156-215.77 Check Point Certified Security Administrator Exam Set 6

______________ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.


Options are :

  • SmartView Statu
  • SmartEvent
  • SmartView Monitor (Correct)
  • SmartUpdate

Answer : SmartView Monitor

156-315.77 Check Point Certified Security Expert Exam Set 4

You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object’s Remote Access properties and install policy. What additional steps are required for this to function correctly?


Options are :

  • The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multiport no additional changes are necessary. (Correct)
  • Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
  • You need to start SSL Network Extender first, then use Visitor Mode.
  • Office mode is not configured.

Answer : The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multiport no additional changes are necessary.

Central license management allows a Security Administrator to perform which of the following functions? 1.Check for expired licenses. 2.Sort licenses and view license properties. 3.Attach both R77 Central and Local licesnes to a remote module. 4.Delete both R77 Local Licenses and Central licenses from a remote module. 5.Add or remove a license to or from the license repository. 6.Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).


Options are :

  • 1, 2, 3, 4, & 5 (Correct)
  • 2, 5, & 6
  • 1, 2, 5, & 6
  • 2, 3, 4, & 5

Answer : 1, 2, 3, 4, & 5

How can you activate the SNMP daemon on a Check Point Security Management Server?


Options are :

  • From cpconfig, select SNMP extension. (Correct)
  • Using the command line, enter snmp_install.
  • Any of these options will work.
  • .In SmartDashboard, right-click a Check Point object and select Activate SNMP.

Answer : From cpconfig, select SNMP extension.

Check Point Certified Security Expert Exam Set 8

Lilly needs to review VPN History counters for the last week. Where would she do this?


Options are :

  • SmartView Monitor > Tunnels > VPN History
  • SmartView Monitor > System Counters > VPN History (Correct)
  • SmartView Monitor > System Counters > VPN
  • .SmartView Monitor > System Counters > Firewall Security History

Answer : SmartView Monitor > System Counters > VPN History

Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker’s specific active connection?


Options are :

  • Intrusion Detection System (IDS) Policy install
  • SAM - Suspicious Activity Rules feature of SmartView Monitor
  • Change the Rule Base and install the Policy to all Security Gateways
  • Block Intruder feature of SmartView Tracker (Correct)

Answer : Block Intruder feature of SmartView Tracker

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?


Options are :

  • Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.
  • Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.
  • Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation. (Correct)
  • Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

Answer : Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

156-215.75 Check Point Certified Security Administrator Exam Set 2

Choose the SmartLog property that is TRUE.


Options are :

  • SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search. (Correct)
  • SmartLog and SmartView Tracker are mutually exclusive.
  • SmartLog has been an option since release R71.10.
  • SmartLog is not a Check Point product.

Answer : SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?


Options are :

  • Network traffic cannot be analyzed when the Security Management Server has a high load.
  • Turn the field Track of each rule to LOG.
  • Configure Additional Logging on an additional log server. (Correct)
  • SmartReporter analyzes all network traffic, logged or not.

Answer : Configure Additional Logging on an additional log server.

What port is used for communication to the User Center with SmartUpdate?


Options are :

  • TCP 8080
  • HTTP 80
  • .CPMI 200
  • HTTPS 443 (Correct)

Answer : HTTPS 443

156-215.77 Check Point Certified Security Administrator Exam Set 4

Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server. Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?


Options are :

  • Kirk> fw fetch policy
  • Kirk> fw unloadlocal (Correct)
  • Kirk> fw unload local
  • .Kirk> fw unload policy

Answer : Kirk> fw unloadlocal

156-315.77 Check Point Certified Security Expert Exam Set 19

Which of the following is true of the Cleanup rule?


Options are :

  • The Cleanup rule must be the last rule in a policy
  • The Cleanup rule is an example of an Implied rule
  • The Cleanup rule is important for blocking unwanted connections (Correct)
  • The Cleanup rule should not be logged

Answer : The Cleanup rule is important for blocking unwanted connections

Where do we need to reset the SIC on a gateway object?


Options are :

  • SmartUpdate > Edit Gateway Object > Communication
  • SmartUpdate > Edit Security Management Server Object > SIC
  • SmartDashboard > Edit Security Management Server Object > SIC (Correct)
  • SmartDashboard > Edit Gateway Object > General Properties > Communication

Answer : SmartDashboard > Edit Security Management Server Object > SIC

What is the appropriate default Gaia Portal address?


Options are :

  • HTTPS:// [IPADDRESS] : 4434
  • HTTPS:// [IPADDRESS] (Correct)
  • HTTPS:// [IPADDRESS] : 8080
  • HTTP: // [IPADDRESS]

Answer : HTTPS:// [IPADDRESS]

156-315.77 Check Point Certified Security Expert Exam Set 5

VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?


Options are :

  • 3DES and MD5
  • Certificates and pre-shared secret (Correct)
  • Certificates and IPsec
  • IPsec and VPN Domains

Answer : Certificates and pre-shared secret

Can a Check Point gateway translate both source IP address and destination IP address in a given packet?


Options are :

  • Yes, but only when using Manual NAT.
  • Yes, but only when using Automatic NAT.
  • Yes (Correct)
  • No

Answer : Yes

What is also referred to as Dynamic NAT?


Options are :

  • Static NAT
  • Automatic NAT
  • Manual NAT
  • Hide NAT (Correct)

Answer : Hide NAT

156-315.77 Check Point Certified Security Expert Exam Set 8

SmartUpdate is mainly for which kind of work – 1.Monitoring Performance and traffic 2.Provision Package 3.Managing licenses 4.Creating a Rule Base


Options are :

  • 1, 3
  • 2, 3 (Correct)
  • 2, 4
  • 1, 2

Answer : 2, 3

What is the only SmartConsole you can open without a license?


Options are :

  • SmartEvent (Correct)
  • SmartDashboard
  • SmartView Monitor
  • SmartUpdate

Answer : SmartEvent

Which answer below best describes the Administrator Auditing options available in SmartView Tracker?


Options are :

  • Accounting information gathered on network activity as recorded in logs
  • Administrator login and logout, object manipulation, and rule base changes (Correct)
  • Administrator network activity observed and logged by gateways
  • Compliance information compiled from network activity is recorded in logs

Answer : Administrator login and logout, object manipulation, and rule base changes

156-315.65 Check Point Security Administration NGX R65 Exam Set 4

Which of the following is true of Hit Count?


Options are :

  • Hit count can only be reset on a per-rule basis
  • Hit count can be accumulated from any gateway as long as the management is running R75.40 or newer. (Correct)
  • Hit count cannot be enabled or disabled on individual gateways.
  • Hit count cannot be reset via SmartDashboard.

Answer : Hit count can be accumulated from any gateway as long as the management is running R75.40 or newer.

SmartView Monitor is mainly for which kind of work – 1.Monitoring Performance and traffic 2.Provision Package 3.Managing licenses 4.Managing VPN Tunnels


Options are :

  • 1, 4 (Correct)
  • 2, 3
  • 1, 3
  • 2, 4

Answer : 1, 4

Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of the correct URL to enter; which one below will she need to use?


Options are :

  • http://192.168.12.12
  • http://192.168.12.12:8080
  • https://192.168.12.12 (Correct)
  • https://192.168.12.12:4433

Answer : https://192.168.12.12

156-315.77 Check Point Certified Security Expert Exam Set 9

Which of the following is NOT an option for internal network definition of Anti-spoofing?


Options are :

  • Not-defined
  • Route-based – derived from gateway routing table (Correct)
  • Network defined by the interface IP and Net Mask
  • Specific – derived from a selected object

Answer : Route-based – derived from gateway routing table

What does SmartUpdate allow you to do?


Options are :

  • SmartUpdate is not a Check Point product.
  • SmartUpdate only allows you to manage product licenses.
  • SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses. (Correct)
  • SmartUpdate only allows you to update Check Point and OPSEC certified products.

Answer : SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses.

When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?


Options are :

  • WMI object
  • Windows logon password
  • Login Distinguished Name and password (Correct)
  • Check Point Password

Answer : Login Distinguished Name and password

156-315.77 Check Point Certified Security Expert Exam Set 7

Lilly has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lilly knows she must use a browser to access the device, but is unsure of the correct URL to enter, which one below will she need to use?


Options are :

  • https://192.168.12.12:4433
  • http://192.168.12.12:8080
  • https://192.168.12.12 (Correct)
  • http://192.168.12.12

Answer : https://192.168.12.12

Is it possible to track the number of connections each rule matches in a Rule Base?


Options are :

  • No, due to an architecture limitation it is not possible to track the number of connections each rule matches.
  • Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client. (Correct)
  • Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client.
  • Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client.

Answer : Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.

Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?


Options are :

  • Blue> add backup local (Correct)
  • Blue> set backup local
  • Expert@Blue#add local backup
  • .Blue> add local backup

Answer : Blue> add backup local

156-315.77 Check Point Certified Security Expert Exam Set 7

Packages and licenses are loaded into the SmartUpdate repositories from which sources?


Options are :

  • command cplic, manually, from a file
  • Download Center, Check Point DVD, User Center, and from command cplic (Correct)
  • User Center, manually, SCP server
  • FTP server, User Center from a file

Answer : Download Center, Check Point DVD, User Center, and from command cplic

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions