particular gateway?
A. The NAT screen of the gateway's properties configuration
B. The ADVANCED screen of the gateway's properties configuration
C. The VPN screen of the gateway's properties screen
D. The TOPOLOGY screen of the gateway's properties configuration
Answer: A
2. If CPMAD terminates, how can you restart it?
A. By using the GUI log client
B. It automatically starts itself
C. By using fw cpmadstart
D. By using fwstop/fwstart
Answer: D
3. Which is the correct format on a Windows platform to enable debug mode in fwd on an enforcement
module only server?
A. fwd -d -n
B. fwd -d
C. fw d -d -n
D. fw d -d
Answer: D
4. What is the name given to the globally unique ID associated with an entry in an LDAP sever?
A. Domain name
B. Distinguished name
C. Global property
D. Distinguished number
Answer: B
5. Which three files can be generated by a Unix core dump?
A. vmunix.
B. vmcore.
C. unixdump
D. core
Answer: A, B, D
6. In an LDAP database two entries cannot have the same common name (CN). True or false?
A. False
B. True
Answer: A
7.Which is NOT a valid entity in the LDAP tree structure?
A. OU
B. C
C. CN
D. CU
Answer: D
8. On a Windows NT FW-1 system, how would you increase the amount of memory allocated to the
kernel to 5MBytes?
A. Set the value of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\FW1\Parameters\Memory to
5000000
B. Type "# zap -s _fwhmem $FWDIR/modules/fwmod.o 5000000"
C. Type "set fw:fwhmem=5000000"
D. Type"# echo "fwhmem?W500000" | adb -w /stand/vmnt"
Answer: A
9. What is the result of not configuring CPMAD with enough memory?
A. Some attacks will not be detected
B. It will automatically grab more memory
C. It will automatically flush out old events to create more memory
D. It will exit
Answer: D
10.How often will SecuRemote check for the availability of a VPN gateway by default?
A. 60 secs
B. 120 secs
C. 30 secs
D. 90 secs
Answer: A
11.How much memory is reserved for the VPN-1/FW-1 kernel on a Nokia platform?
A. 5 MB
B. 15 MB
C. 3 MB
D. 10 MB
Answer: A
12.Where are MAD errors logged?
A. $FWDIR/bin/cpmad.err
B. $FWDIR/log/cpmad.err
C. $FWDIR/alert/cpmad.err
D. $FWDIR/conf/cpmad.err
Answer: B
13.What port does LEA use?
A. 18182
B. 18184
C. 18181
D. 18183
Answer: B
14.On which module(s) does CPMAD run?
A. An external server
B. The management module
C. The Checkpoint GUI
D. The enforcement module
Answer: B
15.Which of the following are termed CPMAD global parameters?
A. MAD_Memory
B. MAD_syn_attack_action
C. MAD_number_of_connection_attempts
D. MAD_anti_spoofing_mode
Answer: A, C
16.What does "resolver_ttl" do in relation to SecuRemote configuration?
A. Specifies the interval in seconds between RDP status queries
B. Specifies that RDP status queries are sent automatically
C. Specifies the number of seconds that a Securemote client waits for a reply to a RDP status query
D. Controls the time to live when accessing a DNS server
Answer: C
17.Where would it be best to locate a CVP server?
A. On an internal user lan network
B. On a firewalled gateway
C. On a separate isolated segment or DMZ
D. On a remote network
Answer: C
18.Which default ports are used by LDAP?
A. Port 636 for a standard connection
B. Port 389 for a standard connection
C. Port 389 for a SSL connection
D. Port 636 for a SSL connection
Answer: B, D
19.What is a land attack?
A. It causes incomplete TCP connections
B. It involves gaining access by imitating an authorized IP address
C. It involves scanning for ports on an IP address that will allow access
D. It causes a server to send packets to itself
Answer: D
20.By default a Windows NT platform enables both TCP/IP and IPX. What does FW-1 do with any IPX
traffic?
A. Logs it, then drops it
B. Allows it through without being inspected
C. Drops all traffic regardless
D. Inspects the traffic and decide whether to allow it through
Answer: B
21.When exporting a user database using the "fw dbexport" command. What is the default file used?
A. $FWDIR/user/def_file
B. $FWDIR/conf/user_def_file
C. $FWDIR/bin/user_def_file
D. $FWDIR/conf/user_export_file
Answer: B
22.Which debug option will gather information regarding the accept or drop action performed on
traffic?
A. ioctl
B. packet
C. driver
D. kbuf
Answer: B
23.In a load sharing SEP configuration, what mechanism is used to ensure that each gateway sees all the
traffic it needs to?
A. The gateway cluster IP address is used
B. The receiving gateway forwards the packets to the others
C. All packets are broadcast
D. Each gateways is sent the packets separately
Answer: A
24.Addresses allocated from an IP pool remain allocated for a configurable period, even after all
connections to that address are closed. What is the default time before the address is returned to the
pool?
A. 120 mins
B. 180mins
C. 30 mins
D. 60 mins
Answer: D
25.What is the maximum limit to the number of secondary management modules allowed?
A. No limit
B. 4
C. 2
D. 1
E. 8
Answer: A
26.Which two CPMAD parameters are directly used to determine if an attack is taking place?
A. Resolution
B. Action
C. Time_interval
D. Repetitions
E. Mode
Answer: C, D
27.Which command would you use to copy a user database file into VPN-1/FW-1?
A. dbimport
B. fwm dbimport -s "o=city,c=country"
C. fwm dbexport
D. fwm dbimport -f
Answer: D
28.Where can a User Authority Server be installed?
A. A Windows machine with just a FW-1 enforcement module installed
B. A Solaris machine with just a FW-1 management module installed
C. A Solaris or Windows machine with any FW-1 module installed
D. A Windows Domain Controller
Answer: C, D
29.In the following DN, which part is the root?
CN= John Doe, ou= Sales, o= Acme Corp, C= US
A. Acme Corp
B. John Doe
C. Sales
D. US
Answer: D
30.In a high availability management module environment, each management module can function as an
individual certificate authority. True or false?
A. True
B. False
Answer: B
31.Which file would you modify in order to enable and configure CPMAD?
A. $FWDIR/bin/cpmad_config.conf
B. $FWDIR/conf/cpmad.conf
C. $FWDIR/conf/cpmad_config.conf
D. $FWDIR//cpmad/config.conf
Answer: C
32.In a SEP HA environment not using load sharing, the external interfaces of each cluster member must
have the same IP address. True or false?
A. False
B. True
Answer: B
33.Which command opens a connection to an LDAP server, binds, and performs a search, returning one
or more entries as a result?
A. fw ldapmodify
B. ldapsearch
C. fw ldapcompare
D. fw ldapfind
E. fw ldapsearch
Answer: B
34.Please look at the exhibit, which is a sample output from a "fw ctl pstat" command.
What is the amount of memory allocated for the use by such entities as the state tables?
A. 3072000 bytes
B. 103246 bytes
C. 62857216 bytes
D. 4171460 bytes
Answer: D
35.Which files are useful in the case of a Windows NT Dr. Watson error?
A. WINNT\memory.dmp
B. WINNT\drwtsn32.log
C. WINNT\system.dmp
D. WINNT\user.dmp
Answer: A, B, D
36.How would you perform a manual synchronization in a HA management module environment?
A. On the primary login and click on the "synchronize me" button of the HA management manager
window
B. Perform the "fw hamansync" command
C. On the secondary login and click on the "synchronize me" button of the HA management manager
window
D. On the primary use Policy editor > Policy > Management high availability > click on the
"synchronize" button
Answer: C, D
37.You can tell if CPMAD is enabled because you see the message
"FireWall-1: Starting cpmad (Malicious Activity Detection)"
when you perform a fwstart. True of false?
A. False
B. True
Answer: A
38.When are the statistics provided by the fw ctl pstat command reset?
A. After restarting FW-1
B. Whenever you purge the log file
C. On a reboot
D. On entering the command "fw ctl clear"
Answer: A, C
39.Why would you disable NetBEUI on a FW-1 Windows Platform?
A. It can cause FW-1 to crash
B. It clashes with internal FW-1 protocols
C. It is an inefficient protocol
D. It is a security risk
Answer: D
40.For most efficient rulebase operation, which of the following objects would it be preferable to use if
you have many contiguous addresses to translate using static NAT? Assume you could validly use any
of them.
A. Network
B. Workstation
C. Range
Answer: A
