You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. No, it is not possible to have more one NAT rule matching a connection. When the firewall receives a packet belonging to a concentration, it compares it against the first rule in the Rule Base, then the second rule, and so on When it finds a rule that matches, it stops checking and applies that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT)
正解:B
質問 2:
When a user selects to allow Hot-spot, SecureClient modifies the Desktop Security Policy and/or Hub Mode routing to enable Hot-spot registration. Which of the following is NOT true concerning this modification?
A. The modification is restricted by time.
B. IP addresses accessed during registration are recorded.
C. Ports accessed during registration are recorded.
D. The number of IP addresses accessed is unrestricted.
正解:D
質問 3:
You intend to upgrade a Check Point Gateway from R65 to R71. Prior to upgrading, you want to backup the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
A. Database_revision
B. Upgrade_export
C. Backup
D. Snapshot
正解:B
質問 4:
Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?
A. Run the revert command to restore the snapshot, establish SIC, and install the Policy.
B. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
C. Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.
D. Run the revert command to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
正解:C
質問 5:
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is enabled in the Global Properties. A client on the Internet initiates a session to the Web Server. On the initiating packet, NAT occurs on which inspection point?
A. O
B. i
C. I
D. o
正解:C
質問 6:
What is the Manual Client Authentication TELNET Port?
A. 23
B. 264
C. 259
D. 900
正解:C
質問 7:
For information to pass securely between a Security Management Server and another Check Point component, what would NOT be required?
A. The communication must be encrypted
B. The communication must use two-factor or biometric authentication.
C. The communication must be authenticated
D. The component must be time-and-date synchronized with the security management server.
正解:B
質問 8:
In which IKE phase are IKE SA's negotiated?
A. Phase 2
B. Phase 4
C. Phase 1
D. Phase 3
正解:C
Kurita -
156-215-71頻出ポイントに内容を絞ってるためか(実際にそのように謳われている)、実際の試験や過去問には本書に記載のない用語が普通に出題された。