156-215.77 Check Point Certified Security Administrator Test Set 5

How do you recover communications between your Security Management Server & Security Gateway if you lock yourself out through a rule or policy mis-configuration?


Options are :

Answer : .fw unloadlocal

156-215.77 Check Point Certified Security Administrator Test Set 6

How can you reset the Security Administrator password that was created during initial Security Management Server installation on GAiA?


Options are :

  • Type cpm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.
  • As expert user Type fwm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password. (Correct)
  • Launch SmartDashboard in the User Management screen, and edit the cpconfig administrator.
  • Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Password portion of the file. Then log in to the account without a password. You will be prompted to assign a new password.

Answer : As expert user Type fwm -a, and provide the existing administrator’s account name. Reset the Security Administrator’s password.

In SmartDashboard, you configure 45 MB as the required free hard-disk space to accommodate logs. What can you do to keep old log files, when free space falls below 45 MB?


Options are :

  • Do nothing. The Security Management Server automatically copies old logs to a backup server before purging.
  • Do nothing. Old logs are deleted, until free space is restored.
  • Use the command fwm logexport to export the old log files to another location.
  • Configure a script to run fw logswitch and SCP the output file to a separate file server. (Correct)

Answer : Configure a script to run fw logswitch and SCP the output file to a separate file server.

Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?


Options are :

  • fw ctl pstat
  • cpstat fwd
  • .fw ver
  • fw stat (Correct)

Answer : fw stat

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?


Options are :

  • A group with a generic user
  • LDAP group (Correct)
  • All Users
  • External-user group

Answer : LDAP group

If a Security Gateway enforces three protections, LDAP Injection, Malicious Code Protector, and Header Rejection, which Check Point license is required in SmartUpdate?


Options are :

  • SSL: VPN
  • Data Loss Prevention
  • SmartEvent Intr
  • IPS (Correct)

Answer : IPS

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?


Options are :

  • backup (Correct)
  • upgrade_export
  • snapshot
  • database revision

Answer : backup

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

Where are SmartEvent licenses installed?


Options are :

  • SmartEvent server (Correct)
  • Security Management Server
  • Security Gateway
  • Log Server

Answer : SmartEvent server

Which of the following statements accurately describes the command upgrade_export?


Options are :

  • upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • This command is no longer supported in GAiA.
  • Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. (Correct)
  • upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.

Answer : Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.

What is the primary benefit of using the command upgrade_export over either backup or snapshot?


Options are :

  • upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
  • upgrade_export is operating system independent and can be used when backup or snapshot is not available. (Correct)
  • upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.

Answer : upgrade_export is operating system independent and can be used when backup or snapshot is not available.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?


Options are :

  • You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology. (Correct)
  • You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
  • You first need to run the command fw unloadlocal on the R77 Security Gateway appliance in order to remove the restrictive default policy.
  • An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.

Answer : You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway’s topology.

Which authentication type requires specifying a contact agent in the Rule Base?


Options are :

  • Client Authentication with Partially Automatic Sign On
  • User Authentication
  • Client Authentication with Manual Sign On
  • Session Authentication (Correct)

Answer : Session Authentication

ALL of the following options are provided by the GAiA sysconfig utility, EXCEPT:


Options are :

  • GUI Clients (Correct)
  • Time & Date
  • Export setup
  • DHCP Server configuration

Answer : GUI Clients

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

Which set of objects have an Authentication tab?


Options are :

  • Templates, Users (Correct)
  • Users, Networks
  • Users, User Groups
  • Networks, Hosts

Answer : Templates, Users

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?


Options are :

  • A backup cannot be restored, because the binary files are missing.
  • The restore is not possible because the backup file does not have the same build number (version).
  • The restore is done by selecting Snapshot Management from the boot menu of GAiA.
  • The restore can be done easily by the command restore and copying netconf.C from the production environment. (Correct)

Answer : The restore can be done easily by the command restore and copying netconf.C from the production environment.

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?


Options are :

  • Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. (Correct)
  • Run the command revert to restore the snapshot, establish SIC, and install the Policy.
  • Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
  • Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.

Answer : Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

What information is found in the SmartView Tracker Management log?


Options are :

  • GAiA expert login event
  • Creation of an administrator using cpconfig
  • FTP username authentication failure
  • Administrator SmartDashboard logout event (Correct)

Answer : Administrator SmartDashboard logout event

Which of the following is a CLI command for Security Gateway R77?


Options are :

  • fw shutdown
  • .fw merge
  • fw tab -u (Correct)
  • fwm policy_print

Answer : fw tab -u

You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?


Options are :

  • snapshot (Correct)
  • manual backup
  • backup
  • upgrade_export

Answer : snapshot

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

What information is found in the SmartView Tracker Management log?


Options are :

  • SIC revoke certificate event (Correct)
  • Most accessed Rule Base rule
  • .Destination IP address
  • Number of concurrent IKE negotiations

Answer : SIC revoke certificate event

How do you use SmartView Monitor to compile traffic statistics for your company’s Internet Web activity during production hours?


Options are :

  • Select Tunnels view, and generate a report on the statistics.
  • View total packets passed through the Security Gateway.
  • Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.
  • Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day. (Correct)

Answer : Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.

One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?


Options are :

  • The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.
  • The remote Gateway's IP address has changed, which invalidates the SIC Certificate.
  • .There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection. (Correct)
  • The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

Answer : .There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

Which of the following tools is used to generate a Security Gateway R77 configuration report?


Options are :

  • infoview
  • cpinfo (Correct)
  • infoCP
  • fw cpinfo

Answer : cpinfo

How can you check whether IP forwarding is enabled on an IP Security Appliance?


Options are :

  • ipsofwd list (Correct)
  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • clish -c show routing active enable
  • cat /proc/sys/net/ipv4/ip_forward

Answer : ipsofwd list

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install). Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.Which of the following is the BEST explanation for this behavior?


Options are :

  • The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
  • The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the nonstandard GRE protocol for encapsulation.
  • The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day. (Correct)
  • The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

Answer : The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA. You have trouble configuring the speed and duplex settings of your Ethernet interfaces. Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.


Options are :

  • mii_tool
  • set interface (Correct)
  • ethtool
  • .ifconfig -a

Answer : set interface

Which command allows you to view the contents of an R77 table?


Options are :

  • fw tab -t (Correct)
  • fw tab -s
  • fw tab -a
  • fw tab -x

Answer : fw tab -t

Which command gives an overview of your installed licenses?


Options are :

  • cplic print (Correct)
  • fw lic print
  • cplicense
  • showlic

Answer : cplic print

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 4

Assume you are a Security Administrator for ABCTech. You have allowed authenticated access to users from Mkting_net to Finance_net. But in the user’s properties, connections are only permitted within Mkting_net. What is the BEST way to resolve this conflict?


Options are :

  • Permit access to Finance_net.
  • Select Intersect with user database or Ignore Database in the Action Properties window. (Correct)
  • Select Intersect with user database in the Action Properties window.
  • Select Ignore Database in the Action Properties window.

Answer : Select Intersect with user database or Ignore Database in the Action Properties window.

For remote user authentication, which authentication scheme is NOT supported?


Options are :

  • SecurID
  • TACACS (Correct)
  • Check Point Password
  • RADIUS

Answer : TACACS

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now