156-215.77 Check Point Certified Security Administrator Exam Set 3

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?


Options are :

  • External
  • Any (Correct)
  • Specific
  • Not Defined

Answer : Any

Identify the ports to which the Client Authentication daemon listens by default.


Options are :

  • 8080, 529
  • 259, 900 (Correct)
  • 80, 256
  • 256, 600

Answer : 259, 900

When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?


Options are :

  • Reinstall the Security Policy. (Correct)
  • Run fw fetch from the Security Gateway.
  • Select Install Database from the Policy menu.
  • Select Save from the File menu

Answer : Reinstall the Security Policy.

156-315.71 Check Point Security Expert R71 Practical Exam Set 3

How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address?


Options are :

  • SNMP Get
  • Route Table
  • Address resolution (ARP, RARP)
  • Name resolution (hosts file, DNS, cache) (Correct)

Answer : Name resolution (hosts file, DNS, cache)

Which statement below describes the most correct strategy for implementing a Rule Base?


Options are :

  • Limit grouping to rules regarding specific access
  • Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down. (Correct)
  • Place a network-traffic rule above the administrator access rule
  • Add the Stealth Rule before the last rule.

Answer : Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down.

A Security Policy installed by another Security Administrator has blocked all SmartDashboard connections to the stand-alone installation of R77. After running the command fw unloadlocal, you are able to reconnect with SmartDashboard and view all changes. Which of the following change is the most likely cause of the block?


Options are :

  • The Allow Control Connections setting in Policy > Global Properties has been unchecked. (Correct)
  • The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.
  • A Stealth Rule has been configured for the R77 Gateway.
  • The Security Policy installed to the Gateway had no rules in it.

Answer : The Allow Control Connections setting in Policy > Global Properties has been unchecked.

156-315.77 Check Point Certified Security Expert Exam Set 6

Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?


Options are :

  • Standard Sign On
  • Partially Automatic Sign On (Correct)
  • Manual Sign On
  • Agent Automatic Sign On

Answer : Partially Automatic Sign On

Your shipping company uses a custom application to update the shipping distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateway’s Rule Base includes a rule to accept this traffic. Since you are responsible for multiple sites, you want notification by a text message to your cellular phone, whenever traffic is accepted on this rule. Which of the following would work BEST for your purpose?


Options are :

  • SmartView Monitor Threshold
  • User-defined alert script (Correct)
  • Logging implied rules
  • SNMP trap

Answer : User-defined alert script

Anti-Spoofing is typically set up on which object type?


Options are :

  • Security Management object
  • Network
  • Security Gateway (Correct)
  • Host

Answer : Security Gateway

Check Point Certified Security Expert Exam Set 11

You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?


Options are :

  • POP3 is accepted in Global Properties.
  • POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
  • The POP3 rule is hidden. (Correct)
  • The POP3 rule is disabled.

Answer : The POP3 rule is hidden.

Which authentication type permits five different sign-on methods in the authentication properties window?


Options are :

  • User Authentication
  • Client Authentication (Correct)
  • Session Authentication
  • Manual Authentication

Answer : Client Authentication

You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?


Options are :

  • The new Gateway's temporary license has expired.
  • The object was created with Node > Gateway. (Correct)
  • No Masters file is created for the new Gateway
  • The Gateway object is not specified in the first policy rule column Install On.

Answer : The object was created with Node > Gateway.

Check Point Certified Security Expert Exam Set 9

Your company’s Security Policy forces users to authenticate to the Gateway explicitly, before they can use any services. The Gateway does not allow the Telnet service to itself from any location. How would you configure authentication on the Gateway? With a:


Options are :

  • Session Authentication rule
  • Client Authentication rule using the manual sign-on method, using HTTP on port 900 (Correct)
  • Client Authentication rule, using partially automatic sign on
  • Client Authentication for fully automatic sign on

Answer : Client Authentication rule using the manual sign-on method, using HTTP on port 900

How can you activate the SNMP daemon on a Check Point Security Management Server?


Options are :

  • In SmartDashboard, right-click a Check Point object and select Activate SNMP.
  • Any of these options will work.
  • Using the command line, enter snmp_install.
  • From cpconfig, select SNMP extension. (Correct)

Answer : From cpconfig, select SNMP extension.

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping reject and drop rules after the Cleanup Rule
  • Grouping functionally related rules together (Correct)
  • Grouping authentication rules with address-translation rules
  • Grouping rules by date of creation

Answer : Grouping functionally related rules together

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway.Which SmartConsole application should you use to check these objects and rules?


Options are :

  • SmartDashboard (Correct)
  • SmartView Monitor
  • SmartView Status
  • SmartView Tracker

Answer : SmartDashboard

As a Security Administrator, you must refresh the Client Authentication authorization timeout every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:


Options are :

  • in the Gateway object's Authentication screen.
  • in the Global Properties Authentication screen
  • in the user object's Authentication screen
  • in the Limit tab of the Client Authentication Action Properties screen. (Correct)

Answer : in the Limit tab of the Client Authentication Action Properties screen.

You are working with three other Security Administrators.Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?


Options are :

  • SmartView Tracker (Correct)
  • SmartView Monitor
  • Eventia Monitor
  • Eventia Tracker

Answer : SmartView Tracker

156-315.71 Check Point Security Expert R71 Practical Exam Set 5

Where can an administrator configure the notification action in the event of a policy install time change?


Options are :

  • SmartDashboard > Policy Package Manager
  • SmartView Monitor > Gateway Status > System Information > Thresholds
  • SmartDashboard > Security Gateway Object > Advanced Properties Tab
  • SmartView Monitor > Gateways > Thresholds Settings (Correct)

Answer : SmartView Monitor > Gateways > Thresholds Settings

You can include External commands in SmartView Tracker by the menu Tools > Custom Commands. The Security Management Server is running under GAiA, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?


Options are :

  • Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.
  • Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list. (Correct)
  • There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.
  • Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.

Answer : Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.

You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?


Options are :

  • SmartView Tracker in Management Mode (Correct)
  • SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.
  • SmartView Tracker in Network and Endpoint Mode
  • SmartView Tracker in Active Mode

Answer : SmartView Tracker in Management Mode

Check Point Certified Security Expert Exam Set 3

Which SmartConsole tool would you use to see the last policy pushed in the audit log?


Options are :

  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Status
  • SmartView Tracker (Correct)
  • SmartView Server

Answer : SmartView Tracker

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?


Options are :

  • SmartView Tracker > Audit Tab > Gateway Counters
  • SmartView Monitor > Gateway Status > Threshold Settings
  • SmartView Monitor > Gateway Status > System Information > Thresholds (Correct)
  • This can only be monitored by a user-defined script

Answer : SmartView Monitor > Gateway Status > System Information > Thresholds

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?


Options are :

  • Custom filter
  • Network and Endpoint tab
  • Active tab
  • Management tab (Correct)

Answer : Management tab

156-215.75 Check Point Certified Security Administrator Exam Set 2

Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?


Options are :

  • Display Payload View
  • Network and Endpoint Tab
  • This is not a SmartView Tracker feature. (Correct)
  • Display Capture Action

Answer : This is not a SmartView Tracker feature.

SmartView Tracker logs the following Security Administrator activities, EXCEPT:


Options are :

  • Administrator login and logout
  • Tracking SLA compliance (Correct)
  • Rule Base changes
  • Object creation, deletion, and editing

Answer : Tracking SLA compliance

SmartView Tracker R77 consists of three different modes. They are:


Options are :

  • Network and Endpoint, Active, and Management (Correct)
  • Log, Track, and Management
  • Log, Active, and Audit
  • Log, Active, and Management

Answer : Network and Endpoint, Active, and Management

Check Point Certified Security Expert Exam Set 2

Which answers are TRUE? Automatic Static NAT CANNOT be used when: 1) NAT decision is based on the destination port. 2) Both Source and Destination IP's have to be translated. 3) The NAT rule should only be installed on a dedicated Gateway. 4) NAT should be performed on the server side


Options are :

  • 1 and 2 (Correct)
  • 1, 3, and 4
  • 2 and 4
  • 2 and 3

Answer : 1 and 2

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:


Options are :

  • Saves the current log file, names the log file by date and time, and starts a new log file. (Correct)
  • Prompts you to enter a filename, and then saves the log file.
  • Purges the current log file, and starts a new log file
  • Purges the current log file, and prompts you for the new log’s mode.

Answer : Saves the current log file, names the log file by date and time, and starts a new log file.

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Server
  • SmartUpdate
  • SmartView Tracker (Correct)

Answer : SmartView Tracker

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now