156-215.77 Check Point Certified Security Administrator Exam Set 4

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?


Options are :

  • 256
  • 257 (Correct)
  • 514
  • 258

Answer : 257

Which of the following tools is used to generate a Security Gateway R77 configuration report?


Options are :

  • infoview
  • cpinfo (Correct)
  • fw cpinfo
  • infoCP

Answer : cpinfo

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?


Options are :

  • Data Loss Prevention
  • SSL: VPN
  • SmartEvent Intr
  • IPS (Correct)

Answer : IPS

156-315.77 Check Point Certified Security Expert Exam Set 2

One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
  • The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • .There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection. (Correct)

Answer : .There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

What information is found in the SmartView Tracker Management log?


Options are :

  • FTP username authentication failure
  • GAiA expert login event
  • Creation of an administrator using cpconfig
  • Administrator SmartDashboard logout event (Correct)

Answer : Administrator SmartDashboard logout event

For remote user authentication, which authentication scheme is NOT supported?


Options are :

  • RADIUS
  • Check Point Password
  • SecurID
  • TACACS (Correct)

Answer : TACACS

156-315.77 Check Point Certified Security Expert Exam Set 9

What information is found in the SmartView Tracker Management log?


Options are :

  • .Destination IP address
  • Number of concurrent IKE negotiations
  • SIC revoke certificate event (Correct)
  • Most accessed Rule Base rule

Answer : SIC revoke certificate event

How can you check whether IP forwarding is enabled on an IP Security Appliance?


Options are :

  • ipsofwd list (Correct)
  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • cat /proc/sys/net/ipv4/ip_forward
  • clish -c show routing active enable

Answer : ipsofwd list

Which of the following statements accurately describes the command snapshot?


Options are :

  • snapshot stores only the system-configuration settings on the Gateway.
  • snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway. (Correct)
  • A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
  • snapshot creates a Security Management Server full system-level backup on any OS.

Answer : snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

Which command allows you to view the contents of an R77 table?


Options are :

  • fw tab -s
  • fw tab -x
  • fw tab -t (Correct)
  • fw tab -a

Answer : fw tab -t

Which command gives an overview of your installed licenses?


Options are :

  • showlic
  • fw lic print
  • cplic print (Correct)
  • cplicense

Answer : cplic print

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?


Options are :

  • cpinfo -o date.cpinfo.txt (Correct)
  • cpstat - date.cpstat.txt
  • .fw cpinfo
  • diag

Answer : cpinfo -o date.cpinfo.txt

156-215.77 Check Point Certified Security Administrator Exam Set 3

In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?


Options are :

  • Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
  • Do nothing. Old logs are deleted, until free space is restored.
  • Use the command fwm logexport to export the old log files to another location.
  • Configure a script to run fw logswitch and SCP the output file to a separate file server. (Correct)

Answer : Configure a script to run fw logswitch and SCP the output file to a separate file server.

Which of these components does NOT require a Security Gateway R77 license?


Options are :

  • Check Point Gateway
  • SmartUpdate upgrading/patching
  • Security Management Server
  • SmartConsole (Correct)

Answer : SmartConsole

What happens when you run the command. fw sam -J src [Source IP Address]?


Options are :

  • Connections to and from the specified target are blocked with the need to change the Security Policy.
  • Connections from the specified source are blocked without the need to change the Security Policy. (Correct)
  • Connections to and from the specified target are blocked without the need to change the Security Policy.
  • Connections to the specified target are blocked without the need to change the Security Policy

Answer : Connections from the specified source are blocked without the need to change the Security Policy.

156-110 Check Point Certified Security Principles Associate Set 4

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:


Options are :

  • GUI Clients (Correct)
  • DHCP Server configuration
  • Export setup
  • Time & Date

Answer : GUI Clients

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It contains your security configuration, which could be exploited. (Correct)
  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
  • will conflict with any future upgrades when using SmartUpdate.

Answer : It contains your security configuration, which could be exploited.

How do you configure an alert in SmartView Monitor?


Options are :

  • By right-clicking on the Gateway, and selecting Properties.
  • An alert cannot be configured in SmartView Monitor
  • By choosing the Gateway, and Configure Thresholds. (Correct)
  • By right-clicking on the Gateway, and selecting System Information.

Answer : By choosing the Gateway, and Configure Thresholds.

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

Which set of objects have an Authentication tab?


Options are :

  • Users, User Groups
  • Templates, Users (Correct)
  • Users, Networks
  • Networks, Hosts

Answer : Templates, Users

If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?


Options are :

  • GAiA will reboot and automatically revert to the last snapshot version prior to upgrade. (Correct)
  • The Administrator must reinstall the last version via the command cprinstall revert .
  • The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .
  • The Administrator must remove the rpm packages manually, and re-attempt the upgrade.

Answer : GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.

Which of the following is a CLI command for Security Gateway R77?


Options are :

  • fw shutdown
  • fwm policy_print
  • .fw merge
  • fw tab -u (Correct)

Answer : fw tab -u

Check Point Certified Security Expert Exam Set 3

What information is found in the SmartView Tracker Management log?


Options are :

  • Destination IP address
  • Most accessed Rule Base rule
  • Historical reports log
  • Policy rule modification date/time stamp (Correct)

Answer : Policy rule modification date/time stamp

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?


Options are :

  • Blank field under Rule Number
  • Rule 1
  • Rule 0 (Correct)
  • Cleanup Rule

Answer : Rule 0

How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?


Options are :

  • fw unload policy
  • .fw unloadlocal (Correct)
  • fw delete all.all@localhost
  • fwm unloadlocal

Answer : .fw unloadlocal

156-215.77 Check Point Certified Security Administrator Test Set 3

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?


Options are :

  • Select Intersect with user database in the Action Properties window.
  • Permit access to Finance_net.
  • Select Ignore Database in the Action Properties window.
  • Select Intersect with user database or Ignore Database in the Action Properties window. (Correct)

Answer : Select Intersect with user database or Ignore Database in the Action Properties window.

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.Which of the following is the BEST explanation for this behavior?


Options are :

  • The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day. (Correct)
  • The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the nonstandard GRE protocol for encapsulation.
  • The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
  • The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

Answer : The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.

What is the difference between Standard and Specific Sign On methods?


Options are :

  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.
  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties
  • Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect. (Correct)

Answer : Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.

Check Point Certified Security Expert Exam Set 2

Which of the following objects is a valid source in an authentication rule?


Options are :

  • Host@Any
  • User@Any
  • User@Network
  • User_group@Network (Correct)

Answer : User_group@Network

Central license management allows a Security Administrator to perform which of the following functions? 1.Check for expired licenses. 2.Sort licenses and view license properties. 3.Attach both R77 Central and Local licesnes to a remote module. 4.Delete both R77 Local Licenses and Central licenses from a remote module. 5.Add or remove a license to or from the license repository. 6.Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).


Options are :

  • 2, 3, 4, & 5
  • 1, 2, 5, & 6
  • 1, 2, 3, 4, & 5 (Correct)
  • 2, 5, & 6

Answer : 1, 2, 3, 4, & 5

How are locally cached usernames and passwords cleared from the memory of a R77 Security Gateway?


Options are :

  • By retrieving LDAP user information using the command fw fetchldap.
  • By installing a Security Policy. (Correct)
  • Usernames and passwords only clear from memory after they time out.
  • By using the Clear User Cache button in SmartDashboard.

Answer : By installing a Security Policy.

Check Point Certified Security Expert Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions