156-215.70 Check Point Certified Security Administrator Exam Set 4

In the decentralized management of the environment, the administrator has deleted all the default check boxes Model Policy> Global Properties> Firewall tab. To send logs Security Gateway Security Management Server, an explicit rule must be created in order to SeiNrity to inform the Security Gateway Management Server port______.


Options are :

  • 257 (Correct)
  • None
  • 900
  • 256
  • 259

Answer : 257

You suspect that the message is captured and retransmitted, which jeopardizes the safety of communications. Pasting the code electronically transmitted message that uniquely identifies the sender. This code is known as (n):


Options are :

  • IGITAL signature (Correct)
  • Diffie-Helman Authentication
  • None
  • private key
  • AES ticket

Answer : IGITAL signature

Virus protection is a Check Point Gateway is available to all of the following protocols, except for:


Options are :

  • POP3
  • HTTP
  • TELNET (Correct)
  • None
  • FTP

Answer : TELNET

Every server authentication sign-on method requires that the user first authenticates the user identification mechanism to log on to a remote server telnet?


Options are :

  • Agent Auto Sign
  • None
  • Manual check-in
  • Partly Auto Login (Correct)
  • Standard check-in

Answer : Partly Auto Login

What is a little bit DES key size?


Options are :

  • 112
  • 64
  • 168
  • None
  • 56 (Correct)

Answer : 56

Users are defined on Windows 2003 Active Directory server. You must add users to the LDAP Client Authentication rule. What types of users need a Client Authentication rule R70?


Options are :

  • LDAP group (Correct)
  • External User Group
  • None
  • The group, which is a common user
  • all users

Answer : LDAP group

156-215.75 Check Point Certified Security Administrator Exam Set 1

The company has two headquarters, one in London, one in New York. Each head office has a number of offices. Offices only need to communicate with their headquarters, not with each other, and the headquarters of the need to communicate directly. What is the best configuration to set up a VPN among the branches and the head office and the headquarters of the two? VPN Communities shall consist of:


Options are :

  • One Star Community the opportunity to mesh the center of the star: New York and London Gateway is added to the center of the star network hub Gateways option checked; all the London offices defined in one of the satellite window; but all of New York's offices defined by the second satellite in the window.
  • Three-star Communities: The first is the New York headquarters and its branches. Second star to the community of London head office and its branches. The third star of the Community has headquarters in New York and London but it does not matter which site is úcenter‚ Ä Ä Ä and which úsatellite‚ Ä. (Correct)
  • Three of the mesh: one of London's head office and its branches; one of New York headquarters and its branches; and one in London and New York headquarters.
  • None
  • Two eye and one star the community: each network entity is set up for each site their headquarters branches. Star community is in New York and London in the middle of the satellite.

Answer : Three-star Communities: The first is the New York headquarters and its branches. Second star to the community of London head office and its branches. The third star of the Community has headquarters in New York and London but it does not matter which site is úcenter‚ Ä Ä Ä and which úsatellite‚ Ä.

Users are not prompted for authentication when they access their Web servers, even if you have created a rule via the HTTP User Authentication. Why?


Options are :

  • Another rule that accepts HTTP without authentication existing rule base. (Correct)
  • Users must use SecuRemote Client to use User Authentication rule.
  • You have forgotten that the user authentication rule before the rule Stealth.
  • Have you checked the cache the password on desktop option Global Properties.
  • None

Answer : Another rule that accepts HTTP without authentication existing rule base.

The following Community VPN options that are most likely to provide the balance of compatibility IKE VPN-capable devices (Checkpoint and non-Check Point) and preserving resources R70 Gateway? VPN tunnel per share:


Options are :

  • subnet, permanent tunnels, Diffie-Hellman Group 1 step 1.
  • no permanent tunnels subnet, phase 2 Diffie-Hellman Group 1. (Correct)
  • None
  • a pair of hosts, a permanent tunnels, Step 2, Diffie-Hellman Group 1.
  • a pair of hosts, there is no permanent tunnels, Diffie-Hellman group stage on January 1.

Answer : no permanent tunnels subnet, phase 2 Diffie-Hellman Group 1.

Which statement is true regarding the mode Visitor?


Options are :

  • VPN authentication and encrypted traffic is tunneled through TCP port 443. (Correct)
  • None
  • All VPN tunneled UDP port 4500.
  • The only significant mode and fast mode of transport tunneled TCP port 443.
  • Only through ESP tunneled TCP port 443.

Answer : VPN authentication and encrypted traffic is tunneled through TCP port 443.

You install and deploy the Secure Platform default settings. You give the Visitor Mode Gateway remote access features of the object and install the policy, but the Secure Client refuses to connect. What is the reason for this?


Options are :

  • Set Visitor Mode Policy> Global Properties> Remote Access> VPN - Advanced Settings.
  • You need to start SSL Network Extender first, than use the Visitor Status
  • Office space has not been determined.
  • WebUI is a Secure Platform runs on port 443 (HTTPS). When configuring the Visitor state, it can not bind to the default port 443, because it is used by another program (WebUI). You need to change the WebUI port or to another port Visitor Mode. (Correct)
  • None

Answer : WebUI is a Secure Platform runs on port 443 (HTTPS). When configuring the Visitor state, it can not bind to the default port 443, because it is used by another program (WebUI). You need to change the WebUI port or to another port Visitor Mode.

You want a VPN using certificates. VPN exchange certificates for external partners. Which of the following should be done first?


Options are :

  • Exchange exported to CA keys and use them to create a new server object represents a partner's Certificate Authority (CA). (Correct)
  • Manually bring your partner's Access Control List
  • None
  • Manually bring your partner a list of certificates.
  • Create a new logical server object represents a partner CA

Answer : Exchange exported to CA keys and use them to create a new server object represents a partner's Certificate Authority (CA).

156-315.77 Check Point Certified Security Expert Exam Set 16

There are three options for the firewall policy configuration Secure Client mobile device. Which of the following is not an option?


Options are :

  • Yeah
  • No
  • configured server (Correct)
  • customer defined endpoint
  • None

Answer : configured server

Step 1 uses ___________.


Options are :

  • consecutive
  • conditional
  • asymmetric (Correct)
  • Symmetrical
  • None

Answer : asymmetric

User Directory Software Blade is used to integrate the following with the Security Gateway R70?


Options are :

  • None
  • Manage client server
  • LDAP (Correct)
  • UserAuthority server
  • RADIUS

Answer : LDAP

Your boss calls you to setup a VPN to a new business partner to the site. Administrator partner site will give you his VPN settings and discovers that his setup AES 128 IKE phase 1 and AES 256 IKE phase 2. Why is this problematic installation?


Options are :

  • All is in good condition and can be used as such.
  • Only the 128-bit keys are used as keys in step 1, step 2 to protect, so the longer the key length step 2 only pay for performance and does not increase the security, since the shorter the key in step 1. (Correct)
  • None
  • All is well as the longest key length is selected to encrypt the data and a shorter length of the key setting up a better performance of the tunnel.
  • Two algorithms are not the same length of the key, and so do not work together. For error. | The proposal is not selected

Answer : Only the 128-bit keys are used as keys in step 1, step 2 to protect, so the longer the key length step 2 only pay for performance and does not increase the security, since the shorter the key in step 1.

What can not choose a VPN tunnel sharing?


Options are :

  • One tunnel per pair of hosts
  • One of the tunnel towards the VPN domain pairs (Correct)
  • One tunnel toward the subnet pairs
  • None
  • One of the tunnel towards the Gateway pairs

Answer : One of the tunnel towards the VPN domain pairs

The company is still using the traditional mode of all gateways and VPN configuration policy. Your boss now requires that you switch to using the simplified VPN policy benefit from the new features. This must be done without any downtime due to critical applications, which must be carried out continuously. How to start such a migration?


Options are :

  • None
  • You first need to completely write all policies in simplified mode and push this new policy to all Gateway at the same time.
  • This can not be done without downtime VPN between the traditional mode of Gateway and Gateway simplified mode does not work.
  • Convert the required gateway VPN policy simplified wizard, to check the logic and then moved towards the Gateway Gateway. (Correct)
  • This can not be done, because it requires the SIC reset Gateways Be the first to force a break.

Answer : Convert the required gateway VPN policy simplified wizard, to check the logic and then moved towards the Gateway Gateway.

156-215.70 Check Point Certified Security Administrator Exam Set 5

What type of resource might Security Administrator uses to control access to target computers a specific file shares?


Options are :

  • CIFS (Correct)
  • None
  • Telnet
  • FTP
  • URI

Answer : CIFS

You are University Security Administrator. University of FTP servers have old hardware and software. Certain FTP commands to FTP servers cause a malfunction. Update FTP servers is not an option at this time. Where you can specify blocked FTP commands passes through security gateway to protect FTP servers?


Options are :

  • Global Properties> Firewall> Security Server> Enable FTP commands
  • The rule Carries> services> Edit Properties
  • FTP Service object> Advanced Settings> Blocked FTP commands
  • None
  • IPS> Security> By Protocol> IPS Software Blade> Application Intelligence> FTP> FTP Advanced Security> FTP commands (Correct)

Answer : IPS> Security> By Protocol> IPS Software Blade> Application Intelligence> FTP> FTP Advanced Security> FTP commands

IKE phase in which the IKE SA is negotiated?


Options are :

  • .Phase 1 (Correct)
  • None
  • step 4
  • step 2
  • step 3

Answer : .Phase 1

When a user chooses to allow Hotspot, Secure Client Security to change the Desktop and / or Hub mode that allow for the registration of Hotspot. Which of the following is not true about this change?


Options are :

  • The conversion is limited in time.
  • in connection with the ports shown in the registration are recorded.
  • During the registration .IP addresses are recorded.
  • A number of IP addresses is unlimited (Correct)
  • None

Answer : A number of IP addresses is unlimited

Check the following list of activities, Security Gateway R70 can be taken when it directs packets. Policy package is configured in a simplified mode VPN. Choose the answer below, which contains the available actions:


Options are :

  • Accept, Drop, Reject, Client Auth (Correct)
  • None
  • Accept, Reject, Encrypt, Drop
  • Accept, Reject, Proxy
  • Accept, Drop, Encrypt, Auth Session

Answer : Accept, Drop, Reject, Client Auth

If you need to encrypt strong protection for user data, which option would be the best choice?


Options are :

  • None
  • Removes a stronger testimony Diffie Hellman based key management by using the method. Use the AES 256-bit encrypted all channels and increase the PFS to Quick Mode. Use the double encryption by implementing AH and ESP protocols.
  • The certificates phase 1, SHA hash for everyone, for all AES encryption and PFS, and use the ESP protocol. (Correct)
  • When you need strong encryption, IPsec is not the best option. SSL VPNs are a better option
  • Use the Diffie Hellman key construction and pre-shared keys Quick Mode. Select the System of Health Accounts Quick Mode and AES to encrypt. Uses the AH protocol. Change aggressive

Answer : The certificates phase 1, SHA hash for everyone, for all AES encryption and PFS, and use the ESP protocol.

156-315.77 Check Point Certified Security Expert Exam Set 24

Why certificates of preference for pre-shared key IPSec VPN?


Options are :

  • Poor performance: PSK takes more time to encrypt the Diffie-Hellman.
  • Poor scalability: PSK ita is set for each Gateway.
  • None
  • Weak security: PSK stitches can only be a 112-bit length.
  • Weak Security: PSK are static and can not be brute forced. (Correct)

Answer : Weak Security: PSK are static and can not be brute forced.

How many packets do not use IKE exchange mode 1 Main stage?


Options are :

  • None
  • 6 (Correct)
  • 12
  • 3
  • 1

Answer : 6

Oman R70 Primary Security Management Server is installed on Secure Platform. You are going to schedule a Security Management Server to run the FW logswitch automatically every 48 hours. How to create a timetable for this?


Options are :

  • Create Time object, and add 48 hours interval. Choose an object at the time Global Properties> Logs and Masters window, schedule logswitch.
  • There is a Secure Platform Security Management Server, this can only be achieved by setting FW logswitch command your cron utility
  • Create Time object, and add 48 hours interval. Open the Primary Security Management Server Objecta Ä ô s Logs and Masters window in order to schedule a log switch, and select a time object (Correct)
  • None
  • Create Time object, and add 48 hours interval. Open Security Gateway object Logs and Masters window in order to schedule a log switch, and select a time object.

Answer : Create Time object, and add 48 hours interval. Open the Primary Security Management Server Objecta Ä ô s Logs and Masters window in order to schedule a log switch, and select a time object

ALL of the following options offered by the Secure Platform sysconfig utility, except for:


Options are :

  • None
  • Time and Date
  • export options
  • The DHCP server configuration
  • GUI Clients (Correct)

Answer : GUI Clients

Many companies have defined more than one administrator. For extra security, only one administrator should be able to install the firewall rule base specific, X. How do I configure this?


Options are :

  • Moon General characteristics of the object representing the X firewall, go to Software Blades product and select the firewall. Right-click menu, you can select to install only define this administrator.
  • Right-click on the object represents the political objectives of the special administrator, and then click Firewall X.
  • None
  • Define your profile SmartDashboard permission to read / write permissions, but restricts it to all other firewalls by placing them in the political field goals. Then, the administrator has that right, the profile can be installed any firewall policy is not listed here.
  • Put one administrator to the Administrator group and commit to the menu of this object X Firewall Advanced Settings> Permission to Install. (Correct)

Answer : Put one administrator to the Administrator group and commit to the menu of this object X Firewall Advanced Settings> Permission to Install.

John is currently using the network managed by a single processor core security gateways and servers is running R70. His company is now planning to implement VoIP and needs more performance Gateway. He is now added to memory systems and also upgrade the CPU in a modern quad-core CPU server. He wants to use CoreXL technology to take advantage of new performance benchmarks of this technology. How did he achieve this?


Options are :

  • Nothing has to be done. Secure Platform recognized for its transformation reboot and adjust all the settings automatically.
  • He just needs to go cpconfig is CLI and enable CoreXL. Only restart the firewall is required to benefit from CoreXL technology.
  • He just needs to go cpconfig is CLI and enable CoreXL. After the required reboot, he will benefit from the new technology.
  • He needs to install the Gateway because during the initial installation, it was a single core CPU but the wrong linux kernel installed. There is no other way to update available. (Correct)
  • None

Answer : He needs to install the Gateway because during the initial installation, it was a single core CPU but the wrong linux kernel installed. There is no other way to update available.

156-215.77 Check Point Certified Security Administrator Test Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions