156-315.77 Check Point Certified Security Expert Exam Set 7

User Directory Software Blade, you can create a user-R76 definitions of a (n) _________ Server.


Options are :

  • SecureID
  • NT Domain
  • None
  • Rain
  • LDAP (Correct)

Answer : LDAP

How can a member of the cluster to take over after the VIP failover event?


Options are :

  • Ping sync interface
  • If the list -renew
  • broadcast storm
  • Gratuitous ARP (Correct)
  • None

Answer : Gratuitous ARP

John is the Security Administrator in his company. He installs a new Security Management Server R77 and R77 of the new Gateway. He now wants to create the SIC between them. after entering the activation key, he gets the following message SmartDashboard - "Trust established" SIC still does not seem to be working, because the policy is not installed and the user interface charming does not work. What might be the reason?


Options are :

  • Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid. (Correct)
  • It always works when trust is established
  • None
  • SIC does not work over the network.
  • This is human error.

Answer : Gateway is a time for several days or weeks later, and the SIC certificate is not yet valid.

Check Point Certified Security Administrator Set 3

Every command displays the Security Gateway version installed?


Options are :

  • None
  • cpstat -gw
  • FW printver
  • FW ver (Correct)
  • FW stat

Answer : FW ver

Every Smart Console Administration component can be used to track changes in the rule base?


Options are :

  • SmartView Tracker (Correct)
  • SmartView Monitor
  • None
  • Smart Reporter
  • WebUI

Answer : SmartView Tracker

Customer calls saying that the load-sharing cluster displays an error with the drops of the first package is not Syn. Sentence. I recommend:


Options are :

  • None
  • Configuring the flush and reset
  • launching SDF (Sticky Decision Function) (Correct)
  • shutting down the SDF (Sticky Decision Function)
  • by changing the load on each member

Answer : launching SDF (Sticky Decision Function)

156-315.77 Check Point Certified Security Expert Exam Set 2

UDP is delivered, if they are ___________.


Options are :

  • SYN ACK spatial force, a SYN / ACK is the inverse of the UDP and IP ports
  • refers to dynamic arrays associated with SAM
  • None
  • force in response to receiving a request for a reverse UDP ports and IP (Correct)
  • bypassing the supply core layer ClusterXL

Answer : force in response to receiving a request for a reverse UDP ports and IP

Each method corresponds to the distribution of the core table of information on all members of the cluster?


Options are :

  • CPD encrypted TCP connection
  • None
  • CPHA encrypted TCP connection
  • fwd daemon encrypted TCP connection (Correct)
  • FW core using an encrypted TCP connection

Answer : fwd daemon encrypted TCP connection

Which under the following processes will not start if there was a licensing issue?


Options are :

  • CPD (Correct)
  • CPCA
  • None
  • CPWD
  • four-wave mixing

Answer : CPD

156-315.77 Check Point Certified Security Expert Exam Set 1

VPN routing can be configured for editing the file?


Options are :

  • $ FWDIR / conf / vpn_route.c
  • $ FWDIR / VPN / route_conf.c
  • None
  • $ FWDIR / conf / vpn_route.conf (Correct)
  • $ FWDIR / bin / vpn_route.conf

Answer : $ FWDIR / conf / vpn_route.conf

Check Point Certified Security Expert Exam Set 6

Which of the following would you use options to use when configuring a captive portal?


Options are :

  • All interfaces
  • None
  • Through a Firewall policy
  • the Internet (Correct)
  • internal interfaces

Answer : the Internet

Which one is the true route-based VPN?


Options are :

  • Route-based VPN⠀ YS are such partial overlapping VPN domain.
  • Dynamic routing protocols are not needed. (Correct)
  • None
  • IP Pool NAT is configured for each Gateway
  • Route-based VPN in place of domain VPN's.

Answer : Dynamic routing protocols are not needed.

In the following the cluster configuration; if the restart sglondon_1 which device is active when sglondon_1 is back up and running? Why?


Options are :

  • sglondon_1 because it is the first object is determined the lowest IP.
  • sglondon_2 because sglondon_1 is the highest IP.
  • None
  • sglondon_2 because it has the highest priority. (Correct)
  • sglondon_1, because it is again, sglondon_2 took on startup.

Answer : sglondon_2 because it has the highest priority.

Check Point Certified Security Expert Exam Set 4

MultiCorp has bought the company OmniCorp and now has two active AD domains. How to use Identity Awareness in this environment?


Options are :

  • None
  • You have to drive ADquery in all areas. (Correct)
  • Only a captive portal can be used.
  • Identity awareness can manage only one AD domain
  • Only one ADquery it is necessary to ask in all fields.

Answer : You have to drive ADquery in all areas.

When using the Captive Portal to send unidentified users to a web portal for authentication, which of the following is not recommended for use in this method?


Options are :

  • Identity-based implementation of non-AD users (non-Windows and guest users)
  • Basic identity controls internal network (Correct)
  • for deployment of Identity Agents
  • Utilizing identity on the Internet Application Management
  • None

Answer : Basic identity controls internal network

Which of the following is numbered the same applies to VPN tunnel interfaces (VTIs)?


Options are :

  • VTIs is only supported on IPSO
  • VTIs can use an existing physical interface IP address (Correct)
  • VTIs can assign IP addresses
  • VTIs are given only local addresses, remote addresses will not
  • None

Answer : VTIs can use an existing physical interface IP address

156-215.75 Check Point Certified Security Administrator Exam Set 1

Paul has just joined the MegaCorp security administration team. Natalie administrator, create a new administrator account to install and Paul SmartDashboard policy. When Paul tries to log it fails. How to check Natalie, Paula € YS IP address is assigned in advance security management server?


Options are :

  • None
  • Log in Smart Dashboard, access the Global Properties, and select Security Management, to check whether Paula € YS IP address is on the list.
  • Log WebUI is a security gateway, and check whether Paula € YS IP address is listed on the GUI client
  • Smart Dashboard log in, access to the features of SMS, and to check whether Paul's IP address is on the list.
  • Write cpconfig is a Management Server and select the GUI client list whether Paul's IP address is on the list. (Correct)

Answer : Write cpconfig is a Management Server and select the GUI client list whether Paul's IP address is on the list.

Which is not a method that allows Identity Awareness gets its identity?


Options are :

  • captive Portal
  • None
  • AD Query
  • .Identity agent
  • Group policy (Correct)

Answer : Group policy

MegaCorp running SmartCenter R70, R65 at some gateways and some other Gateway R60. Management wishes to update the most comprehensive IPv6 support. What should the administrator do first?


Options are :

  • None
  • Update SmartCenter and R77 to the first
  • To upgrade each unit directly to the R77.
  • The upgrade of ports R60-R65.
  • Check the release notes to ensure that every step is supported. (Correct)

Answer : Check the release notes to ensure that every step is supported.

156-315.77 Check Point Certified Security Expert Exam Set 2

Which two processes are responsible for examining Identity Awareness?


Options are :

  • PDP and PDP-11
  • PDP and son
  • PDP and pep (Correct)
  • pep and son
  • None

Answer : PDP and pep

Numbered configuring the VPN tunnel interfaces (VTIs) in a clustered environment, what things must be taken into account? 1) Each member is a unique source IP address. 2) Each member of each interface requires a unique IP address. 3) All VTI comes at a remote peer must have the same name. 4) Cluster IP addresses are necessary.


Options are :

  • 1, 2, 3 and 4 (Correct)
  • 2 and 3
  • 1, 2, and 4,
  • 1, 3, and 4,
  • None

Answer : 1, 2, 3 and 4

Which of the following is numbered the same applies to VPN tunnel interfaces (VTIs)?


Options are :

  • VTIs can assign IP addresses
  • None
  • VTIs rely on Secure Platform Pro (Correct)
  • VTIs are given only local addresses, remote addresses will not
  • VTIs existing physical interface IP address can be used

Answer : VTIs rely on Secure Platform Pro

156-215.77 Check Point Certified Security Administrator Exam Set 5

Identity Agent is a lightweight endpoint agent that authenticates the single sign-on (SSO) safely. Which of the following is not recommended for use in this method?


Options are :

  • When the detection accuracy is decisive
  • Widely sensitive servers
  • Taking advantage of the machine's name or identity
  • None
  • .Identity monitoring based on non-AD users (non-Windows and guest users) (Correct)

Answer : .Identity monitoring based on non-AD users (non-Windows and guest users)

MultiCorp is running on the R71 SmartCenter IPSO platform and wants to upgrade to a new device, R77. Every migration tool is recommended?


Options are :

  • Use Migration Tool CD / ISO
  • Use already installed Migration Tool
  • Get the Migration Tool for IPSO R71 and R77 Migration Tool and splat / Linux Checkpoint website
  • None
  • Download Migration Tool R77 for IPSO and SPLAT / Linux Checkpoint website. (Correct)

Answer : Download Migration Tool R77 for IPSO and SPLAT / Linux Checkpoint website.

Which of the following is true for countless VPN tunnel interfaces (VTIs)?


Options are :

  • None
  • VTI specific local and remote IP addresses are not determined (Correct)
  • VTIs are only supported Secure Platform
  • Local IP addresses are not configured, the remote IP addresses have been determined
  • VTIs can not be given a proxy interface

Answer : VTI specific local and remote IP addresses are not determined

156-315.65 Check Point Security Administration NGX R65 Exam Set 4

If you are using the AD questionnaire seamless identity data reception from Microsoft's Active Directory (AD), which of the following ways NOT Checkpoint recommend?


Options are :

  • Basic identity controls internal network
  • Identity-based audit and logging
  • Identity-based implementation of non-AD users (non-Windows and guest users) (Correct)
  • Utilizing identity on the Internet Application Management
  • None

Answer : Identity-based implementation of non-AD users (non-Windows and guest users)

Which of the following is true for countless VPN tunnel interfaces (VTIs)?


Options are :

  • They rely on GAIA operating system. (Correct)
  • VTIs can not be determined proxy connection.
  • VTIs can be physical, and loopback.
  • None
  • Local IP addresses are not configured, the remote IP addresses have been assigned.

Answer : They rely on GAIA operating system.

Which of the following is true for countless VPN tunnel interfaces (VTIs)?


Options are :

  • None
  • VTIs must demonstrate through a proxy server. (Correct)
  • VTIs can be physical, and loopback.
  • VTIs are only supported Secure Platform.
  • Local IP addresses are not configured, the remote IP addresses have been assigned.

Answer : VTIs must demonstrate through a proxy server.

156-315.77 Check Point Certified Security Expert Exam Set 4

If both the domain and path-based VPN is configured, what is the priority?


Options are :

  • None
  • Must be selected / configured manually VPN Administrator object in the Community
  • Route-based
  • Must be selected / configured manually Administrator Policy> Global Properties
  • Domain-based (Correct)

Answer : Domain-based

Threat Prevention profile is a set of configurations based on the following. Choose the correct answer.


Options are :

  • Virus Protection setting, anti-Bot options, Threat Emulation, Intrusion-prevention settings, HTTPS inspection settings.
  • Virus Protection setting, anti-Bot options, Threat Emulation, Intrusion-prevention settings.
  • Virus Protection setting, anti-Bot options, Threat Emulation (Correct)
  • None
  • Anti-Bot options, Threat Emulation, Intrusion-prevention settings, HTTPS inspection settings

Answer : Virus Protection setting, anti-Bot options, Threat Emulation

156-315.77 Check Point Certified Security Expert Exam Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now