Check Point Certified Security Administrator Examcram

(156-205)  

40. Static source mode translates the client's internal, invalid/reserved IP addresses to legal external IP addresses. Note that IP addresses have 1 to 1 relationship in static modes.

Static destination mode translates the server's legal external IP addresses to invalid/reserved internal IP addresses. Static destination mode is used when any server is located in the internal network with a private or invalid IP address, and being accessed from the Internet.

41. Spoofing makes it appear as if the packets have come from a genuine IP address, where as in reality they came from an unauthorized IP address.

42. Network Objects are defined as elements that come into contact with the network. Only Network Objects, that are used in the Rule Base, need to be defined in FireWall-1.

43. The available Server Objects are:

a.       UFP Server (URL Filtering Protocol Server): Used in defining a URI Resource.

b.      CVP Server (Content Vectoring Protocol Server): Used to examine the contents of packets.

c.       RADIUS Server: Used to provide authentication service and is based on UDP.

d.      TACACS: Also used to provide authentication services and is based on TCP.

e.       AXENT Defender: Used to provide authentication services.

f.        LDAP Account Units: This enables the Security Manager to integrate an LDAP compliant user database with FireWall-1 Authentication.

g.       CA (Certificate Authority) Server: Used to provide certificate authentication.

h.       Policy Servier: A SecuRemote Server, with added features.

44. If a new Log File is created, the currently open (old) Log File is closed and the is written to disk. The old Log File will have a name that contains the current date and time. Also, only one log file can be open at any given time in the Log Viewer.

45. The Log Viewer events can be viewed in any one one the three modes:

a.       Accouting

b.      Active Connections

c.       Security Log

46.1 There are four status conditions that a firewalled object can be placed in the System Status GUI. These are:

-         Installed: VPN/FireWall-1 is installed on this object and working properly.

-         Not installed:  VPN/FireWall-1 Module is not installed on this object.

-         Disconnected: VPN/FireWall-1 Module is installed but not responding

-         Untrusted: The management server you logged into is not the master of this object.

46.2 The following information is displayed in the System Status for each firewalled object:

1.      Policy name, and status of the policy

2.      Time and date that the security policy was installed on the firewalled object.

3.      Packets accepted, packets dropped and packets logged.

4.      Status update time and date

5.      Identification information of the firewalled object (Name, IP address).

6.      Type of installed module. Here four options available:

a)      VPN-1/FireWall

b)      FloodGate-1

c)      Compression

d)      High Availability

47. The type of transition notifications available to choose, when a Firewalled object changes state are:

i)        Alert

ii)      Mail

iii)     Snmp trap

iv)    User alert

48. An external group is a user group, the members of which are defined in an external LDAP directory server. An external group can also be used in a Security Policy in the same manner as that of a VPN-1/ FireWall-1 group.

49. CVP, Content Vectoring Protocol is used for content security.

50. There are two most commonly used FTPs. One is Active FTP and the other Passive FTP. The difference between active FTP and passive FTP is primarily on control and data ports used between the FTP server and the FTP client. FireWall-1 supports passive FTP.

51. The following steps uninstall a security policy:

1.      Select Policy -> Uninstall from the Security Policy GUI

2.      Ensure that all items are selected (all are selected by default)

3.      Click OK.

52. SYNDefender is a Check Point proprietary application that defends a corporate network from external denial-of-service attacks.

53. Content Vectoring Protocol (CVP) uses port number 18181.

      URI Filtering Protocol (UFP) uses port number 18182.

54. There are three ways that a User Database can be loaded into the FireWall-1 modules:

i)        Install the User Database by selecting Install Database from the Policy menu.

ii)      Install the User Database by clicking on Install button in the Users window.

iii)     You can also re-install the Security Policy (this includes User Database) by selecting Install from the Policy menu.

---00---                                       

The above notes is provided AS IS. ExamGuides.com assumes no responsibility about the accuracy or compliance with vendor's stated Exam objectives.