156-315.77 Check Point Certified Security Expert Exam Set 13

VPN traffic control would include a VPN component?


Options are :

  • QoS (Correct)
  • safety
  • management
  • None
  • Presentation

Answer : QoS

Central License Management allows the Security Administrator to perform which of the following? Select all that apply


Options are :

  • Check expired licenses (Correct)
  • ttach both NGX Central and Local licenses to a remote module
  • Replace and / or remove a restriction on NGX Central granting remote module (not local licenses) (Correct)
  • Add or remove a license or authorization from the archive (Correct)
  • Sort licenses and view license properties (Correct)
  • .Delete both NGX local permits and licenses Central remote module

Answer : Check expired licenses Replace and / or remove a restriction on NGX Central granting remote module (not local licenses) Add or remove a license or authorization from the archive Sort licenses and view license properties

Consider the following actions that the VPN-1 NGX can take when it manage packages. Policy Package is set to the traditional mode of VPN.Identify options, which includes the available actions. Choose four.


Options are :

  • Extract
  • Accept (Correct)
  • client authentication
  • Drop (Correct)
  • Allow
  • Reject (Correct)

Answer : Accept Drop Reject

156-215.13 Check Point Certified Security Administrator Exam Set 5

What steps can be run SmartUpdate NGX R65?


Options are :

  • None
  • remote_uninstall_verifier
  • cpinfo (Correct)
  • upgrade_export
  • mds_backup

Answer : cpinfo

There are license_upgrade Tool Secure Platform Gateway.Which the following you can do the update tool?


Options are :

  • Run the actual license update.
  • View licenses in the SmartUpdate License archive. (Correct)
  • View the status of installed licenses
  • To simulate the license upgrade.
  • None

Answer : View licenses in the SmartUpdate License archive.

When the synchronization clusters, which of the following statements are true? Select all that apply.


Options are :

  • resources for connections using .the state maintains a Security Server, so that these contacts can not be synchronized. (Correct)
  • Only cluster members running the same operating system platform can be synchronized. (Correct)
  • In the case of failover, the account information has failed member may disappear in spite of correctly
  • State resources for connections that use to maintain Security Server, so that these contacts can not be synchronized. (Correct)

Answer : resources for connections using .the state maintains a Security Server, so that these contacts can not be synchronized. Only cluster members running the same operating system platform can be synchronized. State resources for connections that use to maintain Security Server, so that these contacts can not be synchronized.

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

Network traffic requires special treatment in addition to other routers network QoS module that Check Point QoS feature should be used?


Options are :

  • bounds
  • .Differentiated Services (Correct)
  • guarantees
  • Weighted Fair Queuing
  • With a slight delay waiting

Answer : .Differentiated Services

When you add a resource to the service rule, which of the following actions take place?


Options are :

  • All packages corresponding to this rule are either hidden or unloaded from the specified resource.
  • All packets correspond to the resource rule is dropped
  • All packets correspond to the resource service rule is analyzed or verified, based on the resource properties. (Correct)
  • VPN-1 SecureClient users who try to connect to an object defined in the Destination column of a rule will have a new desktop resource policy.
  • For users who try to connect to the destination of the rule is needed to authenticate.

Answer : All packets correspond to the resource service rule is analyzed or verified, based on the resource properties.

Choose all correct statements. Smart Update, which is located in VPN-1 NGX SmartCenter Server, you can: (1) Remote to perform the first installation of VPN-1 NGX, a new machine (2) Specify the operating system patch levels on remote machines (3) update installed Check Point and potential OPSEC certified software remotely (4) Update Check Point Software is installed remotely (5) Track of installed Check Point and OPSEC products (6) centrally manage licenses


Options are :

  • 1, 3, 4, and 6
  • 1 & 4
  • 4, 5, and 6
  • None
  • 2, 4, 5, and 6 (Correct)

Answer : 2, 4, 5, and 6

Check Point Certified Security Expert Exam Set 7

For an initial installation of Connecter, which of the following statements is TRUE?


Options are :

  • .It is not possible to use the sysconfig and cpconfig utilities, until the First Time Wizard in the Administration Web GUI is successfully completed. (Correct)
  • It is not necessary to set up the Rule Base before completing Connector's installation.
  • .It is possible to run the First Time Wizard from Expert Mode on the Connecter server.
  • You must configure the Connecter username and password before running the First Time Wizard.

Answer : .It is not possible to use the sysconfig and cpconfig utilities, until the First Time Wizard in the Administration Web GUI is successfully completed.

Check Point Certified Security Expert Exam Set 7

In the following command,LSMcli [-d] "server" should be replaced with:


Options are :

  • GUIclient
  • Hostname DAIP device
  • IP address of the Security Management server (Correct)
  • Hostname of ROBO gateway

Answer : IP address of the Security Management server

To configure a Security Management Server for an SSL VPN Gateway, you can set up log forwarding from that Gateway. All of the following tasks must be performed to accomplish this,EXCEPT:


Options are :

  • Providing the Security Management Server's IP address.
  • .Initiating the put key process in order to facilitate Secure Internal Communications (SIC).
  • Establishing SIC between the Security Management Server and the SSL VPN Gateway
  • Defining a remote log server in the "Remote Log Server" box. (Correct)

Answer : Defining a remote log server in the "Remote Log Server" box.

How is the SmartWorkflow Session Information Pane enabled?


Options are :

  • In SmartDashboard, click on SmartWorkflow> Show Session Information Pane (Correct)
  • In SmartViewTracker, click onSmartWorkflow> Show Session Information Pane
  • In SmartDashboard, click on View > SmartWorkflow > Show Session Information Pane
  • .In cpconfig, choose Enable Session Information Pane from the menu

Answer : In SmartDashboard, click on SmartWorkflow> Show Session Information Pane

Check Point Certified Security Administrator Set 4

Why would an old Connecter Gateway IP be displayed to remote SSL Network Extender users, after changing it to a different IP? You must:


Options are :

  • Update Connector's certificate to reflect the newly assigned IP address (Correct)
  • Install a new license corresponding to the newly configured IP
  • Restart service CPwebis
  • Make the change using sysconfig instead of the admin portal

Answer : Update Connector's certificate to reflect the newly assigned IP address

You have configured an LDAP account unit and confirmed the Apply & Fetch Branches option works in SSL VPN, but end users still cannot be authenticated.What is the MOST LIKELY cause?


Options are :

  • The Administrator's login is incorrect.
  • The LDAP account unit's login Distinguished Name is incorrectly configured (Correct)
  • The LDAP server is incorrectly configured.
  • The user is not defined in Active Directory.

Answer : The LDAP account unit's login Distinguished Name is incorrectly configured

Your customer wishes to install the SmartWorkflow Software Blade on a R70 Security Management server (Secure Platform).Which is the correct method?


Options are :

  • The SmartWorkflow Software Blade is included in the standard R70 version. You need to enable it via cpconfig.
  • A.When you install the R70.1 package on an R70 Security Management server, it will be upgraded to version R70.1 with SmartWorkflow. (Correct)
  • .You must upgrade the Management Server to the version R70.1 first before you start the installation of the SmartWorkflow Software Blade plug-in.
  • The SmartWorkflow works directly on the version R70. Install the SmartWorkflow as an add-on.The version of the Management server remains R70.

Answer : A.When you install the R70.1 package on an R70 Security Management server, it will be upgraded to version R70.1 with SmartWorkflow.

156-315.77 Check Point Certified Security Expert Exam Set 3

Among the authentication schemes SSL VPN employs for users, which scheme does Check Point recommend so all servers are replicated?


Options are :

  • RADIUS (Correct)
  • User certificates
  • LDAP
  • Username and password

Answer : RADIUS

The Smart Provisioning management concept is based on:


Options are :

  • Zones
  • Profiles (Correct)
  • Regions
  • Groups

Answer : Profiles

While using the SmartProvisioning Wizard to create a new profile, you cannot continue because there are no devices to select. What is a possible reason for this? i) All devices already have a profile assigned to them ii)Provisioning Blade is not enabled on the devices iii)No UTM- 1/Power- 1/Secure Platform devices are defined in Smart Dashboard iv)SIC is not established on the devices.


Options are :

  • (ii), (iii) or (iv)
  • (ii) only
  • (i) or (iii) (Correct)
  • (iii) or (iv)

Answer : (i) or (iii)

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

What are the Smart Provisioning Policy Status indicators?


Options are :

  • OK, Down, Up, Synchronized
  • OK, Waiting, Out of Sync, Not Installed, Not communicating
  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date (Correct)
  • OK, Unknown, Not Installed, May be out of date

Answer : OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date

After repairing a SmartWorkflow session:


Options are :

  • The session moves to status Awaiting Repair and must be resubmitted.
  • The session is discarded and a new session is automatically started.
  • The session is continued with status Not approved and a new session must be started.
  • The session moves to status Repaired and a new session can be started. (Correct)

Answer : The session moves to status Repaired and a new session can be started.

The London office just upgraded their DNS servers so their Gateway needs to be updated with the new settings. What would be the BEST way for Henry to change the DNS settings for London's Gateway?


Options are :

  • Edit the Canada Profile
  • Edit the Europe Profile (Correct)
  • DNS settings for that Gateway cannot be changed
  • Edit the Gateway's DNS settings from the Edit Gateway, then selecting the DNS tab

Answer : Edit the Europe Profile

Check Point Certified Security Administrator Set 1

Your customer wishes to install SmartWorkflow on top of R70 Security Management Server (Windows system). What is the required disk space?


Options are :

  • 1256 MB
  • 880 MB (Correct)
  • 1 GB
  • 512 MB

Answer : 880 MB

Which of the following is a supported deployment for Connectra?


Options are :

  • IPSO 4.9 build 88
  • Windows server 2007
  • Solaris 10
  • VMWare ESX (Correct)

Answer : VMWare ESX

You logged in to your firewall and discovered that the scheduled backup has been modified.Which of the below options is NOT a reason for the change?


Options are :

  • Another administrator issued a new backup command through the command line
  • Another administrator logged in to the WebUI and changed the setting without your knowledge
  • Another administrator updated the Backup Schedule using SmartUpdate (Correct)
  • Another administrator pushed a SmartProvisioning profile to the firewall

Answer : Another administrator updated the Backup Schedule using SmartUpdate

156-315.65 Check Point Security Administration NGX R65 Exam Set 4

Smart Provisioning is an integral part of the Security Management or Provider-1 CMA.To enable Smart Provisioning on the Security Management server:


Options are :

  • Obtain a Smart Provisioning license, add the License to the Security Management server or CMA, disable SecureXL.
  • Obtain a Smart Provisioning license, add the License to the Security Management server or CMA, select the box under Policy for Smart Provisioning.
  • Obtain a Smart Provisioning license, add the License to the Security Management server or CMA, turn on Smart Provisioning on each Gateway to be controlled.
  • Obtain a Smart Provisioning license, add the License to the Security Management server or CMA. (Correct)

Answer : Obtain a Smart Provisioning license, add the License to the Security Management server or CMA.

Your customer wishes to use SmartWorkflow Software Blade, but he also wishes to install a policy during an emergency without an approval. Is it possible?


Options are :

  • No, if a customer uses the SmartWorkflow Software Blade, a policy must be approved.
  • Yes, it is possible, but this feature must be configured in Global Properties and the administrator must provide a special password.
  • Yes, it is possible, but this feature must be configured in the Global Properties. The administrator must provide a special password and the reason for this emergency installation. (Correct)
  • A.Yes, it is possible but the administrator must receive special administrator permission, i.e., Can install in emergency. You can use the new GUI to set the administration security setting.

Answer : Yes, it is possible, but this feature must be configured in the Global Properties. The administrator must provide a special password and the reason for this emergency installation.

When using SmartWorkflow, how many sessions can be in progress at the same time?


Options are :

  • 3
  • As many as you want
  • 1 (Correct)
  • 2

Answer : 1

156-215.13 Check Point Certified Security Administrator Exam Set 2

Which changes are tracked by SmartWorkflow?


Options are :

  • Users, Administrators, Groups and VPN Communities
  • Security Policies and the Rule Base, Network Objects, Network Services, Resources, Users, Administrators, Groups, VPN Communities and Servers and OPSEC Applications. (Correct)
  • Security Policies and the Rule Base, Network Objects, Network Services, VPN Communities.
  • SmartDashboard, SmartView Tracker and SmartView Monitor logins and logouts

Answer : Security Policies and the Rule Base, Network Objects, Network Services, Resources, Users, Administrators, Groups, VPN Communities and Servers and OPSEC Applications.

Your company is planning on moving their server farm to a new datacenter which requires IP changes to important network services including DNS, DHCP, and TFTP. Rather than manually logging in to all your firewalls and modifying the settings individually, you decide to purchase and enable SmartProvisioning. Assuming all your firewalls are on SPLAT, what is the minimum version required to update the firewalls' DNS and backup settings via SmartProvisioning?


Options are :

  • R65 HFA 40 (Correct)
  • R71
  • R62
  • R60 HFA 02

Answer : R65 HFA 40

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions