156-215.75 Check Point Certified Security Administrator Exam Set 5

Which of the below is the MOST correct process to reset SIC from SmartDashboard?


Options are :

  • Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
  • Run cpconfig, and click Reset.
  • Click Communication > Reset on the Gateway object, and type a new activation key.
  • Run cpconfig, and select Secure Internal Communication > Change One Time Password.

Answer : Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.

A Clean-up rule is used to:


Options are :

  • Drop without logging connections that would otherwise be accepted and logged by default
  • Log connections that would otherwise be accepted without logging by default
  • Drop without logging connections that would otherwise be dropped and logged fry default
  • Log connections that would otherwise be dropped without logging by default.

Answer : Log connections that would otherwise be dropped without logging by default.

156-215.75 Check Point Certified Security Administrator Exam Set 6

How many inspection capture points are shown in fw monitor?


Options are :

  • 4
  • 2
  • Depends on the number of interfaces on the Gateway
  • 1

Answer : 4

You create implicit and explicit rules for the following network. The group object internalnetworks includes networks 10.10.10.0 and 10.10.20.0. Assume Accept ICMP requests is enabled as Before last in Global Properties.Based on these rules, what happens if you Ping from host 10.10.10.5 to a host on the Internet by IP address? ICMP will be:


Options are :

  • accepted by rule 1.
  • dropped by the last Implicit rule.
  • dropped by rule 0.
  • dropped by rule 2, the Cleanup Rule

Answer : accepted by rule 1.

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?


Options are :

  • All connections are reset, so a policy install is recommended during announced downtime only.
  • Users being authenticated by Client Authentication have to re-authenticate.
  • Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
  • All FTP downloads are reset; users have to start their downloads again.

Answer : Users being authenticated by Client Authentication have to re-authenticate.

156-215.75 Check Point Certified Security Administrator Exam Set 7

Which rules are not applied on a first-match basis?


Options are :

  • Cleanup
  • Session Authentication
  • User Authentication
  • Client Authentication

Answer : User Authentication

A Stealth rule is used to:


Options are :

  • Use the Security Gateway to hide the border router from internal attacks
  • Cloak the type of Web server in use behind the Security Gateway.
  • Prevent tracking of hosts behind the Security Gateway.
  • Prevent communication to the Security Gateway itself.

Answer : Prevent communication to the Security Gateway itself.

When you change an implicit rules order from last to first in global properties, how do you make the change take effect?


Options are :

  • Select save from the file menu
  • Select install database from the policy menu
  • Reinstall the security policy
  • Run fw fetch from the security gateway

Answer : Reinstall the security policy

156-215.75 Check Point Certified Security Administrator Exam Set 8

Anti-Spoofing is typically set up on which object type?


Options are :

  • Domain
  • Network
  • Host
  • Security Gateway

Answer : Security Gateway

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.


Options are :

  • source on client side
  • source on server side
  • destination on server side
  • destination on client side

Answer : destination on client side

You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a SecurePlatform. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.


Options are :

  • cthtool
  • eth_set
  • ifconfig a
  • mii_tool

Answer : eth_set

156-215.77 Check Point Certified Security Administrator Exam Set 1

You are working with multiple Security Gateways that enforce a common set of rules. To minimize the number of policy packages, which one of the following would you choose to do?


Options are :

  • Run separate SmartDashbord instance to login and configure each Security Gateway directly.
  • Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway.
  • Install a separate local Security Management Server and SmartConsole for each remote Security Gateway.
  • Create a separate Security Policy package for each remote Security Gateway and specify Install On / Gateways.

Answer : Create a single Security Policy package with Install On / Target defined whenever a unique rule is required for a specific Gateway.

When you run the fw monitor -e "accept;" command, what type of traffic is captured?


Options are :

  • Only outbound traffic, before and after the outbound inspection.
  • Only inbound traffic, before and after the inbound inspection.
  • All traffic coming in all directions, before and after inbound and outbound inspection.
  • All traffic accepted by the Rule Base.

Answer : All traffic coming in all directions, before and after inbound and outbound inspection.

Which statement is TRUE about implicit rules?


Options are :

  • You create them in SmartDashboard.
  • They are derived from Global Properties and explicit object properties.
  • The Gateway enforces implicit rules that enable outgoing packets only
  • Changes to the Security Gateway's default settings do not affect implicit rules.

Answer : They are derived from Global Properties and explicit object properties.

156-215.77 Check Point Certified Security Administrator Exam Set 2

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway's external interface. You browse to from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?


Options are :

  • Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • Only one, inbound
  • Only one, outbound
  • Two, one for outbound, one for inbound

Answer : Only one, outbound

You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify Security administration, which one of the following would you choose to do?


Options are :

  • Create network objects that restrict all applicable rules to only certain networks
  • Create a separate Security Policy package for each remote Security Gateway
  • Eliminate all possible contradictory rules such as the Stealth or Cleanup rules
  • Run separate SmartConsole instances to login and configure each Security Gateway directly

Answer : Create a separate Security Policy package for each remote Security Gateway

Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?


Options are :

  • Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24
  • Configure Automatic Hide NAT on network 10.10.20.0/24 and then edit the Service column in the NAT Rule Base on the automatic rule
  • Configure three Manual Static NAT rules for network 10.10.20.0/24, one for each service
  • Configure Automatic Static NAT on network 10.10.20.0/24

Answer : Configure one Manual Hide NAT rule for HTTP, FTP, and SMTP services for network 10.10.20.0/24

156-215.77 Check Point Certified Security Administrator Exam Set 3

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?


Options are :

  • The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External.Change topology to Others +.
  • The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
  • The Global Properties setting Translate destination on client side is checked But the topology on the DMZ interface is set to Internal -Network defined by IP and Mask Uncheck the Global Properties setting Translate destination on client side
  • The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External

Answer : The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

When translation occurs using automatic Hide NAT, what also happens?


Options are :

  • The destination port is modified.
  • The source port is modified.
  • The destination is modified.
  • Nothing happens.

Answer : The source port is modified.

Because of a pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?


Options are :

  • Allow bi-directional NAT is not checked in Global Properties
  • Manual NAT rules are not configured correctly
  • Translate destination on client side is not checked in Global Properties under manual NAT rules.
  • Routing is not configured correctly.

Answer : Translate destination on client side is not checked in Global Properties under manual NAT rules.

156-215.77 Check Point Certified Security Administrator Exam Set 4

Which rule should be the Cleanup Rule in the Rule Base?


Options are :

  • First, it explicitly accepts otherwise dropped traffic.
  • Before last followed by the Stealth Rule
  • Last. It serves a logging function before the implicit drop.
  • Last, it explicitly drops otherwise accepted traffic

Answer : Last. It serves a logging function before the implicit drop.

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?


Options are :

  • Enable IP Pool NAT
  • Allow bi-directional NAT
  • Automatic ARP configuration
  • Translate destination on client-side

Answer : Translate destination on client-side

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?


Options are :

  • Automatic ARP must be unchecked in the Global Properties
  • Nothing else must be configured.
  • A static route must be added on the Security Gateway to the internal host.
  • A static route for the NAT IP must be added to the Gateway's upstream router.

Answer : A static route must be added on the Security Gateway to the internal host.

156-215.77 Check Point Certified Security Administrator Exam Set 5

You want to reset SIC between smberlin and sgosaka.In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the cpconfig menu. When trying to establish a connection, instead of a working connection, you receive this error message: What is the reason for this behavior?


Options are :

  • You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup / Initialize).
  • The Gateway was not rebooted, which is necessary to change the SIC key.
  • The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
  • The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

Answer : The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources' servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?


Options are :

  • A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
  • When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
  • In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.
  • A Rule Base can always be installed on any Check Point firewall object It is necessary to select the appropriate target directly after selecting Policy > Install.

Answer : In the SmartDashboard main menu go to Policy / Policy Installation / Targets and select the correct firewall to be put into the list via Specific Targets.

All of the following are Security Gateway control connections defined by default implied rules,EXCEPT:


Options are :

  • Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
  • Exclusion of specific services for reporting purposes.
  • Acceptance of IKE and RDP traffic for communication and encryption purposes.
  • Specific traffic that facilitates functionality, such as logging, management, and key exchange.

Answer : Exclusion of specific services for reporting purposes.

156-215.77 Check Point Certified Security Administrator Exam Set 6

You want to create an ASCII formatted output file of the fw monitor command. What is the correct syntax to accomplish this task?


Options are :

  • fw monitor -e "accept;" -f > /tmp/monitor.txt
  • fw monitor -m iO -e "accept;" -o /tmp/monitor.txt
  • fw monitor -e "accept;" > /tmp/monitor.txt
  • fw monitor -e "accept;" -w /tmp/monitor.txt

Answer : fw monitor -e "accept;" > /tmp/monitor.txt

NAT can NOT be configured on which of the following objects?


Options are :

  • HTTP Logical Server
  • Gateway
  • Host
  • Address Range

Answer : HTTP Logical Server

When you hide a rule in a Rule Base, how can you then disable the rule?


Options are :

  • Right-click on the hidden rule place-holder bar and select Disable Rule(s).
  • Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.
  • Hidden rules are already effectively disabled from Security Gateway enforcement.
  • Use the search utility in SmartDashboard to view all hidden rules Select the relevant rule and click Disable Rule(s).

Answer : Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

156-215.77 Check Point Certified Security Administrator Exam Set 1

Spoofing is a method of:


Options are :

  • Detecting people using false or wrong authentication logins.
  • Hiding your firewall from unauthorized users.
  • Disguising an illegal IP address behind an authorized IP address through port address Translation.
  • Making packets appear as if they come from an authorized IP address

Answer : Making packets appear as if they come from an authorized IP address

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions