156-915-65 Accelerated CCSE NGX R65

Page 1   
Question 1

Your network includes a SecurePlatform machine running NG with Application Intelligence
(Al) R55. This configuration acts as both the primary SmartCent Server and VPN-1 Pro
Gateway. You add one machine, so you can implement VPN-1 NGX R65 in a distributed
environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500-
GB hard drive. How do you use these two machines to successfully migrate the NG with Al
R55 configuration?

  • A. 1. On the existing machine, export the NG with Al R55 configuration to a network share. 2. Insert the NGXR65 CD-ROM in the old machine. Install the NGXR65 Security Gateway only while reinstalling the SecurePlatform OS over the to of the existing installation. Complete sysconfig. 4.On the new machine, install SecurePlatform as the primary SmartCenter Server only. 5.Transfer the exported .tgzfile into the new machine, import the configuration, and then reboot. 6.Open SmartDashboard, change the Gat
  • B. 1. Export the configuration on the existing machine to a network share. 2.Uninstall the Security Gateway from the existing machine, using sysconfig. 3.Insert the NGX R65 CD-ROM, and run the patch add cd command to upgrade the SmartCenter Server to VPN-1 NGX R65. 4.Select "upgrade with imported file", and reboot. 5.Install a new NGX R65 Security Gateway as the only module on the new machine, and reset SIC to the new Gateway.
  • C. 1. Export the configuration on the existing machine to a tape drive. 2.Uninstall the SmartCenter Server from the existing machine, using sysconfig. 3.Insert the NGX R65 CD-ROM, run the patch add cd command to upgrade the existing machine to the NGX R65 Security Gateway, and reboot. 4.Install a new primary SmartCenter Server on the new machine. 5.Change the gateway object to the new version, and reset SIC.
  • D. 1. Export the configuration on the existing machine as a backup only. 2.Edit $FWDIR\product.conf on the existing machine, to disable the Pro gateway package. 3.Reboot the existing machine. 4.Perform an in-place-upgrade on the SmartCenter using the command "patch add cd". 5.On the new machine, install SecurePlatform as the NGX R65 Security Gateway only. 6.Run sysconfig to complete the configuration. 7.From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC. Your comp
  • E. Change the Rule Base and install the policy to all security gateways
  • F. SAM ?Block Intruder feature of SmartView Tracker
  • G. Intrusion Detection System (IDS) policy install
  • H. SAM ?Suspicious Activity Rules feature of SmartView Monitor

Answer : B

Question 2

You have two NOKIA Appliances: one IP530 and one IP380. Both appliances have IPSO
3.9 and NGX R65 VPN-1 Power installed in a distributed deployment. Can they be
members of a Gateway Cluster?

  • A. No, because the appliances must be of the same model (both should be IP530 or IP380).
  • B. NO, because NOKIA does not have a cluster option.
  • C. Yes, as long as they have the same IPSO and VPN-1 versions.
  • D. NO, because the Security Gateways must be installed in a stand-alone installation.

Answer : C

Question 3

Which VPN-1 NGX R65 component displays the number of packets accepted, rejected,
and dropped on a specific Security Gateway, in real time?

  • A. SmartUpdate
  • B. SmartView Monitor
  • C. SmartView Status
  • D. Eventia Analyzer

Answer : B

Question 4

Users are not prompted for authentication when they access their Web servers, even
though you have created an HTTP rule via User Authentication. Why?

  • A. Users must use the SecuRemote Client, to use the User Authentication Rule.
  • B. YOU have forgotten to place the User Authentication Rule before the Stealth Rule.
  • C. You checked the "cache password on desktop" option in Global Properties.
  • D. Another rule that accepts HTTP without authentication exists in the Rule Base.

Answer : B

Question 5

The customer has a small Check Point installation which includes one Window XP
workstation working as SmartConsole one Solaris server working as SmartCenter, and a
third server running SecurePlatform working as Security Gateway. This is an example of:

  • A. Hybrid Installation
  • B. Unsupported configuration
  • C. Stand-Alone Installation
  • D. Distributed Installation

Answer : A

Question 6

What must a public hospital Security Administrator do to comply with new health-care
legislation requirements for logging all traffic accepted through the perimeter Security

  • A. Define two log servers on the VPN-1 NGX R65 Gateway object. Enable "Log Implied Rules" on the first log server. Enable "Log Rule Base" on the second log server. Use Eventia Reporter to merge the two log server records into the same database for HIPPA log audits.
  • B. Install the "View Implicit Rules" package using SmartUpdate.
  • C. In Global Properties > Reporting Tools check the box "Enable tracking all rules (including rules marked as 'None' in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
  • D. Check the "Log Implied Rules Globally" box on the VPN-1 NGX R65 Gateway object.

Answer : C

Question 7

After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on
the Security Gateway is not fetched by a get topology request What is the most likely cause
and solution?

  • A. Make sure the driver for you particular NIC is available, and reinstall. You will be prompted for the driver.
  • B. The NIC is faulty. Replace it and reinstall.
  • C. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUl.
  • D. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA).

Answer : C

Question 8

When launching SmartDashboard, what information is required to log into VPN-1 NGX

  • A. User Name, Password, SmartCenter Server IP
  • B. User Name, SmartCenter Server IP, certificate fingerprint file
  • C. Password, SmartCenter Server IP. LDAP Server
  • D. Password, SmartCenter Server IP

Answer : B

Question 9

Which of the following statements about file-type recognition in Content Inspection is

  • A. A scan failure will only occur if the antivirus engine fails to initialize.
  • B. Antivirus status is monitored using SmartView Tracker.
  • C. The antivirus engine acts as a proxy, caching the scanned file before delivering it to the client.
  • D. All file types are considered "at risk", and are not subject to the whims of the Administrator or the Security Policy

Answer : C

Question 10

An internal host successfully pings its Legacy Mode Cluster and receives
replies. The following is the ARP table from the internal Windows host Based
on this information, what is the active cluster member's IP address?According to the
output, which member is the standby machine?

  • A.
  • B.
  • C. The active cluster member's IP address cannot be determined by this arp cache
  • D.

Answer : C

Question 11

In a Management High Availability (HA) configuration, you can configure synchronization to
occur automatically, when
(1) The Security Policy is installed.
(2) The Security Policy is saved.
(3) The Security Administrator logs in to the secondary SmartCenter Server, and changes
its status to active.
(4) A scheduled event occurs.
(5) The user database is installed.
Select the BEST response for the synchronization sequence. Choose One:

  • A. 1,2,3,4
  • B. 1,2,5
  • C. 1,2,4
  • D. 1,3,4

Answer : C

Question 12

Which command would provide the most comprehensive diagnostic information to Check
Point Technical Support?

  • A. cpinfo date.cpinfo.txt
  • B. cpstat> date.cpstat.txt
  • C. netstat > date.netstat.txt
  • D. diag

Answer : A

Question 13

Which of the following statements about the Port Scanning feature of SmartDefense is

  • A. When a port scan is detected, only a log is issued ?never an alert.
  • B. The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
  • C. A typical scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
  • D. Port Scanning does not block scanning, it detects port scans with one of three levels of detection sensitivity

Answer : D

Question 14

In SmartDashboard, you configure 45 MB as the required free hard-disk space to
accommodate logs. What can you do to keep old log files, when free space falls below 45

  • A. Do nothing. Old logs are deleted, until free space is restored.
  • B. Do nothing. The SmartCenter Server automatically copies old logs to a backup server before purging.
  • C. Use the fwm logexport command to export the old log files to other location.
  • D. Configure a script to run fw logswitch and SCP the output file to a separate file server.

Answer : D

Question 15

An NGXR65 HA cluster contains two members with external interfaces and The internal interfaces are and The external cluster VIP
address is and the internal cluster VIP address is The
synchronization interfaces are and The Security Administrator
discovers State Synchronization is not working properly. The cphaprob if command output
displays shows:What is causing the State Synchronization problem?

  • A. The synchronization network has been defined as "Network Objective: Cluster + 1st sync" with an IP address defined in the NGX cluster object's topology. This configuration is supported in NGX and therefore the above screenshot is not relevant to the sync problem.
  • B. The synchronization interface on the individual NGX cluster member object's Topology tab is enabled with "Cluster Interface". Disable this setting.
  • C. The synchronization network has a cluster VIP address ( defined in the NGX cluster object's topology. Remove the VIP interface from the cluster topology.
  • D. Another cluster is using as one of the unprotected interfaces.

Answer : A

Page 1