Exam A
You work a network administrator for You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following is true?
A. Neither rule will be allocated more than 10% of available bandwidth.
B. The H.323 rule will consume no more than 2048 Kbps of available bandwidth.
C. 50% of available bandwidth will be allocated to the H.323 rule.
D. 50% of available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth.
Correct Answer: B

QUESTION 2 has many VPN-1 Edge gateways at various branch offices, to allow
VPN-1 SecureClient users to access resources. For security reasons,’s Secure policy requires all Internet traffic initiated behind the
VPN-1 Edge gateways first be inspected by your headquarters’ VPN-1 Pro Security
How do you configure VPN routing in this star VPN Community?

A. To the Internet an other targets only
B. To the center and other satellites, through the center
C. To the center only
D. To the center, or through the center to other satellites, then to the Internet and other′VPN targets
Correct Answer: D

You are preparing to configure your VoIP Domain Gatekeeper object.Which two other object should you have created first?
A. An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed.
B. An object to represent the PSTN phone network, AND an object to represent the IP phone network
C. An object to represent the IP phone network, NAD an object to represent the host on which the gatekeeper is installed.
D. An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
E. An object to represent the call manager, AND an object to represent the host on which the transmission router is installed.
Correct Answer: C

Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Differentiated Services
C. Limits
D. Weighted Fair Queuing
E. Low Latency Queing
Correct Answer: D

Which operating system is NOT supported by VPN-1 SecureClient?
A. IPSO 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 8.0
E. MacOS X
Correct Answer: A

You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to
SecurePlatform NGX R60 via SmartUpdate.
Which package is needed in the repository before upgrading?

A. SVN Foundation and VPN-1 Express/Pro
B. VNP-1 and FireWall-1
C. SecurePlatform NGX R60
D. SVN Founation
E. VPN-1 Pro/Express NGX R60
Correct Answer: C

The exhibit displays the cphaprob state command output from a New Mode High
Availability cluster member.
Which machine has the highest priority?

A., since its number is 2.
B., because its number is 1.
C. This output does not indicate which machine has the highest priority.
D., because its stats is active
Correct Answer: B


Certkiller tries to configure Directional VPN Rule Match in the Rule Base. But the
Match column does not have the option to see the Directional Match. Certkiller sees
the screen displayed in the exhibit.
What is the problem?

A. Jack must enable directional_match(true) in the object_5_0.c file on SmartCenter server.
B. Jack must enable Advanced Routing on each Security Gateway
C. Jack must enable VPN Directional Match on the VPN Advanced screen, in Global properties.
D. Jack must enable a dynamic-routing protocol, such as OSPF, on the Gateways.
E. Jack must enable VPN Directional Match on the gateway object’s VPN tab.
Correct Answer: C

Where can a Security Administator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objec
C. Check Point gateway object properties
D. $CPDIR/conf/
E. Advanced Action options in each QoS rule.
Correct Answer: A

Certkiller is the Security Administrator for FTP servers have old hardware and software. Certain FTP commands cause the FTP servers to malfunction. Upgrading the FTP Servers is not an option this time. Which of the following options will allow Certkiller to control which FTP commands pass through the Security Gateway protecting the FTP servers?
A. Global Properties->Security Server ->Security Server->Allowed FTP Commands
B. SmartDefense->Application Intelligence->FTP Security Server
C. Rule Base->Action Field->Properties
D. Web Intelligence->Application Layer->FTP Settings
E. FTP Service Object->Advanced->Blocked FTP Commands
Correct Answer: B