156-215.70 Check Point Certified Security Administrator Exam Set 2

Amy is unsure that her nightly backup configured from the Check Point backup tool is working. If she logged into her Gateway using SSH, in which directory would she find her nightly backups?


Options are :

  • /var/backups
  • /backups
  • /opt/backups
  • /var/CPbackup/backups (Correct)

Answer : /var/CPbackup/backups

156-315.77 Check Point Certified Security Expert Exam Set 4

You need to back up the routing, interface, and DNS configuration information from your R70 SecurePlatform Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • Manual copies of the $FWDIR/conf directory
  • Database Revision Control
  • upgrade_export and upgrade_import commands
  • SecurePlatform backup utilities (Correct)

Answer : SecurePlatform backup utilities

Which operating systems are supported by a Check Point Security Gateway on an open server?


Options are :

  • Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
  • Check Point SecurePlatform and Microsoft Windows (Correct)
  • Check Point SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
  • Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows

Answer : Check Point SecurePlatform and Microsoft Windows

John currently administers a network using single CPU single core servers for the Security Gateways and is running R70. His company is now going to implement VOIP and needs more performance on the Gateways. He is now adding more memory to the systems and also upgrades the CPU to a modern quad core CPU in the server. He wants to use CoreXL technology to benefit from the new performance benchmarks of this technology. How can he achieve this?


Options are :

  • He just needs to go to cpconfig on the CLI and enable CoreXL. Only a restart of the firewall is required to benefit from CoreXL technology.
  • Nothing needs to be done. SecurePlatform recognized the change during reboot and adjusted all the settings automatically.
  • He needs to reinstall the Gateways because during the initial installation, it was a singlecore CPU but the wrong Linux kernel was installed. There is no other upgrade path available. (Correct)
  • He just needs to go to cpconfig on the CLI and enable CoreXL. After the required reboot he will benefit from the new technology.

Answer : He needs to reinstall the Gateways because during the initial installation, it was a singlecore CPU but the wrong Linux kernel was installed. There is no other upgrade path available.

156-315.77 Check Point Certified Security Expert Exam Set 6

Which of the following statements accurately describes the upgrade_export command?


Options are :

  • Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in the /lib directory and the /conf directory.
  • upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
  • upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of the Security Gateway. (Correct)

Answer : Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the conf directories for importing to a newer version of the Security Gateway.

Looking at a fw monitor capture in Wireshark, the initiating packet in Hide NAT translates on ________.


Options are :

  • o
  • O (Correct)
  • i
  • I

Answer : O

When restoring R70 using the upgrade_import command, which of the following items is NOT restored?


Options are :

  • Licenses
  • SIC Certificates
  • Route tables (Correct)
  • Global properties

Answer : Route tables

Check Point Certified Security Expert Exam Set 7

You intend to upgrade a Check Point Gateway from R65 to R70. Prior to upgrading, you want to backup the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?


Options are :

  • upgrade_export
  • backup (Correct)
  • database revision
  • snapshot

Answer : backup

Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway. What command do you need to run after stopping the firewall service?


Options are :

  • .ipsofwd slowpath
  • fw fwd routing
  • ipsofwd on admin (Correct)
  • fw load routed

Answer : ipsofwd on admin

How many inspection points are there as a packet passes through the Gateway?


Options are :

  • Depends on the number of interfaces on the Gateway
  • 1
  • 2
  • 4 (Correct)

Answer : 4

Check Point Certified Security Administrator Set 5

You are planning MegaCorp’s new security system. The company still has some older dualcore servers available which should be reused for the new firewall solution at the branch offices. What Check Point features should you enable and install to achieve high security and high throughput in the branch offices?


Options are :

  • Only IPS as CoreXL does nut run on only dual core CPUs
  • Not CoreXL nor IPS as this is only a branch office and needs less security
  • Only CoreXL as IPS would harm the performance too much on a dual core system
  • IPS and CoreXL together (Correct)

Answer : IPS and CoreXL together

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall, X. How do you configure this?


Options are :

  • Right-click on the object representing the specific administrator and select Firewall X in Policy Targets.
  • Put the one administrator in an Administrator group and bind this to the object Firewall X in the menu, Advanced > Permission to Install. (Correct)
  • Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
  • .In the General Properties of the object representing Firewall X, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.

Answer : Put the one administrator in an Administrator group and bind this to the object Firewall X in the menu, Advanced > Permission to Install.

If you run fw monitor without any parameters, where does the output display?


Options are :

  • On the console (Correct)
  • In /var/log/monitor.out
  • In /var/adm/monitor.out
  • .In /tmp/log/monitor.out

Answer : On the console

Check Point Certified Security Expert Exam Set 10

Which of the following statements accurately describes the snapshot command?


Options are :

  • snapshot creates a full system-level backup of the Security Management Server on any OS.
  • A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
  • snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway. (Correct)
  • snapshot stores only the system-configuration settings on the Gateway.

Answer : snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway.

You need to plan the company’s new security system. The company needs a very high level of security and also high performance and high throughput for their applications. You need to turn on most of the integrated IPS checks while maintaining high throughput. What would be the BEST solution for this scenario?


Options are :

  • You need to buy a strong multi-core machine and run R70 or later on SecurePlatform with CoreXL technology enabled. (Correct)
  • The IPS system does not affect the firewall performance and CoreXL is not needed in this scenario.
  • Bad luck, both together cannot be achieved.
  • The IPS does not run when CoreXL is enabled.

Answer : You need to buy a strong multi-core machine and run R70 or later on SecurePlatform with CoreXL technology enabled.

Your R70 primary Security Management Server is installed on SecurePlatform. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?


Options are :

  • Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
  • Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.
  • Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object (Correct)
  • On a SecurePlatform Security Management Server, this can only be accomplished by configuring the fw logswitch command via the cron utility

Answer : Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object

156-315.71 Check Point Security Expert R71 Practice Exam Set 3

Which of the following options is available with the SecurePlatform cpconfig utility?


Options are :

  • GUI Clients (Correct)
  • Export setup
  • Time & Date
  • DHCP Server configuration

Answer : GUI Clients

Which of the following tools is used to generate a Security Gateway R70 configuration report?


Options are :

  • ethereal
  • infoview
  • licview
  • cpinfo (Correct)

Answer : cpinfo

Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?


Options are :

  • A backup cannot be restored, because the binary files are missing.
  • The restore is done by selecting “Snapshot Management“ from the boot menu of SecurePlatform.
  • The restore can be done easily by the command “restore“ and selecting the appropriate backup file.
  • The restore is not possible because the backup file does not have the same build number (version). (Correct)

Answer : The restore is not possible because the backup file does not have the same build number (version).

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

Where is the IPSO Boot Manager physically located on an IP Appliance?


Options are :

  • On built-in compact Flash memory (Correct)
  • On the platform’s BIOS
  • On an external jump drive
  • In the /nvram directory

Answer : On built-in compact Flash memory

How do you control the maximum number of mail messages in a spool directory?


Options are :

  • In the Security Server window in Global Properties
  • In IPS SMTP settings
  • In the Gateway object's SMTP settings under the Advanced window (Correct)
  • .In the smtp.conf file on the Security Management Server

Answer : In the Gateway object's SMTP settings under the Advanced window

156-315.77 Check Point Certified Security Expert Exam Set 16

What rules send log information to Dshield.org when Storm Center is configured?


Options are :

  • Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts (Correct)
  • Determined by the Dshield Storm Center Logging setting in Logs and Masters of the Security Management Server object: rules with tracking set to Log or None
  • Determined by the Global Properties configuration: Logs defined in the Log and Alerts section, rules with tracking set to Account or SNMP trap
  • Determined in Web Intelligence, configuration: Information Disclosure is configured; rules with tracking set to User Defined Alerts or SNMP trap

Answer : Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts

In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the SeiNrity Gateway to communicate to the Security Management Server on port______.


Options are :

  • 257 (Correct)
  • 900
  • 259
  • 256

Answer : 257

In which IKE phase are IKE SA’s negotiated?


Options are :

  • .Phase 1 (Correct)
  • Phase 4
  • Phase 3
  • Phase 2

Answer : .Phase 1

156-315.71 Check Point Security Expert R71 Practical Exam Set 7

A security audit has determined that your unpatched Web application server is accessing a SQL server. Which IPS setting will allow the Security Gateway to prevent this error page from displaying information about the SQL server in your DMZ?


Options are :

  • In Web Intelligence > Information Disclosure > Error Concealment (Correct)
  • In Web Intelligence > General > HTTP Protocol Inspection, enable ASCII Only Response Headers
  • In Application Intelligence > FingerPrint Scrambling > WEB Apps, select the Scramble error messages checkbox
  • In Web Intelligence > HTTP Protocol Inspection, select the box Enforce strict HTTP response parsing

Answer : In Web Intelligence > Information Disclosure > Error Concealment

Which of the following actions take place in IKE Phase 2 with Perfect Forward Secrecy disabled?


Options are :

  • Each Security Gateway generates a private Diffie-Hellman (DH) key from random pools.
  • Peers authenticate using certificates or preshared secrets.
  • Symmetric IPsec keys are generated. (Correct)
  • The DH public keys are exchanged.

Answer : Symmetric IPsec keys are generated.

Antivirus protection on a Check Point Gateway is available for all of the following protocols, EXCEPT:


Options are :

  • POP3
  • FTP
  • TELNET (Correct)
  • HTTP

Answer : TELNET

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

Phase 2 uses ___________, if not using Perfect Forward Secrecy.


Options are :

  • Symmetric (Correct)
  • Asymmetric
  • Conditional
  • Sequential

Answer : Symmetric

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?


Options are :

  • vpn debug ipsec
  • vpn tu (Correct)
  • fw ipsec tu
  • vpn ipsec

Answer : vpn tu

Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:


Options are :

  • Host Port Scan
  • Malicious Code Protector
  • Sweep Scan protection (Correct)
  • Malware Scan protection

Answer : Sweep Scan protection

156-215.75 Check Point Certified Security Administrator Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions