What does a status of Untrusted tell you?

Omanan Enterprises has the premier reclamation system for scrap aluminum in the western
hemisphere. Then phenomenal growth over the last 10 years has led to the decision to establish a
presence in the Internet in order to their customers. To that end, Omanan Enterprise network

administrator, Jason has acquired a Web Server, and email server and 14 IP addresses from their
ISP. Jason also purchased a Checkpoint VPN-1/FireWall-1 stand alone gateway module, with
these interfaces, to protect Omanan enterprises’ corporate data their ISP will be providing DNS
services. The Web Server and email server must have Static routable IP addresses. The eight
member executive counsel of Omanan Enterprises would to have routable IP addresses also, so
that they can video-conference with the company’s suppliers. Omanan Enterprises’ remaining 200
employees would like to have access to Internet, and the executive counsel believe that granting
them access might improve company morale.
Jason installs and configured Checkpoint VPN-1/FireWall1 stand alone Gateway module at the
perimeter of Omanan Enterprises corporate LAN. He uses the 3rd NIC in the stand alone firewall
gateway module to create DMZ. Jason installs the Web server and the email server on the DMZ.
He creates tools and objects on the checkpoint VPN-1/FireWall-1 stand alone gateway module to
allow HTTP, POP3 and SMTP from the Internet to the DMZ. He Creates objects to represent the
web and email server and configures them for Static NAT.
Jason reconfigures his DHCP server so that each of the members of the executive counsel has
reserved IP address. He then sues those reservations co create Statically NAT-ed objects on the
Checkpoint VPN/Firewall-1 Standalone Gateway module. Jason creates another object represents
the internal network he configures this object for Dynamic NAT. He adds a rule allowing HTTP
traffic from the internal network to any destination. Jason created an additional rule to allow POP3
and SMTP traffic between the internal networks and DMZ.
Choose the one phrase below that best describes Jason’s proposal.

Anna is a security administrator setting up User Authentication for the first time. She has correctly
configured her Authentication rule, but authentication still does not work. What is the Check Point
recommended way to troubleshoot this issue?

Session authentication provides an authentication method NOT supported by protocols that can
be integrated with any application.

How do recover communications between your management module and enforcement module if
you lock yourself out via a rule policy that is configured incorrectly?

You have set up a firewall and management module on one NT box and a remote module on a
different location. You receive only sporadic logs from the local firewall and only and control
message from remote firewall. All rules on both firewalls are logging and you know the traffic is
flowing through the firewall using these rules. All the firewall related services are running and you
are using NAT and you receive few logs from the local firewall.

What actions from the choices below would you perform to find out why you cannot see logs?

As a firewall administrator you encounter the following you error message:
Authentication for command failed.
What is the most logical reasoning for thus type of error message?

Your customer has created a rule so that every time a user wants to go to the Internet, that user
must be authenticated. Firewall load is a concern for the customer. Which authentication method
does not result in any additional connections to the firewall?

What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP
connection from losing its port?

To hide data filed in the log viewer: