156-215.71 Check Point Certified Security Administrator Exam Set 2

Which SmartConsole component can Administrators use to track remote administrative activities?


Options are :

  • SmartView Monitor
  • SmartView Tracker (Correct)
  • WebUI
  • Eventia Reporter

Answer : SmartView Tracker

During which step in the installation process is it necessary to note the fingerprint for firsttime verification?


Options are :

  • When configuring the Security Management Server using cpconfig (Correct)
  • When establishing SIC between the Security Management Server and the Gateway
  • When configuring the Gateway in the WebUl
  • When configuring the Security Gateway object in SmartDashboard

Answer : When configuring the Security Management Server using cpconfig

Platforms IP290, IP390 and IP560 are flash-based, diskless platforms. And what do you have to do prior to upgrading their images to R71?


Options are :

  • Backup their images
  • Restore old images
  • .Do nothing
  • Backup old images
  • Delete old images (Correct)

Answer : Delete old images

156-215.71 Check Point Certified Security Administrator Exam Set 3

Which type of R71 Security Server does not provide User Authentication?


Options are :

  • HTTPS Security Server
  • SMTP Security Server (Correct)
  • FTP Security Server
  • HTTP Security Server

Answer : SMTP Security Server

Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?


Options are :

  • upgrade_export/upgrade_import
  • .dbexport/dbimport
  • Database Revision Control (Correct)
  • Policy Package management

Answer : Database Revision Control

Your organization has many Edge Gateways at various branch offices allowing users to access company resources. For security reasons, your organization's Security Policy requires all Internet traffic initiated behind the Edge Gateways first be inspected by your headquarters' R71 Security Gateway. How do you configure VPN routing in this star VPN Community?


Options are :

  • To Internet and other targets only
  • To center and other satellites, through center
  • To center or through the center to other satellites, to Internet and other VPN targets (Correct)
  • To center only

Answer : To center or through the center to other satellites, to Internet and other VPN targets

156-215.71 Check Point Certified Security Administrator Exam Set 4

Your organizationís disaster recovery plan needs an update to the backup and restore section to reap the benefits of the new distributed R71 installation. Your plan must meet the following required and desired objectives: Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours. Desired Objective: The R71 components that enforce the Security Polices should be blocked up at least once a week. Desired Objective: Back up R71 logs at least once a week Your disaster recovery plan is as follows: Use the cron utility to run the upgrade_ export command each night on the Security Management Servers. Configure the organization's routine backup software to back up the files created by the upgrade_ export command. Configure the SecurePlatform backup utility to back up the Security Gateways every Saturday night Use the cron utility to run the upgrade export: command each Saturday niqht on the log servers Configure an automatic, nightly loqswitch Configure the organization's routine backup software to back up the switched logs every night Upon evaluation, your plan:


Options are :

  • Meets the required objective but does not meet either desired objective.
  • Meets the required objective and only one desired objective.
  • Does not meet the required objective.
  • Meets the required objective and both desired objectives. (Correct)

Answer : Meets the required objective and both desired objectives.

What two conditions must be met when you are manually adding CheckPoint appliances to an existing cluster?


Options are :

  • The IP address should be the real IP address of a cluster interface
  • The existing nodes must be running R71 and firewall monitoring is enabled on them (Correct)
  • You must configure interfaces with IP addresses in each of the networks the cluster will connect to
  • R71 is running on the system you are adding
  • R71 is not running on the system you are adding (Correct)

Answer : The existing nodes must be running R71 and firewall monitoring is enabled on them R71 is not running on the system you are adding

When configuring objects in SmartMap, it helps if you________ the objects so that they may be used in a policy rule.


Options are :

  • Actualize (Correct)
  • Save
  • Expand
  • Physically connect to

Answer : Actualize

156-215.75 Check Point Certified Security Administrator Exam Set 1

Which of the following statements regarding SecureXL and CoreXL is TRUE?


Options are :

  • SecureXL is only available in R71.
  • CoreXL is included in SecureXL.
  • SecureXL is an application for accelerating connections (Correct)
  • CoreXL enables multi-core processing for program interfaces.

Answer : SecureXL is an application for accelerating connections

Spoofing is a method of:


Options are :

  • Detecting people using false or wrong authentication logins.
  • Disguising an illegal IP address behind an authorized IP address through port address Translation.
  • Hiding your firewall from unauthorized users
  • Making packets appear as if they come from an authorized IP address (Correct)

Answer : Making packets appear as if they come from an authorized IP address

156-215.75 Check Point Certified Security Administrator Exam Set 2

Your company was unable to obtain more than four legal internet IP addresses from your ISP, and as an administrator you decide to use a single IP address for internet access. What will you implement to allow all your internal users to access the internet with a single IP address?


Options are :

  • Source Static NAT
  • Hide NAT (Correct)
  • Undynamic NAT
  • Source Destination NAT
  • Static NAT

Answer : Hide NAT

You have an NGX R65 Gateway running on SecurePlatform. The Gateway also serves as a Policy Server. When you run patch add CD from the Security Gateway R71 CD-ROM, what does this command allow you to upgrade?


Options are :

  • Only the R71 Security Gateway
  • All products, except the Policy Server
  • Both the operating system and all Check Point products (Correct)
  • Only the patch utility is upgraded using this command

Answer : Both the operating system and all Check Point products

Which of the following explanations best describes the command fw logswitch [-h target] [+ | -] [oldlog]?


Options are :

  • Display a remote machineís log-file list.
  • Display protocol Hosts
  • Create a new Log file. The old log has moved (Correct)
  • Control Kernel

Answer : Create a new Log file. The old log has moved

156-215.75 Check Point Certified Security Administrator Exam Set 3

You currently do not have a Check Point software subscription for one of your products. What will happen if you attempt to upgrade the license for this product?


Options are :

  • .It is deleted
  • The license will be upgraded with a warning
  • It is upgraded with new available features, but cannot be activated
  • The license is not upgraded (Correct)

Answer : The license is not upgraded

Which of the following are external authentication scheme that are supported by R71? Select all the correct answers.


Options are :

  • Operating System Password
  • TACACS (Correct)
  • Check Point Password
  • RADIUS (Correct)
  • SecurID (Correct)

Answer : TACACS RADIUS SecurID

URL Filtering Policy ran make exceptions for specific sites by being enforced?


Options are :

  • For all traffic, except on specific sources and destinations
  • For all traffic, except blocked sites
  • For all traffic, There are no exceptions
  • Only for specific sources and destinations (Correct)

Answer : Only for specific sources and destinations

156-215.75 Check Point Certified Security Administrator Exam Set 4

You are the Security Administrate for university The Universityís FTP servers have old hardware and software. Certain FTP command causes the FTP servers to malfunction Upgrading the FTP servers is not an optional this time. Where you can define blocked FTP commands passing through the Security Gateway protecting the FTP servers?


Options are :

  • FTP Service Object > Advanced > Blocked FTP Commands
  • Rule Base > Service Field > Edit Properties
  • IPS > Protections > By Protocol > IPS Software Blade > Application Intelligence > FTP > FTP advanced protections>FTP Commands (Correct)
  • Global Properties > Firewall > Security Server > Allowed FTP Commands

Answer : IPS > Protections > By Protocol > IPS Software Blade > Application Intelligence > FTP > FTP advanced protections>FTP Commands

When you use the Global Properties default settings on R71. Which type of traffic will be dropped?


Options are :

  • Smart Update connections
  • RIP traffic (Correct)
  • Firewall logging and ICA key-exchange information
  • Outgoing traffic originating from the Security Gateway

Answer : RIP traffic

A rule_______ is designed to log and drop nil other communication that does not match another rule.


Options are :

  • Ann-Spoor
  • Reject
  • Cleanup (Correct)
  • Stealth

Answer : Cleanup

156-215.75 Check Point Certified Security Administrator Exam Set 5

When using an encryption algorithm, which is generally considered the best encryption method?


Options are :

  • AES (Correct)
  • Triple DES
  • CAST cipher
  • DES

Answer : AES

Central license management allows a Security Administrator to perform which of the following functions? 1) Check for expired licenses. 2) Sort licenses and view license properties 3) Attach both R71 Central and Local licenses to a remote module 4) Delete both R71 Local licenses and Central licenses from a remote module 5) Add or remove a license to or from the license repository 6) Attach and/or delete only R71 Central licenses to a remote module (not local licenses)


Options are :

  • 1, 2, 5, & 6
  • 2, 5, & 6
  • 2, 3, 4, & 5
  • 1, 2, 3, 4, & 5 (Correct)

Answer : 1, 2, 3, 4, & 5

When john first installed the system, he forgets to configure DNS servers on the security Gateway. How could John configure DNS servers now that his security gateway is in production?


Options are :

  • Login to the smart dashboard, edit the firewall gate object, select the tab interface, than domain name servers
  • Login to the firewall using SSH and run sysconfig, then select domain name servers. (Correct)
  • Login to the firewall using SSH and run fwn, than select system configuration and domain name servers.
  • Login to the firewall using SSH and run cpconfig, than select domain name servers

Answer : Login to the firewall using SSH and run sysconfig, then select domain name servers.

156-215.75 Check Point Certified Security Administrator Exam Set 6

You administer a large, geographically distributed network. The Internet connection at a remote site failed during the weekend, and the Security Gateway logged locally for over 48 hours. It is possible that the logs may have consumed most of the free space on the Gateway's hard disk. Which SmartConsole application displays the percent of free harddisk space on the remote Security Gateway?


Options are :

  • Eventia Analyzer
  • This information can only be viewed with fw ctl pstat command from the CLI
  • SmartView Tracker
  • SmartView Monitor (Correct)

Answer : SmartView Monitor

The default cluster administrator user name is:


Options are :

  • Adminstrator
  • Admin
  • clusterAdmin
  • cadmin (Correct)
  • Supervisor

Answer : cadmin

How are cached usernames and passwords cleared from the memory of a R71 Security Gateway?


Options are :

  • By installing a Security Policy (Correct)
  • By retrieving LDAP user information using the command fw fetchldap
  • Usernames and password only clear from memory after they time out
  • By using the Clear User Cache button in Smart Dashboard

Answer : By installing a Security Policy

156-215.75 Check Point Certified Security Administrator Exam Set 7

You plan to migrate a Windows NG with Application Intelligence (AI) R55 SmartCener server to R71. You also plan to upgrade four VPN-1 pro Gateways at remote offices and one local VPN-1 pro gateway at your companyís head quarter to R71. The management server configuration must be migrated. What is the correct procedure to migrate the configuration?


Options are :

  • 1. Upgrade the remote gateway via smartUpdate. 2. upgrade the security management server, using the R71 CD
  • 1. Copy the $PWDIR\ conf directory from the security management server 2. Save directory contents to another file server 3. Uninstall the security management server, and install anew security management server 4. Move the saved directory contents to $ PWDIR\conf replacing the default installation files 5. Reinstall all gateways using R71 and install a security policy
  • 1. From the R71 CD-ROM on the security management server, select Upgrade 2. Reboot after installation and upgrade all licenses via SmartUpdate 3. Reinstall all gateways using R 70 and install a policy
  • D.1. From the R71 CD- ROM in the security management server, select export 2.Install R 70 on a new PC using the option installation using imported configuration 3.Reboot after installation and update all licenses via smartUpdate 4.Upgrade software on all five remote Gateway via SmartUpdate (Correct)

Answer : D.1. From the R71 CD- ROM in the security management server, select export 2.Install R 70 on a new PC using the option installation using imported configuration 3.Reboot after installation and update all licenses via smartUpdate 4.Upgrade software on all five remote Gateway via SmartUpdate

NAT can be implemented on which of the following lists of objects?


Options are :

  • Network, Dynamic Object
  • Host network (Correct)
  • Domain network
  • Host user

Answer : Host network

Fill in the blank: When you want to create a VPN community where all participating gateways are able to connect to each other, you need to set up a ___________ community.


Options are :

  • Meshed (Correct)
  • SSL VPN
  • Remote Access
  • Star

Answer : Meshed

156-215.75 Check Point Certified Security Administrator Exam Set 8

VPN routing provides a way of controlling how VPN traffic is directed. There are two methods for doing this. Which of these two methods will Route VPN traffic based on the encryption domain behind each Gateway in the community?


Options are :

  • Dynamic Based VPN
  • Routing Based VPN
  • Route Based VPN
  • Static Based VPN
  • Domain Based VPN (Correct)

Answer : Domain Based VPN

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now