Checkpoint 156-915.70 Exam Tips
Secure Client requires that the client is a remote access workstation. True or false?
Answers:
A. True
B. False (correct)
Explanation:
Here is what the official CCSE NG documentation says, 'Checkpoint VPN1 Secure Client extends security to the desktop by enabling the enforcement of a security policy in computer desktops both inside and outside the local area network. Secure Client and the Policy server protects servers and desktops from both external and internal attackers with enforceable security policies to the desktop.'
See Page 12.1 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
Which port does CPMAD use for communication to an LEA server?
Answers:
A. 18181
B. 18182
C. 18183
D. 18184 (correct)
Explanation:
This can be checked in the Checkpoint NG online documentation, CPMAD is a piece of software that allows the NG logs to be analyzed in the search of patterns of some well-known network attacks. CPMAD establish communication with the LEA through port 18183 TCP. LEA means 'Log export API', it allows applications to access information contained in the Checkpoint NG logs, CPMAD needs this for the analysis.
What are valid advantages of binding a Secure Client user id to an IP address? (Choose all that apply)
Answers:
A. It prevents spoofing.
B. It ensures that the user does not have more than one session active.
C. When a user connects from a different IP address than last time then it forces re-authentication. (correct)
D. The same user can connect from more than one workstation. (correct)
Explanation:
With the binding of a user ID to an IP address, you can force re-authentication when a user connects from another machine, this is because the binding will not match, this feature can increase security. Another benefit is that the user can connect from different workstation in a secure fashion because the binding functionality provides re-authentication as stated above. See 'Secure Client Binding' in the Secure Client Documentation.
Which of the following is NOT a CPMAD global configuration parameter, ie is specific to a particular alert?
Answers:
A. MAD_system_mode
B. MAD_successive_alerts_mode (correct)
C. MAD_memory
D. MAD_clean_interval
E. MAD_number_of_connection_attempts
F. MAD_interval_between_connection_attempts
Explanation:
Option B is not a global configuration parameter for CPMAD, the global configuration is changed through 'cpmad_confir.conf' file, all the other parameter are valid in this file. The 'MAD_system_mode' enables and disables CPMAD, 'MAD_memory' is the amount of memory in bytes allocated to the MAD process. 'MAD_clean_interval' define the amount of time that old attacks will be stores in MAD memory tables. 'MAD_number_of_connection_attempts' define the number of times MAD will try to reconnect either to the LEA or ELA server, and 'MAD_interval_between_connection_attempts' defines the wait period between those reconnection attempts. See Page 408-409 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.
If you want to set up a virus scanner for FTP files in firewall-1 how would you do it?
Answers:
A. In the match tab of the FTP resource definition.
B. In the action tab of the FTP resource definition.
C. In the CVP tab of the FTP resource definition. (correct)
D. In the general tab of the FTP resource definition.
Explanation:
You have to use the 'CVP tab' in the properties of the resource, from there you can select the option 'Use Content Vectoring Protocol' and specify a CVP server. You can also specify if the CVP server is allowed to modify the content and how is the reply order going to be managed. You do not specify the CVP use neither in the match, action or general tab of the resource.
See Figure 12 in Page L10.9 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
What is NOT a function of RDP in the FWZ encryption scheme?
Answers:
A. Transporting the encrypted data (correct)
B. Out of band session
C. Negotiating session keys
D. Agreeing encryption algorithms
E. Negotiating MD5 usage
F. Recovering dropped UDP packets
Explanation:
RDP or 'Reliable Datagram protocol' is used to manage VPN session keys (Negotiating session keys, Out of band sessions), encryption method (Agreeing encryption methods) and data integrity (Negotiating MD5 usage, recovering UDP dropped packets). DRP is not in charge of the actual transfer of the encrypted data.
See Page 7.16 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
What is the name given to a denial of service attack that consumes resources on a device by creating too many unacknowledged TCP sessions?
Answers:
A. Syn flooding (correct)
B. TCP flooding
C. Ack flooding
D. Ack attack
Explanation:
This is an attack against a service designed to make the server unavailable. The attack exploits the limitations of the TCP/IP protocol. A client initiates a TCP connection to a server via a request with the SYN flag set in the TCP header, the server tries to contact the source with a SYN/ACK but the real host is unavailable, this makes the 3 way handshake process incomplete. When multiple Syn attacks floods a server, the server will spend all of its time trying to acknowledge these connections, and be unavailable to process legitimate requests.
See Page 6.4 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
Checkpoint Firewall 1 licenses are based on which IP address?
Answers:
A. An outside IP address. (correct)
B. An inside IP address.
C. An DMZ IP address.
D. An IP address that is not allocated to any interface but is.
Explanation:
All checkpoint management server and enforcement module licenses is based in the IP address of the Outside (routable, valid) interface. Its not a good practice to license your enforcement modules of management station with the address a t the inside of your network. This is a checkpoint license guideline. See 'Licensing FW1' at the Checkpoint online documentation.
Where would you define encryption for a firewall?
Answers:
A. General screen of workstation properties for the firewall.
B. Certificates screen of workstation properties for the firewall.
C. VPN screen of workstation properties for the firewall. (correct)
D. Encryption screen of workstation properties for the firewall.
Explanation:
This can be checked at the properties of a firewall object, you can set the 'encryption scheme' for the firewall at the VPN tab. The possible options are: 'IKE' and 'FWZ'. From this tab you can also add, edit and remove certificates and edit the configuration of the encryption schemes. See Figure 2 on Page L13.2 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
SSL Secure Transactions
