156-215.77 Check Point Certified Security Administrator Exam Set 4

How do you use the SmartView Monitor to collect traffic statistics of its own on the Internet during the production of the company's operations hours?


Options are :

  • Define a suspicious Activity rule which triggers an alarm when the HTTP traffic passes through the gateway.
  • Select the Tunnels view and create statistics report.
  • None
  • View the full packets through the security gateway.
  • Use the Traffic settings and SmartView Monitor to create a diagram in which the entire HTTP traffic day. (Correct)

Answer : Use the Traffic settings and SmartView Monitor to create a diagram in which the entire HTTP traffic day.

You'll find that users are not prompted to confirm the exercise of their Web servers, even if you have created a rule via the HTTP User Authentication. Choose the best reason why.


Options are :

  • None
  • Users must use SecuRemote Client to use User Authentication rule.
  • Have you checked the cache the password on desktop option Global Properties.
  • Another rule that accepts HTTP without authentication existing rule base. (Correct)
  • You have forgotten that the user authentication rule before the rule Stealth.

Answer : Another rule that accepts HTTP without authentication existing rule base.

Which of the following objects is a valid source of an authentication?


Options are :

  • User @ Network
  • USER_GROUP @ Network (Correct)
  • Any user @
  • @ Host any
  • None

Answer : USER_GROUP @ Network

156-215.70 Check Point Certified Security Administrator Exam Set 1

What information can be found in the SmartView Tracker Log Management?


Options are :

  • SIC cancel the certificate of the event (Correct)
  • .Destination IP address
  • Concurrent IKE negotiations
  • None
  • Most accessed rule base rule

Answer : SIC cancel the certificate of the event

How can you check whether IP forwarding is enabled IP Security Appliance?


Options are :

  • None
  • Clish -C displays the active routing means
  • echo 1> / proc / sys / net / IPv4 / ip_forward
  • ipsofwd list (Correct)
  • cat / proc / sys / net / IPv4 / ip_forward

Answer : ipsofwd list

When you try to access SecureClient Mobile, you get the following error: The certificate is invalid. Please enter your username and password. What is the likely cause of the error?


Options are :

  • Your username assembly does not have an office mode IP address, so the connection has failed
  • There is no connection to the server, and the client disconnected.
  • None
  • Viewing profile are incorrect.
  • The certificate is invalid. (Correct)

Answer : The certificate is invalid.

The company has removed some of the logging policy, the rules most commonly used. This was to reduce the load on the Security Management Server and make follow-up contacts break off more easily. What actions would you recommend to get reliable statistics on network traffic using Smart Reporter?


Options are :

  • Network traffic can not be analyzed, the Security Management Server is a large load.
  • Smart Reporter analyzes the network traffic logged in or not.
  • None
  • Rotate the field LOG records for each rule.
  • Determine the other Audit by an additional log server. (Correct)

Answer : Determine the other Audit by an additional log server.

You have Security Administrator MegaCorp. In order to see how effective the firewall rule base is, you want to see how often have special rules match. How do you see it? Give the best answer.


Options are :

  • Smart Reporter information in paragraph Firewall Blade - Security> rule base analysis information Top Logged hitting the rules. (Correct)
  • In the SmartView Tracker, if you activate the column matching rate.
  • In the Smart Reporter, in paragraph Firewall Blade - Operation> Information regarding the network activity hitting the Top Logged rules.
  • None
  • It is not possible to see directly. You can open SmartDashboard and select UserDefined Track column. Afterward, you must create an external counter of your program.

Answer : Smart Reporter information in paragraph Firewall Blade - Security> rule base analysis information Top Logged hitting the rules.

Your security gateways are running close to the performance and the hardware gets updated next week. Which of the following would be the most rapidly dropping all connections for a particular Attacker € ™ s IP at the peak time of the day?


Options are :

  • SAM - Block Intruder SmartView Tracker feature
  • SAM - a dubious feature of the operating rules SmartView Monitor (Correct)
  • Intrusion Detection System (IDS) mounted Policy
  • None
  • Change the rule to carry and install all Security Gateway Policy

Answer : SAM - a dubious feature of the operating rules SmartView Monitor

156-215.77 Check Point Certified Security Administrator Exam Set 5

Your boss wants to closely monitor employee suspected of transferring company secrets to the competition. IT department found the suspect WinSCP installed on the client in order to use encrypted communication. Which of the following methods is best for this task?


Options are :

  • Send a suspect e-mail keylogging Trojan attached to, to get direct information about his wrongs.
  • See his IP SmartView Monitor by setting the alarm to act any packet that matches the rule base and her IP address of the incoming and outgoing traffic.
  • None
  • Use SmartView Tracker to monitor his activities by filtering log data that feature in WinSCP destination port. Then take the corresponding entries in a separate log file documentation. (Correct)
  • Use SmartDashboard add a rule in the firewall rule base, which corresponds to his or her IP address, and those of potential targets for suspicious and protocols. the operation of the notification or customized messaging.

Answer : Use SmartView Tracker to monitor his activities by filtering log data that feature in WinSCP destination port. Then take the corresponding entries in a separate log file documentation.

Which statement is true regarding the mode Visitor?


Options are :

  • The only significant mode and fast mode of transport tunneled TCP port 443.
  • None
  • VPN authentication and encrypted traffic is tunneled through TCP port 443. (Correct)
  • Only through ESP tunneled TCP port 443.
  • All VPN tunneled UDP port 4500.

Answer : VPN authentication and encrypted traffic is tunneled through TCP port 443.

You try to save a custom log query R77 SmartView Tracker, but get the following error: Could not save (Error: Database is read-only) Which of the following is the most likely explanation for this?


Options are :

  • You have read-only rights to the Security Management Server database. (Correct)
  • None
  • You do not have write permission to the local operating system SmartView Tracker PC in order to save a custom query locally.
  • You do not have the express right to store custom query under their own profile administrator privileges Smart Console customization.
  • Another administrator is connected to Security Management Server read / write permissions that affects the ability to save your own log queries Security Management Server.

Answer : You have read-only rights to the Security Management Server database.

Which of the following are available for SmartConsole clients that can be installed from the Windows CD R77? Read all the answers and select the most complete and current list.


Options are :

  • SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  • None
  • SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
  • SmartView Tracker, CPINFO, Smart Update (Correct)
  • Security Policy Editor, Log Viewer, the Real-time GUI

Answer : SmartView Tracker, CPINFO, Smart Update

One of the most remote security gateways suddenly stops sending logs, and you can not install Gateway Security. All other remote security gateways normally log on to Security Management Server, and the policy does not affect installation. When you click the Test button on the problematic status SIC Gateway object, an error message appears. What is the problem?


Options are :

  • Time is a Security Management Server clock is changed, which will invalidate the remote gateway's certificate.
  • There is no contact between the Security Management Server and the remote gateway. Or routing rules can prevent connection. (Correct)
  • None
  • The internal Certificate Authority for Security Management Server object has been removed objects_5_0.C.
  • The remote gateway IP address is changed, thereby depriving the SIC certificate.

Answer : There is no contact between the Security Management Server and the remote gateway. Or routing rules can prevent connection.

What port is used for communication User Center Smart Update?


Options are :

  • .CPMI 200
  • TCP 8080
  • HTTP 80
  • None
  • HTTPS 443 (Correct)

Answer : HTTPS 443

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

Sally is a Hot Fix pack (HFA) he wants to install his Security Gateway, which acts as GAIA, but he can not SCP HFA system. He can SSH Security Gateway, but he has never been able to scp files to it. What would be the most likely cause he can not do so?


Options are :

  • He needs to edit / etc / scpusers and more normal state of the account. (Correct)
  • He needs to edit / etc / sshd / sshd_config and add the account in the normal mode.
  • None
  • He needs to run cpconfig ability to scp files.
  • He needs to run sysconfig and restart the SSH process.

Answer : He needs to edit / etc / scpusers and more normal state of the account.

Every R77 Smart Console tool would you use to check the name of the installed security policy is a security gateway?


Options are :

  • None
  • SmartView status
  • SmartView Monitor (Correct)
  • Smart Update
  • Nothing, Smart Console applications just to communicate Security Management Server.

Answer : SmartView Monitor

You have Security Administrator prepares to send the new HFA (Hotfix battery) security gateways with five to ten different geographic locations. What is the best way to implement this HFA?


Options are :

  • .Send a CD-ROM with each of HFA and local personnel to install
  • Use the Smart Update to install the packages for each security gateway remotely. (Correct)
  • None
  • Send Certified Security Engineer for each site to perform the update.
  • Use scp SSH connection to each HFA Security Gateway. When the copied locally, start remote installation command and follow the installation with the progress of the SmartView Monitor.

Answer : Use the Smart Update to install the packages for each security gateway remotely.

Every NAT option is available in Manual and automatic NAT NAT?


Options are :

  • None
  • Automatic ARP configuration
  • Enable IP Pool NAT
  • Turn the target client-side (Correct)
  • .Allow bidirectional NAT

Answer : Turn the target client-side

Every tool can not start Smart Update R77?


Options are :

  • IP Appliance Voyager
  • GAIA WebUI
  • cpinfo
  • picture (Correct)
  • None

Answer : picture

The company strictly controls the management of change policy. Which of the following would be the most rapidly dropping Attacker € ™ s special active connection?


Options are :

  • None
  • SAM - a dubious feature of the operating rules SmartView Monitor
  • Intrusion Detection System (IDS) mounted Policy
  • Block Intruder SmartView Tracker feature (Correct)
  • Change the rule to carry and install all Security Gateway Policy

Answer : Block Intruder SmartView Tracker feature

156-315.77 Check Point Certified Security Expert Exam Set 13

With the introduction of the Secure Client, you have defined the policy, you enter the traffic encrypted domain. But when mobile users move out of the company, they often can not use the Secure Client because they first have to sign up (ie, hotel and conference facilities). How do I solve this problem?


Options are :

  • Contact Hot Spot / Hotel registration
  • Allow unencrypted traffic
  • Contact Hot Spot / Hotel registration D.Allow users to turn off the SecureC (Correct)
  • Allow encrypted traffic outside the domain
  • None

Answer : Contact Hot Spot / Hotel registration D.Allow users to turn off the SecureC

Central license management allows Security Administrators to perform which of the following activities? 1. Check the expiring licenses. 2.Sort licenses and view license features. R77 3.Attach both central and local government licesnes remote module. R 77 4.Delete both local license and central licensing remote module. 5.Add or delete a license or authorization from the archive. 6.Attach and / or R 77 removes only the central limit the granting remote module (not local licenses).


Options are :

  • 1, 2, 3, 4, and 5 (Correct)
  • 2, 5, and 6
  • 2, 3, 4, and 5
  • None
  • 1, 2, 5, and 6

Answer : 1, 2, 3, 4, and 5

What steps can be carried out Smart Update R77?


Options are :

  • upgrade_export
  • FW stat -l
  • None
  • remote_uninstall_verifier
  • cpinfo (Correct)

Answer : cpinfo

True or false. SmartView Monitor can be used to create alerts to a specific Gateway.


Options are :

  • None
  • True, by choosing Gateway, and then click System Information.
  • Wrong, alarms can be set SmartDashboard Global Properties.
  • Wrong, the alarm can not create a specific Gateway.
  • True, right-clicking and selecting Configure Gateway thresholds. (Correct)

Answer : True, right-clicking and selecting Configure Gateway thresholds.

How to activate the SNMP daemon Check Point's Security Management Server?


Options are :

  • .In SmartDashboard right-click the Check Point object and select Enable SNMP.
  • Since cpconfig Select SNMP extension. (Correct)
  • Any of these options will work.
  • Command-line help, enter snmp_install.
  • None

Answer : Since cpconfig Select SNMP extension.

R77 FW Monitor utility is used to troubleshoot which of the following problems?


Options are :

  • The user database corruption
  • Step two key negotiating
  • traffic issues (Correct)
  • Log Consolidation Engine
  • None

Answer : traffic issues

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 8

You install and deploy Gaia default settings. You give the Visitor Mode Gateway object properties and remote access policies to install. What further action is required in order for this to work correctly?


Options are :

  • None
  • Office space has not been determined.
  • Set Visitor Mode Policy> Global Properties> Remote Access> VPN - Advanced Settings.
  • You need to start SSL Network Extender first, then use the Visitor Mode.
  • Gaia WebUI runs on port 443 (HTTPS). When configuring the Visitor state, it can not bind to the default port 443, because it is used by another program (WebUI). With multiport changes are required. (Correct)

Answer : Gaia WebUI runs on port 443 (HTTPS). When configuring the Visitor state, it can not bind to the default port 443, because it is used by another program (WebUI). With multiport changes are required.

What is characteristic of R77 permits to block certain IP addresses within a certain period of time?


Options are :

  • .Local Interface Scam
  • None
  • Suspicious Activity Monitoring (Correct)
  • HTTP methods
  • Block Port Overflow

Answer : Suspicious Activity Monitoring

You notice a suspicious FTP attempts to connect to any of the internal hosts. How to prevent it in real time and check it out successfully blocked? Highlight suspicious access SmartView Tracker:


Options are :

  • .Log mode. To prevent it using Tools> Block Intruder menu. Follow the log mode, the suspicious connection does not appear again in this SmartView Tracker view.
  • Log mode. To prevent it using Tools> Block Intruder menu. Follow the log mode, the connection is suspicious in this SmartView Tracker view â € œdropped.â €
  • Active mode. To prevent it using Tools> Block Intruder menu. To observe the active mode, the connection is suspicious in this SmartView Tracker view â € œdropped.â €
  • None
  • Active mode. To prevent it using Tools> Block Intruder menu. To observe the active mode, the suspicious connection does not appear again in this SmartView Tracker view. (Correct)

Answer : Active mode. To prevent it using Tools> Block Intruder menu. To observe the active mode, the suspicious connection does not appear again in this SmartView Tracker view.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions