156-315.77 Check Point Certified Security Expert Exam Set 5

MultiCorp has bought company OmniCorp and now has two active AD domains. How would you deploy Identity Awareness in this environment?


Options are :

  • Identity Awareness can only manage one AD domain
  • Only one ADquery is necessary to ask for all domains.
  • You must run an ADquery for every domain. (Correct)
  • Only Captive Portal can be used.

Answer : You must run an ADquery for every domain.

156-315.77 Check Point Certified Security Expert Exam Set 6

Which two processes are responsible on handling Identity Awareness?


Options are :

  • pdp and pep (Correct)
  • pep and lad
  • pdp and lad
  • pdp and pdp-11

Answer : pdp and pep

Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?


Options are :

  • Local IP addresses are not configured, remote IP addresses are configured
  • VTIs cannot be assigned a proxy interface
  • VTI specific additional local and remote IP addresses are not configured (Correct)
  • VTIs are only supported on SecurePlatform

Answer : VTI specific additional local and remote IP addresses are not configured

When using Captive Portal to send unidentified users to a Web portal for authentication, which of the following is NOT a recommended use for this method?


Options are :

  • Basic identity enforcement in the internal network (Correct)
  • Leveraging identity in Internet application control
  • Identity-based enforcement for non-AD users (non-Windows and guest users)
  • For deployment of Identity Agents

Answer : Basic identity enforcement in the internal network

156-315.77 Check Point Certified Security Expert Exam Set 7

Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a new administrator account for Paul in SmartDashboard and installs the policy. When Paul tries to login it fails. How can Natalie verify whether Paul?s IP address is predefined on the security management server?


Options are :

  • Type cpconfig on the Management Server and select the option “GUI client List” to see if Paul?s IP address is listed. (Correct)
  • Access the WEBUI on the Security Gateway, and verify whether Paul?s IP address is listed as a GUI client
  • Login in to Smart Dashboard, access Global Properties, and select Security Management, to verify whether Paul?s IP address is listed.
  • Login to Smart Dashboard, access Properties of the SMS, and verify whether Paul?s IP address is listed.

Answer : Type cpconfig on the Management Server and select the option “GUI client List” to see if Paul?s IP address is listed.

Which statement is TRUE for route-based VPN?s?


Options are :

  • Dynamic-routing protocols are not required. (Correct)
  • Route-based VPN?s replace domain-based VPN?s.
  • IP Pool NAT must be configured on each Gateway
  • Route-based VPN?s are a form of partial overlap VPN Domain.

Answer : Dynamic-routing protocols are not required.

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered? 1) Each member must have a unique source IP address. 2) Every interface on each member requires a unique IP address. 3) All VTI's going to the same remote peer must have the same name. 4) Cluster IP addresses are required.


Options are :

  • 1, 2, 3 and 4 (Correct)
  • 1, 2, and 4
  • 1, 3, and 4
  • 2 and 3

Answer : 1, 2, 3 and 4

156-315.77 Check Point Certified Security Expert Exam Set 8

VPN routing can also be configured by editing which file?


Options are :

  • $FWDIR/VPN/route_conf.c
  • $FWDIR/conf/vpn_route.conf (Correct)
  • $FWDIR/conf/vpn_route.c
  • $FWDIR/bin/vpn_route.conf

Answer : $FWDIR/conf/vpn_route.conf

How do you run “CPSIZEME” on SPLAT?


Options are :

Answer : [[email protected]]# ./cpsizeme

156-315.77 Check Point Certified Security Expert Exam Set 1

What is Check Point's CoreXL?


Options are :

  • Multi Core support for Firewall Inspection (Correct)
  • Multiple core interfaces on the device to accelerate traffic
  • TCP-18190
  • A way to synchronize connections across cluster members

Answer : Multi Core support for Firewall Inspection

Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP server.


Options are :

  • Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit. (Correct)
  • Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
  • Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object.
  • Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties.

Answer : Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure a server object for the LDAP Account Unit.

Which is the lowest Gateway version manageable by Smart Center R77?


Options are :

  • R60A
  • R55
  • R65 (Correct)
  • S71

Answer : R65

156-315.77 Check Point Certified Security Expert Exam Set 10

If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are at or near 100%, which of the following could you do to improve performance?


Options are :

  • Add more Disk Drives.
  • Add more RAM to the system.
  • Assign more CPU cores to SecureXL.
  • Assign more CPU cores to CoreXL (Correct)

Answer : Assign more CPU cores to CoreXL

Which describes the function of the account unit?


Options are :

  • An Account Unit is the administration account on the LDAP server that SmartDirectory uses to access to (LDAP) server
  • An Account Unit is the Check Point account that SmartDirectory uses to access an (LDAP) server
  • An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server. (Correct)
  • An Account Unit is a system account on the Check Point gateway that SmartDirectory uses to access an (LDAP) server

Answer : An Account Unit is the interface which allows interaction between the Security Management server and Security Gateways, and the SmartDirectory (LDAP) server.

There are several SmartDirectory (LDAP) features that can be applied to further enhance SmartDirectory (LDAP) functionality, which of the following is NOT one of those features?


Options are :

  • Support many Domains under the same account unit (Correct)
  • Encrypted or non-encrypted SmartDirectory (LDAP) Connections usage
  • High Availability, where user information can be duplicated across several servers
  • Support multiple SmartDirectory (LDAP) servers on which many user databases are distributed

Answer : Support many Domains under the same account unit

156-315.77 Check Point Certified Security Expert Exam Set 11

Can the smallest appliance handle all Blades simultaneously?


Options are :

  • Firewall throughput is the only relevant factor.
  • It depends on required SPU for customer environment. (Correct)
  • Depends on number of concurrent sessions.
  • Depends on the number of protected clients and throughput.

Answer : It depends on required SPU for customer environment.

Which statements about Management HA are correct? 1) Primary SmartCenter describes first installed SmartCenter 2) Active SmartCenter is always used to administrate with SmartConsole 3) Active SmartCenter describes first installed SmartCenter 4) Primary SmartCenter is always used to administrate with SmartConsole


Options are :

  • 3 and 4
  • 1 and 4
  • 2 and 3
  • 1 and 2 (Correct)

Answer : 1 and 2

When using SmartDashboard to manage existing users in SmartDirectory, when are the changes applied?


Options are :

  • Instantaneously (Correct)
  • Never, you cannot manage users through SmartDashboard
  • At policy installation
  • At database synchronization

Answer : Instantaneously

156-315.77 Check Point Certified Security Expert Exam Set 12

An Account Unit is the interface between the _____ and the _____.


Options are :

  • Users, Domain
  • Gateway, Resources
  • System, Database
  • Clients, Server (Correct)

Answer : Clients, Server

You can NOT use SmartDashboard’s SmartDirectory features to connect to the LDAP server.What should you investigate? 1) Verify you have read-only permissions as administrator for the operating system. 2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server. 3) Check that the login Distinguished Name configured has at least write permission in the access control configuration of the LDAP server.


Options are :

  • 1 and 2
  • 1 and 3
  • 2 and 3 (Correct)
  • 1, 2, and 3

Answer : 2 and 3

Which process is responsible for delta synchronization in ClusterXL?


Options are :

  • Clustering process on the Security Gateway
  • cpd process on the Security Gateway
  • fwd process on the Security Gateway
  • fw kernel on the Security Gateway (Correct)

Answer : fw kernel on the Security Gateway

156-315.77 Check Point Certified Security Expert Exam Set 13

What is NOT a valid LDAP use in Check Point SmartDirectory?


Options are :

  • Retrieve gateway CRL’s
  • Provide user authentication information for the Security Management Server
  • Enforce user access to internal resources (Correct)
  • External users management

Answer : Enforce user access to internal resources

Which of the following commands do you run on the AD server to identify the DN name before configuring LDAP integration with the Security Gateway?


Options are :

  • dapquery –name administrator
  • query ldap –name administrator
  • dsquery user –name administrator (Correct)
  • cpquery –name administrator

Answer : dsquery user –name administrator

How do you upload the results of “CPSIZEME” to Check Point when using a PROXY server with authentication?


Options are :

Answer : [[email protected]]# ./cpsizeme –p username:[email protected]_address:port

156-315.77 Check Point Certified Security Expert Exam Set 14

When a packet is flowing through the security gateway, which one of the following is a valid inspection path?


Options are :

  • Small Path
  • Acceleration Path
  • Firewall Path
  • Medium Path (Correct)

Answer : Medium Path

Which of the following is NOT an advantage of SmartLog?


Options are :

  • SmartLog creates an index of log entries, increasing query speed.
  • SmartLog has a “Top Results” pane showing things like top sources, rules, and users.
  • SmartLog requires less disk space by consolidating log entries into fewer records. (Correct)
  • SmartLog displays query results across multiple log files, reducing the need to open previous files to view results.

Answer : SmartLog requires less disk space by consolidating log entries into fewer records.

In a Cluster, some features such as VPN only function properly when:


Options are :

  • all cluster members have the same Hot Fix Accumulator pack installed.
  • all cluster members have the same policy
  • all cluster members’ clocks are synchronized. (Correct)
  • all cluster members have the same number of interfaces configured

Answer : all cluster members’ clocks are synchronized.

156-315.77 Check Point Certified Security Expert Exam Set 15

Where multiple SmartDirectory servers exist in an organization, a query from one of the clients for user information is made to the servers based on a priority. By what category can this priority be defined?


Options are :

  • Location or Domain
  • Location or Account Unit
  • Gateway or Account Unit (Correct)
  • Gateway or Domain

Answer : Gateway or Account Unit

The set of rules that governs the types of objects in the directory and their associated attributes is called the:


Options are :

  • Schema (Correct)
  • Access Control List
  • SmartDatabase
  • LDAP Policy

Answer : Schema

How frequently does CPSIZEME run by default?


Options are :

  • 24 hours (Correct)
  • 12 hours
  • 1 hour
  • weekly

Answer : 24 hours

156-315.77 Check Point Certified Security Expert Exam Set 16

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now