The encryption key for SecuRemote connections, for two phase exchange, remains valid by default for ________.

Answers:
A. About 15 minutes.
B. About 30 minutes.
C. About 45 minutes.
D. About 60 minutes. (correct)
E. The entire remote user operating session.

Explanation:

Phase 1 key exchange happens by default every 1440 minutes (24 hrs) and Phase 2 every 3600 seconds (1 hr).

When using IKE in a Firewall-to-Firewall VPN, ____________ is used to manage session keys, encryption method and data integrity.

Answers:
A. UDP (correct)
B. RDP
C. ICMP
D. FTP
E. RWS

Explanation:

RDP was used for FWZ not IKE which uses UDP to manage session keys. FWZ is no longer supported by NG (since FP1).

Diffie-Hellman uses which type of key exchange?

Answers:
A. Static
B. Dynamic
C. Symmetric
D. Asymmetric (correct)
E. Adaptive

An external UFP server, can perform which if the following?

Answers:
A. Find out java, JavaScript, Active X.
B. Deny or allow access to URLs using categories. (correct)
C. Integrate Firewall-1 with an external user database.
D. Check for viruses and malicious contents.
E. All of the above.

Explanation:

an UFP external server (URI Filter) it's an OPSEC certified application used for passing data between VPN1/FW1 and a third-party server for URI classification. You can use products like WebSense to achieve the URL filtering functionality through categories. For example you can define that your users cannot go to any sport sites beginning with the letter 'B' or that kind of thinks. See page 318 of Syngress Book 'Check Point NG Next Generation Security Administration'.

Which of the following statements best describe the purpose of the Transparent Connection method shown below in the URI Resources Properties window?

Answers:
A. Matches all connections that are not in proxy or Tunneling Mode. (correct)
B. Matches connections in proxy mode only.
C. Matches connections using HTTP > CONNECT method.
D. Disables all content security options in the URI specification.
E. Takes an action as a result of a logged resource definition.

Explanation:

This is what's achieved in the question, if the traffic is not in tunneling of proxy mode, transparent connection will have a match, here is an explanation of them. The connection method options define what mode FW1 will use to analyze traffic, if 'tunneling' mode is used you will not have access to CVP tab and you could not use UFP servers. Transparent is used when the user browser does not contain proxy information, in this configuration, the firewall must be your network gateway that handles internet traffic, the firewall will send the traffic to be analyzed in the UFP server. In proxy mode the firewall must be specified in the proxy settings of the user browser.

In the event that an unauthorized user attempts to compromise a valid Secure Client connection, the Secure Client machine can remain protected by?

Answers:
A. The VPN module in the enterprise firewall.
B. Enforcing a desktop policy blocking incoming connections to the Secure Client. (correct)
C. The organization's internal firewall.
D. Network address translation performed by the gateway.
E. Using FWZ encapsulation.

Explanation:

Since we are using Secure Client, we can have a Desktop security policy installed if we have a Policy Server available to download one from. The security policy is installed when a user performs an implicit or explicit login to the policy server from the Secure Client machines.
In case someone tries to compromise a connection, the secure client with a desktop policy installed can block all incoming connections to the host, to keep security in place
.

To reduce the effectiveness of traffic sniffing inside the LAN, internal users should have the _______ installed in their desktop.

Answers:
A. Management
B. Real Secure.
C. Enforcement
D. Policy Server.
E. Secure Client (correct)

Explanation:

Since the Secure Client supports a desktop security policy in the host, we reduce traffic sniffing inside the LAN because every Secure Client host can enforce a desktop security policy checking for sniffing activity with counter-measures when necessary. The desktop policies are also very helpful because they provide distributed security in our environment (In the host and in the FW modules).

If you wish to move any Secure Client files to another directory.

Answers:
A. Uninstall and reinstall Secure Client first. (correct)
B. Restore the original files before uninstalling Secure Client.
C. Upgrade Secure Client, then uninstall and reinstall.
D. One of the above.

Explanation:

If you wish to move any Secure Client files to another directory, uninstall, and then reinstall secure client. When the choose destination location screen appears, change the default destination folder to a destination of your choosing. Here is the process: first backup your files, second, uninstall SC, third, reinstall SC, and then, Restore the original files.
See Page 12.35 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1)
.

What is the purpose of cplic check ?

Answers:
A. Allow you to perform the license installation.
B. Verification of the license expiration data.
C. It is a alternate to the printlic command.
D. Validates a license feature. (correct)
E. Verification of the external IP address.

Explanation:

The 'cplic check' command is a shortcut of 'Checkpoint Licensing Check' and its used to validate features on a license, like the VPN capability, the encryption algorithms supported and other capabilities that are obtained through the Key String that comes in the .LIC file. See 'cplic check' in the Checkpoint NG online documentation.