156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

Which Check Point product implements a Consolidation Policy?


Options are :

  • SmartLSM
  • SmartView Tracker
  • SmartView Monitor
  • SmartReporter (Correct)

Answer : SmartReporter

156-315.71 Check Point Security Expert R71 Practice Exam Set 3

You are reviewing computer information collected in ClientInfo. You can NOT:


Options are :

  • Run Google.com search using the contents of the selected cell.
  • None
  • Save the information in the active tab to an .exe file. (Correct)
  • Enter new credential for accessing the computer information.

Answer : Save the information in the active tab to an .exe file.

What is the SmartEvent Analyzer's function?


Options are :

  • Analyze log entries, looking for Event Policy patterns.
  • Assign severity levels to events. (Correct)
  • Display received threats and tune the Events Policy.
  • Generate a threat analysis report from the Analyzer database.

Answer : Assign severity levels to events.

What is the benefit to running SmartEvent in Learning Mode?


Options are :

  • To run SmartEvent with preloaded sample data in a test environment
  • There is no SmartEvent Learning Mode
  • To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
  • To generate a report with system Event Policy modification suggestions (Correct)

Answer : To generate a report with system Event Policy modification suggestions

Check Point Certified Security Expert Exam Set 9

______________ is NOT an SmartEvent event-triggered Automatic Reaction.


Options are :

  • Mail
  • SNMP Trap
  • External Script
  • Block Access (Correct)

Answer : Block Access

Which of the following commands can be used to stop Management portal services?


Options are :

  • cpstop / portal
  • smartportalstop (Correct)
  • fw stopportal
  • cpportalstop

Answer : smartportalstop

What access level cannot be assigned to an Administrator in SmartEvent?


Options are :

  • Write only (Correct)
  • Read only
  • No Access
  • Events Database

Answer : Write only

156-315.77 Check Point Certified Security Expert Exam Set 2

What is the most common cause for a Quick mode packet 1 failing with the error "No Proposal Chosen" error?


Options are :

  • The encryption strength and hash settings of one peer does not match the other. (Correct)
  • The previously established Permanent Tunnel has failed.
  • There is a network connectivity issue.
  • The OS and patch level of one gateway does not match the other.

Answer : The encryption strength and hash settings of one peer does not match the other.

When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of the following commands should you run to save the SmartEvent data base files on the new server?


Options are :

  • migrate import
  • restore
  • cp
  • eva_db_restore (Correct)

Answer : eva_db_restore

The SmartEvent Correlation Unit:


Options are :

  • assigns a severity level to an event.
  • adds events to the events database.
  • displays the received events.
  • forwards what is identified as an event to the SmartEvent server. (Correct)

Answer : forwards what is identified as an event to the SmartEvent server.

156-315.77 Check Point Certified Security Expert Exam Set 3

The SmartEvent Server:


Options are :

  • displays the received events
  • analyzes each IPS log entry as it enters the Log server
  • invokes defined automatic reactions (Correct)
  • adds events to the events database

Answer : invokes defined automatic reactions

Which of the following log files contains verbose information regarding the negotiation process and other encryption failures?


Options are :

  • iked.elg
  • vpnd.elg (Correct)
  • ike.elg
  • vpn.elg

Answer : vpnd.elg

In a UNIX environment, SmartReporter Data Base settings could be modified in:


Options are :

  • $CPDIR/Database/conf/conf.C
  • $FWDIR/Eventia/conf/ini.C
  • $ERDIR/conf/my.cnf
  • $RTDIR/Database/conf/my.cnf (Correct)

Answer : $RTDIR/Database/conf/my.cnf

Check Point Certified Security Expert Exam Set 9

In a Windows environment, SmartReporter Data Base settings could be modified in:


Options are :

  • %RTDIR%\Database\conf\my.ini
  • $CPDIR/Database/conf/conf.C (Correct)
  • $FWDIR/Eventia/conf/ini.C
  • $ERDIR/conf/my.cnf

Answer : $CPDIR/Database/conf/conf.C

When migrating the SmartEvent data base from one server to another, the first step is to back up the files on the original server. Which of the following commands should you run to back up the SmartEvent data base?


Options are :

  • snapshot
  • backup
  • eva_db_backup (Correct)
  • migrate export

Answer : eva_db_backup

When do modifications to the Event Policy take effect?


Options are :

  • When saved on the SmartEvent Client, and installed on the SmartEvent Server.
  • When saved on the Correlation Units, and pushed as a policy.
  • When saved on the SmartEvent Server and installed to the Correlation Units. (Correct)
  • As soon as the Policy Tab window is closed.

Answer : When saved on the SmartEvent Server and installed to the Correlation Units.

156-315.77 Check Point Certified Security Expert Exam Set 10

What is the best tool to produce a report which represents historical system information?


Options are :

  • SmartReporter-Standard Reports
  • SmartReporter-Express Reports (Correct)
  • Smartview Monitor
  • SmartView Tracker

Answer : SmartReporter-Express Reports

Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?


Options are :

  • vpn accel off
  • vpn export_p12
  • vpn tu (Correct)
  • ikeoff

Answer : vpn tu

How many Events can be shown at one time in the Event preview pane?


Options are :

  • 1,000
  • 5,000
  • 15,000
  • 30,000 (Correct)

Answer : 30,000

Check Point Certified Security Expert Exam Set 4

Which procedure creates a new administrator in SmartWorkflow?


Options are :

  • Run cpconfig, supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
  • In SmartDashboard, click SmartWorkflow / Enable SmartWorkflow and the Enable SmartWorkflow wizard will start. Supply the Login Name, Profile Properties, Name, Access Applications and Permissions when prompted.
  • In SmartDashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions. (Correct)
  • On the Provider-1 primary MDS, run cpconfig, supply the Login Name, Profile Properties, Name, Access Applications and Permissions.

Answer : In SmartDashboard, click Users and Administrators right click Administrators / New Administrator and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.

Which of the following manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server?


Options are :

  • Smart Reporter (Correct)
  • Smart Reporter Database
  • Smart Dashboard Log Consolidator
  • Security Management Server

Answer : Smart Reporter

What SmartConsole application allows you to change the Log Consolidation Policy?


Options are :

  • SmartReporter (Correct)
  • SmartDashboard
  • SmartEvent Server
  • SmartUpdate

Answer : SmartReporter

156-315.77 Check Point Certified Security Expert Exam Set 9

Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that? (i) Use same hard driver for database directory, log files and temporary directory (ii) Use Consolidation Rules (iii) Limit logging to blocked traffic only (iv) Using Multiple Database Tables


Options are :

  • (i), (iii) and (iv)
  • (ii) and (iv) (Correct)
  • (i) and (ii)
  • (i), (ii) and (iv)

Answer : (ii) and (iv)

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now