156-315.77 Check Point Certified Security Expert Exam Set 6

In which case is a Sticky Decision Function relevant?


Options are :

  • Load Sharing – Multicast (Correct)
  • High Availability
  • Load Balancing – Forward
  • Load Sharing – Unicast

Answer : Load Sharing – Multicast

An organization may be distributed across several SmartDirectory (LDAP) servers. What provision do you make to enable a Gateway to use all available resources? Each SmartDirectory (LDAP) server must be:


Options are :

  • a member in the LDAP group.
  • represented by a separate Account Unit that is a member in the LDAP group.
  • represented by a separate Account Unit. (Correct)
  • a member in a group that is associated with one Account Unit.

Answer : represented by a separate Account Unit.

The challenges to IT involve deployment, security, management, and what else?


Options are :

  • Transparency
  • Maintenance
  • Compliance (Correct)
  • Assessments

Answer : Compliance

156-315.77 Check Point Certified Security Expert Exam Set 8

How are cached usernames and passwords cleared from the memory of a Security Gateway?


Options are :

  • By retrieving LDAP user information using the command fw fetchldap
  • By using the Clear User Cache button in SmartDashboard
  • Usernames and passwords only clear from memory after they time out
  • By installing a Security Policy (Correct)

Answer : By installing a Security Policy

If you are experiencing LDAP issues, which of the following should you check?


Options are :

  • Secure Internal Communications (SIC)
  • Domain name resolution
  • Overlapping VPN Domains
  • Connectivity between the Gateway and LDAP server (Correct)

Answer : Connectivity between the Gateway and LDAP server

With the User Directory Software Blade, you can create R77 user definitions on a(n) _____ Server.


Options are :

  • LDAP (Correct)
  • Radius
  • RSA ACE/Authentication Manager
  • NT Domain

Answer : LDAP

Check Point Certified Security Expert Exam Set 8

In SmartDirectory, what is each LDAP server called?


Options are :

  • LDAP Server
  • LDAP Unit
  • Account Server
  • Account Unit (Correct)

Answer : Account Unit

Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?


Options are :

  • All Users
  • External-user group
  • A group with a generic user
  • LDAP group (Correct)

Answer : LDAP group

Where do you verify that SmartDirectory is enabled?


Options are :

  • Gateway properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
  • Global properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked (Correct)
  • Global properties > Authentication > Use SmartDirectory (LDAP) for Security Gateways is checked
  • Gateway properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked

Answer : Global properties > Smart Directory (LDAP) > Use SmartDirectory (LDAP) for Security Gateways is checked

156-315.77 Check Point Certified Security Expert Exam Set 5

What is the supported ClusterXL configuration when configuring a cluster synchronization network on a VLAN interface?


Options are :

  • It is supported on VLAN tag 4096.
  • It is supported on the lowest VLAN tag of the VLAN interface. (Correct)
  • It is supported on VLAN tag 4095.
  • It is not supported on a VLAN tag.

Answer : It is supported on the lowest VLAN tag of the VLAN interface.

A ClusterXL configuration is limited to _____ members.


Options are :

  • 2
  • 8 (Correct)
  • 16
  • There is no limit.

Answer : 8

_____ is NOT a ClusterXL mode.


Options are :

  • Broadcast (Correct)
  • New
  • Legacy
  • Unicast

Answer : Broadcast

156-215.70 Check Point Certified Security Administrator Exam Set 3

Each entry in SmartDirectory has a unique _____.


Options are :

  • Container
  • Organizational Unit
  • Schema
  • Distinguished Name (Correct)

Answer : Distinguished Name

The User Directory Software Blade is used to integrate which of the following with a R77 Security Gateway?


Options are :

  • Account Management Client server
  • LDAP server (Correct)
  • UserAuthority server
  • RADIUS server

Answer : LDAP server

When defining SmartDirectory for High Availability (HA), which of the following should you do?


Options are :

  • Configure Secure Internal Communications with each server and fetch branches from each.
  • Replicate the same information on multiple Active Directory servers. (Correct)
  • Configure a SmartDirectory Cluster object.
  • Configure the SmartDirectory as a single object using the LDAP cluster IP. Actual HA functionality is configured on the servers.

Answer : Replicate the same information on multiple Active Directory servers.

Check Point Certified Security Expert Exam Set 2

Which of the following is NOT a LDAP server option in SmartDirectory?


Options are :

  • Novell_DS
  • Standard_DS (Correct)
  • Netscape_DS
  • OPSEC_DS

Answer : Standard_DS

Which of the following is NOT a feature of ClusterXL?


Options are :

  • Zero downtime for mission-critical environments with State Synchronization
  • Transparent upgrades
  • Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway) (Correct)
  • Transparent failover in case of device failures

Answer : Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway)

What is the offline CPSIZEME upload procedure?


Options are :

  • Use the webbrowser version of cpsizeme and fax it to Check Point.
  • Find the cpsizeme_of_.pdf, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com
  • Find the cpsizeme_of_.xml, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com (Correct)
  • There is no offline upload method.

Answer : Find the cpsizeme_of_.xml, attach it to an e-mail and send it to cpsizeme_upload@checkpoint.com

156-315.71 Check Point Security Expert R71 Practice Exam Set 3

Which command would you use to save the interface information before upgrading a GAiA Gateway?


Options are :

  • netstat –rn > [filename].txt
  • ifconfig > [filename].txt
  • cp /etc/sysconfig/network.C [location]
  • save configuration (Correct)

Answer : save configuration

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 8

Restoring a snapshot-created file on one machine that was created on another requires which of the following to be the same on both machines?


Options are :

  • Windows version, interface configuration, and patch level
  • State, SecurePlatform version, and patch level (Correct)
  • Windows version, objects database, patch level, and interface configuration
  • State, SecurePlatform version, and objects database

Answer : State, SecurePlatform version, and patch level

You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • GAiA back up utilities (Correct)
  • Database Revision Control
  • Commands upgrade_export and upgrade_import
  • Manual copies of the directory $FWDIR/conf

Answer : GAiA back up utilities

Typically, when you upgrade the Security Management Server, you install and configure a fresh R77 installation on a new computer and then migrate the database from the original machine.What is the correct order of the steps below to successfully complete this procedure? 1) Export databases from source. 2) Connect target to network. 3) Prepare the source machine for export. 4) Import databases to target. 5) Install new version on target. 6) Test target deployment.


Options are :

  • 3, 1, 5, 4, 2, 6
  • 5, 2, 6, 3, 1, 4
  • 3, 5, 1, 4, 6, 2 (Correct)
  • 6, 5, 3, 1, 4, 2

Answer : 3, 5, 1, 4, 6, 2

Check Point Certified Security Administrator Set 1

To run GAiA in 64bit mode, which of the following is true? 1) Run set edition default 64-bit. 2) Install more than 4 GB RAM. 3) Install more than 4 TB of Hard Disk.


Options are :

  • 1 and 2 (Correct)
  • 1, 2, and 3
  • 2 and 3
  • 1 and 3

Answer : 1 and 2

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on GAiA?


Options are :

  • There's no separate process, but the Linux default router can take care of that.
  • routed (Correct)
  • routerd
  • arouted

Answer : routed

Which is NOT a valid option when upgrading Cluster Deployments?


Options are :

  • Minimal Effort Upgrade
  • Fast path Upgrade (Correct)
  • Zero Downtime
  • Full Connectivity Upgrade

Answer : Fast path Upgrade

156-315.71 Check Point Security Expert R71 Practice Exam Set 1

You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use four machines with the following configurations: Cluster Member 1: OS - GAiA; NICs - QuadCard; Memory - 1 GB; Security Gateway only, version: R77 Cluster Member 2: OS - GAiA; NICs - 4 Intel 3Com; Memory - 1 GB; Security Gateway only, version: R77 Cluster Member 3: OS - GAiA; NICs - 4 other manufacturers; Memory: 512 MB; Security Gateway only, version: R77 Security Management Server: MS Windows 2008; NIC - Intel NIC (1); Security Gateway and primary Security Management Server installed, version: R77 Are these machines correctly configured for a ClusterXL deployment?


Options are :

  • No, the Security Gateway cannot be installed on the Security Management Pro Server.
  • No, Cluster Member 3 does not have the required memory
  • Yes, these machines are configured correctly for a ClusterXL deployment. (Correct)
  • No, the Security Management Server is not running the same operating system as the cluster members

Answer : Yes, these machines are configured correctly for a ClusterXL deployment.

Typically, when you upgrade the Security Management Server, you install and configure a fresh R77 installation on a new computer and then migrate the database from the original machine. When doing this, what is required of the two machines? They must both have the same:


Options are :

  • Patch level.
  • Interfaces configured.
  • Products installed. (Correct)
  • State

Answer : Products installed.

A Zero Downtime Upgrade of a cluster:


Options are :

  • Is only supported in major releases (R70 to R71, R71 to R77).
  • Treats each individual cluster member as an individual gateway.
  • Requires breaking the cluster and upgrading members independently.
  • Upgrades all cluster members except one at the same time. (Correct)

Answer : Upgrades all cluster members except one at the same time.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

What process manages the dynamic routing protocols (OSPF, RIP, etc.) on GAiA?


Options are :

  • arouted
  • routerd
  • gated (Correct)
  • There's no separate process, but the Linux default router can take care of that.

Answer : gated

Which of the following statements accurately describes the migrate command?


Options are :

  • Used primarily when upgrading the Security Management Server, migrate stores all object databases and the conf directories for importing to a newer version of the Security Gateway. (Correct)
  • Used when upgrading the Security Gateway, upgrade_export includes modified files, such as in the directories /lib and /conf.
  • upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server

Answer : Used primarily when upgrading the Security Management Server, migrate stores all object databases and the conf directories for importing to a newer version of the Security Gateway.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions