A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the
Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.
Answer : D
You are MegaCorps Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the
Automatic Static NAT method. What is the rule order if both methods are used together?
Give the BEST answer.
Answer : B
Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your
DMZ?
Answer : D
Your perimeter Security Gateways external IP is 200.200.200.3. Your network diagram shows:
Answer : B
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router.
You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security
Gateway?
A. Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
B. Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.
C. Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid
IP address.
D. Place a static host route on the firewall for the valid IP address to the internal Web server.
Answer : B Topic 5, User Managment and Authentication Obj 1
Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with
HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?
Answer : A
Security Gateway R77 supports User Authentication for which of the following services?
Select the response below that contains the MOST correct list of supported services.
Answer : C
Which Security Gateway R77 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
Answer : C
As a Security Administrator, you must refresh the Client Authentication authorization time- out every time a new user connection is authorized. How do you do this? Enable the
Refreshable Timeout setting:
Answer : C
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
Answer : A
Which of the following are authentication methods that Security Gateway R77 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.
Answer : C
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
Answer : B
You cannot use SmartDashboards User Directory features to connect to the LDAP server.
What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
Answer : B
Charles requests a Website while using a computer not in the net_singapore network.
Answer : D
In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic.
Eric is a member of the LDAP group, MSD_Group.
Answer : D