How do you block some seldom-used FTP commands, such as CWD, and FIND from passing
through the Gateway?
A. Add the restricted commands to the aftpd.conf file in the Security Management Server.
B. Modify the desired profile in the FTP commands under Protection Details in the IPS tab.
C. Configure the restricted FTP commands in the Security Servers screen of the Global Properties.
D. Enable FTP Bounce checking / Application Intelligence / Protocol Protections from the IPS tab.
Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:
A. Malware Scan protection
B. Sweep Scan protection
C. Host Port Scan
D. Malicious Code Protector
What is the meaning of the option Connect to the Internet?
A. SmartDashboard will retrieve information from Check Point over the Internet. No information will be sent.
B. SmartDashboard will retrieve information from Check Point over the Internet. Your information will be sent anonymously to Check Point.
C. SmartDashboard will retrieve information from Check Point over the Internet using your User Center login.
D. SmartDashboard will retrieve information from Check Point over the Internet.
Refer to the network topology below.
A. All of these options are possible.
B. The attacker may have used a bunch of evasion techniques like using escape sequences instead of cleartext commands. It is also possible that there are entry points not shown in the network layout, like rogue access points.
C. Since other Gateways do not have IPS activated, attacks may originate from their networks without anyone noticing.
D. An IPS may combine different detection technologies, but is dependent on regular signature updates and well-tuned anomaly algorithms. Even if this is accomplished, no technology can offer 100% protection.
Your online bookstore has customers connecting to a variety of Web servers to place or change orders and check order status. You ran penetration tests through the Security Gateway to determine if the Web servers were protected from a recent series of cross-site scripting attacks. The penetration testing indicated the Web servers were still vulnerable. You have checked every
box in the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. Configure the Security Gateway protecting the Web servers as a Web server.
B. Check the Products / Web Server box on the host node objects representing your Web servers.
C. Add Port (TCP 443) as an additional port on the Web Server tab for the host node.
D. The penetration software you are using is malfunctioning and is reporting a false-positive.
The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw- Chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how Matt can correct the problem.
A. Matt should assign the fw-chicago Security Gateway to the Chicago_Profile.
B. Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.
C. Matt should re-create the Chicago_Profile and select Activate protections manually instead of per the IPS Policy.
D. Matt should activate the Chicago_Profile as it is currently not activated.
If Victor wanted to edit new Signature Protections, what tab would he need to access in SmartDashboard?
A. QoS Tab
B. SmartDefense Tab
C. IPSec VPN Tab
D. IPS Tab
Using the output below, what does the red flag indicate for the MS08-067 Protection?
B. It indicates this protection is for a new 0-day vulnerability
C. It indicates this protection’s severity level was modified from the default setting by the administrator
D. It indicates this protection is a critical
In R71, how would you define a rule to block all traffic sent to or from Germany?
A. This action is not possible.
B. Create a policy rule with destination being a custom dynamic object representing Germany and action block. You must also create a rule in the opposite direction.
C. Create a country specific policy within IPS Geo Protections with Germany as the country, block as the action, and from and to country for direction.
D. Go to Policy / Global Properties / Geographical Protection Enforcement and add Germany to
the blocked countries list.
In a particular IPS protection in R76 in the Logging Settings, what does the Capture Packets option do?
A. This is not a valid selection in R76
B. Attaches a packet capture of the traffic that matches this particular protection to each log that the protection generates.
C. Starts a packet capture at the time of policy install to capture all of the traffic until this protection is hit.
D. Collects all of the logs for packets that have matched this protection within the last 30 days