What happens when an Administrator activates the DLP Portal for Self Incident Handling and enters its fully qualified domain name (DNS name)?
A. Connections created between the user and the DLP Gateway when clicking links within e-mail notifications to send or discard quarantined e-mails (matched for an Ask User rule) are encrypted.
B. The daemon running DLP Portal starts to run and can cater requests from users’ browsers (following links from e-mail notifications) and from Check Point UserCheck.
C. The DLP Gateway can now notify Data Owners about DLP incidents.
D. UserCheck is activated.
You just upgraded to R71 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?
A. new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.
B. As in SmartDefense, this can be achieved by activating all the critical checks manually.
C. The new IPS system is based on policies and gives you the ability to activate al checks with critical severity and a high confidence level.
D. This can’t be achieved; activating any IPS system always causes a high rate of false positives.
You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user’s system is infected with a worm. Will you get all the information you need from these actions?
A. Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
B. No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of the traffic.
C. No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
D. No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research.
You need to verify the effectiveness of your IPS configuration for your Web server farm. You have a colleague run penetration tests to confirm that the Web servers are secure against traffic hijacks. Of the following, which would be the best configuration to protect from a traffic hijack attempt?
A. Enable the Web intelligence > SQL injection setting.
B. Activate the Cross-Site Scripting property.
C. Configure TCP defenses such as Small PMTU size.
D. Create resource objects for the Web farm servers and configure rules for the Web farm.
You need to determine if your company’s Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?
A. Successive alerts
B. Successive DoS attacks
C. Successive multiple connections
D. HTTP protocol inspection
You are responsible for the IPS configuration of your Check Point firewall. Inside the Denial of service section you need to set the protection parameters against the Teardrop attack tool with high severity. How would you characterize this attack tool? Give the BEST answer.
A. Hackers can send high volumes of non-TCP traffic in an effort to fill up a firewall State Table. This results in a Denial of Service by preventing the firewall from accepting new connections. Teardrop is a widely available attack tool that exploits this vulnerability.
B. A remote attacker may attack a system by sending a specially crafted RPC request to execute arbitrary code on a vulnerable system. Teardrop is a widely available attack tool that exploits this vulnerability.
C. Some implementations of TCP/IP are vulnerable to packets that are crafted in a particular way (a SYN packet in which the source address and port are the same as the destination, i.e., spoofed). Teardrop is a widely available attack tool that exploits this vulnerability
D. Some implementations of the TCP/IP IP fragmentation re-assembly code do not properly handle overlapping IP fragments. Sending two IP fragments, the latter entirely contained inside the former, causes the server to allocate too much memory and crash. Teardrop is a widely available attack tool that exploits this vulnerability.
Which application is used to create a File-Share Application?
A. SmartDashboard (SSL VPN Tab)
B. SmartPortal WebUI (File-Share Tab)
C. SSL VPN Portal WebUI (File-Share Tab)
D. Provider-1 MDG (Global VPNs Tab)
Which procedure will create an Internal User?
A. In the Users and Administrators tab, right click Users and click SSL VPN User
B. In the General Properties of the gateway, click the SSL VPN check box. The SSL VPN Blade Wizard will launch and Step 2 will allow adding new users who will be imported from a RADIUS server.
C. From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click New User I Default
D. In the Users and Administrators tab, click User Groups I Clientless-vpn-user and add the SSL VPN user to the Clientless-vpn-user group
With is the SmartEvent Correlation Unit’s function?
A. Assign severity levels to events.
B. Display received threats and tune the Events Policy
C. Invoke and define automatic reactions and add events to the database.
D. Analyze log entries, looking for Event Policy patterns.
Which version is the minimum requirement for SmartProvisioning?
A. R65 HFA 40