156-315.77 Check Point Certified Security Expert Exam Set 1

What is the maximum number of cores supported by CoreXL?


Options are :

  • 12
  • 8 (Correct)
  • 6
  • 4

Answer : 8

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 11

Which protocol is not supported for DLP?


Options are :

  • https (Correct)
  • ftp
  • http
  • smtp

Answer : https

Which of the following load-balancing methods is not valid?


Options are :

  • They are all valid (Correct)
  • Round trip
  • Random
  • Domain

Answer : They are all valid

What happens to the session information after they are approved and a policy installation is done?


Options are :

  • Session information can only be deleted before a policy is installed.
  • It depends on the SmartWorkflow settings in Global Properties
  • Session information is never deleted from the database
  • An option is given to retain the session information, default being deletion of session information from the database. (Correct)

Answer : An option is given to retain the session information, default being deletion of session information from the database.

156-215.71 Check Point Certified Security Administrator Exam Set 4

Which of the following items can be provisioned via a Profile through SmartProvisioning? i) Backup Schedule ii) DNS Entries iii) Hosts Table iv) Domain Name v) Interface IP's


Options are :

  • i, ii, iii, iv, v
  • i, ii, iv
  • i
  • i, ii, iii, iv (Correct)

Answer : i, ii, iii, iv

When using IPS, what does Geo protection do?


Options are :

  • To block traffic from and to a specific company
  • To block traffic from and to a specific city
  • To block traffic from and to a specific person
  • To block traffic from and to a specific country (Correct)

Answer : To block traffic from and to a specific country

When two or more DLP rules are matched, the action taken is the most restrictive action.Rank the following items from the lowest restriction level (1) to the highest (4). 1. Ask User 2. Prevent 3. Detect 4. Inform User


Options are :

  • 4,3,1,2
  • 3,4,1,2
  • 3,1,4,2 (Correct)
  • 4,1,3,2

Answer : 3,1,4,2

156-315.77 Check Point Certified Security Expert Exam Set 3

When does the SmartWorkflow Policy Installation window appear?


Options are :

  • When the administrator installs an approved policy
  • When the administrator submits a session for approval
  • When the manager approves a session
  • When the administrator installs an unapproved policy (Correct)

Answer : When the administrator installs an unapproved policy

If SmartWorkflow is configured to work without Sessions or Role Segregation, how does the SmartDashboard function?


Options are :

  • None
  • The SmartDashboard will function without SmartWorkflow, with no session and no audit trail functionality.
  • The SmartDashboard will have no session but SmartView Tracker and audit trail will be available.
  • The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available. (Correct)

Answer : The SmartDashboard functions as if SmartWorkflow is not enabled but an automatic session exists in the background and full SmartView tracker and audit trail functionality will be available.

Where is the ideal place to deploy your SSL VPN?


Options are :

  • .In front of the external interface on the gateway
  • Deployed in DMZ (Correct)
  • SSL VPN enabled on the gateway
  • Anywhere

Answer : Deployed in DMZ

Check Point Certified Security Expert Exam Set 9

Which file can you modify to change settings of the Management Portal?For example: changing the webserver port or to use HTTP instead of HTTPS.


Options are :

  • .cp_http.conf
  • cp_httpd_admin.conf (Correct)
  • cp_http_admin.conf
  • cp_httpd.conf

Answer : cp_httpd_admin.conf

Using the Backup Target functionality in SmartProvisioning, what targets are available? i) FTP ii) TFTP iii) SFTP iv) SCP


Options are :

  • i, ii, iii, iv
  • ii, iv, v (Correct)
  • i
  • i, ii, iv

Answer : ii, iv, v

The We-Make-Widgets company has purchased twenty UTM-1 Edge appliances for their remote offices. Kim decides the best way to manage those appliances is to use SmartProvisioning and create a profile they can all use. List the order of steps Kim would go through to add the Dallas Edge appliance to the Remote Office profile using the output below. 1. Enter the name of the profile called "Remote Offices" 2. Change the provisioning profile to "Remote Offices" 3. Click File, then select New, then Provisioning Profile 4. Click on the Devices Tab 5. Highlight the Dallas Edge appliance, click Edit, then edit Gateway 6. Click on the Profiles Tab


Options are :

  • 6, 1, 3, 4, 5, 2
  • 4, 1, 3, 6, 5, 2
  • 4, 3, 1, 6, 5, 2
  • 6, 3, 1, 4, 5, 2 (Correct)

Answer : 6, 3, 1, 4, 5, 2

156-315.77 Check Point Certified Security Expert Exam Set 9

What is the significance of the depicted icon in the SmartWorkflow toolbar?


Options are :

  • Check the consistency of SmartWorkflow sessions.
  • Overall status information: Everything is OK.
  • Session has been approved.
  • Submit for Approval (Correct)

Answer : Submit for Approval

Which of the following files is used to allow only specific IPs or networks to access the Management Portal?


Options are :

  • portal.ips
  • allowedips.portal
  • hosts. Allow (Correct)
  • cpportal_allowips

Answer : hosts. Allow

You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user's system is infected with a worm. Will you get all the information you need from these actions?


Options are :

  • .No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research. (Correct)
  • Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
  • No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.
  • No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of the traffic.

Answer : .No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research.

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following can NOT be done on the Management Portal?


Options are :

  • Configure Management Portal to bypass authentication when connecting from a specific IP address
  • Run the Management Portal on a port other than the default port 4433 (Correct)
  • Set the Management Portal to use HTTP instead of HTTPS
  • Restrict hosts / networks that can access the portal

Answer : Run the Management Portal on a port other than the default port 4433

SmartProvisioning uses different types of profiles to manage and provision the gateways.These types are:


Options are :

  • SmartLSM Security Profiles and Provisioning Profiles (Correct)
  • Provisioning Profiles and Gateways Profiles
  • SmartConsole Profiles and SmartFilter Profiles
  • SmartLSM Security Profiles and SmartDashboard Profiles

Answer : SmartLSM Security Profiles and Provisioning Profiles

Which version is the minimum requirement for SmartProvisioning?


Options are :

  • R70
  • R65 HFA 40 (Correct)
  • R70.20
  • R71

Answer : R65 HFA 40

156-315.65 Check Point Security Administration NGX R65 Exam Set 2

You just upgraded to R71 and are using the IPS Software Blade.You want to enable all critical protections while keeping the rate of false positive very low.How can you achieve this?


Options are :

  • The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level. (Correct)
  • This can't be achieved; activating any IPS system always causes a high rate of false positives.
  • As in SmartDefense, this can be achieved by activating all the critical checks manually
  • new IPS system is based on policies, but it has no ability to calculate or change the confidence level, so it always has a high rate of false positives.

Answer : The new IPS system is based on policies and gives you the ability to activate all checks with critical severity and a high confidence level.

Which of the following can NOT approve a change in a SmartWorkflow session?


Options are :

  • FirewallManagers
  • .Provider-1Super users
  • FirewallAdministrators (Correct)
  • CustomerSuper users

Answer : FirewallAdministrators

The Management Portal Software Blade allows users to


Options are :

  • Add/Delete rules
  • Monitor traffic flows
  • View Security Policies (Correct)
  • Create/Modify objects

Answer : View Security Policies

156-315.71 Check Point Security Expert R71 Practice Exam Set 2

SmartProvisioning can provision the Operating System and network settings on which of the following?


Options are :

  • Edge firmware 6.x and above
  • NGX Security Appliances
  • IPSO 4.2 Security Gateways
  • R65 HFA 40 Security Gateways arid above (Correct)

Answer : R65 HFA 40 Security Gateways arid above

What is the best method for scheduling backup's on multiple firewalls?


Options are :

  • Smart Dashboard
  • SmartProvisioning (Correct)
  • SmartUpdate
  • WebUI

Answer : SmartProvisioning

You need to verify the effectiveness of your IPS configuration for your Web server farm.You have a colleague run penetration tests to confirm that the Web servers are secure against traffic hijacks.Of the following, which would be the best configuration to protect from a traffic hijack attempt?


Options are :

  • Activate the Cross-Site Scripting property (Correct)
  • Enable the Web intelligence > SQL injection setting
  • Configure TCP defenses such as Small PMTU size
  • reate resource objects for the Web farm servers and configure rules for the Web farm.

Answer : Activate the Cross-Site Scripting property

156-315.77 Check Point Certified Security Expert Exam Set 8

Which of the following is NOT a supported browser for Management Portal?


Options are :

  • Safari (Correct)
  • Internet Explorer
  • Firefox
  • Mozilla

Answer : Safari

What does it mean when a Security Gateway is labeled Untrusted in the SmartProvisioning Status view?


Options are :

  • SIC has not been established between the Security Gateway and the Security Management. (Correct)
  • cpd is not running at the Security Gateway.
  • The Security Gateway is down.
  • SmartProvisioning is not enabled on the Security Gateway.

Answer : SIC has not been established between the Security Gateway and the Security Management.

You need to determine if your company's Web servers are accessed an excessive number of times from the same host. How would you configure this in the IPS tab?


Options are :

  • HTTP protocol inspection
  • Successive alerts
  • Successive DoS attacks
  • Successive multiple connections (Correct)

Answer : Successive multiple connections

Check Point Certified Security Administrator Set 4

Which procedure will create an Internal User?


Options are :

  • In the Users and Administrators tab, click User Groups I Clientless-vpn-user and add the SSL VPN user to the Clientless-vpn-user group
  • From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click New User I Default (Correct)
  • In the Users and Administrators tab, right click Users and click SSL VPN User
  • .In the General Properties of the gateway, click the SSL VPN check box. The SSL VPN Blade Wizard will launch and Step 2 will allow adding new users who will be imported from a RADIUS server.

Answer : From the SSL VPN tab, click Users and Authentication I Internal Users I Users and click New User I Default

With is the SmartEvent Correlation Unit's function?


Options are :

  • Assign severity levels to events.
  • Invoke and define automatic reactions and add events to the database.
  • Analyze log entries, looking for Event Policy patterns. (Correct)
  • Display received threats and tune the Events Policy

Answer : Analyze log entries, looking for Event Policy patterns.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions