156-315.77 Check Point Certified Security Expert Exam Set 6

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?


Options are :

  • SIP
  • SCCP
  • MGCP
  • H.323
  • MEGACO (Correct)

Answer : MEGACO

156-315.77 Check Point Certified Security Expert Exam Set 7

Yoav is a Security Administrator preparing to implement a VPN solution for his multi-site organization.To comply with industry regulations, Yoav's VPN solution must meet the following requirements: Portability: Standard Key management: Automatic, external PKI Session keys: Changed at configured times during a connection's lifetime Key length: No less than 128-bit Data integrity: Secure against inversion and brute force attacks What is the most appropriate setting Yoav should choose?


Options are :

  • IKE VPNs: DES encryption for IKE Phase 1, and 3DES encryption for Phase 2; MD5 hash
  • .IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash (Correct)
  • IKE VPNs: AES encryption for IKE Phase 1, and DES encryption for Phase 2; SHA1 hash
  • IKE VPNs: CAST encryption for IKE Phase 1, and SHA1 encryption for Phase 2; DES hash
  • IKE VPNs: SHA1 encryption for IKE Phase 1, and MD5 encryption for Phase 2; AES hash

Answer : .IKE VPNs: AES encryption for IKE Phase 1, and AES encryption for Phase 2; SHA1 hash

You want to upgrade a SecurePlatform NG with Application Intelligence (Al) R55 Gateway to SecurePlatform NGX R60 via SmartUpdate.Which package is needed in the repository before upgrading?


Options are :

  • VPN-1 Pro/Express NGXR60
  • SVN Foundation 3
  • SecurePlatform NGX R60 (Correct)
  • SVN Foundation and VPN-1 Express/Pro
  • VPN-1 and Firewall-1

Answer : SecurePlatform NGX R60

Which type of service should a Security Administrator use in a Rule Base to control access to specific shared partitions on target machines?


Options are :

  • CIFS (Correct)
  • URI
  • HTTP
  • Telnet
  • FTP

Answer : CIFS

156-315.77 Check Point Certified Security Expert Exam Set 5

How do you control the maximum mail messages in a spool directory?


Options are :

  • In the Security Server window in Global Properties
  • In the SMTP resource object
  • In the gateway object's SMTP settings in the Advanced window (Correct)
  • In the smtp.conf file on the SmartCenter Server
  • In SmartDefense SMTP settings

Answer : In the gateway object's SMTP settings in the Advanced window

Which is the BEST configuration option to protect internal users from malicious Java code, without stripping Java scripts?


Options are :

  • Use the URI resource to strip ActiveX tags
  • Use the URI resource to strip applet tags
  • Use the URI resource to block Java code (Correct)
  • Use CVP in the URI resource to block Java code

Answer : Use the URI resource to block Java code

VPN-1 NGX includes a resource mechanism for working with the Common Internet File System (CIFS). However, this service only provides a limited level of actions for CIFS security.Which of the following services is NOT provided by a CIFS resource?


Options are :

  • Allow MS print shares (Correct)
  • Log access shares
  • Log mapped shares
  • Block Remote Registry Access

Answer : Allow MS print shares

Check Point Certified Security Expert Exam Set 8

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters?VPN Communities comprised of:


Options are :

  • Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters (Correct)
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite.
  • Three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York, is the satellite.

Answer : Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

What is a requirement for setting up Management High Availability?


Options are :

  • All SmartCenter Servers must have the BIOS release.
  • All SmartCenter Servers must have the same operating system. (Correct)
  • You can only have one Secondary SmartCenter Server.
  • All SmartCenter Servers must reside in the same Local Area Network (LAN)
  • All SmartCenter Servers must have the same amount of memory.

Answer : All SmartCenter Servers must have the same operating system.

Assume an intruder has compromised your current IKE Phase 1 and Phase 2 keys.Which of the following options will end the intruder's access, after the next Phase 2 exchange occurs?


Options are :

  • SHA1 Hash Completion
  • MD5 Hash Completion
  • Phase 3 Key Revocation
  • Perfect Forward Secrecy (Correct)
  • DES Key Reset

Answer : Perfect Forward Secrecy

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

Which network port does PPTP use for communication?


Options are :

  • 1723/udp
  • 25/udp
  • 1723/tcp (Correct)
  • 25/tco

Answer : 1723/tcp

Check Point Certified Security Expert Exam Set 10

What is the bit size of DES?


Options are :

  • 112
  • 128
  • 32
  • 168
  • 64
  • 56 (Correct)

Answer : 56

What action CANNOT be run from SmartUpdate NGX R65?


Options are :

  • Get all Gateway Data
  • Fetch sync status (Correct)
  • Reboot gateway
  • Preinstall verifier

Answer : Fetch sync status

When you add a resource service to a rule, which ONE of the following actions occur?


Options are :

  • Users attempting to connect to the destination of the rule will be required to authenticate.
  • All packets matching the resource service rule are analyzed or authenticated, based on the resource properties. (Correct)
  • All packets matching that rule are either encrypted or decrypted by the defined resource.
  • All packets that match the resource in the rule will be dropped
  • VPN-1 Secure Client users attempting to connect to the object defined in the Destination column of the rule will receive a new Desktop Policy from the resource.

Answer : All packets matching the resource service rule are analyzed or authenticated, based on the resource properties.

156-315.77 Check Point Certified Security Expert Exam Set 1

Choose all correct statements. SmartUpdate, located on a VPN-1 NGX SmartCenter Server, allows you to: (1) Remotely perform a first time installation of VPN-1 NGX on a new machine (2) Determine OS patch levels on remote machines (3) Update installed Check Point and any OPSEC certified software remotely (4) Update installed Check Point software remotely (5) Track installed versions of Check Point and OPSEC products (6) Centrally manage licenses


Options are :

  • 1 & 4
  • 2, 4, 5, & 6 (Correct)
  • 4, 5, & 6
  • 1, 3, 4, & 6

Answer : 2, 4, 5, & 6

You are running the license_upgrade tool on your SecurePlatform Gateway.Which of the following can you NOT do with the upgrade tool?


Options are :

  • Simulate the license-upgrade process.
  • View the status of currently installed licenses
  • View the licenses in the SmartUpdate License Repository. (Correct)
  • .Perform the actual license-upgrade process.

Answer : View the licenses in the SmartUpdate License Repository.

From the following output of cphaprob state,Which ClusterXL mode is this?


Options are :

  • Unicast mode (Correct)
  • Legacy mode
  • Load Balancing Mode
  • Multicast mode
  • New mode

Answer : Unicast mode

156-215.70 Check Point Certified Security Administrator Exam Set 1

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.


Options are :

  • After selecting "Packages > Distribute..." and choosing the target gateway, the SmartUpdate wizard walks the Administrator through a Distributed Installation.
  • After selecting "Packages > Distribute..." and choosing the target gateway, the selected package is copied from the Package Repository on the SmartCenter to the Security Gateway and the installation IS performed.
  • After selecting "Packages > Distribute..." and choosing the target gateway, the selected package is copied from the CDROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • After selecting "Packages > Distribute..." and choosing the target gateway, the selected package is copied from the Package Repository on the SmartCenter to the Security Gateway but the installation IS NOT performed. (Correct)

Answer : After selecting "Packages > Distribute..." and choosing the target gateway, the selected package is copied from the Package Repository on the SmartCenter to the Security Gateway but the installation IS NOT performed.

What happens in relation to the CRL cache after a cpstop;spstart has been initiated?


Options are :

  • The gateway retrieves a new CRL on startup, then discards the old CRL as invalid.
  • The gateway continues to use the old CRL even if it is not valid, until a new CRL is cached
  • The gateway issues a crl_zap on startup, which empties the cache and forces Certificate retrieval.
  • The gateway continues to use the old CRL, as long as it is valid. (Correct)

Answer : The gateway continues to use the old CRL, as long as it is valid.

When synchronizing clusters, which of the following statements are true? Select all that apply.


Options are :

  • Only cluster members running on the same OS platform can be synchronized. (Correct)
  • In the case of a failover, accounting information on the failed member may be lost despite a properly
  • The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized. (Correct)
  • .The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized. (Correct)

Answer : Only cluster members running on the same OS platform can be synchronized. The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized. .The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.

156-315.77 Check Point Certified Security Expert Exam Set 3

Which of these components does NOT require a VPN-1 NGX R65 license?


Options are :

  • Check Point Gateway
  • SmartUpdate upgrading/patching
  • SmartConsole (Correct)
  • SmartCenter Server

Answer : SmartConsole

Consider the following actions that VPN-1 NGX can take when it control packets. The Policy Package has been configured for Traditional Mode VPN.Identify the options that includes the available actions. Select four.


Options are :

  • Reject (Correct)
  • Accept (Correct)
  • Drop (Correct)
  • Decrypt
  • Allow
  • Client auth

Answer : Reject Accept Drop

What tools CANNOT be launched from SmartUpdate NGX R65?


Options are :

  • Nokia Voyager
  • cpinfo
  • SecurePlatform Web UI
  • snapshot (Correct)

Answer : snapshot

156-315.77 Check Point Certified Security Expert Exam Set 24

Which of the following is an example of the hash function?


Options are :

  • DAC and MAC
  • DES and CBC
  • MD5 and SHA-1 (Correct)
  • SHA and 3DES

Answer : MD5 and SHA-1

Which of the following is a TRUE statement concerning contract verification?


Options are :

  • Your contract file is stored on the SmartConsole and downloaded to the Gateway.
  • Your contract file is stored on the SmartCenter Server and downloaded to the Security Gateway. (Correct)
  • Your contract file is stored on the User Center and fetched by the Gateway as needed.
  • Your contract file is stored on the SmartConsole and downloaded to the SmartCenter Server.

Answer : Your contract file is stored on the SmartCenter Server and downloaded to the Security Gateway.

What physical machine must have access to the UserCenter public IP when checking for new packages with SmartUpdate?


Options are :

  • SmartUpdate installed SmartCenter Server PC
  • SmartUpdate GUI PC (Correct)
  • SmartUpdate Repository SQL database Server
  • VPN-1 Security Gateway getting the new upgrade package

Answer : SmartUpdate GUI PC

156-215.77 Check Point Certified Security Administrator Exam Set 3

Your network traffic requires preferential treatment by other routers on the network, in addition to the QoS Module, which Check Point QoS feature should you use?


Options are :

  • .Differentiated Services (Correct)
  • Weighted Fair Queuing
  • Low Latency Queuing
  • Guarantees
  • Limits

Answer : .Differentiated Services

When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?


Options are :

  • If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection. (Correct)
  • MEP Gateways must be managed by the same SmartCenter Server
  • The decision on which MEP Gateway to use is made on the MEP Gateway's side of the tunnel.
  • MEP Gateways cannot be geographically separated machines.

Answer : If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection.

In cryptography, the Rivest, Shamir, Adelman (RSA) scheme has which of the following? Select all that apply.


Options are :

  • A secret-key encryption-algorithm system
  • A public-key encryption-algorithm system (Correct)
  • A symmetric-cipher system
  • An asymmetric-cipher system (Correct)

Answer : A public-key encryption-algorithm system An asymmetric-cipher system

156-315.77 Check Point Certified Security Expert Exam Set 7

What action can be run from SmartUpdate NGX R65?


Options are :

  • mds_backup
  • remote_uninstall_verifier
  • cpinfo (Correct)
  • upgrade_export

Answer : cpinfo

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions