156-315.71 Check Point Security Expert R71 Practical Exam Set 7

VPN routing can also be configured by editing which file?


Options are :

  • $FWDIR\conf\vpn_route.c
  • $FWDIR\conf\vpn_route.conf (Correct)
  • $FWDIR\bin\vpn_route.conf
  • $FWDIR\VPN\route_conf.c

Answer : $FWDIR\conf\vpn_route.conf

How do you block some seldom-used FTP commands, such as CWD, and FIND from passing through the Gateway?


Options are :

  • Enable FTP Bounce checking / Application Intelligence / Protocol Protections from the IPS tab
  • Modify the desired profile in the FTP commands under Protection Details in the IPS tab (Correct)
  • Add the restricted commands to the aftpd.conf file in the Security Management Server
  • Configure the restricted FTP commands in the Security Servers screen of the Global Properties.

Answer : Modify the desired profile in the FTP commands under Protection Details in the IPS tab

156-115 Check Point Certified Security Master Practice Test Set 3

What is a sticky connection?


Options are :

  • A sticky connection is a connection that remains the same.
  • A sticky connection is one in which a reply packet returns through the same gateway as the original packet (Correct)
  • A sticky connection is a VPN connection that remains up until you manually bring it down.
  • A sticky connection is a connection that always chooses the same gateway to set up the initial connection.

Answer : A sticky connection is one in which a reply packet returns through the same gateway as the original packet

Included in the customer's network are some firewall systems with the Performance Pack in use. The customer wishes to use these firewall systems in a cluster (load sharing mode). He is not sure if he can use the Sticky Decision Function in this cluster. Explain the situation to him.


Options are :

  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to configure it with the clusterXL_SDF_enable command.
  • The customer can use the firewalls with Performance Pack inside the cluster, which should support the Sticky Decision Function. It is just necessary to enable the Sticky Decision Function in the SmartDashboard cluster object in the ClusterXL page, Advanced Load Sharing Configuration window.
  • ClusterXL always supports the Sticky Decision Function in the load sharing mode.
  • Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products. (Correct)

Answer : Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.

Using IPS, how do you notify the Security Administrator that malware is scanning specific ports? By enabling:


Options are :

  • Malware Scan protection
  • Malicious Code Protector
  • Host Port Scan
  • Sweep Scan protection (Correct)

Answer : Sweep Scan protection

156-215.77 Check Point Certified Security Administrator Exam Set 5

In ClusterXL, which of the following are defined by default as a critical device?


Options are :

  • fw.d
  • Filter (Correct)
  • protect.exe
  • PROT_SRV.EXE

Answer : Filter

How can you view the virtual cluster interfaces of a Cluster XL environment?


Options are :

  • cphaprob -a list
  • cphaprob -a if (Correct)
  • cphaprob -ia if
  • cphaprob -ia list

Answer : cphaprob -a if

If both domain-based and route-based VPNs are configured, which will take precedence?


Options are :

  • Must be chosen/configured manually by the Administrator in the VPN community object
  • Must be chosen/configured manually by the Administrator in the Policy > Global Properties
  • Route-based
  • Domain-based (Correct)

Answer : Domain-based

156-215.70 Check Point Certified Security Administrator Exam Set 6

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?


Options are :

  • The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated.
  • An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status. (Correct)
  • Creates a High Availability implementation between the Gateways installed on the Security Management Servers.
  • Allows for faster seamless failover: from active-to-active instead of standby-to-active

Answer : An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members.


Options are :

  • Shoutcast
  • Multicast (Correct)
  • Unicast
  • Broadcast

Answer : Multicast

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered? (1) Each member must have a unique source IP address (2) Every interface on each member requires a unique IP address (3) All VTIs going to the same remote peer must have the same name. (4) Custer IP addresses are required.


Options are :

  • 1, 2, 3 and 4
  • 2 and 3
  • 1, 2, and 4 (Correct)
  • 1, 3, and 4

Answer : 1, 2, and 4

156-315.77 Check Point Certified Security Expert Exam Set 5

How can you view the critical devices on a cluster member in a Cluster XL environment?


Options are :

  • cphaprob -ia if
  • cphaprob -a list
  • cphaprob -a if
  • cphaprob -ia list (Correct)

Answer : cphaprob -ia list

Which of these four Check Point QoS technologies prevents the transmission of redundant packets when multiple copies of a packet are concurrently queued on the same flow?


Options are :

  • Weighted Flow Random Early Drop (WFRED)
  • Stateful Inspection
  • Retransmission Detection Early Drop (RDED) (Correct)
  • Intelligent Queuing Engine

Answer : Retransmission Detection Early Drop (RDED)

Which technology would describe RDED for Qos?


Options are :

  • A mechanism to accurately classify traffic and place it in the proper transmission queue.
  • A mechanism for managing packet buffers
  • A mechanism for reducing the number of retransmits and retransmit storms (Correct)
  • A mechanism to derive complete state and context information for all network traffic.

Answer : A mechanism for reducing the number of retransmits and retransmit storms

156-315.77 Check Point Certified Security Expert Exam Set 8

If ClusterXL Load Sharing is enabled with state synchronization enabled, what will happen if one member goes down?


Options are :

  • The connections are dropped as Load Sharing does not support High Availability.
  • There is no state synchronization on Load Sharing, only on High Availability
  • The processing of all connections handled by the faulty machine is immediately taken over by the other member(s). (Correct)
  • The processing of all connections handled by the faulty machine is dropped, so all connections need to be re-established through the other machine(s).

Answer : The processing of all connections handled by the faulty machine is immediately taken over by the other member(s).

The TotallyCoolSecurity Company has a large security staff. Bob configured a new IPS Chicago_Profile for fw-chicago using Detect mode. After reviewing logs, Matt noticed that fw-Chicago is not detecting any of the IPS protections that Bob had previously setup. Analyze the output below and determine how Matt can correct the problem.


Options are :

  • Matt should re-create the Chicago_Profile and select Activate protections manually instead of per the IPS Policy.
  • Matt should activate the Chicago_Profile as it is currently not activated.
  • Matt should assign the fw-chicago Security Gateway to the Chicago_Profile (Correct)
  • Matt should change the Chicago_Profile to use Protect mode because Detect mode will not work.

Answer : Matt should assign the fw-chicago Security Gateway to the Chicago_Profile

What is the command to show OSPF adjacencies?


Options are :

  • show ip ospf neighbor (Correct)
  • show ospf interface
  • show ospf summary-address
  • show running-config

Answer : show ip ospf neighbor

156-315.77 Check Point Certified Security Expert Exam Set 5

If Victor wanted to edit new Signature Protections, what tab would he need to access in SmartDashboard?


Options are :

  • QoS Tab
  • SmartDefense Tab
  • IPS Tab (Correct)
  • IPSec VPN Tab

Answer : IPS Tab

Please review the following QoS policy: Assume you have 200 Kbps bandwidth available at all times. Which statement would describe this policy?


Options are :

  • All traffic will receive sufficient bandwidth because the default rule has a low weight value
  • All traffic matching the default rule will have priority
  • Guarantee values are set too high, you have no bandwidth available for anything else besidestraffic describe in first rules. (Correct)
  • The un-named rule has a total Guarantee of 5 Kbps, which should be 50 and lower the other Guarantees.

Answer : Guarantee values are set too high, you have no bandwidth available for anything else besidestraffic describe in first rules.

A connection is said to be Sticky when:


Options are :

  • A copy of each packet in the connection sticks in the connection table until a corresponding reply packet is received from the other side.
  • The connection information sticks in the connection table even after the connection has ended
  • A connection is not terminated by either side by FIN or RST packet.
  • All the connection packets are handled, in either direction, by a single cluster member. (Correct)

Answer : All the connection packets are handled, in either direction, by a single cluster member.

156-315.71 Check Point Security Expert R71 Practical Exam Set 4

Using the output below, what does the red flag indicate for the MS08-067 Protection?


Options are :

  • It indicates this protection is for a new 0-day vulnerability
  • It indicates this protection is a critical
  • It indicates this protection's severity level was modified from the default setting by the administrator
  • It indicates this is for follow up (Correct)

Answer : It indicates this is for follow up

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 6

To backup all events stored in the SmartEvent Server, you should back up the contents of which folder(s)?


Options are :

  • $FWDIR/distrib_db and $FWDIR/events
  • $FWDIR/events_db
  • $FWDIR/distrib and $FWDIR/events_db (Correct)
  • $FWDIR/distrib

Answer : $FWDIR/distrib and $FWDIR/events_db

In R71, My Organization e-mail addresses or domains are used for:


Options are :

  • Scanning e-mails only if its sender e-mail address is part of this definition, by default (Correct)
  • FTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by default.
  • Defining the e-mail address of the SMTP relay server.
  • HTTP traffic sent from a user where his e-mail is part of this definition scanned by DLP, by default

Answer : Scanning e-mails only if its sender e-mail address is part of this definition, by default

Which of the following is NOT TRUE regarding HTTPS traffic being passed through a DLP gateway?


Options are :

  • You must configure the DLP gateway to allow HTTP/HTTPS traffic through the proxy if you have a web proxy between the DLP gateway and the internet.
  • HTTPS traffic is not scanned by DLP
  • Only one proxy can be configured for DLP
  • You must edit the $FWDIR/conf/fwauthd.conf file in order for HTTPS traffic to be passed to your Web Proxy through a DLP gateway. (Correct)

Answer : You must edit the $FWDIR/conf/fwauthd.conf file in order for HTTPS traffic to be passed to your Web Proxy through a DLP gateway.

156-315.77 Check Point Certified Security Expert Exam Set 1

For proper system operation, the Administrator has to configure the DLP Portal and define its DNS name for which of the following conditions?


Options are :

  • If the DLP Policy is applied to HTTP traffic
  • If there are one or more Ask User rules. (Correct)
  • If there are one or more Inform Rules.
  • If the action of all rules is Detect and no Data Owners are configured.

Answer : If there are one or more Ask User rules.

If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?


Options are :

  • Consolidation Policy (Correct)
  • Report Policy
  • Log Sequence Policy
  • Log Consolidator Policy

Answer : Consolidation Policy

In a particular IPS protection in R71 in the Logging Settings, what does the Capture Packets option do?


Options are :

  • Starts a packet capture at the time of policy install to capture all of the traffic until this protection is hit.
  • Attaches a packet capture of the traffic that matches this particular protection to each log that the protection generates. (Correct)
  • This is not a valid selection in R71
  • Collects all of the logs for packets that have matched this protection within the last 30 days

Answer : Attaches a packet capture of the traffic that matches this particular protection to each log that the protection generates.

156-215.70 Check Point Certified Security Administrator Exam Set 7

What access level cannot be assigned to an Administrator in SmartEvent?


Options are :

  • Write only (Correct)
  • Events Database
  • Read only
  • No Access

Answer : Write only

How many pre-defined exclusions are included by default in SmartEvent R71 as part of the product installation?


Options are :

  • 5
  • 0
  • 10
  • 3 (Correct)

Answer : 3

Which DLP action would describe the following action: The data transmission event is logged in SmartView Tracker. Administrators with permission can view the data that was sent. The traffic is passed.


Options are :

  • Inform User
  • Prevent
  • Ask User
  • Detect (Correct)

Answer : Detect

156-215.13 Check Point Certified Security Administrator Exam Set 9

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now