156-315.77 Check Point Certified Security Expert Exam Set 15

DShield is Checkpoint feature is used to prevent threats to which of the following?


Options are :

  • Cross Site Scripting
  • buffer overflows
  • DDOS (Correct)
  • SQL injection
  • Trojans

Answer : DDOS

To create IKE VPN of two VPN-1 NGX Security Gateway, protecting the two networks. The Network Gateway is behind one of 10.15.0.0/16, and the network 192.168.9.0/24 is behind the peer Gateway.Which type of Address Translation should be used in order to ensure access to the two networks to each other via a VPN tunnel?


Options are :

  • Hide NAT
  • manual NAT
  • Nothing (Correct)
  • static NAT
  • Hide NAT

Answer : Nothing

156-215.77 Check Point Certified Security Administrator Exam Set 1

What type of service should Security Administrator for use in rule base to control access to specific sections of a shared target machines?


Options are :

  • FTP
  • URI
  • HTTP
  • CIFS (Correct)
  • Telnet

Answer : CIFS

VPN-1 NGX include a resource with the mechanism of the Common Internet File System (CIFS). This service provides only a finite number of steps CIFS security.Which of the following services does not provide a CIFS resource?


Options are :

  • Log mapped shares
  • Allow MS print share (Correct)
  • Disable Remote Registry Access
  • Log access to shares
  • None

Answer : Allow MS print share

Damon enables SMTP resource content protection.He notice that the mail seems to slow down sometimes, sometimes delivered late. Which of the following could improve the throughput performance?


Options are :

  • Configuration Content Vector Protocol (CVP) resource to forward the internal SMTP server, waiting for a reply Security Gateway
  • Configuring the SMTP resource to allow only mail Damon company's domain name in the title
  • Increasing the maximum number of e-mails Gateway spool directory
  • Configuring the SMTP resource skip CVP resource (Correct)
  • Configuration CVP resource to return the mail Gateway

Answer : Configuring the SMTP resource skip CVP resource

156-215.77 Check Point Certified Security Administrator Exam Set 1

VPN-1 NGX supports VoIP traffic all of the following environments, EXCEPT that environment?


Options are :

  • SCCP
  • SIP
  • MGCP
  • H.323
  • MEGACO (Correct)

Answer : MEGACO

You are going to install the VPN-1 Pro Gateway VPN-1 NGX your own business is one of the headquarters.You Sun SPARC Solaris 9 machine VPN-1 Pro company plementation. You need this machine to inspect the traffic and keep the assembly files.Which Check Point software package, you can install?


Options are :

  • VPN-1 Pro Gateway and Primary SmartCenter Server (Correct)
  • VPN Gateway Pro 1
  • SmartCenter Server
  • ClusterXL and SmartCenter Server
  • Policy Server and the primary SmartCenter Server

Answer : VPN-1 Pro Gateway and Primary SmartCenter Server

Which of the following QoS rule action properties are advanced action type, can be found in the traditional mode?


Options are :

  • constitutional guarantee
  • limit rule
  • rule of weight
  • .Guarantee Allocation (Correct)
  • Apply the rule only encrypted traffic

Answer : .Guarantee Allocation

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

On the VPN-1 NG R54 Application Intelligence Platform Secure VPN gateway 1 Pro. Gateway also acts as a policy Server.When run the patch add cd from the NGX CD, what this command can be upgraded?


Options are :

  • only OS
  • All products, except for Policy Server
  • Only the patch utility has been updated with this command
  • Only VPN-1 Pro Gateway Security
  • As well as the operating system (OS) and all Check Point products (Correct)

Answer : As well as the operating system (OS) and all Check Point products

Regarding QoS guarantees and limits, which of the following statements is false?


Options are :

  • .If the limit and rule and per connection limit is usually defined as a connection limit shall not be higher than the rule limit.
  • None
  • Rule warranty shall not be less than the sum of the guarantees set out in its sub-rules.
  • If both border and guarantee a QoS rule defines a rule, the border must be less than the warranty. (Correct)
  • .If the warranty is defined part of a rule, then the rule guarantee defined above.

Answer : If both border and guarantee a QoS rule defines a rule, the border must be less than the warranty.

In a distributed VPN-1 Pro NGX environment, with an internal Certificate Authority (ICA) installed?


Options are :

  • Certificate Management Server
  • There is a Policy Server
  • There is a Security Gateway
  • Smart View Monitor
  • The Primary SmartCenter Server (Correct)

Answer : The Primary SmartCenter Server

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 1

You will receive a notification indicating suspicious FTP connection tries to connect to one of the internal hosts. How to prevent the connection in real time and check the connection is successfully blocked?


Options are :

  • Highlight suspicious connection SmartView Tracker> Active mode.Block connection to Tools> Block Intruder menu.Use Active mode to confirm that the suspicious connection is lost.
  • None
  • Highlight suspicious connection SmartView Tracker> Active mode.Block connection to Tools> Block Intruder menu.Use active mode to ensure that the suspicious connection does not reappear. (Correct)
  • Highlight suspicious connection SmartView Tracker> Log mode.Block connection to Tools> Block Intruder menu.Use Logbook Mode to confirm that the suspicious connection does not reappear.
  • .Highlight suspicious connection SmartView Tracker> Log mode.Block connection to Tools> Block Intruder menu.Use Log mode and make sure that a suspicious connection is lost.

Answer : Highlight suspicious connection SmartView Tracker> Active mode.Block connection to Tools> Block Intruder menu.Use active mode to ensure that the suspicious connection does not reappear.

You must configure the SIP proxy server to the network. IP phones are 172.16.100.0 network.The Registrar and Proxy is installed on a host 172.16.100.100.To enables the handover of the implementation of outgoing calls to a SIP network network Net_B on the Internet, you have configured the following items: Network destination: SIP-net: 172.16.100.0/24 SIP gateway: 172.16.100.100 VoIP Domain object: VolP_domain_A 1.Endpoint domain: net 2.VoIP SIP gateway is installed: SIP - yhdyskeskusisäntä object How to configure a rule?


Options are :

  • VolP_Gateway_MJet_B / sip_any / accept
  • VolP_domain_A / Net_B / sip_any and sip / accept
  • SIP gateway / Net_B / SIP / accept
  • SIP ateway G / N et_B / s i p_a LU / c a c e pt
  • .VolP_domain_A / Net_B / SIP / accept (Correct)

Answer : .VolP_domain_A / Net_B / SIP / accept

To upgrade the Secure Platform NG with Application Intelligence (AI) R55 Gateway to Secure Platform NGX R60 through SmartUpdate.Which package is needed in the archives before the upgrade?


Options are :

  • SVN Foundation 3
  • Secure Platform NGX R60 (Correct)
  • VPN-1 and Firewall-1
  • VPN-1 Pro / Express NGXR60
  • SVN Foundation and VPN-1 Express / Pro

Answer : Secure Platform NGX R60

Check Point Certified Security Expert Exam Set 4

What is the result of clearing the "Log IP connection" Global Properties box?


Options are :

  • IP addresses are used, instead of the names of the objects, the log entries that refer to the VoIP domain objects.
  • SmartCenter server stops the import of logs VoIP servers.
  • Saw a field setting rules for VoIP protocols will be ignored
  • Was VoIP traffic is logged, but accepted the VoIP traffic is not logged in
  • VoIP protocol-log fields are not included in the SmartView Tracker entries. (Correct)

Answer : VoIP protocol-log fields are not included in the SmartView Tracker entries.

Robert has determined the Common Internet File System (CIFS) resource section to let the audience in his favor the company's file server \\ erisco \ golden apple \ files \ public. Robert receives reports that users can not access the shared partition, unless they use the file IP address.Which of the following is a possible cause?


Options are :

  • Remote Registry Access is denied.
  • CIFS Null sessions are blocked.
  • Access violations are not logged in.
  • CIFS resource is not configured to use Windows name resolution (Correct)
  • Mapped shares do not allow administrative locks.

Answer : CIFS resource is not configured to use Windows name resolution

Greg creates rules and objects to guide the VoIP traffic through his organization VPN 1 NGX Security Gateway. Greg creates a VoIP Domain SIP to object to represent each of his organization's three SIP gateways. Greg then create a simple group includes a VoIP Domain SIP objects.When Greg trying to add VoIP Domain SIP opposed to the group, they are not listed. What is the problem?


Options are :

  • VoIP SIP Domain name of the object contains restricted characters.
  • VoIP gateway to the destination is added to the group until the VoIP SIP Domain objective is entitled to be added to the group.
  • VoIP Domain SIP objects will not be placed in a simple group. (Correct)
  • Related end points of the domain determines the addresses.
  • Installed VoIP gateways defined host objects.

Answer : VoIP Domain SIP objects will not be placed in a simple group.

156-315.77 Check Point Certified Security Expert Exam Set 1

Cody blacklist.org warned that his website has been reported as spam relay, since his SMTP server is unprotected. Cody decide to take the SMTP Security Server to exist on the server to prevent spam relay.Which of the following is the most effective method of assembly?


Options are :

  • Specifies the SMTP Security Server to work with the OPSEC-based product, content checking.
  • Security configure the SMTP server to perform MX resolution of
  • .Configure SMTP Security Server to apply the generic version of the "from" address to all outgoing mail.
  • Security configure the SMTP server to allow only mail or names within Cody's corporate domain. (Correct)
  • Security configure SMTP server performs filtering based on the IP address and SMTP protocols.

Answer : Security configure the SMTP server to allow only mail or names within Cody's corporate domain.

Current stand-alone VPN one NG Application Intelligence (AI) R55 installation is running Secure platform. Are you going to take the VPN-1 NGX in a distributed environment where the current machine is a VPN Gateway-1 Pro. An additional machine works SmartCenter Server. The new machine runs on Windows Server 2003.You need to upgrade NG Al R55 SmartCenter server configuration VPN-1 NGX.How you upgrade to VPN-1 NGX?


Options are :

  • .Use NGX R55 CD in the current NGwithAI Secure Platform machine, and answer yes to backup Windows Server backup configuration.Copy 2003.Continue process.Reboot update after the upgrade is finished.After Secure Platform NGX restarts, run the sysconfig, select the VPN-1 Pro Gateway, and finally sysconfig process.Reboot again.Use NGX CD to install the primary SmartCenter Windows Server 2003.Import backup. (Correct)
  • Run the backup command to existing Secure Platform machine to create a backup file in Windows Server file.Copy 2003.Uninstall primary SmartCenter Server package NG R55 Al Secure Platform NGX using sysconfig.Reboot.Install primary SmartCenter Server and import the backup file.Open NGX Smart Update and select the "update all packages" Al is NG R55 Security Gateway.
  • None
  • Copy FWDIR $ \ conf and $ FWDIR \ lib files existing Secure Platform machine.Create tar.gzfile, and copy it to the Windows Server 2003.Use VPN-1 NGX current CD Secure Platform machine to do a new install. Reboot.Run sysconfig and select the VPN-1 Pro NGX Gateway.Reboot.Use CD to install the primary SmartCenter Server Windows Server 2003.On Windows Server 2003, run the command to bring upgradeimport $ FWDIR \ conf and from $ FWDIR \ lib Secure Platform machine.
  • Run the backup command to the existing Secure Platform machine, create a backup Secure Platform file.opy file in Windows Server 2003.Uninstall all Check Point products running the rpm CPsuite.R55 command.Reboot.Install new VPN-1 NGX is the current Secure Platform machine.Run sysconfig, select the VPN-1 Pro Gateway, and reboot.Use VPN-1 NGX CD to install the primary SmartCenter Server Windows Server 2003.Import backup.

Answer : .Use NGX R55 CD in the current NGwithAI Secure Platform machine, and answer yes to backup Windows Server backup configuration.Copy 2003.Continue process.Reboot update after the upgrade is finished.After Secure Platform NGX restarts, run the sysconfig, select the VPN-1 Pro Gateway, and finally sysconfig process.Reboot again.Use NGX CD to install the primary SmartCenter Windows Server 2003.Import backup.

What operating system does not support VPN-1 SecureClient?


Options are :

  • RedHat Linux 8.0
  • Mac OS tenth version
  • IPSO 3.9 (Correct)
  • Windows 2000 Professional
  • Windows XP SP2

Answer : IPSO 3.9

156-215.70 Check Point Certified Security Administrator Exam Set 7

You have a built-in FTP server, and you let the downloading, but not uploading.Assume Network Address Translation is configured correctly, and you want to add an incoming rule: source: any destination: FTP server Service: FTP resource object. How to configure FTP resource object and the operation of the column rule to achieve this goal?


Options are :

  • Just take the "put" method FTP Resource Properties and use it to rule, in which the action accepted.
  • Enables and "put" and "get" FTP methods Resource Properties and use them to rule, in which the action to drop.
  • Removes the "Get" and "Put" FTP methods Resource Properties and use it to rule, in which the action accepted.
  • Just take the "Get" method FTP resource properties, and use this method to rule, in which the action accepted. (Correct)
  • Just take the "Get" method FTP Resource Properties and use it to rule, in which the action to drop.

Answer : Just take the "Get" method FTP resource properties, and use this method to rule, in which the action accepted.

Every type of service does not rely on the Security Server?


Options are :

  • CIFS (Correct)
  • Telnet
  • FTP
  • SMTP
  • HTTP

Answer : CIFS

The following rule includes an FTP resource object in the service sector: Source: local_net Destination: Any Service: FTP resource target Action: Approve How do you define an FTP Resource Properties> Match tab Prevent users from getting the company files from external FTP servers, while allowing users to send files?


Options are :

  • Take the "Get" method is Match tab.
  • Enable "put" and "get" methods.
  • Remove the "Put" method worldwide.
  • The removal of "Get" and "Put" methods of Match tab.
  • Take the "Put" method only Match tab. (Correct)

Answer : Take the "Put" method only Match tab.

Check Point Certified Security Expert Exam Set 7

How to control the maximum e-mail spool directory?


Options are :

  • SMTP gateway object in the Advanced Settings window, (Correct)
  • server window Security Council Global Properties
  • In the SmartDefense SMTP settings
  • In smtp.conf file SmartCenter Server
  • SMTP resource object

Answer : SMTP gateway object in the Advanced Settings window,

Suppose an intruder has compromised the current IKE Phase 1 and Phase 2 keys.Which following the end of hackers to access the next phase 2 exchange occurs?


Options are :

  • Step 3 Key repeal
  • Perfect Forward Secrecy (Correct)
  • SHA1 Hash Supplement
  • DES Key Reset
  • MD5 Supplement

Answer : Perfect Forward Secrecy

What is the prerequisite to set up a Management High Availability?


Options are :

  • All SmartCenter Servers must have the same operating system. (Correct)
  • All SmartCenter Servers must have a BIOS release.
  • There can be only one Secondary SmartCenter Server.
  • All SmartCenter Servers must be located within the same local area network (LAN)
  • All SmartCenter Servers must have the same amount of memory.

Answer : All SmartCenter Servers must have the same operating system.

156-315.77 Check Point Certified Security Expert Exam Set 4

Each Security Server to perform authentication tasks, but can not perform security-related tasks content?


Options are :

  • rLogin (Correct)
  • Telnet
  • SMTP
  • HTTP
  • FTP

Answer : rLogin

If the check box "Use aggressive", the IKE Properties dialog box:


Options are :

  • The standard six-pack IKE Phase 1 exchange is replaced by a substitute Twelve packets.
  • Standard six-pack IKE phase 2 exchange is replaced by a substitute three packets.
  • Standard three packets in the IKE phase 2 exchange is replaced by a six-packet exchange.
  • The standard six-pack IKE phase 1 will be replaced with exchange of three packets. (Correct)
  • The standard one exchange of the IKE phase of the three packet is replaced by a six-packet exchange.

Answer : The standard six-pack IKE phase 1 will be replaced with exchange of three packets.

Every OPSEC server is used to prevent users from accessing certain web sites?


Options are :

  • URI
  • AMON
  • LEA
  • UFP (Correct)
  • CVP

Answer : UFP

Check Point Certified Security Expert Exam Set 7

The user attempts to initialize the network application SSL Network Extender.The application does not start. What is the most likely solution?


Options are :

  • Select the option Auto-identify client capabilities
  • Choose an option from the SSL Network Extender Network mode.
  • Select Turn off all SSL tunneling to customers.
  • None
  • Choose an option from the SSL Network Extender Application Mode (Correct)

Answer : Choose an option from the SSL Network Extender Application Mode

Check Point Certified Security Expert Exam Set 2

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions