156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?


Options are :

  • SmartEvent Analysis DataServer
  • SmartEvent Correlation Unit
  • SmartEvent Client
  • SmartEvent Server (Correct)

Answer : SmartEvent Server

156-315.71 Check Point Security Expert R71 Practice Exam Set 5

_______________ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.


Options are :

  • SmartDashboard Log Consolidator
  • SmartReporter Database
  • Security Management Server
  • SmartReporter (Correct)

Answer : SmartReporter

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?


Options are :

  • Define the two port-scan detections as an exception. (Correct)
  • You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.
  • Select the two port-scan detections as a sub-event
  • Select the two port-scan detections as a new event.

Answer : Define the two port-scan detections as an exception.

The SmartEvent Correlation Unit:


Options are :

  • assigns a severity level to an event
  • looks for patterns according to the installed Event Policy. (Correct)
  • displaya the received events.
  • adds events to the events database.

Answer : looks for patterns according to the installed Event Policy.

Check Point Certified Security Expert Exam Set 12

When you check Web Server in a host-node object, what happens to the host?


Options are :

  • More granular controls are added to the host, in addition to Web Intelligence tab settings. (Correct)
  • IPS Web Intelligence is enabled to check on the host.
  • The Web server daemon is enabled on the host.
  • You can specify allowed ports in the Web server's node-object properties. You then do not need to list all allowed ports in the Rule Base.

Answer : More granular controls are added to the host, in addition to Web Intelligence tab settings.

Which of the following is NOT a SmartEvent Permission Profile type?


Options are :

  • View (Correct)
  • No Access
  • Read/Write
  • Events Database

Answer : View

Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in SmartReporter?


Options are :

  • In SmartReporter, under Express > Network Activity
  • In SmartReporter, under Standard > Custom
  • In SmartView Monitor, under Global Properties > Log and Masters
  • In SmartDashboard, the SmartView Monitor page in theR76Security Gateway object (Correct)

Answer : In SmartDashboard, the SmartView Monitor page in theR76Security Gateway object

156-315.65 Check Point Security Administration NGX R65 Exam Set 5

What is the purpose of the pre-defined exclusions included with SmartEvent R76?


Options are :

  • To give samples of how to write your own exclusion.
  • As a base for starting and building exclusions.
  • To allow SmartEventR76to function properly with all other R71 devices.
  • To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71. (Correct)

Answer : To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.

The ______________ contains the Events Data Base.


Options are :

  • SmartEvent Server (Correct)
  • SmartEvent DataServer
  • SmartEvent Client
  • SmartEvent Correlation Unit

Answer : SmartEvent Server

_____________ generates a SmartEvent Report from its SQL database.


Options are :

  • SmartEvent Client
  • SmartDashboard Log Consolidator
  • SmartReporter (Correct)
  • Security Management Server

Answer : SmartReporter

156-215.13 Check Point Certified Security Administrator Exam Set 5

To back up all events stored in the SmartEvent Server, you should back up the contents of which folder(s)?


Options are :

  • $RTDIR/events_db
  • $RTDIR/distrib_db and $FWDIR/events
  • $RTDIR/distrib and $RTDIR/events_db (Correct)
  • $RTDIR/distrib

Answer : $RTDIR/distrib and $RTDIR/events_db

Which specific R76 GUI would you use to view the length of time a TCP connection was open?


Options are :

  • SmartView Status
  • SmartReporter
  • SmartView Monitor
  • SmartView Tracker (Correct)

Answer : SmartView Tracker

Which external user authentication protocols are supported in SSL VPN?


Options are :

  • LDAP, Active Directory, SecurID
  • DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS (Correct)
  • LDAP, RADIUS, TACACS, SecurID
  • LDAP, RADIUS, Active Directory, SecurID

Answer : DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS

Check Point Certified Security Expert Exam Set 9

What is a task of the SmartEvent Correlation Unit?


Options are :

  • Add events to the events database.
  • Display the received events.
  • Assign a severity level to an event
  • Look for patterns according to the installed Event Policy. (Correct)

Answer : Look for patterns according to the installed Event Policy.

The SmartEvent Client:


Options are :

  • assigns a severity level to an event.
  • analyzes each IPS log entry as it enters the Log server.
  • displays the received events. (Correct)
  • adds events to the events database.

Answer : displays the received events.

Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?


Options are :

  • $FWDIR/conf/fields.C
  • $FWDIR/conf/scheam.C
  • $FWDIR/conf/table.C
  • $FWDIR/conf/classes.C (Correct)

Answer : $FWDIR/conf/classes.C

Check Point Certified Security Expert Exam Set 4

What is the SmartEvent Correlation Unit's function?


Options are :

  • Invoke and define automatic reactions and add events to the database.
  • Display received threats and tune the Events Policy.
  • Assign severity levels to events.
  • Analyze log entries, looking for Event Policy patterns. (Correct)

Answer : Analyze log entries, looking for Event Policy patterns.

The SmartEvent Server:


Options are :

  • assigns a severity level to an event. (Correct)
  • forwards what is known as an event to the SmartEvent Server.
  • analyzes each IPS log entry as it enters the Log server.
  • displays the received events.

Answer : assigns a severity level to an event.

SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:


Options are :

  • Tracking attempted port scans.
  • Analyzing traffic patterns against public resources.
  • Possible worm/malware activity
  • Analyzing access attempts via social-engineering. (Correct)

Answer : Analyzing access attempts via social-engineering.

156-315.77 Check Point Certified Security Expert Exam Set 6

To help organize events, SmartReporter uses filtered queries. Which of the following is NOT an SmartEvent event property you can query?


Options are :

  • Event: Critical, Suspect, False Alarm (Correct)
  • Time:Last Hour, Last Day, Last Week
  • Type:Scans, Denial of Service, Unauthorized Entry
  • State:Open, Closed, False Alarm

Answer : Event: Critical, Suspect, False Alarm

A tracked SmartEvent Candidate in a Candidate Pool becomes an Event. What does NOT happen in the Analyzer Server?


Options are :

  • The Event is kept open, but condenses many instances into one Event.
  • SmartEvent provides the beginning and end time of the Event.
  • The Correlation Unit keeps adding matching logs to the Event.
  • SmartEvent stops tracking logs related to the Candidate. (Correct)

Answer : SmartEvent stops tracking logs related to the Candidate.

Which Check Point product is used to create and save changes to a Log Consolidation Policy?


Options are :

  • SmartReporter Client
  • Security Management Server
  • SmartEvent Server
  • SmartDashboard Log Consolidator (Correct)

Answer : SmartDashboard Log Consolidator

156-315.71 Check Point Security Expert R71 Practice Exam Set 3

If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?


Options are :

  • Log Sequence Policy
  • Consolidation Policy (Correct)
  • Log Consolidator Policy
  • Report Policy

Answer : Consolidation Policy

To clean the system of all events, you should delete the files in which folder(s)?


Options are :

  • $RTDIR/distrib and $RTDIR/events_db (Correct)
  • $RTDIR/events_db
  • $FWDIR/distrib_db and $FWDIR/events
  • $FWDIR/distrib

Answer : $RTDIR/distrib and $RTDIR/events_db

For best performance in Event Correlation, you should use:


Options are :

  • Many objects
  • Large groups
  • Nothing slows down Event Correlation
  • IP address ranges (Correct)

Answer : IP address ranges

156-515.65 Check Point Certified Security Expert Plus Exam Set 1

What is the SmartEvent Client's function?


Options are :

  • Invoke and define automatic reactions and add events to the database.
  • Generate a threat analysis report from the Reporter database.
  • Display received threats and tune the Events Policy. (Correct)
  • Assign severity levels to events.

Answer : Display received threats and tune the Events Policy.

Which SmartReporter report type is generated from the SmartView Monitor history file?


Options are :

  • Express (Correct)
  • Traditional
  • Standard
  • Custom

Answer : Express

The SmartEvent Correlation Unit:


Options are :

  • displays the received events.
  • adds events to the events database.
  • assigns a severity level to an event.
  • analyzes each IPS log entry as it enters the Log server. (Correct)

Answer : analyzes each IPS log entry as it enters the Log server.

Check Point Certified Security Expert Exam Set 3

Which of the following log files contains information about the negotiation process for encryption?


Options are :

  • vpn.elg
  • vpnd.elg
  • ike.elg (Correct)
  • iked.elg

Answer : ike.elg

How many pre-defined exclusions are included by default in SmartEvent R76 as part of the product installation?


Options are :

  • 3 (Correct)
  • 10
  • 0
  • 5

Answer : 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions