Tracking and Alerting
1. On which tab can you enable "logging established tcp packets"
2. Where do you put userdefined alert scripts
3. What can you use for user-defined applications in tracking C/C++, Perl, Bourne Shell, C-Shell
4. what does it mean: alertf 60 3 fwalert 60 alerts in 3 sec or other way
5. Correct syntax of alertf
CPMAD
6. CPMAD - Whatfor
7. Which of the following is covered by cpmad syn attack, anti-spoofing, man-in-the-middle, land, login failure
8. cpmad terminates, where can you find log entry
system log, account, nowhere, /var/adm/messages
9. what happens when machine hasn't enough memory to cpmad
exits with warning, etc
10. what happens to lea and ela when cpmad exits?
11. how turn cpmad on
12. which port does cpmad use to connect to lea
13. what about cpmad is configured in fwopsec.conf
14. what is the correct name of cpmad.conf
15. what types of alerts does cpmad generate?
Syn Defender
16. Where can you configure syn defender
17. what does timeout mean
18. what is the default timeout for passive syn defender?
19. how does syn defender work
20. how does passive syn defender work
21. what are the three tcp handshakes
22. what happens to backlog queue
LDAP
23. Communication to LDAP is impossible, although you can ping ldap-server
- What to check?
24. what does red cross mean in amc
25. log into amc, an error message appears with no further information
displayed, what is the most likely reason (Schema Checking on/off)
26. where enable or disable schema-checking
27. what is the command line command and right syntax to check all branches
28. where do you set ldap rights for amc (account unit general)
29. what are the three possible ways of defining an external group?
30. correct syntax of ldapmodify on Solaris
31. changing a template, are existing groups affected?
32. can you put groups into groups?
33. on which tab do you set encryption for ldap users?
34. what is the right syntax of downloading certificate revocation list?
Load Blancing
35. Choose from picture what kind of load bal.
Server Load, Round Trip, Round Robin, Random, Domain
36. Definition of Server Load
37. Does Round Robin need a measuring agent to be installed
38. Server types for load bal.
ftp, http, smtp?
39. how many rules do you need for logical server in rulebase for http
40. how many rules do you need for logical server in rulebase for ftp
41. In which order do rulebase logical server apply
42. do you need arp entry for Logical server
43. correct syntax for arp entry on solaris
44. correct arp entry on NT
45. What does "Persistent Server Mode" mean?
46. Where do you turn on Persistent Server Mode
CVP and URI
47. What can you do with CVP (choose xxx)
48. What to do with URI
49. Content Security for what (choose 3)
http, ftp, smtp, https, udp
50. In which order is cvp processed
You have several answers, put them in the right order e.g. a,c,b,d,e,f or
b,f,d,c,a,e
51. What is tunnelling Mode
52. In URI Definition: What to find on Match tab when working with
wildcards?
53. Methods, which of them are correct: get, post, put, head, bin
54. Methods other, which correct: Options, patch, move, unlink, get, type
55. what to find on action tab with wildcards?
56. what do you find on smtp match tab with wildcards?
57. what is defined on Action1 tab
58. what is the default mail size on action2 tab?
59. Default directory of uri specification file
60. correct syntax of entry in this file?
SMTP
61. Correct order how FW-1 processes mail: T, R, see Checkpoint documentation
62. You set up CVP with smtp resource with default settings, where is mail
sent to?
SEP
63. What is the default intervall for securemote to contact SEP if the
server is still alive? (10s)
64. What is the right syntax of user.c entry for this interval?
(resolver_session_interval)
65. what do you do if securemote cannot download branch information (edit
user.c manually)
66. definition of implicit logon
67. definition explicit logon
68. with implicit logon, does policy server initiate download of desktop
policy or secureclient?
69. with explicit logon, does policy server initiate download of desktop
policy or secureclient?
70. Do you need state synchronisation in SEP?
71. What encryption schemes can be used with SEP?
72. What is default syntax of state table entry on Solaris?
73. What do you have to do after editing sync.conf
74. What is the default timeout for "Desktop invalidates every"?
75. On which tab do you set it?
MEP
76. Do you need state sync with MEP?
77. On which tab do you configure IP Pool for MEP?
78. Can you use NAT Pool with MEP?
79. On which tab do you activate NAT Pool for MEP?
Encryption / VPN
80. Best description of Man-in-the-Middle Attack
81. What does PSF mean (Perfect Secrecy Forwarding)
82. On which tab do you enable PFS
83. How many packets are exchanged during PFS
84. What are the ISAKMP Phases
85. On which tab do you set IKE encryption for users in user databse?
86. On which tab do you set FWZ encryption for users in user databse?
87. What does In-Place encryption mean?
88. What does Tunneling encryption mean?
89. You set up site-to-site encryption with skip and you wait some seconds
before exchanging keys. An error occurs. What is the most likely reason
for the error message?
90. What is the SKIP key hierarchy?
91. How many CA's do you need for site-to-site encryption with SKIP? One
per gateway or management server, none, etc.?
92. How many DH-Keys do you need for site-to-site encryption with IKE?
One per gateway or management server, none, etc.?
93. On which tab do you configure the crypt. Algorithm for SKIP?
94. Which Hashes can be used with SKIP/IKE?
Encryption Domains
95. Is the following picture a proper subset, fully overlapping or
partial overlapping encryption domain
96. Is the following picture a proper subset, fully overlapping or partial overlapping encryption domain
97. Is the following picture a proper subset, fully overlapping or partial overlapping encryption domain
98. What happens to a securemote client when connecting to an overlapping
encryption domain when using FWZ? (Connect will fail)