|
Exam 70-316 Passed! thanks for itcertkeys.com
|
Question 1. Which VPN-1 NGX feature or command allows Security Administrators to revert to earlier versions of the same Security Policy? A. Policy Package management B. cpinfo C. cpconfig D. Database Revision Control E. upgrade_export/import Answer: D Question 2. In SmartView Tracker, you see an entry for an outbound connection showing address translation. But when setting SmartView Tracker to show all entries for that connection, only outbound entries show. What is the possible cause for this? A. The entry is for a Manual Dynamic NAT connection, from a specific host infected by a worm. B. The entry is for a Manual Static NAT connection, where inbound traffic is managed by a separate rule. C. The entry is for a Static NAT connection, from a specific host that has been infected by a worm. D. The entry is for a Dynamic NAT connection from a specific host. Answer: B Question 3. Which of the following commands is used to restore VPN-1 NGX configuration information? A. gunzip B. cpconfig C. fw ctl pstat D. cpinfo E. upgrade_import Answer: E Question 4. Which OPSEC server is used to prevent users from accessing certain Web sites? A. CVP B. DEFENDER C. URI D. FTP E. UFP Answer: E Question 5. Your organization ITCertKeys.com's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How would you request and apply the license? A. Request a central license, using the remote Security Gateway's IP address. Apply he license locally with the fwputlic command. B. Request a central license, using the SmartCenter Server's IP address. Apply the license locally on the remote Gateway with the fwputlic command. C. Request a central license, using your SmartCenter Server's IP address. Attach the license to the remote Gateway via SmartUpdate. D. Request a central license, using the remote Gateway's IP address. Attach the license to the remote Gateway via SmartUpdate. E. Request local licenses for all Gateways separately. Apply the license locally on the remote Gateways with the fwputlic command. Answer: C Question 6. How do you create more granular control over commands, such as CWD and FIND, in FTP data connections? A. Use Global Properties > Security Server settings. B. Use the gateway object's Security Server settings. C. Use the Service field of the Rule Base. D. Use an FTP resource object. E. Use FTP Security Server settings in SmartDefense. Answer: E Question 7. Which of the following is the final step in a VPN-1 NGX backup? A. Test restoration in a non-production environment, using the upgrade_import command. B. Move the *.tgz file to another location. C. Copy the conf directory to another location. D. Run the upgrade_export command. E. Run the cpstop command. Answer: B Question 8. Choose the BEST sequence for configuring user management on SmartDashboard, for use with an LDAP server: A. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application. B. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object. C. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit. D. Configure a server object for the LDAP Account Unit, and create an LDAP resource object. E. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties. Answer: C 340, Check Point Security Administration NGX I Student Handbook Question 9. You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel? A. Hide NAT B. None C. Dynamic NAT D. Static NAT E. Manual NAT Answer: B Question 10. Yoav is a Security Administrator preparing to implement a VPN solution for his multisite organization. To comply with industry regulations, Yoav's VPN solution must meet the following requirement: * Portability: Standard * Key management: Automatic, external PKI * Session keys: Changed at configured times during a connection's lifetime * Key length: No less that 128-bit * Data integrity: Secure against inversion and brute-force attacks What is the most appropriate setting Yoav should choose? A. IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash B. IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash C. IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash D. IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash E. IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash Answer: E
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.