156-215.70 Check Point Certified Security Administrator Exam Set 8

Which command allows verification of the Security Policy name and install date on a Security Gateway?


Options are :

  • fw ctl pstat -policy
  • fw show policy
  • fw stat -l (Correct)
  • fw ver -p

Answer : fw stat -l

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?


Options are :

  • SmartView Tracker > Audit Tab > Gateway Counters
  • This can only be monitored by a user-defined script.
  • Real Time Monitor > Gateway Settings > Status Monitor
  • SmartView Monitor > Gateway Status > Threshold Settings (Correct)

Answer : SmartView Monitor > Gateway Status > Threshold Settings

156-315.77 Check Point Certified Security Expert Exam Set 4

Which R70 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • SmartView Status
  • SmartView Monitor (Correct)
  • SmartUpdate
  • None, SmartConsole applications only communicate with the Security Management Server.

Answer : SmartView Monitor

In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which is of the following is NOT true?


Options are :

  • .If you chose Automatic NAT instead, all necessary entries are done for you.
  • When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
  • When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway’s internal interface IP address. (Correct)
  • When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.

Answer : When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway’s internal interface IP address.

The fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Phase two key negotiation
  • Address translation (Correct)
  • User data base corruption
  • .Log Consolidation Engine

Answer : Address translation

156-315.77 Check Point Certified Security Expert Exam Set 3

A security audit has determined that your unpatched Web application server is accessing a SQL server. You believe that you have enabled the proper IPS setting but would like to verify this using SmartView Tracker. Which of the following entries confirms that this information is being blocked against attack?


Options are :

  • "ASCII Only Response Header detected: SQL"
  • "Concealed HTTP response [SQL Server]. (Error Code WSE0160003)" (Correct)
  • "HTTP response spoofing: remove signature [SQL Server]"
  • "Fingerprint Scrambling: Changed [SQL] to [Perl]"

Answer : "Concealed HTTP response [SQL Server]. (Error Code WSE0160003)"

Nancy has lost SIC communication with her Security Gateway and she needs to reestablish SIC. What would be the correct order of steps needed to perform this task?


Options are :

  • 2, 5, 1, 4 (Correct)
  • 2, 3, 1, 4
  • 5, 1, 4, 2
  • 3, 1, 4, 2

Answer : 2, 5, 1, 4

156-315.77 Check Point Certified Security Expert Exam Set 6

A Security Policy has several database versions. What configuration remains the same no matter which version is used?


Options are :

  • Internal Certificate Authority (ICA) certificate (Correct)
  • Objects_5_0.C
  • Rule Bases_5_0.fws
  • fwauth.NDB

Answer : Internal Certificate Authority (ICA) certificate

The SIC certificate is stored in the _______________ directory.


Options are :

  • $CPDIR/registry
  • $CPDIR/conf (Correct)
  • $FWDIR/database
  • $FWDIR/conf

Answer : $CPDIR/conf

When you run the fw monitor -e "accept;" command, what type of traffic is captured?


Options are :

  • Only inbound traffic, before and after the inbound kernel.
  • Only outbound traffic, before and after the outbound kernel.
  • All traffic coming in all directions, before and after inbound and outbound kernels (Correct)
  • All traffic accepted by the Rule Base.

Answer : All traffic coming in all directions, before and after inbound and outbound kernels

Check Point Certified Security Expert Exam Set 12

To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use?


Options are :

  • InfoView
  • cpinfo
  • snoop
  • tcpdump (Correct)

Answer : tcpdump

John is the Security Administrator in his company. He installs a new R70 Security Management Server and a new R70 Gateway. He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is displayed in SmartDashboard, but SIC still does not seem to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?


Options are :

  • The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid. (Correct)
  • This must be a human error.
  • It always works when the trust is established.
  • SIC does not function over the network.

Answer : The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.

You run cpconfig to reset SIC on the Security Gateway. After the SIC reset operation is complete, the policy that will be installed is the:


Options are :

  • Default filter.
  • Standard policy.
  • Initial policy. (Correct)
  • .Last policy that was installed.

Answer : Initial policy.

156-315.65 Check Point Security Administration NGX R65 Exam Set 1

Which item below in a Security Policy would be enforced first?


Options are :

  • Administrator-defined Rule Base
  • Network Address Translation
  • Security Policy “First” rule
  • IP spoofing/IP options (Correct)

Answer : IP spoofing/IP options

Which of the below is the MOST correct process to reset SIC from SmartDashboard?


Options are :

  • Run cpconfig, and click Reset.
  • Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key. (Correct)
  • Run cpconfig, and select Secure Internal Communication > Change One Time Password.
  • Click Reset in the Communication window of the Gateway object, and type a new activation key.

Answer : Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.

Which Check Point address translation method allows an administrator to use fewer ISPassigned IP addresses than the number of internal hosts requiring Internet connectivity?


Options are :

  • Static Destination
  • Hide (Correct)
  • Dynamic Destination
  • Static Source

Answer : Hide

156-315.77 Check Point Certified Security Expert Exam Set 9

Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows: Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5. The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet. Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?


Options are :

  • Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3. (Correct)
  • Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.
  • Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
  • Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

Answer : Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.

When you hide a rule in a Rule Base, how can you then disable the rule?


Options are :

  • Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule. (Correct)
  • .Hidden rules are already effectively disabled from Security Gateway enforcement.
  • Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).
  • Right-click on the hidden rule place-holder bar and select Disable Rule(s).

Answer : Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

A _______ rule is used to prevent all traffic going to the R70 Security Gateway.


Options are :

  • IPS
  • Stealth (Correct)
  • Reject
  • Cleanup

Answer : Stealth

Check Point Certified Security Expert Exam Set 10

You have installed a R70 Security Gateway on SecurePlatform. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?


Options are :

  • The Gateway object is not specified in the Install On column of the first policy rule.
  • .No Masters file is created for the new Gateway
  • The object was created with Node > Gateway. (Correct)
  • The new Gateway's temporary license has expired.

Answer : The object was created with Node > Gateway.

Security Administrator, Anna has done the following: What will happen when she recreates the firewall object?


Options are :

  • Get interfaces will still show only the old interfaces but not the newly added ones.
  • Get interfaces will show all interfaces.
  • Creating the object will result in a "duplicate IP address" warning.
  • Establishing the SIC will fail. (Correct)

Answer : Establishing the SIC will fail.

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:


Options are :

  • Acceptance of IKE and RDP traffic for communication and encryption purposes.
  • Exclusion of specific services for reporting purposes. (Correct)
  • Specific traffic that facilitates functionality, such as logging, management, and key exchange.
  • Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.

Answer : Exclusion of specific services for reporting purposes.

156-315.71 Check Point Security Expert R71 Practical Exam Set 4

Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?


Options are :

  • Translates many destination IP addresses into one destination IP address
  • Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
  • Translates many source IP addresses into one source IP address (Correct)
  • One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Answer : Translates many source IP addresses into one source IP address

How can you activate the SNMP daemon on a Check Point Security Gateway?


Options are :

  • From cpconfig, select Activate SNMP extensions (Correct)
  • Using the command line, enter snmp_install
  • In SmartDashboard, right-click a Check Point object and select Activate SNMP
  • Any of these options will work.

Answer : From cpconfig, select Activate SNMP extensions

What happens if Web Server is checked?


Options are :

  • Web Intelligence will be applied to the host. (Correct)
  • An implied rule will be added allowing HTTP requests to the host.
  • An implied rule will be added allowing HTTP request from and to the host.
  • Anti-virus settings will be applied to the host.

Answer : Web Intelligence will be applied to the host.

156-215.77 Check Point Certified Security Administrator Exam Set 2

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:


Options are :

  • Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
  • For R70 Security Gateways are created during the Security Management Server installation.
  • Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
  • Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates. (Correct)

Answer : Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?


Options are :

  • Users being authenticated by Client Authentication have to re-authenticate. (Correct)
  • All connections are reset, so a policy install is recommended during announced downtime only.
  • All FTP downloads are reset; users have to start their downloads again.
  • Site-to-Site VPNs need to re-authenticate, so Phase I is passed again after installing the Security Policy.

Answer : Users being authenticated by Client Authentication have to re-authenticate.

When configuring the network interfaces of a Check Point Gateway, the direction can be defined as Internal or External. What is the meaning of Interface leads to DMZ?


Options are :

  • .Activating this option automatically turns this interface to “External”.
  • Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface.
  • When selecting this option, Anti-Spoofing is configured automatically to this net.
  • It defines the DMZ Interface since this information is necessary for Content Control. (Correct)

Answer : It defines the DMZ Interface since this information is necessary for Content Control.

Check Point Certified Security Expert Exam Set 2

What are the two basic rules which should be used by all Security Administrators?


Options are :

  • Cleanup and Administrator Access rules
  • Administrator Access and Stealth rules
  • Cleanup and Stealth rules (Correct)
  • Network Traffic and Stealth rules

Answer : Cleanup and Stealth rules

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?


Options are :

  • A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface (Correct)
  • The NAT IP address must be added to the anti-spoofing group of the external Gateway interface.
  • No extra configuration is needed.
  • A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.

Answer : A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions