156-215.77 Check Point Certified Security Administrator Test Set 4

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:


Options are :

  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • SmartUpdate wizard walks the Administrator through a distributed installation.
  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

156-315.71 Check Point Security Expert R71 Practice Exam Set 1

How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?


Options are :

  • Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account.
  • Type cpm -a, and provide the existing Administrator’s account name. Reset the Security Administrator’s password.
  • Launch cpconfig and delete the Administrator's account. Recreate the account with the same name. (Correct)
  • Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.

Answer : Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.

What is the purpose of a Stealth Rule?


Options are :

  • To drop all traffic to the management server that is not explicitly permitted.
  • To permit management traffic
  • To permit implied rules.
  • To prevent users from connecting directly to the gateway (Correct)

Answer : To prevent users from connecting directly to the gateway

Which of the following statements is TRUE about management plug-ins?


Options are :

  • The plug-in is a package installed on the Security Gateway.
  • Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
  • A management plug-in interacts with a Security Management Server to provide new features and support for new products. (Correct)
  • Installing a management plug-in is just like an upgrade process.

Answer : A management plug-in interacts with a Security Management Server to provide new features and support for new products.

156-315.77 Check Point Certified Security Expert Exam Set 9

How granular may an administrator filter an Access Role with identity awareness? Per:


Options are :

  • Radius Group
  • Specific ICA Certificate
  • AD User (Correct)
  • Windows Domain

Answer : AD User

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?


Options are :

  • WMI object
  • Check Point Password
  • Login Distinguished Name and password (Correct)
  • Windows logon password

Answer : Login Distinguished Name and password

Can you use Captive Portal with HTTPS?


Options are :

  • No, it only works with HTTP
  • Yes (Correct)
  • No, it only works with FTP and HTTP
  • No, it only works with FTP

Answer : Yes

156-215.75 Check Point Certified Security Administrator Exam Set 8

Which of the following items should be configured for the Security Management Server to authenticate using LDAP?


Options are :

  • WMI object
  • Domain Admin username
  • Windows logon password
  • Check Point Password (Correct)

Answer : Check Point Password

In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.


Options are :

  • 256
  • 259
  • 900
  • 257 (Correct)

Answer : 257

What happens if the identity of a user is known?


Options are :

  • If the user credentials do not match an Access Role, the traffic is automatically dropped.
  • If the user credentials do not match an Access Role, the gateway moves onto the next rule. (Correct)
  • If the user credentials do not match an Access Role, the system displays a sandbox
  • .If the user credentials do not match an Access Role, the system displays the Captive Portal.

Answer : If the user credentials do not match an Access Role, the gateway moves onto the next rule.

156-215.70 Check Point Certified Security Administrator Exam Set 3

MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?


Options are :

  • Using the remote Gateway's IP address, and applying the license locally with the command cplic put.
  • Using each of the Gateways’ IP addresses, and applying the licenses on the Security Management Server with the command.
  • Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. (Correct)
  • Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.

Answer : Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

Identity Awareness is implemented to manage access to protected resources based on a user’s _____________.


Options are :

  • Time of connection
  • Identity (Correct)
  • Application requirement
  • Computer MAC address

Answer : Identity

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?


Options are :

  • High Availability
  • Load Sharing
  • Bridge (Correct)
  • Fail Open

Answer : Bridge

156-215.77 Check Point Certified Security Administrator Exam Set 6

You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?


Options are :

  • As many as you want
  • One (Correct)
  • Only one with full access and one with read-only access
  • Depends on the license installed on the Security Management Server

Answer : One

What command with appropriate switches would you use to test Identity Awareness connectivity?


Options are :

  • test_ldap
  • test_ad
  • test_ldap_connectivity
  • test_ad_connectivity (Correct)

Answer : test_ad_connectivity

In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy > Global Properties > FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.


Options are :

  • 256 (Correct)
  • 259
  • 900
  • 80

Answer : 256

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?


Options are :

  • Check Point Password
  • Captive Portal (Correct)
  • TACACS
  • Windows password

Answer : Captive Portal

What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?


Options are :

  • A Security Gateway retrieving the new upgrade package
  • SmartUpdate installed Security Management Server PC
  • SmartUpdate GUI PC (Correct)
  • SmartUpdate Repository SQL database Server

Answer : SmartUpdate GUI PC

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?


Options are :

  • Access Policy
  • Access Role (Correct)
  • Access Certificate
  • Access Rule

Answer : Access Role

Check Point Certified Security Expert Exam Set 6

What happens if the identity of a user is known?


Options are :

  • If the user credentials do not match an Access Role, the system displays the Captive Portal.
  • If the user credentials do not match an Access Role, the system displays a sandbox.
  • .If the user credentials do not match an Access Role, the traffic is automatically dropped.
  • .If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action (Correct)

Answer : .If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action

To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?


Options are :

  • In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
  • This cannot be configured since two selections (Service, Action) are not possible.
  • Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
  • In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”?) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. (Correct)

Answer : In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”?) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.

How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?


Options are :

  • Change the gateway settings to allow Captive Portal access via an external interface. (Correct)
  • Change the Identity Awareness settings under Global Properties to allow Captive Portal access for an external interface.
  • Change the Identity Awareness settings under Global Properties to allow Captive Portal access on all interfaces.
  • .No action is necessary. This access is available by default.

Answer : Change the gateway settings to allow Captive Portal access via an external interface.

156-315.77 Check Point Certified Security Expert Exam Set 1

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?


Options are :

  • Windows logon password
  • Check Point Password
  • Active Directory Server object (Correct)
  • WMI object

Answer : Active Directory Server object

What gives administrators more flexibility when configuring Captive Portal instead of LDAP query for Identity Awareness authentication?


Options are :

  • Captive Portal works with both configured users and guests (Correct)
  • Nothing, LDAP query is required when configuring Captive Portal
  • Captive Portal is more transparent to the user
  • Captive Portal is more secure than standard LDAP

Answer : Captive Portal works with both configured users and guests

To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?


Options are :

  • Source (Correct)
  • Action
  • Track
  • User

Answer : Source

Check Point Certified Security Expert Exam Set 4

A Cleanup rule:


Options are :

  • drops packets without logging connections that would otherwise be dropped and logged by default.
  • logs connections that would otherwise be accepted without logging by default.
  • logs connections that would otherwise be dropped without logging by default (Correct)
  • drops packets without logging connections that would otherwise be accepted and logged by default.

Answer : logs connections that would otherwise be dropped without logging by default

When you hide a rule in a Rule Base, how can you then disable the rule?


Options are :

  • Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).
  • Right-click on the hidden rule place-holder bar and select Disable Rule(s).
  • Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule. (Correct)
  • Hidden rules are already effectively disabled from Security Gateway enforcement.

Answer : Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

Where do you verify that UserDirectory is enabled?


Options are :

  • Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked
  • Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked (Correct)

Answer : Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Check Point Certified Security Expert Exam Set 7

How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?


Options are :

  • From the Security Management Server’s command line, type fw putkey -p .
  • From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC). (Correct)
  • Use SmartUpdate to retype the Security Gateway activation key. This will automatically sync SIC to both the Security Management Server and Gateway.
  • Run the command fwm sic_reset to reinitialize the Security Management Server Internal Certificate Authority (ICA). Then retype the activation key on the Security Gateway from SmartDashboard.

Answer : From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).

A _______ rule is used to prevent all traffic going to the R77 Security Gateway.


Options are :

  • Reject
  • Stealth (Correct)
  • Cleanup
  • IPS

Answer : Stealth

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now