156-215.13 Check Point Certified Security Administrator Exam Set 6

A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R76. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?


Options are :

  • The Security Policy installed to the Gateway had no rules in it.
  • A Stealth Rule has been configured for the R76 Gateway.
  • The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
  • The Allow Control Connections setting in Policy > Global Properties has been unchecked.

Answer : The Allow Control Connections setting in Policy > Global Properties has been unchecked.

156-215.13 Check Point Certified Security Administrator Exam Set 7

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.


Options are :

  • destination on client side
  • destination on server side
  • source on client side
  • source on server side

Answer : destination on client side

Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?


Options are :

  • Policy Package management
  • upgrade_export/upgrade_import
  • dbexport/dbimport
  • Database Revision Control

Answer : Database Revision Control

You are about to test some rule and object changes suggested in an R76 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?


Options are :

  • Manual copies of the directory $FWDIR/conf
  • Database Revision Control
  • upgrade_export command
  • SecurePlatform backup utilities

Answer : Database Revision Control

156-215.13 Check Point Certified Security Administrator Exam Set 8

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?


Options are :

  • SmartView Monitor > Gateway Status > System Information > Thresholds
  • SmartView Monitor > Gateway Status > Threshold Settings
  • This can only be monitored by a user-defined script.
  • SmartView Tracker > Audit Tab > Gateway Counters

Answer : SmartView Monitor > Gateway Status > System Information > Thresholds

You are a Security Administrator using one Security Management Server managing three different firewalls. One firewall does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?


Options are :

  • The firewall is not listed in the Policy Installation Targets screen for this policy package.
  • The firewall object has been created but SIC has not yet been established.
  • The license for this specific firewall has expired.
  • The firewall has failed to sync with the Security Management Server for 60 minutes.

Answer : The firewall is not listed in the Policy Installation Targets screen for this policy package.

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping reject and drop rules after the Cleanup Rule
  • Grouping functionally related rules together
  • Grouping authentication rules with address-translation rules
  • Grouping rules by date of creation

Answer : Grouping functionally related rules together

156-215.13 Check Point Certified Security Administrator Exam Set 9

Which command allows Security Policy name and install date verification on a Security Gateway?


Options are :

  • fw stat -l
  • fw ctl pstat -policy
  • fw show policy
  • fw ver -p

Answer : fw stat -l

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping IPS rules with dynamic drop rules
  • Grouping rules by date of creation
  • Placing frequently accessed rules before less frequently accessed rules
  • Adding SAM rules at the top of the Rule Base

Answer : Placing frequently accessed rules before less frequently accessed rules

Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway's Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?


Options are :

  • SNMP trap
  • SmartView Monitor Threshold
  • User-defined alert script
  • Logging implied rules

Answer : User-defined alert script

156-215.70 Check Point Certified Security Administrator Exam Set 1

Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?


Options are :

  • This is not a SmartView Tracker feature
  • Display Payload View
  • Network and Endpoint Tab
  • Display Capture Action

Answer : This is not a SmartView Tracker feature

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?


Options are :

  • A static route for the NAT IP must be added to the Gateway's upstream router.
  • A static route must be added on the Security Gateway to the internal host.
  • Nothing else must be configured.
  • Automatic ARP must be unchecked in the Global Properties.

Answer : A static route must be added on the Security Gateway to the internal host.

Static NAT connections, by default, translate on which firewall kernel inspection point?


Options are :

  • Outbound
  • Eitherbound
  • Post-inbound
  • Inbound

Answer : Inbound

156-215.70 Check Point Certified Security Administrator Exam Set 2

Which rule is responsible for the installation failure?


Options are :

  • Rule 6
  • Rule 5
  • Rule 4
  • Rule 3

Answer : Rule 6

SmartView Tracker logs the following Security Administrator activities, EXCEPT:


Options are :

  • Tracking SLA compliance
  • Object creation, deletion, and editing
  • Administrator login and logout
  • Rule Base changes

Answer : Tracking SLA compliance

Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?


Options are :

  • Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
  • Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
  • Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
  • The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.

Answer : The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.

156-215.70 Check Point Certified Security Administrator Exam Set 3

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R76 topology configuration?


Options are :

  • Specific
  • Not Defined
  • Any
  • External

Answer : Any

Which R76 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • SmartUpdate
  • SmartView Server
  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Tracker

Answer : SmartView Tracker

Where can an administrator configure the notification action in the event of a policy install time change?


Options are :

  • SmartView Monitor > Gateways > Thresholds Settings
  • SmartDashboard > Security Gateway Object > Advanced Properties Tab
  • SmartDashboard > Policy Package Manager
  • SmartView Monitor > Gateway Status > System Information > Thresholds

Answer : SmartView Monitor > Gateway Status > System Information > Thresholds

156-215.70 Check Point Certified Security Administrator Exam Set 4

What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?


Options are :

  • Check the Log Implied Rules Globally box on the R76 Gateway object.
  • Install the View Implicit Rules package using SmartUpdate
  • In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
  • Define two log servers on the R76 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits

Answer : In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?


Options are :

  • It is due to NAT
  • The packet has been sent out through a VPN tunnel unencrypted.
  • An IPSO ACL has blocked the packet's outbound passage.
  • A SmartDefense module has blocked the packet.

Answer : It is due to NAT

What is the default setting when you use NAT?


Options are :

  • Destination Translated on Server side
  • Source Translated on both sides
  • Destination Translated on Client side
  • Source Translated on Client side

Answer : Destination Translated on Client side

156-215.70 Check Point Certified Security Administrator Exam Set 5

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:


Options are :

  • Saves the current log file, names the log file by date and time, and starts a new log file
  • Purges the current log file, and starts a new log file.
  • Purges the current log file, and prompts you for the new log's mode.
  • Prompts you to enter a filename, and then saves the log file.

Answer : Saves the current log file, names the log file by date and time, and starts a new log file

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?


Options are :

  • Restore the entire database, except the user database.
  • Restore the entire database, except the user database, and then create the new user and user group.
  • Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
  • Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

Answer : Restore the entire database, except the user database.

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?


Options are :

  • POP3 is accepted in Global Properties.
  • The POP3 rule is hidden
  • POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.
  • The POP3 rule is disabled

Answer : The POP3 rule is hidden

156-215.70 Check Point Certified Security Administrator Exam Set 6

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?


Options are :

  • A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box
  • Anti-spoofing not configured on the interfaces on the Gateway object.
  • Secure Internal Communications (SIC) not configured for the object.
  • A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.

Answer : A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box

An internal host initiates a session to and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of ____________.


Options are :

  • destination NAT
  • None of these
  • source NAT
  • client side NAT

Answer : source NAT

What happens when you select File > Export from the SmartView Tracker menu?


Options are :

  • Current logs are exported to a new *.log file.
  • Exported log entries are not viewable in SmartView Tracker.
  • Logs in fw.log are exported to a file that can be opened by Microsoft Excel.
  • Exported log entries are deleted from fw.log.

Answer : Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

156-215.70 Check Point Certified Security Administrator Exam Set 7

You would use the Hide Rule feature to:


Options are :

  • Make rules invisible to incoming packets.
  • Hide rules from read-only administrators
  • View only a few rules without the distraction of others.
  • Hide rules from a SYN/ACK attack

Answer : View only a few rules without the distraction of others.

A marketing firm's networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?


Options are :

  • SmartView Monitor
  • SmartDashboard
  • SmartView Status
  • SmartView Tracker

Answer : SmartDashboard

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now