156-215.77 Check Point Certified Security Administrator Exam Set 1

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy. John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?


Options are :

  • .Install the Identity Awareness Agent
  • After enabling Identity Awareness, reboot the gateway
  • .Investigate this as a network connectivity issue
  • Set static IP to DHCP (Correct)

Answer : Set static IP to DHCP

156-215.77 Check Point Certified Security Administrator Exam Set 2

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:


Options are :

  • selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.
  • SmartUpdate wizard walks the Administrator through a distributed installation.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. (Correct)
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

Which item below in a Security Policy would be enforced first?


Options are :

  • Network Address Translation
  • Administrator-defined Rule Base
  • IP spoofing/IP options (Correct)
  • Security Policy First rule

Answer : IP spoofing/IP options

What happens if the identity of a user is known?


Options are :

  • If the user credentials do not match an Access Role, the system displays a sandbox
  • .If the user credentials do not match an Access Role, the system displays the Captive Portal.
  • If the user credentials do not match an Access Role, the gateway moves onto the next rule. (Correct)
  • If the user credentials do not match an Access Role, the traffic is automatically dropped.

Answer : If the user credentials do not match an Access Role, the gateway moves onto the next rule.

156-215.77 Check Point Certified Security Administrator Exam Set 3

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?


Options are :

  • Check Point Password (Correct)
  • Domain Admin username
  • Windows logon password
  • WMI object

Answer : Check Point Password

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?


Options are :

  • Fail Open
  • Bridge (Correct)
  • High Availability
  • Load Sharing

Answer : Bridge

What CANNOT be configured for existing connections during a policy install?


Options are :

  • Re-match connections
  • Reset all connections (Correct)
  • Keep data connections
  • Keep all connections

Answer : Reset all connections

156-215.77 Check Point Certified Security Administrator Exam Set 4

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?


Options are :

  • John should install the Identity Awareness Agent
  • The firewall admin should install the Security Policy (Correct)
  • Investigate this as a network connectivity issue
  • John should lock and unlock the computer

Answer : The firewall admin should install the Security Policy

What happens if the identity of a user is known?


Options are :

  • If the user credentials do not match an Access Role, the system displays the Captive Portal.
  • .If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action (Correct)
  • .If the user credentials do not match an Access Role, the traffic is automatically dropped.
  • If the user credentials do not match an Access Role, the system displays a sandbox.

Answer : .If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action

What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?


Options are :

  • SmartUpdate GUI PC (Correct)
  • A Security Gateway retrieving the new upgrade package
  • SmartUpdate Repository SQL database Server
  • SmartUpdate installed Security Management Server PC

Answer : SmartUpdate GUI PC

156-215.77 Check Point Certified Security Administrator Exam Set 5

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base. To make this scenario work, the IT administrator must: 1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources. 2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. 4) Install policy. Ms. McHanry tries to access the resource but is unable. What should she do?


Options are :

  • Have the security administrator select Any for the Machines tab in the appropriate Access Role
  • Have the security administrator reboot the firewall
  • .Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal? (Correct)
  • Install the Identity Awareness agent on her iPad

Answer : .Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal?

What action CANNOT be run from SmartUpdate R77?


Options are :

  • .Reboot Gateway
  • Get all Gateway Data
  • Preinstall verifier
  • Fetch sync status (Correct)

Answer : Fetch sync status

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?


Options are :

  • Access Certificate
  • Access Rule
  • Access Policy
  • Access Role (Correct)

Answer : Access Role

156-215.77 Check Point Certified Security Administrator Exam Set 6

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?


Options are :

  • All connections are reset, so a policy install is recommended during announced downtime only.
  • Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
  • All FTP downloads are reset; users have to start their downloads again.
  • Users being authenticated by Client Authentication have to re-authenticate. (Correct)

Answer : Users being authenticated by Client Authentication have to re-authenticate.

What is the purpose of a Stealth Rule?


Options are :

  • To drop all traffic to the management server that is not explicitly permitted.
  • To permit management traffic
  • To permit implied rules.
  • To prevent users from connecting directly to the gateway (Correct)

Answer : To prevent users from connecting directly to the gateway

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:


Options are :

  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • SmartUpdate wizard walks the Administrator through a distributed installation.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

156-215.77 Check Point Certified Security Administrator Exam Set 1

When you hide a rule in a Rule Base, how can you then disable the rule?


Options are :

  • Right-click on the hidden rule place-holder bar and select Disable Rule(s).
  • Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).
  • Hidden rules are already effectively disabled from Security Gateway enforcement.
  • Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule. (Correct)

Answer : Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:


Options are :

  • Exclusion of specific services for reporting purposes (Correct)
  • Specific traffic that facilitates functionality, such as logging, management, and key exchange.
  • Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
  • Acceptance of IKE and RDP traffic for communication and encryption purposes.

Answer : Exclusion of specific services for reporting purposes

In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.


Options are :

  • 256
  • 900
  • 259
  • 257 (Correct)

Answer : 257

156-215.77 Check Point Certified Security Administrator Exam Set 2

When using LDAP as an authentication method for Identity Awareness, the query:


Options are :

  • Prompts the user to enter credentials.
  • Requires client and server side software
  • Is transparent, requiring no client or server side software, or client intervention. (Correct)
  • Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.

Answer : Is transparent, requiring no client or server side software, or client intervention.

A Cleanup rule:


Options are :

  • drops packets without logging connections that would otherwise be dropped and logged by default.
  • logs connections that would otherwise be accepted without logging by default.
  • drops packets without logging connections that would otherwise be accepted and logged by default.
  • logs connections that would otherwise be dropped without logging by default (Correct)

Answer : logs connections that would otherwise be dropped without logging by default

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?


Options are :

  • RCP
  • CIFS
  • WMI (Correct)
  • LDAP

Answer : WMI

156-215.77 Check Point Certified Security Administrator Exam Set 3

Where does the security administrator activate Identity Awareness within SmartDashboard?


Options are :

  • LDAP Server Object > General Properties
  • Gateway Object > General Properties (Correct)
  • .Policy > Global Properties > Identity Awareness
  • Security Management Server > Identity Awareness

Answer : Gateway Object > General Properties

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. 3) Changes from static IP address to DHCP for the client PC. What should John do when he cannot access the web server from a different personal computer?


Options are :

  • .The access should be changed to authenticate the user instead of the PC (Correct)
  • John should lock and unlock his computer
  • Investigate this as a network connectivity issue
  • John should install the Identity Awareness Agent

Answer : .The access should be changed to authenticate the user instead of the PC

How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?


Options are :

  • Change the gateway settings to allow Captive Portal access via an external interface. (Correct)
  • .No action is necessary. This access is available by default.
  • Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
  • Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.

Answer : Change the gateway settings to allow Captive Portal access via an external interface.

156-215.77 Check Point Certified Security Administrator Exam Set 4

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.


Options are :

  • 900
  • 80
  • 259
  • 256 (Correct)

Answer : 256

Which statement is TRUE about implicit rules?


Options are :

  • The Gateway enforces implicit rules that enable outgoing packets only.
  • They are derived from Global Properties and explicit object properties. (Correct)
  • Changes to the Security Gateway’s default settings do not affect implicit rules.
  • You create them in SmartDashboard.

Answer : They are derived from Global Properties and explicit object properties.

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?


Options are :

  • Login Distinguished Name and password (Correct)
  • Windows logon password
  • Check Point Password
  • WMI object

Answer : Login Distinguished Name and password

156-215.77 Check Point Certified Security Administrator Exam Set 5

Which rule position in the Rule Base should hold the Cleanup Rule? Why?


Options are :

  • First. It explicitly accepts otherwise dropped traffic.
  • Last. It explicitly drops otherwise accepted traffic
  • Last. It serves a logging function before the implicit drop. (Correct)
  • Before last followed by the Stealth Rule.

Answer : Last. It serves a logging function before the implicit drop.

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?


Options are :

  • Check Point Password
  • WMI object
  • Windows logon password
  • Active Directory Server object (Correct)

Answer : Active Directory Server object

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now