156-315.71 Check Point Security Expert R71 Practice Exam Set 6

Which of the following platforms does NOT support SecureXL?


Options are :

  • IP Appliance
  • UTM-1 Appliance
  • UNIX
  • Power-1 Appliance

Answer : UNIX

156-315.71 Check Point Security Expert R71 Practice Exam Set 7

You have installed SecurePlatform R71 as Security Gateway operating system. As company requirements changed, you need the VTI features of R71 would you do?


Options are :

  • You have installed SecurePlatform R71 as Security Gateway operating system. As company requirements changed, you need the VTI features of R71 would you do?
  • In SmartDashboard click on the OS drop down menu and choose SecurePlatform Pro. You have to reboot the Security Gateway in order for the change to take effect.
  • Type pro enable on your Security Gateway and reboot it.
  • You have to re-install your Security Gateway with SecurePlatform Pro R71, as SecurePlatform R71 does not support VTls.

Answer : Type pro enable on your Security Gateway and reboot it.

Which SmartReporter report type is generated from the SmartView Monitor history file?


Options are :

  • Traditional
  • Express
  • Standard
  • Custom

Answer : Express

Which of the following explains Role Segregation?


Options are :

  • Administrators have different abilities than managers within SmartWorkflow
  • Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.
  • SmartWorkflow can be configured so that managers can only view their assigned sessions
  • Different tasks within SmartDashboard are divided according to firewall administrator permissions.

Answer : Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.

156-315.77 Check Point Certified Security Expert Exam Set 1

What cluster mode is represented in this case? 1 (local) 172.168.1.1 100$ active 2 172.14*.1.2 0$ standby


Options are :

  • Load Sharing Unicast (Pivot) mode
  • HA (New mode).
  • Load Sharing (multicast mode)
  • 3rd party cluster

Answer : HA (New mode).

To clean the system of all events, you should delete the files in which folder(s)?


Options are :

  • $FWDIR/ events_db
  • $FWDIR/distrib and $PWDIR/events_db
  • $FWDIR/distrib
  • $FWDIR/distrib and $PWDIR/events_db

Answer : $FWDIR/distrib and $PWDIR/events_db

What are the SmartProvisioning Provisioning Profile indicators?


Options are :

  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
  • OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown
  • OK, Needs Attention, Uninitialized, Unknown

Answer : OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown

156-315.77 Check Point Certified Security Expert Exam Set 2

How can you verify that SecureXL is running?


Options are :

  • secureXL stat
  • cpstat os
  • fw ver
  • fwaccel stat

Answer : fwaccel stat

Which of the following statements is FALSE regarding ospf configuration on SecurePlatform Pro?


Options are :

  • router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
  • router ospf 1 creates an ospf routing instance and this process ID should be the same on all Gateways.
  • router ospf l creates an ospf routing instance and this process ID should be different for each Security Gateway.
  • router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.

Answer : router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.

With SmartEvent, what is the Client's function?


Options are :

  • Generate a threat analysis report from the Reporter database.
  • Display received threats and tunes the Events Policy
  • Assign severity levels to events.
  • Invoke and define automatic reactions and add events to the database

Answer : Display received threats and tunes the Events Policy

156-315.77 Check Point Certified Security Expert Exam Set 3

VPN traffic control would fall under which VPN component?


Options are :

  • Performance
  • QoS
  • Security
  • Management

Answer : QoS

156-315.77 Check Point Certified Security Expert Exam Set 4

When synchronizing clusters, which of the following statements are true?Select all that apply.


Options are :

  • In the case of a failover, accounting information on the failed member may be lost despite a properly
  • Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails.
  • The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.
  • Only cluster members running on the same OS platform can be synchronized.

Answer : Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized. Only cluster members running on the same OS platform can be synchronized.

Which network port does PPTP use for communication?


Options are :

  • 25/tco
  • 1723/udp
  • 25/udp
  • 1723/tcp

Answer : 1723/tcp

Which of the following are supported with the office mode? Select all that apply.


Options are :

  • Gopher
  • SecureClient
  • Transparent Mode
  • L2TP
  • SSL Network Extender

Answer : SecureClient L2TP SSL Network Extender

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following is an example of the hash function?


Options are :

  • SHA and 3DES
  • DAC and MAC
  • DES and CBC
  • MD5 and SHA-1

Answer : DES and CBC

If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:


Options are :

  • An asymmetric-encryption algorithm
  • Triple DES
  • A symmetric-encryption algorithm
  • CBL-DES

Answer : An asymmetric-encryption algorithm

Which of the following is a supported Sticky Decision function of Sticky Connections for Load Sharing?


Options are :

  • Support for all VPN deployments (except those with third-party VPN peers)
  • Multi-connection support for VPN-1 cluster members
  • Support for SecureClient/SecuRemote/SSL Network Extended encrypted connections.
  • Support for Performance Pack acceleration

Answer : Support for SecureClient/SecuRemote/SSL Network Extended encrypted connections.

156-315.77 Check Point Certified Security Expert Exam Set 6

VPN access control would fall under which VPN component?


Options are :

  • QoS
  • Management
  • Security
  • Performance

Answer : Security

Which of the following does IPSec use during IPSec key negotiation?


Options are :

  • RSA Exchange
  • IPSec SA
  • ISAKMP SA
  • Diffie-Hellman exchange

Answer : Diffie-Hellman exchange

When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?


Options are :

  • The decision on which MEP Gateway to use is made on the MEP Gateway’s side of the tunnel.
  • If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection.
  • MEP Gateways cannot be geographically separated machines.
  • MEP Gateways must be managed by the same SmartCenter Server.

Answer : If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection.

156-315.77 Check Point Certified Security Expert Exam Set 7

Consider the following actions that VPN-1 NGX can take when it control packets. The Policy Package has been configured for Traditional Mode VPN. Identify the options that includes the available actions. Select four.


Options are :

  • Reject
  • Encrypt
  • Accept
  • Drop
  • Proxy

Answer : Reject Encrypt Accept Drop

Which of the following SSL Network Extender server-side prerequisites are correct? Select all that apply.


Options are :

  • There are distinctly separate access rules required for SecureClient users vs. SSL Network Extender users.
  • The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community.
  • To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool.
  • The VPN1-Gateway must be configured to work with Visitor Mode

Answer : The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community. To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool. The VPN1-Gateway must be configured to work with Visitor Mode

In ClusterXL, which of the following processes are defined by default as critical devices?


Options are :

  • cphad
  • fwd.proc
  • fwd
  • fwm

Answer : cphad

156-315.77 Check Point Certified Security Expert Exam Set 8

Which of the following is supported with Office Mode?


Options are :

  • Connect Mode
  • SSL Network Extender
  • SecureClient
  • SecuRemote

Answer : SecuRemote

What is the greatest benefit derived from VPNs compared to frame relay, leased lines any other types of dedicated networks?


Options are :

  • Greater performance
  • lower cost
  • Less failure/downtime
  • stronger authentication

Answer : lower cost

156-315.77 Check Point Certified Security Expert Exam Set 1

VPN-1 NGX supports VoIP traffic in all of the following environments, except which environment?


Options are :

  • SCCP
  • SIP
  • H.323
  • MGCP
  • H509-D

Answer : H509-D

You are a Security Administrator preparing to deploy a new HFA (Hot fix Accumulator) to ten Security Gateways at five geographically separated locations. What is the BEST method to implement this HFA?


Options are :

  • Send a Certified Security Engineer to each site to perform the update
  • Use a SSH connection to SCP the HFA to each Security Gateway. Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely
  • Send a CDROM with the HFA to each location and have local personnel install it

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely

What tools CANNOT be launched from SmartUpdate NGX R65?


Options are :

  • snapshot
  • cpinfo
  • Nokia Voyager
  • SecurePlatform Web UI

Answer : snapshot

156-315.77 Check Point Certified Security Expert Exam Set 10

In cryptography, the Rivest, Shamir, Adelman (RSA) scheme has which of the following? Select all that apply.


Options are :

  • An asymmetric-cipher system
  • A symmetric-cipher system
  • A public-key encryption-algorithm system
  • A secret-key encryption-algorithm system

Answer : An asymmetric-cipher system A public-key encryption-algorithm system

Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server, allows you to: (1) Remotely perform a first time installation of VPN-1 NGX on a new machine (2) Determine OS patch levels on remote machines (3) Update installed Check Point and any OPSEC certified software remotely (4) Update installed Check Point software remotely (5) Track installed versions of Check Point and OPSEC products (6) Centrally manage licenses


Options are :

  • 1, 3, 4, & 6
  • 2, 4, 5, & 6
  • 4, 5, & 6
  • 1 & 4

Answer : 2, 4, 5, & 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now