156-215.70 Check Point Certified Security Administrator Exam Set 5

You have blocked an IP address via the Block Intruder feature of SmartView Tracker. How can you view the blocked addresses?


Options are :

  • Run fwm blocked_view.
  • In SmartView Tracker, click the Active tab, and the actively blocked connections displays.
  • In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list. (Correct)
  • In SmartView Monitor, select the Blocked Intruder option from the query tree view.

Answer : In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list.

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:


Options are :

  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
  • SmartUpdate wizard walks the Administrator through a distributed installation.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

In which directory do you install the R70 pre-upgrade verifier on a SecurePlatform Security Management Server?


Options are :

  • In $FWDIR/bin.
  • It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations. (Correct)
  • It does not matter as long as the Administrator uses chmod to permit the file to execute.
  • In $FWDIR/conf.

Answer : It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations.

Which of the following statements about service contracts, i.e., Certificate, software subscription, or support contract, is FALSE?


Options are :

  • Most software-subscription contracts are permanent, and need not be renewed after a certain time passes. (Correct)
  • The contract file is stored on the Security Management Server and downloaded to all Security Gateways during the upgrade process.
  • Service Contracts can apply for an entire User Center account.
  • A service contract can apply only for a single set of Security Gateways managed by the same Security Management Server.

Answer : Most software-subscription contracts are permanent, and need not be renewed after a certain time passes.

What is the command to upgrade a SecurePlatform NG with Application Intelligence R55 Management Server to R70?


Options are :

  • patch add cd (Correct)
  • upgrade_mgmt
  • fwm upgrade_tool
  • fw install_mgmt

Answer : patch add cd

You plan to upgrade from R65 to R70 Software Blades. Do you need new licenses and license strings for this scenario?


Options are :

  • Yes, the upgrade will do an automatic conversion in the User Center, but you will need to reattach the new licenses.
  • Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgraded systems with the new Software Blades licenses. (Correct)
  • No, the upgrade will preserve licenses.
  • No, the upgrade will convert all licenses to R70.

Answer : Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgraded systems with the new Software Blades licenses.

Which R70 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?


Options are :

  • SmartView Status
  • SmartView Monitor (Correct)
  • SmartEvent
  • SmartUpdate

Answer : SmartView Monitor

Each grocery store in a regional chain is protected by a Security Gateway. The informationtechnology audit department wants a report including: The name of the Security Policy installed on each remote Security Gateway. The date and time the Security Policy was installed. General performance statistics (CPU Use, average CPU time, active real memory, etc.). Which one SmartConsole application can you use to gather all this information?


Options are :

  • SmartView Tracker
  • SmartDashboard
  • SmartUpdate
  • SmartView Monitor (Correct)

Answer : SmartView Monitor

Which of the following can be found in cpinfo from an enforcement point?


Options are :

  • VPN keys for all established connections to all enforcement points
  • The complete file objects_5_0.c
  • Policy file information specific to this enforcement point (Correct)
  • Everything NOT contained in the file r2info

Answer : Policy file information specific to this enforcement point

What’s the difference between the SmartView Tracker Tools section in R70 and NGX R65?


Options are :

  • Using R70, you can choose a program to view captured packets. (Correct)
  • Enable Warning Dialogs option is not available in R70.
  • Tools section in R70 is exactly the same as the tools section in R65.
  • R70 adds a new option to send ICMP packets to the source/destination address of the log event.

Answer : Using R70, you can choose a program to view captured packets.

How do you use SmartView Monitor to compile traffic statistics for your company’s Internet activity during production hours?


Options are :

  • View total packets passed through the Security Gateway.
  • Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
  • Select the Tunnels view, and generate a report on the statistics.
  • Use the Traffic Counters settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. (Correct)

Answer : Use the Traffic Counters settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.

In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?


Options are :

  • Do nothing. Old logs are deleted, until free space is restored.
  • Use the fwm logexport command to export the old log files to another location.
  • Configure a script to run fw logswitch and SCP the output file to a separate file server. (Correct)
  • Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.

Answer : Configure a script to run fw logswitch and SCP the output file to a separate file server.

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.


Options are :

  • In the SmartView Tracker, if you activate the column Matching Rate
  • In SmartReporter, in the section Firewall Blade - Activity > Network Activity with information concerning Top Matched Logged Rules.
  • SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules. (Correct)
  • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

Answer : SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

The R70 fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Traffic issues (Correct)
  • User data base corruption
  • Phase two key negotiation
  • Log Consolidation Engine

Answer : Traffic issues

After installing Security Gateway R70, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a Get Topology request. What is the most likely cause and solution?


Options are :

  • Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R70 Hotfix Accumulator (HFA).
  • If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI. (Correct)
  • The NIC is faulty. Replace it and reinstall.
  • Make sure the driver for your particular NIC is available, and reinstall. You will be prompted for the driver.

Answer : If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI.

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?


Options are :

  • Select Block intruder from the Tools menu in SmartView Tracker
  • Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
  • Create a Suspicious Activity Rule in SmartView Monitor. (Correct)
  • Add a “temporary” rule using SmartDashboard and select hide rule.

Answer : Create a Suspicious Activity Rule in SmartView Monitor.

Which feature in R70 permits blocking specific IP addresses for a specified time period?


Options are :

  • Block Port Overflow
  • Local Interface Spoofing
  • Suspicious Activity Monitoring (Correct)
  • HTTP Methods

Answer : Suspicious Activity Monitoring

One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
  • There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection. (Correct)
  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

Answer : There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

Which R70 GUI would you use to see the number of packets accepted since the last policy install?


Options are :

  • .SmartView Monitor (Correct)
  • SmartView Tracker
  • SmartDashboard
  • SmartView Status

Answer : .SmartView Monitor

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?


Options are :

  • 258
  • 256
  • 514
  • 257 (Correct)

Answer : 257

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?


Options are :

  • SSL: VPN
  • Data Loss Prevention
  • SmartEvent Intro
  • IPS (Correct)

Answer : IPS

What happens to evaluation licenses during the license-upgrade process?


Options are :

  • They are dropped.
  • They are upgraded with new available features.
  • They automatically expire.
  • They remain untouched, but may not activate all features of a new version. (Correct)

Answer : They remain untouched, but may not activate all features of a new version.

Where is the best place to find information about connections between two machines?


Options are :

  • On a Security Management Server, using SmartView Tracker (Correct)
  • All options are valid
  • On a Security Gateway Console interface; it gives you detailed access to log files and state table information
  • On a Security Gateway using the command fw log.

Answer : On a Security Management Server, using SmartView Tracker

A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?


Options are :

  • This information can only be viewed with fw ctl pstat command from the CLI.
  • SmartView Tracker
  • SmartView Monitor (Correct)
  • Eventia Analyzer

Answer : SmartView Monitor

One of your licenses is set for an IP address no longer in use. What happens to this license during the license-upgrade process?


Options are :

  • .It is upgraded with the previous features using the new IP address.
  • It is upgraded with new available features but the IP remains the same.
  • .It is dropped.
  • It remains untouched (Correct)

Answer : It remains untouched

A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?


Options are :

  • Configure Additional Logging on a separate log server. (Correct)
  • SmartReporter analyzes all network traffic, logged or not.
  • Turn the field Track of each rule to LOG
  • Network traffic cannot be analyzed when the Security Management Server has a high load.

Answer : Configure Additional Logging on a separate log server.

If a SmartUpdate upgrade or distribution operation fails on SecurePlatfom, how is the system recovered?


Options are :

  • The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
  • The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .
  • SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade. (Correct)
  • The Administrator must reinstall the last version via the command cprinstall revert .

    Answer : SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade.

    You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?


    Options are :

    • Simulate the license-upgrade process
    • Perform the actual license-upgrade process
    • View the status of currently installed licenses
    • View the licenses in the SmartUpdate License Repository (Correct)

    Answer : View the licenses in the SmartUpdate License Repository

    What information is found in the SmartView Tracker Management log?


    Options are :

    • SecurePlatform expert login event
    • FTP username authentication failure
    • Creation of an administrator using cpconfig
    • .Administrator SmartDashboard logout event (Correct)

    Answer : .Administrator SmartDashboard logout event

    Which tool CANNOT be launched from SmartUpdate R70?


    Options are :

    • SecurePlatform WebUI
    • cpinfo
    • IP Appliance Voyager
    • snapshot (Correct)

    Answer : snapshot

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions