156-215.75 Check Point Certified Security Administrator Exam Set 6

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping rules by date of creation
  • Placing frequently accessed rules before less frequently accessed rules
  • Grouping IPS rules with dynamic drop rules
  • Adding SAM rules at the top of the Rule Base

Answer : Placing frequently accessed rules before less frequently accessed rules

156-215.75 Check Point Certified Security Administrator Exam Set 7

You would use the Hide Rule feature to:


Options are :

  • Hide rules from read-only administrators.
  • Make rules invisible to incoming packets.
  • View only a few rules without the distraction of others
  • Hide rules from a SYN/ACK attack.

Answer : View only a few rules without the distraction of others

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.


Options are :

  • 259
  • 256
  • 80
  • 900

Answer : 256

Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:


Options are :

  • For R75 Security Gateways are created during the Security Management Server installation.
  • Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
  • Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.
  • Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.

Answer : Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

156-215.75 Check Point Certified Security Administrator Exam Set 8

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R75 Gateway, which connections to your ISP provider. How do you configure the Gateway to allow this network to go out to the internet?


Options are :

  • Use automatic Static NAT for network 10.1.1.0/24.
  • Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
  • Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
  • Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

Answer : Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

Which specific R75 GUI would you use to add an address translation rule?


Options are :

  • SmartNAT
  • SmartView Monitor
  • SmartConsole
  • SmartDashboard

Answer : SmartDashboard

What happens if Web Server is checked?


Options are :

  • An implied rule will be added allowing HTTP request from and to the host.
  • An implied rule will be added allowing HTTP requests to the host.
  • Web Intelligence will be applied to the host
  • Anti-virus settings will be applied to the host.

Answer : Web Intelligence will be applied to the host

156-215.77 Check Point Certified Security Administrator Exam Set 1

Which of the following describes the default behavior of an R75 Security Gateway?


Options are :

  • Traffic not explicitly permitted is dropped.
  • All traffic is expressly permitted via explicit rules.
  • Traffic is filtered using controlled port scanning.
  • IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.

Answer : Traffic not explicitly permitted is dropped.

Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?


Options are :

  • Database Revision Control
  • dbexport/dbimport
  • upgrade_export/upgrade_import
  • Policy Package management

Answer : Database Revision Control

A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R75. After running the fw unloadlocal command, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?


Options are :

  • The Allow Control Connections setting in Policy / Global Properties has been unchecked.
  • A Stealth Rule has been configured for the R75 Gateway.
  • The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
  • The Security Policy installed to the Gateway had no rules in it

Answer : The Allow Control Connections setting in Policy / Global Properties has been unchecked.

156-215.77 Check Point Certified Security Administrator Exam Set 2

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R75 topology configuration?


Options are :

  • Specific
  • External
  • Any
  • Not Defined

Answer : Any

John is the Security Administrator in his company. He installs a new R75 Security Management Server and a new R75 Gateway. He now wants to establish SIC between them. After entering the activation key, the message "Trust established" is displayed in SmartDashboard, but SIC still does not seem to work because the policy won't install and interface fetching still does not work. What might be a reason for this?


Options are :

  • This must be a human error.
  • SIC does not function over the network.
  • The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.
  • It always works when the trust is established.

Answer : The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.

The SIC certificate is stored in the________ directory.


Options are :

  • $CPDIR/conf
  • $FWDIR/database
  • $FUIDIR/conf
  • $CPDIR/registry

Answer : $CPDIR/conf

156-215.77 Check Point Certified Security Administrator Exam Set 3

Static NAT connections, by default, translate on which firewall kernel inspection point?


Options are :

  • Outbound
  • Eitherbound
  • Post-inbound
  • Inbound

Answer : Inbound

You have configured a remote site Gateway that supports your boss's access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in "nobody has touched anything", which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it?


Options are :

  • The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup.
  • You cannot use NAT and a dialup connection.
  • A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.
  • According to published limitations of Security Gateway R75, there's a bug with NAT. A restart of the Gateway will help here.

Answer : A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.

A _______ rule is used to prevent all traffic going to the R75 Security Gateway.


Options are :

  • IPS
  • Reject
  • Stealth
  • Cleanup

Answer : Stealth

156-215.77 Check Point Certified Security Administrator Exam Set 4

Security Administrator, Anna has done the following: What will happen when she recreates the firewall object?


Options are :

  • Establishing the SIC will fail
  • Get interfaces will show all interfaces.
  • Creating the object will result in a duplicate IP address warning
  • Get interfaces will still show only the old interfaces but not the newly added ones.

Answer : Establishing the SIC will fail

You are about to test some rule and object changes suggested in an R75 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?


Options are :

  • Database Revision Control
  • Manual copies of the $FWDIR/conf directory
  • SecurePlatform backup utilities
  • upgrade export command

Answer : Database Revision Control

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?


Options are :

  • Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.
  • Restore the entire database, except the user database.
  • Restore the entire database, except the user database, and then create the new user and user group.
  • Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

Answer : Restore the entire database, except the user database.

156-215.77 Check Point Certified Security Administrator Exam Set 5

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?


Options are :

  • A SmartDefense module has blocked the packet
  • The packet has been sent out through a VPN tunnel unencrypted.
  • An IPSO ACL has blocked the outbound passage of the packet.
  • It is an issue with NAT

Answer : It is an issue with NAT

Of the following, what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases 2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses


Options are :

  • 2, 4, 7, 10, 11
  • 5, 6, 9, 12, 13
  • 1, 2, 8, 10, 11
  • 3, 4, 5, 6, 9, 12, 13

Answer : 3, 4, 5, 6, 9, 12, 13

Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?


Options are :

  • Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
  • Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
  • The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.
  • Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.

Answer : The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.

156-215.77 Check Point Certified Security Administrator Exam Set 6

In a Hide NAT connection outbound, which portion of the packet is modified?


Options are :

  • Source IP address and source port
  • Source IP address and destination port
  • Destination IP address and destination port
  • Destination IP address and destination port

Answer : Source IP address and source port

In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?


Options are :

  • When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.
  • When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
  • When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.
  • If you chose Automatic NAT instead, all necessary entries are done for you.

Answer : When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.

When you use the Global Properties' default settings on R75, which type of traffic will be dropped if no explicit rule allows the traffic?


Options are :

  • RIP traffic
  • Firewall logging and ICA key-exchange information
  • SmartUpdate connections
  • Outgoing traffic originating from the Security Gateway

Answer : RIP traffic

156-215.77 Check Point Certified Security Administrator Exam Set 1

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?


Options are :

  • The POP3 rule is disabled.
  • The POP3 rule is hidden.
  • POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R75.
  • POP3 is accepted in Global Properties.

Answer : The POP3 rule is hidden.

What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security gateway?


Options are :

  • Define two log serves on the R75 Gateway object Enable Log Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
  • Install the View Implicit Rules package using SmartUpdate
  • In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
  • Check the Log Implied Rules Globally box on the R75 Gateway object.

Answer : In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?


Options are :

  • o=outbound kernel, before the virtual machine
  • O=outbound kernel, after the virtual machine
  • I=inbound kernel, after the virtual machine
  • i=inbound kernel, before the virtual machine

Answer : I=inbound kernel, after the virtual machine

156-215.77 Check Point Certified Security Administrator Exam Set 2

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping reject and drop rules after the Cleanup Rule
  • Grouping authentication rules with address-translation rules
  • Grouping functionally related rules together
  • Grouping rules by date of creation

Answer : Grouping functionally related rules together

Which R75 feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?


Options are :

  • fwm dbexport/fwm dbimport
  • upgrade_export/upgrade„import
  • Database Revision Control
  • Policy Package management

Answer : Policy Package management

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions