156-315.77 Check Point Certified Security Expert Exam Set 10

What is the SmartEvent Clients function?


Options are :

  • Generate a threat analysis report from the Reporter database.
  • Assign severity levels to events.
  • Display received threats and tune the Events Policy. (Correct)
  • Invoke and define automatic reactions and add events to the database.

Answer : Display received threats and tune the Events Policy.

How many Events can be shown at one time in the Event preview pane?


Options are :

  • 1,000
  • 15,000
  • 5,000
  • 30,000 (Correct)

Answer : 30,000

The CoreXL SND (Secure Network Distributor) is responsible for:


Options are :

  • shutting down cores when they are not needed.
  • changing routes to distribute the load across multiple firewalls.
  • accelerating VPN traffic.
  • distributing non-accelerated packets among kernel instances. (Correct)

Answer : distributing non-accelerated packets among kernel instances.

How many pre-defined exclusions are included by default in SmartEvent R77 as part of the product installation?


Options are :

  • 10
  • 5
  • 3 (Correct)
  • 0

Answer : 3

In a R77 ClusterXL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?


Options are :

  • Multicast MAC address response to a RARP request
  • Unicast MAC address response to a Multicast IP request
  • MGCP MAC address response to a Multicast IP request
  • Multicast MAC address response to a Unicast IP request (Correct)

Answer : Multicast MAC address response to a Unicast IP request

What access level cannot be assigned to an Administrator in SmartEvent?


Options are :

  • Write only (Correct)
  • No Access
  • Read only
  • Events Database

Answer : Write only

The SmartEvent Correlation Unit:


Options are :

  • analyzes each IPS log entry as it enters the Log server. (Correct)
  • displays the received events.
  • adds events to the events database.
  • assigns a severity level to an event.

Answer : analyzes each IPS log entry as it enters the Log server.

The _____ contains the Events Data Base.


Options are :

  • SmartEvent Server (Correct)
  • SmartEvent Correlation Unit
  • SmartEvent DataServer
  • SmartEvent Client

Answer : SmartEvent Server

Which Check Point product implements a Consolidation Policy?


Options are :

  • SmartLSM
  • SmartView Tracker
  • SmartReporter (Correct)
  • SmartView Monitor

Answer : SmartReporter

What are the 3 main components of the SmartEvent Software Blade? 1) Correlation Unit 2) Correlation Client 3) Correlation Server 4) Analyzer Server 5) Analyzer Client 6) Analyzer Unit


Options are :

  • 4,5,6
  • 1,2,3
  • 1,3,4
  • 1,4,5 (Correct)

Answer : 1,4,5

Which Check Point product is used to create and save changes to a Log Consolidation Policy?


Options are :

  • Security Management Server
  • SmartReporter Client
  • SmartEvent Server
  • SmartDashboard Log Consolidator (Correct)

Answer : SmartDashboard Log Consolidator

How can you disable SecureXL via the command line (it does not need to survive a reboot)?


Options are :

  • securexl off
  • fwaccel off (Correct)
  • fw xl off
  • fw ctl accel off

Answer : fwaccel off

The SmartEvent Correlation Unit:


Options are :

  • forwards what is identified as an event to the SmartEvent server. (Correct)
  • displays the received events.
  • adds events to the events database.
  • assigns a severity level to an event.

Answer : forwards what is identified as an event to the SmartEvent server.

Which of these is a type of acceleration in SecureXL?


Options are :

  • connection rate (Correct)
  • QoS
  • GRE
  • FTP

Answer : connection rate

The SmartEvent Server:


Options are :

  • deletes events from the events database
  • displays the received events
  • analyzes each IPS log entry as it enters the Log server
  • invokes defined automatic reactions (Correct)

Answer : invokes defined automatic reactions

A SmartProvisioning Gateway could be a member of which VPN communities? 1) Center in Star Topology 2) Satellite in Star Topology 3) Center in Remote Access Community 4) Meshed Community


Options are :

  • 2 only
  • 1, 2 and 3
  • All
  • 2 and 3 (Correct)

Answer : 2 and 3

The SmartEvent Server:


Options are :

  • displays the received events.
  • assigns a severity level to an event. (Correct)
  • analyzes each IPS log entry as it enters the Log server.
  • forwards what is known as an event to the SmartEvent Server.

Answer : assigns a severity level to an event.

_____ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.


Options are :

  • Security Management Server
  • SmartDashboard Log Consolidator
  • SmartReporter (Correct)
  • SmartReporter Database

Answer : SmartReporter

After Travis added new processing cores on his server, CoreXL did not use them. What would be the most plausible reason why? Travis did not:


Options are :

  • edit Gateway Properties and increase the number of CPU cores.
  • edit Gateway Properties and increase the kernel instances.
  • run cpconfig to increase the number of CPU cores.
  • run cpconfig to increase the firewall instances. (Correct)

Answer : run cpconfig to increase the firewall instances.

What is the purpose of the pre-defined exclusions included with SmartEvent R77?


Options are :

  • To allow SmartEvent R77 to function properly with all other R71 devices.
  • To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71. (Correct)
  • As a base for starting and building exclusions.
  • To give samples of how to write your own exclusion.

Answer : To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71.

_____ is NOT an SmartEvent event-triggered Automatic Reaction.


Options are :

  • External Script
  • SNMP Trap
  • Block Access (Correct)
  • Mail

Answer : Block Access

Which of the following is NOT a SmartEvent Permission Profile type?


Options are :

  • Read/Write
  • No Access
  • View (Correct)
  • Events Database

Answer : View

Which of the following services will cause SecureXL templates to be disabled?


Options are :

  • TELNET
  • FTP (Correct)
  • HTTPS
  • LDAP

Answer : FTP

_____ generates a SmartEvent Report from its SQL database.


Options are :

  • SmartReporter (Correct)
  • Security Management Server
  • SmartEvent Client
  • SmartDashboard Log Consolidator

Answer : SmartReporter

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions