English Русский Contacts Site map Add to favorites
Profile
Registration
Login
Braindumps
Master braindump list
New braindumps
Submit a dump
Get latest dump
Forums
braindumps.com.ua
flame
Vendor
3COM (7)
Adobe (1)
BEA (1)
Checkpoint (22)
Cisco (20)
Citrix (17)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (13)
Juniper (1)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2461)
Network Appliance (2)
Novell (16)
Oracle (412)
PLSQL (1)
PMI (4)
SAS (1)
Sun (87)
Teradata (4)
Authorization
Login:
Password:
RSS feed

Contacts
Certification links
Links
Authorized users can rate dumps.
Please log in or sign up.

  № 3349, Checkpoint 156-210: Santo  15.05.2002 
  Rates: 0 

1. What is the minimum requirement for installing Firewall module on Windows
NT?

a. NT 4.0, 40mb HD,
64mb RAM
b. NT 4.0, 60mb HD, 64mb RAM
c. NT 4.0, 40mb HD, 32mb RAM
d. NT 4.0, 40mb HD, 128mb RAM

Answer: A

2. What modules are
included in a single gateway product?

a. Management module, inspection module, GUI
b. Management module, Firewall module, Inspection module

c. Management module, Firewall module, Inspection module, Encryption module
d. Management module, Firewall module, Encryption module, GUI


Answer: B

3. List the associated port number for TELNET, FTP and SMTP:

a. Telnet 21, FTP 23, SMTP 25
b. Telnet 23, FTP 25, SMTP 23

c. Telnet 23, FTP 21, SMTP 25

Answer: C

4. What are the choices of packet filtering on Firewall-1?

a. Internal, External and
Eitherbound
b. Implicit, Explicit and External
c. Implicit, Explicit and Internal
d. Inbound, Outbound and Eitherbound

Answer: D

5.
What is the default action when Firewall-1 adds the first rule base in a
security policy?

a. Allow all external traffic.
b. Allow all
traffic, except those denied by the explicit rules.
c. Allow all traffic except those denied by the implicit rules.
d. Implicit drop.


Answer: D

6. If ICMP is not defined in the rule base, workstations in the internal
network can ping a server which is outside the
Firewall.

a. True
b. False

Answer: B

7. What are the 3 display modes of the Log Viewer?

a. Security, traffic, active
b.
Accounting, active, traffic
c. Security, accounting, active
d. Accounting, disabled, active

Answer: C

8. What 3 methods of blocking an
intruder can be used, and how are they
different?

a. block all connections, block access of this source computer, block access
to this
computer
b. block only this connection, block access of this source IP, block access
to this computer
c. block only this connection, block
access to this network, block access
from this network
d. block only this connection, block access of this source IP, block access
to this
destination

Answer: D

9. What does the cleanup rule do?

a. Cleanup rule drops all communication not described by other rules
b.
Cleanup rule rejects everything not specifically allowed by other rules
c. Cleanup rule logs everything
d. Cleanup rule is same as default rule


Answer: A


10. When is a workstation seen as a Firewall object?

a. The VPN-1 and Firewall-1 is checked in modules installed
b. Not
possible
c. When NAT is enabled
d. When the VPN option is selected

Answer: A


11. Regarding IPSEC, what is true:

a. The keys are
fixed over the duration of connection. A password is
required for every session.
b. The keys are not fixed over the duration of connection.
There is no
mechanism for exchanging keys.
c. The keys are fixed over the duration of the connection. The connection is
not transparent.
d.
The keys are not fixed over the duration of the connection. There is no
mechanism for exchanging keys.

Answer: D

12. "!" shows up in
System Status Viewer. What does this mean?

a. Firewall is down.
b. The Firewall has lost communication with the management server.
c. A
policy is not installed on the Firewall.
d. A policy is not installed on the management station.

Answer: C

13. What mode will you use in
Log Viewer to see a FTP connection in
progress?

a. Accounting
b. Active
c. Current
d. Connections

Answer: B

14. What are the 3
modes of NAT?

a. Static Source, Static Destination, Hide
b. Implicit, Explicit, Pseudo
c. Static Source, Static Destination, Pseudo
d.
None of the above

Answer: A


15. When users are created in Policy Editor, where is the data stored?

a. Rule base
b. Security policy

c. User database
d. System database

Answer: C


16. You need to create groups before setting up authentication for users.

a. False

b. True

Answer: B

17. What happens when you click New Log from the log viewer?

a. Current log is deleted and a new log file is
created.
b. Current log is saved with the name fwlog_old
c. Current log is saved with the date and time
d. There is no New Log option.


Answer: C

18. You can place the Stealth Rule above all rules except:

a. Cleanup
b. Implicit
c. Auth & Encrypt
d. Pseudo


Answer: C

19. When you select purge from the log viewer, you delete all entries in the
log file regardless of what entries are selected.


a. False
b. True

Answer: B

20. How many Firewalls can the management module control?

a. 100
b. 50
c. 80
d. 25

Answer: B



21. What are three types of Firewall-1 authentication?

a. User, Client, Pseudo
b. Account, Local, External
c. User, Client, Server

d. User, Client, Session

Answer: D
22. To check data sent from the Firewall itself, what policy checking should
you use?

a. Inbound

b. Eitherbound
c. Outbound
d. Inbound and Outbound

Answer: B


23. What three GUIs are available?

a. Policy Editor, Account
Editor, System Status
b. Policy Editor, Log Viewer, Firewall Status
c. Policy Editor, Firewall Status, Log Viewer
d. Policy Editor System
Status, Log Viewer

Answer: D

24. What do you select to unhide all rules?

a. Select Rule from View menu, select unhide all rules
b.
Select Hidden from Rule menu, select unhide all rules
c. Select Mask from view menu, select Clear Mask
d. Select Mask from view menu, select
unmask all

Answer: C

25. From the Log Viewer, what option could you use when the intruder's
connection ID is known?

a. Block intruder

b. Block Port
c. Block Connection ID
d. Block Request

Answer: D

26. What are three types of Firewall-1 authentication?

a. User,
Client, Session
b. User, Account, Session
c. User, Computer, Session
d. User, Default, Session

Answer: A

27. Checking rules on
"Inbound", check packets:

a. As they enter the Firewall
b. As they exit the Firewall
c. As they exit and enter the Firewall
d. None of
the above

Answer: A

28. What protocol can you user in User Authentication?

a. FTP, HTTP, HTTPS, TELNET, RLOGIN
b. FTP, HTTP, HTTPS,
TELNET, POP3
c. FTP, HTTP, HTTPS, SMTP, POP3
d. POP3, HTTP, HTTPS, POP3, SNMP

Answer: A

29. How many Administrators can access the
Firewall with Read/Write access
at once?

a. 1
b. 1 per management server
c. As many as have Read/Write access
d. 2

Answer: A

30.
The sole purpose of the encryption module is to allow client to Firewall
encryption.

a. True
b. False

Answer: B

31. Which GUI can
see the length of a packet?

a. Policy Editor
b. System Status
c. Log Viewer
d. Encryption Module

Answer: C

32. To allow DNS
traffic, you have to define a rule?

a. True
b. False

Answer: B

33. What is the Stealth Rule?

a. Hides Firewall from users.
b.
Masks rule.
c. Is a pseudo rule.
d. A special rule only available on the enterprise version of Firewall-1.

Answer: A

34. Where do you
put the cleanup rule?

a. Before last.
b. In the policy properties.
c. First.
d. Last.

Answer: D

35. Where can you see the packets
dropped since the last reboot?

a. Active connection log
b. Accounting entries log
c. Security log
d. System status

Answer: D

36.
You need to create groups before setting up authentication for users.

a. False
b. True

Answer: B

37. What are the rule base elements?


a. Source, Destination, Service, Network, Action, Track, Install On, Comment
b. Source, Destination, Service, Action, Track, Firewall, Comment

c. Source Destination, Service, Action, Track, Install On, Comment
d. Source, Destination, Service, Action, Log, Install On, Comment

Answer:
C
38. A rule is required to allow ICMP.

a. True
b. False

Answer: B


39. If Inbound is selected from the policy properties, apply
rules to
interface direction tab, no packets will be checked from the internal
network.

a. True
b. False

Answer: B

40. What is the
default action for a rule in a policy?

a. Drop
b. Accept
c. Reject
d. Cancel

Answer: A


41. What is difference between Implicit
and Explicit rules? (choose two)

a. Explicit Rules are defined within Policy > Properties
b. Implicit Rule are defined within Policy >
Properties
c. Explicit Rules are defined by the rulebase
d. Implicit Rules are defined by the rulebase

Answer: B, C

42. Below what OSI
layer does FW-1 reside?

a. Application
b. Data Link
c. Network
d. Presentation

Answer: C

43. You must define a FW-1 Administrator
during setup.

a. True
b. False

Answer: A


44. What three actions can FW-1 perform on a packet?

a. Drop
b. Accept
c. Encrypt

d. Reject

Answer: A, B, D

45. What objects can anti spoofing be set up on?

a. Host
b. Workstation
c. Firewall
d. Gateway


Answer: C, D

46. After you remove remote management from a Firewall object, what should
you do? (choose the best answer)

a. Reload the
policy.
b. "Bounce" the Firewall
c. "Bounce" the management station
d. Apply a new license

Answer: B


47. When you log on to the
Policy Editor GUI, what 3 options must you enter?

a. Username, Password, Firewall name or IP address
b. Username, Password, Management station
name or IP address
c. Username, Password, Client Workstation name or IP address
d. Username, Password, Management station or Firewall name or IP
address

Answer: B

48. You want to add a rule to allow SecuRemote users from net-detroit to
access network resources. Which rule would
allow you to do this?

a. all users@net-detroit any any encrypt long Gateways any
b. all users@net detroit any any encrypt long Firewall any

c. all users@net detroit any any drop long Gatways any
d. all users@net detroit any any encrypt none Gatways any

Answer: A (can't have
space in user group).


49. Client authentication requires users to do what to be authenticated for
a service?

a. TELNET to port 259 or
connect to the Firewall on HTTP port 900
b. FTP to the Firewall on Port 21 or Telnet on port 259
c. Authenticate with a SecuRemote userid and
password
d. TELNET to port 259 and then authenticate on port 900

Answer: A

50. If spoof tracking is enabled, spoofed packets are always:


a. Dropped.
b. Rejected
c. Accepted
d. Encrypted

Answer: A

51. What is true regarding Static Source mode address translation?


a. Hides one or more invalid/reserved IP addresses behind one legal address
b. Translates legal internal IP addresses to invalid/reserved IP
addresses
when packets enter an internal network
c. Translates invalid/reserved internal IP addresses to legal IP addresses
when packets exit
an internal network
d. Translates public/valid IP addresses when packets exit an internal
network.

Answer: C

52. In the rule base Alert
tab, which options are available?

a. Mail, snmp trap, user defined, alert
b. Accept, mail, user defined, alert
c. Trap, mail, user defined,
alert
d. Log, snmp trap, alert, mail

Answer: A

53. If a user outside the Firewall wants to access an internal Web server on
port 80,
which type of NAT rule would you create?

a. Static Source
b. Static Destination
c. Hide Nat
d. Implicit Nat

Answer: B

54. To allow
DNS through the firewall, you need to define a rule.

a. True
b. False

Answer: B

55. External users need to access an internal web
server behind a firewall
installed on a Windows NT Server. What must you configure?

a. Configure static destination NAT and edit local.arp on
the firewall.
b. Configure static source NAT and edit local.arp on the firewall.
c. Configure static destination NAT and configure the policy
properties.
d. Configure static source NAT and configure the policy properties.

Answer: A

56. Why should you "bounce" the Firewall after
removing remote management?

a. So the Firewall can reload it's local rule base.
b. So the Firewall can re-read it's local masters file.
c.
So the management server can remove the Firewall from it's module
database.
d. So the management server can re-read it's modules file.


Answer: B

57. When defining a gateway object, where would you set up spoof tracking?

a. Interface Properties, General Tab
b. Interface
Properties, Security Tab
c. Interface Properties, Spoof Tab
d. Interface Properties, Tracking Tab

Answer: B

58. What options are
available for Spoof Tracking?

a. None, Log, Email
b. None, Log, Trap
c. None, Log, Alert
d. None, Log, Reject

Answer: C

59. What
encryption schemes are supported under Firewall-1?

a. FWZ, Manual IPSec, SKIP, IKE
b. FWZ, S/Key, Manual IPSEC, IKE
c. TACACS, S/Key, FWZ,
IKE
d. RADIUS, TACACS, S/KEY, Shared Secret

Answer: A

60. Which protocol is reliable and is used by the majority of internet
services?


a. UDP
b. TCP
c. RPC
d. ICMP

Answer: B

61. You can define Firewall-1 Resources for use with which of the following
protocols?
(select the correct answers)

a. HTTP
b. TELNET
c. SNMP
d. SMTP
e. FTP
f. TCP

Answer: A, D, E

62. What is true regarding
creating a service group?

a. Groups do not have to be of the same type of service
b. Groups can be part of other groups
c. Groups have to be
of the same type of service
d. Groups cannot be part of other groups

Answer: A, B

63. Anti virus checking, URL screening and e-mail
address translations are
major security enhancements enabled by the content security. These options
are enforced using what server objects?


a. HTTP and SMTP
b. UFP and CVP
c. URI and UFP
d. URI and HTTP

Answer: B

64. In the General Tab of a URI definition, what matches
are available?

a. Wild Cards, File, UFP
b. Wild Cards, File, URI
c. Wild Cards, File, HTTP
d. Wild Cards, File, Email

Answer: A


65. If you wish to check incoming or outgoing traffic for viruses, do you
require 3rd party virus software?

a. No, this can be implemented
in the enterprise module.
b. Yes, but the software has to be installed on the Firewall.
c. Yes, but the software has to be installed on the
management server.
d. Yes, specify the CVP server in the action tab of the URI definition.

Answer: D
Up ^ gen. 0.208 Server date 05:57 22-11-2008 Developed by Zip © 2006 Up ^
Checkpoint 156-210
Forum
Start online exam simulation
Master braindump
User braindumps
Checkpoint
156-210 (20)
156-310 (2)