Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
What is SIC
|
Secure Internal Communications
|
|
What are the two views availble for the object tree
|
Standard and Group View
|
|
Under what catagory in the network objects tree do management servers and gateways appear under?
|
Check Point
|
|
In the Objects Tree how do you add a new gateway?
|
New Check Point --> VPN-1 Power / UTM gateway.
Click OK |
|
Basic Rule Concepts (P189)
|
add Rule
Top, After, Before Delete Rule Hide |
|
What 2 rules are used by nearly all VPN-1 admins?
|
Cleanup Rule
Stealth Rule |
|
Where should the stealth rule be placed? (P192)
|
At the top of the rule base
|
|
What 2 types of rules are created in the rule base?
|
Implicit and Explicit.
|
|
Which type of rule is created by Check Point
|
Implicit
|
|
Where are implicit rules placed?
|
First, Last, and before last
|
|
Where do you midify Implied Rules? (p197)
|
In the Firewall Implied Rules page in the Global Properties.
|
|
What order does VPN-1 enfore the rule base? (p198)
|
1. IP spoofing / IP Options
2. Network Address Translation 3. Security policy "First" Rule 4. Administrator defined Rule Base. 5. Security Policy "Before Last" rule 6. Cleanup rule or security policy "Last" rule |
|
Before creating a rule base what should you ask your self first?
|
1. Which objects are in the network.
2. Which user permissions and authentication schemes are needed. Which services are allowed across the network. |
|
What are the 3 Policy Package types? (p204)
|
1. security and Address Translation policy
2. QOS Policy 3. Desktop Security Policy |
|
What allows the administrator to create a fallback configuration when implimenting new objects and rules?
|
Database Revision Control
|
|
3 reasons to use NAT (p225)
|
Private IP addresses used in internal networks.
Limiting external network access ease and flexibility of network administration |
|
What types of NAT does VPN-1 support?
|
Static
Dynamic Dynamic hide |
|
Where are static NAT connections recorded?
|
Gateways state table.
|
|
When can hide NAT not be used?
|
1. For protocols where the port number cannot be changed
2. When the external server must distinguish between clients based on the IP addresses. |
|
When using hide what addresses can you hide behind? (p229)
|
Either the interface of a gateway or a specified IP address
|
|
What 3 properties affect how NAT works globaly? (p231)
|
1. Allow bi-directional NAT
2. Translate destination on client side 3. Automatic ARP configuration. |
|
What are the two elements address-translation rules are divided into?
|
1. Original Packet
2. Translated Packet |
|
What 2 types of NAT rules can be created?
|
Automatic NAT
Static NAT |
|
What are some instances where a manual NAT rule maybe created? (p236)
|
Instances where remote networks only allow specific IP addresses
Situations where translation is desired for some services, and not for others Environments where address translation rule base order must be manipulated When port address translation is required Environments where granular control of address translation between internal networks is required When a range of IP addresses rather than a network will be translated |
|
When a automatic NAT rule is created the ARP table is updated automatically.
|
True
|
|
When an automatic NAT rule is created the routing table is automatically updated?
|
True
|
|
When client side translation is implimented what anti spoofing issues exist with manual NAT.
|
None
|
|
What 4 VOIP protocols can VPN-1 be configured to support?
|
SIP (Session Initiation Protocol)
H.323 SCCP (Skinny Call Control Protocol ) MGCP (Media Gateway Control Protocol ) |
|
What Protocol makes it to where only IP soft phones can be used?
|
SIP
|
|
WWhat do you need to do first before enabling VOIP traffic?(p254)
|
Configure an object in the VPN-1 database that represents the proxy or VOIP domain.
|
|
What services must be used in a explicitly defined SIP rule?
|
sip and sip_any
|
|
can sip and sip_any be used in the same rule? (p255)
|
No they contradict each other.
|
|
What are the 4 architectural elements H.323 does VPN-1 support?(p256)
|
IP Phones
Convential telephones Gatekeeper Gateway |
|
Gateway Keeper and gateway are defined in SmartDashboard as _________
|
host nodes that manage a VOIP domain.
|
|
IP Spoofing should be configured on all gateway interfaces?
|
True (p263)
|
|
What is a typical use of multi casting?
|
To distribute real time audio and video to a set of hosts that have joined a distributed confrence.
|