156-315.71 Check Point Security Expert R71 Practical Exam Set 2

The relay mail server configured under Email Notifications is used by the DLP Gateway to: (Choose the BEST answer.)


Options are :

  • Define My Organization / DLP Gateway and scan only e-mails that originate from this relay server.
  • If UserCheck is configured, there is no need to configure this relay server if there are no Ask User rules and there is no need to notify any Data Owners.
  • Send e-mail notifications to users and Data Owners. (Correct)
  • Synchronize with other mail servers in the network.

Answer : Send e-mail notifications to users and Data Owners.

156-315.13 Check Point Security Expert R76 (GAiA) Exam Set 1

___________ is a proprietary Check Point protocol. It is the basis for Check Point ClusterXL inter-module communication


Options are :

  • RDP
  • CCP (Correct)
  • HA OPCODE
  • CKPP

Answer : CCP

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?


Options are :

  • You did not activate synchronization within the Global Properties.
  • You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
  • If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other. (Correct)
  • You are using different time zones.

Answer : If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

Which of the following load-balancing methods is not valid?


Options are :

  • Domain
  • They are all valid (Correct)
  • Round trip
  • Random

Answer : They are all valid

Check Point Certified Security Expert Exam Set 8

Check Point New Mode HA is a(n)__________solution.


Options are :

  • primary-domain
  • hot-standby (Correct)
  • acceleration
  • load-balancing

Answer : hot-standby

A Security Administrator opens a new session, makes changes to the policy and submits the session for approval. The Security Manager may approve the session or request repair. If a manager opens a new session and submits it for approval, can he approve his session as a Security Manager?


Options are :

  • Yes, he can always approve his own session.
  • It depends on the SmartWorkflow settings in Global Properties. (Correct)
  • No, he can never approve his own session.
  • It depends on the type of changes made in the session

Answer : It depends on the SmartWorkflow settings in Global Properties.

You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user's system is infected with a worm. Will you get all the information you need from these actions?


Options are :

  • Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
  • No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of the traffic.
  • No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research. (Correct)
  • No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.

Answer : No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research.

Check Point Certified Security Expert Exam Set 7

What is a "sticky" connection?


Options are :

  • A "sticky" connection is a connection that remains the same.
  • A "sticky" connection is one in which a reply packet returns through the same gateway as the original packet. (Correct)
  • A "sticky” connection is a connection that always chooses the same gateway to set up the initial connection.
  • A "sticky" connection is a VPN connection that remains up until you manually bring it down.

Answer : A "sticky" connection is one in which a reply packet returns through the same gateway as the original packet.

What is the best method for scheduling backup's on multiple firewalls?


Options are :

  • SmartProvisioning (Correct)
  • SmartUpdate
  • WebUI
  • Smart Dashboard

Answer : SmartProvisioning

You just upgraded to R71 and are using the IPS Software Blade. You want to enable all critical protections while keeping the rate of false positive very low. How can you achieve this?


Options are :

  • The new IPS system is based on policies and gives you the ability to activate al checks with critical severity and a high confidence level. (Correct)
  • As in SmartDefense, this can be achieved by activating all the critical checks manually
  • new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.
  • This can't be achieved; activating any IPS system always causes a high rate of false positives.

Answer : The new IPS system is based on policies and gives you the ability to activate al checks with critical severity and a high confidence level.

156-315.77 Check Point Certified Security Expert Exam Set 6

Which of the following is NOT a supported browser for Management Portal?


Options are :

  • Internet Explorer
  • Mozilla
  • Firefox
  • Safari (Correct)

Answer : Safari

Check Point Certified Security Administrator Set 4

Which of the following software blades can be used to provide centralized backup management?


Options are :

  • SmartBackup
  • SmartProvisioning (Correct)
  • SmartDashboard
  • SmartGateway

Answer : SmartProvisioning

Which of the following files is used to allow only specific IPs or networks to access the Management Portal?


Options are :

  • cpportal_allowips
  • hosts.allow (Correct)
  • allowedips.portal
  • portal.ips

Answer : hosts.allow

The London office just upgraded their DNS servers so their Gateway needs to be updated with the new settings. What would be the BEST way for Henry to change the DNS settings for London's Gateway?


Options are :

  • Edit the Gateway's DNS settings from the Edit Gateway, then selecting the DNS tab
  • DNS settings for that Gateway cannot be changed
  • Edit the Europe Profile (Correct)
  • Edit the Canada Profile

Answer : Edit the Europe Profile

156-315.77 Check Point Certified Security Expert Exam Set 2

Your customer wishes to use SmartWorkflow Software Blade, but he also wishes to install a policy during an emergency without an approval. Is it possible?


Options are :

  • Yes, it is possible, but this feature must be configured in Global Properties and the administrator must provide a special password.
  • Yes, it is possible, but this feature must be configured in the Global Properties. The administrator must provide a special password and the reason for this emergency installation. (Correct)
  • Yes, it is possible but the administrator must receive special administrator permission, i.e., Can install in emergency. You can use the new GUI to set the administration security setting.
  • No, if a customer uses the SmartWorkflow Software Blade, a policy must be approved.

Answer : Yes, it is possible, but this feature must be configured in the Global Properties. The administrator must provide a special password and the reason for this emergency installation.

When configuring a Web Application for SSL VPN remote access, you have given the following definition for the application along with its protection level. Which of the following is the best match for the above application?


Options are :

  • dmz.example.com/extranet
  • www.dmz.example/extrane
  • hr.dmz.example.com/intranet
  • www.example.com/intranet (Correct)

Answer : www.example.com/intranet

David is the MultiCorp Security Manager and approves the proposals submitted by the Security Administrator Peter. One day, David believes he has detected a vulnerability in the Security Policy. He submits a change proposal and tries to approve his own submission. The system does not allow him to perform this procedure. What is the reason for this behavior?


Options are :

  • The proposal contains some logical contradictions. The Check Point verification control does not permit this change to be carried out.
  • The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in Global Properties was set to On. (Correct)
  • The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in the SmartWorkflow section of the Firewall object properties was set to On.
  • The company does not allow David to submit and also approve the same policy change. David was assigned the Approve only permission (instead of Submit and Approve).

Answer : The company does not allow David to submit and approve the same policy change. The setting Manager cannot approve their submitted sessions in Global Properties was set to On.

Check Point Certified Security Expert Exam Set 12

You start the configuration of SmartWorkflow. SmartWorkflow is enabled, but you are not able to select Open New Session because it is greyed out. What must be done to open a new session? Choose the BEST answer.


Options are :

  • A rule which allows the SmartWorkflow traffic must be placed on the top of the Rule Base.
  • The use of sessions must be enabled by the CLI command: SWF_session start.
  • Sessions in the Manage menu of SmartDashboard must be selected and enabled.
  • The Work with sessions in Global Properties must be set. (Correct)

Answer : The Work with sessions in Global Properties must be set.

When using SmartWorkflow, how many sessions can be in progress at the same time?


Options are :

  • 2
  • 3
  • 1 (Correct)
  • B. As many as you want

Answer : 1

Your customer wishes to install SmartWorkflow on top of R70 Security Management Server (Windows system). What is the required disk space?


Options are :

  • 880 MB (Correct)
  • 512 MB
  • 1 GB
  • 1256 MB

Answer : 880 MB

156-315.77 Check Point Certified Security Expert Exam Set 16

Which of the following can NOT be done on the Management Portal?


Options are :

  • Run the Management Portal on a port other than the default port 4433 (Correct)
  • Restrict hosts / networks that can access the portal
  • Configure Management Portal to bypass authentication when connecting from a specific IP address
  • Set the Management Portal to use HTTP instead of HTTPS

Answer : Run the Management Portal on a port other than the default port 4433

The SmartProvisioning management concept is based on:


Options are :

  • Regions
  • Profiles (Correct)
  • Zones
  • Groups

Answer : Profiles

When a security administrator logs in to SmartDashboard and selects Continue without session from the following window, what kind of access will be granted to him in SmartDashboard?


Options are :

  • A new session will automatically be created with a default session name along with date and time. All changes made by the manager will be saved in this new session.
  • He will get read-only access to the policy, network objects and session management.
  • No access will be granted, he will be logged out of SmartDashboard.
  • He will get read-only access to the policy and network objects; however, he can still manage the sessions, i.e. Approve, Request Repair etc. (Correct)

Answer : He will get read-only access to the policy and network objects; however, he can still manage the sessions, i.e. Approve, Request Repair etc.

156-315.77 Check Point Certified Security Expert Exam Set 3

While using the SmartProvisioning Wizard to create a new profile, you cannot continue because there are no devices to select. What is a possible reason for this? i) All devices already have a profile assigned to them ii) Provisioning Blade is not enabled on the devices iii) No UTM- 1/Power- 1/Secure Platform devices are defined in SmartDashboard iv) SIC is not established on the devices.


Options are :

  • (ii) only
  • (i) or (iii) (Correct)
  • (ii), (iii) or (iv)
  • (iii) or (iv)

Answer : (i) or (iii)

What command will stop all (and only) Management Portal services?


Options are :

  • cpstop
  • sportalstop
  • spstop
  • smartportalstop (Correct)

Answer : smartportalstop

Your customer wishes to install the SmartWorkflow Software Blade on a R70 Security Management server (SecurePlatform). Which is the correct method?


Options are :

  • You must upgrade the Management Server to the version R70.1 first before you start the installation of the SmartWorkflow Software Blade plug-in.
  • When you install the R70.1 package on an R70 Security Management server, it will be upgraded to version R70.1 with SmartWorkflow. (Correct)
  • The SmartWorkflow Software Blade is included in the standard R70 version. You need to enable it via cpconfig.
  • The SmartWorkflow works directly on the version R70. Install the SmartWorkflow as an add-on. The version of the Management server remains R70.

Answer : When you install the R70.1 package on an R70 Security Management server, it will be upgraded to version R70.1 with SmartWorkflow.

Check Point Certified Security Expert Exam Set 4

Susan needs to change the DNS settings on her SecurePlatform Gateway. Using the output below, which Gateway could she edit directly from the Devices view using Edit Gateway, then selecting the DNS tab?


Options are :

  • Berlin-GW
  • Prague-GW
  • Seoul-Edge
  • Paris-GW (Correct)

Answer : Paris-GW

When does the SmartWorkflow Policy Installation window appear?


Options are :

  • When the administrator submits a session for approval
  • When the administrator installs an approved policy
  • When the manager approves a session
  • When the administrator installs an unapproved policy (Correct)

Answer : When the administrator installs an unapproved policy

Where is the ideal place to deploy your SSL VPN?


Options are :

  • SSL VPN enabled on the gateway
  • Deployed in DMZ (Correct)
  • In front of the external interface on the gateway
  • Anywhere

Answer : Deployed in DMZ

Check Point Certified Security Expert Exam Set 12

How is Smart Workflow disabled?


Options are :

  • In cpconfig, choose Disable Smart Workflow from the menu
  • Open Smart Workflow as admin. Create new session and name it Disable Smart Workflow. In SmartDashboard click Smart Workflow > Disable Smart Workflow, click OK in the warning box, click Save and Continue (Correct)
  • In SmartView Tracker, click on SmartWorkflow > Disable Smart Workflow
  • In SmartDashboard, click on View > Smart Workflow > Disable Smart Workflow

Answer : Open Smart Workflow as admin. Create new session and name it Disable Smart Workflow. In SmartDashboard click Smart Workflow > Disable Smart Workflow, click OK in the warning box, click Save and Continue

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now