156-215.77 Check Point Certified Security Administrator Exam Set 5

Jack has been asked do enable Identify Awareness. What are the three methods for Acquiring Identify available in the Identify Awareness Configuration Wizard?


Options are :

  • LDAP Query, Browser-Based Authentication, Terminal Servers
  • AD Query, Browser-Based Authentication, Terminal Servers
  • LDAP Query, Terminal Servers, Light-weight Identity Agent
  • AD Query, Browser-Based Authentication, Light-Weight Identity Agent

Answer : AD Query, Browser-Based Authentication, Terminal Servers

156-215.77 Check Point Certified Security Administrator Exam Set 6

Where would an administrator enable Implied Rules logging?


Options are :

  • In Global Properties under Firewall
  • .In Global Properties under log and alert
  • In SmartDashboard on each rule
  • In Smart Log Rules View

Answer : .In Global Properties under log and alert

An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP address of the Security Gateway. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?


Options are :

  • .You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
  • You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.
  • You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
  • An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.

Answer : You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.

Which command displays the installed Security Gateway kernel version?


Options are :

  • fw ver -k
  • cpstat -gw
  • fw printver
  • v

Answer : fw ver -k

156-215.77 Check Point Certified Security Administrator Exam Set 1

Which R77 GUI would you use to see the number of packets accepted since the last policy install?


Options are :

  • SmartView Monitor
  • SmartDashboard
  • SmartView Tracker
  • SmartView Status

Answer : SmartView Monitor

What statement is true regarding Visitor Mode?


Options are :

  • All VPN traffic is tunneled through UDP port 4500.
  • VPN authentication and encrypted traffic are tunneled through port TCP 443.
  • Only Main mode and Quick mode traffic are tunneled on TCP port 443.
  • Only ESP traffic is tunneled through port TCP 443.

Answer : VPN authentication and encrypted traffic are tunneled through port TCP 443.

Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?


Options are :

  • SAM - Suspicious Activity Rules feature of SmartView Monitor
  • Change the Rule Base and install the Policy to all Security Gateways
  • Intrusion Detection System (IDS) Policy install
  • SAM - Block Intruder feature of SmartView Tracker

Answer : SAM - Suspicious Activity Rules feature of SmartView Monitor

156-215.77 Check Point Certified Security Administrator Exam Set 2

Is it possible to see user activity in SmartView Tracker?


Options are :

  • Yes, seeing user activity is enabled when using the Identity Awareness blade.
  • No, a Check Point Gateway can only see IP addresses
  • Yes, but you need to use the SPLAT operating system
  • Yes, but you have to enable the option: See user information in SmartView Tracker.

Answer : Yes, seeing user activity is enabled when using the Identity Awareness blade.

When attempting to connect with SecureClient Mobile you get the following error message: The certificate provided is invalid. Please provide the username and password. What is the probable cause of the error?


Options are :

  • Your user configuration does not have an office mode IP address so the connection failed
  • There is no connection to the server, and the client disconnected.
  • Your user credentials are invalid.
  • Your certificate is invalid.

Answer : Your certificate is invalid.

You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?


Options are :

  • .Send a CD-ROM with the HFA to each location and have local personnel install it
  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely.
  • Send a Certified Security Engineer to each site to perform the update.

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely.

156-215.77 Check Point Certified Security Administrator Exam Set 3

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.


Options are :

  • SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
  • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
  • In SmartReporter, in the section Firewall Blade - Activity > Network Activity with information concerning Top Matched Logged Rules.
  • In the SmartView Tracker, if you activate the column Matching Rate.

Answer : SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?


Options are :

  • She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
  • She needs to run sysconfig and restart the SSH process.
  • She needs to run cpconfig to enable the ability to SCP files.
  • She needs to edit /etc/scpusers and add the Standard Mode account.

Answer : She needs to edit /etc/scpusers and add the Standard Mode account.

Which NAT option is available for Manual NAT as well as Automatic NAT?


Options are :

  • Automatic ARP configuration
  • Translate destination on client-side
  • .Allow bi-directional NAT
  • Enable IP Pool NAT

Answer : Translate destination on client-side

156-215.77 Check Point Certified Security Administrator Exam Set 4

Complete this statement. The block Intruder option in the Active log is available ____________.


Options are :

  • .in the SmartView Monitor client
  • .only if you have the IPS blade enabled at least in one gateway
  • in the SmartView Tracker client
  • since R75.40 release

Answer : in the SmartView Tracker client

Which feature in R77 permits blocking specific IP addresses for a specified time period?


Options are :

  • .Local Interface Spoofing
  • Suspicious Activity Monitoring
  • Block Port Overflow
  • HTTP Methods

Answer : Suspicious Activity Monitoring

Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.


Options are :

  • SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  • Security Policy Editor, Log Viewer, Real Time Monitor GUI
  • SmartView Tracker, CPINFO, SmartUpdate
  • SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor

Answer : SmartView Tracker, CPINFO, SmartUpdate

156-215.77 Check Point Certified Security Administrator Exam Set 5

What CLI utility allows an administrator to capture traffic along the firewall inspection chain?


Options are :

  • tcpdump/ snoop
  • fw monitor
  • tcpdump
  • show interface (interface) - chain

Answer : fw monitor

Which directory holds the SmartLog index files by default?


Options are :

  • $ SMARTLOGDIR/ data
  • .$ SMARTLOG/ dir
  • $ FWDIR/ smartlog
  • $ FWDIR/ log

Answer : $ SMARTLOGDIR/ data

With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?


Options are :

  • Enable Hot Spot/Hotel Registration D.Allow your users to turn off SecureC
  • Allow traffic outside the encrypted domain
  • Enable Hot Spot/Hotel Registration
  • Allow for unencrypted traffic

Answer : Enable Hot Spot/Hotel Registration D.Allow your users to turn off SecureC

156-215.77 Check Point Certified Security Administrator Exam Set 6

Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address. Which answer below will accomplish the steps needed to complete this task?


Options are :

  • Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
  • Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Apothos Host Object Source, Destination of Any and service of HTTPS”.
  • Katie will create a Network object with an IP address of 192.168.126.3 and will configure a Hide NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
  • Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.

Answer : Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.

Which tool CANNOT be launched from SmartUpdate R77?


Options are :

  • IP Appliance Voyager
  • cpinfo
  • snapshot
  • GAiA WebUI

Answer : snapshot

True or False. SmartView Monitor can be used to create alerts on a specified Gateway.


Options are :

  • False, an alert cannot be created for a specified Gateway.
  • False, alerts can only be set in SmartDashboard Global Properties.
  • True, by right-clicking on the Gateway and selecting Configure Thresholds.
  • True, by choosing the Gateway and selecting System Information.

Answer : True, by right-clicking on the Gateway and selecting Configure Thresholds.

156-215.77 Check Point Certified Security Administrator Test Set 1

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Status
  • SmartView Monitor
  • SmartUpdate

Answer : SmartView Monitor

What action can be performed from SmartUpdate R77?


Options are :

  • cpinfo
  • upgrade_export
  • fw stat -l
  • remote_uninstall_verifier

Answer : cpinfo

You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:


Options are :

  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped.”
  • .Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped.”
  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

Answer : Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

156-215.77 Check Point Certified Security Administrator Test Set 2

You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error: Could not save (Error: Database is Read Only) Which of the following is a likely explanation for this?


Options are :

  • You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally.
  • You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization.
  • You have read-only rights to the Security Management Server database.
  • Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.

Answer : You have read-only rights to the Security Management Server database.

What is a Consolidation Policy?


Options are :

  • The collective name of the Security Policy, Address Translation, and IPS Policies.
  • A global Policy used to share a common enforcement policy for multiple Security Gateways.
  • The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
  • The collective name of the logs generated by SmartReporter.

Answer : The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert?


Options are :

  • You cannot create a mail alert for Policy installation.
  • In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.
  • In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands.
  • In SmartView Monitor, select Gateway > Configure Thresholds.

Answer : In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands.

156-215.77 Check Point Certified Security Administrator Test Set 3

The R77 fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Traffic issues
  • Phase two key negotiation
  • Log Consolidation Engine
  • User data base corruption

Answer : Traffic issues

One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
  • There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

Answer : There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions