156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

Which of the following TCP port numbers is used to connect the VPN-1 Gateway to the Content Vector Protocol (CVP) server?


Options are :

  • 1456
  • 18180
  • 7242
  • 18182
  • 18181

Answer : 18181

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company's headquarters. You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?


Options are :

  • Policy Server and primary SmartCenter Server
  • ClusterXL and SmartCenter Server
  • VPN-1 Pro Gateway and primary SmartCenter Server
  • VPN-1 Pro Gateway
  • SmartCenter Server

Answer : VPN-1 Pro Gateway and primary SmartCenter Server

Barak is a Security Administrator for an organization that has two sites using per shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from per shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak's remaining steps? 1. Disable "PrE. Shared Secret" on the London and Oslo gateway objects 2. Add the Madrid gateway object into the Oslo and London's mesh VPN Community 3. Manually generate ICA Certificates for all three Security Gateways. 4. Configure "Traditional mode VPN configuration" in the Madrid gateway object's VPN screen 5. Reinstall the Security Policy on all three Security Gateways.


Options are :

  • 1,2,5
  • 1, 3, 4, 5
  • 1, 2, 4, 5
  • 1, 2, 3, 4
  • 1, 2, 3, 5

Answer : 1,2,5

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.


Options are :

  • After selecting "Packages: Add… from CD", the selected package is copied to the packages directory on the selected remote Security Gateway.
  • After selecting "Packages: Add… from CD", the entire contents of the CD are copied to the packages directory on the selected remote Security Gateway.
  • After selecting "Packages: Add… from CD", the selected package is copied to the Package Repository on the SmartCenter Server.
  • After selecting "Packages: Add… from CD", the entire contents of the CD are copied to the Package Repository on the SmartCenter Server.

Answer : After selecting "Packages: Add… from CD", the selected package is copied to the Package Repository on the SmartCenter Server.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, without stopping the VPN. What is the correct order of steps?


Options are :

  • 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain for each Gateway. 3. Create VTIs on each Gateway, to point to the other two peers 4. Enable advanced routing on all three Gateways.
  • 1. Add a new interface on each Gateway. 2. Add the newly added network into the existing VPN Domain for each gateway object. 3. Create VTIs on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new networks to each peer's VTI interface.
  • 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain in each gateway object. 3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new network to each peer's VTI interface
  • 1. Add a new interface on each Gateway. 2. Add the newly added network into the existing VPN Domain for each Gateway. 3. Create VTIs on each gateway object, to point to the other two peers. 4. Enable advanced routing on all three Gateways.

Answer : 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain in each gateway object. 3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new network to each peer's VTI interface

Public-key cryptography is considered which of the following?


Options are :

  • one-key/asymmetric
  • two-key/asymmetric
  • one-key/symmetric
  • two-key/symmetric

Answer : two-key/asymmetric

Your organization has many VPN-1 Edge gateways at various branch offices, to allow VPN1 Secure Client users to access company resources. For security reasons, your organization's Security Policy requires all Internet traffic initiated behind the VPN-1 Edge gateways first be inspected by your headquarters' VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN Community?


Options are :

  • To the center; or through the center to other satellites, then to the Internet and other VPN targets
  • To the Internet and other targets only
  • To the center and other satellites, through the center
  • To the center only

Answer : To the center; or through the center to other satellites, then to the Internet and other VPN targets

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server runs on SecurePlatform. You plan to implement VPN-1 NGX R65 in a distributed environment, where the new machine will be the SmartCenter Server, and the existing machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with AI R55 SmartCenter Server configuration, including licensing. How do you handle licensing for this NGX R65 upgrade?


Options are :

  • Leave the current license on the gateway to be upgraded during the software upgrade.Purchase a new license for the VPN-1 NGX R65 SmartCenter Server.
  • Request an NGX R65 SmartCenter Server license, using the existing gateway machine's IP address. Request a new local license for the NGX R65 VPN-1 Gateway using the new server's IP address.
  • Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license for the existing gateway server's IP address.
  • Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter Server's IP address.

Answer : Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter Server's IP address.

Which of these components does NOT require a VPN-1 NGX R65 license?


Options are :

  • SmartConsole
  • Check Point Gateway
  • SmartUpdate upgrading/patching
  • SmartCenter Server

Answer : SmartConsole

Which is the BEST configuration option to protect internal users from malicious Java code, without stripping Java scripts?


Options are :

  • Use the URI resource to strip applet tags
  • Use the URI resource to strip ActiveX tags
  • Use CVP in the URI resource to block Java code
  • Use the URI resource to block Java code

Answer : Use the URI resource to block Java code

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

Which operating system is NOT supported by VPN-1 Secure Client?


Options are :

  • Windows 2000 Professional
  • Windows XP SP2
  • MacOSX
  • IPSO 3.9
  • RedHat Linux 8.0

Answer : IPSO 3.9

What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?


Options are :

  • IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.
  • Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.
  • The SmartCenter Server stops importing logs from VoIP servers.
  • VoIP protocol-specific log fields are not included in SmartView Tracker entries.
  • The log field setting in rules for VoIP protocols are ignored.

Answer : VoIP protocol-specific log fields are not included in SmartView Tracker entries.

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It contains your security configuration, which could be exploited.
  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
  • It will conflict with any future upgrades run from SmartUpdate.

Answer : It contains your security configuration, which could be exploited.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server, allows you to: (1) Remotely perform a first time installation of VPN-1 NGX on a new machine (2) Determine OS patch levels on remote machines (3) Update installed Check Point and any OPSEC certified software remotely (4) Update installed Check Point software remotely (5) Track installed versions of Check Point and OPSEC products (6) Centrally manage licenses


Options are :

  • 1 & 4
  • 2, 4, 5, & 6
  • 4, 5, & 6
  • 1, 3, 4, & 6

Answer : 2, 4, 5, & 6

How do you control the maximum mail messages in a spool directory?


Options are :

  • In the Security Server window in Global Properties
  • In SmartDefense SMTP settings
  • In the gateway object's SMTP settings in the Advanced window
  • In the SMTP resource object
  • In the smtp.conf file on the SmartCenter Server

Answer : In the gateway object's SMTP settings in the Advanced window

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:


Options are :

  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite.
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York, is the satellite.
  • Three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
  • Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

Answer : Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

What tools CANNOT be launched from SmartUpdate NGX R65?


Options are :

  • SecurePlatform Web UI
  • cpinfo
  • Nokia Voyager
  • snapshot

Answer : snapshot

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?


Options are :

  • An object to represent the PSTN phone network, AND an object to represent the IP phone network
  • An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
  • An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
  • An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed
  • An object to represent the call manager, AND an object to represent the host on which the transmission router is installed

Answer : An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed

The following rule contains an FTP resource object in the Service field: Source: local_net Destination: Any Service: FTP-resource object Action: Accept How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?


Options are :

  • Disable "Get" and "Put" methods on the Match tab.
  • Enable "Put" and "Get" methods.
  • Enable the "Get" method on the Match tab.
  • Disable the "Put" method globally.
  • Enable the "Put" method only on the Match tab.

Answer : Enable the "Put" method only on the Match tab.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 4

Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?


Options are :

  • HTTP
  • FTP
  • CIFS
  • URI
  • Telnet

Answer : CIFS

You are a Security Administrator preparing to deploy a new HFA (Hot fix Accumulator) to ten Security Gateways at five geographically separated locations. What is the BEST method to implement this HFA?


Options are :

  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • Send a CDROM with the HFA to each location and have local personnel install it
  • Send a Certified Security Engineer to each site to perform the update
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely

Which OPSEC server is used to prevent users from accessing certain Web sites?


Options are :

  • UFP
  • LEA
  • URI
  • AMON
  • CVP

Answer : UFP

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?


Options are :

  • SCCP
  • MEGACO
  • H.323
  • MGCP
  • SIP

Answer : MEGACO

Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company's file server, on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the shared partition, unless they use the file server's IP address.Which of the following is a possible cause?


Options are :

  • The CIFS resource is not configured to use Windows name resolution
  • Access violations are not logged.
  • Null CIFS sessions are blocked.
  • Mapped shares do not allow administrative locks.
  • Remote registry access is blocked.

Answer : The CIFS resource is not configured to use Windows name resolution

Damon enables an SMTP resource for content protection. He notices that mail seems to slow down on occasion, sometimes being delivered late. Which of the following might improve throughput performance?


Options are :

  • Configuring the CVP resource to return the mail to the Gateway
  • Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP server, without waiting for a response from the Security Gateway
  • Configuring the SMTP resource to bypass the CVP resource
  • Increasing the Maximum number of mail messages in the Gateway's spool directory
  • Configuring the SMTP resource to only allow mail with Damon's company's domain name in the header

Answer : Configuring the Content Vector Protocol (CVP) resource to forward the mail to the internal SMTP server, without waiting for a response from the Security Gateway

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 6

In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?


Options are :

  • Certificate Manager Server
  • On the Security Gateway
  • On the primary SmartCenter Server
  • On the Smart View Monitor
  • On the Policy Server

Answer : On the primary SmartCenter Server

You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?


Options are :

  • Hide NAT
  • Hide NAT
  • None
  • Manual NAT
  • Static NAT

Answer : None

What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?


Options are :

  • SmartUpdate GUI PC
  • SmartUpdate installed SmartCenter Server PC
  • VPN-1 Security Gateway getting the new upgrade package
  • SmartUpdate Repository SQL database Server

Answer : SmartUpdate GUI PC

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

You want to upgrade an NG with Application Intelligence R55 Security Gateway running on SecurePlatform to VPN-1 NGX R65 via SmartUpdate. Which package(s) is(are) needed in the Repository prior to upgrade?


Options are :

  • VPN-1 Power/UTM NGX R65 package
  • SecurePlatform NGX R65 package
  • SVN Foundation and VPN-1 Power/UTM packages
  • SecurePlatform and VPN-1 Power/UTM NGX R65 packages

Answer : SecurePlatform NGX R65 package

Which service type does NOT invoke a Security Server?


Options are :

  • HTTP
  • SMTP
  • Telnet
  • CIFS
  • FTP

Answer : CIFS

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions