Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
85 Cards in this Set
- Front
- Back
Determining how and what resources are accessed is:
|
Access Control
|
|
Determining who can access resources is:
|
User Authentication
|
|
What is the SmartConsole client application that administrators use to define and apply security policies to specific gateways?
|
SmartDashboard
|
|
What technology provides full application level awareness comprehensive access control?
|
Stateful Inspection
|
|
(T/F) You cannot specify and define custom services.
|
False
|
|
Where is the information that is extracted from all application levels and used for security decisions maintained?
|
Dynamic state tables
|
|
Communication Hardware/Media such as Ethernet cards, cables, and hubs are examples of which layer of the OSI Model?
|
Physical - Layer 1
|
|
MAC addresses that are assigned to network interfaces are represented in what layer of the OSI Model? A switch that does not perform routing functions in this layer.
|
Data Link - Layer 2
|
|
Addresses that are logical in nature (IP) are represented in what layer of the OSI Model? A router functions in this layer.
|
Network - Layer 3
|
|
What layer of the OSI Model represents where specific network applications and communication sessions are identified using ports or endpoints.
|
Transport - Layer 4
|
|
Which layers of the OSI Model are considered by Check Point to represent end-user applications and systems?
|
Layers 5, 6, and 7.
|
|
What 3 technologies are used to allow or deny network traffic?
|
Packet filtering, stateful inspection, and application intelligence.
|
|
What firewall technology controls access to specific network segments based on addresses, ports, and protocols only and is considered the least secure type?
|
Packet filtering
|
|
What firewall technology incorporates layer 4 awareness, examination of the contents of the packet, and context established by previous packets into standard packet filtering?
|
Stateful Inspection
|
|
How do stateful inspection firewalls provide security against port scanning?
|
By closing all ports until a specific port is requested.
|
|
What is the CLI command used to see a list of the state tables in short format?
|
fw tab -s
|
|
What is the mechanism for extracting the state related information from all application layers and maintaining the information in dynamic state tables?
|
the INSPECT engine.
|
|
(T/F) the INSPECT engine enforces security policies on the firewall.
|
True
|
|
What firewall technology is a a set of advanced capabilities, integrated into the firewall and IPS, that detect and prevent application-level attacks
|
Application Intelligence
|
|
(T/F) Many attacks aimed at network applications actually target the network and transport layers
|
True
|
|
The security gateway kernel is placed between which layers of the OSI Model
|
Layers 2 and 3
|
|
(T/F) Packets are processed by higher protocol-stack layers if they do no comply with security policies.
|
False
|
|
(T/F) I will not study the packet flow on page 19.
|
False
|
|
What are 3 reasons a firewall must be aware of the network topology?
|
To correctly enforce policy
To ensure the validity of inbound/outbound IP addresses To configure a special domain for VPNs |
|
What is used to isolate servers that are accessible by untrusted sources?
|
Demilitarized Zone (DMZ)
|
|
With the exception of a few specific applications, what should servers in the DMZ not be permitted to do?
|
Initiate connections into the internal network
|
|
What mode allows for the placement of a firewall without changing existing IP routing?
|
Bridge Mode
|
|
Bridge mode is supported on which OS?
|
SPLAT
|
|
Check Point provides security for the four most critical layers of network security. What are they?
|
Network perimeter, network core, Web, and endpoints.
|
|
What single application is used to provide all necessary elements to complete the unified approach to security management?
|
SmartConsole
|
|
What are the software modules and blades that SmartConsole uses to manage security gateway components? (11)
|
SmartDashboard, SmartMap, SmartView Tracker, SmartView Monitor, Eventia Reporter, Eventia Analyzer, SmartProvisioning, SmartUpdate, Manage Endpoint Security Server, Workflow, IPS
|
|
(T/F) In SmartDashboard all object definitions are shared among all applications for efficient policy creation and security management.
|
True
|
|
What are the 9 tabs in SmartDashboard?
|
Firewall, NAT, IPS, Anti Spam & Mail, Anti-Virus & URL Filtering, SSL VPN, IPSec VPN, QoS, Desktop
|
|
What tab in SmartDashboard provides parameters useful for defining the Rule Base for your networks and is where you specify how connections are allowed, disallowed, authenticated, or encrypted.
|
Firewall
|
|
What is the Security Policy visualization tool that provides a graphical map of an organization's security deployment?
|
SmartMap
|
|
What is the module that provides real-time historical and visual tracking, monitoring, and accounting information for all logged connections?
|
SmartView Tracker
|
|
(T/F) In the case of an attack or otherwise suspicious network activity, Security Admins can use SmartView Tracker to temporarily or permanently terminate connections from specific IP addresses.
|
True
|
|
In Tracker, what tab shows entries for security-related events for Check Point and OPSEC products?
|
Network & Endpoint
|
|
In Tracker, what tab shows active connections?
|
Active
|
|
(T/F) Using the active tab in SmartView tracker does not increase cpu load on the firewalls.
|
False
|
|
In Tracker, what tab tracks changes made in Dashboard?
|
Management
|
|
What is used to Web-based administration of the SMS?
|
SmartPortal
|
|
What is used to encrypt connections to the SmartPortal Web Interface?
|
SSL
|
|
What is an open industry standard for user management and is widely accepted as the directory-access method of the Internet?
|
LDAP
|
|
When integrated with Check Point's Security Management, LDAP is referred to as:
|
SmartDirectory
|
|
What provides a single, central interface for viewing network activity and performance of Check Point applications in real-time?
|
SmartView Monitor
|
|
(T/F) Monitor can be used to monitor and generate reports for traffic on different Check Point components.
|
True
|
|
(T/F) Monitor cannot perform VPN performance analysis.
|
False
|
|
(T/F) Monitor can compare actual VPN performance to SLAs.
|
True
|
|
What are the 5 key features of Monitor?
|
Gateway Status
Traffic/System Counters Tunnels Remote Users Cooperative Enforcement |
|
What is a user-friendly solution for analyzing and auditing traffic?
|
Eventia Reporter
|
|
What provides centralized, real-time, event correlation and management of log data?
|
Eventia Analyzer
|
|
(T/F) Eventia Analyzer cannot detect threats by recognizing pattern anomalies that appear when correlating data over time.
|
False
|
|
What provides centralized administration and provisioning of Check Point devices from a single SMS or P-1 CMA?
|
SmartProvisioning
|
|
What does SmartProvisioning use to define most of the Gateway properties?
|
Profiles
|
|
What is used to maintain a license repository and to facilitate upgrading Check Point software?
|
SmartUpdate
|
|
How many administrators must have read/write permissions to manage the security policy?
|
1
|
|
What major attributes are defined during the configuration process that occurs immediately after the initial stages of the SMS installation?
|
The definition of administrators
The fingerprint Features such as Management HA |
|
What are the three components of a typical Check Point deployment?
|
Security Gateway, Security Management Server, and SmartConsole
|
|
The deployment consisting of the SMS and Gateway installed on the same machine is called:
|
Stand-alone deployment
|
|
The deployment consisting of the SMS and Gateway installed on separate machines is called:
|
Distributed deployment
|
|
What does Check Point recommend for managing licenses?
|
SmartUpdate
|
|
A set of policies (Security, QoS, etc.) that are enforced on selected Gateways is called:
|
a Policy Package
|
|
What defines the rules and conditions that govern which communication is permitted to enter and leave the organization
|
Security Policy
|
|
(T/F) A log server cannot be installed on the same machine as the SMS.
|
False
|
|
What does a User's definition include?
|
access permissions to/from specific machines at specific times of the day.
|
|
Where can a user definition be used in the Rule Base?
|
Authentication rules and Remote Access VPN.
|
|
What are the 2 ways to deliver the Users Database from the SMS to a Management Software Blade enabled Check Point host?
|
Policy Push
By selecting Policy > Install Database.. |
|
(T/F) Security Gateways that do not include the Management Software Blade receive the Users Database
|
False
|
|
(T/F) The Users Database includes users defined externally to the SMS (LDAP, etc)
|
Flase
|
|
What are administrator groups used for?
|
To specify which admins have permissions to install policies on specific gateways.
|
|
(T/F) You can create a Check Point administrator account by creating an administrator in SPLAT.
|
False
|
|
What is used in the administrator accounts or groups to assign access and permissions?
|
Permissions Profile
|
|
In the Permissions Profile, administrator access is allowed via: (2)
|
Management Portal and SmartConsole
Management Portal Only |
|
What are the 5 permission levels in the Permissions Profile
|
None
Read/Write All Manage Administrators Read Only All Customized |
|
Where is administrator authentication configured?
|
in the Admin Auth tab of the Administrator Properties window.
|
|
What is best practice with regard to Administrator configuration?
|
Different administrator types are set up using Permission Profiles and a single cpconfig admin account is locked in a safe place.
|
|
What is the Check Point feature that ensures components such as firewalls and SMSs can communicate freely and securely?
|
Secure Internal Communications (SIC)
|
|
What security measures are taken to ensure the safety of SIC? (3)
|
Certificates for authentication
Standards based SSL for the creation of the secure channel 3DES for encryption |
|
When is the ICA created?
|
During the SMS installation process.
|
|
What does the ICA issue certificates for? (3)
|
SIC
VPN Certificates for Gateways (tunnels) Users (remote access, clientless VPN, etc) |
|
What are the 3 clients that are used for configuring the ICA?
|
cpconfig, SmartDashboard, and ICA Management Tool.
|
|
What ICA operations are configured using SmartDashboard? (4)
|
The Certificate Revocation List (CRL)
SIC Certificates VPN Certificates User Certificates managed in the internal database. |
|
The SMS and its components are identified by their SIC name, also know as:
|
Distinguished Name
|
|
(T/F)Administrative login to the SMS uses SIC.
|
True
|