156-215.70 Check Point Certified Security Administrator Exam Set 9

You issue the fw monitor command with no arguments. Which of the following inspection points will be displayed?


Options are :

  • After the virtual machine, in the outbound direction
  • All inspection points (Correct)
  • Before the virtual machine, in the inbound direction
  • Before the virtual machine, in the outbound direction

Answer : All inspection points

156-315.77 Check Point Certified Security Expert Exam Set 8

A _______ rule is designed to log and drop all other communication that does not match another rule.


Options are :

  • Reject
  • Anti-Spoofing
  • Stealth
  • Cleanup (Correct)

Answer : Cleanup

You installed Security Management Server on a computer using SecurePlatform in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second SecurePlatform computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?


Options are :

  • 2, 3, 4, 5, 1
  • 2, 3, 4, 1, 5
  • 2, 1, 3, 4, 5 (Correct)
  • 1, 3, 2, 4, 5

Answer : 2, 1, 3, 4, 5

How can you view cpinfo on a SecurePlatform machine?


Options are :

  • snoop -i
  • infotab
  • tcpdump
  • Text editor, such as vi (Correct)

Answer : Text editor, such as vi

Check Point Certified Security Expert Exam Set 5

You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?


Options are :

  • Run separate SmartConsole instances to login and configure each Security Gateway directly.
  • Create network objects that restrict all applicable rules to only certain networks.
  • Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
  • Create a separate Security Policy package for each remote Security Gateway. (Correct)

Answer : Create a separate Security Policy package for each remote Security Gateway.

NAT can NOT be configured on which of the following objects?


Options are :

  • Address Range
  • Host
  • Gateway
  • HTTP Logical Server (Correct)

Answer : HTTP Logical Server

A Clean-up rule is used to:


Options are :

  • Drop without logging connections that would otherwise be accepted and logged by default. (Correct)
  • Log connections that would otherwise be accepted without logging by default.
  • .Drop without logging connections that would otherwise be dropped and logged by default.
  • Log connections that would otherwise be dropped without logging by default.

Answer : Drop without logging connections that would otherwise be accepted and logged by default.

156-315.77 Check Point Certified Security Expert Exam Set 22

Which rule should be the Cleanup Rule in the Rule Base?


Options are :

  • Before last followed by the Stealth Rule
  • First. It explicitly accepts otherwise dropped traffic
  • Last. It explicitly drops otherwise accepted traffic
  • Last. It serves a logging function before the implicit drop. (Correct)

Answer : Last. It serves a logging function before the implicit drop.

You create implicit and explicit rules for the following network. The group object “internalnetworks” includes networks 10.10.10.0 and 10.10.20.0. Assume Accept ICMP requests is enabled as Before last in Global Properties.Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address? ICMP will be:


Options are :

  • dropped by the last implicit rule
  • dropped by rule 0.
  • accepted by rule 1. (Correct)
  • dropped by rule 2, the Cleanup Rule

Answer : accepted by rule 1.

You want to create an output file of the fw monitor command in ASCII format. What is the correct syntax to accomplish this task?


Options are :

  • fw monitor -e "accept;" -w /tmp/monitor.txt
  • fw monitor -e "accept;" -f > /tmp/monitor.txt
  • fw monitor -m iO -e "accept;" -o /tmp/monitor.txt
  • fw monitor -e "accept;" > /tmp/monitor.txt (Correct)

Answer : fw monitor -e "accept;" > /tmp/monitor.txt

156-315.77 Check Point Certified Security Expert Exam Set 5

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to www.google.com from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?


Options are :

  • Only one, inbound
  • Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • Only one, outbound (Correct)
  • Two, one for outbound, one for inbound

Answer : Only one, outbound

Because of a pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?


Options are :

  • Routing is not configured correctly.
  • Translate destination on client side is not checked in Global Properties under Manual NAT Rules. (Correct)
  • Manual NAT rules are not configured correctly.
  • Allow bi-directional NAT is not checked in Global Properties.

Answer : Translate destination on client side is not checked in Global Properties under Manual NAT Rules.

You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?


Options are :

  • .Install a separate local Security Management Server and SmartConsole for each remote Security Gateway
  • Create a separate Security Policy package for each remote Security Gateway and specify Install On >Gateways.
  • Create a single Security Policy package with Install on >Target defined whenever a unique rule is required for a specific Gateway. (Correct)
  • Run separate SmartDashboard instances to login and configure each Security Gateway directly

Answer : Create a single Security Policy package with Install on >Target defined whenever a unique rule is required for a specific Gateway.

156-315.77 Check Point Certified Security Expert Exam Set 4

To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?


Options are :

  • This cannot be configured since two selections (Service, Action) are not possible.
  • Ask your reseller to get a ticket for Check Point SmartUse and deliver him the cpinfo file of the Security Management Server.
  • .In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. (Correct)
  • .In SmartDashboard, right-click in the column field Service and select Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.

Answer : .In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.

Cara wants to monitor the top services on her Security Gateway (fw-chicago), but she is getting an error message. Other Security Gateways are reporting the information except a new Security Gateway that was just recently deployed. Analyze the error message from the output below and determine what Cara can do to correct the problem.


Options are :

  • She should let the monitoring run longer in order for it to collect sampled data
  • She should re-install the Security Policy on her Security Gateway since it was using the default Rule Base
  • She should edit the Security Gateway object and enable the Monitoring Software Blade. (Correct)
  • She should create a firewall rule to allow the CPMI traffic back to her SmartConsole.

Answer : She should edit the Security Gateway object and enable the Monitoring Software Blade.

Which of the following describes the default behavior of an R70 Security Gateway?


Options are :

  • Traffic not explicitly permitted is dropped. (Correct)
  • IP protocol types listed as “secure” are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.
  • All traffic is expressly permitted via explicit rules
  • Traffic is filtered using controlled port scanning

Answer : Traffic not explicitly permitted is dropped.

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

Which rules are not applied on a first-match basis?


Options are :

  • Client Authentication
  • User Authentication (Correct)
  • Session Authentication
  • Cleanup

Answer : User Authentication

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R70 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?


Options are :

  • Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
  • Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway. (Correct)
  • Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
  • Use automatic Static NAT for network 10.1.1.0/24.

Answer : Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

The Get Address button, found on the Host Node Object > General Properties page, will retrieve what?


Options are :

  • The fully qualified domain name
  • The Mac address
  • The domain name
  • The IP address (Correct)

Answer : The IP address

156-315.77 Check Point Certified Security Expert Exam Set 2

A Stealth rule is used to:


Options are :

  • Cloak the type of Web server in use behind the Security Gateway.
  • Use the Security Gateway to hide the border router from internal attacks
  • Prevent tracking of hosts behind the Security Gateway.
  • Prevent communication to the Security Gateway itself. (Correct)

Answer : Prevent communication to the Security Gateway itself.

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?


Options are :

  • When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
  • In the SmartDashboard main menu go to Policy > Policy Installation > Targets and select the correct firewall to be put into the list via Specific Targets. (Correct)
  • A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install.
  • A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.

Answer : In the SmartDashboard main menu go to Policy > Policy Installation > Targets and select the correct firewall to be put into the list via Specific Targets.

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?


Options are :

  • Dynamic Source Address Translation
  • Hide Address Translation
  • Port Address Translation
  • Static Destination Address Translation (Correct)

Answer : Static Destination Address Translation

156-315.77 Check Point Certified Security Expert Exam Set 2

You want to reset SIC between smberlin and sgosaka. In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads “The SIC was successfully initialized” and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message : What is the reason for this behavior?


Options are :

  • You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
  • The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility. (Correct)
  • The Gateway was not rebooted, which is necessary to change the SIC key
  • The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

Answer : The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

How does the Get Address button, found on the Host Node Object > General Properties page retrieve the address?


Options are :

  • Route Table
  • Address resolution (ARP, RARP)
  • SNMP Get
  • Name resolution (hosts file, DNS, cache) (Correct)

Answer : Name resolution (hosts file, DNS, cache)

Anti-Spoofing is typically set up on which object type?


Options are :

  • Domain
  • Security Gateway (Correct)
  • Host
  • Network

Answer : Security Gateway

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

Which statement is TRUE about implicit rules?


Options are :

  • They are derived from Global Properties and explicit object properties. (Correct)
  • The Gateway enforces implicit rules that enable outgoing packets only
  • Changes to the Security Gateway’s default settings do not affect implicit rules
  • You create them in SmartDashboard.

Answer : They are derived from Global Properties and explicit object properties.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions