156-315.71 Check Point Security Expert R71 Practical Exam Set 1

Which of the following services will cause SecureXL templates to be disabled?


Options are :

  • TELNET
  • FTP (Correct)
  • LDAP
  • HTTPS

Answer : FTP

Check Point Certified Security Expert Exam Set 5

Included in the client's network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?


Options are :

  • Disable IGMP registration in switches that rely on IGMP packets
  • Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
  • ClusterXL supports IGMP snooping by default. There is no need to configure anything. (Correct)
  • Configure static CAMs to allow multicast traffic on specific ports.

Answer : ClusterXL supports IGMP snooping by default. There is no need to configure anything.

For a dedicated DLP Gateway that runs in inline bridge mode, why is it important to properly define the topology?


Options are :

  • By default. My Organization is defined by the internal interfaces of a DLP Gateway. (Correct)
  • Topology is used for Hide NAT
  • Topology definition is used for VPN communities definition.
  • Topology definition is necessary for correct anti-spoofing.

Answer : By default. My Organization is defined by the internal interfaces of a DLP Gateway.

What SmartConsole application allows you to change the Log Consolidation Policy?


Options are :

  • SmartDashboard (Correct)
  • SmartEvent Server
  • SmartUpdate
  • SmartReporter

Answer : SmartDashboard

156-215.13 Check Point Certified Security Administrator Exam Set 9

What does it mean when a Security Gateway is labeled Untrusted in the SmartProvisioning Status view?


Options are :

  • SmartProvisioning is not enabled on the Security Gateway,
  • cpd is not running at the Security Gateway.
  • The Security Gateway is down
  • SIC has not been established between the Security Gateway and the Security Management. (Correct)

Answer : SIC has not been established between the Security Gateway and the Security Management.

Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in SmartReporter?


Options are :

  • In SmartReporter, under Express > Network Activity
  • In SmartDashboard, the SmartView Monitor page in the R71 Security Gateway object (Correct)
  • In SmartView Monitor, under Global Properties > Log and Masters
  • In SmartReporter, under Standard > Custom

Answer : In SmartDashboard, the SmartView Monitor page in the R71 Security Gateway object

Which application is used to create a File-Share Application?


Options are :

  • SmartDashboard (SSL VPN Tab) (Correct)
  • SmartPortal WebUI (File-Share Tab)
  • Provider-1 MDG (Global VPNs Tab)
  • SSL VPN Portal WebUI (File-Share Tab)

Answer : SmartDashboard (SSL VPN Tab)

156-315.77 Check Point Certified Security Expert Exam Set 14

If SmartWorkflow is configured to work without Sessions or Role Segregation, how does the SmartDashboard function?


Options are :

  • All functions of SmartWorkflow will be available on a per rule basis.
  • The SmartDashboard will have no session but SmartView Tracker and audit trail will be available.
  • The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available. (Correct)
  • The SmartDashboard will function without SmartWorkflow, with no session and no audit trail functionality.

Answer : The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available.

Which of the following is NOT an SmartEvent event-triggered Automatic Reaction?


Options are :

  • SNMP Trap
  • Mail
  • External Script
  • Block Access (Correct)

Answer : Block Access

With SmartEvent, what is the Correlation Unit's function?


Options are :

  • Assign severity levels to events.
  • Invoke and define automatic reactions and add events to the database.
  • Display received threats and tune the Events Policy
  • Analyze log entries, looking for Event Policy patterns. (Correct)

Answer : Analyze log entries, looking for Event Policy patterns.

156-315.77 Check Point Certified Security Expert Exam Set 8

Which protocol is not supported for DLP?


Options are :

  • smtp
  • http
  • ftp
  • https (Correct)

Answer : https

To help organize events, SmartReporter uses filtered queries. Which of the following is NOT an SmartEvent event property you can query?


Options are :

  • Type: Scans, Denial of Service, Unauthorized Entry
  • State: Open, Closed, False Alarm
  • Event: Critical, Suspect, False Alarm (Correct)
  • Time: Last Hour, Last Day, Last Week

Answer : Event: Critical, Suspect, False Alarm

What are the 3 main components of the SmartEvent Software Blade? i) Correlation Unit ii) Correlation Client iii) Correlation Server iv) Analyzer Server v) Analyzer Client vi) Analyzer Unit


Options are :

  • i, ii, iii
  • i, iii, iv
  • iv, v, vi
  • i, iv, v (Correct)

Answer : i, iv, v

156-315.77 Check Point Certified Security Expert Exam Set 4

You need to determine if your company's Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?


Options are :

  • Successive DoS attacks
  • HTTP protocol inspection
  • Successive alerts
  • Successive multiple connections (Correct)

Answer : Successive multiple connections

SmartReporter Data Base settings could be modified in:


Options are :

  • $FWDIR/Eventia/conf/ini.C
  • $CPDIR/Database/conf/conf.C
  • $ERDIR/conf/my.cnf +f
  • $RTDIR/Database/conf/my.ini (Correct)

Answer : $RTDIR/Database/conf/my.ini

What happens when an Administrator activates the DLP Portal for Self Incident Handling and enters its fully qualified domain name (DNS name)?


Options are :

  • Connections created between the user and the DLP Gateway when clicking links within e-mail notifications to send or discard quarantined e-mails (matched for an Ask User rule) are encrypted.
  • UserCheck is activated.
  • The daemon running DLP Portal starts to run and can cater requests from users' browsers (following links from e-mail notifications) and from Check Point UserCheck. (Correct)
  • The DLP Gateway can now notify Data Owners about DLP incidents.

Answer : The daemon running DLP Portal starts to run and can cater requests from users' browsers (following links from e-mail notifications) and from Check Point UserCheck.

156-315.77 Check Point Certified Security Expert Exam Set 16

The We-Make-Widgets company has purchased twenty UTM-1 Edge appliances for their remote offices. Kim decides the best way to manage those appliances is to use SmartProvisioning and create a profile they can all use. List the order of steps Kim would go through to add the Dallas Edge appliance to the Remote Office profile using the output below. 1. Enter the name of the profile called "Remote Offices" 2. Change the provisioning profile to "Remote Offices" 3. Click File, then select New, then Provisioning Profile 4. Click on the Devices Tab 5. Highlight the Dallas Edge appliance, click Edit, then edit Gateway 6. Click on the Profiles Tab


Options are :

  • 6, 1, 3, 4, 5, 2
  • 4, 1, 3, 6, 5, 2
  • 4, 3, 1, 6, 5, 2
  • 6, 3, 1, 4, 5, 2 (Correct)

Answer : 6, 3, 1, 4, 5, 2

The Management Portal allows all of the following EXCEPT:


Options are :

  • View the status of Check Point products
  • Manage firewall logs
  • Schedule policy installation (Correct)
  • View administrator activity

Answer : Schedule policy installation

Which of the following items can be provisioned via a Profile through SmartProvisioning? i) Backup Schedule ii) DNS Entries iii) Hosts Table iv) Domain Name v) Interface IP's


Options are :

  • i, ii, iv
  • i, ii, iii, iv (Correct)
  • i
  • i, ii, iii, iv, v

Answer : i, ii, iii, iv

156-315.71 Check Point Security Expert R71 Practice Exam Set 6

Which of these is a type of acceleration in SecureXL?


Options are :

  • GRE
  • FTP
  • connection rate (Correct)
  • QoS

Answer : connection rate

You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R71 installed in a distributed deployment. Can they be members of a Gateway Cluster?


Options are :

  • No, because the Security Gateways must be installed in a stand-alone installation.
  • Yes, as long as they have the same IPSO and Check Point versions. (Correct)
  • No. because the appliances must be of the same model (both should be IP565 or IP395).
  • No, because IP does not have a cluster option.

Answer : Yes, as long as they have the same IPSO and Check Point versions.

Which procedure will create an Internal User?


Options are :

  • In the Users and Administrators tab, click User Groups I Clientless-vpn-user and add the SSL VPN user to the Clientless-vpn-user group
  • From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click NewUser I Default (Correct)
  • In the Users and Administrators tab, right click Users and click SSL VPN User
  • In the General Properties of the gateway, click the SSL VPN check box. The SSL VPN Blade Wizard will launch and Step 2 will allow adding new users who will be imported from a RADIUS server.

Answer : From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click NewUser I Default

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

When using IPS, what does Geo protection do?


Options are :

  • To block traffic from and to a specific person
  • To block traffic from and to a specific company
  • To block traffic from and to a specific city
  • To block traffic from and to a specific country (Correct)

Answer : To block traffic from and to a specific country

When two or more DLP rules are matched, the action taken is the most restrictive action. Rank the following items from the lowest restriction level (1) to the highest (4). 1.Ask User 2.Prevent 3.Detect 4.Inform User


Options are :

  • 3,4,1,2
  • 4,1,3,2
  • 3,1,4,2 (Correct)
  • 4,3,1,2

Answer : 3,1,4,2

You need to verify the effectiveness of your IPS configuration for your Web server farm. You have a colleague run penetration tests to confirm that the Web servers are secure against traffic hijacks. Of the following, which would be the best configuration to protect from a traffic hijack attempt?


Options are :

  • Activate the Cross-Site Scripting property. (Correct)
  • Create resource objects for the Web farm servers and configure rules for the Web farm.
  • Configure TCP defenses such as Small PMTU size.
  • Enable the Web intelligence > SQL injection setting.

Answer : Activate the Cross-Site Scripting property.

156-315.77 Check Point Certified Security Expert Exam Set 6

When synchronizing clusters, which of the following statements is NOT true?


Options are :

  • In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
  • Only cluster members running on the same OS platform can be synchronized
  • User Authentication connections will be lost by the cluster
  • An SMTP resource connection using CVP will be maintained by the cluster. (Correct)

Answer : An SMTP resource connection using CVP will be maintained by the cluster.

Using the Backup Target functionality in SmartProvisioning, what targets are available? i) FTP ii) TFTP iii) SFTP iv) SCP v) Locally


Options are :

  • ii, iv, v (Correct)
  • i, ii, iv
  • i, ii, iii, iv
  • i

Answer : ii, iv, v

SmartProvisioning can provision the Operating System and network settings on which of the following?


Options are :

  • R65 HFA 40 Security Gateways arid above (Correct)
  • Edge firmware 6.x and above
  • IPSO 4.2 Security Gateways
  • NGX Security Appliances

Answer : R65 HFA 40 Security Gateways arid above

156-115 Check Point Certified Security Master Practice Exam Set 5

Which version is the minimum requirement for SmartProvisioning?


Options are :

  • R70
  • R70.20
  • R65 HFA 40 (Correct)
  • R71

Answer : R65 HFA 40

SmartProvisioning uses different types of profiles to manage and provision the gateways. These types are:


Options are :

  • Provisioning Profiles and Gateways Profiles
  • SmartLSM Security Profiles and SmartDashboard Profiles
  • SmartConsole Profiles and SmartFilter Profiles
  • SmartLSM Security Profiles and Provisioning Profiles (Correct)

Answer : SmartLSM Security Profiles and Provisioning Profiles

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions