Ccsa R70 Chapter 1

Front 1

Determining how and what resources are accessed is:

Back 1

Access Control

Front 2

Determining who can access resources is:

Back 2

User Authentication

Front 3

What is the SmartConsole client application that administrators use to define and apply security policies to specific gateways?

Back 3

SmartDashboard

Front 4

What technology provides full application level awareness comprehensive access control?

Back 4

Stateful Inspection

Front 5

(T/F) You cannot specify and define custom services.

Back 5

False

Front 6

Where is the information that is extracted from all application levels and used for security decisions maintained?

Back 6

Dynamic state tables

Front 7

Communication Hardware/Media such as Ethernet cards, cables, and hubs are examples of which layer of the OSI Model?

Back 7

Physical - Layer 1

Front 8

MAC addresses that are assigned to network interfaces are represented in what layer of the OSI Model? A switch that does not perform routing functions in this layer.

Back 8

Data Link - Layer 2

Front 9

Addresses that are logical in nature (IP) are represented in what layer of the OSI Model? A router functions in this layer.

Back 9

Network - Layer 3

Front 10

What layer of the OSI Model represents where specific network applications and communication sessions are identified using ports or endpoints.

Back 10

Transport - Layer 4

Front 11

Which layers of the OSI Model are considered by Check Point to represent end-user applications and systems?

Back 11

Layers 5, 6, and 7.

Front 12

What 3 technologies are used to allow or deny network traffic?

Back 12

Packet filtering, stateful inspection, and application intelligence.

Front 13

What firewall technology controls access to specific network segments based on addresses, ports, and protocols only and is considered the least secure type?

Back 13

Packet filtering

Front 14

What firewall technology incorporates layer 4 awareness, examination of the contents of the packet, and context established by previous packets into standard packet filtering?

Back 14

Stateful Inspection

Front 15

How do stateful inspection firewalls provide security against port scanning?

Back 15

By closing all ports until a specific port is requested.

Front 16

What is the CLI command used to see a list of the state tables in short format?

Back 16

fw tab -s

Front 17

What is the mechanism for extracting the state related information from all application layers and maintaining the information in dynamic state tables?

Back 17

the INSPECT engine.

Front 18

(T/F) the INSPECT engine enforces security policies on the firewall.

Back 18

True

Front 19

What firewall technology is a a set of advanced capabilities, integrated into the firewall and IPS, that detect and prevent application-level attacks

Back 19

Application Intelligence

Front 20

(T/F) Many attacks aimed at network applications actually target the network and transport layers

Back 20

True

Front 21

The security gateway kernel is placed between which layers of the OSI Model

Back 21

Layers 2 and 3

Front 22

(T/F) Packets are processed by higher protocol-stack layers if they do no comply with security policies.

Back 22

False

Front 23

(T/F) I will not study the packet flow on page 19.

Back 23

False

Front 24

What are 3 reasons a firewall must be aware of the network topology?

Back 24

To correctly enforce policy
To ensure the validity of inbound/outbound IP addresses
To configure a special domain for VPNs

Front 25

What is used to isolate servers that are accessible by untrusted sources?

Back 25

Demilitarized Zone (DMZ)

Front 26

With the exception of a few specific applications, what should servers in the DMZ not be permitted to do?

Back 26

Initiate connections into the internal network

Front 27

What mode allows for the placement of a firewall without changing existing IP routing?

Back 27

Bridge Mode

Front 28

Bridge mode is supported on which OS?

Back 28

SPLAT

Front 29

Check Point provides security for the four most critical layers of network security. What are they?

Back 29

Network perimeter, network core, Web, and endpoints.

Front 30

What single application is used to provide all necessary elements to complete the unified approach to security management?

Back 30

SmartConsole

Front 31

What are the software modules and blades that SmartConsole uses to manage security gateway components? (11)

Back 31

SmartDashboard, SmartMap, SmartView Tracker, SmartView Monitor, Eventia Reporter, Eventia Analyzer, SmartProvisioning, SmartUpdate, Manage Endpoint Security Server, Workflow, IPS

Front 32

(T/F) In SmartDashboard all object definitions are shared among all applications for efficient policy creation and security management.

Back 32

True

Front 33

What are the 9 tabs in SmartDashboard?

Back 33

Firewall, NAT, IPS, Anti Spam & Mail, Anti-Virus & URL Filtering, SSL VPN, IPSec VPN, QoS, Desktop

Front 34

What tab in SmartDashboard provides parameters useful for defining the Rule Base for your networks and is where you specify how connections are allowed, disallowed, authenticated, or encrypted.

Back 34

Firewall

Front 35

What is the Security Policy visualization tool that provides a graphical map of an organization's security deployment?

Back 35

SmartMap

Front 36

What is the module that provides real-time historical and visual tracking, monitoring, and accounting information for all logged connections?

Back 36

SmartView Tracker

Front 37

(T/F) In the case of an attack or otherwise suspicious network activity, Security Admins can use SmartView Tracker to temporarily or permanently terminate connections from specific IP addresses.

Back 37

True

Front 38

In Tracker, what tab shows entries for security-related events for Check Point and OPSEC products?

Back 38

Network & Endpoint

Front 39

In Tracker, what tab shows active connections?

Back 39

Active

Front 40

(T/F) Using the active tab in SmartView tracker does not increase cpu load on the firewalls.

Back 40

False

Front 41

In Tracker, what tab tracks changes made in Dashboard?

Back 41

Management

Front 42

What is used to Web-based administration of the SMS?

Back 42

SmartPortal

Front 43

What is used to encrypt connections to the SmartPortal Web Interface?

Back 43

SSL

Front 44

What is an open industry standard for user management and is widely accepted as the directory-access method of the Internet?

Back 44

LDAP

Front 45

When integrated with Check Point's Security Management, LDAP is referred to as:

Back 45

SmartDirectory

Front 46

What provides a single, central interface for viewing network activity and performance of Check Point applications in real-time?

Back 46

SmartView Monitor

Front 47

(T/F) Monitor can be used to monitor and generate reports for traffic on different Check Point components.

Back 47

True

Front 48

(T/F) Monitor cannot perform VPN performance analysis.

Back 48

False

Front 49

(T/F) Monitor can compare actual VPN performance to SLAs.

Back 49

True

Front 50

What are the 5 key features of Monitor?

Back 50

Gateway Status
Traffic/System Counters
Tunnels
Remote Users
Cooperative Enforcement

Front 51

What is a user-friendly solution for analyzing and auditing traffic?

Back 51

Eventia Reporter

Front 52

What provides centralized, real-time, event correlation and management of log data?

Back 52

Eventia Analyzer

Front 53

(T/F) Eventia Analyzer cannot detect threats by recognizing pattern anomalies that appear when correlating data over time.

Back 53

False

Front 54

What provides centralized administration and provisioning of Check Point devices from a single SMS or P-1 CMA?

Back 54

SmartProvisioning

Front 55

What does SmartProvisioning use to define most of the Gateway properties?

Back 55

Profiles

Front 56

What is used to maintain a license repository and to facilitate upgrading Check Point software?

Back 56

SmartUpdate

Front 57

How many administrators must have read/write permissions to manage the security policy?

Back 57

1

Front 58

What major attributes are defined during the configuration process that occurs immediately after the initial stages of the SMS installation?

Back 58

The definition of administrators
The fingerprint
Features such as Management HA

Front 59

What are the three components of a typical Check Point deployment?

Back 59

Security Gateway, Security Management Server, and SmartConsole

Front 60

The deployment consisting of the SMS and Gateway installed on the same machine is called:

Back 60

Stand-alone deployment

Front 61

The deployment consisting of the SMS and Gateway installed on separate machines is called:

Back 61

Distributed deployment

Front 62

What does Check Point recommend for managing licenses?

Back 62

SmartUpdate

Front 63

A set of policies (Security, QoS, etc.) that are enforced on selected Gateways is called:

Back 63

a Policy Package

Front 64

What defines the rules and conditions that govern which communication is permitted to enter and leave the organization

Back 64

Security Policy

Front 65

(T/F) A log server cannot be installed on the same machine as the SMS.

Back 65

False

Front 66

What does a User's definition include?

Back 66

access permissions to/from specific machines at specific times of the day.

Front 67

Where can a user definition be used in the Rule Base?

Back 67

Authentication rules and Remote Access VPN.

Front 68

What are the 2 ways to deliver the Users Database from the SMS to a Management Software Blade enabled Check Point host?

Back 68

Policy Push
By selecting Policy > Install Database..

Front 69

(T/F) Security Gateways that do not include the Management Software Blade receive the Users Database

Back 69

False

Front 70

(T/F) The Users Database includes users defined externally to the SMS (LDAP, etc)

Back 70

Flase

Front 71

What are administrator groups used for?

Back 71

To specify which admins have permissions to install policies on specific gateways.

Front 72

(T/F) You can create a Check Point administrator account by creating an administrator in SPLAT.

Back 72

False

Front 73

What is used in the administrator accounts or groups to assign access and permissions?

Back 73

Permissions Profile

Front 74

In the Permissions Profile, administrator access is allowed via: (2)

Back 74

Management Portal and SmartConsole
Management Portal Only

Front 75

What are the 5 permission levels in the Permissions Profile

Back 75

None
Read/Write All
Manage Administrators
Read Only All
Customized

Front 76

Where is administrator authentication configured?

Back 76

in the Admin Auth tab of the Administrator Properties window.

Front 77

What is best practice with regard to Administrator configuration?

Back 77

Different administrator types are set up using Permission Profiles and a single cpconfig admin account is locked in a safe place.

Front 78

What is the Check Point feature that ensures components such as firewalls and SMSs can communicate freely and securely?

Back 78

Secure Internal Communications (SIC)

Front 79

What security measures are taken to ensure the safety of SIC? (3)

Back 79

Certificates for authentication
Standards based SSL for the creation of the secure channel
3DES for encryption

Front 80

When is the ICA created?

Back 80

During the SMS installation process.

Front 81

What does the ICA issue certificates for? (3)

Back 81

SIC
VPN Certificates for Gateways (tunnels)
Users (remote access, clientless VPN, etc)

Front 82

What are the 3 clients that are used for configuring the ICA?

Back 82

cpconfig, SmartDashboard, and ICA Management Tool.

Front 83

What ICA operations are configured using SmartDashboard? (4)

Back 83

The Certificate Revocation List (CRL)
SIC Certificates
VPN Certificates
User Certificates managed in the internal database.

Front 84

The SMS and its components are identified by their SIC name, also know as:

Back 84

Distinguished Name

Front 85

(T/F)Administrative login to the SMS uses SIC.

Back 85

True