In which tab of an SMTP definition screen would you specify the maximum size of an email to be allowed through when using content security?

Answers:
A. General
B. Match
C. Action 1
D. Action 2 (correct)

Explanation:

As stated in the official CCSE Courseware, you can configure an option called 'Do not send mail larger than XX KB' in the 'Action 2' tab of the SMTP Resource Properties. From this tab, you can also strip mime types and certain attachment from the message by name. You can check this in Figure 11 at
page 10.8 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

How many attack types can be monitored by CPMAD?

Answers:
A. 6
B. 7
C. 8 (correct)
D. 9

Explanation:

'Check Point Malicious Activity Detection' (CPMAD) is a handy log analyzer. This feature aids in detection of unusual, potentially dangerous activities across a range of firewall modules. It can be used to detect 8 types of attacks, they are: syn attacks, anti spoofing, successive alerts, port scanning, blocked connections port scanning, login failure, successive multiple connections, land attack. See page 406-407 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.
Note:
CPMAD has been replaced by SmartDefense which currently protects against many more than 8 types of attack.

How would a Secure Client user log onto the policy server? (Choose all that apply)

Answers:
A. Click on the shortcut icon. (correct)
B. Pull down the file menu and click on login.
C. Pull down sites menu left click on policy server.
D. Pull down the policy menu and select "login to policy server". (correct)

Explanation:

You can login to a policy server from two places, the first is the icon in the far right of the Toolbar (Login to Policy Server), and the second is in the policy menu of Secure client, the option is 'Login to policy server'.
See Page 12.23 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

Which is NOT an icon present on the top left SecuRemote desktop screen?

Answers:
A. Sites/make new
B. Sites/connect (correct)
C. Sites/delete
D. Sites/properties

Explanation:

this is the only invalid option, if you go to the SecuRemote GUI and pass your cursor through the different icons you will see that we have 'make new site', 'delete site', 'site properties', what we don't have is 'Connect to Site'. You can also check this in the online NG documentation, see 'SecuRemote GUI'.

Which CVP anti-virus options are available? (Choose all that apply)

Answers:
A. None (correct)
B. Read only (correct)
C. Read/write (correct)
D. Write only

Explanation:

'Write Only' its not a valid option, the 3 valid options are: 'None' (no antivirus checking is performed), 'Read only' (A retrieved file is checked for viruses. If the file contains a virus, it is not retrieved , and finally 'Read/Write' (A retrieved file is checked for viruses. Detected viruses are removed and the file retrieval continues).
See Page 5.10 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

SecuRemote uses a site-to-site VPN type. True or false?

Answers:
A. True
B. False (correct)

Explanation:

This is absolutely false, since SecuRemote is engineered to provide Desktop secure connections from remote places, SecuRemote uses 'Client-to-Site' VPN's, for example, a user traveling through the country with his laptop needing access to the corporate intranet. With SecuRemote, he can connect to Internet an create a VPN from his laptop to access his headquarters, what type of VPN?, a Client-to-Site one.

What is NOT true about LDAP?

Answers:
A. The LDAP server is a module within Firewall 1. (correct)
B. It is a standard protocol.
C. FW1 uses AMC to configure accounts on an LDAP server.
D. It is based on a client/server model.

Explanation:

This is false, LDAP functionality is implemented in conjunction with an external server. What you create inside the policy editor is an 'LDAP Account Unit', but the real serve with user information is external, its not within FW1. An example of external LDAP servers is a Microsoft Active Directory implementation, Active directory is based in LDAP an its acceded through port 389. In the
properties of the LDAP Account Unit inside the Policy Editor, you can select the host, port, Login, password and your rights inside the external LDAP server.

Reply packets to a SecuRemote client must be routed through the same encrypting gateway that received the incoming packets. True or false?

Answers:
A. True (correct)
B. False

Explanation:

This is true, this behavior is needed because the negotiation of the encryption keys was made with that gateway, so if you reply packets to the SecuRemote client through another gateway that is not the original one, it will not know how to encrypt the information to make it valid for the SecuRemote client. Its an encryption matter.

When configuring an ARP entry in an windows server running a FW1. Which is the correct method?

Answers:
A. Add an entry into $FWDIR/state/local.arp of the form <IP address><TAB><External Mac address> and restart the server. (correct)
B. Add an entry into $FWDIR/state/local.arp of the form <External Mac address><TAB><IP address> and restart the server.
C. Add an entry into $FWDIR/state/arp.txt of the form <IP address><TAB><External Mac address> and restart the server.
D. Add an entry into $FWDIR/state/local.arp of the form <IP address><TAB><External Mac address>