156-315.71 Check Point Security Expert R71 Practice Exam Set 1

What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?


Options are :

  • VoIP protocol-specific log fields are not included in SmartView Tracker entries. (Correct)
  • The SmartCenter Server stops importing logs from VoIP servers.
  • Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.
  • IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.
  • The log field setting in rules for VoIP protocols are ignored.

Answer : VoIP protocol-specific log fields are not included in SmartView Tracker entries.

Check Point Certified Security Expert Exam Set 2

How do you control the maximum mail messages in a spool directory?


Options are :

  • In the gateway object's SMTP settings in the Advanced window (Correct)
  • In SmartDefense SMTP settings
  • In the Security Server window in Global Properties
  • In the SMTP resource object
  • In the smtp.conf file on the SmartCenter Server

Answer : In the gateway object's SMTP settings in the Advanced window

Which operating system is NOT supported by VPN-1 Secure Client?


Options are :

  • Windows 2000 Professional
  • Windows XP SP2
  • IPSO 3.9 (Correct)
  • RedHat Linux 8.0
  • MacOSX

Answer : IPSO 3.9

Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?


Options are :

  • Weighted Fair Queuing
  • Low Latency Queuing
  • Limits
  • Guarantees
  • Differentiated Services (Correct)

Answer : Differentiated Services

156-315.77 Check Point Certified Security Expert Exam Set 6

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is NOT provided by a CIFS resource?


Options are :

  • Log access shares
  • Log mapped shares
  • Allow MS print shares (Correct)
  • Block Remote Registry Access

Answer : Allow MS print shares

You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?


Options are :

  • Only the patch utility is upgraded using this command
  • Only VPN-1 Pro Security Gateway
  • All products, except the Policy Server
  • Only the OS
  • Both the operating system (OS) and all Check Point products (Correct)

Answer : Both the operating system (OS) and all Check Point products

Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay. Which of the following is the most efficient configuration method?


Options are :

  • Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain. (Correct)
  • Configure the SMTP Security Server to perform MX resolving.
  • Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
  • Configure the SMTP Security Server to apply a generic "from" address to all outgoing mail.
  • Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.

Answer : Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain.

156-315.77 Check Point Certified Security Expert Exam Set 9

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security. Which of the following services is provided by a CIFS resource?


Options are :

  • Allow MS print shares
  • Access Violation logging.
  • Logging Mapped Shares (Correct)
  • Allow Unix file sharing.

Answer : Logging Mapped Shares

Your VPN Community includes three Security Gateways. Each Gateway has its own internal network defined as a VPN Domain. You must test the VPN-1 NGX routE. based VPN feature, without stopping the VPN. What is the correct order of steps?


Options are :

  • 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain in each gateway object. 3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new network to each peer's VTI interface. (Correct)
  • 1. Add a new interface on each Gateway. 2. Add the newly added network into the existing VPN Domain for each gateway object. 3. Create VTIs on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new networks to each peer's VTI interface.
  • 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain for each Gateway. 3. Create VTIs on each Gateway, to point to the other two peers 4. Enable advanced routing on all three Gateways.
  • 1. Add a new interface on each Gateway. 2. Add the newly added network into the existing VPN Domain for each Gateway. 3. Create VTIs on each gateway object, to point to the other two peers. 4. Enable advanced routing on all three Gateways.

Answer : 1. Add a new interface on each Gateway. 2. Remove the newly added network from the current VPN Domain in each gateway object. 3. Create VPN Tunnel Interfaces (VTI) on each gateway object, to point to the other two peers. 4. Add static routes on three Gateways, to route the new network to each peer's VTI interface.

Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?


Options are :

  • URI
  • FTP
  • CIFS (Correct)
  • Telnet
  • HTTP

Answer : CIFS

156-115 Check Point Certified Security Master Practice Test Set 5

You are preparing to configure your VoIP Domain Gatekeeper object. Which two other objects should you have created first?


Options are :

  • An object to represent the call manager, AND an object to represent the host on which the transmission router is installed
  • An object to represent the PSTN phone network, AND an object to represent the IP phone network
  • An object to represent the IP phone network, AND an object to represent the host on which the proxy is installed
  • An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed (Correct)
  • An object to represent the Q.931 service origination host, AND an object to represent the H.245 termination host

Answer : An object to represent the IP phone network, AND an object to represent the host on which the gatekeeper is installed

You want to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?


Options are :

  • SVN Foundation and VPN-1 Express/Pro
  • VPN-1 and Firewall-1
  • SecurePlatform NGX R60 (Correct)
  • SVN Foundation 3 E. VPN-1 Pro/Express NGXR60

Answer : SecurePlatform NGX R60

Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys. Which of the following options will end the intruder's access, after the next Phase 2 exchange occurs?


Options are :

  • SHA1 Hash Completion
  • Phase 3 Key Revocation
  • MD5 Hash Completion
  • DES Key Reset
  • Perfect Forward Secrecy (Correct)

Answer : Perfect Forward Secrecy

156-215.77 Check Point Certified Security Administrator Exam Set 1

Which of the following TCP port numbers is used to connect the VPN-1 Gateway to the Content Vector Protocol (CVP) server?


Options are :

  • 1456
  • 18180
  • 18182
  • 18181 (Correct)
  • 7242

Answer : 18181

In a distributed VPN-1 Pro NGX environment, where is the Internal Certificate Authority (ICA) installed?


Options are :

  • On the primary SmartCenter Server (Correct)
  • On the Policy Server
  • Certificate Manager Server
  • On the Smart View Monitor
  • On the Security Gateway

Answer : On the primary SmartCenter Server

Which VPN Community object is used to configure VPN routing within the SmartDashboard?


Options are :

  • Map
  • Star (Correct)
  • Remote Access
  • Mesh

Answer : Star

Check Point Certified Security Expert Exam Set 1

DShield is a Check Point feature used to block which of the following threats?


Options are :

  • Trojan horses
  • DDOS (Correct)
  • Buffer overflows
  • Cross Site Scripting
  • SQL injection

Answer : DDOS

You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects: Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.100.100 VoIP Domain object: VolP_domain_A 1. EnD. point domain: SIP-net 2.VoIP gateway installed at: SIP-gateway host object How would you configure the rule?


Options are :

  • VolP_Gateway_MJet_B/sip_any/accept
  • SIP- G ateway/N et_B/s i p_a ny/a c c e pt
  • SIP-Gateway/Net_B/sip/accept
  • . VolP_domain_A/Net_B/sip_any, and sip/accept
  • VolP_domain_A/Net_B/sip/accept (Correct)

Answer : VolP_domain_A/Net_B/sip/accept

The following rule contains an FTP resource object in the Service field: Source: local_net Destination: Any Service: FTP-resource object Action: Accept How do you define the FTP Resource Properties > Match tab to prevent internal users from receiving corporate files from external FTP servers, while allowing users to send files?


Options are :

  • Enable the "Put" method only on the Match tab. (Correct)
  • Disable the "Put" method globally.
  • Disable "Get" and "Put" methods on the Match tab.
  • Enable "Put" and "Get" methods.
  • Enable the "Get" method on the Match tab.

Answer : Enable the "Put" method only on the Match tab.

Check Point Certified Security Administrator Set 5

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:


Options are :

  • Three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York, is the satellite.
  • Two stars and one mesh Community; each star Community is set up for each site, withheadquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters (Correct)

Answer : Two stars and one mesh Community; each star Community is set up for each site, withheadquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

You plan to incorporate OPSEC servers, such as Websense and Trend Micro, to do content filtering. Which segment is the BEST location for these OPSEC servers, when you consider Security Server performance and data security?


Options are :

  • On the Internet
  • Dedicated segment of the network (Correct)
  • DMZ network, where application servers are located
  • On the Security Gateway
  • Internal network, where users are located

Answer : Dedicated segment of the network

You plan to install a VPN-1 Pro Gateway for VPN-1 NGX at your company's headquarters. You have a single Sun SPARC Solaris 9 machine for VPN-1 Pro enterprise implementation. You need this machine to inspect traffic and keep configuration files. Which Check Point software package do you install?


Options are :

  • VPN-1 Pro Gateway
  • Policy Server and primary SmartCenter Server
  • VPN-1 Pro Gateway and primary SmartCenter Server (Correct)
  • ClusterXL and SmartCenter Server
  • SmartCenter Server

Answer : VPN-1 Pro Gateway and primary SmartCenter Server

156-315.77 Check Point Certified Security Expert Exam Set 5

What is a requirement for setting up Management High Availability?


Options are :

  • All SmartCenter Servers must have the same operating system. (Correct)
  • All SmartCenter Servers must have the BIOS release
  • All SmartCenter Servers must reside in the same Local Area Network (LAN).
  • All SmartCenter Servers must have the same amount of memory.
  • You can only have one Secondary SmartCenter Server.

Answer : All SmartCenter Servers must have the same operating system.

Greg is creating rules and objects to control VoIP traffic in his organization, through a VPN-1 NGX Security Gateway. Greg creates VoIP Domain SIP objects to represent each of his organization's three SIP gateways. Greg then creates a simple group to contain the VoIP Domain SIP objects. When Greg attempts to add the VoIP Domain SIP objects to the group, they are not listed. What is the problem?


Options are :

  • The related enD. points domain specifies an address range.
  • The installed VoIP gateways specify host objects.
  • The VoIP Domain SIP object's name contains restricted characters.
  • VoIP Domain SIP objects cannot be placed in simple groups. (Correct)
  • The VoIP gateway object must be added to the group, before the VoIP Domain SIP object is eligible to be added to the group.

Answer : VoIP Domain SIP objects cannot be placed in simple groups.

Your current stanD. alone VPN-1 NG with Application Intelligence (Al) R55 installation is running on SecurePlatform. You plan to implement VPN-1 NGX in a distributed environment, where the existing machine will be the VPN-1 Pro Gateway. An additional machine will serve as the SmartCenter Server. The new machine runs on a Windows Server 2003. You need to upgrade the NG with Al R55 SmartCenter Server configuration to VPN-1 NGX. How do you upgrade to VPN-1 NGX?


Options are :

  • nsert the NGX CD in the existing NGwithAI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file. (Correct)
  • Run backup command on the existing SecurePlatform machine to create a backup file. Copy the file to the Windows Server 2003. Uninstall the primary SmartCenter Server package from NG with Al R55 SecurePlatform using sysconfig. Reboot. Install the NGX primary SmartCenter Server and import the backup file. Open the NGX SmartUpdate, and select "upgrade all packages" on the NG with Al R55 Security Gateway.
  • Run the backup command in the existing SecurePlatform machine, to create a backup file. Copy the file to the Windows Server 2003. Uninstall all Check Point products on SecurePlatform by running rpm CPsuitE. R55 command. Reboot. Install new VPN-1 NGX on the existing SecurePlatform machine. Run sysconfig, select VPN-1 Pro Gateway, and reboot. Use VPN-1 NGX CD to install primary SmartCenter Server on the Windows Server 2003. Import the backup file.
  • Copy the $FWDIR\conf and $FWDIR\lib files from the existing SecurePlatform machine. Create a tar.gzfile, and copy it to the Windows Server 2003. Use VPN-1 NGX CD on the existing SecurePlatform machine to do a new installation. Reboot. Run sysconfig and select VPN-1 Pro Gateway. Reboot. Use the NGX CD to install the primary SmartCenter Server on the Windows Server 2003. On the Windows Server 2003, run upgradeimport command to import $FWDIR\conf and $FWDIR\lib from the SecurePlatform machine.

Answer : nsert the NGX CD in the existing NGwithAI R55 SecurePlatform machine, and answer yes to backup the configuration. Copy the backup file to the Windows Server 2003. Continue the upgrade process. Reboot after upgrade is finished. After SecurePlatform NGX reboots, run sysconfig, select VPN-1 Pro Gateway, and finish the sysconfig process. Reboot again. Use the NGX CD to install the primary SmartCenter on the Windows Server 2003. Import the backup file.

156-215.75 Check Point Certified Security Administrator Exam Set 1

You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway. Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?


Options are :

  • None (Correct)
  • Hide NAT
  • Static NAT
  • Hide NAT
  • Manual NAT

Answer : None

What is the behavior of ClusterXL in a High Availability environment?


Options are :

  • Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
  • The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses. (Correct)
  • Both members respond to the virtual IP address, but only the active member is able to pass traffic.
  • The active member responds to the virtual IP address.nd both members pass traffic when using their physical addresses.

Answer : The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:


Options are :

  • The standard threE. packet IKE Phase 1 exchange is replaced by a six-packet exchange.
  • The standard six-packet IKE Phase 2 exchange is replaced by a threE. packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a threE. packet exchange. (Correct)
  • The standard threE. packet IKE Phase 2 exchange is replaced by a six-packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a twelvE. packet exchange.

Answer : The standard six-packet IKE Phase 1 exchange is replaced by a threE. packet exchange.

156-315.77 Check Point Certified Security Expert Exam Set 19

Which of the following commands shows full synchronization status?


Options are :

  • cphaprob. i list (Correct)
  • fwhastat
  • cphastop
  • fw ctl pstat
  • cphaprob. a if

Answer : cphaprob. i list

Barak is a Security Administrator for an organization that has two sites using prE. shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from prE. shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak's remaining steps? 1. Disable "PrE. Shared Secret" on the London and Oslo gateway objects 2. Add the Madrid gateway object into the Oslo and London's mesh VPN Community 3. Manually generate ICA Certificates for all three Security Gateways. 4. Configure "Traditional mode VPN configuration" in the Madrid gateway object's VPN screen 5. Reinstall the Security Policy on all three Security Gateways.


Options are :

  • 1,2,5 (Correct)
  • 1, 3, 4, 5
  • 1, 2, 3, 5
  • 1, 2, 4, 5
  • 1, 2, 3, 4

Answer : 1,2,5

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions