156-315.71 Check Point Security Expert R71 Practice Exam Set 5

You are concerned that the processor for your firewall running NGX R71 SecurePlatform may be overloaded. What file would you view to determine the speed of your processor(s)?


Options are :

  • cat /etc/sysconfig/cpuinfo
  • cat /var/opt/CPsuite-R71/fw1/conf/cpuinfo
  • cat /proc/cpuinfo (Correct)
  • cat /etc/cpuinfo

Answer : cat /proc/cpuinfo

156-215.77 Check Point Certified Security Administrator Test Set 5

What is the lowest possible version a Security Gateway may be running in order to use it as an LSM enabled Gateway?


Options are :

  • NGX R60
  • NGX R71
  • NGXR65HFA_50
  • NG-AI R55 HFAJ7 (Correct)

Answer : NG-AI R55 HFAJ7

Which Check Point product implements a Consolidation policy?


Options are :

  • SmartLSM
  • SmartView Tracker
  • SmartReporter (Correct)
  • SmartView Monitor

Answer : SmartReporter

Which type of routing relies on a VPN Tunnel Interface (VTI) to route traffic?


Options are :

  • Subnet-based VPN
  • Route-based VPN (Correct)
  • Host-based VPN
  • Domain-based VPN

Answer : Route-based VPN

Check Point Certified Security Expert Exam Set 6

How do you verify the Check Point Kernel running on a firewall?


Options are :

  • fw ver –k (Correct)
  • fw ctl get kernel
  • fw kernel
  • fw ctl pstat

Answer : fw ver –k

To configure the Cluster Control Protocol (CCP) to use Broadcast, the following command is run:


Options are :

  • set_ccp cpcluster broadcast:
  • clusterconfig set_ccp broadcast
  • cphaconf set_ccp broadcast (Correct)
  • ccp broadcast

Answer : cphaconf set_ccp broadcast

What is a task of the SmartEvent Correlation Unit?


Options are :

  • Analyze each IPS log entry as it enters the Log server. (Correct)
  • Display the received events.
  • Assign a severity level to an event.
  • Add events to the events database.

Answer : Analyze each IPS log entry as it enters the Log server.

Check Point Certified Security Expert Exam Set 6

Check Point recommends deploying SSL VPN:


Options are :

  • In parallel to the firewall
  • In front of the firewall with a LAN connection (Correct)
  • In a DMZ
  • In front of the firewall with a LAN connection

Answer : In front of the firewall with a LAN connection

John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is the Security Administrator of a partner company and is using a different vendor's product and both have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering solution. While trying to establish the VPN, they are constantly noticing problems and the tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same IP from the Check Point site. How can they solve this problem and stabilize the tunnel?


Options are :

  • This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
  • This is surely a problem in the ISPs network and not related to the VPN configuration.
  • This can be solved when using clusters; they have to use single firewalls.
  • This can easily be solved by using the Sticky decision function in ClusterXL. (Correct)

Answer : This can easily be solved by using the Sticky decision function in ClusterXL.

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on SecurePlatform Pro?


Options are :

  • gated (Correct)
  • routerd
  • There's no separate process, but the Linux default router can take care of that.
  • arouted

Answer : gated

156-215.75 Check Point Certified Security Administrator Exam Set 2

How do new connections get established through a Security Gateway with SecureXL enabled?


Options are :

  • The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will be passed to the firewall module for a rule match.
  • New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL.
  • If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match. (Correct)
  • New connection packets never reach the SecureXL module.

Answer : If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

You have three Gateways in a mesh community. Each gateway's VPN Domain is their internal network as defined on the Topology tab setting All IP Addresses behind Gateway based on Topology information.You want to test the route-based VPN, so you created VTls among the Gateways and created static route entries for the VTIs. However, when you test the VPN, you find out the VPN still go through the regular domain IPSec tunnels instead of the routed VTI tunnels. What is the problem and how do you make the VPN use the VTI tunnels?


Options are :

  • Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI,use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of static routes
  • Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, remove the Gateways out of the mesh community and replace with a star community
  • Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain (Correct)
  • Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries to insure that they are correctly pointing to the VTI gateway IP.

Answer : Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI, use an empty group object as each Gateway's VPN Domain

Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?


Options are :

  • Weighted Fair Queuing (Correct)
  • Guarantees
  • Differentiated Services
  • Low Latency Queuing

Answer : Weighted Fair Queuing

156-215.71 Check Point Certified Security Administrator Exam Set 1

Provisioning Profiles can NOT be applied to:


Options are :

  • UTM-1 Appliances
  • UTM-1 EDGE Appliances
  • Power-1 Appliances
  • IP Appliances (Correct)

Answer : IP Appliances

The following graphic illustrates which command being issued on SecurePlatform?


Options are :

  • A new session is created by the name Repairing Session and the old session status is updated to Repaired with a note stating Repaired by Session (Correct)
  • The administrator will have to open the old session and make the changes, no note is added automatically, however, the manager adds his notes stating the changes required.
  • The old status is removed and a new session is created with the same name, but with a note stating New session after repair.
  • The same session is modified with a note automatically added stating Under repair.

Answer : A new session is created by the name Repairing Session and the old session status is updated to Repaired with a note stating Repaired by Session

One profile in SmartProvisioning can update:


Options are :

  • Potentially hundreds and thousands of gateways. (Correct)
  • Profiles are not used for updating, just reporting.
  • Specific gateways.
  • Only Clustered Gateways.

Answer : Potentially hundreds and thousands of gateways.

Check Point Certified Security Expert Exam Set 5

How does ClusterXL Unicast mode handle new traffic?


Options are :

  • All cluster members’ process all packets and members synchronize with each other. The pivot is responsible for the master sync catalog
  • The pivot machine receives and inspects all new packets then synchronizes the connections with other members
  • The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets (Correct)
  • All members receive all packets. The Security Management Server decides which member will process the packets. Other members delete the packets from memory.

Answer : The pivot machine receives all the packets and runs an algorithm to determine which member should process the packets

How is change approved for implementation in SmartWorkflow?


Options are :

  • The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the 3nge
  • The change is submitted for approval and is manually installed by the approver once Approve is clicked
  • The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change. (Correct)
  • The change is submitted for approval and is automatically installed by the approver once Approve is clicked

Answer : The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.

In which case is a Sticky Decision Function relevant?


Options are :

  • Load Balancing - Forward
  • Load Sharing - Multicast
  • High Availability (Correct)
  • Load Sharing - Unicast

Answer : High Availability

Check Point Certified Security Expert Exam Set 2

In Company XYZ, the DLP Administrator defined a new Keywords Data Type that contains a list of secret project names; i.e., Ayalon, Yarkon, Yarden. The threshold is set to At least 2 keywords or phrases. Based on this information, which of the following scenarios will be a match to the Rule Base?


Options are :

  • A word file that contains the following text will match: Ayalon ayalon AYALON
  • A password protected MS Excel file that contains the following text Ayalon Yarkon Yarden
  • A PDF file that contains the following text Yarkon1 can be the code name for the new product. Yardens list of protected sites
  • An MS Excel file that contains the following text Mort resources for Yarkon project.. Are you certain this is about Yarden? (Correct)

Answer : An MS Excel file that contains the following text Mort resources for Yarkon project.. Are you certain this is about Yarden?

You have pushed a policy to your firewall and you are not able to access the firewall. What command will allow you to remove the current policy from the machine?


Options are :

  • fw purge active
  • fw purge policy (Correct)
  • fw fetch policy
  • fw purge active

Answer : fw purge policy

A user cannot authenticate to SSL VPN. You have verified the user is assigned a user group and reproduced the problem, confirming a failed-login session. You do not see an indication of this attempt in the traffic log. The user is not using a client certificate for login. To debug this error, where in the authentication process could the solution be found?


Options are :

  • cpauth
  • admin
  • cvpnd (Correct)
  • apache

Answer : cvpnd

156-315.77 Check Point Certified Security Expert Exam Set 24

Which of the following can NOT be modified by editing the cp_httpd_admin.conf file?


Options are :

  • Modifying Web server certificate attributes
  • Administrative Access Level (Correct)
  • The web server port
  • Toggling HTTP or HTTPS protocol use

Answer : Administrative Access Level

If traffic requires preferential treatment by other routers on the network, in addition to the QoS module, which Check Point QoS feature should be used?


Options are :

  • Weighted Fair Queuing
  • Low Latency Queuing
  • Guarantees
  • Differentiated Services (Correct)

Answer : Differentiated Services

Which Check Point QoS feature marks the ToS byte in the IP header?


Options are :

  • Weighted Fair Queuing
  • Guarantees
  • Low Latency Queuing
  • Differentiated Services (Correct)

Answer : Differentiated Services

156-315.77 Check Point Certified Security Expert Exam Set 12

Which Name Resolution protocols are supported in SSL VPN?


Options are :

  • DNS, hosts, Imhosts, WINS
  • DNS, hosts, WINS
  • DNS, hosts (Correct)
  • DNS, hosts, Imhosts

Answer : DNS, hosts

John is upgrading a cluster from NGX R65 to R71. John knows that you can verify the upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade Verification, he see this warning message:Title: Incompatible pattern.What's happening?


Options are :

  • The actual configuration contains user defined patterns in IPS that are not supported in R71. If the patterns are not fixed after upgrade, they will not be used with R71 Security Gateways.
  • Pre-Upgrade Verification tool only shows that message but it is only informational. (Correct)
  • Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.
  • R71 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.

Answer : Pre-Upgrade Verification tool only shows that message but it is only informational.

Which statement about LDAP and Active Directory (AD) with SSL VPN is TRUE?


Options are :

  • SSL VPN does not support LDAP password remediation.
  • By default. SSL VPN sends username and password credentials to LDAP servers in UTF-8 encoding
  • SSL VPN is capable of administering or creating users and groups directly on an LDAP server. (Correct)
  • SSL VPN never stores the user records of LDAP/AD groups.

Answer : SSL VPN is capable of administering or creating users and groups directly on an LDAP server.

Check Point Certified Security Expert Exam Set 12

Which of the following components receives events and assigns severity levels to the events; then invokes any defined automatic reactions and adds the events to the Events Data Base?


Options are :

  • SmartEvent Server (Correct)
  • SmartEvent Analysis Data Server
  • SmartEvent Client
  • SmartEvent Correlation Unit

Answer : SmartEvent Server

When do modifications to the Event Policy take effect?


Options are :

  • When saved on the Correlation Units, and pushed as a policy
  • When saved on the SmartEvent Client, and installed on the SmartEvent Server.
  • As soon as the Policy Tab window is closed.
  • When saved on the SmartEvent Server and installed to the Correlation Units. (Correct)

Answer : When saved on the SmartEvent Server and installed to the Correlation Units.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now