156-215.75 Check Point Certified Security Administrator Exam Set 4

When using AD Query to authenticate users for Identity Awareness, identity data is received seamlessly from the Microsoft Active Directory (AD). What is NOT a recommended usage of this method?


Options are :

  • Identity-based enforcement for non-AD users (non-Windows and guest users) (Correct)
  • Basic identity enforcement in the internal network
  • Identity-based auditing and logging
  • Leveraging identity in Internet application control

Answer : Identity-based enforcement for non-AD users (non-Windows and guest users)

With Access Roles, is it possible to deny a single user access to a certain file?


Options are :

  • No, Access Roles are based on user groups, not individual users
  • Yes, if you deny access based on the user's machine
  • Yes, if you deny access based on the user's location
  • Yes, if you add the user to a blocked group (Correct)

Answer : Yes, if you add the user to a blocked group

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user's credentials?


Options are :

  • Access Role
  • Access Certificate
  • Access Policy
  • Access Rule (Correct)

Answer : Access Rule

156-215.75 Check Point Certified Security Administrator Exam Set 5

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1)Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy. 2)Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy. John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next troubleshooting step?


Options are :

  • He should lock and unlock the computer (Correct)
  • After enabling Identity Awareness, reboot the gateway
  • John should install the Identity Awareness Agent
  • Investigate this as a network connectivity issue

Answer : He should lock and unlock the computer

Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.


Options are :

  • Single Sign-On (Correct)
  • Key-logging
  • SecureClient
  • ICA Certificates

Answer : Single Sign-On

Identity Awareness is implemented to manage access to protected resources based on a user's _____________.


Options are :

  • Time of connection
  • Computer MAC address
  • Location
  • Application requirement (Correct)

Answer : Application requirement

156-215.75 Check Point Certified Security Administrator Exam Set 6

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?


Options are :

  • TACAS
  • Check Point Password
  • Windows password
  • Captive Portal (Correct)

Answer : Captive Portal

Which of the following is an authentication method used by Identity Awareness?


Options are :

  • RSA
  • Captive Portal (Correct)
  • SSL
  • PKI

Answer : Captive Portal

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?


Options are :

  • LDAP (Correct)
  • Check Point Password
  • Windows password
  • TACAS

Answer : LDAP

156-215.75 Check Point Certified Security Administrator Exam Set 7

You install and deploy SecurePlatform with default settings. You allow visitor Mode in the Gateway objects Remote Access properties and install policy, but SecureClient refuses to connect. What is the cause of this?


Options are :

  • Offline mode is not configured
  • The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because its used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port. (Correct)
  • You need to start SSL Network Extended first, then use Visitor Mode
  • Set the Visitor Mode Policy > Global Properties > Remote-Access > VPN Advanced

Answer : The WebUI on SecurePlatform runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because its used by another program (WebUI). You need to change the WebUI port, or run Visitor Mode on a different port.

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1)Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2)Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. What should John do when he cannot access the web server from a different personal computer?


Options are :

  • The access should be changed to authenticate the user instead of the PC (Correct)
  • John should install the Identity Awareness Agent
  • . Investigate this as a network connectivity issue
  • John should lock and unlock his computer

Answer : The access should be changed to authenticate the user instead of the PC

Which of the following methods is NOT used by Identity Awareness to catalog identities?


Options are :

  • Captive Portal (Correct)
  • Identity Agent
  • AD Query
  • GPO

Answer : Captive Portal

156-215.75 Check Point Certified Security Administrator Exam Set 8

Certificates for Security Gateways are created during a simple initialization from ___________.


Options are :

  • Sysconfig
  • SmartDashboard
  • The ICA management tool (Correct)
  • SmartUpdate

Answer : The ICA management tool

What command syntax would you use to see accounts the gateway suspects are service accounts?


Options are :

  • pdp show service
  • pdp check_log
  • adlog check__acoounts
  • adlog service_accounts (Correct)

Answer : adlog service_accounts

156-215.75 Check Point Certified Security Administrator Exam Set 1

Which OPSEC server can be used to prevent users from accessing certain Web sites?


Options are :

  • AMON
  • CVP
  • LEA
  • UFP (Correct)

Answer : UFP

How many packets are required for IKE Phase 2?


Options are :

  • 2
  • 12
  • 6
  • 3 (Correct)

Answer : 3

A digital signature:


Options are :

  • Provides a secure key exchange mechanism over the Internet
  • Guarantees the authenticity and integrity of a message.
  • Decrypts data to its original form.
  • Automatically exchanges shared keys. (Correct)

Answer : Automatically exchanges shared keys.

156-215.75 Check Point Certified Security Administrator Exam Set 2

A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?


Options are :

  • SmartView Monitor (Correct)
  • This information can only be viewed with fw ctl pstat command from the CLI.
  • Eventia Analyzer
  • SmartView Tracker

Answer : SmartView Monitor

If a security gateway enforces three protections, LDAP injection, Malicious Code Protector Rejection, which checkpoint license is required in SmartPhone?


Options are :

  • Data Loss Prevention
  • SmallEvent intro
  • SSL VPN
  • IPS (Correct)

Answer : IPS

The third-shift Administrator was updating Security Management Server Access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?


Options are :

  • Delete the file sdmin.lock in the Security Management Server directory $PWDIR/tmp/
  • The fwn lock_admin u from Security Management Server command line (Correct)
  • Type fwn unlock_admin from the Security Management Server Command line
  • Type fwn unlock_admin u from the Security Gateway command line

Answer : The fwn lock_admin u from Security Management Server command line

156-215.75 Check Point Certified Security Administrator Exam Set 3

A security audit has determined that your unpatched Web application server is accessing a SQL server. Which IPS setting will allow the Security Gateway to prevent this error page from displaying information about the SQL server in your DMZ?


Options are :

  • In web intelligence / HTTP Protocol Inspection, select the box Enforce Strict HTTP response parsing.
  • In Web Intelligence / Information Disclosure / Error Concealment (Correct)
  • In Web Intelligence / General / HTTP Protocol Inspection, enables ASCII only response headers
  • In application intelligence / FingerPrint Scrambling / WEB Apps, Select the Scramble error message checkbox.

Answer : In Web Intelligence / Information Disclosure / Error Concealment

How would you create a temporary user bypass to the URL Filtering policy in Security Gateway?


Options are :

  • By creating an authentication rule in the Firewall
  • By enabling it in URL Filtering /Advanced / Bypass
  • It is not possible (Correct)
  • By adding an exception in URL Filtering / Advanced I Network Exceptions

Answer : It is not possible

What rules send log information to Dshield.org when Storm Center is configured?


Options are :

  • Determined in Web Intelligence, configuration: Information Disclosure is configured; rules with tracking set to User Defined Alerts or SNMP trap.
  • Determined by the Global Properties configuration: Log defined in the Log and Alerts section, rules with tracking sent to Account or SNMP trap.
  • Determined by the Dshield Storm Center Logging setting in Logs and Master of the Security Management Server object rules with tracking set to Log or None.
  • Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts (Correct)

Answer : Determined in IPS, Dshield Storm Center configuration: Security Management Server sends logs from rules with tracking set to either Alert or one of the specific User Defined Alerts

156-215.75 Check Point Certified Security Administrator Exam Set 4

Phase 2 uses ___________, if not using Perfect Forward Secrecy.


Options are :

  • Asymmetric
  • Symmetric (Correct)
  • Sequential
  • Conditional

Answer : Symmetric

For which protocol is anti-virus not available?


Options are :

  • HTTPS (Correct)
  • HTTP
  • SMTP
  • FTP

Answer : HTTPS

Which could be an appropriate solution for assigning a unique Office Mode IP address to Endpoint Connect users?


Options are :

  • Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil. (Correct)
  • Fixed office mode IP can be configured as a user property in smart dash board
  • Create a DHCP resource with the fixed IP address to use name mapping.
  • Edit $ PWDIA/conf/SCM_ assignment. conf on the management server with the correct user name and office mode ip address

Answer : Configure a DHCP server with IP reservation using the information gathered by the utility vpn macutil.

156-215.75 Check Point Certified Security Administrator Exam Set 5

Using Captive Portal, unidentified users may be blocked, allowed to enter required credentials, or required to downloaD.


Options are :

  • Identity Awareness Agent (Correct)
  • SecureClient
  • ICA Certificate
  • Full Endpoint Client

Answer : Identity Awareness Agent

You wish to analyze the packet size distribution of your traffic with SmartView Monitor. Unfortunately, the message, There are no machines that contain Firewall Blade and SmartView Monitor appears.


Options are :

  • Purchase the SmartView Monitor license for your Security Gateway. (Correct)
  • Purchase the SmartView Monitor license for your Security Management Server
  • What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
  • Enable Monitoring on your Security Gateway.
  • Enable Monitoring on your Security Management Server

Answer : Purchase the SmartView Monitor license for your Security Gateway.

When using vpn tu, which option must you choose if you only want to clear phase 2 for a specific IP (gateway)?


Options are :

  • (6) Delete all IPsec SAs for a given User (Client)
  • (7) Delete all IPsec+IKE SAs for a given peer (GW)
  • (5) Delete all IPsec SAs for a given peer (GW) (Correct)
  • (8) Delete all IPsec+IKE SAs for a given User (Client)

Answer : (5) Delete all IPsec SAs for a given peer (GW)

156-215.75 Check Point Certified Security Administrator Exam Set 6

Which of the following actions do NOT take place in IKE Phase 1?


Options are :

  • Each side generates a session key from its private key and peers public key
  • Peers agree on encryption method
  • Peers agree on integrity method
  • Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key. (Correct)

Answer : Diffie-Hillman key is combined with the key material to produce the symmetrical IPsec key.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now