The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):

A. Hybrid Installation.

B. Unsupported configuration.

C. Distributed Installation.

D. Stand-Alone Installation.

How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out via a rule or policy mis-configuration?

A. fw delete all.all@localhost

B. cpstop

C. fw unloadlocal

D. fw unload policy

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

A. Increase network security by securing administrative communication with a two-factor challenge response authentication.

B. Uniquely identify machines installed with Check Point software only. They have the same function as RSA Authentication Certificates.

C. Are for Security Gateways created during the Security Management Server installation.

D. Can be used for securing internal network communications between the Security Gateway and an OPSEC device.

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)

When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host

10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?

A. i=inbound kernel, before the virtual machine

B. O=outbound kernel, after the virtual machine

C. o=outbound kernel, before the virtual machine

D. I=inbound kernel, after the virtual machine

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

A. Custom filter

B. Network and Endpoint tab

C. Management Tab

D. Active tab

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:

A. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

B. selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

C. SmartUpdate wizard walks the Administrator through a distributed installation.

D. selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.

What happens to evaluation licenses during the license-upgrade process?

A. They are dropped.

B. They remain untouched, but may not activate all features of a new version.

C. They automatically expire.

D. They are upgraded with new available features.

The User Directory Software Blade is used to integrate which of the following with Security Gateway R75?

A. RADIUS server

B. Account management client server

C. User authority server

D. LDAP server

Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

A. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

B. All is fine and can be used as is.

C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

D. The 2 algorithms do not have the same key length and so don't work together. You will get the error ".... No proposal chosen...."

You intend to upgrade a Check Point Gateway from R71 to R75. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?

A. upgrade_export

B. snapshot

C. backup

D. database revision