156-215.77 Check Point Certified Security Administrator Exam Set 3

What is the purpose Stealth rule?


Options are :

  • Allow implicit rules.
  • Prevents users from connecting directly to the gateway (Correct)
  • To give up all the traffic management server, which is not specifically allowed.
  • To allow management traffic
  • None

Answer : Prevents users from connecting directly to the gateway

You have used the re-organization of the rule the rule base. Where should rule base Accept ICMP requests implied rule will have no effect?


Options are :

  • Take (Correct)
  • None
  • After the Stealth rule
  • at work
  • First

Answer : Take

If it can not be configured over the existing connections of a policy to install?


Options are :

  • Reset all connections (Correct)
  • Keep your data connections
  • None
  • Keep all connections
  • Re-match connections

Answer : Reset all connections

156-315.77 Check Point Certified Security Expert Exam Set 4

Security is the number of database versions. What settings will remain the same regardless of which version you are using?


Options are :

  • fwauth.NDB
  • Internal Certificate Authority (ICA) certificate (Correct)
  • Objects_5_0.C
  • The rule Bases_5_0.fws
  • None

Answer : Internal Certificate Authority (ICA) certificate

What happens if the user identifier is known?


Options are :

  • .If the user does not correspond Access Role, the system displays a captive portal.
  • If the user does not correspond Access Role, gateway to the transition to the next rule. (Correct)
  • If the user does not correspond Access Role, traffic is automatically dropped.
  • If the user does not correspond Access Role, the system displays a sandbox
  • None

Answer : If the user does not correspond Access Role, gateway to the transition to the next rule.

Users are defined on Windows 2008 R2 Active Directory server. You must add users to the LDAP Client Authentication rule. What types of users need a Client Authentication rule R77?


Options are :

  • The group, which is a common user
  • LDAP group (Correct)
  • all users
  • External User Group
  • None

Answer : LDAP group

Let's say you've Security Administrator ABCTech. You are allowed access to authenticated users Mkting_net and Finance_net. But the userâ € ™ s features, connections will only be allowed Mkting_net. What is the best way to resolve this conflict?


Options are :

  • Choose intersected user database Function Properties window.
  • Choose Database Skip Function Properties window.
  • Allow access to Finance_net.
  • None
  • Choose intersected User Database or Database Skip Action Properties window. (Correct)

Answer : Choose intersected User Database or Database Skip Action Properties window.

Remote user authentication, which is authentication scheme is not supported?


Options are :

  • None
  • TACACS (Correct)
  • RAIN
  • SecurID
  • Checkpoint Password

Answer : TACACS

Built-in router to send UDP keep-alive packets, which are encapsulated in GRE and sent via the R77 Security Gateway partner site. The rule GRE traffic is set to ACCEPT / LOG. Although the keep-alive packets are sent every minute, searching through SmartView Tracker shows GRE traffic logs for only one entry throughout the day (early in the morning after the installation of Policy). Your partner site says they are received GRE encapsulated in keep-alive packets 1 minute interval.If GRE encapsulation of the router is disabled, SmartView Tracker displays a log entry preservation of UDP packet which minute.Which of the next best explanation for this behavior?


Options are :

  • The log server log unification process combines all the log data from security gateway a certain connection to only one log entry in SmartView Tracker. GRE traffic is a 10-minute session timeout, so each keep-alive feedback circuit as part of the package will be held at the beginning of the original recorded in connection days. (Correct)
  • The falling Log does not capture such accuracy GRE. Set the rule of follow-up action to verify because certain traffic can be monitored in this way.
  • Saw the merger process used LUUID (Log harmonization of the Unique Identification), which is corrupt. Because it is encrypted, the security gateway R 77 can not be separated from the GRE sessions. This is a known problem with GRE. Instead of a non-standard for the IPSEC, GRE encapsulation protocol.
  • The Log Server does not work properly log GRE traffic because it is the VPN traffic. Disable any VPN configuration companion site to the correct journaling.
  • None

Answer : The log server log unification process combines all the log data from security gateway a certain connection to only one log entry in SmartView Tracker. GRE traffic is a 10-minute session timeout, so each keep-alive feedback circuit as part of the package will be held at the beginning of the original recorded in connection days.

156-315.77 Check Point Certified Security Expert Exam Set 21

Which of the following is a CLI command Security Gateway R77?


Options are :

  • None
  • FW tab -u (Correct)
  • .fw combine
  • FW shutdown
  • FWM policy_print

Answer : FW tab -u

One remote control Security Gateway suddenly stops sending logs, and you can not install Gateway Security. All other remote security gateways normally log on to Security Management Server, and the policy does not affect installation. When you click the Test button on the problematic status SIC Gateway object, an error message appears. What is the problem?


Options are :

  • .There is no connection Security Management Server and the remote gateway. Or routing rules can prevent connection. (Correct)
  • The internal Certificate Authority for Security Management Server object has been removed objects_5_0.C.
  • The remote gateway IP address is changed, thereby depriving the SIC certificate.
  • None
  • Time is a Security Management Server clock is changed, which will invalidate the remote gateway's certificate.

Answer : .There is no connection Security Management Server and the remote gateway. Or routing rules can prevent connection.

You notice a suspicious connection to a problematic host. You decide that you want to block everything that an entire network, not just problematic to the host. To prevent this hour when you investigate further, but you do not want to add any rules in the rule base. How to achieve this?


Options are :

  • using a temporary rule SmartDashboard and select Hide rule.
  • None
  • Use DBEdit script by adding a rule directly rule Bases_5_0.fws configuration file.
  • Create a rule for suspicious activity SmartView Monitor. (Correct)
  • Select Block Intruder SmartView Tracker Tools menu.

Answer : Create a rule for suspicious activity SmartView Monitor.

In SmartView Tracker, a rule which indicates when a packet is dropped due to anti-spoofing?


Options are :

  • An empty field Number of the Rules of Procedure
  • Cleanup rule
  • rule 0 (Correct)
  • rule 1
  • None

Answer : rule 0

Each set of objects is the Authentication tab?


Options are :

  • For users, networks
  • Networks, servers
  • Models, users (Correct)
  • None
  • The users, user groups,

Answer : Models, users

Third Shift Security Administrator and installed a new security policy early this morning. When you arrive, she says, that she has received complaints that the Internet connection is very slow. You suspect that the security gateway virtual memory might be a problem. What Smart Console component you use to check this?


Options are :

  • Eventia Analyzer
  • SmartView Tracker
  • This information can be viewed with the command FW CTL Pstat CLI.
  • SmartView Monitor (Correct)
  • None

Answer : SmartView Monitor

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

What happens when the command. FW sam -J src [source IP address]?


Options are :

  • Connections from a particular source are blocked, without the need to change the security policy. (Correct)
  • Contacts and from the target specified is locked without the need to change the security policy.
  • Contacts and from there the target is defined silenced the need to modify the security policy.
  • None
  • Contacts objective defined is locked without the need to modify the security policy

Answer : Connections from a particular source are blocked, without the need to change the security policy.

Which requires authentication type by setting a contact agent rule base?


Options are :

  • user authentication
  • Customer Authentication Semi-Automatic check-in
  • session authentication (Correct)
  • None
  • Customer Authentication Manual check-in

Answer : session authentication

Which of the following statements accurately describes the command snapshot?


Options are :

  • Snapshot saves only the system settings for the Gateway.
  • Snapshot creates a full OS-level backup, such as the network interface in the data, Check Point product information and settings for the update GAIA Security Gateway. (Correct)
  • snapshot Security Management Server creates a full system-level backup of any operating system.
  • None
  • Ports snapshot contains configuration settings and information about the product Check Point Remote Security Management Server.

Answer : Snapshot creates a full OS-level backup, such as the network interface in the data, Check Point product information and settings for the update GAIA Security Gateway.

Whose gate is able to walk in the implementation of the points, so that packet logging to work correctly?


Options are :

  • 258
  • 257 (Correct)
  • 514
  • None
  • 256

Answer : 257

Which command allows you to view the contents of which R77 to the table?


Options are :

  • FW tab -t (Correct)
  • FW tab X
  • None
  • FW tab -s
  • FW tab -a
  • Answer : FW tab -t

    You have Security Administrator MegaCorp. Check Point firewall is installed and enabled platform using GAIA. You have trouble configuring speed and duplex settings Ethernet. What can be used for the publication of the following commands Application Publication Clish determine the speed and duplex settings for the Ethernet interface and survive a reboot? Give the best answer.


    Options are :

    • None
    • ethtool
    • set interface (Correct)
    • -a .ifconfig
    • mii_tool

    Answer : set interface

    Check Point Certified Security Expert Exam Set 12

    What is the difference between standard and specific methods for check-in?


    Options are :

    • None
    • Standard check-in allows the user to automatically permission to all services that the rule allows. Special check-in requires the user to re-authenticate each service and each host to which he is trying to establish. (Correct)
    • Standard check-in allows the user to automatically permission to all services that the rule allows. Special check-in requires the user to re-authenticate each service separately defined window of specific actions Properties
    • Standard check-in allows the user to automatically permission to all services that the rule allows, but re-authenticate each host to which he is trying to connect. Special check-in requires the user to re-authenticate each service.
    • Standard check-in requires the user to re-authenticate each service and each host to which he is trying to establish. Specific check allows the user to sign a particular IP address.

    Answer : Standard check-in allows the user to automatically permission to all services that the rule allows. Special check-in requires the user to re-authenticate each service and each host to which he is trying to establish.

    How to restore your connections Security Management Server and the Security Gateway if you lock yourself out of a rule or policy, configuration right?


    Options are :

    • .fw unloadlocal (Correct)
    • FW remove all.all@localhost
    • FW disassemble policy
    • None
    • FWM unloadlocal

    Answer : .fw unloadlocal

    Which of the following tools are used to produce a Security Gateway R77 Composition of the report?


    Options are :

    • infoCP
    • InfoView
    • None
    • cpinfo (Correct)
    • FW cpinfo

    Answer : cpinfo

    How to locally cached user names and passwords leaves the memory of R77 Security Gateway?


    Options are :

    • User IDs and passwords only clear memory when they time out.
    • Using the Delete User Data Cache button SmartDashboard.
    • By applying for LDAP user information to the command FW fetchldap.
    • By installing security policy. (Correct)
    • None

    Answer : By installing security policy.

    What information can be found in the SmartView Tracker Log Management?


    Options are :

    • GAIA login expert event
    • FTP user authentication error
    • Administrator SmartDashboard logout event (Correct)
    • None
    • Creation of the system administrator uses cpconfig

    Answer : Administrator SmartDashboard logout event

    How do you configure an alert SmartView Monitor?


    Options are :

    • The public address can not be configured SmartView Monitor
    • By selecting Gateway, and the determination of threshold values. (Correct)
    • None
    • Right-clicking on the Gateway and select Properties.
    • Right-clicking on the Gateway and select System Information.

    Answer : By selecting Gateway, and the determination of threshold values.

    156-315.77 Check Point Certified Security Expert Exam Set 5

    Every command to the IP forwarding IPSO?


    Options are :

    • .ipsofwd is admin (Correct)
    • Clish -C active set of routing means
    • echo 0> / proc / sys / net / ipv4 / ip_forward
    • echo 1> / proc / sys / net / IPv4 / ip_forward
    • None

    Answer : .ipsofwd is admin

    What information can be found in the SmartView Tracker Log Management?


    Options are :

    • History Reports log
    • Most accessed rule base rule
    • Destination IP address
    • None
    • Policy Rule change date / time stamp (Correct)

    Answer : Policy Rule change date / time stamp

    In SmartDashboard, you can specify the required 45 MB free hard disk space to accommodate logs. What you can do to keep the old log files when free space is below 45 MB?


    Options are :

    • Use the command four-wave mixing logexport take your old log files to another location.
    • None
    • Create a script to run the FW logswitch and SCP an output to a separate file server. (Correct)
    • Do not do anything. The old logs will be deleted, until free space is restored.
    • Do not do anything. Security Management Server automatically copies the old logs to the backup server before rinsing.

    Answer : Create a script to run the FW logswitch and SCP an output to a separate file server.

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions