST describes the difference between VPN Domains and VPN Communities?
A. A VPN Domain is a network, or group of networks, protected by and Enforcement Module. A VPN Community is a collection of VPN Domains and the VPN tunnels between them.
B. A VPN Domain is a remote-access VPN, consisting of a group of SecureClients and their associated Enforcement Module. A VPN Community is a collection of Enforcement Module-to-Enforcement Module VPNSs.
C. VPN Domains are used in Microsoft environments, and allow VPN-1/FireWall1- to communicate with Domain Controllers. VPN Communities are used in Unix environments, to allow VPN-1/FireWall-1 to communicate with authentication servers.
D. VPN Domains specify encryption properties and access restrictions for users. VPN Communities detail encryption properties and access restrictions, for machines and processes.
E. VPN Domains are used for Security Policies created in traditional mode. VPN Communities are used in simplified mode. VPN Domains are not available, if simplified mode is used.
Correct Answer: A
QUESTION 15
Ken us assisting a user whose SecurityClient password has expired. The SecureClient user can no longer access resources in the VPN Domain. Which of the following solutions is likely to resolve the issue?
A. Ken must ask the VPN-1/FireWall-1 Security Administrator to change the setting Password Expires to a date in the future. Users cannot adjust their SecureClient passwords.
B. Ken should as the user to change his password, using the New Password option on SecureClient’s Passwords menu. The user can change his password, then stop and start SecureClient.
C. If the SecureClient password is allowed to expire, the software will no longer function. Ken should help the user uninstall and reinstall SecureClient. The user will be prompted to supply a new password during installation.
D. When the SecureClient password expires while a session is in progress, the session will not exit properly. Ken should ask the user to shut down and restart his computer. The user will be prompted to supply a new password after login.
E. The user must edit the userc.C file, to change the expiration date on his password. Ken should help the user make the necessary modifications to the userc.C file, using a text editor that does not insert Unicode characters.
Correct Answer: A