Browse Month

May 2016

Exam A
Which of the following statements about IKE Encryption are TRUE? (Choose three )
A. The final packet size is increased after it is encrypted.
B. TCP and IP headers are encrypted, along with the payload.
C. IKE uses in-place encryption.
D. IKE can use the FWZ1 encryption algorithm.
E. IKE uses tunneling encryption.

Correct Answer: ABE
When upgrading a configuration to NG with Application Intelligence: (Choose the FALSE answer)
A. Upgrade the SmartConsole.
B. Upgrade each module’s version in SmartDashboard manually.
C. Upgrade the VPN-1/Firewall-1 Enforcement Modules.
D. Copy $FWDIR/state from one version of VPN-1/FireWall-1 to another version of VPN-1/FireWall-1.
E. Upgrade the SmartCenter server. The version is set during the upgrade.

Correct Answer: D
When you upgrade VPN-1/FireWall-1, what components are carried over to the new version? (Choose two)
A. Licenses
B. VPN-1/FireWall-1 database
C. OPSEC database
D. Backward Compatibility
E. Rule Base

Correct Answer: AB
Which of the following is NOT a function of the Internal Certificate Authority (ICA)?
A. Provides certificates for users and Security Administrators.
B. Generated certificates for HTTPS Web server.
C. Establishes SIC between OPSEC applications and Check Point products.
D. Authentications SecureClient traffic to Enforcement Modules for VPNs.
E. Establishes SIC between Check Point products.

Correct Answer: B
Which of the following FTP Content Security settings prevents internal users from sending corporate files to external FTP Servers, while allowing users to retrieve files?
A. Use an FTP resource, and enable the GET and PUT methods.
B. Use an FTP resource and enable the GET method.
C. Use an FTP resource and enable the PUT method.
D. Block FTP_PASV.
E. Block all FTP traffic.

Correct Answer: B
All of the following are steps for implementing UFP, EXCEPT:
A. While the UFP Server is analyzing the requests, the Enforcement Module HTTP Proxy Server initiates a request to the destination. The HTTP Proxy server then waits for a response from the UFP Server before allowing the request.
B. The client invokes a connection through the VPN-1/FireWall-1 Enforcement Module.
C. The Content Server inspects the URLs and returns the validation result message to the Enforcement Module.
D. The Enforcement Module takes the action defined in the Rule Base for the resource.
E. The Security Server uses UFP to send the URL to a third-party UFP Server categorization.

Correct Answer: A

The _______ algorithm determines the load of each physical server and requires a Load Measuring Agent be installed on each server.
A. Server Load
B. Server Relay
C. Round Robin
D. Domain
E. Round Trip

Correct Answer: A
Which of the following is NOT a method of Load Balancing with VPN-1/FireWall-1?
A. Domain Load Balancing
B. Round Robin
C. Server Load
D. Round Trip
E. Quantum Load Balancing

Correct Answer: E
Which of the following does NOT require definition for a Voice over IP (VoIP) Domain SIP object?
A. SIP Proxy
B. IP Address Range
C. VoIP Gateway
D. Related Endpoint Domain
E. Name

Correct Answer: A
Which of the following is NOT a valid VPN configuration option available in the VPN Manager of the Simplified Rule Base?
A. Point-to-Point
B. Mesh
C. Remote Access
D. Star with Meshed Center
E. Star