156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

While authorization for users managed by SmartDirectory is performed by the gateway, the authentication is mostly performed by the infrastructure in which of the following?


Options are :

  • cpauth (Correct)
  • ldapd
  • ldapauth
  • cpShared

Answer : cpauth

Check Point Certified Security Expert Exam Set 8

You can NOT use SmartDashboard's SmartDirectory features to connect to the LDAP server. What should you investigate? 1. Verify you have read-only permissions as administrator for the operating system. 2. Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server. 3. Check that the Login Distinguished Name configured has root (Administrator) permission (or at least write permission) in the access control configuration of the LDAP server.


Options are :

  • 2 and 3 (Correct)
  • 1 and 3
  • 1, 2, and 3
  • 1 and 2

Answer : 2 and 3

If you are experiencing LDAP issues, which of the following should you check?


Options are :

  • Connectivity between theR76Gateway and LDAP server (Correct)
  • Overlapping VPN Domains
  • Domain name resolution
  • Secure Internal Communications (SIC)

Answer : Connectivity between theR76Gateway and LDAP server

Which of the following access options would you NOT use when configuring Captive Portal?


Options are :

  • Through all interfaces
  • Through the Firewall policy
  • From the Internet (Correct)
  • Through internal interfaces

Answer : From the Internet

Check Point Certified Security Administrator Set 3

In an R76 Cluster, some features such as VPN only function properly when:


Options are :

  • All cluster members have the same Hot Fix Accumulator pack installed
  • All cluster members have the same policy
  • All cluster members' clocks are synchronized (Correct)
  • All cluster members have the same number of interfaces configured

Answer : All cluster members' clocks are synchronized

A Fast Path Upgrade of a cluster:


Options are :

  • Is not a valid upgrade method inR76. (Correct)
  • Treats each individual cluster member as an individual gateway.
  • Is only supported in major releases (R70 to R71, R75toR76).
  • Upgrades all cluster members except one at the same time.

Answer : Is not a valid upgrade method inR76.

Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?


Options are :

  • cpvpnd
  • fwd
  • fwm
  • vpnd (Correct)

Answer : vpnd

Check Point Certified Security Expert Exam Set 1

How are cached usernames and passwords cleared from the memory of a R76 Security Gateway?


Options are :

  • By using the Clear User Cache button in SmartDashboard
  • By retrieving LDAP user information using the command fw fetchldap
  • By installing a Security Policy (Correct)
  • Usernames and passwords only clear from memory after they time out

Answer : By installing a Security Policy

A Zero Downtime Upgrade of a cluster:


Options are :

  • Is only supported in major releases (R70 to R71, R71 toR76).
  • Treats each individual cluster member as an individual gateway.
  • Upgrades all cluster members except one at the same time. (Correct)
  • Is not a valid upgrade method inR76.

Answer : Upgrades all cluster members except one at the same time.

When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?


Options are :

  • Basic identity enforcement in the internal network (Correct)
  • For deployment of Identity Agents
  • Identity-based enforcement for non-AD users (non-Windows and guest users)
  • Leveraging identity in Internet application control

Answer : Basic identity enforcement in the internal network

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

In ClusterXL R76; when configuring a cluster synchronization network on a VLAN interface what is the supported configuration?


Options are :

  • It is not supported on a VLAN tag
  • It is supported on VLAN tag 4095
  • It is supported on VLAN tag 4096
  • It is supported on the lowest VLAN tag of the VLAN interface (Correct)

Answer : It is supported on the lowest VLAN tag of the VLAN interface

When defining SmartDirectory for High Availability (HA), which of the following should you do?


Options are :

  • Configure the SmartDirectory as a single object using the LDAP cluster IP. Actual HA functionality is configured on the servers.
  • Replicate the same information on multiple Active Directory servers. (Correct)
  • Configure a SmartDirectory Cluster object.
  • Configure Secure Internal Communications with each server and fetch branches from each.

Answer : Replicate the same information on multiple Active Directory servers.

When defining an Organizational Unit, which of the following are NOT valid object categories?


Options are :

  • Domains (Correct)
  • Services
  • Resources
  • Users

Answer : Domains

156-215.13 Check Point Certified Security Administrator Exam Set 3

When configuring an LDAP Group object, which option should you select if you do NOT want the gateway to reference the groups defined on the LDAP server for authentication purposes?


Options are :

  • OU Accept and select appropriate domain
  • Only Group in Branch
  • Group Agnostic
  • Only Sub Tree (Correct)

Answer : Only Sub Tree

How would you set the debug buffer size to 1024?


Options are :

  • Run fw ctl set buf 1024
  • Run fw ctl kdebug 1024
  • Run fw ctl debug -buf 1024 (Correct)
  • Run fw ctl set int print_cons 1024

Answer : Run fw ctl debug -buf 1024

Which is NOT a method through which Identity Awareness receives its identities?


Options are :

  • Captive Portal
  • AD Query
  • GPO (Correct)
  • Identity Agent

Answer : GPO

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

Which of the following is a valid Active Directory designation for user Jane Doe in the MIS department of AcmeCorp.com?


Options are :

  • Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
  • Cn= jane_doe,ou=MIS,cn=acme,cn=corp,dc=com
  • Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com (Correct)
  • Cn= jane_doe,ou=MIS,DC=acmecorp,dc=com

Answer : Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com

When using a template to define a SmartDirectory, where should the user's password be defined? In the:


Options are :

  • LDAP object
  • User object (Correct)
  • VPN Community object
  • Template object

Answer : User object

Remote clients are using SSL VPN to authenticate via LDAP server to connect to the organization. Which gateway process is responsible for the authentication?


Options are :

  • vpnd
  • fwm
  • fwd
  • cpvpnd (Correct)

Answer : cpvpnd

156-315.77 Check Point Certified Security Expert Exam Set 17

Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R76?


Options are :

  • A group with a generic user
  • LDAP group (Correct)
  • All Users
  • External-user group

Answer : LDAP group

When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster members have the same products installed. Which command should you run?


Options are :

  • fw fcu
  • cphaprob fcustat
  • fw ctl conn ľa (Correct)
  • cpconfig

Answer : fw ctl conn ľa

In SmartDirectory, what is each LDAP server called?


Options are :

  • LDAP Unit
  • Account Server
  • Account Unit (Correct)
  • LDAP Server

Answer : Account Unit

Check Point Certified Security Expert Exam Set 7

An Account Unit is the interface between the __________ and the __________.


Options are :

  • Gateway, Resources
  • Users, Domain
  • Clients, Server (Correct)
  • System, Database

Answer : Clients, Server

When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?


Options are :

  • All Account-Unit's Users
  • Only Group in Branch (Correct)
  • Only Sub Tree
  • OU Auth and select Group Name

Answer : Only Group in Branch

Which of the following is NOT a ClusterXL mode?


Options are :

  • Broadcast (Correct)
  • Multicast
  • Legacy
  • New

Answer : Broadcast

156-315.71 Check Point Security Expert R71 Practice Exam Set 1

Steve is troubleshooting a connection problem with an internal application. If he knows the source IP address is 192.168.4.125, how could he filter this traffic?


Options are :

  • Run fw monitor -e "accept dsrc=192.168.4.125;"
  • Run fw monitor -e "accept ip=192.168.4.125;"
  • Run fw monitor -e "accept dst=192.168.4.125;"
  • Run fw monitor -e "accept src=192.168.4.125;" (Correct)

Answer : Run fw monitor -e "accept src=192.168.4.125;"

What is the default port number for Secure Sockets Layer connections with the LDAP Server?


Options are :

  • 398
  • 363
  • 636 (Correct)
  • 389

Answer : 636

Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?


Options are :

  • query ldap ľname administrator
  • ldapquery ľname administrator
  • dsquery user ľname administrator (Correct)
  • cpquery ľname administrator

Answer : dsquery user ľname administrator

156-315.71 Check Point Security Expert R71 Practice Exam Set 7

Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.


Options are :

  • Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit. (Correct)
  • Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
  • Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
  • Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

Answer : Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

What is the default port number for standard TCP connections with the LDAP server?


Options are :

  • 636
  • 363
  • 398
  • 389 (Correct)

Answer : 389

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions