156-315.13 Check Point Security Expert R76(GAiA) Exam Set 6

When an Endpoint user is able to authenticate but receives a message from the client that it is unable to enforce the desktop policy, what is the most likely scenario?


Options are :

  • The gateway could not locate the user in SmartDirectory and is allowing the connection with limitations based on a generic profile.
  • The user's rights prevent access to the protected network.
  • A Desktop Policy is not configured.
  • The user is attempting to connect with the wrong Endpoint client. (Correct)

Answer : The user is attempting to connect with the wrong Endpoint client.

156-315.71 Check Point Security Expert R71 Practical Exam Set 4

Which describes the function of the account unit?


Options are :

  • An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server. (Correct)
  • An Account Unit is the administration account on the LDAP server that SmartDirectory uses to access to (LDAP) server
  • An Account Unit is a system account on the Check Point gateway that SmartDirectory uses to access an (LDAP) server
  • An Account Unit is the Check Point account that SmartDirectory uses to access an (LDAP) server

Answer : An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server.

When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?


Options are :

  • Group Agnostic
  • OU Accept and select appropriate domain
  • Only Group in Branch (Correct)
  • All Account-Unit's Users

Answer : Only Group in Branch

Where do you verify that SmartDirectory is enabled?


Options are :

  • Global properties > Smart Directory (LDAP) > Use SmartDirectory(LDAP) for Security Gateways is checked (Correct)
  • Global properties > Authentication> Use SmartDirectory(LDAP) for Security Gateways is checked
  • Gateway properties > Authentication> Use SmartDirectory(LDAP) for Security Gateways is checked
  • Gateway properties > Smart Directory (LDAP) > Use SmartDirectory(LDAP) for Security Gateways is checked

Answer : Global properties > Smart Directory (LDAP) > Use SmartDirectory(LDAP) for Security Gateways is checked

156-315.71 Check Point Security Expert R71 Practice Exam Set 2

A Minimal Effort Upgrade of a cluster:


Options are :

  • Is not a valid upgrade method inR76
  • Treats each individual cluster member as an individual gateway. (Correct)
  • Is only supported in major releases (R70 to R71, R71 to R76).
  • Upgrades all cluster members except one at the same time.

Answer : Treats each individual cluster member as an individual gateway.

Which of the following is a valid Active Directory designation for user John Doe in the Sales department of AcmeCorp.com?


Options are :

  • Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
  • Cn=john_doe,ou=Sales,dc=acmecorp,dc=com (Correct)
  • Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
  • Cn=john_doe,ou=Sales,ou=acmecorp,dc=com

Answer : Cn=john_doe,ou=Sales,dc=acmecorp,dc=com

The process that performs the authentication for SSL VPN Users is:


Options are :

  • cvpnd (Correct)
  • fwm
  • vpnd
  • cpd

Answer : cvpnd

156-315.77 Check Point Certified Security Expert Exam Set 3

The process that performs the authentication for legacy session authentication is:


Options are :

  • fwssd (Correct)
  • fwm
  • cvpnd
  • vpnd

Answer : fwssd

Where multiple SmartDirectory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority. By what category can this priority be defined?


Options are :

  • Location or Domain
  • Location or Account Unit
  • Gateway or Account Unit (Correct)
  • Gateway or Domain

Answer : Gateway or Account Unit

Each entry in SmartDirectory has a unique _______________ ?


Options are :

  • Schema
  • Port Number Association
  • Organizational Unit
  • Distinguished Name (Correct)

Answer : Distinguished Name

Check Point Certified Security Expert Exam Set 4

Which process is responsible for delta synchronization in ClusterXL?


Options are :

  • fw kernel on the security gateway (Correct)
  • fwd process on the security gateway
  • cpd process on the security gateway
  • Clustering process on the security gateway

Answer : fw kernel on the security gateway

What is NOT a valid LDAP use in Check Point SmartDirectory?


Options are :

  • Provide user authentication information for the Security Management Server
  • External users management
  • Retrieve gateway CRL's
  • Enforce user access to internal resources (Correct)

Answer : Enforce user access to internal resources

Which utility or command is useful for debugging by capturing packet information, including verifying LDAP authentication?


Options are :

  • fw debug fwm
  • ping
  • fw monitor (Correct)
  • um_core enable

Answer : fw monitor

156-315.71 Check Point Security Expert R71 Practical Exam Set 7

The set of rules that governs the types of objects in the directory and their associated attributes is called the:


Options are :

  • SmartDatabase
  • LDAP Policy
  • Access Control List
  • Schema (Correct)

Answer : Schema

Identity Agent is a lightweight endpoint agent that authenticates securely with Single SignOn (SSO). Which of the following is NOT a recommended use for this method?


Options are :

  • Protecting highly sensitive servers
  • Leveraging identity for Data Center protection
  • When accuracy in detecting identity is crucial
  • Identity based enforcement for non-AD users (non-Windows and guest users) (Correct)

Answer : Identity based enforcement for non-AD users (non-Windows and guest users)

There are several SmartDirectory (LDAP) features that can be applied to further enhance SmartDirectory (LDAP) functionality, which of the following is NOT one of those features?


Options are :

  • Support many Domains under the same account unit (Correct)
  • Encrypted or non-encrypted SmartDirectory (LDAP) Connections usage
  • High Availability, where user information can be duplicated across several servers
  • Support multiple SmartDirectory (LDAP) servers on which many user databases are distributed

Answer : Support many Domains under the same account unit

Check Point Certified Security Expert Exam Set 3

When using SmartDashboard to manage existing users in SmartDirectory, when are the changes applied?


Options are :

  • At policy installation
  • Instantaneously (Correct)
  • Never, you cannot manage users through SmartDashboard
  • At database synchronization

Answer : Instantaneously

If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended?


Options are :

  • Identity-based auditing and logging
  • Leveraging identity in Internet application control
  • Basic identity enforcement in the internal network
  • Identity-based enforcement for non-AD users (non-Windows and guest users) (Correct)

Answer : Identity-based enforcement for non-AD users (non-Windows and guest users)

Which process is responsible for kernel table information sharing across all cluster members?


Options are :

  • CPHA using an encrypted TCP connection
  • fw kernel using an encrypted TCP connection
  • fwd daemon using an encrypted TCP connection (Correct)
  • cpd using an encrypted TCP connection

Answer : fwd daemon using an encrypted TCP connection

156-315.71 Check Point Security Expert R71 Practice Exam Set 2

Which process is responsible for full synchronization in ClusterXL?


Options are :

  • fw kernel on the Security Gateway
  • cpd on the Security Gateway
  • fwd on the Security Gateway (Correct)
  • Clustering on the Security Gateway

Answer : fwd on the Security Gateway

Check Point support has asked Tony for a firewall capture of accepted packets. What would be the correct syntax to create a capture file to a filename called monitor.out?


Options are :

  • Run fw monitor -e "accept;" -o monitor.out (Correct)
  • Run fw monitor -e "accept;" -c monitor.out
  • Run fw monitor -e "accept;" -f monitor.out
  • Run fw monitor -e "accept;" -m monitor.out

Answer : Run fw monitor -e "accept;" -o monitor.out

A Full Connectivity Upgrade of a cluster:


Options are :

  • Upgrades all cluster members except one at the same time.
  • Is not a valid upgrade method inR76.
  • Is only supported in minor version upgrades (R70 to R71, R71 toR76). (Correct)
  • Treats each individual cluster member as an individual gateway.

Answer : Is only supported in minor version upgrades (R70 to R71, R71 toR76).

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 3

An organization may be distributed across several SmartDirectory (LDAP) servers. What provision do you make to enable a Gateway to use all available resources? Each SmartDirectory (LDAP) server must be:


Options are :

  • represented by a separate Account Unit that is a member in the LDAP group.
  • a member in the LDAP group.
  • represented by a separate Account Unit. (Correct)
  • a member in a group that is associated with one Account Unit.

Answer : represented by a separate Account Unit.

The User Directory Software Blade is used to integrate which of the following with a R76 Security Gateway?


Options are :

  • LDAP server (Correct)
  • Account Management Client server
  • RADIUS server
  • UserAuthority server

Answer : LDAP server

Which command would you use to save the interface information before upgrading a Windows Gateway?


Options are :

  • ifconfig > [filename].txt
  • ipconfig a > [filename].txt (Correct)
  • netstat rn > [filename].txt
  • cp /etc/sysconfig/network.C [location]

Answer : ipconfig a > [filename].txt

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

With the User Directory Software Blade, you can create R76 user definitions on a(n) _________ Server.


Options are :

  • Radius
  • SecureID
  • LDAP (Correct)
  • NT Domain

Answer : LDAP

How does Check Point recommend that you secure the sync interface between gateways?


Options are :

  • Encrypt all sync traffic between cluster members.
  • Use a dedicated sync network. (Correct)
  • Secure each sync interface in a cluster with Endpoint.
  • Configure the sync network to operate within the DMZ.

Answer : Use a dedicated sync network.

The process that performs the authentication for Remote Access is:


Options are :

  • cvpnd
  • vpnd (Correct)
  • cpd
  • fwm

Answer : vpnd

Check Point Certified Security Administrator Set 3

Which of the following is NOT a LDAP server option in SmartDirectory?


Options are :

  • Novell_DS
  • Standard_DS (Correct)
  • Netscape_DS
  • OPSEC_DS

Answer : Standard_DS

The process that performs the authentication for SmartDashboard is:


Options are :

  • cpd
  • fwm (Correct)
  • vpnd
  • cvpnd

Answer : fwm

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions