156-215.70 Check Point Certified Security Administrator Exam Set 1

The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?


Options are :

  • Type fwm unlock_admin from the command line of the Security Management Server.
  • Type fwm lock_admin -u from the command line of the Security Management Server. (Correct)
  • Type fwm unlock_admin -u from the command line of the Security Gateway.
  • Delete the file admin.lock in the $FWDIR/tmp/ directory of the Security Management Server.

Answer : Type fwm lock_admin -u from the command line of the Security Management Server.

Check Point Certified Security Expert Exam Set 9

How can I verify the policy version locally installed on the Firewall?


Options are :

  • fw ctl iflist
  • fw ver -k
  • fw ver
  • fw stat (Correct)

Answer : fw stat

Where can you find the Check Pointís SNMP MIB file?


Options are :

  • $CPDIR/lib/chkpt.mib (Correct)
  • It is obtained only by request from the TAC.
  • $FWDIR/conf/snmp.mib
  • There is no specific MIB file for Check Point products

Answer : $CPDIR/lib/chkpt.mib

Which utility is necessary for reestablishing SIC?


Options are :

  • sysconfig
  • fwm sic_reset
  • cplic
  • cpconfig (Correct)

Answer : cpconfig

156-315.77 Check Point Certified Security Expert Exam Set 8

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?


Options are :

  • Run the revert command to restore the snapshot, establish SIC, and install the Policy.
  • Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
  • Run the revert command to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
  • Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. (Correct)

Answer : Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

Which command allows you to view the contents of an R70 table?


Options are :

  • fw tab -x
  • fw tab -s
  • fw tab -a
  • fw tab -t (Correct)

Answer : fw tab -t

What is the primary benefit of using upgrade_export over either backup or snapshot?


Options are :

  • upgrade_export has an option to backup the system and SmartView Tracker logs while backup and snapshot will not.
  • upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • .upgrade_export is operating system independent and can be used when backup or snapshot is not available. (Correct)
  • The backup and snapshot commands can take a long time to run whereas upgrade_export will take a much shorter amount of time.

Answer : .upgrade_export is operating system independent and can be used when backup or snapshot is not available.

156-110 Check Point Certified Security Principles Associate Set 6

Peter is your new Security Administrator. On his first working day, he is very nervous and sets the wrong password three times. His account is locked. What can be done to unlock Peterís account? Give the BEST answer.


Options are :

  • You can unlock Peterís account by using the command fwm unlock_admin -u Peter on the Security Management Server.
  • You can unlock Peterís account by using the command fwm lock_admin -u Peter on the Security Management Server. (Correct)
  • It is not possible to unlock Peterís account. You have to install the firewall once again or abstain from Peterís help.
  • You can unlock Peterís account by using the command fwm unlock_admin -u Peter on the Security Gateway.

Answer : You can unlock Peterís account by using the command fwm lock_admin -u Peter on the Security Management Server.

How can you check whether IP forwarding is enabled on an IP Security Appliance?


Options are :

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • clish -c ďshow routing active enableĒ
  • cat /proc/sys/net/ipv4/ip_forward
  • ipsofwd list (Correct)

Answer : ipsofwd list

Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway?


Options are :

  • fw unload
  • fw unload local
  • fw unloadlocal (Correct)
  • cpstop

Answer : fw unloadlocal

156-315.71 Check Point Security Expert R71 Practical Exam Set 2

For normal packet transmission of an accepted communication to a host protected by a Security Gateway, how many lines per packet are recorded on a packet analyzer like Wireshark using fw monitor?


Options are :

  • 4 (Correct)
  • 2
  • None
  • 3

Answer : 4

You are consulting with an Administrator who has locked himself out of SmartDashboard installed on a standalone SecurePlatform Security Gateway. Now, he cannot access the Security Management Server via SmartDashboard or any other SmartConsole tools. How can you get him reconnected to SmartDashboard?


Options are :

  • Run fw unlocklocal on the Security Management Server
  • Run fw uninstall localhost on the Security Gateway.
  • Run fw unloadlocal on the Security Gateway. (Correct)
  • Delete the $fwdir/database/manage.lock file and run cprestart.

Answer : Run fw unloadlocal on the Security Gateway.

What is the desired outcome when running the command cpinfo -z -o cpinfo.out?


Options are :

  • Send output to a file called cpinfo.out without address resolution.
  • Send output to a file called cpinfo.out in compressed format. (Correct)
  • Send output to a file called cpinfo.out in usable format for the CP InfoView utility
  • Send output to a file called cpinfo.out and provide a screen print at the same time.

Answer : Send output to a file called cpinfo.out in compressed format.

156-315.77 Check Point Certified Security Expert Exam Set 10

Which command is used to uninstall the Security Policy directly from the Security Gateway?


Options are :

  • fw unloadlocal (Correct)
  • fwm unload.local
  • cpstop
  • .fwm load NULL

Answer : fw unloadlocal

A snapshot delivers a complete backup of SecurePlatform. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?


Options are :

  • As expert user, type the command snapshot -r MySnapshot.tgz.
  • As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.
  • Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
  • As expert user, type the command revert --file MySnapshot.tgz. (Correct)

Answer : As expert user, type the command revert --file MySnapshot.tgz.

Match each of the following commands to their correct function. Each command has one function only listed.


Options are :

  • C1>F2; C2>F4; C3>F1; C4>F5
  • C1>F6; C2>F4; C3>F2; C4>F5 (Correct)
  • C1>F2; C2>F1; C3>F6; C4>F4
  • C1>F4; C2>F6; C3>F3; C4>F2

Answer : C1>F6; C2>F4; C3>F2; C4>F5

156-315.77 Check Point Certified Security Expert Exam Set 6

Which of the following methods will provide the most complete backup of an R70 configuration?


Options are :

  • Copying the $FWDIR\conf and $CPDIR\conf directories to another server
  • upgrade_export command (Correct)
  • Database Revision Control
  • Policy Package Management

Answer : upgrade_export command

How is wear on the flash storage device mitigated on appliance diskless platforms?


Options are :

  • A RAM drive reduces the swap file "thrashing" which causes fast wear on the device. (Correct)
  • Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
  • PRAM flash devices are used, eliminating the longevity
  • The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.

Answer : A RAM drive reduces the swap file "thrashing" which causes fast wear on the device.

Which command enables IP forwarding on IPSO?


Options are :

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • clish -c ďset routing active enableĒ
  • ipsofwd on admin (Correct)
  • echo 0 > /proc/sys/net/ipv4/ip_forward

Answer : ipsofwd on admin

156-315.77 Check Point Certified Security Expert Exam Set 8

You are running a R70 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What backup method could be used to quickly put the secondary firewall into production?


Options are :

  • upgrade_export
  • manual backup
  • snapshot (Correct)
  • backup

Answer : snapshot

Which utility allows you to configure the DHCP service on SecurePlatform from the command line?


Options are :

  • sysconfig (Correct)
  • dhcp_cfg
  • cpconfig
  • ifconfig

Answer : sysconfig

Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you are both locked out of the firewall that is called "myfw1". What command would you execute on your system console on "myfw1" in order for you to push out a new Security Policy?


Options are :

  • fw ctl filter
  • cpstop
  • fw dbloadlocal
  • fw unloadlocal (Correct)

Answer : fw unloadlocal

156-215.71 Check Point Certified Security Administrator Exam Set 4

You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a SecurePlatform. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.


Options are :

  • ifconfig -a
  • ethtool
  • eth_set (Correct)
  • mii_tool

Answer : eth_set

Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy?


Options are :

  • fw monitor
  • fw ctl pstat
  • cp stat
  • fw stat (Correct)

Answer : fw stat

John is the Security Administrator in his company. He needs to maintain the highest level of security on the firewalls he manages. He is using Check Point R70. Does he need the IPS Software Blade for achieving this goal?


Options are :

  • No, the Gateway will always be protected and the IPS checks canít be managed without a license.
  • No, all IPS protections are active, but canít be updated without the license like SmartDefense.
  • Yes, otherwise no protections can be enabled. (Correct)
  • Yes, otherwise the firewall will pass all traffic unfiltered and unchecked.

Answer : Yes, otherwise no protections can be enabled.

Check Point Certified Security Expert Exam Set 12

Your primary Security Management Server runs on SecurePlatform. What is the easiest way to back up your Security Gateway R70 configuration, including routing and network configuration files?


Options are :

  • Using the native SecurePlatform backup utility from command line or in the Web based user interface. (Correct)
  • Copying the $FWDIR/conf and $FWDIR/lib directory to another location.
  • Run the pre_upgrade_verifier and save the .tgz file to the /temp directory.
  • Using the upgrade_export command

Answer : Using the native SecurePlatform backup utility from command line or in the Web based user interface.

Which command line interface utility allows the administrator to verify the name and timestamp of the Security Policy currently installed on a firewall module?


Options are :

  • fw stat (Correct)
  • cpstat fwd
  • fw ctl pstat
  • fw ver

Answer : fw stat

In previous versions, the full TCP three-way handshake was sent to the firewall kernel for inspection. How is this improved in the current version of IPSO Flows/SecureXL?


Options are :

  • Resources are proactively assigned using predictive algorithmic techniques.
  • Only the initial SYN packet is inspected. The rest are handled by IPSO. (Correct)
  • Packets are offloaded to a third-party hardware card for near-line inspection.
  • Packets are virtualized to a RAM drive-based FW VM.

Answer : Only the initial SYN packet is inspected. The rest are handled by IPSO.

156-315.71 Check Point Security Expert R71 Practical Exam Set 8

John currently administers a network using NGX R65.4 on the Security Management Server and NGX R65.2.100 (the VOIP release with the VOIP plug-ins enabled). He wants to upgrade to R70 to get the benefits of Check Pointís Software Blades. What would be the best way of doing this?


Options are :

  • Just insert the R70 CD-ROM and run the in-place upgrade
  • This can not be done yet as R70 can not manage NGX R65 Gateways due to SmartDefense and IPS mismatch problems.
  • Run upgrade_export on R65 management, then install R70 on this machine and run upgrade_import and relicense the systems to use software blades.
  • This is not supported today as currently the VOIP Software Blade and VOIP plug-in is not available in R70. (Correct)

Answer : This is not supported today as currently the VOIP Software Blade and VOIP plug-in is not available in R70.

ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:


Options are :

  • Export setup
  • GUI Clients (Correct)
  • DHCP Server configuration
  • Time & Date

Answer : GUI Clients

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions