156-215.70 Check Point Certified Security Administrator Exam Set 7

You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?


Options are :

  • SmartView Tracker (Correct)
  • Eventia Monitor
  • Eventia Tracker
  • SmartView Monitor

Answer : SmartView Tracker

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:


Options are :

  • IP addresses.
  • MAC addresses
  • SIC names. (Correct)
  • SIC is not NAT-tolerant

Answer : SIC names.

156-315.77 Check Point Certified Security Expert Exam Set 7

You want to display log entries containing information from a specific column in the SmartView Tracker. If you want to see ONLY those entries, what steps would you take?


Options are :

  • Left-click column, Search > Add string > Apply Filter
  • Right-click column, Edit Filter > Specific > Add > OK (Correct)
  • Right-click column, Search…> Add string > Apply Filter
  • Left-click column, Specific > Add > Apply Filter

Answer : Right-click column, Edit Filter > Specific > Add > OK

You can export SmartMap to which type of file(s)?


Options are :

  • SmartMap cannot be exported in R60 through R70
  • Microsoft Visio and GIF
  • Microsoft Visio, bitmap, or JPEG (Correct)
  • Adobe Photoshop and JPEG

Answer : Microsoft Visio, bitmap, or JPEG

Which SmartConsole tool would you use to see the last policy pushed in the audit log?


Options are :

  • SmartView Tracker (Correct)
  • SmartView Server
  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Status

Answer : SmartView Tracker

156-315.77 Check Point Certified Security Expert Exam Set 24

Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?


Options are :

  • .fw stat
  • cpstat fw -f policy
  • Check the name of the Security Policy of the appropriate Gateway in SmartView Monitor.
  • fw ctl get string active_secpol (Correct)

Answer : fw ctl get string active_secpol

You are a Security Administrator using one Security Management Server managing three different firewalls. One of the firewalls does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is a possible cause?


Options are :

  • The firewall is not listed in the Policy Installation Targets screen for this policy package (Correct)
  • The firewall has failed to sync with the Security Management Server for 60 minutes
  • The firewall object has been created but SIC has not yet been established.
  • The license for this specific firewall has expired.

Answer : The firewall is not listed in the Policy Installation Targets screen for this policy package

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?


Options are :

  • Translate destination on client-side (Correct)
  • Enable IP Pool NAT
  • Allow bi-directional NAT
  • Automatic ARP configuration

Answer : Translate destination on client-side

156-315.77 Check Point Certified Security Expert Exam Set 3

Which specific R70 GUI would you use to add an address translation rule?


Options are :

  • SmartConsole
  • SmartView Monitor
  • SmartNAT
  • SmartDashboard (Correct)

Answer : SmartDashboard

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:


Options are :

  • Purges the current log file, and prompts you for the new log’s mode.
  • Saves the current log file, names the log file by date and time, and starts a new log file. (Correct)
  • Purges the current log file, and starts a new log file.
  • Prompts you to enter a filename, and then saves the log file.

Answer : Saves the current log file, names the log file by date and time, and starts a new log file.

You are about to test some rule and object changes suggested in an R70 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?


Options are :

  • Manual copies of the $FWDIR/conf directory
  • Database Revision Control (Correct)
  • upgrade_export command
  • SecurePlatform backup utilities

Answer : Database Revision Control

156-315.77 Check Point Certified Security Expert Exam Set 9

In a Hide NAT connection outbound, which portion of the packet is modified?


Options are :

  • Source IP address and destination port
  • Destination IP address and destination port
  • Source IP address and source port (Correct)
  • Destination IP address and destination port

Answer : Source IP address and source port

Which of the following is NOT a valid selection for tracking and controlling packets in R70?


Options are :

  • Accept
  • Hold (Correct)
  • Session Auth
  • Reject

Answer : Hold

Where can an administrator configure the notification action in the event of a policy install time change?


Options are :

  • SmartView Tracker > Audit Log
  • SmartView Monitor > Gateways > Thresholds Settings (Correct)
  • SmartDashboard > Security Gateway Object > Advanced Properties Tab
  • SmartDashboard > Policy Package Manager

Answer : SmartView Monitor > Gateways > Thresholds Settings

156-215.70 Check Point Certified Security Administrator Exam Set 7

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?


Options are :

  • The POP3 rule is hidden. (Correct)
  • POP3 is accepted in Global Properties.
  • POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default “mail” object in R70.
  • The POP3 rule is disabled

Answer : The POP3 rule is hidden.

When you add a resource object to a rule, which of the following occurs?


Options are :

  • All packets matching the resource service are analyzed through an application-layer proxy (Correct)
  • All packets matching that rule are either encrypted or decrypted by the defined resource.
  • Users attempting to connect to the destination of the rule will be required to authenticate.
  • All packets that match the resource will be dropped

Answer : All packets matching the resource service are analyzed through an application-layer proxy

A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?


Options are :

  • SmartView Status
  • SmartDashboard (Correct)
  • SmartView Monitor
  • SmartView Tracker

Answer : SmartDashboard

156-215.13 Check Point Certified Security Administrator Exam Set 10

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties > NAT.) When you run fw monitor on the R70 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?


Options are :

  • o=outbound kernel, before the virtual machine
  • I=inbound kernel, after the virtual machine (Correct)
  • O=outbound kernel, after the virtual machine
  • i=inbound kernel, before the virtual machine

Answer : I=inbound kernel, after the virtual machine

Which R70 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?


Options are :

  • Policy Package management (Correct)
  • Database Revision Control
  • upgrade_export/upgrade_import
  • fwm dbexport/fwm dbimport

Answer : Policy Package management

A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?


Options are :

  • A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box. (Correct)
  • A Gateway object created using the Check Point > Security Gateway option in the network objects, dialog box, but still needs to configure the interfaces for the Security Gateway object.
  • Secure Internal Communications (SIC) not configured for the object.
  • Anti-spoofing not configured on the interfaces on the Gateway object.

Answer : A Gateway object created using the Check Point > Externally Managed VPN Gateway option from the Network Objects dialog box.

Check Point Certified Security Administrator Set 5

SmartView Tracker logs the following Security Administrator activities, EXCEPT:


Options are :

  • Tracking SLA compliance (Correct)
  • Object creation, deletion, and editing
  • Rule Base changes
  • Administrator login and logout

Answer : Tracking SLA compliance

You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface. What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers’ public IP addresses?


Options are :

  • When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers. (Correct)
  • When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZ’s interface
  • When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
  • When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the DMZ interface of the Security Gateway.

Answer : When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?


Options are :

  • Configure Automatic Static NAT on network 10.10.20.0/24
  • .Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule
  • Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service
  • Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24 (Correct)

Answer : Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24

156-315.77 Check Point Certified Security Expert Exam Set 23

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the order of the rules if both methods are used together? Give the best answer.


Options are :

  • The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range. (Correct)
  • The position of the rules depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.
  • The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
  • The Administrator decides on the order of the rules by shifting the corresponding rules up and down

Answer : The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

Static NAT connections, by default, translate on which inspection point of the firewall kernel?


Options are :

  • Outbound
  • Inbound (Correct)
  • Eitherbound
  • Post-inbound

Answer : Inbound

You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?


Options are :

  • SmartView Tracker in Network and Endpoint Mode
  • SmartView Tracker in Active Mode
  • SmartView Tracker in Management Mode (Correct)
  • SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.

Answer : SmartView Tracker in Management Mode

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?


Options are :

  • Define two log servers on the R70 Gateway object. Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
  • In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting. (Correct)
  • Check the Log Implied Rules Globally box on the R70 Gateway object.
  • Install the “View Implicit Rules” package using SmartUpdate.

Answer : In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?


Options are :

  • Network and Endpoint tab
  • Active tab
  • Custom filter
  • Management tab (Correct)

Answer : Management tab

What happens when you select File > Export from the SmartView Tracker menu?


Options are :

  • Exported log entries are not viewable in SmartView Tracker.
  • Logs in fw.log are exported to a file that can be opened by Microsoft Excel. (Correct)
  • Exported log entries are deleted from fw.log
  • Current logs are exported to a new *.log file.

Answer : Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

Check Point Certified Security Expert Exam Set 4

Which of the following R70 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?


Options are :

  • Active Tab (Correct)
  • Audit Tab
  • Account Query
  • All Records Query

Answer : Active Tab

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions