156-215.70 Check Point Certified Security Administrator Exam Set 6

You are installing your R70 Security Gateway. Which is NOT a valid option for the hardware platform?


Options are :

  • IPSO
  • Windows
  • Crossbeam
  • Solaris (Correct)

Answer : Solaris

You find a suspicious FTP connection trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked?


Options are :

  • Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
  • Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped”.
  • Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view. (Correct)

Answer : Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

Which of these components does NOT require a Security Gateway R70 license?


Options are :

  • SmartConsole (Correct)
  • SmartUpdate upgrading/patching
  • Security Management Server
  • Check Point Gateway

Answer : SmartConsole

156-315.77 Check Point Certified Security Expert Exam Set 2

What action can be performed from SmartUpdate R70?


Options are :

  • upgrade_export
  • fw stat -l
  • cpinfo (Correct)
  • remote_uninstall_verifier

Answer : cpinfo

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?


Options are :

  • Rule 0 (Correct)
  • Cleanup Rule
  • Blank field under “Rule Number”
  • Rule 1

Answer : Rule 0

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with SecurePlatform, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?


Options are :

  • She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
  • She needs to run cpconfig to enable the ability to SCP files.
  • She needs to edit /etc/scpusers and add the Standard Mode account. (Correct)
  • She needs to run sysconfig and restart the SSH process

Answer : She needs to edit /etc/scpusers and add the Standard Mode account.

156-315.71 Check Point Security Expert R71 Practice Exam Set 2

MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?


Options are :

  • Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.
  • Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. (Correct)
  • Using the remote Gateway's IP address, and applying the license locally with the cplic put command.
  • .Using each of the Gateways’ IP addresses, and applying the licenses on the Security Management Server with the cprlic put command.

Answer : Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

You are the Security Administrator for MegaCorp and are enjoying your holiday. One day, you receive a call that some connectivity problems have occurred. Before the holiday, you configured the access from the holiday hotel to your Management Portal. You can see and analyze various objects. Which objects can you create?


Options are :

  • None. SmartPortal access is read-only (Correct)
  • Network objects, services and internal users
  • Security rules only
  • .Network objects and services

Answer : None. SmartPortal access is read-only

You administer a large, geographically distributed network. The Internet connection at a remote site failed during the weekend, and the Security Gateway logged locally for over 48 hours. It is possible that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application displays the percent of free harddisk space on the remote Security Gateway?


Options are :

  • SmartView Status
  • SmartUpdate
  • SmartView Tracker
  • SmartView Monitor (Correct)

Answer : SmartView Monitor

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

True or False: SmartView Monitor can be used to create alerts on a specified Gateway.


Options are :

  • False, alerts can only be set in SmartDashboard Global Properties.
  • True, by right-clicking on the Gateway and selecting Configure Thresholds. (Correct)
  • False, an alert cannot be created for a specified Gateway.
  • True, by choosing the Gateway and selecting System Information.

Answer : True, by right-clicking on the Gateway and selecting Configure Thresholds.

What action CANNOT be run from SmartUpdate R70?


Options are :

  • Reboot Gateway
  • Preinstall verifier
  • Fetch sync status (Correct)
  • Get all Gateway Data

Answer : Fetch sync status

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It contains your security configuration, which could be exploited. (Correct)
  • It will conflict with any future upgrades when using SmartUpdate.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
  • SmartUpdate will start a new installation process if the machine is rebooted.

Answer : It contains your security configuration, which could be exploited.

156-315.71 Check Point Security Expert R71 Practical Exam Set 2

You are using SmartUpdate to fetch data and perform a remote upgrade to a R70 Security Gateway. Which of the following statements is FALSE?


Options are :

  • SmartUpdate can query the Security Management Server and Gateway for product information.
  • SmartUpdate can query license information running locally on the Gateway
  • A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway. (Correct)
  • .If SmartDashboard is open during package upload and upgrade, the upgrade will fail.

Answer : A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway.

SmartView Tracker R70 consists of three different modes. They are:


Options are :

  • Log, Active, and Audit
  • Network & Endpoint, Active, and Management (Correct)
  • Log, Track, and Management
  • .Log, Active, and Management

Answer : Network & Endpoint, Active, and Management

You are Security Administrator for a large call center. The management team is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center’s network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. Which option do you use to determine the number of packets dropped by each Gateway?


Options are :

  • SmartView Status
  • SmartDashboard
  • SmartView Monitor (Correct)
  • SmartView Tracker

Answer : SmartView Monitor

Check Point Certified Security Expert Exam Set 7

How do you configure an alert in SmartView Monitor?


Options are :

  • By right-clicking on the Gateway, and selecting System Information.
  • By right-clicking on the Gateway, and selecting Properties.
  • By choosing the Gateway, and Configure Thresholds. (Correct)
  • An alert cannot be configured in SmartView Monitor.

Answer : By choosing the Gateway, and Configure Thresholds.

You would use the Hide Rule feature to:


Options are :

  • Hide rules from a SYN/ACK attack.
  • Hide rules from “read-only” administrators.
  • View only a few rules without the distraction of others. (Correct)
  • Make rules invisible to incoming packets

Answer : View only a few rules without the distraction of others.

Check Point Certified Security Expert Exam Set 10

The fw monitor utility would be best to troubleshoot which of the following problems?


Options are :

  • A user in the user database is corrupt
  • A statically NATed Web server behind a Security Gateway cannot be reached from the Internet. (Correct)
  • An error occurs when editing a network object in SmartDashboard.
  • You get an invalid ID error in SmartView Tracker for phase 2 IKE key negotiation.

Answer : A statically NATed Web server behind a Security Gateway cannot be reached from the Internet.

How do you view a Security Administrator's activities with SmartConsole?


Options are :

  • SmartView Tracker in the Network and Endpoint tabs
  • SmartView Tracker in the Management tab (Correct)
  • Eventia Suite
  • SmartView Monitor using the Administrator Activity filter

Answer : SmartView Tracker in the Management tab

Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?


Options are :

  • Display Payload View
  • This is not a SmartView Tracker feature (Correct)
  • Network and Endpoint Tab
  • Display Capture Action

Answer : This is not a SmartView Tracker feature

156-215.13 Check Point Certified Security Administrator Exam Set 10

You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package’s NAT rules?


Options are :

  • NAT rules will be empty in the new package.
  • Rules 1, 3, 4 and 5 will appear in the new package.
  • Rules 1 and 5 will be appear in the new package.
  • Rules 2, 3 and 4 will appear in the new package. (Correct)

Answer : Rules 2, 3 and 4 will appear in the new package.

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?


Options are :

  • .Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
  • Run fwm_dbexport to export the user database. Select “restore the entire database” in the Database Revision screen. Then, run fwm_dbimport.
  • Restore the entire database, except the user database. (Correct)
  • Restore the entire database, except the user database, and then create the new user and user group.

Answer : Restore the entire database, except the user database.

You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?


Options are :

  • In SmartDashboard, select IPS > Network Security > Denial of Service.
  • Modify the Rule Base to drop these connections from the network.
  • In SmartView Tracker, select Tools > Block Intruder. (Correct)
  • .In SmartView Monitor, select Tools > Suspicious Activity Rules.

Answer : In SmartView Tracker, select Tools > Block Intruder.

156-315.77 Check Point Certified Security Expert Exam Set 23

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R70 topology configuration?


Options are :

  • Any (Correct)
  • Not Defined
  • External
  • Specific

Answer : Any

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.


Options are :

  • destination on client side (Correct)
  • destination on server side
  • source on client side
  • source on server side

Answer : destination on client side

You are a Security Administrator who has installed Security Gateway R70 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following: Do the above settings limit the partner’s access?


Options are :

  • No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing. (Correct)
  • Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
  • No. The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server.
  • Yes. Both of these settings are only applicable to automatic NAT rules

Answer : No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.

156-315.77 Check Point Certified Security Expert Exam Set 2

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the external interface of the firewall and the Internet. What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?


Options are :

  • Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address. (Correct)
  • Place a static host route on the firewall for the valid IP address to the internal Web server
  • Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.
  • Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address

Answer : Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?


Options are :

  • User-defined alert script (Correct)
  • SmartView Monitor Threshold
  • SNMP trap
  • Logging implied rules

Answer : User-defined alert script

A Hide NAT rule has been created which includes a source address group of ten (10) networks and three (3) other group objects (containing 4, 5, and 6 host objects respectively). Assuming all addresses are non-repetitive, how many effective rules have you created?


Options are :

  • 2
  • 13
  • 25 (Correct)
  • 1

Answer : 25

156-215.77 Check Point Certified Security Administrator Exam Set 4

Where are custom queries stored in R70 SmartView Tracker?


Options are :

  • On the Security Management Server tied to the GUI client IP.
  • On the SmartView Tracker PC local file system shared by all users of that local PC.
  • On the Security Management Server tied to the Administrator User Database login name (Correct)
  • On the SmartView Tracker PC local file system under the user's profile.

Answer : On the Security Management Server tied to the Administrator User Database login name

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions