156-215.77 Check Point Certified Security Administrator Test Set 6

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?


Options are :

  • diag
  • cpinfo -o date.cpinfo.txt
  • cpstat - date.cpstat.txt
  • .fw cpinfo

Answer : cpinfo -o date.cpinfo.txt

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

Which command displays the installed Security Gateway version?


Options are :

  • cpstat –gw
  • fw printver
  • fw ver
  • fw stat

Answer : fw ver

What is the syntax for uninstalling a package using newpkg?


Options are :

  • -u
  • -S
  • newpkg CANNOT be used to uninstall a package
  • -i

Answer : newpkg CANNOT be used to uninstall a package

Which port must be allowed to pass through enforcement points in order to allow packet logging to operate correctly?


Options are :

  • 256
  • 514
  • 258
  • 257

Answer : 257

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

How do you configure an alert in SmartView Monitor?


Options are :

  • By right-clicking on the Gateway, and selecting System Information.
  • By choosing the Gateway, and Configure Thresholds.
  • An alert cannot be configured in SmartView Monitor
  • By right-clicking on the Gateway, and selecting Properties.

Answer : By choosing the Gateway, and Configure Thresholds.

What happens when you run the command. fw sam -J src [Source IP Address]?


Options are :

  • Connections from the specified source are blocked without the need to change the Security Policy.
  • Connections to and from the specified target are blocked without the need to change the Security Policy.
  • Connections to the specified target are blocked without the need to change the Security Policy
  • Connections to and from the specified target are blocked with the need to change the Security Policy.

Answer : Connections from the specified source are blocked without the need to change the Security Policy.

A third-shift Security Administrator configured and installed a new Security Policy early this morning. When you arrive, he tells you that he has been receiving complaints that Internet access is very slow. You suspect the Security Gateway virtual memory might be the problem. Which SmartConsole component would you use to verify this?


Options are :

  • Eventia Analyzer
  • SmartView Monitor
  • This information can only be viewed with the command fw ctl pstat from the CLI.
  • SmartView Tracker

Answer : SmartView Monitor

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

An advantage of using central instead of local licensing is:


Options are :

  • The license must be renewed when changing the IP address of a Security Gateway. Each module’s license has a unique IP address.
  • A license can be taken from one Security Management Server and given to another Security Management Server
  • Only one IP address is used for all licenses
  • Licenses are automatically attached to their respective Security Gateways.

Answer : Only one IP address is used for all licenses

If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?


Options are :

  • The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .
  • The Administrator must remove the rpm packages manually, and re-attempt the upgrade.
  • GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.
  • The Administrator must reinstall the last version via the command cprinstall revert .

Answer : GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.

You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • Database Revision Control
  • .upgrade_export and upgrade_import commands
  • Manual copies of the directory $FWDIR/conf
  • GAiA back up utilities

Answer : GAiA back up utilities

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

Which of these components does NOT require a Security Gateway R77 license?


Options are :

  • Check Point Gateway
  • SmartUpdate upgrading/patching
  • Security Management Server
  • SmartConsole

Answer : SmartConsole

Which command enables IP forwarding on IPSO?


Options are :

  • clish -c set routing active enable
  • echo 0 > /proc/sys/net/ipv4/ip_forward
  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • .ipsofwd on admin

Answer : .ipsofwd on admin

Central license management allows a Security Administrator to perform which of the following functions? 1.Check for expired licenses. 2.Sort licenses and view license properties. 3.Attach both R77 Central and Local licesnes to a remote module. 4.Delete both R77 Local Licenses and Central licenses from a remote module. 5.Add or remove a license to or from the license repository. 6.Attach and/or delete only R77 Central licenses to a remote module (not Local licenses).


Options are :

  • 1, 2, 5, & 6
  • 2, 5, & 6
  • 2, 3, 4, & 5
  • 1, 2, 3, 4, & 5

Answer : 1, 2, 3, 4, & 5

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Which of the following statements accurately describes the command snapshot?


Options are :

  • snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.
  • snapshot creates a Security Management Server full system-level backup on any OS.
  • A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
  • snapshot stores only the system-configuration settings on the Gateway.

Answer : snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a GAiA Security Gateway.

Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.


Options are :

  • Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
  • Check Point GAiA and SecurePlatform, and Microsoft Windows
  • Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows
  • Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

Answer : Check Point GAiA and SecurePlatform, and Microsoft Windows

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?


Options are :

  • Create a Suspicious Activity Rule in SmartView Monitor.
  • Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
  • Add a temporary rule using SmartDashboard and select hide rule.
  • Select Block intruder from the Tools menu in SmartView Tracker.

Answer : Create a Suspicious Activity Rule in SmartView Monitor.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

What are you required to do before running the command upgrade_export?


Options are :

  • Run cpconfig and set yourself up as a GUI client.
  • Run a cpstop on the Security Management Server.
  • Close all GUI clients.
  • Run a cpstop on the Security Gateway.

Answer : Close all GUI clients.

Which of the following objects is a valid source in an authentication rule?


Options are :

Answer : [email protected]

Which of the following options is available with the GAiA cpconfig utility on a Management Server?


Options are :

  • GUI Clients
  • DHCP Server configuration
  • Export setup
  • Time & Date

Answer : GUI Clients

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

What information is found in the SmartView Tracker Management log?


Options are :

  • Historical reports log
  • Destination IP address
  • Most accessed Rule Base rule
  • Policy rule modification date/time stamp

Answer : Policy rule modification date/time stamp

Over the weekend, an Administrator without access to SmartDashboard installed a new R77 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?


Options are :

  • You first need to initialize SIC in SmartUpdate.
  • You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
  • You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server.
  • You first need to run the command fw unloadlocal on the new Security Gateway.

Answer : You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

How are locally cached usernames and passwords cleared from the memory of a R77 Security Gateway?


Options are :

  • By retrieving LDAP user information using the command fw fetchldap.
  • By using the Clear User Cache button in SmartDashboard.
  • By installing a Security Policy.
  • Usernames and passwords only clear from memory after they time out.

Answer : By installing a Security Policy.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

What is the difference between Standard and Specific Sign On methods?


Options are :

  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows, but re-authenticate for each host to which he is trying to connect. Specific Sign On requires that the user re-authenticate for each service.
  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.
  • Standard Sign On requires the user to re-authenticate for each service and each host to which he is trying to connect. Specific Sign On allows the user to sign on only to a specific IP address.
  • Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service specifically defined in the window Specific Action Properties

Answer : Standard Sign On allows the user to be automatically authorized for all services that the rule allows. Specific Sign On requires that the user re-authenticate for each service and each host to which he is trying to connect.

You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must happen after authentication that allows the client to connect to the Security Gateway’s VPN domain?


Options are :

  • An office mode address must be obtained by the client.
  • The SNX client application must be installed on the client
  • SNX modifies the routing table to forward VPN traffic to the Security Gateway.
  • Active-X must be allowed on the client.

Answer : SNX modifies the routing table to forward VPN traffic to the Security Gateway.

A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?


Options are :

  • As expert user, type the command snapshot -r MySnapshot.tgz.
  • As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.
  • .Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.
  • As expert user, type the command revert --file MySnapshot.tgz.

Answer : As expert user, type the command revert --file MySnapshot.tgz.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 4

You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.


Options are :

  • Another rule that accepts HTTP without authentication exists in the Rule Base.
  • Users must use the SecuRemote Client, to use the User Authentication Rule.
  • You checked the cache password on desktop option in Global Properties.
  • You have forgotten to place the User Authentication Rule before the Stealth Rule.

Answer : Another rule that accepts HTTP without authentication exists in the Rule Base.

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It contains your security configuration, which could be exploited.
  • will conflict with any future upgrades when using SmartUpdate.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.

Answer : It contains your security configuration, which could be exploited.

You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?


Options are :

  • Simulate the license-upgrade process
  • View the status of currently installed licenses
  • View the licenses in the SmartUpdate License Repository
  • Perform the actual license-upgrade process

Answer : View the licenses in the SmartUpdate License Repository

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?


Options are :

  • Rule 0
  • Cleanup Rule
  • Blank field under Rule Number
  • Rule 1

Answer : Rule 0

Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R77 configuration, including routing & network configuration files?


Options are :

  • Copying the directories $FWDIR/conf and $FWDIR/lib to another location
  • Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
  • Using the command upgrade_export.
  • Using the native GAiA backup utility from command line or in the Web based user interface.

Answer : Using the native GAiA backup utility from command line or in the Web based user interface.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions