Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
73 Cards in this Set
- Front
- Back
|
What provides visual tracking, monitoring, and accounting information for all connections logged by Check Point components?
|
SmartView Tracker
|
|
|
What is the API for exporting Security Gateway log data to other applications, such as spreadsheets or databases?
|
Log Export Application (LEA)
|
|
|
(T/F) Reporting and event-analysis applications are available from multiple OPSEC partners.
|
True
|
|
|
What types of logs are defined in SmartView Tracker? (2)
|
Predefined
Custom |
|
|
What are the 3 SmartView Tracker tabs?
|
Network & Endpoint
Active Management |
|
|
What SmartView Tracker tab displays the default view and shows all security related events?
|
Network & Endpoint
|
|
|
What SmartView Tracker tab displays currently open connections?
|
Active
|
|
|
(T/F) Switching to Active mode will not have an effect on system resource utilization.
|
False.
|
|
|
What SmartView Tracker tab displays changes made to objects in the rule base and tracks general SmartDashboard use?
|
Management
|
|
|
(T/F) When using 'Save Log File As' only records that match the selection criteria (visible and non-visible) will be saved to the files.
|
True
|
|
|
In Tracker, when you create a new log file using the current file is _________ and ________________ with a name that includes the ____________ and __________.
|
Closed
Written to disk Current time Current date |
|
|
How many log files can be open in Tracker at a time?
|
one
|
|
|
What is the default log file path and name for log mode?
|
$FWDIR/log/fw.log
|
|
|
What is the default log file path and name for audit mode?
|
$FWDIR/log/fwadt.log
|
|
|
How do you configure a name other the default name for a log?
|
Clear the default box and specify a new name.
|
|
|
On the Tracker toolbar, which option will allow you to transfer log files from a remote machine to the current machine?
|
Remote Files Management
|
|
|
On the Tracker toolbar, which option toggles the display of the Files Fetch Progress Window?
|
Show or hide Fetch Progress
|
|
|
On the Tracker toolbar, what can you do by selecting Query Options? (4)
|
Toggle the dispolay of the query tree pane.
Open an existing query Save a custom query Save a custom query under a new name |
|
|
What format are log entries saved as when using the File > Export?
|
*.txt
|
|
|
In Tracker, how do you delete all entries in the log file regardless of which entries are selected.
|
File > Purge Active File
|
|
|
What are some of the entries you will find in Administrator Auditing? (6)
|
Administrator login, administrator logout, Object creation, object deletion, object editing, and changes in the rule base.
|
|
|
(T/F) Using the Management Tab in Tracker, it is not possible see changes made by a specific administrator.
|
False
|
|
|
(T/F) Using the Management Tab in Tracker, it is possible to see who modified an object and what changes were made.
|
True
|
|
|
Where can the Global Properties - Log and Alert window be found?
|
Policy > Global Policies > Log and Alert
|
|
|
allez-vous d'étudier les options à partir de la page 229?
|
Oui!
|
|
|
What specifies the minimum amount of time between successive logs of similar packets?
|
Excessive log grace period.
|
|
|
What aspects of "similar" packets are the same? (5)
|
Source address, source port, destination address, destination port, and protocol.
|
|
|
How do you change the frequency with which the SMS queries Check Point Gateways for status information?
|
Policy > Global Properties > Log and Alert > Time Settings > Status Fetching Interval
|
|
|
What function in Tracker do you use to terminate an active connection and block further connections from and to specific IP addresses?
|
Block Intruder
|
|
|
What Tracker mode must you be in to terminate and block active connections?
|
Active Mode
|
|
|
How do you block an active connection with Block Intruder?
|
Active Mode > Select Connection > Tools > Block Intruder
|
|
|
What are the 3 options for Blocking Scope in the Block Intruder tool?
|
Block all connections with the same source, destination, and service.
Block access from this source Block access to this destination |
|
|
What are the 2 options for Blocking Timeout in the Block Intruder tool?
|
Indefinite
For <#> minutes |
|
|
What are the 2 options for the "Force this blocking" field in the Block Intruder tool?
|
Only on <gateway>
On any Security Gateway |
|
|
How do you unblock a connection in Tracker?
|
Tools > Clear Blocking
|
|
|
What provides a single, central interface for monitoring network activity, and performance of Check Point applications?
|
SmartView Monitor
|
|
|
(T/F) SmartView Monitor is not capable of custom views.
|
False
|
|
|
What protocol does the Management Server use to collect information about specific gateways that are installed?
|
Application Monitoring (AMON)
|
|
|
In the collection of status information for Monitor's Gateway Status View the __________ is the client and the __________ is the server.
|
Management Server
Gateway |
|
|
What do System Counters provide in Gateway Status View?
|
in-depth details on Gateway use and activity.
|
|
|
What can you generate system status information about in Gateway Status View? (3)
|
Resource user
Gateway performance statistics Detect & monitor suspicious activity |
|
|
What are some of the things that can be monitored in Monitor's Tunnels View? (3)
|
Tunnel Status
VPN Community Gateways associated with a tunnel |
|
|
(T/F) Monitor recognizes tunnel malfunctions and connectivity problems by constantly monitoring and analyzing the status of an organization's tunnels.
|
True
|
|
|
In Monitor's Tunnels View, what are used to generate fully detailed reports that include information about all tunnels that fulfill specific conditions?
|
Tunnel queries
|
|
|
What Monitor view is uses to keep track of VPN remote users currently logged in?
|
Remote Users View
|
|
|
Which Monitor view utilizes the Integrity Server compliance capability to verify connections arriving from various hosts across the internal network?
|
Cooperative Enforcement
|
|
|
(T/F) Cooperative enforcement does not test all hosts initiating a connection for compliance.
|
False
|
|
|
Where can you view logs related to Cooperative Enforcement that are generated for both authorized or unauthorized hosts?
|
SmartView Monitor
|
|
|
What are security rules that enable the administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy?
|
Suspicious Activity Rules
|
|
|
(T/F) Suspicious Activity Rules require a policy push to be enforced.
|
False
|
|
|
What is the path of a Monitor alert? (3)
|
Gateway > SMS > SmartView Monitor (SmartConsole)
|
|
|
Under what conditions are alerts sent?
|
When traffic matches a rule with Alert is set as the Action.
When a system event surpasses a configured threshold. |
|
|
(T/F) Administrators can define alerts to be sent for different gateways
|
True
|
|
|
What is the default location for an alert to be sent?
|
SmartView Monitor on the admin's desktop.
|
|
|
(T/F) It is possible to define alerts for QoS that would not apply to Connectra
|
True
|
|
|
(T/F) Alerts can be Global or per Gateway.
|
True
|
|
|
SmartView Monitors gathers status information about Check Point objects and __________.
|
OPSEC objects
|
|
|
After reviewing the status of certain clients in Monitor you decide to take decisive action for a client or cluster member. What are your choices? (2)
|
Disconnect client
Start/Stop Cluster Member |
|
|
How do you start or stop a cluster member in Monitor?
|
Right click the object and choose stop or start member
|
|
|
Where do you configure alerts in SmartDashboard?
|
Policy > Global Properties > Log and Alerts > Alert Commands
|
|
|
How do you view active alerts in Monitor?
|
Tools > Alerts
|
|
|
(T/F) Studying the scenarios on 248 will give you a better perspective.
|
True
|
|
|
(Tracker/Monitor) What would be used to endure network components are operating properly
|
Tracker (That's what the book says. I disagree)
|
|
|
(Tracker/Monitor) What would be used to troubleshoot system and security (rules) issues.
|
Tracker
|
|
|
(Tracker/Monitor) What would be used to gather information for legal or audit purposes.
|
Tracker
|
|
|
(Tracker/Monitor) What would be used to generate reports to analyze network-traffic patterns.
|
Tracker
|
|
|
(Tracker/Monitor) What would be used to temporarily or permanently terminate connections form specific IP addresses.
|
Tracker
|
|
|
(Tracker/Monitor) What would be used to centrally view Check Point and OPSEC devices
|
Monitor
|
|
|
(Tracker/Monitor) What would be used to present a complete picture of changes to gateways, tunnels, remote users, and security activities.
|
Monitor
|
|
|
(Tracker/Monitor) What would be used to immediately identify changes in traffic flow patterns that may signify malicious activity.
|
Monitor
|
|
|
(Tracker/Monitor) What would be used to maintain high network availability?
|
Monitor
|
|
|
(Tracker/Monitor) What would be used to improve efficiency of bandwidth use.
|
Monitor
|
|
|
(Tracker/Monitor) What would be used to track SLA compliance
|
Monitor
|
