1. 156-215.70 Check Point Certified Security Administrator Exam Set 7

156-215.70 Check Point Certified Security Administrator Exam Set 7

Get Address button, found in the host Knots Object> General Properties page, searching for what?


Options are :

  • Domain Name
  • MAC address
  • IP address (Correct)
  • The fully qualified domain name
  • None

Answer : IP address

What rule would Cleanup rule Rule Base?


Options are :

  • The other followed Stealth Rule
  • Take. It specifically accepted by other traffic drops
  • None
  • First. It specifically approves otherwise fallen into traffic
  • Take. It is served by a logging function before the implicit drop. (Correct)

Answer : Take. It is served by a logging function before the implicit drop.

156-215.77 Check Point Certified Security Administrator Exam Set 6

The internal network configuration is set to 10.1.1.0/24. This network is behind a perimeter Gateway R70, which connects the ISP provider. How to configure a gateway to provide this network to go online?


Options are :

  • Do not do anything, as long as the 10.1.1.0 network is the correct default gateway.
  • Use the Hide NAT network 10.1.1.0/24 behind the external IP address of the perimeter Gateway. (Correct)
  • Use the Hide NAT network 10.1.1.0/24 behind the internal interface on the perimeter of your Gateway.
  • The use of automatic static NAT network 10.1.1.0/24.
  • None

Answer : Use the Hide NAT network 10.1.1.0/24 behind the external IP address of the perimeter Gateway.

You acknowledge FW monitor command with no arguments. Which of the following checkpoints will be displayed?


Options are :

  • Prior to the virtual machine, the outgoing direction,
  • None
  • After the virtual machine, the outgoing direction,
  • Before a virtual machine, the inbound direction
  • All check points (Correct)

Answer : All check points

Clean-up rule is used:


Options are :

  • Log connections that would otherwise be dropped without logging by default.
  • Drop logging connections that would otherwise be accepted and recorded by default. (Correct)
  • None
  • .Drop logging connections that would otherwise be dropped and logged by default.
  • Log connections that would otherwise be acceptable without being logged in by default.

Answer : Drop logging connections that would otherwise be accepted and recorded by default.

Those rules are not applied in the first match?


Options are :

  • user authentication (Correct)
  • None
  • Clean up
  • session authentication
  • client authentication

Answer : user authentication

NAT will NOT be able to configure which of the following objects?


Options are :

  • Logical HTTP server (Correct)
  • host
  • None
  • port
  • address range

Answer : Logical HTTP server

When you run the fw monitor -e "to accept;" command, what type of traffic is captured?


Options are :

  • Only outbound traffic before and after the outgoing core.
  • All traffic is accepted rule base.
  • All traffic coming from all directions, before and after the incoming and outgoing cores (Correct)
  • Only incoming traffic, before and after the incoming core.
  • None

Answer : All traffic coming from all directions, before and after the incoming and outgoing cores

156-315.77 Check Point Certified Security Expert Exam Set 8

Which of the following describes the default behavior of the R70 Security Gateway?


Options are :

  • Traffic is filtered is controlled by the gate
  • Traffic expressly approved by dropped. (Correct)
  • All traffic is explicitly allowed through clear rules
  • IP protocol is listed as safe are allowed by default, that is, ICMP, TCP, UDP sessions is checked.
  • None

Answer : Traffic expressly approved by dropped.

When the network configuration interfaces Check Point Gateway, the direction can be defined as internal or external. What is the significance leads to the DMZ Interface?


Options are :

  • None
  • It defines the DMZ interface since this information is necessary for Content Control. (Correct)
  • Using a Gateway limited, this option is switched off automatically calculating the IP addresses that are derived from this interface.
  • .Activating this option will automatically switch to this interface External
  • When you select this option, the anti-spoofing is automatically assigned to this network.

Answer : It defines the DMZ interface since this information is necessary for Content Control.

You have worked with a number of security gateways that strengthen the extensive set of rules. To simplify security administration, which of the following would you choose to do?


Options are :

  • Create a network of objects that restrict any valid only for certain networks.
  • Smart Console to run separate instances of each log and configure the security gateway directly.
  • Remove any possible conflicting such as stealth or cleanup rules.
  • None
  • Create a separate package for each security remote security gateway. (Correct)

Answer : Create a separate package for each security remote security gateway.

John is the Security Administrator in his company. He installs a new Security Management Server R70 and R70 of the new Gateway. He now wants to create the SIC between them. after entering the activation key, the message â € € Established śTrust displayed SmartDashboard, SIC, but still does not seem to be working, because the policy wonâ € ™ t be installed and the user interface fetching is still not working. What might be the reason?


Options are :

  • This is human error.
  • None
  • It always works when trust is established.
  • Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid. (Correct)
  • SIC does not work over the network.

Answer : Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid.

Security is the number of database versions. What settings will remain the same regardless of which version you are using?


Options are :

  • Objects_5_0.C
  • The rule Bases_5_0.fws
  • None
  • Internal Certificate Authority (ICA) certificate (Correct)
  • fwauth.NDB

Answer : Internal Certificate Authority (ICA) certificate

Stealth rule is used:


Options are :

  • Prevents monitoring of hosts behind the security gateway.
  • Cloak type behind the Web server using the security gateway.
  • Preventing The Communication Security Gateway itself. (Correct)
  • None
  • Use Security Gateway hide the border router's internal attacks

Answer : Preventing The Communication Security Gateway itself.

Check Point Certified Security Expert Exam Set 7

Every checkpoint address translation method is necessary if you want to connect to a host on the Internet HTTP server, which is reserved (RFC 1918) IP address of the DMZ?


Options are :

  • Hide Address Translation
  • Port Address Translation
  • Dynamic Address Translation Source
  • None
  • Static Destination Address Translation (Correct)

Answer : Static Destination Address Translation

Several security policies can be used in various installation targets. Firewall to protect human Resources € ™ servers should be unique in Policy Package. These rules may only be installed on this machine and not by accident on the internet firewall. How can this be configured?


Options are :

  • In choosing the right firewall for each row line to install the rule base, only this firewall displays a list of possible installation sites after selecting Policy> Install.
  • In SmartDashboard the main menu, go to Policy> Policy Installation> Goals and choose the correct Firewall to be taken through a list of specific goals. (Correct)
  • None
  • Base rule can always be installed on any Check Point firewall object. It is necessary to choose the appropriate item immediately, select Policy> Install.
  • Base rule is always installed on all potential targets. Install the firewall rules defined by the row selection to install the rule base.

Answer : In SmartDashboard the main menu, go to Policy> Policy Installation> Goals and choose the correct Firewall to be taken through a list of specific goals.

Installing the policy does not usually affect the currently existing connections. Which statements are true?


Options are :

  • Site-to-site VPNs need to re-authenticate, so the phase I is conducted again after the installation of security policy.
  • None
  • All connections are reset, so it is recommended to install the policy will be announced during the downtime only.
  • All FTP downloads will be reset; users have to start the download again.
  • Users are authenticated Client Authentication need to re-authenticate. (Correct)

Answer : Users are authenticated Client Authentication need to re-authenticate.

You have set the Automatic Static NAT internal host node object. Removing the box Translate to destination client site Global Properties> NAT. Assuming that all other NAT settings Global Properties is selected, what else must be configured so that the host on the Internet can initiate an incoming connection to this host?


Options are :

  • Static route, ensure packets destined for the public IP address of the NAT gateway to reach the internal interface (Correct)
  • None
  • No additional configuration required.
  • Proxy ARP entry, ensure packets destined for the public IP address to reach the security gateway's external interface.
  • NAT IP address must be added via an external gateway anti-spoofing group.

Answer : Static route, ensure packets destined for the public IP address of the NAT gateway to reach the internal interface

What is below is most correct process to reset the SIC from SmartDashboard?


Options are :

  • Click the Communication button to the firewall object, then click Restore. Run cpconfig and enter a new activation key. (Correct)
  • Run cpconfig and select Restore.
  • Click the Reset Communication Gateway object from the window and enter a new activation key.
  • Run cpconfig and select Secure Internal Communications> Other one time password.
  • None

Answer : Click the Communication button to the firewall object, then click Restore. Run cpconfig and enter a new activation key.

Check the rule base, some rules can be hidden so that they do not interfere with the administrator is unhidden rules. Assume that the only rules are accepted as HTTP or SSH will be displayed. How to implement?


Options are :

  • None
  • .In SmartDashboard menu Search> rule base queries. In the window that opens, create a new query, give it a name (eg HTTP_SSH) and define the clause regarding two services HTTP and SSH. When it is applied that determines the operation of the second expression to accept and combine them with Boolean operator AND. (Correct)
  • Ask the dealer to get a ticket checkpoint SMARTUS and provide him with cpinfo Information Security Management Server.
  • .In SmartDashboard, right-click a column in field service, and then click Query column. Then put the services HTTP and SSH on the list. Do the same for the field to accept the Action, and then click here.
  • This can not be set because the two choices (Service, Action) are not possible.

Answer : .In SmartDashboard menu Search> rule base queries. In the window that opens, create a new query, give it a name (eg HTTP_SSH) and define the clause regarding two services HTTP and SSH. When it is applied that determines the operation of the second expression to accept and combine them with Boolean operator AND.

Check Point Certified Security Administrator Set 3

You create implicit and explicit rules for the next network. The group object includes internal networks of networks 10.10.10.0 and 10.10.20.0. Suppose Accept ICMP requests placed on the boards of Global Properties.Based these rules, what happens if you ping a host 10.10.10.5 host on the Internet IP address? ICMP is:


Options are :

  • rule fell 0.
  • decreased 2 Cleanup rule rule
  • None
  • fell in the last implicit rule
  • accepted rule 1. (Correct)

Answer : accepted rule 1.

You have worked with a number of Security Gateway, which adhere to common rules. Minimize the number of policy packages, which of the following would you choose to do?


Options are :

  • SmartDashboard to run separate instances of each log and configure the security gateway directly
  • Create a single package Install Security> Target is defined as an individual rule always requires a certain Gateway. (Correct)
  • Lead .install separate local Security Management Server and the Smart Console for each remote Security Gateway
  • None
  • Create a separate package for each security remote security gateway and configure the install> Gateway.

Answer : Create a single package Install Security> Target is defined as an individual rule always requires a certain Gateway.

Every Checkpoint Address Translation method allows the system administrator to use less ISPassigned IP addresses as the number of internal hosts require an Internet connection?


Options are :

  • None
  • dynamic Target
  • static object
  • Hide (Correct)
  • static Source

Answer : Hide

To create the output data of the monitor FW command in ASCII format. What is the correct syntax for this task?


Options are :

  • FW follow -e "to accept;" -f> /tmp/monitor.txt
  • None
  • FW follow iO -m -e "to accept;" -o /tmp/monitor.txt
  • FW follow -e "to accept;" -W /tmp/monitor.txt
  • FW follow -e "to accept;" > /tmp/monitor.txt (Correct)

Answer : FW follow -e "to accept;" > /tmp/monitor.txt

Anti-Spoofing is typically set up every object type?


Options are :

  • domain
  • None
  • network
  • host
  • Security Gateway (Correct)

Answer : Security Gateway

Security Administrator, Anna has done the following: What happens when he creates the Firewall object?


Options are :

  • Creating an object lead to a "duplicate IP address" warning.
  • The interfaces will show all the interfaces.
  • None
  • The interfaces will continue to appear only old interfaces, but not the newly added ones.
  • The establishment of SIC fails. (Correct)

Answer : The establishment of SIC fails.

156-215.70 Check Point Certified Security Administrator Exam Set 2

You perimeter security gateway's external IP is 200.200.200.3. The network diagram shows: Required: Only network 192.168.10.0 and 192.168.20.0 to go out through the Internet 200.200.200.5. The local network 192.168.1.0/24 need to use 200.200.200.3 go out to the Internet. Assuming you take all the settings for the NAT Global Properties page, how could you achieve these requirements?


Options are :

  • Create two mesh objects: 192.168.10.0/24 and 192.168.20.0/24. Add two network objects in a group object. Create a manual NAT rule as follows: The original source - a group object; Destination - any; Service - any; Translated from source - 200.200.200.5; Destination - the original; Service - the original.
  • Create a network object 192.168.0.0/16. Contact Hide NAT NAT page. Enter 200.200.200.5 as the IP address hidden. Add ARP entry MAC address 200.200.200.5 200.200.200.3.
  • None
  • Create network objects 192.168.10.0/24 and 192.168.20.0/24. In order to hide the NAT and network objects using 200.200.200.5 as the IP address is hidden. Add ARP entry MAC address 200.200.200.3 200.200.200.5.
  • Create an address range object from 192.168.10.1 and 192.168.20.254. Contact Hide NAT NAT address of the page area of the object. Enter hiding the IP address of 200.200.200.5. Add ARP entry MAC address 200.200.200.5 200.200.200.3. (Correct)

Answer : Create an address range object from 192.168.10.1 and 192.168.20.254. Contact Hide NAT NAT address of the page area of the object. Enter hiding the IP address of 200.200.200.5. Add ARP entry MAC address 200.200.200.5 200.200.200.3.

_______ rule is designed to record and give up all the other communications which does not correspond to the second rule.


Options are :

  • None
  • Stealth
  • anti-spoofing
  • Reject
  • Clean up (Correct)

Answer : Clean up

You have installed the R70 Security Gateway is a Secure Platform. Gateway to manage a company Security Management Server, you create a new Gateway object and security. When you install a new policy from the policy menu Gateway object is not visible Install Policy window target. What is the problem?


Options are :

  • .No Masters file is created in the new Gateway
  • The object is created Node> Gateway. (Correct)
  • Gateway object is not configured to be installed in the column of the first policy rule.
  • The new Gateway temporary license has expired.
  • None

Answer : The object is created Node> Gateway.

Monitor all traffic between the network and the Internet Secure Gateway Platform, which is the best utility to use?


Options are :

  • snoop
  • InfoView
  • None
  • cpinfo
  • tcpdump (Correct)

Answer : tcpdump

Recommended Readings

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions