156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 10
-
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
- The two algorithms do not have the same key length and so don’t work together. You will get the error … No proposal chosen…
- All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
- Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
- All is fine and can be used as is.
-
Choose the SmartLog property that is TRUE.
- SmartLog has been an option since release R71.10.
- SmartLog is not a Check Point product.
- SmartLog and SmartView Tracker are mutually exclusive.
- SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.
-
Which directory holds the SmartLog index files by default?
-
$SMARTLOGDIR/data
-
$SMARTLOG/dir
-
$FWDIR/smartlog
-
$FWDIR/log
-
-
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?
- Full HA Cluster
- High Availability
- Standalone
- Distributed
-
Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
- Yes
- No
- Yes, but only when using Automatic NAT.
- Yes, but only when using Manual NAT.
-
Which of the following is NOT defined by an Access Role object?
- Source Network
- Source Machine
- Source User
- Source Server
-
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.
2. Initialize Internal Certificate Authority (ICA) on the Security Management Server.
3. Configure the Gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the Gateway object’s General screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.- 2, 3, 4, 1, 5
- 2, 1, 3, 4, 5
- 1, 3, 2, 4, 5
- 2, 3, 4, 5, 1
-
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message:
What is the reason for this behavior?
- The Gateway was not rebooted, which is necessary to change the SIC key.
- You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
- The check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
- The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
-
Which of these components does NOT require a Security Gateway R77 license?
- Security Management Server
- Check Point Gateway
- SmartConsole
- SmartUpdate upgrading/patching
-
What statement is true regarding Visitor Mode?
- VPN authentication and encrypted traffic are tunneled through port TCP 443.
- Only ESP traffic is tunneled through port TCP 443.
- Only Main mode and Quick mode traffic are tunneled on TCP port 443.
- All VPN traffic is tunneled through UDP port 4500.
-
Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?
- A star community requires Check Point gateways, as it is a Check Point proprietary technology.
- In a star community, satellite gateways cannot communicate with each other.
- In a mesh community, member gateways cannot communicate directly with each other.
- In a mesh community, all members can create a tunnel with any other member.
-
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
-
show interface (interface) –chain
-
tcpdump
-
tcpdump /snoop
-
fw monitor
-
-
Your bank’s distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
- SmartView Tracker
- SmartPortal
- SmartUpdate
- SmartDashboard
-
NAT can NOT be configured on which of the following objects?
- HTTP Logical Server
- Gateway
- Address Range
- Host
-
The fw monitor utility is used to troubleshoot which of the following problems?
- Phase two key negotiation
- Address translation
- Log Consolidation Engine
- User data base corruption
-
You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.
- In the SmartView Tracker, if you activate the column Matching Rate.
- In SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerning Top Matched Logged Rules.
- SmartReporter provides this information in the section Firewall Blade – Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
- It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
-
Study the Rule base and Client Authentication Action properties screen.
After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:
- user is prompted for authentication by the Security Gateways again.
- FTP data connection is dropped after the user is authenticated successfully.
- user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
- FTP connection is dropped by Rule 2.
-
What are the three tabs available in SmartView Tracker?
- Network & Endpoint, Management, and Active
- Network, Endpoint, and Active
- Predefined, All Records, Custom Queries
- Predefined, All Records, Custom Queries
-
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
- Rule 0
- Blank field under Rule Number
- Rule 1
- Cleanup Rule
-
Which SmartConsole component can Administrators use to track changes to the Rule Base?
- WebUI
- SmartView Tracker
- SmartView Monitor
- SmartReporter