156-215.13 Check Point Certified Security Administrator Exam Set 1

As a Security Administrator, you must refresh the Client Authentication authorization timeout every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:


Options are :

  • in the user object's Authentication screen
  • in the Global Properties Authentication screen
  • in the Gateway object's Authentication screen.
  • in the Limit tab of the Client Authentication Action Properties screen. (Correct)

Answer : in the Limit tab of the Client Authentication Action Properties screen.

Check Point Certified Security Expert Exam Set 12

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?


Options are :

  • 514
  • 258
  • 256
  • 257 (Correct)

Answer : 257

In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?


Options are :

  • Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
  • Configure a script to run fw logswitch and SCP the output file to a separate file server (Correct)
  • Do nothing. Old logs are deleted, until free space is restored.
  • Use the command fwm logexport to export the old log files to another location

Answer : Configure a script to run fw logswitch and SCP the output file to a separate file server

Which tool CANNOT be launched from SmartUpdate R76?


Options are :

  • cpinfo
  • snapshot (Correct)
  • SecurePlatform WebUI
  • IP Appliance Voyager

Answer : snapshot

156-315.77 Check Point Certified Security Expert Exam Set 2

What information is found in the SmartView Tracker Management log?


Options are :

  • SecurePlatform expert login event
  • Creation of an administrator using cpconfig
  • Administrator SmartDashboard logout event (Correct)
  • FTP username authentication failure

Answer : Administrator SmartDashboard logout event

The R76 fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Phase two key negotiation
  • Log Consolidation Engine
  • User data base corruption
  • Traffic issues (Correct)

Answer : Traffic issues

If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?


Options are :

  • The Administrator must reinstall the last version via the command cprinstall revert .
  • GAiA will reboot and automatically revert to the last snapshot version prior to upgrade. (Correct)
  • The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
  • The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .

Answer : GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.

156-315.77 Check Point Certified Security Expert Exam Set 1

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?


Options are :

  • Select Block intruder from the Tools menu in SmartView Tracker.
  • Create a Suspicious Activity Rule in SmartView Monitor (Correct)
  • Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
  • Add a temporary rule using SmartDashboard and select hide rule.

Answer : Create a Suspicious Activity Rule in SmartView Monitor

What action can be performed from SmartUpdate R76?


Options are :

  • fw stat -l
  • remote_uninstall_verifier
  • upgrade_export
  • cpinfo (Correct)

Answer : cpinfo

Central license management allows a Security Administrator to perform which of the following functions? 1. Check for expired licenses. 2. Sort licenses and view license properties. 3. Attach both R76 Central and Local licesnes to a remote module. 4. Delete both R76 Local Licenses and Central licenses from a remote module. 5. Add or remove a license to or from the license repository. 6. Attach and/or delete only R76 Central licenses to a remote module (not Local licenses).


Options are :

  • 1, 2, 3, 4, & 5 (Correct)
  • 2, 5, & 6
  • 2, 3, 4, & 5
  • 1, 2, 5, & 6

Answer : 1, 2, 3, 4, & 5

156-215.75 Check Point Certified Security Administrator Exam Set 5

Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?


Options are :

  • Intrusion Detection System (IDS) Policy install
  • SAM - Block Intruder feature of SmartView Tracker
  • SAM - Suspicious Activity Rules feature of SmartView Monitor (Correct)
  • Change the Rule Base and install the Policy to all Security Gateways

Answer : SAM - Suspicious Activity Rules feature of SmartView Monitor

True or False? SmartView Monitor can be used to create alerts on a specified Gateway.


Options are :

  • True, by choosing the Gateway and selecting System Information
  • False, an alert cannot be created for a specified Gateway.
  • False, alerts can only be set in SmartDashboard Global Properties
  • True, by right-clicking on the Gateway and selecting Configure Thresholds. (Correct)

Answer : True, by right-clicking on the Gateway and selecting Configure Thresholds.

Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • SmartUpdate
  • SmartView Monitor (Correct)
  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Status

Answer : SmartView Monitor

156-315.77 Check Point Certified Security Expert Exam Set 22

With the User Directory Software Blade, you can create R76 user definitions on a(n) _________ Server.


Options are :

  • SecureID
  • Radius
  • LDAP (Correct)
  • NT Domain

Answer : LDAP

Which of the following are authentication methods that Security Gateway R76 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.


Options are :

  • Proxied, User, Dynamic, Session
  • Connection, User, Client
  • User, Proxied, Session
  • User, Client, Session (Correct)

Answer : User, Client, Session

Which feature in R76 permits blocking specific IP addresses for a specified time period?


Options are :

  • HTTP Methods
  • Suspicious Activity Monitoring (Correct)
  • Local Interface Spoofing
  • Block Port Overflow

Answer : Suspicious Activity Monitoring

156-315.77 Check Point Certified Security Expert Exam Set 5

Where are SmartEvent licenses installed?


Options are :

  • Security Management Server
  • SmartEvent server (Correct)
  • Security Gateway
  • Log Server

Answer : SmartEvent server

Which Security Gateway R76 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:


Options are :

  • IPS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled.
  • Refreshable Timeout setting, in Client Authentication Action Properties > Limits. (Correct)
  • Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment.
  • Time properties, adjusted on the user objects for each user, in the Client Authentication rule Source.

Answer : Refreshable Timeout setting, in Client Authentication Action Properties > Limits.

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?


Options are :

  • IPS (Correct)
  • SmartEvent Intro
  • SSL: VPN
  • Data Loss Prevention

Answer : IPS

156-315.77 Check Point Certified Security Expert Exam Set 10

in the Limit tab of the Client Authentication Action Properties screen.


Options are :

  • You can limit the authentication attempts in the User Properties' Authentication tab.
  • The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server. (Correct)
  • You can only use the rule for Telnet, FTP, SMTP, and rlogin services
  • Once a user is first authenticated, the user will not be prompted for authentication again until logging out.

Answer : The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.

A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?


Options are :

  • Eventia Analyzer
  • SmartView Monitor (Correct)
  • This information can only be viewed with the command fw ctl pstat from the CLI.
  • SmartView Tracker

Answer : SmartView Monitor

What is the Manual Client Authentication TELNET port?


Options are :

  • 264
  • 900
  • 23
  • 259 (Correct)

Answer : 259

156-315.77 Check Point Certified Security Expert Exam Set 15

What happens when you run the commanD. fw sam -J src [Source IP Address]?


Options are :

  • Connections to and from the specified target are blocked with the need to change the Security Policy
  • Connections to and from the specified target are blocked without the need to change the Security Policy.
  • Connections to the specified target are blocked without the need to change the Security Policy.
  • Connections from the specified source are blocked without the need to change the Security Policy. (Correct)

Answer : Connections from the specified source are blocked without the need to change the Security Policy.

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?


Options are :

  • Cleanup Rule
  • Rule 1
  • Rule 0 (Correct)
  • Blank field under Rule Number

Answer : Rule 0

An advantage of using central instead of local licensing is:


Options are :

  • Licenses are automatically attached to their respective Security Gateways.
  • Only one IP address is used for all licenses. (Correct)
  • The license must be renewed when changing the IP address of a Security Gateway. Each module's license has a unique IP address.
  • A license can be taken from one Security Management Server and given to another Security Management Server.

Answer : Only one IP address is used for all licenses.

156-315.77 Check Point Certified Security Expert Exam Set 7

Which R76 GUI would you use to see the number of packets accepted since the last policy install?


Options are :

  • SmartView Tracker
  • SmartView Status
  • SmartDashboard
  • SmartView Monitor (Correct)

Answer : SmartView Monitor

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It contains your security configuration, which could be exploited. (Correct)
  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It will conflict with any future upgrades when using SmartUpdate.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.

Answer : It contains your security configuration, which could be exploited.

Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.


Options are :

  • Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
  • Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit (Correct)
  • Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.
  • Configure a server object for the LDAP Account Unit, and create an LDAP resource object.

Answer : Enable User Directory in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit

Check Point Certified Security Administrator Set 4

MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?


Options are :

  • Using the remote Gateway's IP address, and applying the license locally with the command cplic put.
  • Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate.
  • Using each of the Gateways' IP addresses, and applying the licenses on the Security Management Server with the command cprlic put.
  • Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. (Correct)

Answer : Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

SmartView Tracker R76 consists of three different modes. They are:


Options are :

  • Network and Endpoint, Active, and Management (Correct)
  • Log, Active, and Management
  • . Log, Active, and Audit
  • Log, Track, and Management

Answer : Network and Endpoint, Active, and Management

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions