156-215.75 Check Point Certified Security Administrator Exam Set 1

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.


Options are :

  • In the SmartView Tracker, if you activate the column Matching Rate.
  • SmartReporter provides this information in the section Firewall Blade - Security / Rule Base Analysis with information concerning Top Matched Logged Rules. (Correct)
  • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
  • In SmartReporter, in the section Firewall Blade - Activity / Network Activity with information concerning Top Matched Logged Rules.

Answer : SmartReporter provides this information in the section Firewall Blade - Security / Rule Base Analysis with information concerning Top Matched Logged Rules.

156-315.77 Check Point Certified Security Expert Exam Set 6

Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker's IP at a peak time of day?


Options are :

  • SAM - Block Intruder feature of SmartView Tracker
  • SAM - Suspicious Activity Rules feature of SmartView Monitor (Correct)
  • Change the Rule Base and install the Policy to all Security Gateways
  • Intrusion Detection System (IDS) Policy install

Answer : SAM - Suspicious Activity Rules feature of SmartView Monitor

Your network includes a SecurePlatform machine running NG with Application Intelligence (AI) R55. This configuration acts as both the primary Security Management Server and VPN-1 Pro Gateway. You add one machine, so you can implement Security Gateway R75 in a distributed environment. The new machine is an Intel CoreDuo processor, with 2 GB RAM and a 500-GB hard drive. How do you use these two machines to successfully migrate the NG with AI R55 configuration?


Options are :

  • 1. Export the configuration on the existing machine as a backup only 2.Edit $FWDIR\product. conf on the existing machine, to disable the VPN-1 Pro Gateway package 3.Reboot the existing machine 4.Perform an in place upgrade on the Security Management Server using the command "patch odd cd" 5.On the new machine, install SecurePlatform as the R75 Security Gateway only 6.Run sysconfig to complete the configuration 7.From SmartDashboard, reconfigure the Gateway object to the new version, and reset SIC
  • 1. Export the configuration on the existing machine to a tape drive 2.Uninstall the Security Management Server from the existing machine, using sysconfig. 3.Insert the R75 CD-ROM. run the patch add CD-ROM command to upgrade the existing machine to the R75 Security Gateway, and reboot 4.Install a new primary Security Management Server on the new machine 5.Change the Gateway object to the new version, and reset SIC
  • 1. On the existing machine, export the NG with AJ R55 configuration to a network share. 2.Insert the R75 CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. Complete sysconfig. 3.On the new machine, install SecurePlatform as the primary Security Management Server only. 4.Transfer the exported. tgz file into the new machine, import the configuration, and then reboot 5.Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gateway object. (Correct)
  • 1. Export the configuration on the existing machine to a network share 2.Uninstall the Security Gateway from the existing machine, using sysconfig 3.Insert the R75 CD ROM. and run the patch add CD-HGM command to upgrade the Security Management Server to Security Gateway R 70 4.Select upgrade with imported file, and reboot 5.Install a new R75 Security Gateway as the only module on the new machine, and reset SIC to the new Gateway

Answer : 1. On the existing machine, export the NG with AJ R55 configuration to a network share. 2.Insert the R75 CD-ROM in the old machine Install the R7D Security Gateway only while reinstalling the SecurePlatform OS over the top of the existing installation. Complete sysconfig. 3.On the new machine, install SecurePlatform as the primary Security Management Server only. 4.Transfer the exported. tgz file into the new machine, import the configuration, and then reboot 5.Open SmartDashboard, change the Gateway object to the new version, and reset SIC for the Gateway object.

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?


Options are :

  • Management Tab (Correct)
  • Network and Endpoint tab
  • Active tab
  • Custom filter

Answer : Management Tab

156-315.77 Check Point Certified Security Expert Exam Set 1

You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked?


Options are :

  • Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".
  • Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as "dropped".
  • Highlight the suspicious connection in SmartView Tracker Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view. (Correct)

Answer : Highlight the suspicious connection in SmartView Tracker Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

thinks could be an intrusion. He decides to block the traffic for 60 but cannot remember all the steps. What is the correct order of steps needed to perform this? 1) Select the Active Mode tab In Smart view Tracker 2) Select Tools > Block Intruder 3) Select the Log Viewing tab in SmartView Tracker 4) Set the Blocking Time out value to 60 minutes 5) Highlight the connection he wishes to block


Options are :

  • 1, 5, 2, 4 (Correct)
  • 3, 5, 2, 4
  • 3, 2, 5, 4
  • 1, 2, 5, 4

Answer : 1, 5, 2, 4

What information is found in the SmartView Tracker Management log?


Options are :

  • TCP source port
  • Rule author (Correct)
  • TCP handshake average duration
  • Top used QOS rule

Answer : Rule author

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

Which feature in R75 permits blocking specific IP addresses for a specified time period?


Options are :

  • Suspicious Activity Monitoring (Correct)
  • Block Port Overflow
  • HTTP Methods
  • Local Interface Spoofing

Answer : Suspicious Activity Monitoring

MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?


Options are :

  • Using each of the Gateways’ IP addresses, and applying the license on the Security Management Server with the cprlic put command.
  • Using your Security Management Server’s IP address, and attaching the license to the remote Gateway via SmartUpdate. (Correct)
  • sing the remote Gateway’s IP address and applying the license locally with the cplic put command.
  • Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.

Answer : Using your Security Management Server’s IP address, and attaching the license to the remote Gateway via SmartUpdate.

Which R75 GUI would you use to see the number of packets accepted since the last policy install?


Options are :

  • SmartView Tracker
  • SmartView Monitor (Correct)
  • SmartView Status
  • SmartDashboard

Answer : SmartView Monitor

Check Point Certified Security Administrator Set 1

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten
  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It will conflict with any future upgrades when using SmartUpdate.
  • It contains your security configuration, which could be exploited. (Correct)

Answer : It contains your security configuration, which could be exploited.

QUESTION NO: 47 You have an NGX R65 Gateway running on SecurePlatform. The Gateway also serves as a Policy Server. When you run patch add CD from the Security Gateway R75 CD-ROM, what does this command allow you to upgrade?


Options are :

  • All products, except the Policy Server
  • Only the patch utility is upgraded using this command
  • Both the operating system and all Check Point products (Correct)
  • Only the R75 Security Gateway

Answer : Both the operating system and all Check Point products

You are using SmartUpdate to fetch data and perform a remote upgrade to a R75 Security Gateway. Which of the following statements is FALSE?


Options are :

  • A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway. (Correct)
  • SmartUpdate can query the Security Management Server and Gateway for product information.
  • SmartUpdate can query license information running locally on the Gateway.
  • If SmartDashboard is open during package upload and upgrade, the upgrade will fail.

Answer : A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway.

156-315.71 Check Point Security Expert R71 Practical Exam Set 1

Which R75 component displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time?


Options are :

  • SmartView Status
  • SmartView Monitor (Correct)
  • SmartUpdate
  • Smart Event

Answer : SmartView Monitor

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is best to accomplish this task?


Options are :

  • Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP source or destination port. Then, export the corresponding entries to a separate log file for documentation. (Correct)
  • Watch his IP in SmartView monitor by setting an alert action to any packet that matches your Rule base and his IP Address for inbound and outbound traffic.
  • Send the suspect an email with a key logging Trojan attached, to get direct information about his wrong doing
  • Use SmartDashboard to add a rule in the firewall rule Base that matches his IP address and those of potential target and suspucious9 protocols. Apply the alert action or customized messaging.

Answer : Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP source or destination port. Then, export the corresponding entries to a separate log file for documentation.

You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert?


Options are :

  • In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard Select Global Properties > Log and alerts > Alert Commands. (Correct)
  • In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.
  • In SmartView Monitor, select Gateway > Configure Thresholds.
  • You cannot create a mail alert for Policy installation

Answer : In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard Select Global Properties > Log and alerts > Alert Commands.

156-315.71 Check Point Security Expert R71 Practice Exam Set 6

You are running the license_upgrade tool on your SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?


Options are :

  • Simulate the license-upgrade process
  • Perform the actual license-upgrade process
  • View the status of currently installed licenses
  • View the licenses in the SmartUpdate License Repository (Correct)

Answer : View the licenses in the SmartUpdate License Repository

You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?


Options are :

  • Use SmartUpdate to install the packages to each of the Security Gateways remotely. (Correct)
  • Send a CD-ROM with the HFA to each location and have local personnel install it.
  • Send a Certified Security Engineer to each site to perform the update.
  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, imitate a remote installation command and monitor the installation progress with SmartView Monitor

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely.

What do you use to view a R75 Security Gateway's status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?


Options are :

  • SmartView Tracker
  • Only possible via command line tools
  • SmartView Monitor (Correct)
  • SmartUpdate

Answer : SmartView Monitor

156-315.65 Check Point Security Administration NGX R65 Exam Set 4

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?


Options are :

  • IPS (Correct)
  • Data Loss Prevention
  • SmartEvent Intro
  • SSL: VPN

Answer : IPS

You are installing your R75Security Gateway. Which is NOT a valid option for the hardware platform?


Options are :

  • IPSO
  • Windows
  • Solaris
  • Crossbeam (Correct)

Answer : Crossbeam

What is a Consolidation Policy?


Options are :

  • The collective name of the Security Policy, Address Translation, and IPS Policies.
  • The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. (Correct)
  • A global Policy used to share a common enforcement policy for multiple Security Gateways.
  • The collective name of the logs generated by SmartReporter

Answer : The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

156-315.77 Check Point Certified Security Expert Exam Set 7

You plan to upgrade from R65 to R75 Software Blades. Do you need new licenses and license strings for this scenario?


Options are :

  • No, the upgrade will convert all licenses to R75.
  • Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgraded systems with the new Software Blades licenses. (Correct)
  • No, the upgrade will preserve licenses.
  • Yes, the upgrade will do an automatic conversion in the User Center, but you will need to reattach the new licenses.

Answer : Yes, you need to buy/convert licenses in the User Center first, and then reapply licenses to upgraded systems with the new Software Blades licenses.

An advantage of using central instead of local licensing is:


Options are :

  • Only one IP address is used for all licenses. (Correct)
  • Licenses are automatically attached to their respective Security Gateways.
  • The license must be renewed when changing the IP address of security Gateway. Each module’s license has a unique IP address.
  • A license can be taken from one Security Management server and given to another Security Management Server.

Answer : Only one IP address is used for all licenses.

The R75 fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Log Consolidation Engine
  • Phase two key negotiation
  • User data base corruption
  • Traffic issues (Correct)

Answer : Traffic issues

Check Point Certified Security Administrator Set 5

Which of these components does NOT require a Security Gateway R75 license?


Options are :

  • SmartConsole (Correct)
  • Security Management Server
  • Check Point Gateway
  • SmartUpdate upgrading/patching

Answer : SmartConsole

A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?


Options are :

  • Network traffic cannot be analyzed when the Security Management Server has a high load.
  • Configure Additional Logging on a separate log server. (Correct)
  • SmartReporter analyzes all network traffic, logged or not.
  • Turn the field Track of each rule to LOG.

Answer : Configure Additional Logging on a separate log server.

After installing Security Gateway R75, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a Get Topology request. What is the most likely cause and solution?


Options are :

  • If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI. (Correct)
  • Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R75 Hotfix Accumulator (HFA).
  • The NIC is faulty. Replace it and reinstall.
  • Make sure the driver for your particular NIC is available, and reinstall. You will be prompted for the driver.

Answer : If an interface is not configured, it is not recognized. Assign an IP address and subnet mask using the WebUI.

156-315.71 Check Point Security Expert R71 Practice Exam Set 7

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages / Distribute Only and choosing the target Gateway, the:


Options are :

  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • SmartUpdate wizard walks the Administrator through a distributed installation.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

SmartView Tracker R75 consists of three different modes. They are:


Options are :

  • Network & Endpoint, Active, and Management (Correct)
  • Log, Active, and Management
  • Log, Active, and Audit
  • Log, Track, and Management

Answer : Network & Endpoint, Active, and Management

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions