156-215.77 Check Point Certified Security Administrator Test Set 2

Lily has completed the initial setup of her Management Server with an IP address of 192.168.12.12. She must now run the First Time Configuration Wizard via the Gaia Portal to finish the setup. Lily knows she must use a browser to access the device, but it unsure of the correct URL to enter; which one below will she need to use?


Options are :

  • http://192.168.12.12:8080
  • http://192.168.12.12
  • https://192.168.12.12:4433
  • https://192.168.12.12 (Correct)

Answer : https://192.168.12.12

156-215.77 Check Point Certified Security Administrator Test Set 3

Jack has locked himself out of the Kirk Security Gateway with an incorrect policy and can no longer connect from the McCoy Management Server. Jack still has access to an out of band console connection on the Kirk Security Gateway. He is logged into the Gaia CLI, what does he need to enter in order to be able to fix his mistake and push policy?


Options are :

  • .Kirk> fw unload policy
  • Kirk> fw fetch policy
  • Kirk> fw unload local
  • Kirk> fw unloadlocal (Correct)

Answer : Kirk> fw unloadlocal

Which of the following is true of the Cleanup rule?


Options are :

  • The Cleanup rule is an example of an Implied rule
  • The Cleanup rule should not be logged
  • The Cleanup rule must be the last rule in a policy
  • The Cleanup rule is important for blocking unwanted connections (Correct)

Answer : The Cleanup rule is important for blocking unwanted connections

You install and deploy GAiA with default settings. You allow Visitor Mode in the Gateway object’s Remote Access properties and install policy. What additional steps are required for this to function correctly?


Options are :

  • You need to start SSL Network Extender first, then use Visitor Mode.
  • Set Visitor Mode in Policy > Global Properties > Remote-Access > VPN - Advanced.
  • Office mode is not configured.
  • The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multiport no additional changes are necessary. (Correct)

Answer : The WebUI on GAiA runs on port 443 (HTTPS). When you configure Visitor Mode it cannot bind to default port 443, because it's used by another program (WebUI). With multiport no additional changes are necessary.

156-215.77 Check Point Certified Security Administrator Test Set 4

VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?


Options are :

  • Certificates and pre-shared secret (Correct)
  • 3DES and MD5
  • IPsec and VPN Domains
  • Certificates and IPsec

Answer : Certificates and pre-shared secret

Which of the following is NOT an option for internal network definition of Anti-spoofing?


Options are :

  • Specific – derived from a selected object
  • Route-based – derived from gateway routing table (Correct)
  • Not-defined
  • Network defined by the interface IP and Net Mask

Answer : Route-based – derived from gateway routing table

Lilly needs to review VPN History counters for the last week. Where would she do this?


Options are :

  • SmartView Monitor > System Counters > VPN History (Correct)
  • .SmartView Monitor > System Counters > Firewall Security History
  • SmartView Monitor > Tunnels > VPN History
  • SmartView Monitor > System Counters > VPN

Answer : SmartView Monitor > System Counters > VPN History

156-215.77 Check Point Certified Security Administrator Test Set 5

What is one potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?


Options are :

  • Degrades performance as the Security Policy grows in size (Correct)
  • .Increases cost
  • Requires additional Check Point Appliances
  • Requires additional software subscription

Answer : Degrades performance as the Security Policy grows in size

The R77 fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Phase two key negotiation
  • Traffic issues (Correct)
  • User data base corruption
  • Log Consolidation Engine

Answer : Traffic issues

What does SmartUpdate allow you to do?


Options are :

  • SmartUpdate only allows you to update Check Point and OPSEC certified products.
  • SmartUpdate only allows you to manage product licenses.
  • SmartUpdate is not a Check Point product.
  • SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses. (Correct)

Answer : SmartUpdate allows you to update Check Point and OPSEC certified products and to manage product licenses.

156-215.77 Check Point Certified Security Administrator Test Set 6

Which feature in R77 permits blocking specific IP addresses for a specified time period?


Options are :

  • Block Port Overflow
  • HTTP Methods
  • Suspicious Activity Monitoring (Correct)
  • .Local Interface Spoofing

Answer : Suspicious Activity Monitoring

Complete this statement. The block Intruder option in the Active log is available ____________.


Options are :

  • .only if you have the IPS blade enabled at least in one gateway
  • since R75.40 release
  • in the SmartView Tracker client (Correct)
  • .in the SmartView Monitor client

Answer : in the SmartView Tracker client

______________ is an R77 component that displays the number of packets accepted, rejected, and dropped on a specific Security Gateway, in real time.


Options are :

  • SmartEvent
  • SmartView Statu
  • SmartView Monitor (Correct)
  • SmartUpdate

Answer : SmartView Monitor

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

Packages and licenses are loaded into the SmartUpdate repositories from which sources?


Options are :

  • Download Center, Check Point DVD, User Center, and from command cplic (Correct)
  • command cplic, manually, from a file
  • User Center, manually, SCP server
  • FTP server, User Center from a file

Answer : Download Center, Check Point DVD, User Center, and from command cplic

Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address. Which answer below will accomplish the steps needed to complete this task?


Options are :

  • Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
  • Katie will create a Network object with an IP address of 192.168.126.3 and will configure a Hide NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.
  • Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”. (Correct)
  • Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Apothos Host Object Source, Destination of Any and service of HTTPS”.

Answer : Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?


Options are :

  • She needs to run sysconfig and restart the SSH process.
  • She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
  • She needs to edit /etc/scpusers and add the Standard Mode account. (Correct)
  • She needs to run cpconfig to enable the ability to SCP files.

Answer : She needs to edit /etc/scpusers and add the Standard Mode account.

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

How can you activate the SNMP daemon on a Check Point Security Management Server?


Options are :

  • From cpconfig, select SNMP extension. (Correct)
  • Any of these options will work.
  • Using the command line, enter snmp_install.
  • .In SmartDashboard, right-click a Check Point object and select Activate SNMP.

Answer : From cpconfig, select SNMP extension.

Can a Check Point gateway translate both source IP address and destination IP address in a given packet?


Options are :

  • Yes (Correct)
  • Yes, but only when using Automatic NAT.
  • No
  • Yes, but only when using Manual NAT.

Answer : Yes

What statement is true regarding Visitor Mode?


Options are :

  • VPN authentication and encrypted traffic are tunneled through port TCP 443. (Correct)
  • Only Main mode and Quick mode traffic are tunneled on TCP port 443.
  • All VPN traffic is tunneled through UDP port 4500.
  • Only ESP traffic is tunneled through port TCP 443.

Answer : VPN authentication and encrypted traffic are tunneled through port TCP 443.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

You want to configure a mail alert for every time the policy is installed to a specific Gateway. Where would you configure this alert?


Options are :

  • In SmartView Monitor, select Gateway > Configure Thresholds.
  • In SmartDashboard, select Global Properties > Log and Alerts > Alert Commands.
  • You cannot create a mail alert for Policy installation.
  • In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands. (Correct)

Answer : In SmartView Monitor, select Gateway > Configure Thresholds and in SmartDashboard select Global Properties > Log and Alerts > Alert Commands.

One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.
  • The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
  • There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection. (Correct)

Answer : There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

You are trying to save a custom log query in R77 SmartView Tracker, but getting the following error: Could not save (Error: Database is Read Only) Which of the following is a likely explanation for this?


Options are :

  • You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally.
  • You have read-only rights to the Security Management Server database. (Correct)
  • Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server.
  • You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization.

Answer : You have read-only rights to the Security Management Server database.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

When configuring LDAP authentication, which of the following items should be configured for the Security Management Server?


Options are :

  • Login Distinguished Name and password (Correct)
  • Check Point Password
  • Windows logon password
  • WMI object

Answer : Login Distinguished Name and password

Choose the correct statement regarding Stealth Rules:


Options are :

  • The Stealth Rule is part of the Implicit rules.
  • Check Point recommends you include a Stealth Rule as a best practice. (Correct)
  • The Stealth Rule is a default rule that always exists when using Check Point products
  • The Stealth Rule is a rule that hides your internal networks.

Answer : Check Point recommends you include a Stealth Rule as a best practice.

What action can be performed from SmartUpdate R77?


Options are :

  • upgrade_export
  • remote_uninstall_verifier
  • cpinfo (Correct)
  • fw stat -l

Answer : cpinfo

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Which tool CANNOT be launched from SmartUpdate R77?


Options are :

  • GAiA WebUI
  • cpinfo
  • snapshot (Correct)
  • IP Appliance Voyager

Answer : snapshot

What is the appropriate default Gaia Portal address?


Options are :

  • HTTPS:// [IPADDRESS] : 8080
  • HTTPS:// [IPADDRESS] : 4434
  • HTTPS:// [IPADDRESS] (Correct)
  • HTTP: // [IPADDRESS]

Answer : HTTPS:// [IPADDRESS]

Central license management allows a Security Administrator to perform which of the following functions? 1.Check for expired licenses. 2.Sort licenses and view license properties. 3.Attach both R77 Central and Local licesnes to a remote module. 4.Delete both R77 Local Licenses and Central licenses from a remote module. 5.Add or remove a license to or from the license repository. 6.Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).


Options are :

  • 1, 2, 5, & 6
  • 1, 2, 3, 4, & 5 (Correct)
  • 2, 3, 4, & 5
  • 2, 5, & 6

Answer : 1, 2, 3, 4, & 5

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

SmartView Monitor is mainly for which kind of work – 1.Monitoring Performance and traffic 2.Provision Package 3.Managing licenses 4.Managing VPN Tunnels


Options are :

  • 1, 3
  • 2, 4
  • 1, 4 (Correct)
  • 2, 3

Answer : 1, 4

Your Security Gateways are running near performance capacity and will get upgraded hardware next week. Which of the following would be MOST effective for quickly dropping all connections from a specific attacker’s IP at a peak time of day?


Options are :

  • Intrusion Detection System (IDS) Policy install
  • SAM - Suspicious Activity Rules feature of SmartView Monitor (Correct)
  • Change the Rule Base and install the Policy to all Security Gateways
  • SAM - Block Intruder feature of SmartView Tracker

Answer : SAM - Suspicious Activity Rules feature of SmartView Monitor

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now