Check Point-Certified Security Administrator - GAiA Set 3

Question - 15 Maximum mark : - 30

Home
All Exams
Check Point-Certified Security Administrator - GAiA Online Practice Exams
Check Point-Certified Security Administrator - GAiA Set 3

Which statement is TRUE about implicit rules?

You create them in SmartDashboard. ✘ The Gateway enforces implicit rules that enable outgoing packets only. ✘ Changes to the Security Gateway's default settings do not affect implicit rules. ✘ They are derived from Global Properties and explicit object properties. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:

Exclusion of specific services for reporting purposes. ✘ Specific traffic that facilitates functionality, such as logging, management, and key exchange. ✘ Acceptance of IKE and RDP traffic for communication and encryption purposes. ✘ Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

A Security Policy has several database versions. What configuration remains the same no matter which version is used?

Objects_5_0.C ✘ fwauth.NDB ✘ Rule Bases_5_0.fws ✘ Internal Certificate Authority (ICA) certificate ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

All connections are reset, so a policy install is recommended during announced downtime only. ✘ Users being authenticated by Client Authentication have to re-authenticate. ✘ Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the SecurityPolicy. ✘ All FTP downloads are reset; users have to start their downloads again. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?

A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base. ✘ When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall isshown in the list of possible installation targets after selecting Policy > Install. ✘ In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule. ✘ A Rule Base can always be installed on any Check Point firewall object. It is necessary to select theappropriate target directly after selecting Policy > Install. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port __________.

259 ✘ 256 ✘ 80 ✘ 900 ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?

This cannot be configured since two selections (Service, Action) are not possible. ✘ Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security ManagementServer cpinfo file. ✘ In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a newQuery, give it a name (e.g. "HTTP_SSH") and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. ✘ In SmartDashboard, right-click in the column field Service > Query Column. Then, put the servicesHTTP and SSH in the list. Do the same in the field Action and select Accept here. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

What is the purpose of a Stealth Rule?

To permit implied rules. ✘ To drop all traffic to the management server that is not explicitly permitted. ✘ To prevent users from connecting directly to the gateway. ✘ To permit management traffic. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Which of these Security Policy changes optimize Security Gateway performance?

Use Automatic NAT rules instead of Manual NAT rules whenever possible. ✘ Using domain objects in rules when possible. ✘ Using groups within groups in the manual NAT Rule Base. ✘ Putting the least-used rule at the top of the Rule Base. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

10.

Your perimeter Security Gateway's external IP is 200.200.200.3. Your network diagram shows: RequireD. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5. The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. ✘ Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both networkobjects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5. ✘ Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT onthe NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. ✘ Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to agroup object. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original. ✔

Answer & Solution Discuss in Board Save for Later

Answer & Solution

Answer: Option B

Solution:

It provides fallback for IE8.

Prev Next

Congratulations

you have successfully completed the test

Back to Question View Result

Detail Form

We will send your result on your email id and phone no. please fill detail

Name

Email ID Note: Report will be send to the above Email ID

Phone No

Check Point-Certified Security Administrator - GAiA Set 3

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner