156-215.77 Check Point Certified Security Administrator Exam Set 4

Where are custom queries stored in R77 SmartView Tracker?


Options are :

  • On the SmartView Tracker PC local file system under the user's profile.
  • On the SmartView Tracker PC local file system shared by all users of that local PC
  • On the Security Management Server tied to the Administrator User Database login name. (Correct)
  • On the Security Management Server tied to the GUI client IP.

Answer : On the Security Management Server tied to the Administrator User Database login name.

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?


Options are :

  • An IPSO ACL has blocked the packet’s outbound passage.
  • It is due to NAT. (Correct)
  • A SmartDefense module has blocked the packet.
  • The packet has been sent out through a VPN tunnel unencrypted.

Answer : It is due to NAT.

Where is the easiest and BEST place to find information about connections between two machines?


Options are :

  • All options are valid.
  • On a Security Management Server, using SmartView Tracker.
  • On a Security Gateway using the command fw log.
  • On a Security Gateway Console interface; it gives you detailed access to log files and state table information (Correct)

Answer : On a Security Gateway Console interface; it gives you detailed access to log files and state table information

156-215.77 Check Point Certified Security Administrator Exam Set 5

Which of the following can be found in cpinfo from an enforcement point?


Options are :

  • The complete file objects_5_0.c
  • Everything NOT contained in the file r2info
  • VPN keys for all established connections to all enforcement points
  • Policy file information specific to this enforcement point (Correct)

Answer : Policy file information specific to this enforcement point

How do you view a Security Administrator's activities with SmartConsole?


Options are :

  • SmartView Tracker in the Network and Endpoint tabs
  • Eventia Suite
  • SmartView Monitor using the Administrator Activity filter
  • SmartView Tracker in the Management tab (Correct)

Answer : SmartView Tracker in the Management tab

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows: Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original ||Translated Destination: web_private_IP || Service: Original “web_public_IP” is the node object that represents the new Web server’s public IP address. “web_private_IP” is the node object that represents the new Web site’s private IP address. You enable all settings from Global Properties > NAT. When you try to browse the Web server from the Internet you see the error “page cannot be displayed”. Which of the following is NOT a possible reason?


Options are :

  • There is no route defined on the Security Gateway for the public IP address to the Web server’s private IP address.
  • There is no Security Policy defined that allows HTTP traffic to the protected Web server (Correct)
  • There is no ARP table entry for the protected Web server’s public IP address.
  • There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Answer : There is no Security Policy defined that allows HTTP traffic to the protected Web server

156-215.77 Check Point Certified Security Administrator Exam Set 6

You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?


Options are :

  • In SmartDashboard, select IPS > Network Security > Denial of Service.
  • In SmartView Tracker, select Tools > Block Intruder. (Correct)
  • In SmartView Monitor, select Tools > Suspicious Activity Rules.
  • Modify the Rule Base to drop these connections from the network.

Answer : In SmartView Tracker, select Tools > Block Intruder.

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?


Options are :

  • A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
  • The NAT IP address must be added to the external Gateway interface anti-spoofing group.
  • No extra configuration is needed.
  • static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. (Correct)

Answer : static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error: Unknown established connection How do you resolve this problem without causing other security issues? Choose the BEST answer.


Options are :

  • Ask the mainframe users to reconnect every time this error occurs.
  • Increase the service-based session timeout of the default Telnet service to 24-hours.
  • Increase the TCP session timeout under Global Properties > Stateful Inspection.
  • Create a new TCP service object on port 23 called Telnet-mainframe. Define a servicebased session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe. (Correct)

Answer : Create a new TCP service object on port 23 called Telnet-mainframe. Define a servicebased session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

156-215.77 Check Point Certified Security Administrator Exam Set 1

What happens when you select File > Export from the SmartView Tracker menu?


Options are :

  • Exported log entries are not viewable in SmartView Tracker.
  • Exported log entries are deleted from fw.log.
  • Current logs are exported to a new *.log file.
  • Logs in fw.log are exported to a file that can be opened by Microsoft Excel. (Correct)

Answer : Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.


Options are :

  • Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT). (Correct)
  • Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
  • Yes, there are always as many active NAT rules as there are connections.
  • No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.

Answer : Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?


Options are :

  • All Records Query
  • Audit Tab
  • Active Tab (Correct)
  • Account Query

Answer : Active Tab

156-215.77 Check Point Certified Security Administrator Exam Set 2

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block? 1) Select Active Mode tab in SmartView Tracker. 2) Select Tools > Block Intruder. 3) Select Log Viewing tab in SmartView Tracker. 4) Set Blocking Timeout value to 60 minutes. 5) Highlight connection that should be blocked.


Options are :

  • 1, 5, 2, 4 (Correct)
  • 3, 2, 5, 4
  • 3, 5, 2, 4
  • 1, 2, 5, 4

Answer : 1, 5, 2, 4

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?


Options are :

  • I=inbound kernel, after the virtual machine (Correct)
  • O=outbound kernel, after the virtual machine
  • i=inbound kernel, before the virtual machine
  • o=outbound kernel, before the virtual machine

Answer : I=inbound kernel, after the virtual machine

What is the default setting when you use NAT?


Options are :

  • Source Translated on Client side
  • Destination Translated on Client side (Correct)
  • Destination Translated on Server side
  • Source Translated on both sides

Answer : Destination Translated on Client side

156-215.77 Check Point Certified Security Administrator Exam Set 3

You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following: 1) Created manual Static NAT rules for the Web server. 2) Cleared the following settings in the Global Properties > Network Address Translation screen: - Allow bi-directional NAT - Translate destination on client side Do the above settings limit the partner’s access?


Options are :

  • Yes. Both of these settings are only applicable to automatic NAT rules.
  • Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.
  • . No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client. (Correct)
  • No. The first setting is not applicable. The second setting will reduce performance.

Answer : . No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?


Options are :

  • Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway. (Correct)
  • Use automatic Static NAT for network 10.1.1.0/24.
  • Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
  • Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.

Answer : Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

When restoring R77 using the command upgrade_import, which of the following items are NOT restored?


Options are :

  • SIC Certificates
  • Licenses
  • Global properties
  • Route tables (Correct)

Answer : Route tables

156-215.77 Check Point Certified Security Administrator Exam Set 4

What is the officially accepted diagnostic tool for IP Appliance Support?


Options are :

  • CST
  • uag-diag
  • cpinfo (Correct)
  • ipsoinfo

Answer : cpinfo

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:


Options are :

  • IP addresses.
  • SIC is not NAT-tolerant.
  • MAC addresses
  • SIC names. (Correct)

Answer : SIC names.

You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?


Options are :

  • Place a static host route on the firewall for the valid IP address to the internal Web server
  • Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address. (Correct)
  • Publish a proxy ARP entry on the ISP router instead of the firewall for the valid IP address.
  • Publish a proxy ARP entry on the internal Web server instead of the firewall for the valid IP address.

Answer : Place a static ARP entry on the ISP router for the valid IP address to the firewall's external address.

156-215.77 Check Point Certified Security Administrator Exam Set 5

Your R77 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?


Options are :

  • Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
  • On a GAiA Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
  • Create a time object, and add 48 hours as the interval. Select that time object’s Global Properties > Logs and Masters window, to schedule a logswitch.
  • Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object. (Correct)

Answer : Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object’s Logs and Masters window, enable Schedule log switch, and select the Time object.

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?


Options are :

  • A static route for the NAT IP must be added to the Gateway’s upstream router.
  • A static route must be added on the Security Gateway to the internal host. (Correct)
  • Nothing else must be configured.
  • Automatic ARP must be unchecked in the Global Properties

Answer : A static route must be added on the Security Gateway to the internal host.

The fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Address translation (Correct)
  • Phase two key negotiation
  • Log Consolidation Engine
  • User data base corruption

Answer : Address translation

156-215.77 Check Point Certified Security Administrator Exam Set 6

Where can you find the Check Point’s SNMP MIB file?


Options are :

  • $FWDIR/conf/snmp.mib
  • It is obtained only by request from the TAC.
  • There is no specific MIB file for Check Point products.
  • $CPDIR/lib/snmp/chkpt.mib (Correct)

Answer : $CPDIR/lib/snmp/chkpt.mib

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?


Options are :

  • Only one, outbound (Correct)
  • Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • Only one, inbound
  • Two, one for outbound, one for inbound

Answer : Only one, outbound

NAT can NOT be configured on which of the following objects?


Options are :

  • HTTP Logical Server (Correct)
  • Host
  • Gateway
  • Address Range

Answer : HTTP Logical Server

156-215.77 Check Point Certified Security Administrator Exam Set 1

You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.


Options are :

  • The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.
  • The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range. (Correct)
  • The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.
  • The Administrator decides the rule order by shifting the corresponding rules up and down.

Answer : The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?


Options are :

  • Port Address Translation
  • Hide Address Translation
  • Dynamic Source Address Translation
  • tatic Destination Address Translation (Correct)

Answer : tatic Destination Address Translation

Many companies have defined more than one administrator. To increase security, only one administrator should be able to install a Rule Base on a specific Firewall. How do you configure this?


Options are :

  • Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
  • In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator
  • Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install. (Correct)
  • Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.

Answer : Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.

156-215.77 Check Point Certified Security Administrator Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now