156-315.77 Check Point Certified Security Specialist Exam Set 4

Each type of service is Nonet dependent on a secure server?


Options are :

  • HTTP
  • CIFS
  • SMTP
  • Remote Login
  • FTP

Answer : CIFS

Barak security administrators are using VPN pershared secret organization has two sites. The two areas in Oslo and London. Barak has just learned that opened new offices in Madrid, he must be connected to the other side to take all three places through the VPN. Three security gateway run by the same SmartCenter server, followed by Oslo security gateway. Barak decided to move the internal certificate authority (ICA) of pershared secret credential create the correct object gateway VPN domain of Madrid, what steps Barak rest? 1. Delete all three objects other gateway security gateway certificate ICA in London "pre-shared key" gateway object 2. Add the Oslo and Madrid, Oslo and London VPN network community 3. Manually created. 4. Madrid "traditional VPN model configuration", to the security policy VPN gateway object 5. All three boxes installed security gateway.


Options are :

  • 1,3,4,5
  • 1,2,3,5
  • 1,2,4,5
  • 1,2,5
  • 1,2,3,4

Answer : 1,2,5

Currently SmartCenter VPN-1 NG with Application Intelligence (AI) R55standalone VPN-1 Pro gateways and servers running SecurePlatform.You have a plan, VPN-1 NGX in a distributed environment, the current machine's SmartCenter server, and the new machine It will be the VPN-1 Pro gateway only. You need to move the Al NG R55 SmartCenter server configurations, including internal certificate authority such as databases and security Policies.How you ask for a new authorization VPN -1 NGX upgrade?


Options are :

  • NG IP address requirements and aluminum SmartCenter server, a new VPN-1 NGX SmartCenter Server's license. Apply for a new license key NGX VPN-1 Pro gateway.
  • Require the use of new machines IP address.Request new license key NGX VPN-1 Pro is a gateway VPN-1 NGX SmartCenter Server's license.
  • Require the use of new machines IP address.Request a new local license NGX VPN-1 Pro is a gateway VPN-1 NGX SmartCenter Server's license.
  • Please VPN-1 NGX SmartCenter server with the IP address of NG aluminum of the SmartCenter Server license. Apply for a new license key NGX VPN-1 Pro gateway, licensed to existing SmartCenter server's IP address
  • None

Answer : Please VPN-1 NGX SmartCenter server with the IP address of NG aluminum of the SmartCenter Server license. Apply for a new license key NGX VPN-1 Pro gateway, licensed to existing SmartCenter server's IP address

156-315.77 Check Point Certified Security Specialist Exam Set 5

To upgrade, security platform NG Application Intelligence (AI) R55 security gateway through SmartUpdate.Which platform NGX R60 packages need to file before the upgrade?


Options are :

  • Security Platform NGX R60
  • SVN Foundation 3
  • Firewall and VPN-1 -1
  • VPN-1 Pro / courier NGXR60
  • SVN Foundation and VPN-1 an Express Edition / Professional

Answer : Security Platform NGX R60

Each object is a community VPN using a VPN routing SmartDashboard?


Options are :

  • map
  • The internet
  • None
  • remote access
  • star

Answer : star

Each OPSEC server is used to prevent users from accessing certain sites?


Options are :

  • CVP
  • URI
  • UFP
  • LEA
  • AMON

Answer : UFP

156-315.77 Check Point Certified Security Specialist Exam Set 6

You will receive a Nonetification that indicates suspicious FTP connection tries to connect to one of the internal host. How to prevent the connection in real time, and check the connection is successfully blocked?


Options are :

  • None
  • SmartView Tracker highlight suspicious connections> Events mode.Block connectivity tools> menu.Use prevent an intruder from active mode to confirm the suspected connection is lost.
  • SmartView Tracker highlight suspicious connections> Events mode.Block connectivity tools> stop intruders menu.Use active mode, to ensure that the connection does Nonet appear suspicious.
  • SmartView Tracker highlight suspicious connections> Log mode.Block connectivity tools> stop intruders menu.Use log mode to verify that the connection does Nonet appear suspicious.
  • SmartView Tracker .Highlight suspicious connections> Log mode.Block connectivity tools> stop intruders menu.Use registration mode, and make sure the connection is lost suspicious.

Answer : SmartView Tracker highlight suspicious connections> Events mode.Block connectivity tools> stop intruders menu.Use active mode, to ensure that the connection does Nonet appear suspicious.

How to configure rules to allow SIP traffic safety endpoint endpoint Net_Ato Net_B, through NGX Security Gateway?


Options are :

  • Net_A / Net_BM3lP / acceptance
  • None
  • Net_A / Net_B / SIP and sip_any / acceptance
  • .Net_A / Net_B / VolP_any / acceptance
  • Net_A / Net_B / SIP / acceptance

Answer : Net_A / Net_B / SIP / acceptance

Robert has determined the Common Internet File System (CIFS) resource section, so beneficial to his company's file server \\ erisco \ Golden Apple \ files \ public audience. Robert received reports that users can Nonet access the shared partition unless they use the following IP file is address.Which One possible reason is what?


Options are :

  • Shares map administrative lock is Nonet allowed.
  • Access violation are Nonet logged in.
  • CIFS resource is Nonet configured to use Windows Name Resolution
  • CIFS null session will be blocked.
  • Remote registry access is denied.

Answer : CIFS resource is Nonet configured to use Windows Name Resolution

156-315.77 Check Point Certified Security Specialist Exam Set 7

When you add resources to service rules, which of the following behavior?


Options are :

  • All packets basic resources corresponding service rule analysis or verification, the resource attributes.
  • All packets corresponding to this rule are hidden or unloaded from the specified resource.
  • For the purposes of users who attempt to connect to this rule require authentication.
  • All resources corresponding to the rule data packets are discarded
  • VPN-1 SecureClient who try to connect to the target in the rule column definition of the target user will have a new desktop resource policy.

Answer : All packets basic resources corresponding service rule analysis or verification, the resource attributes.

What is the prerequisite for the establishment of a high-availability management?


Options are :

  • All SmartCenter server must be located within the same local area network (LAN)
  • All SmartCenter server must have the same operating system.
  • All SmartCenter server must have a BIOS version.
  • All SmartCenter server must have the same amount of memory.
  • Only one secondary SmartCenter server.

Answer : All SmartCenter server must have the same operating system.

You have a built-in FTP server, allowing you to download, instead of configuring uploading.Assume network address translation is correct, and to add rules to enter: source: any destination: FTP Server service: FTP resource object. How to configure the operating FTP resource objects and columns rules to achieve this goal?


Options are :

  • Enabling and "put" and "get" FTP method of resource properties and use them to rule that the action fell.
  • Take the "get" method FTP resource properties, and use this method to treat, the lawsuit was accepted.
  • Take the "get" method FTP resource properties, and use it to rule that the action fell.
  • Delete "get" and "put" FTP method resource properties, and use it to rule, to accept in action.
  • Just take the "put" method FTP resource properties, and use it to rule that the action is accepted.

Answer : Take the "get" method FTP resource properties, and use this method to treat, the lawsuit was accepted.

156-515.65 Check Point Certified Security Expert Plus Exam Set 1

About QoS guarantees and restrictions, the following statements is false?


Options are :

  • Warranty shall guarantee the rule than that of its sub-rule is less than the column.
  • None
  • . If the part is to ensure that rules are defined, then the above-defined rule guaranteed.
  • . If the rules and restrictions and each connection limit is usually defined as the connection restriction is Nonet less than the high limit rules.
  • If the two borders and ensure QoS rules defined rules, boundaries must be less than the warranty.

Answer : If the two borders and ensure QoS rules defined rules, boundaries must be less than the warranty.

Each security server for authentication tasks, but can Nonet perform content security-related tasks?


Options are :

  • Remote Login
  • FTP
  • SMTP
  • Remote Login
  • HTTP

Answer : Remote Login

VPN-1 NGX supports all VoIP traffic the following environments, different environment?


Options are :

  • sip
  • H.323
  • SCCP
  • MEGACO
  • MGCP

Answer : MEGACO

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

In the VPN-1 NG R54 Application Intelligence Platform Security VPN gateway 1 Pro. Gateway is also available as a patch policy Server.When run from NGX CD, which is what commands can be upgraded to add CD?


Options are :

  • In addition to the operating system (OS) and all Check Point products
  • Only OS
  • Only patch has been updated this command
  • All products, except for the policy server
  • Only Gateway Security VPN-1 Pro's

Answer : In addition to the operating system (OS) and all Check Point products

Yoav is a security administrator is preparing to implement a multi-site VPN his organization.To comply with the relevant provisions, Yoav VPN solution must meet the following requirements: portability: standard management: automatic, external PKI session key: change the time specified in the integrity of at least 128: reversal protection during the life of the connection key length, breaking the most appropriate settings Yoav · What should I choose?


Options are :

  • .IKE VPN of AES IKE Phase 1, Phase 2 and AES; SHA1 hashing
  • The IKE VPN: 2 MD5 SHA1 encryption encryption in IKE phase 1 and phase; the AES Hash
  • The IKE VPN: the IKE phase 1 and phase 2 SHA1 encryption CAST encrypted; the DES hash
  • The IKE VPN AES IKE phases 1, 2, and DES encryption steps; SHAl hash
  • The IKE VPN: the IKE phase 1 and phase 2 3DES DES encrypted encryption; the MD5

Answer : .IKE VPN of AES IKE Phase 1, Phase 2 and AES; SHA1 hashing

You must configure the SIP proxy server to connect to the network. IP telephony is 172.16.100.0 network.The registration and proxy installed on the host network Net_B 172.16.100.100.To allow outgoing calls implementation of SIP networks on the Internet, you've configured the transfer of the following items: Network destination: SIP network: 172.16.100.0/24 SIP gateway: VoIP domain of the object 172.16.100.100: VolP_domain_A 1.Endpoint domain: net 2.VoIP SIP gateway installation: SIP - yhdyskeskusisäntä objects how to configure rules?


Options are :

  • SIP gateway / Net_B / SIP / acceptance
  • .VolP_domain_A / Net_B / SIP / acceptance
  • VolP_Gateway_MJet_B / sip_any / acceptance
  • SIP ateway g / n et_B / sec I P_A LU / C A CëPT
  • VolP_domain_A / Net_B / sip_any and SIP / acceptance

Answer : .VolP_domain_A / Net_B / SIP / acceptance

Check Point Certified Security Administrator Set 1

The following assumptions have been threatening intruder current IKE Phase 1 and Phase 2 keys.Which end of hackers accessing the next phase 2 exchange takes place?


Options are :

  • MD5 supplement
  • Step 3 Key repeal
  • SHA1 hash supplement
  • DES key reset
  • Perfect Forward Secrecy

Answer : Perfect Forward Secrecy

What type of specific services should be part of the security administrators use rules to control access to the shared library of the target machine?


Options are :

  • HTTP
  • URI
  • Remote Login
  • CIFS
  • FTP

Answer : CIFS

What is clear, "Log IP connection" Global Properties box result of it?


Options are :

  • In the recording VoIP traffic, but accepted the VoIP traffic is Nonet logged in
  • IP address is used instead of an object, it refers to the name of the log entry domain object VoIP.
  • The SmartCenter server stops VoIP server logs imported.
  • VoIP protocol log field does Nonet contain the SmartView Tracker items.
  • See the scene set up VoIP protocol rules will be igNonered

Answer : VoIP protocol log field does Nonet contain the SmartView Tracker items.

Check Point Certified Security Administrator Set 2

Damon resource content protection.He the SMTP e-mail Nonetification will sometimes seem to slow down, sometimes delivered late. Which of the following can improve throughput performance?


Options are :

  • Configure content vector protocol (CVP) resources to advance internal SMTP server, wait for a reply Security Gateway
  • Increase the maximum number of spool directory of e-mail gateway
  • CVP resource configuration return mail gateway
  • Configure the SMTP e-mail Damon resources allow only the title of the company's domain name
  • Configure the SMTP resource hopping CVP resources

Answer : Configure the SMTP resource hopping CVP resources

The following rules include FTP resource object in the service sector: Source: local_net Destination: any service: Mobile FTP resources goals: How do you define approval FTP resource properties to make the company file> from an external FTP server matching tab, ban users, while allowing users to send files?


Options are :

  • Remove the "release" approach to the world.
  • To "get" method is to match the label.
  • "Get" and remove the "release" method of matching tags.
  • Enable "put" and "get" method.
  • Adopt a "put" method only matching tab.

Answer : Adopt a "put" method only matching tab.

The company has two headquarters, one in London and one in New York. Each corporation has a number of offices. Branch only need to communicate with their headquarters, Nonet with each other, only to be transferred directly to the headquarters. What is the best configuration between the two branches and headquarters and the headquarters of the VPN? VPN communities should include:


Options are :

  • None
  • Two community projects, each of their headquarters and branches; and a star of the community, which is in the heart of London and New York in the community, is the satellite.
  • Net Three: London headquarters and its branches, its New York headquarters and a branch of a multinational headquarters in London and one in New York.
  • One of the two stars and the community grid; every star in the community has been established at each site, in the center of the community, its head office, branches and satellite. Community network between New York and London headquarters
  • Two community projects, each of their headquarters and branch offices; and communities, New York and London is a community center a star is a satellite.

Answer : One of the two stars and the community grid; every star in the community has been established at each site, in the center of the community, its head office, branches and satellite. Community network between New York and London headquarters

Check Point Certified Security Administrator Set 3

NG is currently a stand-alone VPN Application Intelligence (AI) R55 platform installation and operation safety. You have to take the VPN-1 NGX in a distributed environment, the current machine is -1 Pro's VPN gateway. ANonether machine working SmartCenter server. Based on a new machine running Windows Server 2003.You need to upgrade NG aluminum R55 SmartCenter server configuration of VPN-1 NGX.How upgrade to VPN-1 NGX?


Options are :

  • Run a backup command to existing security platform machine, create a backup in Windows Server 2003.Uninstall secure platform file.opy file operating speed CPsuite.R55 command.Reboot.Install new VPN-1 NGX products all Check Point security platform is currently machine.Run SYSCONFIG, select the VPN-1 Pro gateway, and reboot.Use VPN-1 NGX CD to install the primary server SmartCenter of Windows server 2003.Import backup.
  • . NGX R55 CD machine using current NGwithAI security platform, and answer yes Backup Windows Server Backup configuration.Copy 2003.Continue process.Reboot update finished.After NGX security platform restarted after the upgrade, run SYSCONFIG, select VPN -1 Pro gateway, and finally SmartCenter of SYSCONFIG process.Reboot again.Use NGX CD installation of Windows Server 2003.Import primary backup.
  • None
  • Run a backup command, created with sysconfig.Reboot.Install major security platform NGX SmartCenter Server and import the backup file.Open in Windows Server file.Copy 2003.Uninstall major SmartCenter server package NG R55 aluminum backup file to an existing security platform machine NGX smart update and select "update all packages" Al to NG R55 security gateway.
  • Copy FWDIR $ \ conf data and $ FWDIR \ existing security platform machine.Create tar.gzfile LIB file and copy it to the Windows server machine 2003.Use VPN-1 NGX current CD security platform to do a new installation. Reboot.Run SYSCONFIG and select the VPN-1 Pro NGX Gateway.Reboot.Use CD installation of the primary server SmartCenter of Windows Server 2003.On Windows Server 2003, run the command make upgradeimport $ FWDIR \ conf to from $ FWDIR \ LIB security platform machine.

Answer : . NGX R55 CD machine using current NGwithAI security platform, and answer yes Backup Windows Server Backup configuration.Copy 2003.Continue process.Reboot update finished.After NGX security platform restarted after the upgrade, run SYSCONFIG, select VPN -1 Pro gateway, and finally SmartCenter of SYSCONFIG process.Reboot again.Use NGX CD installation of Windows Server 2003.Import primary backup.

For connecting to a VPN-1 vector portal content Protocol TCP port number (CVP) server?


Options are :

  • 18180
  • 1456
  • 18182
  • 7242
  • 18181

Answer : 18181

You have to install the VPN-1 Pro gateway VPN-1 NGX own business is one of the company plementation headquarters.You of the Sun SPARC Solaris 9 machine's VPN-1 Pro. You need to check the machine traffic and maintaining software packages files.Which Check Point components can be installed?


Options are :

  • VPN-1 Pro gateway and the primary server SmartCenter
  • VPN Gateway Pro 1
  • SmartCenter Server
  • Policy Server and the primary server SmartCenter
  • SmartCenter server and can ClusterXL

Answer : VPN-1 Pro gateway and the primary server SmartCenter

Check Point Certified Security Administrator Set 4

To create two VPN-1 NGX Security Gateway IKE VPN, protecting the two networks. The Network Gateway is a 10.15.0.0/16 behind, and the network of 192.168.9.0/24 is a rear end Gateway.Which NAT type should, to ensure that the VPN access two networks with one aNonether via the tunnel?


Options are :

  • Hide NAT
  • Static NAT
  • Manual NAT
  • Hide NAT
  • None

Answer : None

DShield a checkpoint function is used to prevent threats to which of the following?


Options are :

  • Buffer overflow
  • DDOS
  • Trojans
  • SQL Injection
  • Cross-site scripting

Answer : DDOS

What operating system does Nonet support SecureClient VPN-1's?


Options are :

  • The Mac OS X version
  • For Windows XP SP2
  • On RedHat Linux 8.0
  • IPSO 3.9
  • Windows 2000 Professional

Answer : IPSO 3.9

Check Point Certified Security Administrator Set 5

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions