156-215.77 Check Point Certified Security Administrator Test Set 1

A company has disabled logging for some of the most commonly used Policy rules. This was to decrease load on the Security Management Server and to make tracking dropped connections easier. What action would you recommend to get reliable statistics about the network traffic using SmartReporter?


Options are :

  • Configure Additional Logging on an additional log server.
  • Turn the field Track of each rule to LOG.
  • Network traffic cannot be analyzed when the Security Management Server has a high load.
  • SmartReporter analyzes all network traffic, logged or not.

Answer : Configure Additional Logging on an additional log server.

156-215.77 Check Point Certified Security Administrator Test Set 2

Is it possible to see user activity in SmartView Tracker?


Options are :

  • Yes, but you have to enable the option: See user information in SmartView Tracker.
  • No, a Check Point Gateway can only see IP addresses
  • Yes, seeing user activity is enabled when using the Identity Awareness blade.
  • Yes, but you need to use the SPLAT operating system

Answer : Yes, seeing user activity is enabled when using the Identity Awareness blade.

Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker’s specific active connection?


Options are :

  • Block Intruder feature of SmartView Tracker
  • Change the Rule Base and install the Policy to all Security Gateways
  • SAM - Suspicious Activity Rules feature of SmartView Monitor
  • Intrusion Detection System (IDS) Policy install

Answer : Block Intruder feature of SmartView Tracker

With deployment of SecureClient, you have defined in the policy that you allow traffic only to an encrypted domain. But when your mobile users move outside of your company, they often cannot use SecureClient because they have to register first (i.e. in Hotel or Conference rooms). How do you solve this problem?


Options are :

  • Enable Hot Spot/Hotel Registration D.Allow your users to turn off SecureC
  • Allow traffic outside the encrypted domain
  • Enable Hot Spot/Hotel Registration
  • Allow for unencrypted traffic

Answer : Enable Hot Spot/Hotel Registration D.Allow your users to turn off SecureC

156-215.77 Check Point Certified Security Administrator Test Set 3

Choose the correct statement regarding Implied Rules:


Options are :

  • You can directly edit the Implied rules by double-clicking on a specific Implicit rule
  • You can edit the Implied rules but only if requested by Check Point support personnel.
  • To edit Implied rules you go to: Launch Button > Policy > Global Properties > Firewall
  • Implied rules are fixed rules that you cannot change

Answer : To edit Implied rules you go to: Launch Button > Policy > Global Properties > Firewall

What is also referred to as Dynamic NAT?


Options are :

  • Automatic NAT
  • Static NAT
  • Manual NAT
  • Hide NAT

Answer : Hide NAT

What is a Consolidation Policy?


Options are :

  • The collective name of the logs generated by SmartReporter.
  • The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
  • A global Policy used to share a common enforcement policy for multiple Security Gateways.
  • The collective name of the Security Policy, Address Translation, and IPS Policies.

Answer : The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

156-215.77 Check Point Certified Security Administrator Test Set 4

Which directory holds the SmartLog index files by default?


Options are :

  • $ FWDIR/ log
  • .$ SMARTLOG/ dir
  • $ SMARTLOGDIR/ data
  • $ FWDIR/ smartlog

Answer : $ SMARTLOGDIR/ data

True or False. SmartView Monitor can be used to create alerts on a specified Gateway.


Options are :

  • True, by right-clicking on the Gateway and selecting Configure Thresholds.
  • False, alerts can only be set in SmartDashboard Global Properties.
  • False, an alert cannot be created for a specified Gateway.
  • True, by choosing the Gateway and selecting System Information.

Answer : True, by right-clicking on the Gateway and selecting Configure Thresholds.

Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.


Options are :

  • SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  • SmartView Tracker, CPINFO, SmartUpdate
  • SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
  • Security Policy Editor, Log Viewer, Real Time Monitor GUI

Answer : SmartView Tracker, CPINFO, SmartUpdate

156-215.77 Check Point Certified Security Administrator Test Set 5

What port is used for communication to the User Center with SmartUpdate?


Options are :

  • .CPMI 200
  • HTTP 80
  • TCP 8080
  • HTTPS 443

Answer : HTTPS 443

Which of the following is true of a Stealth Rule?


Options are :

  • The Stealth rule is required for proper firewall protection
  • The Stealth rule should be located just before the Cleanup rule
  • The Stealth rule should not be logged
  • The Stealth rule must be the first rule in a policy

Answer : The Stealth rule is required for proper firewall protection

You are a Security Administrator preparing to deploy a new HFA (Hotfix Accumulator) to ten Security Gateways at five geographically separate locations. What is the BEST method to implement this HFA?


Options are :

  • Send a Certified Security Engineer to each site to perform the update.
  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • .Send a CD-ROM with the HFA to each location and have local personnel install it
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely.

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely.

156-215.77 Check Point Certified Security Administrator Test Set 6

Which NAT option is available for Manual NAT as well as Automatic NAT?


Options are :

  • Enable IP Pool NAT
  • Automatic ARP configuration
  • Translate destination on client-side
  • .Allow bi-directional NAT

Answer : Translate destination on client-side

Which answer below best describes the Administrator Auditing options available in SmartView Tracker?


Options are :

  • Administrator login and logout, object manipulation, and rule base changes
  • Compliance information compiled from network activity is recorded in logs
  • Administrator network activity observed and logged by gateways
  • Accounting information gathered on network activity as recorded in logs

Answer : Administrator login and logout, object manipulation, and rule base changes

Where would an administrator enable Implied Rules logging?


Options are :

  • .In Global Properties under log and alert
  • In Global Properties under Firewall
  • In Smart Log Rules View
  • In SmartDashboard on each rule

Answer : .In Global Properties under log and alert

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

You find a suspicious FTP site trying to connect to one of your internal hosts. How do you block it in real time and verify it is successfully blocked? Highlight the suspicious connection in SmartView Tracker:


Options are :

  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection is listed in this SmartView Tracker view as “dropped.”
  • .Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.
  • Log mode. Block it using Tools > Block Intruder menu. Observe in the Log mode that the suspicious connection is listed in this SmartView Tracker view as “dropped.”

Answer : Active mode. Block it using Tools > Block Intruder menu. Observe in the Active mode that the suspicious connection does not appear again in this SmartView Tracker view.

Which command displays the installed Security Gateway kernel version?


Options are :

  • fw ver -k
  • fw printver
  • v
  • cpstat -gw

Answer : fw ver -k

Is it possible to track the number of connections each rule matches in a Rule Base?


Options are :

  • Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client.
  • Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client.
  • Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.
  • No, due to an architecture limitation it is not possible to track the number of connections each rule matches.

Answer : Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

Jack has been asked do enable Identify Awareness. What are the three methods for Acquiring Identify available in the Identify Awareness Configuration Wizard?


Options are :

  • LDAP Query, Browser-Based Authentication, Terminal Servers
  • LDAP Query, Terminal Servers, Light-weight Identity Agent
  • AD Query, Browser-Based Authentication, Terminal Servers
  • AD Query, Browser-Based Authentication, Light-Weight Identity Agent

Answer : AD Query, Browser-Based Authentication, Terminal Servers

When attempting to connect with SecureClient Mobile you get the following error message: The certificate provided is invalid. Please provide the username and password. What is the probable cause of the error?


Options are :

  • Your user credentials are invalid.
  • There is no connection to the server, and the client disconnected.
  • Your certificate is invalid.
  • Your user configuration does not have an office mode IP address so the connection failed

Answer : Your certificate is invalid.

Which R77 GUI would you use to see the number of packets accepted since the last policy install?


Options are :

  • SmartView Status
  • SmartView Tracker
  • SmartDashboard
  • SmartView Monitor

Answer : SmartView Monitor

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

Choose the SmartLog property that is TRUE.


Options are :

  • SmartLog has been an option since release R71.10.
  • SmartLog is not a Check Point product.
  • SmartLog and SmartView Tracker are mutually exclusive.
  • SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

Answer : SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?


Options are :

  • Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.
  • Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.
  • Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.
  • Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

Answer : Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

What CLI utility allows an administrator to capture traffic along the firewall inspection chain?


Options are :

  • show interface (interface) - chain
  • tcpdump
  • tcpdump/ snoop
  • fw monitor

Answer : fw monitor

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • SmartView Status
  • SmartUpdate
  • SmartView Monitor
  • None, SmartConsole applications only communicate with the Security Management Server.

Answer : SmartView Monitor

SmartUpdate is mainly for which kind of work – 1.Monitoring Performance and traffic 2.Provision Package 3.Managing licenses 4.Creating a Rule Base


Options are :

  • 1, 2
  • 1, 3
  • 2, 4
  • 2, 3

Answer : 2, 3

An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key and the IP address of the Security Gateway. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?


Options are :

  • .You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
  • You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
  • An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
  • You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.

Answer : You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how often the particular rules match. Where can you see it? Give the BEST answer.


Options are :

  • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
  • In SmartReporter, in the section Firewall Blade - Activity > Network Activity with information concerning Top Matched Logged Rules.
  • In the SmartView Tracker, if you activate the column Matching Rate.
  • SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

Answer : SmartReporter provides this information in the section Firewall Blade - Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

Where do we need to reset the SIC on a gateway object?


Options are :

  • SmartDashboard > Edit Security Management Server Object > SIC
  • SmartDashboard > Edit Gateway Object > General Properties > Communication
  • SmartUpdate > Edit Security Management Server Object > SIC
  • SmartUpdate > Edit Gateway Object > Communication

Answer : SmartDashboard > Edit Security Management Server Object > SIC

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions