According to Check Point Best Practice, when adding a 3rd party gateway to a Check Point security solution what object SHOULD be added? A(n):
Correct Answer: B
Question 98
When a policy package is installed, ________ are also distributed to the target installation Security Gateways.
Correct Answer: A
Explanation A policy package is a collection of different types of policies. After installation, the Security Gateway enforces all the policies in the package. A policy package can have one or more of these policy types: * Access Control - consists of these types of rules: * Firewall * NAT * Application Control and URL Filtering * Data Awareness * QoS * Desktop Security - the Firewall policy for endpoint computers that have the Endpoint Security VPN remote access client installed as a standalone client. * Threat Prevention - consists of: * IPS - IPS protections continually updated by IPS Services * Anti-Bot - Detects bot-infected machines, prevents bot damage by blocking bot commands and Control (C&C) communications * Anti-Virus - Includes heuristic analysis, stops viruses, worms, and other malware at the gateway * Threat Emulation - detects zero-day and advanced polymorphic attacks by opening suspicious files in a sandbox The installation process: * Runs a heuristic verification on rules to make sure they are consistent and that there are no redundant rules. If there are verification errors, the policy is not installed. If there are verification warnings (for example, if anti-spoofing is not enabled for a Security Gateway with multiple interfaces), the policy package is installed with a warning. * Makes sure that each of the Security Gateways enforces at least one of the rules. If none of the rules are enforced, the default drop rule is enforced. * Distributes the user database and object database to the selected installation targets.
Question 99
Which statement is TRUE of anti-spoofing?
Correct Answer: A
Question 100
The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?
