156-315.71 Check Point Security Expert R71 Practical Exam Set 3

Which changes are tracked by SmartWorkflow?


Options are :

  • Users, Administrators, Groups and VPN Communities
  • SmartDashboard, SmartView Tracker and SmartView Monitor logins and logouts
  • Security Policies and the Rule Base, Network Objects, Network Services, Resources, Users, Administrators, Groups, VPN Communities and Servers and OPSEC Applications. (Correct)
  • Security Policies and the Rule Base, Network Objects, Network Services, VPN Communities.

Answer : Security Policies and the Rule Base, Network Objects, Network Services, Resources, Users, Administrators, Groups, VPN Communities and Servers and OPSEC Applications.

You logged in to your firewall and discovered that the scheduled backup has been modified. Which of the below options is NOT a reason for the change?


Options are :

  • Another administrator updated the Backup Schedule using SmartUpdate (Correct)
  • Another administrator logged in to the WebUI and changed the setting without your knowledge
  • Another administrator issued a new backup command through the command line
  • Another administrator pushed a SmartProvisioning profile to the firewall

Answer : Another administrator updated the Backup Schedule using SmartUpdate

Check Point Certified Security Expert Exam Set 3

Your customer asks you about Check Point SmartWorkflow. His company must comply with various laws and regulations and therefore it is important for him to be able to see the changes made to a specific object. You explain to him that he can use the SmartWorkflow Software Blade to achieve this objective and show him some examples (Figures 1 - 3). How can the customer receive the required information?


Options are :

  • The customer can check compliance. This function compares the logs with the compliance requirements and automatically reports which part of the selected compliance is fulfilled and which is not.
  • The customer can use the Check Point's SmartView Tracker to view the required information. He selects the log category Changed Objects.
  • The customer can use the Check Point's SmartView Tracker directly to receive the required information. He selects the log category SmartWorkflow.
  • The customer can use the Record Details. This feature enables administrators to track changes that have been made to objects over an extended period of time. These changes are recorded in Smartview Tracker as audit logs. (Correct)

Answer : The customer can use the Record Details. This feature enables administrators to track changes that have been made to objects over an extended period of time. These changes are recorded in Smartview Tracker as audit logs.

What is a possible reason for the grayed out Restore Version button in the screenshot of the Database Revision Control while trying to restore Old_Structure?


Options are :

  • Old_Structure was not approved in SmartWorkflow.
  • No SmartWorkflow session is started. (Correct)
  • Self-created versions cannot be restored if there are newer versions created in SmartWorkflow.
  • With SmartWorkflow active, only SmartWorkflow revisions could be restored

Answer : No SmartWorkflow session is started.

After repairing a SmartWorkflow session:


Options are :

  • The session is continued with status Not approved and a new session must be started.
  • The session moves to status Awaiting Repair and must be resubmitted.
  • The session moves to status Repaired and a new session can be started (Correct)
  • The session is discarded and a new session is automatically started.

Answer : The session moves to status Repaired and a new session can be started

156-315.77 Check Point Certified Security Expert Exam Set 11

In SmartWorkflow, what is NOT a valid possibility?


Options are :

  • Task Flow without Session but with Role Segregation (Correct)
  • Task Flow with Session but without Role Segregation
  • Task Flow with Session and with Role Segregation
  • Task Flow without Session and without Role Segregation

Answer : Task Flow without Session but with Role Segregation

Where do Gateways managed by SmartProvisioning fetch their assigned profiles?


Options are :

  • The Security Management server or CMA (Correct)
  • They are fetched locally from the individual device
  • The standalone SmartProvisioning server
  • The Smartview Monitor

Answer : The Security Management server or CMA

The Management Portal Software Blade allows users to


Options are :

  • View Security Policies (Correct)
  • Create/Modify objects
  • Add/Delete rules
  • Monitor traffic flows

Answer : View Security Policies

Check Point Certified Security Expert Exam Set 7

How many events are shown by default in the Event preview pane?


Options are :

  • 30,000 (Correct)
  • 1,000
  • . 5,000
  • 15,000

Answer : 30,000

How is the SmartWorkflow Session Information Pane enabled?


Options are :

  • In SmartDashboard, click on View > Smart Workflow > Show Session Information Pane
  • In cpconfig, choose Enable Session Information Pane from the menu
  • In SmartView Tracker, click on SmartWorkflow > Show Session Information Pane
  • In SmartDashboard, click on SmartWorkflow > Show Session Information Pane (Correct)

Answer : In SmartDashboard, click on SmartWorkflow > Show Session Information Pane

Which file can you modify to change settings of the Management Portal? For example: changing the webserver port or to use HTTP instead of HTTPS.


Options are :

  • cp_http_admin.conf
  • cp_httpd.conf
  • cp_httpd_admin.conf (Correct)
  • cp_http.conf

Answer : cp_httpd_admin.conf

Check Point Certified Security Administrator Set 1

Your company is planning on moving their server farm to a new datacenter which requires IP changes to important network services including DNS, DHCP, and TFTP. Rather than manually logging in to all your firewalls and modifying the settings individually, you decide to purchase and enable SmartProvisioning. Assuming all your firewalls are on SPLAT, what is the minimum version required to update the firewalls' DNS and backup settings via SmartProvisioning?


Options are :

  • R62
  • R60 HFA 02
  • R71
  • R65 HFA 40 (Correct)

Answer : R65 HFA 40

When a tracked SmartEvent Candidate in a Candidate Pool becomes an Event, what does NOT happen in The Analyzer Server?


Options are :

  • SmartEvent provides the beginning and end time of the Event.
  • SmartEvent stops tracking logs related to the Candidate. (Correct)
  • The Correlation Unit keeps adding matching logs to the Event
  • The Event is kept open, but condenses many instances into one Event.

Answer : SmartEvent stops tracking logs related to the Candidate.

What happens to the session information after they are approved and a policy installation is done?


Options are :

  • An option is given to retain the session information, default being deletion of session information from the database. (Correct)
  • Session information is never deleted from the database.
  • It depends on the SmartWorkflow settings in Global Properties.
  • Session information can only be deleted before a policy is installed

Answer : An option is given to retain the session information, default being deletion of session information from the database.

156-215.70 Check Point Certified Security Administrator Exam Set 8

How is a change approved for implementation in SmartWorkflow?


Options are :

  • The change is submitted for approval and is automatically installed by the approver once the "Approve" button is clicked
  • The change is submitted for approval and is manually installed by the approver one the "Approve" button is clicked
  • The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the change.
  • The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change. (Correct)

Answer : The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.

When selecting a backup target using SmartProvisioning, which target is NOT available?


Options are :

  • Locally on device
  • SCP
  • TFTP
  • FTP (Correct)

Answer : FTP

In the following command, LSMcli [-d] "server" should be replaced with:


Options are :

  • IP address of the Security Management server (Correct)
  • GUIclient
  • Hostname of ROBO gateway
  • Hostname DAIP device

Answer : IP address of the Security Management server

156-315.77 Check Point Certified Security Expert Exam Set 14

Which of the following can NOT approve a change in a SmartWorkflow session?


Options are :

  • FireWall Administrators (Correct)
  • Customer Superusers
  • Provider-1 Superusers
  • FireWall Managers

Answer : FireWall Administrators

You have to uninstall the Check Point SmartWorkflow Software Blade on a SecurePlatform system. How can you perform this procedure?


Options are :

  • To uninstall the SmartWorkflow Software Blade you must first connect to your Security Management System on command line level. Then in the directory /opt/CPUninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u. Afterwards, follow the screen instructions and change to the directory /opt/CPUninstall/R70_HFA_10 and repeat the previous command. (Correct)
  • To uninstall the SmartWorkflow Software Blade you can connect to the SecurePlatform WebUI ( ) and select: Device > Upgrade. You will be asked if you want uninstall the SmartWorkflow Software Blade.
  • To uninstall the SmartWorkflow Software Blade, you use SmartUpdate. Click on the symbol of the Security Management Server, right-click, select Get Gateway Data, select SmartWorkflow, right -click uninstall SmartWorkflow. You will see the progress in the Operaration Status windows.
  • To uninstall the SmartWorkflow Software Blade, you must first connect to your Security Management System on the command line level. Then in the directory /opt/CPuninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u.

Answer : To uninstall the SmartWorkflow Software Blade you must first connect to your Security Management System on command line level. Then in the directory /opt/CPUninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u. Afterwards, follow the screen instructions and change to the directory /opt/CPUninstall/R70_HFA_10 and repeat the previous command.

Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that? (i) Use same hard driver for database directory, log files and temporary directory (ii) Use Consolidation Rules (iii) Limit logging to blocked traffic only (iv) Using Multiple Database Table


Options are :

  • (i), (iii) and (iv)
  • (i), (ii) and (iv)
  • (ii) and (iv) (Correct)
  • (i) and (ii)

Answer : (ii) and (iv)

Check Point Certified Security Expert Exam Set 7

You are using tracelogger to debug SSL VPN's server side and obtain a textual traffic dump. Which type of traffic will you NOT see in the output?


Options are :

  • Traffic outbound from the internal networks
  • Traffic outbound to the external networks
  • Traffic inbound from the external networks
  • Traffic to the portal (Correct)

Answer : Traffic to the portal

156-315.71 Check Point Security Expert R71 Practical Exam Set 3

The CoreXL SND (Secure Network Distributor) is responsible for:


Options are :

  • distributing non-accelerated packets among kernel instances. (Correct)
  • changing routes to distribute the load across multiple firewalls.
  • accelerating VPN traffic.
  • shutting down cores when they are not needed.

Answer : distributing non-accelerated packets among kernel instances.

A user attempts to initialize a network application using SSL Network Extender. The application fails to start. What is the MOST LIKELY solution?


Options are :

  • Select the option Enable SSL Network Extender Network Mode only.
  • Select the option Auto-detect client capabilities.
  • Select the option Turn off all SSL tunneling clients.
  • Select the option Enable SSL Network Extender Application Mode only (Correct)

Answer : Select the option Enable SSL Network Extender Application Mode only

Which procedure enables the SSL VPN blade on the gateway?


Options are :

  • Log into SmartDashboard, Create a new rule with the source and destination addresses of the needed remote network, set the action to Encrypt and push the policy to that gateway.
  • Log into SmartDashboard, Select the VPN Communities tab and add the gateway to the appropriate community.
  • Log into SmartDashboard, edit the properties of the Gateway, and select the SSL VPN check box. (Correct)
  • Log into WebUI on the gateway and check the SSL VPN Blade check box.

Answer : Log into SmartDashboard, edit the properties of the Gateway, and select the SSL VPN check box.

156-315.77 Check Point Certified Security Expert Exam Set 24

Can end users be forced to authenticate by using client certificates and username/password credentials?


Options are :

  • No, R71 only supports authentication by client certificates.
  • SSL VPN only supports server certificates
  • Yes, but by manually changing the parameter :IsPasswordWarning to true in the $FWDIR/conf/objects_5_0.C file, to allow for LDAP password remediation; and through the use of multiple-challenge login pages.
  • Yes, by editing the protection-level settings. (Correct)

Answer : Yes, by editing the protection-level settings.

You have configured an LDAP account unit and confirmed the Apply & Fetch Branches option works in SSL VPN, but end users still cannot be authenticated. What is the MOST LIKELY cause?


Options are :

  • The LDAP account unit's login Distinguished Name is incorrectly configured. (Correct)
  • The Administrator's login is incorrect.
  • The user is not defined in Active Directory.
  • The LDAP server is incorrectly configured.

Answer : The LDAP account unit's login Distinguished Name is incorrectly configured.

To configure a Security Management Server for an SSL VPN Gateway, you can set up log forwarding from that Gateway. All of the following tasks must be performed to accomplish this, EXCEPT:


Options are :

  • Establishing SIC between the Security Management Server and the SSL VPN Gateway.
  • Providing the Security Management Server's IP address.
  • Defining a remote log server in the "Remote Log Server" box. (Correct)
  • Initiating the putkey process in order to facilitate Secure Internal Communications (SIC).

Answer : Defining a remote log server in the "Remote Log Server" box.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 12

Which of the following statements about SSL VPN is TRUE?


Options are :

  • Traffic is encrypted, when it is initiated from a LAN.
  • All traffic is always encrypted.
  • Administration traffic is not encrypted.
  • Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal servers. (Correct)

Answer : Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal servers.

Which command can be used to verify SecureXL statistics?


Options are :

  • fw ctl pstat
  • fwaccel top
  • cphaprob stat
  • fwaccel stats (Correct)

Answer : fwaccel stats

Which internal user authentication protocols are supported in SSL VPN?


Options are :

  • Check Point Password, SecurID, L2TP, RADIUS, TACACS
  • Point Password, SecurID, OS Password, RADIUS, TACACS (Correct)
  • Check Point Password, SecurID, LDAP, RADIUS, TACACS
  • Check Point Password, SecurID, Active Directory, RADIUS, TACACS

Answer : Point Password, SecurID, OS Password, RADIUS, TACACS

156-315.77 Check Point Certified Security Expert Exam Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions