Last Updated on September 23, 2021 by Admin 3
156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 12
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
- The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
- The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
- The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
- The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.
Choose the correct statement regarding Implicit Rules.
- To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.
- Implied rules are fixed rules that you cannot change.
- You can directly edit the Implicit rules by double-clicking on a specific Implicit rule.
- You can edit the Implicit rules but only if requested by Check Point support personnel.
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
- You checked the cache password on desktop option in Global Properties.
- Another rule that accepts HTTP without authentication exists in the Rule Base.
- You have forgotten to place the User Authentication Rule before the Stealth Rule.
- Users must use the SecuRemote Client, to use the User Authentication Rule.
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
- Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.
- Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
- Restore the entire database, except the user database, and then create the new user and user group.
- Restore the entire database, except the user database.
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.
- SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
- SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
- SmartView Tracker, CPINFO, SmartUpdate
- Security Policy Editor, Log Viewer, Real Time Monitor GUI
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway’s VPN domain?
- SNX modifies the routing table to forward VPN traffic to the Security Gateway.
- An office mode address must be obtained by the client.
- The SNX client application must be installed on the client.
- Active-X must be allowed on the client.
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
- External-user group
- LDAP group
- A group with a genetic user
- All Users
What is Consolidation Policy?
- The collective name of the Security Policy, Address Translation, and IPS Policies.
- The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
- The collective name of the logs generated by SmartReporter.
- A global Policy used to share a common enforcement policy for multiple Security Gateways.
Where do you verify that UserDirectory is enabled?
- Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
- Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked.
- Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.
- Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.
Which of the following actions do NOT take place in IKE Phase 1?
- Peers agree on encryption method.
- Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
- Peers agree on integrity method.
- Each side generates a session key from its private key and peer’s public key.
Which R77 GUI would you use to see number of packets accepted since the last policy install?
- SmartView Monitor
- SmartView Tracker
- SmartView Status
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
- Load Sharing
- High Availability
- Fail Open
What is the Manual Client Authentication TELNET port?
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
4) Install policy.
Ms McHanry tries to access the resource but is unable. What should she do?
- Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal”.
- Have the security administrator reboot the firewall.
- Have the security administrator select Any for the Machines tab in the appropriate Access Role.
- Install the Identity Awareness agent on her iPad.
How many packets does the IKE exchange use for Phase 1 Main Mode?
What is also referred to as Dynamic NAT?
- Automatic NAT
- Static NAT
- Manual NAT
- Hide NAT
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
- Secure Internal Communications (SIC) not configured for the object.
- A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.
- Anti-spoofing not configured on the interfaces on the Gateway object.
- A Gateway object created using the Check Point > Secure Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
Which of the following is NOT a valid option when configuring access for Captive Portal?
- From the Internet
- Through internal interfaces
- Through all interfaces
- According to the Firewall Policy
As you review this Security Policy, what changes could you make to accommodate Rule 4?
- Remove the service HTTP from the column Service in Rule 4.
- Modify the column VPN in Rule 2 to limit access to specific traffic.
- Nothing at all
- Modify the columns Source or Destination in Rule 4