156-315.77 Check Point Certified Security Expert Exam Set 6

Which of the following commands can be used to stop the Management Portal services?


Options are :

  • smart stop portal
  • None
  • FW stop portal
  • cpportalstop
  • cpstop / portal

Answer : smart stop portal

When you use a Global real estate defaults R77, which type of traffic will remain off if no express provision allowing traffic?


Options are :

  • RIP traffic
  • None
  • The firewall logging and ICA key exchange information
  • Smart Update links
  • Outgoing traffic from Security Gateway

Answer : RIP traffic

Jack needs to determine CoreXL his Red Security Gateway. What are the correct steps to ensure that CoreXL?


Options are :

  • Red SSH Security Gateway, run cpconfig> Configure Check Point CoreXL> allows CoreXL> exit cpconfig> to start the Security Gateway
  • Red SSH Security Gateway, run cpconfig> Configure Check Point CoreXL> exit cpconfig> to start the Security Gateway
  • None
  • Open SmartDashboard, open Red Check Point Object, then click ClusterXL, CoreXL check box and press policy
  • Open SmartDashboard, open Red Check Point Object, select Optimizations, CoreXL check box and press policy

Answer : Red SSH Security Gateway, run cpconfig> Configure Check Point CoreXL> allows CoreXL> exit cpconfig> to start the Security Gateway

156-315.77 Check Point Certified Security Expert Exam Set 7

The zero downtime firewall cluster environment for the command you run to avoid problems by changing around the cluster.


Options are :

  • cphaconf set_ccp multicast
  • cphaconf set clear_subs
  • cphaconf set mc_relod
  • cphaconf set_ccp broadcast
  • None

Answer : cphaconf set_ccp broadcast

User Directory Software Blade is used to integrate the following with R76 Security Gateway?


Options are :

  • User Authority server
  • RADIUS
  • LDAP
  • None
  • Manage client server

Answer : LDAP

________ Checkpoint ClusterXL mode must be synchronized with the physical connection to the IP and MAC addresses of all interfaces grouped.


Options are :

  • Legacy Mode HA
  • Pivot mode Load sharing
  • Multicast Operation Mode Load sharing
  • The new space HA
  • None

Answer : Legacy Mode HA

156-315.77 Check Point Certified Security Expert Exam Set 8

You need to completely re-operating after making which of the following changes in the Security Gateway? (That is, the command cprestart is not sufficient.) 1. Adding hot swap NIC operating system for the first time. 2. Removing the R75 Power / UTM package. 3. Installing the R75 Power / UTM package. 4. Re-establishment of SIC Security Management Server. 5. doubling of the maximum number of connections accepted Security Gateway.


Options are :

  • None
  • 2, only 3
  • 3 only
  • 3, 4 and 5 only
  • 1, 2, 3, 4, and 5

Answer : 2, only 3

Which of the following tools are used to produce a Security Gateway R77 Composition of the report?


Options are :

  • cpinfo
  • None
  • FW cpinfo
  • infoCP
  • InfoView

Answer : cpinfo

Every task ThreatSpect Engine does not do?


Options are :

  • Look for suspicious activity by monitoring outgoing mail traffic
  • Scans IPS signatures
  • Scans networks signatures of registered users for families
  • None
  • Run reputation check

Answer : Scans IPS signatures

156-315.77 Check Point Certified Security Expert Exam Set 9

Snapshot is available for a Security Management Server and the Security Gateway platforms?


Options are :

  • Windows 2003 Server
  • Windows XP Server
  • Secure Platform
  • Solaris
  • None

Answer : Secure Platform

Security gateway is installed Secure Platform R77. The default port Web interface is ____________.


Options are :

  • None
  • TCP 257
  • TCP 443
  • TCP 4433
  • TCP 18211

Answer : TCP 443

Each entry in the Smart Directory is a unique _______________?


Options are :

  • organizational unit
  • chart
  • Port Number Association
  • None
  • a unique name

Answer : a unique name

156-315.77 Check Point Certified Security Specialist Exam Set 1

You have installed the R77 Security Gateway Gaia. Gateway to manage a company Security Management Server, you create a new object, and Gateway Security Policy.When installing the new policy from the policy menu Gateway object is not visible Install Policy window target. What is the problem?


Options are :

  • The object is created Node> Gateway
  • Gateway destination is not specified in the first column to install policy rule
  • There is a new file is created in the Masters Gateway.
  • None
  • The new Gateway temporary license has expired.

Answer : The object is created Node> Gateway

What Shell is required to use WinSCP Gaia?


Options are :

  • CPShell
  • Hit
  • None
  • UNIX
  • Clish

Answer : Hit

Every command line interface utility allows you to check the administrator's name and the time stamp security firewall module installed?


Options are :

  • cpstat fwd
  • FW stat
  • FW ctl Pstat
  • None
  • FW ver

Answer : FW stat

156-315.77 Check Point Certified Security Specialist Exam Set 2

Which of the following is NOT ClusterXL mode?


Options are :

  • New
  • None
  • multicast
  • Send
  • heritage

Answer : Send

What command would you use to store routing information before you upgrade the Secure Gateway Platform?


Options are :

  • ifconfig> [file name] .txt
  • None
  • netstat -m> [file name] .txt
  • /etc/sysconfig/network.C cp [location]
  • ipconfig -a> [file name] .txt

Answer : /etc/sysconfig/network.C cp [location]

In the R76 Cluster, some features, such as VPN function properly only if:


Options are :

  • All members of the cluster have the same policy
  • All cluster members have the same Hot Fix the battery pack
  • All members of the cluster have the same number of interfaces specified
  • None
  • All members of the cluster are synchronized watches

Answer : All members of the cluster are synchronized watches

156-315.77 Check Point Certified Security Specialist Exam Set 3

Although authorized users managed by the Smart Directory is performed gateway, authentication is carried out mostly in infrastructure, which of the following?


Options are :

  • ldapauth
  • ldapd
  • cpauth
  • None
  • cpShared

Answer : cpauth

Which of the following describes the default behavior of the R77 Security Gateway?


Options are :

  • IP protocol is listed as safe are allowed by default, that is, ICMP, TCP, UDP sessions is checked.
  • All traffic is explicitly allowed through explicit rules.
  • Traffic is filtered under controlled gate.
  • None
  • Traffic expressly approved by dropped.

Answer : Traffic expressly approved by dropped.

Quick route to upgrade the cluster:


Options are :

  • None
  • Deals with each individual member of a cluster of single gateway.
  • Updates all except one cluster members at the same time.
  • Is not a valid method of updating the R76.
  • Supported only major releases (R70 and R71, R75 and R76).

Answer : Is not a valid method of updating the R76.

156-315.77 Check Point Certified Security Specialist Exam Set 4

Every procedure will create a new administrator smart workflow?


Options are :

  • Smart Dashboard, select users and administrators, right-click Administrators / New Administrator login name and supplies. Profile features, name, run applications and access rights.
  • Service provider-1 primary MDS, run cpconfig, supplying the Login, profile features, the name, the use of applications and access rights.
  • Run cpconfig, to supply the login name. Profile features, name, run applications and access rights.
  • Smart Dashboard, click Smart workflow / Enable Smart Workflow and Enable Smart Workflow wizard starts. To supply user name, profile characteristics, name, run applications and access on request.
  • None

Answer : Smart Dashboard, select users and administrators, right-click Administrators / New Administrator login name and supplies. Profile features, name, run applications and access rights.

John is updating cluster NGX R65 and R76. John knows that you can check for an update by using a pre-update verifier tool. When John is running before you upgrade verification, he will see a warning message: Title: Incompatible pattern.What happen?


Options are :

  • Pre-Upgrade Verification process identified the real structure of the problem and update is interrupted.
  • The actual configuration includes a user-defined patterns IPS that the R76 is not supported. If the patterns are not fixed after the upgrade, they can not be used for R76 Security Gateway.
  • Pre-upgrade verification tool only indicates that the message, but it is the only comprehensive.
  • None
  • R76 uses a new motor patterns. Incompatible patterns should be abolished before the end of the update successfully.

Answer : The actual configuration includes a user-defined patterns IPS that the R76 is not supported. If the patterns are not fixed after the upgrade, they can not be used for R76 Security Gateway.

Which command would you use to store information about the user interface before you upgrade to Windows Gateway?


Options are :

  • netstat -m> [file name] .txt
  • ipconfig -a> [file name] .txt
  • ifconfig> [file name] .txt
  • /etc/sysconfig/network.C cp [location]
  • None

Answer : ipconfig -a> [file name] .txt

156-315.77 Check Point Certified Security Specialist Exam Set 5

What external user authentication protocols are supported SSL VPN?


Options are :

  • None
  • LDAP, RADIUS, Active Directory, SecurID
  • DAP, SecurID, Check Point password, OS password, RADIUS, TACACS
  • LDAP, Active Directory, SecurID
  • LDAP, RADIUS, TACACS, SecurID

Answer : DAP, SecurID, Check Point password, OS password, RADIUS, TACACS

Which of the following methods to provide the most complete backup of the configuration of an R76?


Options are :

  • None
  • Database version control system
  • By copying directories FWDIR $ \ conf and $ CPDIR \ conf another server
  • Upgrade the export command
  • Policy package management

Answer : Upgrade the export command

When you check a Web Server to host node object, what happens to the host?


Options are :

  • IPS Web Intelligence is used to check the host.
  • You can specify the properties of the ports to allow the Web server node object. Then do not need to list all the ports closed for rule base.
  • Web server daemon is running on the host
  • More detailed control is added to the host, in addition to Web Intelligence tab.
  • None

Answer : More detailed control is added to the host, in addition to Web Intelligence tab.

156-315.77 Check Point Certified Security Specialist Exam Set 6

Guest call saying one member state is Down. What are you going to check?


Options are :

  • cphaprob list (check which device is critical to the bottom)
  • #NAME?
  • tcpdump / snoop (CCP transport)
  • None
  • fw ctl Pstat (check sync)

Answer : cphaprob list (check which device is critical to the bottom)

True or false? After creating a snapshot of the Windows 2003 SP2 Security Management Server, you can restore it on a secure platform R76 Security Management Server, unless you need to download the user interface information manually.


Options are :

  • Wrong, you can not perform Checkpoint snapshot utility for Windows gateway
  • Wrong, all the configuration information to convey to the new system, including the user interface settings.
  • True, but only when the snapshot is returned to the secure operation of the system platform R76.10.
  • True, but only when the snapshot is returned to the secure operation of the system platform R76.20.
  • None

Answer : Wrong, you can not perform Checkpoint snapshot utility for Windows gateway

Users are defined on Windows 2008 Active Directory server.You need to add users to the LDAP Client Authentication rule.Which a kind of user you need a Client Authentication rule R76?


Options are :

  • External User Group
  • None
  • LDAP group
  • The group, which is a common user
  • all users

Answer : LDAP group

156-315.77 Check Point Certified Security Specialist Exam Set 7

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions