156-315.77 Check Point Certified Security Expert Exam Set 14

Which of the following software blades can be used to provide centralized backup management?


Options are :

  • SmartDashboard
  • Smart Provisioning
  • Smart Gateway
  • Smart Backup

Answer : Smart Provisioning

156-315.77 Check Point Certified Security Expert Exam Set 15

To force clients to use Integrity Secure Workspace when accessing sensitive applications, the Administrator can configure Connectra:


Options are :

  • Without a special setting. Secure Workspace is automatically configured.
  • To force the user to re-authenticate at login
  • To implement Integrity Clientless Security
  • Via protection levels

Answer : Via protection levels

When Converting Gateways to Smart LSM Security Gateways, you can:


Options are :

  • do nothing, the conversion is automatic.
  • convert a Security Gateway or UTM-1 Edge Gateway managed with Smart Dashboard to a Smart
  • delete the device and re-install it in Smart Provisioning.
  • reset SIC and re-establish communication with the new Smart Provisioning

Answer : convert a Security Gateway or UTM-1 Edge Gateway managed with Smart Dashboard to a Smart

Your customer asks you about Check Point SmartWorkflow. His company must comply with various laws and regulations and therefore it is important for him to be able to see the changes made to a specific object.How can the customer receive the required information?


Options are :

  • The customer can use the Check Point's SmartViewTracker to view the required information. He selects the log category Changed Objects.
  • The customer can use the Record Details. This feature enables administrators to track changes that have been made to objects over an extended period of time. These changes are recorded in SmartView Tracker as audit logs.
  • The customer can use the Check Point's SmartView Tracker directly to receive the required information. He selects the log category SmartWorkflow.
  • The customer can check compliance. This function compares the logs with the compliance requirements and automatically reports which part of the selected compliance is fulfilled and which is not.

Answer : The customer can use the Record Details. This feature enables administrators to track changes that have been made to objects over an extended period of time. These changes are recorded in SmartView Tracker as audit logs.

156-315.77 Check Point Certified Security Expert Exam Set 16

When connecting to the SSL VPN portal, you receive a pop-up message indicating that the server hostname does not match the certificate hostname, and the certificate is not signed by a known Certificate Authority (CA). How would you solve this problem?


Options are :

  • Ignore the message. It only occurs before the portal synchronizes with the GUI.
  • Acquire and install an SSL server certificate from a known CA.
  • Resolve the certificate-hostname conflict between the Connectra portal and the administration GUI.
  • The administration GUI is pointing to the wrong certificate-hostname location.

Answer : Acquire and install an SSL server certificate from a known CA.

Domain name can NOT be changed in Smart Provisioning and Domain Name is grayed out.What is a possible reason for this?


Options are :

  • Domain name settings are always fetched from firewall object.
  • There is no Smart Provisioning license installed.
  • Override profile setting on device level is set to Mandatory.
  • Profile is not assigned to any Gateway

Answer : Override profile setting on device level is set to Mandatory.

Where do Gateways managed by SmartProvisioning fetch their assigned profiles?


Options are :

  • They are fetched locally from the individual device
  • The standalone SmartProvisioning server
  • The Security Management server or CMA
  • The SmartView Monitor

Answer : The Security Management server or CMA

156-315.77 Check Point Certified Security Expert Exam Set 17

Which port is typically used by SSL Network Extender, if the Connecter Portal will also be used on the same IP address?


Options are :

  • SSL (TCP/80)
  • SSL (TCP/443
  • SSL (TCP/444)
  • SSL (TCP/900)

Answer : SSL (TCP/444)

You are a SSL VPN administrator. Your users complain that their Outlook Web Access is running extremely slowly, and their overall browsing experience continues to worsen. You suspect it could be a logging problem.Which of the following logs does Check Point recommend you turn off?


Options are :

  • Traffic
  • Event
  • Trace
  • Alert

Answer : Trace

To configure a client to properly log in to the user portal using a certificate, the Administrator MUST:


Options are :

  • Install an R71 internal Certificate Authority certificate.
  • Create an internal user in the admin portal.
  • Store the client certificate on the SSL VPN Gateway.
  • Create a client certificate from Smart Dashboard.

Answer : Create an internal user in the admin portal.

156-315.77 Check Point Certified Security Expert Exam Set 18

You start the configuration of SmartWorkflow. SmartWorkflow is enabled, but you are not able to select Open New Session because it is greyed out.What must be done to open a new session? Choose the BEST answer.


Options are :

  • Sessions in the Manage menu of SmartDashboard must be selected and enabled
  • A rule which allows the SmartWorkflow traffic must be placed on the top of the Rule Base.
  • The use of sessions must be enabled by the CLI command: SWF_session start.
  • The Work with sessions in Global Properties must be set.

Answer : The Work with sessions in Global Properties must be set.

Which of the following statements about SSL VPN is TRUE?


Options are :

  • Traffic is encrypted, when it is initiated from a LAN
  • Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal servers.
  • Administration traffic is not encrypted.
  • All traffic is always encrypted.

Answer : Traffic is not encrypted in a LAN deployment, where clear text requests are forwarded to internal servers.

Can end users be forced to authenticate by using client certificates and username/password credentials?


Options are :

  • SSL VPN only supports server certificates.
  • Yes, by editing the protection-level settings.
  • Yes, but by manually changing the parameter: Is Password Warning to true in the $FWDIR/conf/objects_5_0.C file, to allow for LDAP password remediation; and through the use of multiple-challenge login pages.
  • No, R71 only supports authentication by client certificates

Answer : Yes, by editing the protection-level settings.

156-315.77 Check Point Certified Security Expert Exam Set 19

How is Smart Workflow disabled?


Options are :

  • Open SmartWorkflow as admin. Create new session and name it Disable SmartWorkflow.In SmartDashboard click SmartWorkflow > Disable SmartWorkflow, click OK in the warning box, click Save and Continue
  • In cpconfig, choose Disable SmartWorkflow from the menu
  • In SmartViewTracker, click on SmartWorkflow> Disable SmartWorkflow
  • In Smart Dashboard, click on View > SmartWorkflow > Disable SmartWorkflow

Answer : Open SmartWorkflow as admin. Create new session and name it Disable SmartWorkflow.In SmartDashboard click SmartWorkflow > Disable SmartWorkflow, click OK in the warning box, click Save and Continue

A user attempts to initialize a network application using SSL Network Extender.The application fails to start. What is the MOST LIKELY solution?


Options are :

  • Select the option Auto-detect client capabilities
  • Select the option Enable SSL Network Extender Application Mode only
  • Select the option Enable SSL Network Extender Network Mode only.
  • Select the option Turn off all SSL tunneling clients.

Answer : Select the option Enable SSL Network Extender Application Mode only

You have to uninstall the Check Point SmartWorkflow Software Blade on a Secure Platform system. How can you perform this procedure?


Options are :

  • To uninstall the SmartWorkflow Software Blade you must first connect to your Security Management System on command line level. Then in the directory /opt/CPUninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u. Afterwards, follow the screen instructions and change to the directory /opt/CPUninstall/R70_HFA_10 and repeat the previous command.
  • To uninstall the SmartWorkflow Software Blade, you must first connect to your Security Management System on the command line level. Then in the directory /opt/CPuninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u.
  • To uninstall the SmartWorkflow Software Blade you can connect to the Secure Platform Web UI ( ) and select: Device > Upgrade. You will be asked if you want uninstall the SmartWorkflow Software Blade.
  • To uninstall the SmartWorkflow Software Blade, you use SmartUpdate. Click on the symbol of the Security Management Server, right-click, select Get Gateway Data, select SmartWorkflow, right - click uninstall SmartWorkflow. You will see the progress in the Opera rationStatus windows.

Answer : To uninstall the SmartWorkflow Software Blade you must first connect to your Security Management System on command line level. Then in the directory /opt/CPUninstall/Check_Point_Workflow, run the command ./UnixInstallScript -u. Afterwards, follow the screen instructions and change to the directory /opt/CPUninstall/R70_HFA_10 and repeat the previous command.

156-315.77 Check Point Certified Security Expert Exam Set 2

In SmartWorkflow, what is NOT a valid possibility?


Options are :

  • Task Flow without Session and without Role Segregation
  • Task Flow with Session but without Role Segregation
  • Task Flow with Session and with Role Segregation
  • Task Flow without Session but with Role Segregation

Answer : Task Flow without Session but with Role Segregation

What is a possible reason for the grayed out Restore Version button in the screenshot of the Database Revision Control while trying to restore Old Structure?


Options are :

  • With SmartWorkflow active, only SmartWorkflow revisions could be restored.
  • No SmartWorkflow session is started.
  • Self-created versions cannot be restored if there are newer versions created in SmartWorkflow.
  • Old Structure was not approved in SmartWorkflow

Answer : No SmartWorkflow session is started.

SSL termination takes place:


Options are :

  • In a DMZ and LAN deployment scenario on a Connecter Gateway
  • In a DMZ deployment on a Connecter Gateway
  • In a LAN deployment on a Security Gateway
  • In a DMZ and LAN deployment scenario on a Security Gateway

Answer : In a DMZ and LAN deployment scenario on a Security Gateway

156-315.77 Check Point Certified Security Expert Exam Set 20

Current VPN-1 NG with Application Intelligence (AI) R55standalone VPN-1 Pro Gateway and the SmartCenter Server to run SecurePlatform.You have a plan to VPN-1 NGX in a distributed environment, where the current machine is SmartCenter Server, and the new machine will be the VPN-1 Pro Gateway only .You need to move Al NG R55 SmartCenter Server configuration, including such items as an internal Certificate Authority, databases, and security Policies.How you ask for a new authorization VPN -1 NGX upgrade?


Options are :

  • Ask for a VPN-1 NGX SmartCenter Server license using the new machine's IP address.Request a new license key NGX VPN-1 Pro Gateway.
  • Ask for a VPN-1 NGX SmartCenter Server license with NG Al SmartCenter server's IP address. Request a new license key NGX VPN-1 Pro Gateway, licensed to existing SmartCenter server's IP address
  • Ask a new VPN-1 NGX SmartCenter Server license with NG Al SmartCenter server's IP address. Request a new license key NGX VPN-1 Pro Gateway.
  • None
  • Ask for a VPN-1 NGX SmartCenter Server license using the new machine's IP address.Request a new local license NGX VPN-1 Pro Gateway.

Answer : Ask for a VPN-1 NGX SmartCenter Server license with NG Al SmartCenter server's IP address. Request a new license key NGX VPN-1 Pro Gateway, licensed to existing SmartCenter server's IP address

156-315.77 Check Point Certified Security Expert Exam Set 21

How to configure a rule that allows SIP traffic security endpoint endpoint Net_Ato Net_B, through NGX Security Gateway?


Options are :

  • None
  • Net_A / Net_B / SIP / accept
  • .Net_A / Net_B / VolP_any / accept
  • Net_A / Net_BM3lP / accept
  • Net_A / Net_B / sip and sip_any / accept

Answer : Net_A / Net_B / SIP / accept

Which of the following TCP port numbers used to connect to the VPN-1 Portal Content Vector Protocol (CVP) server?


Options are :

  • 18181
  • 1456
  • 7242
  • 18180
  • 18182

Answer : 18181

Barak Security Administrator is an organization that has two sites using a VPN pershared secrets. The two areas are in Oslo and London. Barak has just been informed that the new office opens in Madrid, and he must take all three places through a VPN connection to each other. Three security gateways run by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to move pershared secrets certificates of internal Certificate Authority (ICA) After the creation of the proper object of Madrid's gateway VPN Domain, what are the rest of the steps Barak? 1. Remove the "pre-shared secret" in London and Oslo gateway objects 2. Add the gateway object of Madrid, Oslo and London mesh VPN Community 3. Manually create ICA Certificates for all three Security Gateway. 4. Set the "traditional mode of VPN configuration" of Madrid, the gateway object to a VPN box 5. Install the security policy for all three security gateway.


Options are :

  • 1,2,5
  • 1,2,4,5
  • 1,2,3,4
  • 1,2,3,5
  • 1,3,4,5

Answer : 1,2,5

156-315.77 Check Point Certified Security Expert Exam Set 22

The company has two headquarters, one in London, one in New York. Each head office has a number of offices. Branches need only communicate with their headquarters, not with each other, and only need to communicate directly to the headquarters. What is the best configuration among the VPN to the branch offices and the head office and the headquarters of the two? VPN Communities shall consist of:


Options are :

  • The two stars and one of the mesh of the Community; every star in the Community has established for each site, with its head office in the center of the community, and branches as satellites. Mesh communities between New York and London headquarters
  • Two mesh Communities, one for each of their headquarters and branch offices; and one star the Community, where New York is the center of the Community and London is a satellite.
  • Two mesh Communities, one for each of their headquarters and branch offices; and one star the Community, which in London is at the heart of Community and New York, is a satellite.
  • Three of the mesh: one of London's head office and its branches, one of New York headquarters and its branches and one in London and New York headquarters.
  • None

Answer : The two stars and one of the mesh of the Community; every star in the Community has established for each site, with its head office in the center of the community, and branches as satellites. Mesh communities between New York and London headquarters

You are preparing to configure VoIP Gatekeeper Domain object.Which two other objects would you have created first?


Options are :

  • The object represents the IP telephony network, and the object represents the host on which the gatekeeper is installed
  • The object represents a Q.931 service launch event for the host, and the object represents a H.245 termination of the host
  • The object represents the IP telephony network, and the host object represents a proxy is installed
  • The object represents a telephone network, and an object that represents the IP telephone network
  • The object represents the Call Manager, and the object representing the host on which the transmission is installed on the router

Answer : The object represents the IP telephony network, and the object represents the host on which the gatekeeper is installed

Every VPN Community object is used within a VPN routing SmartDashboard?


Options are :

  • Star
  • network
  • Map
  • None
  • Remote access

Answer : Star

156-315.77 Check Point Certified Security Expert Exam Set 23

The organization has many VPN1 Edge gateways in different branches, so that VPN1 SecureClient users to access corporate resources. For safety reasons, the organization's security policy requires that all Internet traffic started behind the VPN-1 Edge gateways to first carefully studied the headquarters VPN-1 Pro Security VPN routing Gateway.How you in this star VPN Community?


Options are :

  • Internet and objectives only
  • To the center and via other satellites Center
  • None
  • the Center only
  • the center; or through the center to other satellites, then the Internet and other VPN targets

Answer : the center; or through the center to other satellites, then the Internet and other VPN targets

Yoav is a Security Administrator is preparing to implement a VPN his multi-site organization.To to comply with the relevant regulations, Yoav's VPN solution must meet the following requirements: Portability: Standard Management: Automatic, external PKI Session keys: change the specified times during the connection to the life of the Key length: at least 128-bit integrity: protect from inversion and break down what the most appropriate setting Yoav should I choose?


Options are :

  • .IKE VPNs AES IKE phase 1, phase 2 and AES; SHA1 hash
  • IKE VPNs: the DES encryption in IKE phase 1 and phase 2 3DES encryption; MD5
  • IKE VPNs AES IKE phase 1, and the DES encryption of step 2; SHA1 hash
  • IKE VPNs: SHA1 encryption in IKE phase 1 and phase 2 MD5 encryption; AES hash
  • IKE VPNs: CAST encryption in IKE phase 1 and phase 2 SHA1 encryption; DES hash

Answer : .IKE VPNs AES IKE phase 1, phase 2 and AES; SHA1 hash

What is the best configuration option to protect internal users from malicious Java code, without stripping scripts?


Options are :

  • Use the URI of the resource tapes applet tags
  • Use the CVP that the URI resource block Java code
  • Use the URI of the resource tapes ActiveX tags
  • None
  • Use the URI of the resource block Java code

Answer : Use the URI of the resource block Java code

156-315.77 Check Point Certified Security Expert Exam Set 24

VPN community has three Security Gateway. Each Gateway has its own internal network is defined VPN Domain. You need to test your VPN-1 NGX route-based VPN feature, stopping the VPN. What is the correct order of the steps?


Options are :

  • 1. Add a new user interface each Gateway. 2.Add just been added to the network each gateway into the existing VPN Domain object. 3.Create VTIs each gateway object, refer to the other two users. 4. Add static routes to three gateways, route to new networks of each peer VTI interface.
  • 1. Add a new user interface each Gateway. 2. Add the newly added to the network to an existing VPN Gateway for each area. 3. Create a VTIs each gateway object, to show the other two peers. 4. Take the advanced routing all three gateways.
  • None
  • 1. Add a new user interface each Gateway. 2. Remove the counter is added to each gateway network from the current VPN Domain object. 3. Create a VPN tunnel connections (VTI) in each of the gateway object, refer to the other two users. 4. Add static routes three gateways to route a new network for each peer VTI interface.
  • 1. Add a new user interface each Gateway. 2. Remove the newly added for each Gateway VPN network from the current area. 3. Create a VTIs on each Gateway, to show the other two peers 4. Enable advanced routing all three gateways.

Answer : 1. Add a new user interface each Gateway. 2. Remove the counter is added to each gateway network from the current VPN Domain object. 3. Create a VPN tunnel connections (VTI) in each of the gateway object, refer to the other two users. 4. Add static routes three gateways to route a new network for each peer VTI interface.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now