لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination por
B. Then, export the corresponding entries to a separate log file for documentation
C. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocol
D. Apply the alert action or customized messaging
E. Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic
F. Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings
عرض الإجابة
اجابة صحيحة: A
السؤال #2
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
A. Nothing
B. TCP FIN
C. TCP RST
D. ICMP unreachable
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:
A. Create new dashboards to manage 3rd party task
B. Create products that use and enhance 3rd party solutions
C. Execute automated scripts to perform common tasks
D. Create products that use and enhance the Check Point Solution
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. The two algorithms do not have the same key length and so don't work togethe
B. You will get the error… No proposal chosen…
C. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel
D. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1
E. All is fine and can be used as is
عرض الإجابة
اجابة صحيحة: E
السؤال #5
Where do you verify that UserDirectory is enabled?
A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
عرض الإجابة
اجابة صحيحة: D
السؤال #6
A digital signature:
A. Guarantees the authenticity and integrity of a message
B. Automatically exchanges shared keys
C. Decrypts data to its original form
D. Provides a secure key exchange mechanism over the Internet
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Fill in the blank: The tool ____ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Review the rules. Assume domain UDP is enabled in the implied rules. What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
A. can connect to the Internet successfully after being authenticated
B. is prompted three times before connecting to the Internet successfully
C. can go to the Internet after Telnetting to the client authentication daemon port 259
D. can go to the Internet, without being prompted for authentication
عرض الإجابة
اجابة صحيحة: B
السؤال #9
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):
A. Gateway
B. Interoperable Device
C. Externally managed gateway
D. Network Node
عرض الإجابة
اجابة صحيحة: A
السؤال #10
What statement is true regarding Visitor Mode?
A. VPN authentication and encrypted traffic are tunneled through port TCP 443
B. Only ESP traffic is tunneled through port TCP 443
C. Only Main mode and Quick mode traffic are tunneled on TCP port 443
D. All VPN traffic is tunneled through UDP port 4500
عرض الإجابة
اجابة صحيحة: B
السؤال #11
On the following picture an administrator configures Identity Awareness: After clicking “Next” the above configuration is supported by:
A. Kerberos SSO which will be working for Active Directory integration
B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
C. Obligatory usage of Captive Portal
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. Full
B. Light
C. Custom
D. Complete
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?
A. file attributes
B. application information
C. destination port
D. data type information
عرض الإجابة
اجابة صحيحة: D
السؤال #14
What is the difference between an event and a log?
A. Events are generated at gateway according to Event Policy
B. A log entry becomes an event when it matches any rule defined in Event Policy
C. Events are collected with SmartWorkflow from Trouble Ticket systems
D. Logs and Events are synonyms
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made:
A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of this work
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot
C. Tom’s changes will be lost since he lost connectivity and he will have to start again
D. Tom will have to reboot his SmartConsole computer, clear the cache and restore changes
عرض الإجابة
اجابة صحيحة: B
السؤال #16
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
A. Threat Emulation
B. Mobile Access
C. Mail Transfer Agent
D. Threat Cloud
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time. What is the BEST way to do this with R80 security management?
A. Create a text-file with mgmt_cli script that creates all objects and policie
B. Open the file in SmartConsole Command Line to run it
C. Create a text-file with Gaia CLI -commands in order to create all objects and policie
D. Run the file in CLISH with command load configuration
E. Create a text-file with DBEDIT script that creates all objects and policie
F. Run the file in the command line of the management server using command dbedit -f
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?
A. A star community requires Check Point gateways, as it is a Check Point proprietary technology
B. In a star community, satellite gateways cannot communicate with each other
C. In a mesh community, member gateways cannot communicate directly with each other
D. In a mesh community, all members can create a tunnel with any other member
عرض الإجابة
اجابة صحيحة: A
السؤال #19
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A. You can only use the rule for Telnet, FTP, SMPT, and rlogin services
B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out
D. You can limit the authentication attempts in the User Properties' Authentication tab
عرض الإجابة
اجابة صحيحة: D
السؤال #20
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services
B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which of the following is NOT a valid option when configuring access for Captive Portal?
A. From the Internet
B. Through internal interfaces
C. Through all interfaces
D. According to the Firewall Policy
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Fill in the blank: Authentication rules are defined for ____ .
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database
عرض الإجابة
اجابة صحيحة: C
السؤال #23
What is the appropriate default Gaia Portal address?
A. HTTP://[IPADDRESS]
B. HTTPS://[IPADDRESS]:8080
C. HTTPS://[IPADDRESS]:4434
D. HTTPS://[IPADDRESS]
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Fill in the blank: The R80 feature _____ permits blocking specific IP addresses for a specified time period.
A. Block Port Overflow
B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?
A. Firewall
B. Application Control
C. Anti-spam and Email Security
D. Antivirus
عرض الإجابة
اجابة صحيحة: D
السؤال #26
To enforce the Security Policy correctly, a Security Gateway requires:
A. a routing table
B. awareness of the network topology
C. a Demilitarized Zone
D. a Security Policy install
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Look at the following screenshot and select the BEST answer.
A. Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP
B. Internal clients can upload and download any-files to FTP_Ext-server using FTP
C. Internal clients can upload and download archive-files to FTP_Ext server using FTP
D. Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.