MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R77 installation. You must propose a plan that meets the following required and desired objectives:

Required: Security Policy repository must be backed up no less frequently than every 24 hours.

Desired: Back up R77 components enforcing the Security Policies at least once a week.

Desired: Back up R77 logs at least once a week.

You develop a disaster recovery plan proposing the following:

* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.

* Configure the organization's routine backup software to back up files created by the command upgrade_export.

* Configure GAiA back up utility to back up Security Gateways every Saturday night.

* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.

* Configure an automatic, nightly logswitch.

* Configure the organization's routine back up software to back up the switched logs every night.

The corporate IT change review committee decides your plan:

Which is the lowest Gateway version manageable by SmartCenter R77?

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?

Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.

Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?

Where do you verify that UserDirectory is enabled?

Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R77 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?

You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Which three of the following are ClusterXL member requirements?

1) same operating systems

2) same Check Point version

3) same appliance model

4) same policy

To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command

What is Check Point's CoreXL?

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

What should John do when he cannot access the web server from a different personal computer?

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?

You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?

Which command will only show the number of entries in the connection table?

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.

Which of the following is NOT defined by an Access Role object?

To run GAiA in 64bit mode, which of the following is true?

1) Run set edition default 64-bit.

2) Install more than 4 GB RAM.

3) Install more than 4 TB of Hard Disk.

You have a diskless appliance platform. How do you keep swap file wear to a minimum?

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?