Check Point-Certified Security Administrator - GAiA Set 2

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface. What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of ____________.

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

When translation occurs using automatic Hide NAT, what also happens?

The fw monitor utility is used to troubleshoot which of the following problems?

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on: