156-315.71 Check Point Security Expert R71 Practice Exam Set 4

In Company XYZ, the DLP Administrator defined a new Keywords Data Type that contains a list of secret project names; i.e., Ayalon, Yarkon, Yarden. The threshold is set to At least 2 keywords or phrases. Based on this information, which of the following scenarios will be a match to the Rule Base?


Options are :

  • A password protected MS Excel file that contains the following text Ayalon Yarkon Yarden
  • A word file that contains the following text will match: Ayalon ayalon AYALON
  • An MS Excel file that contains the following text Mort resources for Yarkon project.. Are you certain this is about Yarden? (Correct)
  • A PDF file that contains the following text Yarkon1 can be the code name for the new product. Yardens list of protected sites

Answer : An MS Excel file that contains the following text Mort resources for Yarkon project.. Are you certain this is about Yarden?

Check Point recommends deploying SSL VPN:


Options are :

  • In front of the firewall with a LAN connection (Correct)
  • In parallel to the firewall
  • In front of the firewall with a LAN connection
  • In a DMZ

Answer : In front of the firewall with a LAN connection

If traffic requires preferential treatment by other routers on the network, in addition to the QoS module, which Check Point QoS feature should be used?


Options are :

  • Differentiated Services (Correct)
  • Guarantees
  • Weighted Fair Queuing
  • Low Latency Queuing

Answer : Differentiated Services

Check Point Certified Security Expert Exam Set 5

What is the lowest possible version a Security Gateway may be running in order to use it as an LSM enabled Gateway?


Options are :

  • NGX R60
  • NGX R71
  • NGXR65HFA_50
  • NG-AI R55 HFAJ7 (Correct)

Answer : NG-AI R55 HFAJ7

One profile in SmartProvisioning can update:


Options are :

  • Only Clustered Gateways.
  • Potentially hundreds and thousands of gateways. (Correct)
  • Specific gateways.
  • Profiles are not used for updating, just reporting.

Answer : Potentially hundreds and thousands of gateways.

Which of the following platforms does NOT support SecureXL?


Options are :

  • UTM-1 Appliance
  • IP Appliance
  • UNIX (Correct)
  • Power-1 Appliance

Answer : UNIX

156-315.77 Check Point Certified Security Expert Exam Set 3

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?


Options are :

  • arouted
  • gated (Correct)
  • routerd
  • There's no separate process, but the Linux default router can take care of that.

Answer : gated

Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?


Options are :

  • Domain-based VPN
  • Route-based VPN (Correct)
  • Host-based VPN
  • Subnet-based VPN

Answer : Route-based VPN

Which Check Point product implements a Consolidation policy?


Options are :

  • SmartLSM
  • SmartReporter (Correct)
  • SmartView Monitor
  • SmartView Tracker

Answer : SmartReporter

156-215.77 Check Point Certified Security Administrator Exam Set 3

Which Name Resolution protocols are supported in SSL VPN?


Options are :

  • DNS, hosts (Correct)
  • DNS, hosts, Imhosts, WINS
  • DNS, hosts, WINS
  • DNS, hosts, Imhosts

Answer : DNS, hosts

John is upgrading a cluster from NGX R65 to R71. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he see this warning message:Title: Incompatible pattern.What's happening?


Options are :

  • Pre-Upgrade Verification tool only shows that message but it is only informational. (Correct)
  • The actual configuration contains user defined patterns in IPS that are not supported in R71. If the patterns are not fixed after upgrade, they will not be used with R71 Security Gateways.
  • Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.
  • R71 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.

Answer : Pre-Upgrade Verification tool only shows that message but it is only informational.

To clean the system of all events, you should delete the files in which folder(s)?


Options are :

  • $FWDIR/distrib
  • $FWDIR/distrib and $PWDIR/events_db (Correct)
  • $FWDIR/distrib and $PWDIR/events_db
  • $FWDIR/ events_db

Answer : $FWDIR/distrib and $PWDIR/events_db

156-315.77 Check Point Certified Security Expert Exam Set 9

John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is the Security Administrator of a partner company and is using a different vendor's product and both have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering solution. While trying to establish the VPN, they are constantly noticing problems and the tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same IP from the Check Point site. How can they solve this problem and stabilize the tunnel?


Options are :

  • This can be solved when using clusters; they have to use single firewalls.
  • This is surely a problem in the ISPs network and not related to the VPN configuration.
  • This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
  • This can easily be solved by using the Sticky decision function in ClusterXL. (Correct)

Answer : This can easily be solved by using the Sticky decision function in ClusterXL.

With SmartEvent, what is the Client's function?


Options are :

  • Assign severity levels to events.
  • Generate a threat analysis report from the Reporter database.
  • Display received threats and tunes the Events Policy (Correct)
  • Invoke and define automatic reactions and add events to the database

Answer : Display received threats and tunes the Events Policy

How is change approved for implementation in SmartWorkflow?


Options are :

  • The change is submitted for approval and is manually installed by the approver once Approve is clicked
  • The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change. (Correct)
  • The change is submitted for approval and is automatically installed by the approver once Approve is clicked
  • The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the 3nge

Answer : The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.

156-315.65 Check Point Security Administration NGX R65 Exam Set 1

Which of the following can NOT be modified by editing the cp_httpd_admin.conf file?


Options are :

  • Administrative Access Level (Correct)
  • Modifying Web server certificate attributes
  • Toggling HTTP or HTTPS protocol use
  • The web server port

Answer : Administrative Access Level

You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.You want to test the route-based VPN, so you created VTls among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPSec tunnels instead of the routed VTI tunnels. What is the problem and how do you make the VPN use the VTI tunnels?


Options are :

  • Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
  • Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI,use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
  • Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.
  • Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain (Correct)

Answer : Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain

Which Check Point QoS feature marks the ToS byte in the IP header?


Options are :

  • Low Latency Queuing
  • Weighted Fair Queuing
  • Guarantees
  • Differentiated Services (Correct)

Answer : Differentiated Services

156-315.77 Check Point Certified Security Expert Exam Set 7

What cluster mode is represented in this case? 1 (local) 172.168.1.1 100$ active 2 172.14*.1.2 0$ standby


Options are :

  • HA (New mode). (Correct)
  • Load Sharing Unicast (Pivot) mode
  • Load Sharing (multicast mode)
  • 3rd party cluster

Answer : HA (New mode).

How do you verify the Check Point Kernel running on a firewall?


Options are :

  • fw kernel
  • fw ctl pstat
  • fw ver –k (Correct)
  • fw ctl get kernel

Answer : fw ver –k

What is a task of the SmartEvent Correlation Unit?


Options are :

  • Display the received events.
  • Analyze each IPS log entry as it enters the Log server. (Correct)
  • Add events to the events database.
  • Assign a severity level to an event.

Answer : Analyze each IPS log entry as it enters the Log server.

156-215.77 Check Point Certified Security Administrator Test Set 1

What are the SmartProvisioning Provisioning Profile indicators?


Options are :

  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
  • OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown (Correct)
  • OK, Needs Attention, Uninitialized, Unknown

Answer : OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown

Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?


Options are :

  • Low Latency Queuing
  • Weighted Fair Queuing (Correct)
  • Differentiated Services
  • Guarantees

Answer : Weighted Fair Queuing

Which SmartReporter report type is generated from the SmartView Monitor history file?


Options are :

  • Custom
  • Standard
  • Traditional
  • Express (Correct)

Answer : Express

156-215.77 Check Point Certified Security Administrator Exam Set 6

Which of the following explains Role Segregation?


Options are :

  • Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment. (Correct)
  • SmartWorkflow can be configured so that managers can only view their assigned sessions
  • Administrators have different abilities than managers within SmartWorkflow
  • Different tasks within SmartDashboard are divided according to firewall administrator permissions.

Answer : Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.

How does ClusterXL Unicast mode handle new traffic?


Options are :

  • The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets (Correct)
  • The pivot machine receives and inspects all new packets then synchronizes the connections with other members
  • All cluster members’ process all packets and members synchronize with each other. The pivot is responsible for the master sync catalog
  • All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.

Answer : The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets

To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:


Options are :

  • cphaconf set_ccp broadcast (Correct)
  • clusterconfig set_ccp broadcast
  • set_ccp cpcluster broadcast:
  • ccp broadcast

Answer : cphaconf set_ccp broadcast

156-315.71 Check Point Security Expert R71 Practical Exam Set 4

When do modifications to the Event Policy take effect?


Options are :

  • When saved on the SmartEvent Client, and installed on the SmartEvent Server.
  • When saved on the SmartEvent Server and installed to the Correlation Units. (Correct)
  • As soon as the Policy Tab window is closed.
  • When saved on the Correlation Units, and pushed as a policy

Answer : When saved on the SmartEvent Server and installed to the Correlation Units.

You have installed SecurePlatform R71 as Security Gateway operating system. As company requirements changed, you need the VTI features of R71 would you do?


Options are :

  • In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect.
  • You have to re-install your Security Gateway with SecurePlatform Pro R71, as SecurePlatform R71 does not support VTls.
  • You have installed SecurePlatform R71 as Security Gateway operating system. As company requirements changed, you need the VTI features of R71 would you do?
  • Type pro enable on your Security Gateway and reboot it. (Correct)

Answer : Type pro enable on your Security Gateway and reboot it.

Provisioning Profiles can NOT be applied to:


Options are :

  • IP Appliances (Correct)
  • UTM-1 Appliances
  • UTM-1 EDGE Appliances
  • Power-1 Appliances

Answer : IP Appliances

Check Point Certified Security Administrator Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions