156-315.77 Check Point Certified Security Expert Exam Set 7

When upgrading to NGX R65, which Check Point products do not require a license upgrade to be current?


Options are :

  • VPN-1 NGX (R60) and later (Correct)
  • VPN-1 NGX (R64) and later
  • None, all versions require a license upgrade
  • VPN-1 NG with Application Intelligence (R54) and later

Answer : VPN-1 NGX (R60) and later

What is the greatest benefit derived from VPNs compared to frame relay, leased lines any other types of dedicated networks?


Options are :

  • Greater performance
  • stronger authentication
  • lower cost (Correct)
  • Less failure/downtime

Answer : lower cost

156-315.77 Check Point Certified Security Expert Exam Set 2

VPN access control would fall under which VPN component?


Options are :

  • Performance
  • QoS
  • Security (Correct)
  • Management

Answer : Security

Which of the following is supported with Office Mode?


Options are :

  • SSL Network Extender
  • Secure mote (Correct)
  • Connect Mode
  • Secure Client

Answer : Secure mote

Which of the following SSL Network Extender server-side prerequisites are correct? Select all that apply.


Options are :

  • To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool. (Correct)
  • There are distinctly separate access rules required for Secure Client users vs. SSL Network Extender users.
  • The VPN1-Gateway must be configured to work with Visitor Mode (Correct)
  • The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community. (Correct)

Answer : To use Integrity Clientless Security (ICS), you must install the ICS server or configuration tool. The VPN1-Gateway must be configured to work with Visitor Mode The specific VPN-1 Security Gateway must be configured as a member of the VPN-1 Remote Access Community.

156-515.65 Check Point Certified Security Expert Plus Exam Set 1

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway.


Options are :

  • After selecting "Packages: Add... from CD", the entire contents of the CD are copied to the Package Repository on the SmartCenter Server.
  • After selecting "Packages: Add... from CD", the selected package is copied to the packages directory on the selected remote Security Gateway.
  • After selecting "Packages: Add... from CD", the selected package is copied to the Package Repository on the SmartCenter Server. (Correct)
  • After selecting "Packages: Add... from CD", the entire contents of the CD are copied to the packages directory on the selected remote Security Gateway.

Answer : After selecting "Packages: Add... from CD", the selected package is copied to the Package Repository on the SmartCenter Server.

Public-key cryptography is considered which of the following?


Options are :

  • one-key/symmetric
  • two-key/symmetric
  • one-key/asymmetric
  • two-key/asymmetric (Correct)

Answer : two-key/asymmetric

Why should the upgrade_export configuration file (.tgz) be deleted after you complete the import process?


Options are :

  • It contains your security configuration, which could be exploited. (Correct)
  • SmartUpdate will start a new installation process if the machine is rebooted.
  • It will prevent a future successful upgrade_export since the .tgz file cannot be overwritten.
  • It will conflict with any future upgrades run from SmartUpdate.

Answer : It contains your security configuration, which could be exploited.

156-315.65 Check Point Security Administration NGX R65 Exam Set 5

VPN traffic control would fall under which VPN component?


Options are :

  • QoS (Correct)
  • Performance
  • Security
  • Management

Answer : QoS

You want to upgrade an NG with Application Intelligence R55 Security Gateway running on SecurePlatform to VPN-1 NGX R65 via SmartUpdate.Which package(s) is(are) needed in the Repository prior to upgrade?


Options are :

  • VPN-1 Power/UTM NGX R65 package
  • SecurePlatform and VPN-1 Power/UTM NGX R65 packages
  • SVN Foundation and VPN-1 Power/UTM packages
  • SecurePlatform NGX R65 package (Correct)

Answer : SecurePlatform NGX R65 package

What port is used for communication to the UserCenter with SmartUpdate?


Options are :

  • CPMI
  • TCP 8080
  • HTTPS (Correct)
  • HTTP

Answer : HTTPS

156-315.77 Check Point Certified Security Expert Exam Set 8

In ClusterXL, which of the following processes are defined by default as critical devices?


Options are :

  • fwd
  • fwd.proc
  • cphad (Correct)
  • fwm

Answer : cphad

Concerning these products: SecurePlatform, VPN-1 Pro Gateway, UserAuthority Server, Nokia OS, UTM-1, Eventia Reporter, and Performance Pack, which statement is TRUE?


Options are :

  • All but the UTM-1 can be upgraded to VPN-1 NGX R65 with SmartUpdate
  • All can be upgraded to VPN-1 NGX R65 with SmartUpdate. (Correct)
  • All but the Nokia OS can be upgraded to VPN-1 NGX R65 with SmartUpdate.
  • All but Performance Pack can be upgraded to VPN-1 NGX R65 with SmartUpdate.

Answer : All can be upgraded to VPN-1 NGX R65 with SmartUpdate.

If a digital signature is used to achieve both data-integrity checking and verification of sender, digital signatures are only used when implementing:


Options are :

  • An asymmetric-encryption algorithm (Correct)
  • A symmetric-encryption algorithm
  • Triple DES
  • CBL-DES

Answer : An asymmetric-encryption algorithm

156-315.77 Check Point Certified Security Expert Exam Set 4

Which of the following does IPSec use during IPSec key negotiation?


Options are :

  • RSA Exchange
  • Diffie-Hellman exchange (Correct)
  • IPSec SA
  • ISAKMP SA

Answer : Diffie-Hellman exchange

If a SmartUpdate upgrade or distribution operation fails on SecurePlatform, how is the system recovered?


Options are :

  • SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade. (Correct)
  • The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .
  • The Administrator must reinstall the last version via the command cprinstall revert .
  • The Administrator must remove the rpm packages manually, and reattempt the upgrade.

Answer : SecurePlatform will reboot and automatically revert to the last snapshot version prior to upgrade.

You are a Security Administrator preparing to deploy a new HFA (Hot fix Accumulator) to ten Security Gateways at five geographically separated locations.What is the BEST method to implement this HFA?


Options are :

  • Use a SSH connection to SCP the HFA to each Security Gateway.Once copied locally, initiate a remote installation command and monitor the installation progress with SmartView Monitor.
  • Use SmartUpdate to install the packages to each of the Security Gateways remotely (Correct)
  • Send a CDROM with the HFA to each location and have local personnel install it
  • Send a Certified Security Engineer to each site to perform the update

Answer : Use SmartUpdate to install the packages to each of the Security Gateways remotely

Check Point Certified Security Expert Exam Set 9

You are using SmartUpdate to fetch data and perform a remote upgrade of an NGX Security Gateway.Which of the following statements is FALSE?


Options are :

  • A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway (Correct)
  • SmartUpdate can query license information running locally on the VPN-1 Gateway
  • If SmartDashboard is open during package upload and upgrade, the upgrade will fail.
  • SmartUpdate can query the SmartCenter Server and VPN-1 Gateway for product information

Answer : A remote installation can be performed without the SVN Foundation package installed on a remote NG with Application Intelligence Security Gateway

Which of the following are supported with the office mode? Select all that apply.


Options are :

  • SecureClient (Correct)
  • Transparent Mode
  • L2TP (Correct)
  • Gopher
  • SSL Network Extender (Correct)

Answer : SecureClient L2TP SSL Network Extender

Your current VPN-1 NG with Application Intelligence (AI) R55 stand-alone VPN-1 Pro Gateway and SmartCenter Server runs on SecurePlatform.You plan to implement VPN-1 NGX R65 in a distributed environment, where the new machine will be the SmartCenter Server, and the existing machine will be the VPN-1 Pro Gateway only.You need to migrate the NG with AI R55 SmartCenter Server configuration, including licensing.How do you handle licensing for this NGX R65 upgrade?


Options are :

  • Leave the current license on the gateway to be upgraded during the software upgrade. Purchase a new license for the VPN-1 NGX R65 SmartCenter Server.
  • Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter Server's IP address. (Correct)
  • Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license for the existing gateway server's IP address.
  • Request an NGX R65 SmartCenter Server license, using the existing gateway machine's IP address. Request a new local license for the NGX R65 VPN-1 Gateway using the new server's IP address.

Answer : Request an NGX R65 SmartCenter Server license, using the new server's IP address. Request a new central NGX R65 VPN-1 Gateway license also licensed to the new SmartCenter Server's IP address.

156-215.70 Check Point Certified Security Administrator Exam Set 8

For object-based VPN routing to succeed, what must be configured?


Options are :

  • A single rule in the Rule Base must cover traffic in both directions, inbound and outbound on the central (HUB) Security Gateway
  • At least two rules in the Rule Base must created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway (Correct)
  • VPN routing is not configured in the Rule Base or Community objects. Only the nativerouting mechanism on each Gateway can direct the traffic via its VTI configured interfaces.
  • .No rules need to be created, implied rules that cover inbound and outbound traffic on the central (HUB) Gateway are already in place from Policy > Properties > Accept VPN-1 Control Connections.

Answer : At least two rules in the Rule Base must created, one to cover traffic inbound and the other to cover traffic outbound on the central (HUB) Security Gateway

156-315.77 Check Point Certified Security Expert Exam Set 18

How should Check Point packages be uninstalled?


Options are :

  • In any order, CP suite must be the last package uninstalled
  • In any order as long as all packages are removed
  • In the same order in which the installation wrapper initially installed from.
  • In the opposite order in which the installation wrapper initially installed them. (Correct)

Answer : In the opposite order in which the installation wrapper initially installed them.

Which of the following provides a unique user ID for a digital Certificate?


Options are :

  • Username
  • User organization
  • User e-mail
  • User-message digest (Correct)

Answer : User-message digest

Which of the following is part of the PKI? Select all that apply.


Options are :

  • Attribute Certificate
  • Certificate Revocation Lists (Correct)
  • User certificate (Correct)
  • Public-key certificate (Correct)

Answer : Certificate Revocation Lists User certificate Public-key certificate

156-315.77 Check Point Certified Security Expert Exam Set 20

What can be said about RSA algorithms? Select all that apply


Options are :

  • Long keys can be used in RSA for enhances security (Correct)
  • RSA is faster to compute than DES
  • Short keys can be used for RSA efficiency. (Correct)
  • RSA's key length is variable (Correct)

Answer : Long keys can be used in RSA for enhances security Short keys can be used for RSA efficiency. RSA's key length is variable

Public keys and digital certificates provide which of the following? Select three.


Options are :

  • Availability
  • Authentication (Correct)
  • Data integrity (Correct)
  • Non repudiation (Correct)

Answer : Authentication Data integrity Non repudiation

Which encryption scheme provides in-place encryption?


Options are :

  • DES
  • SKIP (Correct)
  • IKE
  • AES

Answer : SKIP

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 8

Which of the following uses the same key to decrypt as it does to encrypt?


Options are :

  • Certificate-based encryption
  • dynamic encryption
  • Asymmetric encryption
  • static encryption
  • Symmetric encryption (Correct)

Answer : Symmetric encryption

What proprietary Check Point protocol is the basis of the functionality of Check Point ClusterXL inter-module communication?


Options are :

  • RDP
  • CKPP
  • IPSec
  • HA OPCODE
  • CCP (Correct)

Answer : CCP

Which of the following are valid PKI architectures?


Options are :

  • Bridge architecture
  • mesh architecture (Correct)
  • Hierarchical architecture (Correct)
  • Gateway architecture (Correct)

Answer : mesh architecture Hierarchical architecture Gateway architecture

156-215.77 Check Point Certified Security Administrator Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions