156-215.75 Check Point Certified Security Administrator Exam Set 8

What is the Manual Client Authentication TELNET Port?


Options are :

  • 900
  • 23
  • 259 (Correct)
  • 264

Answer : 259

With the User Directory Software Blade, you can create R75 user definitions on a(n) _______Server.


Options are :

  • Radius
  • SecureID
  • NT Domain
  • LDAP (Correct)

Answer : LDAP

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user's properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?


Options are :

  • Select Intersect with user database or Ignore Database in the Action Properties window. (Correct)
  • Select ignore database in action properties window
  • Select intersect with user database in the action properties window
  • Permit access to Finance_net

Answer : Select Intersect with user database or Ignore Database in the Action Properties window.

Which set of objects have an Authentication tab?


Options are :

  • Templates, Users (Correct)
  • Users, Networks
  • Users, User Groups
  • Networks. Hosts

Answer : Templates, Users

156-215.75 Check Point Certified Security Administrator Exam Set 1

Which of the following are authentication methods that Security Gateway R75 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.


Options are :

  • Proxied, User, Dynamic, Session
  • Connection, User, Client
  • User, Client, Session (Correct)
  • Connection, Proxied, Session

Answer : User, Client, Session

Which of the following objects is a valid source in an authentication rule?


Options are :

Answer : [email protected]

In the given Rule Base, the client authentication in rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSAD_Group. When Eric tries to connect to a server on the Internet, what will happen?


Options are :

  • None of these things will happen. (Correct)
  • Eric will be blocked because LDAP is not allowed in the Rule Base
  • Eric will be blocked by the Stealth Rule.
  • Eric will be authenticated and get access to the requested server

Answer : None of these things will happen.

156-215.75 Check Point Certified Security Administrator Exam Set 2

You cannot use SmartDashboard's SmartDirectory features to connect to the LDAP server. What should you investigate?


Options are :

  • 2 and 3 (Correct)
  • 1 and 3
  • 1 and 2
  • 1, 2, and 3

Answer : 2 and 3

Mr. Smith needs access to other networks and should be able to use all services, but session authentication is not suitable. The Security Administrator selects client authentication with HTTP. The standard authentication port for client HTTP authentication (Port 900) is already in use. The Security Administrator wants to use the Port 9001, but there are some connectivity problems. What is the reason for the connectivity problems? Give the BEST answer.


Options are :

  • The configuration of the service FW1_clntauth_http is not correct.
  • The configuration file $FWDIR/conf/fwauthd.conf is wrong. (Correct)
  • The Security Policy is not correct.
  • It is not possible to use any port other than the standard port 900 for the client authentication via HTTP.

Answer : The configuration file $FWDIR/conf/fwauthd.conf is wrong.

Your Rule Base includes a Client Authentication rule, using partial authentication and standard sign-on for HTTP, Telnet, and FTP services. The rule was working, until this morning. Now users are not prompted for authentication, and they see error page cannot be displayed in the browser. In SmartView Tracker, you discover the HTTP connection is dropped when the Gateway is the destination. What did you do to cause Client Authentication to fail?


Options are :

  • disabled R75 Control Connections in Global Properties
  • enabled Static NAT on the problematic machines
  • added a rule below the Client Authentication rule, blocking HTTP from the internal network
  • added the Stealth Rule before the Client Authentication rule (Correct)

Answer : added the Stealth Rule before the Client Authentication rule

156-215.75 Check Point Certified Security Administrator Exam Set 3

The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?


Options are :

  • You can limit the authentication attempts in the Authentication tab of the User Properties screen.
  • Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
  • You can only use the rule for Telnet, FTP, SMTP, and rlogin services.
  • The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server. (Correct)

Answer : The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security Server.

Identify the ports to which the Client Authentication daemon listens by default.


Options are :

  • 80, 256
  • .259,900 (Correct)
  • 256,600
  • 8080, 529

Answer : .259,900

All Check Point Suite products before version RXX need to be upgraded to RXX before you can upgrade them to R75. RXX is:


Options are :

  • R60
  • R55
  • R61
  • R65 (Correct)

Answer : R65

156-215.75 Check Point Certified Security Administrator Exam Set 4

Which authentication type requires specifying a contact agent in the Rule Base?


Options are :

  • User Authentication
  • Client Authentication with Partially Automatic Sign On
  • Session Authentication (Correct)
  • Client Authentication with Manual Sign On

Answer : Session Authentication

Jeff wanted to upgrade his Security Gateway to R75, but he remembers that he needs to have a contracts file from the User Center before he can start the upgrade. If Jeff wants to download the contracts file from the User Center, what is the correct order of steps needed to perform this? 1)Select Update Contracts from User Center. 2)Enter your Username for your User Center account. 3)Enter your Password for your User Center account. 4)Click the Browse button to specify the path to your download contracts file. 5)Enter your Username and Password for your Security Gateway.


Options are :

  • 1, 5, 2004
  • 5,2,3
  • 2, 3, 2004
  • 1.2.3. (Correct)

Answer : 1.2.3.

How are cached usernames and passwords cleared from the memory of a R75 Security Gateway?


Options are :

  • Usernames and password only clear from memory after they time out
  • By using the Clear User Cache button in Smart Dashboard
  • By installing a Security Policy (Correct)
  • By retrieving LDAP user information using the command fw fetchldap

Answer : By installing a Security Policy

156-215.75 Check Point Certified Security Administrator Exam Set 5

All R75 Security Servers can perform authentication with the exception of one. Which of the Security Servers cannot perform authentication?


Options are :

  • FTP
  • HTTP
  • SMTP (Correct)
  • RLOGIN

Answer : SMTP

Choose the BEST sequence for configuring user management in SmartDashboard, Using an LDAP server.


Options are :

  • Configure a workstation object for the LDAP server; configure a server object for the LDAP in global properties.
  • Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties
  • Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
  • Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit. (Correct)

Answer : Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

Which Security Gateway R75 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:


Options are :

  • Time properties, adjusted on the user objects for each user, in the source of the Client Authentication rule
  • Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen (Correct)
  • Global Properties > Authentication parameters, adjusted to allow for Regular Client Refreshment
  • PS > Application Intelligence > Client Authentication > Refresh User Timeout option enabled

Answer : Refreshable Timeout setting, in the Limits tab of the Client Authentication Action Properties screen

156-215.75 Check Point Certified Security Administrator Exam Set 6

For information to pass securely between a Security Management Server and another Check Point component, what would NOT be required?


Options are :

  • The communication must be authenticated
  • The communication must use two-factor or biometric authentication. (Correct)
  • The component must be time-and-date synchronized with the security management server
  • The communication must be encrypted

Answer : The communication must use two-factor or biometric authentication.

What happens to evaluation licenses during the license-upgrade process?


Options are :

  • They are dropped
  • They are upgraded with new available features
  • They automatically expire
  • They remain untouched, but may not activate all features of a new version. (Correct)

Answer : They remain untouched, but may not activate all features of a new version.

For which service is it NOT possible to configure user authentication?


Options are :

  • FTP
  • Telnet
  • HTTPS
  • SSH (Correct)

Answer : SSH

156-215.75 Check Point Certified Security Administrator Exam Set 7

One of your licenses is set for an IP address no longer in use. What happens to this license during the license-upgrade process?


Options are :

  • It is upgraded with new available features but the IP remains the same
  • It is upgraded with the previous features using the new IP address
  • It remains untouched. (Correct)
  • It is dropped

Answer : It remains untouched.

In which directory do you install the R75 pre-upgrade verifier on a SecurePlatform Security Management Server?


Options are :

  • It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations. (Correct)
  • in $PWDIR/ bin
  • It does not matter as long as the Administrator uses chmod to permit the file to execute
  • In $PWDIR/ conf.

Answer : It does not matter since the dynamic information entered by the Administrator will cause it to retrieve the proper configurations.

Which column in the Rule Base is used to define authentication parameters?


Options are :

  • Service
  • Track
  • Source
  • Action (Correct)

Answer : Action

156-215.75 Check Point Certified Security Administrator Exam Set 8

Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Why?


Options are :

  • You checked the cache password on desktop option in Global Properties.
  • You have forgotten to place the User Authentication Rule before the Stealth Rule.
  • Another rule that accepts HTTP without authentication exists in the Rule Base. (Correct)
  • Users must use the SecuRemote Client, to use the User Authentication Rule

Answer : Another rule that accepts HTTP without authentication exists in the Rule Base.

Your company's Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:


Options are :

  • Client Authentication rule, using partially automatic sign on
  • Client Authentication for fully automatic sign on
  • Session Authentication rule
  • Client Authentication rule using the manual sign-on method, using HTTP on port 900 (Correct)

Answer : Client Authentication rule using the manual sign-on method, using HTTP on port 900

Which type of R75 Security Server does not provide User Authentication?


Options are :

  • FTP Security Server
  • HTTPS Security Server
  • SMTP Security Server (Correct)
  • HTTP Security Server

Answer : SMTP Security Server

156-215.77 Check Point Certified Security Administrator Exam Set 1

If you check the box Use Aggressive Mode in the IKE Properties dialog box, the standard:


Options are :

  • three-packet IKE Phase 1 exchange is replaced by a six-packet exchange
  • three-packet IKE Phase 2 exchange Is replaced by a six-packet exchange
  • three-packet IKE Phase 2 exchange is replaced by a two-packet exchange
  • six-packet IKE Phase 1 exchange is replaced by a three-packet exchange (Correct)

Answer : six-packet IKE Phase 1 exchange is replaced by a three-packet exchange

Your current Check Point enterprise consists of one Management Server and four Gateways in four different locations with the following versions: All devices are running SecurePlatform. You are upgrading your enterprise to R75. Place the required tasks from the following list in the correct order for upgrading your enterprise to R75. 1)Upgrade all gateways to R75 2)Upgrade all gateways 3 and 4 to R 65 3)Upgrade all gateways 2, 3, and 4 to R 65 4)Upgrade all gateway 4 to R 65 5)Perform pre-upgrade verifier on Security management server 6)Perform pre-upgrade verifier on all Gateways 7)Perform License upgrade checker on Gateway 2 8)Perform License upgrade checker on Gateway 3 9)Perform License upgrade checker on Gateway 4 10)Perform License upgrade checker on Security Management Server 11)Perform License upgrade checker on all devices 12)Upgrade security management server to R 70


Options are :

  • 9, 4, 5, 12, 1 (Correct)
  • 5, 6, 12, 1
  • 11, 5, 12, 2, 1
  • 11, 5, 12, 3, 1

Answer : 9, 4, 5, 12, 1

Your manager requires you to setup a new corporate VPN between all your branch offices. He requires you to choose the strongest and most secure available algorithms for the headquarters to the Research and Development branch office. In addition, you must use high performance algorithms for all sales offices with shorter key length for the VPN keys. How would you configure this scenario?


Options are :

  • This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities. (Correct)
  • This can only be done in traditional mode VPNs while not using simplified VPN settings.
  • This can not be achieved at all as all algorithms need to be the very same for all VPNs.
  • This can be done in a single community, but the encrypt action in the security Rule Base needs to be configured for exceptions.

Answer : This can be done either in traditional mode or simplified VPN using 2 different communities and the headquarters as the center for both communities.

156-215.77 Check Point Certified Security Administrator Exam Set 2

You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communication. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a(n):


Options are :

  • AES flag
  • diffie-Helman verification
  • digital signature (Correct)
  • private key

Answer : digital signature

You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?


Options are :

  • A group with generic user (Correct)
  • All users
  • LDAP account unit Group
  • internet user group

Answer : A group with generic user

For remote user authentication, which authentication scheme is NOT supported?


Options are :

  • TACACS (Correct)
  • RADIUS
  • SecurlD
  • Check Point Password

Answer : TACACS

156-215.77 Check Point Certified Security Administrator Exam Set 3

Public keys and digital certificates do NOT provide which of the following?


Options are :

  • Authentication
  • Nonrepudiation
  • Availability (Correct)
  • Data integrity

Answer : Availability

The User Directory Software Blade is used to integrate which of the following with Security Gateway R75?


Options are :

  • User authority server
  • Account management client server
  • LDAP server (Correct)
  • RADIUS server

Answer : LDAP server

R75 is compatible with UTM-1 Edge gateways X.X and above. X.X is:


Options are :

  • 6.5
  • 7
  • 8.5
  • 7.5 (Correct)

Answer : 7.5

156-215.77 Check Point Certified Security Administrator Exam Set 4

Security Gateway R75 supports User Authentication for which of the following services? Select the response below that contains the MOST complete list of supported services.


Options are :

  • SMTP, FTP, HTTP, TELNET
  • FTP, TELNET
  • SMTP, FTP, TELNET
  • FTP, HTTP, TELNET (Correct)

Answer : FTP, HTTP, TELNET

Whitfield Diffie and martin Hellman gave their names to what standard?


Options are :

  • A Key Exchange Protocol for the advanced Encryption Standard
  • An encryption scheme that makes pre-shared keys obsolete
  • An algorithm that is used in IPsec QuickMode and as an additional option in IPsec QuickMode (PFS)
  • A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel. (Correct)

Answer : A Key Agreement / Derivation Protocol that constructs secure keys over an insecure channel.

What is the command to upgrade a SecurePlatform NG with Application Intelligence R55 Management Server to R75?


Options are :

  • upgrade_mgmt
  • patch add cd (Correct)
  • fw install_mgmt
  • fwm upgrade_tool

Answer : patch add cd

156-215.77 Check Point Certified Security Administrator Exam Set 5

Which authentication type permits five different sign-on methods in the authentication properties window?


Options are :

  • Manual Authentication
  • User Authentication
  • Session Authentication
  • Client Authentication (Correct)

Answer : Client Authentication

When selecting an authentication scheme for a user, which scheme would you use if you only want the password to be stored locally? (The password is not stored at a third party component.)


Options are :

  • TACACS
  • SecurID
  • Check Point Password (Correct)
  • OS Password

Answer : Check Point Password

If you are experiencing LDAP issues, which of the following should you check?


Options are :

  • Secure Internal Communications (SIC)
  • Overlapping VPN Domains
  • Connectivity between the R75 Gateway and LDAP server (Correct)
  • Domain name resolution

Answer : Connectivity between the R75 Gateway and LDAP server

156-215.77 Check Point Certified Security Administrator Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now