Check Point CCSE NG
Exam Questions, Answers, Braindumps
Today cleared, I prepar it fromwww.examcheets.com
I had no probs in my test.
Question No 1
Which of the following statements about IKE Encryption
are TRUE? (Choose three)
A. The final packet size is increased after it is
B. TCP and IP headers are encrypted, along with the
C. IKE uses in-place encryption.
D. IKE can use the FWZ1 encryption algorithm.
E. IKE uses tunneling encryption.
Answer: A, B, E
Question No 2
When upgrading a configuration to NG with Application
Intelligence: (Choose the FALSE answer)
A. Upgrade the SmartConsole.
B. Upgrade each module's version in SmartDashboard
C. Upgrade the VPN-1/Firewall-1 Enforcement Modules.
D. Copy $FWDIR/state from one version of VPN-1/FireWall-1
to another version of VPN-1/FireWall- 1.
E. Upgrade the SmartCenter server. The version is
set during the upgrade.
Question No 3
When you upgrade VPN-1/FireWall-1, what components
are carried over to the new version? (Choose two)
B. VPN-1/FireWall-1 database
C. OPSEC database
D. Backward Compatibility
E. Rule Base
Answer: A, B
Question No 4
Which of the following is NOT a function of the Internal
Certificate Authority (ICA)?
A. Provides certificates for users and Security Administrators.
B. Generated certificates for HTTPS Web server.
C. Establishes SIC between OPSEC applications and
Check Point products.
D. Authentications SecureClient traffic to Enforcement
Modules for VPNs.
E. Establishes SIC between Check Point products.
Question No 5
Which of the following FTP Content Security settings
prevents internal users from sending corporate files
to external FTP Servers, while allowing users to retrieve
A. Use an FTP resource, and enable the GET and PUT
B. Use an FTP resource and enable the GET method.
C. Use an FTP resource and enable the PUT method.
D. Block FTP_PASV.
E. Block all FTP traffic.
Question No 6
All of the following are steps for implementing UFP,
A. While the UFP Server is analyzing the requests,
the Enforcement Module HTTP Proxy Server initiates
a request to the destination. The HTTP Proxy server
then waits for a response from the UFP Server before
allowing the request.
B. The client invokes a connection through the VPN-1/FireWall-1
C. The Content Server inspects the URLs and returns
the validation result message to the Enforcement Module.
D. The Enforcement Module takes the action defined
in the Rule Base for the resource.
E. The Security Server uses UFP to send the URL to
a third-party UFP Server categorization.
Question No 7
The _______ algorithm determines the load of each
physical server and requires a Load Measuring Agent
be installed on each server.
A. Server Load
B. Server Relay
C. Round Robin
E. Round Trip
Question No 8
Which of the following is NOT a method of Load Balancing
A. Domain Load Balancing
B. Round Robin
C. Server Load
D. Round Trip
E. Quantum Load Balancing
Question No 9
Which of the following does NOT require definition
for a Voice over IP (VoIP) Domain SIP object?
A. SIP Proxy
B. IP Address Range
C. VoIP Gateway
D. Related Endpoint Domain
Question No 10
Which of the following is NOT a valid VPN configuration
option available in the VPN Manager of the Simplified
C. Remote Access
D. Star with Meshed Center
Question No 11
Which of the following is TRUE if the relationship
between the RemoteAccess VPN Community and the Security
Policy Role Base?
A. The RemoteAccess VPN Community defines VPN connection
parameters for SecuRemote connections. The Security
Policy Rule Base is used to allow access to protected
B. The RemoteAccess VPN Community is used to allow
access to protected resources. The Security Policy
Rule Base is used to define VPN connection parameters
for SecuRemote connections.
C. The Security Policy Rule Base is used to define
VPN connection parameters for SecuRemote connections
and is used to allow access to protected resources.
The RemoteAccess VPN Community applies only to SecureClient.
D. The RemoteAccess VPN Community defined VPN connection
parameters for SecuRemote connections and is used
to allow access to protected resources. Security Policy
rules are not defined for SecuRemote.
Question No 12
Jacob configured a meshed VPN Community, with VPN
properties set as shown below. Which of the following
statements are TRUE? (Choose two)
A. Jacob is using the default VPN property settings
for a VPN-1/FireWall-1 meshed VPN Community.
B. Jacob's community will perform IKE Phase 1 key-exchange
encryption, using the longest key VPN- 1/FireWall-1
C. Jacob must change the data-integrity settings for
this VPN Community. MD5 is incompatible with AES.
D. If Jacob changes the setting Perform IPsec data
encryption with: from AES-128 to 3DES, he will increase
the encryption overhead.
E. If Jacob changes the setting, Perform key exchange
encryption with: from 3DES to DES, he will enhance
the VPN Community's security and reduce encryption
Answer: A, B
Note: Uncertainty due to missing exhibit. B, D also
Question No 13
Which of the following statements BEST explains the
difference between VPN-1/FireWall-1 logs and alerts?
The difference between VPN-1/FireWall-1 logs and alerts
A. Log entries contain detailed information about
traffic. Alerts contain only brief descriptions of
problems. And links to the appropriate log entries.
B. Log entries are recorded in SmartView Tracker,
and are persistent. Alerts appear only in SmartView
Status, and are not persistent.
C. Logs are recorded sequentially, by date and time
received. Alerts are arranged by priority and magnitude.
D. Logging allows a Security Administrator to view
historical connection information. Alerts are realtime
and can be applied to a Security Policy's predefined
E. Logs are generated for explicit rules, defined
by Security Administrators in the Security Policy.
Alerts are automatically generated by implicit rules,
created as a result of Global Properties settings.
Question No 14
Which of the following statements BEST describes the
difference between VPN Domains and VPN Communities?
A. A VPN Domain is a network, or group of networks,
protected by and Enforcement Module. A VPN Community
is a collection of VPN Domains and the VPN tunnels
B. A VPN Domain is a remote-access VPN, consisting
of a group of SecureClients and their associated Enforcement
Module. A VPN Community is a collection of Enforcement
Module-to-Enforcement Module VPNSs.
C. VPN Domains are used in Microsoft environments,
and allow VPN-1/FireWall1- to communicate with Domain
Controllers. VPN Communities are used in Unix environments,
to allow VPN- 1/FireWall-1 to communicate with authentication
D. VPN Domains specify encryption properties and access
restrictions for users. VPN Communities detail encryption
properties and access restrictions, for machines and
E. VPN Domains are used for Security Policies created
in traditional mode. VPN Communities are used in simplified
mode. VPN Domains are not available, if simplified
mode is used.
Question No 15
Ken us assisting a user whose SecurityClient password
has expired. The SecureClient user can no longer access
resources in the VPN Domain. Which of the following
solutions is likely to resolve the issue?
A. Ken must ask the VPN-1/FireWall-1 Security Administrator
to change the setting Password Expires to a date in
the future. Users cannot adjust their SecureClient
B. Ken should as the user to change his password,
using the New Password option on SecureClient's Passwords
menu. The user can change his password, then stop
and start SecureClient.
C. If the SecureClient password is allowed to expire,
the software will no longer function. Ken should help
the user uninstall and reinstall SecureClient. The
user will be prompted to supply a new password during
D. When the SecureClient password expires while a
session is in progress, the session will not exit
properly. Ken should ask the user to shut down and
restart his computer. The user will be prompted to
supply a new password after login.
E. The user must edit the userc.C file, to change
the expiration date on his password. Ken should help
the user make the necessary modifications to the userc.C
file, using a text editor that does not insert Unicode
Question No 16
VPN-1/FireWall-1 can be configured to enable Voice
over IP (VoIP) traffic in which of the following environments?
D. DiffServ QOS
Answer: A, E
Question No 17
Which of the following is NOT a feature or quality
of a hash function?
A. It is mathematically infeasible to derive the original
message from the message digest.
B. The hash function is irreversible.
C. It is mathematically infeasible for two different
messages to produce the same message digest.
D. The hash function forms a two-way, secure communication.
E. Encrypted with the sender's RSA private key, the
hash function forms the digital signature.
Question No 18
Which of the following is NOT a method used to configure
A. With SIP Proxies.
B. With a SIP Gatekeeper to a network without a proxy.
C. From a network without a proxy to a network with
D. With a proxy for internal communications.
E. Without SIP Proxies.
Question No 19
You are importing a URI specification file from the
Match tab on the URI Resource Properties screen. Where
is the editable URI specification file stored?
A. Policy Server
B. SmartView Monitor
C. Enforcement Module
D. SmartCenter Server
E. Enterprise Log Module