156-215.13 Check Point Certified Security Administrator Exam Set 2

Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?


Options are :

  • Intrusion Detection System (IDS) Policy install
  • Change the Rule Base and install the Policy to all Security Gateways
  • SAM - Suspicious Activity Rules feature of SmartView Monitor
  • Block Intruder feature of SmartView Tracker (Correct)

Answer : Block Intruder feature of SmartView Tracker

What action CANNOT be run from SmartUpdate R76?


Options are :

  • Get all Gateway Data
  • Preinstall verifier
  • Fetch sync status (Correct)
  • Reboot Gateway

Answer : Fetch sync status

You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:


Options are :

  • Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".
  • Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view. (Correct)
  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".

Answer : Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

User Authentication


Options are :

  • Agent Automatic Sign On
  • Standard Sign On
  • Partially Automatic Sign On (Correct)
  • Manual Sign On

Answer : Partially Automatic Sign On

What is a Consolidation Policy?


Options are :

  • A global Policy used to share a common enforcement policy for multiple Security Gateways.
  • The collective name of the Security Policy, Address Translation, and IPS Policies.
  • The collective name of the logs generated by SmartReporter.
  • The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. (Correct)

Answer : The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert?


Options are :

  • In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.
  • In SmartView Monitor, select Gateway > Configure Thresholds.
  • In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands. (Correct)
  • You cannot create a mail alert for Policy installation.

Answer : In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands.

Which of these components does NOT require a Security Gateway R76 license?


Options are :

  • SmartConsole (Correct)
  • Check Point Gateway
  • Security Management Server
  • SmartUpdate upgrading/patching

Answer : SmartConsole

You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?


Options are :

  • Send a CD-ROM with the HFA to each location and have local personnel install it.
  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely. (Correct)
  • Send a Certified Security Engineer to each site to perform the update.

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely.

What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?


Options are :

  • SmartUpdate Repository SQL database Server
  • SmartUpdate GUI PC (Correct)
  • A Security Gateway retrieving the new upgrade package
  • SmartUpdate installed Security Management Server PC

Answer : SmartUpdate GUI PC

What information is found in the SmartView Tracker Management log?


Options are :

  • Number of concurrent IKE negotiations
  • SIC revoke certificate event (Correct)
  • Most accessed Rule Base rule
  • Destination IP address

Answer : SIC revoke certificate event

How do you configure an alert in SmartView Monitor?


Options are :

  • By right-clicking on the Gateway, and selecting System Information.
  • An alert cannot be configured in SmartView Monitor (Correct)
  • By right-clicking on the Gateway, and selecting Properties.

Answer : An alert cannot be configured in SmartView Monitor

How do you use SmartView Monitor to compile traffic statistics for your company's Internet Web activity during production hours?


Options are :

  • Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
  • Select Tunnels view, and generate a report on the statistics.
  • Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day (Correct)
  • View total packets passed through the Security Gateway.

Answer : Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:


Options are :

  • selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
  • SmartUpdate wizard walks the Administrator through a distributed installation.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. (Correct)

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

You cannot use SmartDashboard's User Directory features to connect to the LDAP server. What should you investigate? 1) Verify you have read-only permissions as administrator for the operating system. 2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server. 3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.


Options are :

  • 1 and 3
  • 2 and 3 (Correct)
  • 1, 2, and 3
  • 1 and 2

Answer : 2 and 3

All R76 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?


Options are :

  • FTP
  • RLOGIN
  • SMTP (Correct)
  • HTTP

Answer : SMTP

A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?


Options are :

  • SmartReporter analyzes all network traffic, logged or not.
  • . Network traffic cannot be analyzed when the Security Management Server has a high load.
  • Turn the field Track of each rule to LOG.
  • Configure Additional Logging on an additional log server. (Correct)

Answer : Configure Additional Logging on an additional log server.

What port is used for communication to the User Center with SmartUpdate?


Options are :

  • HTTPS 443 (Correct)
  • HTTP 80
  • CPMI 200
  • TCP 8080

Answer : HTTPS 443

Which R75 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?


Options are :

  • SmartView Monitor (Correct)
  • SmartUpdate
  • SmartView Status
  • SmartEvent

Answer : SmartView Monitor

You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?


Options are :

  • View the licenses in the SmartUpdate License Repository (Correct)
  • Simulate the license-upgrade process
  • View the status of currently installed licenses
  • Perform the actual license-upgrade process

Answer : View the licenses in the SmartUpdate License Repository

Identify the ports to which the Client Authentication daemon listens by default.


Options are :

  • 80, 256
  • 8080, 529
  • 256, 600
  • 259, 900 (Correct)

Answer : 259, 900

Which command gives an overview of your installed licenses?


Options are :

  • fw lic print
  • cplic print (Correct)
  • showlic
  • cplicense

Answer : cplic print

Security Gateway R76 supports User Authentication for which of the following services? Select the response below that contains the MOST correct list of supported services.


Options are :

  • FTP, TELNET
  • FTP, HTTP, TELNET (Correct)
  • SMTP, FTP, TELNET
  • SMTP, FTP, HTTP, TELNET

Answer : FTP, HTTP, TELNET

What information is found in the SmartView Tracker Management log?


Options are :

  • Historical reports log
  • Policy rule modification date/time stamp (Correct)
  • Destination IP address
  • Most accessed Rule Base rule

Answer : Policy rule modification date/time stamp

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?


Options are :

  • Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.
  • Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.
  • Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.
  • Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation. (Correct)

Answer : Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?


Options are :

  • She needs to run sysconfig and restart the SSH process.
  • She needs to run cpconfig to enable the ability to SCP files.
  • She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
  • She needs to edit /etc/scpusers and add the Standard Mode account. (Correct)

Answer : She needs to edit /etc/scpusers and add the Standard Mode account.

Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:


Options are :

  • Session Authentication rule
  • Client Authentication rule, using partially automatic sign on
  • Client Authentication for fully automatic sign on
  • Client Authentication rule using the manual sign-on method, using HTTP on port 900 (Correct)

Answer : Client Authentication rule using the manual sign-on method, using HTTP on port 900

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:


Options are :

  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
  • SmartUpdate wizard walks the Administrator through a distributed installation

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

Which authentication type permits five different sign-on methods in the authentication properties window?


Options are :

  • Client Authentication (Correct)
  • User Authentication
  • Session Authentication
  • Manual Authentication

Answer : Client Authentication

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.


Options are :

  • SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules. (Correct)
  • In the SmartView Tracker, if you activate the column Matching Rate.
  • In SmartReporter, in the section Firewall Blade - Act
  • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

Answer : SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

One of your remote Security Gateway's suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • There is no connection between the Security Management Server and the remote Gateway.Rules or routing may block the connection. (Correct)
  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate
  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
  • The time on the Security Management Server's clock has changed, which invalidates the remote Gateway's Certificate.

Answer : There is no connection between the Security Management Server and the remote Gateway.Rules or routing may block the connection.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions