156-215.70 Check Point Certified Security Administrator Exam Set 6

The third-shift administrator had to update the Security Management Server permission settings Global properties and testing. He managed to lock himself out of his account. How can you open this account?


Options are :

  • None
  • Delete the file admin.lock is $ FWDIR / tmp / directory Security Management Server.
  • Type Four Wave Mixing lock_admin -ufrom the command line of the Security Council Management Server. (Correct)
  • Type Four Wave Mixing unlock_admin the command of the Security Council Management Server.
  • Type Four Wave Mixing unlock_admin -u command is a security gateway.

Answer : Type Four Wave Mixing lock_admin -ufrom the command line of the Security Council Management Server.

You are without consulting the supervisor, who has locked himself out of SmartDashboard installed as a separate Secure Platform Security Gateway. Now he can use the Security Management Server SmartDashboard or other Smart Console tools. How do you get him reconnected SmartDashboard?


Options are :

  • Run fw is unlocklocal Security Management Server
  • Run fw is unloadlocal Security Gateway. (Correct)
  • Remove $ fwdir / database / manage.lock file and run cprestart.
  • None
  • Run FW remove the security gateway from localhost.

Answer : Run fw is unloadlocal Security Gateway.

How many check points are there in the package passes through Gateway?


Options are :

  • 4 (Correct)
  • None
  • 2
  • 1
  • Depends on the number of interfaces in Gateway

Answer : 4

Which of the following commands to completely remove security from being enforced on Security Gateway?


Options are :

  • FW unloadlocal (Correct)
  • FW demolish a local
  • cpstop
  • None
  • FW disassemble

Answer : FW unloadlocal

For normal sending the package approved communications protected by the security gateway host how many lines the package is stored in the packet analyzer such as Wireshark using FW to follow?


Options are :

  • Nothing
  • None
  • 4 (Correct)
  • 3
  • 2

Answer : 4

Whose utility allows you to configure the DHCP service Secure Platform from the command line?


Options are :

  • None
  • sysconfig (Correct)
  • cpconfig
  • ifconfig
  • dhcp_cfg

Answer : sysconfig

156-215.13 Check Point Certified Security Administrator Exam Set 7

What is the desired outcome when running the command cpinfo -z -o cpinfo.out?


Options are :

  • Send output to a file named cpinfo.out compressed format. (Correct)
  • None
  • Send output to a file named cpinfo.out and provide a screen print at the same time.
  • Send output to a file named cpinfo.out usable form CP InfoView utility
  • Send output to a file named cpinfo.out without the Address Resolution.

Answer : Send output to a file named cpinfo.out compressed format.

Which of the following options are available in the Secure Platform cpconfig utility?


Options are :

  • export options
  • The DHCP server configuration
  • None
  • Time and Date
  • GUI Clients (Correct)

Answer : GUI Clients

In previous versions, a full TCP three-way handshake was sent to the kernel firewall inspection. How does this improvement in the current version of IPSO Currents / SecureXL?


Options are :

  • Only the original SYN packet is checked. The rest take care of IPSO. (Correct)
  • Packages wound up third-party hardware card almost line inspection.
  • Resources to proactively address by using a predictive algorithm techniques.
  • None
  • Lunches virtualized RAM-drive-based VM FW.

Answer : Only the original SYN packet is checked. The rest take care of IPSO.

Peter is a new Security Administrator. His first day of work, she is very nervous and sets the wrong password three times. His account is locked. What can be done to open Petera € ™ s account? Give the best answer.


Options are :

  • It is not possible to open an account in St. Petersburg. You have to install the firewall again, or to be Peter's help.
  • You can open the account with the command of St. Petersburg four-wave mixing unlock_admin -u Peter on the security gateway.
  • You can open the account with the command of St. Petersburg four-wave mixing unlock_admin -u Peter Security Management Server.
  • None
  • You can open the account with the command of St. Petersburg four-wave mixing lock_admin -u Peter Security Management Server. (Correct)

Answer : You can open the account with the command of St. Petersburg four-wave mixing lock_admin -u Peter Security Management Server.

Which of the following methods to provide the most complete backup of the configuration of an R70?


Options are :

  • None
  • upgrade_export command (Correct)
  • Database version control system
  • Policy package management
  • By copying FWDIR $ \ conf and $ CPDIR \ conf directories to another server

Answer : upgrade_export command

What utility is essential to reestablishing SIC?


Options are :

  • None
  • cplic
  • FWM sic_reset
  • cpconfig (Correct)
  • sysconfig

Answer : cpconfig

Check Point Certified Security Administrator Set 4

John is the Security Administrator in his company. He needs to maintain the highest level of security firewalls, he succeeds. He uses Check Point R70. Does she need IPS Software Blade to achieve this goal?


Options are :

  • None
  • No, all IPS protections are active, but can not be updated without a license as SmartDefense.
  • No, the gateway must always be protected and IPS inspection can not be controlled without a license.
  • Yes, otherwise the firewall to pass all traffic unfiltered and unhindered.
  • Yes, otherwise no protection can be enabled. (Correct)

Answer : Yes, otherwise no protection can be enabled.

John currently manages a network using the NGX R65.4 is a Security Management Server and NGX R65.2.100 (VOIP VOIP publishing plug-ins enabled). He wants to upgrade to get the benefits R70 Check Pointâ € ™ s Software Blades. What would be the best way to do this?


Options are :

  • Just set the R70 CD-ROM and run the in-place upgrade
  • This is currently not supported today, VOIP and VOIP Software Blade plug-in is not available for R70. (Correct)
  • None
  • This can not be done yet, so R70 can not manage Gateways NGX R65 SmartDefense and IPS due to mismatches.
  • Run upgrade_export management is R65, R70 install on this machine and run upgrade_import and relicense systems to use the software blades.

Answer : This is currently not supported today, VOIP and VOIP Software Blade plug-in is not available for R70.

Which command allows you to view the contents of which R70 to the table?


Options are :

  • None
  • FW tab -t (Correct)
  • FW tab -s
  • FW tab -a
  • FW tab X
  • Answer : FW tab -t

    Looking at the FW monitor the recovery of Wireshark, initiating packet hide NAT translates on ________.


    Options are :

    • None
    • I
    • O
    • O (Correct)
    • I

    Answer : O

    How do you view cpinfo is a Secure Platform machine?


    Options are :

    • tcpdump
    • Snoop -i
    • The text editor, such as vi (Correct)
    • infotab
    • None

    Answer : The text editor, such as vi

    How to activate the SNMP daemon Check Point Security Gateway?


    Options are :

    • Command-line help, enter snmp_install
    • In SmartDashboard right-click the Check Point object and select Enable SNMP
    • None
    • Any of these options will work.
    • Since cpconfig select Enable SNMP extensions (Correct)

    Answer : Since cpconfig select Enable SNMP extensions

    Which of them is true about implicit rules?


    Options are :

    • None
    • They come from the Global Real Estate and explicit object properties. (Correct)
    • You create them SmartDashboard.
    • Changes in Security Gateway default settings do not affect the implicit rules
    • Gateway monitors the implicit rules that allow outgoing packets only

    Answer : They come from the Global Real Estate and explicit object properties.

    Do you want to restore the SIC smberlin and sgosaka. In SmartDashboard, the selection of sgosaka, Communication, Reset. On sgosaka, start cpconfig, select the Secure Internal Communications SIC and enter a new activation key. The display will read â € œThe SIC was successfully Initialized € cpconfig and jumps back to the menu. When you try to create a working connection, instead of the connection, you receive the following error message: What is the reason for this behavior?


    Options are :

    • Gateway did not start again, which is necessary to amend SIC key
    • Check Point Gateway service has not restarted, because you are still cpconfig utility. (Correct)
    • You must first initialize the object SmartDashboard Gateway (ie, right-click the object, choose Basic Setup> Format).
    • None
    • The activation key contains characters that are different keys to localized keyboards. Therefore, the activation can not be written in a corresponding manner.

    Answer : Check Point Gateway service has not restarted, because you are still cpconfig utility.

    Check Point Certified Security Administrator Set 2

    Cara wants to follow her to the top Services Security Gateway (FW-Chicago), but he is still an error. Other security gateways will report data except for the new Security Gateway, which had just recently been introduced. To analyze the error output below and decide what Cara can do to remedy the problem.


    Options are :

    • He should create a firewall rule to allow traffic back to his CPMI Smart Console.
    • He should give follow-up to run longer in order to collect sample data
    • None
    • He should modify Security Gateway object and allows the Monitoring Software Blade. (Correct)
    • He should re-install the security of his Security Gateway, because it was used by the default rule base

    Answer : He should modify Security Gateway object and allows the Monitoring Software Blade.

    When you hide a rule in the rule base, how can you then delete the rule?


    Options are :

    • .Hidden rules are already effectively disable the security gateway implementation.
    • Right-click on a hidden rule the place holder list and uncheck Hide, then right-click and select Delete Rule (s); re-hide the rule. (Correct)
    • Use our search utility SmartDashboard view all hidden rules. Select the appropriate rule, and then click Disable rule (s).
    • None
    • Right-click on a hidden rule the place holder list and click Delete rule (s).

    Answer : Right-click on a hidden rule the place holder list and uncheck Hide, then right-click and select Delete Rule (s); re-hide the rule.

    SIC certificate is stored in the directory _______________.


    Options are :

    • $ CPDIR / conf (Correct)
    • $ FWDIR / database
    • $ CPDIR / archive
    • $ FWDIR / conf
    • None

    Answer : $ CPDIR / conf

    What happens if the Web server must be selected?


    Options are :

    • Anti-virus settings will be the host.
    • Web Intelligence will be applied to the host. (Correct)
    • The implicit rule is added to allow the HTTP requests from the host.
    • The implicit rule is added to allow the HTTP request and the host.
    • None

    Answer : Web Intelligence will be applied to the host.

    How to get address from the button, can be found in the host Knots Object> General Properties page to retrieve the address?


    Options are :

    • None
    • Clear names (hosts file, DNS, cache) (Correct)
    • Address Resolution (ARP, RARP)
    • SNMP Get
    • route Table

    Answer : Clear names (hosts file, DNS, cache)

    What are the two basic rules should be used by all security administrators?


    Options are :

    • Cleanup and Stealth rules (Correct)
    • Cleanup and Administrator Access rules
    • Network traffic rules and Stealth
    • Administrator Access and Stealth rules
    • None

    Answer : Cleanup and Stealth rules

    156-315.77 Check Point Certified Security Expert Exam Set 16

    _______ rule is used to block all traffic goes R70 Security Gateway.


    Options are :

    • Clean up
    • Stealth (Correct)
    • Reject
    • IPS
    • None

    Answer : Stealth

    You run cpconfig reset SIC on Security Gateway. After the SIC reset is complete, a policy that has been installed:


    Options are :

    • The first policy. (Correct)
    • .Last policy that was installed.
    • Standard Insurance Terms and Conditions.
    • The default filter.
    • None

    Answer : The first policy.

    All of the following are security gateway controller connections as defined in the quiet rules, except:


    Options are :

    • Exclusion for reporting special. (Correct)
    • The adoption of the RDP and IKE traffic encryption for communication, and.
    • Communication with server types, such as RADIUS, CVP, UFP, LDAP and TACACS.
    • None
    • Specific traffic that facilitates functions such as logging, management and exchange of keys.

    Answer : Exclusion for reporting special.

    Which of the following statements best describes the Check Point Hide Network Address Translation Method?


    Options are :

    • One-to-one NAT to implement the PAT (Port Address Translation) to provide as output an IP Address Translation
    • Many-to-one NAT to implement the PAT (Port Address Translation) to provide as output an IP Address Translation
    • To translate many destination IP addresses into a single destination IP address
    • None
    • To translate many of the source IP addresses into a single source IP address (Correct)

    Answer : To translate many of the source IP addresses into a single source IP address

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions