156-315.65 Check Point Security Administration NGX R65 Exam Set 5

How do you control the maximum mail messages in a spool directory?


Options are :

  • In the gateway object's SMTP settings in the Advanced window (Correct)
  • In the smtp.conf file on the SmartCenter Server
  • In the Security Server window in Global Properties
  • In SmartDefense SMTP settings
  • In the SMTP resource object

Answer : In the gateway object's SMTP settings in the Advanced window

Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization's three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects.When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?


Options are :

  • The related enD. points domain specifies an address range.
  • The VoIP Domain SIP object's name contains restricted characters.
  • The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.
  • VoIP Domain SIP objects cannot be placed in simple groups. (Correct)
  • The installed VoIP gateways specify host objects.

Answer : VoIP Domain SIP objects cannot be placed in simple groups.

156-315.77 Check Point Certified Security Expert Exam Set 10

Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization. To comply with industry regulations, Yoav's VPN solution must meet the following requirements: Portability: Standard Key management: Automatic, external PKI Session keys: Changed at configured times during a connection's lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brutE. force attacks What is the most appropriate setting Yoav should choose?


Options are :

  • IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
  • IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
  • IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
  • IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash (Correct)
  • IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash

Answer : IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

You want to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?


Options are :

  • SecurePlatform NGX R60 (Correct)
  • SVN Foundation and VPN-1 Express/Pro
  • SVN Foundation 3 E. VPN-1 Pro/Express NGXR60
  • VPN-1 and Firewall-1

Answer : SecurePlatform NGX R60

The following is cphaprob state command output from a New Mode High Availability cluster memberWhich machine has the highest priority?


Options are :

  • 192.168.1.2, because its state is active
  • 192.168.1.2, since its number is 2
  • This output does not indicate which machine has the highest priority.
  • 192.168.1.1, because its number is 1 (Correct)

Answer : 192.168.1.1, because its number is 1

156-215.71 Check Point Certified Security Administrator Exam Set 3

Which of the following TCP port numbers is used to connect the VPN-1 Gateway to the Content Vector Protocol (CVP) server?


Options are :

  • 18182
  • 17242
  • 18180
  • 18181 (Correct)
  • 1456

Answer : 18181

Which operating system is NOT supported by VPN-1 SecureClient?


Options are :

  • RedHat Linux 8.0
  • IPSO 3.9 (Correct)
  • MacOSX
  • Windows XP SP2
  • Windows 2000 Professional

Answer : IPSO 3.9

Your current VPN-1 NG with Application Intelligence (Al) R55 stanD. alone VPN-1 Pro Gateway and SmartCenter Server run on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the SmartCenter Server, and a new machine will be the VPN-1 Pro Gateway only. You need to migrate the NG with Al R55 SmartCenter Server configuration, including such items as Internal Certificate Authority files, databases, and Security Policies.How do you request a new license for this VPN-1 NGX upgrade?


Options are :

  • Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address. Request a new local license forthe NGX VPN-1 Pro Gateway.
  • Request a VPN-1 NGX SmartCenter Server license, using the new machine's IP address. Request a new central license forthe NGX VPN-1 Pro Gateway.
  • Request a new VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP address. Request a new central license for the NGX VPN-1 Pro Gateway.
  • Request a VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP address. Request a new central license forthe NGX VPN-1 Pro Gateway, licensed forthe existing SmartCenter Server IP address. (Correct)

Answer : Request a VPN-1 NGX SmartCenter Server license, using the NG with Al SmartCenter Server IP address. Request a new central license forthe NGX VPN-1 Pro Gateway, licensed forthe existing SmartCenter Server IP address.

156-315.77 Check Point Certified Security Expert Exam Set 24

The following configuration is for VPN-1 NGX:ls this configuration correct for Management High Availability (HA)?


Options are :

  • No, the SmartCenter Servers must be installed on the same operating system. (Correct)
  • No, the SmartCenter Servers must reside on the same network.
  • No, a VPN-1 NGX SmartCenter Server cannot run on Red Hat Linux 7.3.
  • No, A VPN-1 NGX SmartCenter Server can only be in a Management HA configuration, if the operating system is Solaris.
  • No, the SmartCenter Servers do not have the same number of NICs.

Answer : No, the SmartCenter Servers must be installed on the same operating system.

VPN-1 NGX supports VoIP traffic in all of the following environments, except which environment?


Options are :

  • H509-D (Correct)
  • SIP
  • SCCP
  • MGCP
  • H.323

Answer : H509-D

DShield is a Check Point feature used to block which of the following threats?


Options are :

  • SQL injection
  • Cross Site Scripting
  • Trojan horses
  • Buffer overflows
  • DDOS (Correct)

Answer : DDOS

156-215.77 Check Point Certified Security Administrator Test Set 5

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?


Options are :

  • An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
  • An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host
  • An object to represent the PSTN phone network, AND an object to represent the IP phone network
  • An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
  • An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed (Correct)

Answer : An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed

Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?


Options are :

  • Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
  • Configure the SMTP Security Server to apply a generic "from" address to all outgoing mail.
  • Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain (Correct)
  • Configure the SMTP Security Server to perform MX resolving.
  • Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.

Answer : Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain

You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects: Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.100.100 VoIP Domain object: VolP_domain_A 1 .EnD. point domain: SIP-net 2.VoIP gateway installed at: SIP-gateway host object How would you configure the rule?


Options are :

  • VolP_Gateway_MJet_B/sip/accept
  • SIP-Gateway/Net_B/sip/accept
  • VolP_domain_A/Net_B/sip_any, and sip/accept
  • SIP-Gateway/Net_B/sip_any/accept
  • VolP_domain A/Net_B/sip_any/accept (Correct)

Answer : VolP_domain A/Net_B/sip_any/accept

156-315.71 Check Point Security Expert R71 Practical Exam Set 6

What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?


Options are :

  • IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.
  • The log field setting in rules for VoIP protocols are ignored.
  • The SmartCenter Server stops importing logs from VoIP servers.
  • Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged
  • VoIP protocol-specific log fields are not included in SmartView Tracker entries. (Correct)

Answer : VoIP protocol-specific log fields are not included in SmartView Tracker entries.

You want to upgrade a cluster with two members to VPN-1 NGX. The SmartCenter Server and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix. What is the correct upgrade procedure? 1. Change the version, in the General Properties of the gateway-cluster object. 2. Upgrade the SmartCenter Server, and reboot after upgrade. 3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade. 4. Reinstall the Security Policy


Options are :

  • 2,3, 1,4 (Correct)
  • 2,4,3, 1
  • 1,2,3,4
  • 1,3,2,4
  • 3,2, 1,4

Answer : 2,3, 1,4

You have a production implementation of Management High Availability, at version VPN-1 NG with Application Intelligence R55. You must upgrade your two SmartCenter Servers to VPN-1 NGX. What is the correct procedure?


Options are :

  • 1. Perform an advanced upgrade on the primary SmartCenter Server. 2. Configure the primary SmartCenter Server host object to version VPN-1 NGX. 3. Synchronize the primary with the secondary SmartCenter Server. 4. Upgrade the secondary SmartCenter Server. 5. Configure the secondary SmartCenter Server host object to version VPN-1 NGX. 6. Synchronize the Servers again.
  • 1. Synchronize the two SmartCenter Servers. 2. Perform an advanced upgrade on the primary SmartCenter Server. 3. Configure the primary SmartCenter Server host object to version VPN-1 NGX. 4. Synchronize the two Servers again. 5. Upgrade the secondary SmartCenter Server. 6. Configure the secondary SmartCenter Server host object to version VPN-1 NGX. 7. Synchronize the Servers again.
  • 1. Synchronize the two SmartCenter Servers. 2. Perform an advanced upgrade on the primary SmartCenter Server. 3. Upgrade the secondary SmartCenter Server. 4. Configure both SmartCenter Server host objects to version VPN-1 NGX. 5. Synchronize the Servers again. (Correct)
  • 1. Synchronize the two SmartCenter Servers. 2. Upgrade the secondary SmartCenter Server. 3. Upgrade the primary SmartCenter Server. 4. Configure both SmartCenter Server host objects version to VPN-1 NGX. 5. Synchronize the Servers again.

Answer : 1. Synchronize the two SmartCenter Servers. 2. Perform an advanced upgrade on the primary SmartCenter Server. 3. Upgrade the secondary SmartCenter Server. 4. Configure both SmartCenter Server host objects to version VPN-1 NGX. 5. Synchronize the Servers again.

156-315.77 Check Point Certified Security Expert Exam Set 3

Which operating system is NOT supported by VPN-1 SecureClient?


Options are :

  • Windows 2000 Professional
  • IPSO 3.9 (Correct)
  • Windows XP SP2
  • MacOSX
  • RedHat Linux 8.0

Answer : IPSO 3.9

Which VPN Community object is used to configure VPN routing within the SmartDashboard?


Options are :

  • Map
  • Mesh
  • Star (Correct)
  • Remote Access

Answer : Star

You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all sitE. to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?


Options are :

  • lnternal_clear > Communities
  • Communities > Communities
  • lnternal_clear > External_Clear
  • internal clear>All communities (Correct)
  • internal_clear > AII_GwToGw

Answer : internal clear>All communities

Check Point Certified Security Expert Exam Set 10

What is a requirement for setting up Management High Availability?


Options are :

  • All SmartCenter Servers must reside in the same Local Area Network (LAN).
  • You can only have one Secondary SmartCenter Server.
  • All SmartCenter Servers must have the BIOS release.
  • All SmartCenter Servers must have the same amount of memory.
  • All SmartCenter Servers must have the same operating system. (Correct)

Answer : All SmartCenter Servers must have the same operating system.

If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:


Options are :

  • The standard threE. packet IKE Phase 2 exchange is replaced by a six-packet exchange.
  • The standard threE. packet IKE Phase 1 exchange is replaced by a six-packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a threE. packet exchange. (Correct)
  • The standard six-packet IKE Phase 2 exchange is replaced by a threE. packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a twelvE. packet exchange.

Answer : The standard six-packet IKE Phase 1 exchange is replaced by a threE. packet exchange.

How would you configure a rule in a Security Policy to allow SIP traffic from end point Net_Ato end point Net_B, through an NGX Security Gateway?


Options are :

  • Net_A/Net_EWolP/accept
  • Net_A/Net_B/sip_any/accept (Correct)
  • Net_A/Net_EWolP_any/accept
  • Net_A/Net_B/sip and sip_any/accept

Answer : Net_A/Net_B/sip_any/accept

Check Point Certified Security Administrator Set 1

Which of the following commands shows full synchronization status?


Options are :

  • cphastop
  • fw ctl pstat
  • fwhastat
  • cphaproB. i list (Correct)
  • cphaproB. a if

Answer : cphaproB. i list

Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?


Options are :

  • Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
  • Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
  • Configure the SMTP Security Server to apply a generic "from" address to all outgoing mail.
  • Configure the SMTP Security Server to perform MX resolving.
  • Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain. (Correct)

Answer : Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain.

You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic passing through the QoS Module matches both rules, which of the following statements is true?


Options are :

  • 50% of available bandwidth will be allocated to the H.323 rule.
  • Neither rule will be allocated more than 10% of available bandwidth.
  • Each H.323 connection will receive at least 512 Kbps of bandwidth.
  • The H.323 rule will consume no more than 2048 Kbps of available bandwidth. (Correct)
  • 50% of available bandwidth will be allocated to the Default Rule.

Answer : The H.323 rule will consume no more than 2048 Kbps of available bandwidth.

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 2

By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:


Options are :

  • The user database is installed.
  • The Security Policy is installed. (Correct)
  • The Security Policy is saved.
  • The Security Administrator logs in to the standby SmartCenter Server, for the first time.
  • The standby SmartCenter Server starts for the first time.

Answer : The Security Policy is installed.

You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company's headquarters. You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?


Options are :

  • VPN-1 Pro Gateway and primary SmartCenter Server (Correct)
  • ClusterXL and SmartCenter Server
  • Policy Server and primary SmartCenter Server
  • VPN-1 Pro Gateway
  • SmartCenter Server

Answer : VPN-1 Pro Gateway and primary SmartCenter Server

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?


Options are :

  • MEGACO (Correct)
  • SCCP
  • SIP
  • H.323
  • MGCP

Answer : MEGACO

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

Your current stanD. alone VPN-1 NG with Application Intelligence (Al) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with Al R55 SmartCenter Server configuration to VPN-1 NGX.How do you upgrade to VPN-1 NGX?


Options are :

  • Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with Al R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select "upgrade all packages" on the NG with Al R55 Security Gateway.
  • Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine. Create a tar.gzfile, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgradejmport command to import $FWDIR\conf and $FWDIR\lib from the SecurePlatform machine.
  • Run the backup command in the existing SecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm CPsuitE. R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.
  • Insert the NGX CD in the existing NGwithAI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file. (Correct)

Answer : Insert the NGX CD in the existing NGwithAI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions