Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
Where does SmartUpdate install it's License & Contract Repository?
|
For Linux: $FWDIR/conf
For Windows: %FWDIR%\conf |
|
Where does SmartUpdate install it's Package Repository?
|
For Windows: C:\SUroot
For Linux: /var/suroot |
|
SmartUpdate upgrade operations require the ______ daemon and license operations use the ______ daemon.
|
cprid & cpd
|
|
Management HA servers must all be of the same ______, but do not have to be of the same ______.
|
Operating system & CP Version
|
|
Which port does CCP (Cluster Control Protocol) run on?
|
UDP 8116
|
|
What are CCP's two main functions?
|
1) Cluster members to report their states and learn about other cluster member states by sending keep-alive packets
2) State synchronization |
|
Full sync transfers all VPN-1 kernel table information from one cluster member to another, which process is responsible for this?
|
fwd
|
|
When does full sync occur for clusterxl? and what process is responsible for it?
|
When a member is first brought into the cluster from down status.
|
|
When does a delta sync occur for clusterxl? and what handles the sync connection?
|
Once all members are synchronized, only updates are transferred via delta sync. This is handled by UDP multicast or broadcast on port 8116.
|
|
Which one of these 3 can not be synced with clusterXL? Session Auth, User Auth, Client Auth
|
User auth, because it is used by security servers and these are processes which can't be synced
|
|
how would you write a cphaprob command to fail a process?
|
cphaprob -d Failedevice -s problem report
|
|
how would you write a cphaprob command to OK a process?
|
cphaprob -d Device -s ok report
|
|
cphaprob syntax: unregister
|
Unregisters <device> as a critical process; -a unregister will unregister all devices
|
|
what fw command shows very general information about HA state?
|
fw hastat
|
|
What port is used for PPTP?
|
TCP port 1723
|
|
What OS's or OS are number VTI's supported on?
|
SPLAT only
|
|
What OS's or OS are unnumbered VTI's supported on?
|
IPSO 3.9 and above
|
|
VPN Authenticity includes the following:
|
MD5, SHA1
|
|
VPN Encryption includes the following:
|
DES, 3DES, CAST, AES
|
|
How often do IKE SA's renegotiate by default?
|
24 hours
|
|
How often do IPSEC SA's renegotiate by default?
|
1 hour
|
|
Diffie-Hellman uses what type of encryption, asymmetric or symmetric?
|
Asymmetric (public/private key pair)
|
|
If you use a public key and private key to encrypt is this asymmetric or symmetric?
|
asymettric
|
|
RSA uses what type of encryption, asymmetric or symmetric?
|
Asymmetric (public/private key pair)
|
|
Digital signatures use what encryption type in Check Point?
|
RSA
|
|
What size is a DES key?
|
56 bit
|
|
What size a 3DES key?
|
168 bit
|
|
What size is a CAST cipher?
|
40 bit
|
|
What size is a AES key?
|
128 - 256 bit
|
|
What hash algorithm's do CP use? This is also known as 'data integrity'.
|
MD5, SHA1
|
|
What is ESP's protocol number?
|
ESP operates directly on top of IP, using IP protocol number 50.
|
|
What is used within VPN's to allow access using a NAT'd IP?
|
Nat-T, Nat Traversal
|
|
What 5 things can you do with the license_upgrade util?
|
Upgrade, Simulate, Status, Import, Export
|
|
NGX R65 cannot manage which Gateway versions (3 different ones)?
|
NG, NG FP1, NG FP2
|
|
The following management versions can be upgraded to NGX R65:
|
Any NGX version
NG: R55W, R55, R54, FP3 Express CI: R57 GX: 2.5 VSX: 2.0.1, NG w/AI release 2, VSX NGX |
|
Which versions can't be upgraded to NGX R65 for a management station?
|
Any 3 or 4 version + NG, FP1, FP2
|
|
pre_upgrade_verifier tool, what does the -p and -c flag mean?
|
-p = path of the installed scs server $FWDIR
-c = currently installed version |
|
pre_upgrade_verifier tool, what does the -t and -f flag mean?
|
-t = target version
-f = redirects standard output to a file |
|
what does cprinstall do?
|
perform remote installations
|