156-215.77 Check Point Certified Security Administrator Test Set 3

On the security Gateway ,You operate cpconfig to reset SIC, the policy to be mounted after the SIC reset procedure is finished is:


Options are :

  • .Last policy that was installed.
  • .Standard policy
  • Default filter.
  • Initial policy (Correct)

Answer : Initial policy

156-215.77 Check Point Certified Security Administrator Test Set 4

Which rule position in the Rule Base should hold the Cleanup Rule? Why?


Options are :

  • Last. It explicitly drops otherwise accepted traffic
  • Before last followed by the Stealth Rule.
  • First. It explicitly accepts otherwise dropped traffic.
  • Last. It serves a logging function before the implicit drop. (Correct)

Answer : Last. It serves a logging function before the implicit drop.

When using LDAP as an Identity Awareness authentication technique, the query:


Options are :

  • Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
  • Requires client and server side software
  • Prompts the user to enter credentials.
  • Is transparent, requiring no client or server side software, or client intervention. (Correct)

Answer : Is transparent, requiring no client or server side software, or client intervention.

Which rules are not applied on a first-match basis?


Options are :

  • Client Authentication
  • Cleanup
  • User Authentication (Correct)
  • Session Authentication

Answer : User Authentication

156-215.77 Check Point Certified Security Administrator Test Set 5

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy. John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?


Options are :

  • Set static IP to DHCP (Correct)
  • After enabling Identity Awareness, reboot the gateway
  • .Investigate this as a network connectivity issue
  • .Install the Identity Awareness Agent

Answer : Set static IP to DHCP

You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?


Options are :

  • Create network objects that restrict all applicable rules to only certain networks.
  • Create a separate Security Policy package for each remote Security Gateway. (Correct)
  • Run separate SmartConsole instances to login and configure each Security Gateway directly
  • Eliminate all possible contradictory rules such as the Stealth or Cleanup rules

Answer : Create a separate Security Policy package for each remote Security Gateway.

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?


Options are :

  • All FTP downloads are reset; users have to start their downloads again.
  • All connections are reset, so a policy install is recommended during announced downtime only.
  • Users being authenticated by Client Authentication have to re-authenticate. (Correct)
  • Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

Answer : Users being authenticated by Client Authentication have to re-authenticate.

156-215.77 Check Point Certified Security Administrator Test Set 6

The Security Gateway is installed on GAiA R77 The default port for the Web User Interface is _______.


Options are :

  • TCP 257
  • TCP 4433
  • TCP 18211
  • TCP 443 (Correct)

Answer : TCP 443

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?


Options are :

  • LDAP (Correct)
  • TACACS
  • Check Point Password
  • Windows password

Answer : LDAP

What command syntax would you use to see accounts the gateway suspects are service accounts?


Options are :

  • pdp show service
  • adlog check_accounts
  • pdp check_log
  • adlog a service_accounts (Correct)

Answer : adlog a service_accounts

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

What mechanism does a gateway configured with Identity Awareness & LDAP initially use to communicate with a Windows 2003 or 2008 server?


Options are :

  • RCP
  • CIFS
  • LDAP
  • WMI (Correct)

Answer : WMI

Which statement is TRUE about implicit rules?


Options are :

  • They are derived from Global Properties and explicit object properties. (Correct)
  • The Gateway enforces implicit rules that enable outgoing packets only.
  • Changes to the Security Gateway’s default settings do not affect implicit rules.
  • You create them in SmartDashboard.

Answer : They are derived from Global Properties and explicit object properties.

A Security Policy has several database versions. What configuration remains the same no matter which version is used?


Options are :

  • fwauth.NDB
  • Objects_5_0.C
  • Internal Certificate Authority (ICA) certificate (Correct)
  • Rule Bases_5_0.fws

Answer : Internal Certificate Authority (ICA) certificate

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?


Options are :

  • Last (Correct)
  • After Stealth Rule
  • First
  • Before Last

Answer : Last

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:


Options are :

  • Exclusion of specific services for reporting purposes (Correct)
  • Acceptance of IKE and RDP traffic for communication and encryption purposes.
  • Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
  • Specific traffic that facilitates functionality, such as logging, management, and key exchange.

Answer : Exclusion of specific services for reporting purposes

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute & Install Selected Package and choosing the target Gateway, the:


Options are :

  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed. (Correct)
  • SmartUpdate wizard walks the Administrator through a distributed installation.
  • selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?


Options are :

  • John should install the Identity Awareness Agent
  • The firewall admin should install the Security Policy (Correct)
  • John should lock and unlock the computer
  • Investigate this as a network connectivity issue

Answer : The firewall admin should install the Security Policy

What action CANNOT be run from SmartUpdate R77?


Options are :

  • .Reboot Gateway
  • Fetch sync status (Correct)
  • Preinstall verifier
  • Get all Gateway Data

Answer : Fetch sync status

Where does the security administrator activate Identity Awareness within SmartDashboard?


Options are :

  • Gateway Object > General Properties (Correct)
  • .Policy > Global Properties > Identity Awareness
  • Security Management Server > Identity Awareness
  • LDAP Server Object > General Properties

Answer : Gateway Object > General Properties

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

During which step in the installation process is it necessary to note the fingerprint for firsttime verification?


Options are :

  • When establishing SIC between the Security Management Server and the Gateway
  • When configuring the Security Gateway object in SmartDashboard
  • When configuring the Gateway in the WebUI
  • When configuring the Security Management Server using cpconfig (Correct)

Answer : When configuring the Security Management Server using cpconfig

What CANNOT be configured for existing connections during a policy install?


Options are :

  • Reset all connections (Correct)
  • Re-match connections
  • Keep all connections
  • Keep data connections

Answer : Reset all connections

Which of the following is NOT defined by an Access Role object?


Options are :

  • Source Network
  • Source User
  • Source Machine
  • Source Server (Correct)

Answer : Source Server

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base. To make this scenario work, the IT administrator must: 1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources. 2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected. 3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action. 4) Install policy. Ms. McHanry tries to access the resource but is unable. What should she do?


Options are :

  • Have the security administrator reboot the firewall
  • Have the security administrator select Any for the Machines tab in the appropriate Access Role
  • .Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal? (Correct)
  • Install the Identity Awareness agent on her iPad

Answer : .Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal?

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?


Options are :

  • When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install
  • A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install.
  • In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule. (Correct)
  • A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.

Answer : In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule.

In which Rule Base can you implement an Access Role?


Options are :

  • IPS
  • Firewall (Correct)
  • DLP
  • Mobile Access

Answer : Firewall

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

What command syntax would you use to turn on PDP logging in a distributed environment?


Options are :

  • pdp track=1
  • pdp tracker on (Correct)
  • pdp log=1
  • pdp logging on

Answer : pdp tracker on

Access Role objects define users, machines, and network locations as:


Options are :

  • One object (Correct)
  • Credentialed objects
  • Linked objects
  • Separate objects

Answer : One object

You need to completely reboot the Operating System after making which of the following changes on the Security Gateway? (i.e. the command cprestart is not sufficient.) 1.Adding a hot-swappable NIC to the Operating System for the first time. 2.Uninstalling the R77 Power/UTM package. 3.Installing the R77 Power/UTM package. 4.Re-establishing SIC to the Security Management Server. 5.Doubling the maximum number of connections accepted by the Security Gateway.


Options are :

  • 3 only
  • 2, 3 only (Correct)
  • 3, 4, and 5 only
  • .1, 2, 3, 4, and 5

Answer : 2, 3 only

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

Which item below in a Security Policy would be enforced first?


Options are :

  • Administrator-defined Rule Base
  • Security Policy First rule
  • IP spoofing/IP options (Correct)
  • Network Address Translation

Answer : IP spoofing/IP options

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator: 1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy. 2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location. 3) Changes from static IP address to DHCP for the client PC. What should John do when he cannot access the web server from a different personal computer?


Options are :

  • .The access should be changed to authenticate the user instead of the PC (Correct)
  • John should lock and unlock his computer
  • Investigate this as a network connectivity issue
  • John should install the Identity Awareness Agent

Answer : .The access should be changed to authenticate the user instead of the PC

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now