Check Point Certified Security Engineer CP 2000
Exam Questions, Answers,
Hello every body , feeling
free to clear my paper and sending some questions
from my paper which were exactly the same ones which
i got from www.examcheets.com
________ is a globally unique name of an entry in
a LDAP directory structure.
A. CN - Common Name
B. DCN - Distinguished Common Name
C. RDN - Relative Distinguished Name
D. DN- Distinguished Name
E. O - Organization
When defining a new user group in CP2000 VPN-1/FireWall-1,
you can nest groups inside of groups to create group
hierarchy, but you can NOT modify the contents of
the nested group in the new group's property settings.
In a MEP configuration, using the Check Point VPN-1/FireWall-1
High Availability solution, each participating gateway
must use ________.
C. The same IP pool address.
D. Unique IP pool addresses.
E. Third party redundant gateway software.
Which command do you run to verify that state tables
on primary and secondary firewalls are being synchronized?
A. $FWDIR/bin/base tab -t connections -s
B. $FWDIR/fw tab -t connections -s
C. $FWDIR/bin/fw tab -s connections -t
D. $FWDIR/bin/fw tab -t connections -s
E. $FWDIR/bin/base tab -s connections -t
Before you can implement SEP, you must disable state
synchronization between gateways of the backup gateways
will be unable to continue connections that were originally
handles by the failed gateway?
If the state tables on two or more gateways are synchronized
for VPN failover, the gateways are defined as members
A. An IP pool.
B. A MEP configuration.
C. A gateway cluster.
D. A network range.
E. A proper subset.
When you configure overlapping encryption in a proper
subset configuration, SecuRemote packets should be
_______ as they pass through the exterior gateway(s)
to the internal subset domains.
Assume you have a SecuRemote client who is trying
to connect to a server in a fully overlapping encryption
domain. The client can connect to the server through
Gateway A, but the host's reply packet are being sent
to default gateway, Gateway B. Which of the following
is an appropriate solution to this problem?
A. Set IP Pool addresses routable to Gateway A or
B. Use DHCP on the internal network.
C. Use Manual IPSEC encryption.
D. Disable IP Pools on the primary gateway.
E. Include the SecuRemote host as a member of the
To reduce the effectiveness of traffic sniffing inside
the LAN, internal users should have _______ installed
on their desktop.
A. Session Authentication Client
C. Real Secure
E. Policy Server
You are logging into a Policy Server in order to update
or download a new Desktop Policy. Which of The following
requires the user to initiate an EXPLICIT LOGIN?
C. SecuRemote Server
D. Policy Server
E. Firewall Administrator
Of the following menu options, which is specific to
Which parameter specifies the number of seconds SecureClient
will wait for a reply on an RDP status query before
concluding the gateway is unavailable?
A. keep alive
In the VPN-1/FireWall-1 software, the only encryption
schemes that are supported by SecuRemote are:
A. FWZ, IKE and SKIP
B. FWZ, and IKE
C. FWZ, IKE, and Manual IPSec
D. IKE and SKIP
E. IKE and Manual IPSec
For FWZ encryption, a user's authentication method
is defined in the _______ tab.
Perfect Forward Security requires replacing keys on
a very frequent basis. This guarantees that an eavesdropper
uncovering a long-term encryption key will be unable
to decrypt future traffic.
You are implementing a firewall-to-firewall VPN using
IKE. Assuming that the default property settings are
unchanged, the following Rule Base would correctly
implement the IKE encryption scheme.