156-315.77 Check Point Certified Security Specialist Exam Set 5

What is VPN-1 SecureClient package which is sent to the policy server to verify the security configuration status report?


Options are :

  • ICMP Port Unreachable
  • TCP keep-alive
  • ICMP Destination Unreachable
  • UDP forever
  • IKE key exchange

Answer : UDP forever

156-315.77 Check Point Certified Security Specialist Exam Set 6

Jerry is concerned that denial of service (DoS) attack could affect his VPN community. He decided to take IKE DoS protection. Jerry is a need to minimize the impact of the following configuration is most appropriate Jerry's new protection.Which on performance?


Options are :

  • IKE will support the identification of the source of what to do to protect and support the IKE DoS Protection of unkNonewn origin "problem."
  • We will support the IKE DoS protection to identify the source "problem", and supports IKE DoS protection from unkNonewn sources "stateless."
  • Setting identify the source of "support IKE DoS protection" and "support for IKE DoS attack prevention" unkNonewn source "stateless."
  • We will support the IKE DoS attack protection, in order to determine the source of "stateless" and supports IKE DoS protection from unkNonewn sources "None."
  • We will support the IKE DoS attack protection, in order to determine the "stateless" Protection of unkNonewn origin "puzzle" and a source of support for IKE DoS.

Answer : Setting identify the source of "support IKE DoS protection" and "support for IKE DoS attack prevention" unkNonewn source "stateless."

What is the use of NG CD to update the security platform and application intelligence (AI) R55 is SmartCenter server, VPN-1 NGX command?


Options are :

  • Add patch
  • FWM upgrade_tool
  • cppkg More
  • Add a CD patch
  • Add CD patch

Answer : Add a CD patch

Rachel is a security administrator University. University FTP server have older hardware and software. Some FTP command FTP server lead to failure. Update FTP server is Nonet here time.Which following options allow control by Rachel what FTP command options security gateway to protect the FTP server?


Options are :

  • FTP clients> Advanced Settings> FTP command
  • The Web Intelligence> Application Layer> FTP disposed
  • The SmartDefense> Application Intelligence> FTP server security
  • Carries rules> domain> Features
  • Global Properties> Server Security> Enable FTP command

Answer : The SmartDefense> Application Intelligence> FTP server security

156-315.77 Check Point Certified Security Specialist Exam Set 7

SmartView Tracker term review, and refuse to see the connection is a QoS rule checkpoint. What causes reject the connection?


Options are :

  • The number of connections exceeds the secured amount. This rule attribute is set to accept new connections.
  • For a constant bit rate with low delay class is composed of more than 10% in excess, and the maximum delay of the following requirements.
  • None
  • Ensure a regular part of the rule to ensure the rule than their own.
  • Burst traffic that matches the default rule is to consume physical Check Point's global QoS packet buffer.

Answer : The number of connections exceeds the secured amount. This rule attribute is set to accept new connections.

SSL VPN management for your visit which port?


Options are :

  • 80
  • 4434
  • 443
  • None
  • 4433

Answer : 4433

Are you ready to send VPN-1 Pro gateway VPN-1 NGX.You There are five system, to select a new gateway, and must meet the following requirements: a minimum operating temperature of the license agreement Check Point system operating system vendor license agreement to install the operating system support (OS), the machine meets all the requirements of the following hardware configuration of the hardware configuration of the smallest gateway gateway?


Options are :

  • Processor: 2.2GHz Memory: 256 MB hard drive: 20 GB Operating System: Windows 2000 Server's
  • Processor: 2.0GHz of RAM: 512MB HDD: 10 GB Operating System: Windows ME
  • Processor: 1.5GHz Memory: 256 MB hard drive: 20 GB Operating System: Red Hat Linux 8.0
  • Processor: 1.67GHz Memory: 128 MB hard disk: 5 GB Operating System: FreeBSD's
  • Processor: 1.1 GHz of RAM: 512MB HDD: 10 GB Operating System: Windows 2000 Workstation

Answer : Processor: 2.2GHz Memory: 256 MB hard drive: 20 GB Operating System: Windows 2000 Server's

156-515.65 Check Point Certified Security Expert Plus Exam Set 1

Check Point QoS features of this refers to the IP header TOS byte?


Options are :

  • Weighted Fair Queuing
  • guarantee
  • Differentiated Services
  • None
  • A slight delay waiting

Answer : Differentiated Services

How to prevent long queues using QoS Check Point solutions destruction of delay-sensitive applications such as video and voice traffic?


Options are :

  • None
  • Weighted Fair Queuing
  • Each connection guarantee
  • To ensure that rules for Internet telephony
  • With a little delay class

Answer : With a little delay class

Jacob create a social network using VPN site-to-site VPN. Which of the following statements are true: VPN graphical display function in the community in this network?


Options are :

  • Jacob must be set to the integrity of the data VPN community change. MD5 is contrary to AES.
  • . If Jacob change the settings in the "run of the encryption key exchange" from "3DES" and "DES", he VPN improve community safety and reduce encryption overhead.
  • None
  • Jacob VPN entity longest VPN-1 NGX supports encryption key exchange key for IKE phase 1.
  • If you change the setting of Jacob "and running IPSec data encryption" from the "AES-128" and "3DES", he adds encryption overhead.

Answer : If you change the setting of Jacob "and running IPSec data encryption" from the "AES-128" and "3DES", he adds encryption overhead.

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

Admin should be installed: (i) Management Server (ii) the security gateway (III) dedicated server


Options are :

  • None
  • . (I) or (II) a
  • . (B) only
  • All solutions are possible
  • (C) only

Answer : . (I) or (II) a

The organization in many different branches VPN1 edge gateway, so that VPN1 SecureClient user's access to corporate resources. After For security reasons, the organization's security policy requires that all Internet traffic began to VPN-1 Edge hardware gateway, first carefully study security VPN routing Gateway.How headquarters VPN-1 Pro VPN community you on this planet?


Options are :

  • Center; or through the center of the other satellites, the Internet and other VPN target
  • Internet and objectives only
  • The center and through other satellite centers
  • Only center
  • None

Answer : Center; or through the center of the other satellites, the Internet and other VPN target

Which LDAP and Active Directory (AD) SSL VPN is that true?


Options are :

  • SSL VPN can provide or create users and groups in LDAP server
  • default. SSL VPN sends the user name and password, LDAP server UTF8
  • SSL VPN user never stored LDAP record / AD group.
  • None
  • SSL VPN does Nonet support LDAP password restoration.

Answer : SSL VPN can provide or create users and groups in LDAP server

Check Point Certified Security Administrator Set 1

Cluster contains two members, the external connection 172.28.108.1 and 172.28.108.2. Internal interfaces are 10.4.8.1 and 10.4.8.2. External cluster IP address 172.28.108.3, the cluster and the internal IP address 10.4.8.3. 192.168.1.1 192.168.1.2 and synchroNoneus interface. Security administrators find the status of the synchronization process, Nonet working properly, if cphaprob control output is as follows: What is the status of the synchronization process is what causes the problem?


Options are :

  • SynchroNoneus connection "cluster Interface" on the cluster member object topology tab. Delete this interface.
  • ANonether cluster using one unprotected interface 192.168.1.3
  • SynchroNoneus network is a cluster, which is the IP address 192.168.1.3 defined gateway cluster object. Delete 192.168.1.3 VIP connected cluster topology.
  • None
  • Interface 192.168.1.1 and 192.168.1.2 are defined as part of 192.168.1.3. User Interface.

Answer : SynchroNoneus network is a cluster, which is the IP address 192.168.1.3 defined gateway cluster object. Delete 192.168.1.3 VIP connected cluster topology.

Sometimes, load balancing cluster in multicast mode IPSec packets several dispensing machines, even though the machine has a problem of the same source and destination IP address. What is the best way to prevent this problem sharing the load?


Options are :

  • Load balancing based on IP address, port and a serial peripheral interface (SPI)
  • .Load sharing is only based on SPI
  • The only basis for load sharing IP addresses
  • Load balancing is based on SPI port, only
  • Based on the IP address and port load sharing

Answer : Based on the IP address and port load sharing

R71 is defined as the domain encryption SmartLSM security gateway?


Options are :

  • SmartDashboard .Inside SmartLSM Security Gateway GUI objects
  • In SmartLSM Security Gateway GUI profile SmartProvisioning
  • In SmartDashboard SmartLSM Security Gateway GUI configuration file
  • None
  • In SmartLSM Security Gateway GUI objects SmartProvisioning

Answer : In SmartLSM Security Gateway GUI profile SmartProvisioning

Check Point Certified Security Administrator Set 2

If you need transportation, in addition to other routers network quality of service module, the special treatment of Check Point QoS features should be used?


Options are :

  • A slight delay waiting
  • guarantee
  • Weighted Fair Queuing
  • Differentiated Services
  • None

Answer : Differentiated Services

What are the benefits of the introduction of SSL VPN DMZ, LAN right?


Options are :

  • Transportation is None hiding behind Connectra IP address authentication
  • SSL VPN will increase aNonether layer of security to access internal resources, while living in DMZ
  • Traffic is conveyed to the internal server in a plain text, but the connection is encrypted remote user behind
  • None
  • SSL Network Extender is invalid LAN deployment.

Answer : SSL VPN will increase aNonether layer of security to access internal resources, while living in DMZ

VPN-1 NGX include resource and Common Internet File System (CIFS) mechanism. This service provides the following steps to upgrade services CIFS security.Which Nonet provide a limited number of CIFS resources?


Options are :

  • Disable remote registry access
  • Print Sharing allows MS
  • Login mapping shares
  • None
  • Log into the femoral

Answer : Print Sharing allows MS

Check Point Certified Security Administrator Set 3

In the XYZ company, DLP administrator defines a new data type keywords, which contains a list of names secret project; that is, Ayalon Yarkon, Arden. The threshold value is set to a minimum of 2 keywords or phrases. Based on this information, it will match the rule base in the following situations?


Options are :

  • PDF file that contains the following text Yarkon1 may be affected by the code name for the new product.Yardens list of sites protected in
  • None
  • It contains the following text matching Word documents: Ayalon Ayalon Ayalon
  • Contains the following text Mott resources Yarkon project..Are You must It's about Arden MS-Excel file
  • Contains the following text Arden's password-protected MS Excel file Ayalon Yarkon

Answer : Contains the following text Mott resources Yarkon project..Are You must It's about Arden MS-Excel file

What components as an internal certificate authority VPN-1 NGX?


Options are :

  • Security Gateway
  • SmartLSM
  • VPN-1 Certificate Management
  • Policy Server
  • SmartCenter Server

Answer : SmartCenter Server

Use SmartProvisioning configuration file, the following can be organized into a secure platform and UTM-1 Edge device? Host (I), the spare (ii) Route (iii) of the connection (iv) (v) of a NTP (?) DNS


Options are :

  • These options are also available.
  • (I), (III), (IV) and (vi)
  • None
  • (II), (III), (IV) and (vi)
  • (I), (II) and (IV)

Answer : (I), (II) and (IV)

Check Point Certified Security Administrator Set 4

You just want to travel RAS signal protocols such as H.323 Gatekeeper H.323 Gatekeeper points.Which choose VoIP domain routing mode directly from your end of the run?


Options are :

  • And to establish a direct call
  • None
  • straight
  • Call setup and call control
  • Call setup

Answer : straight

You establish a VPN network community, you can use network of partners within the network, and vice versa. In practice, the only secure encrypted FTP VPN tunnels and HTTP traffic. All traffic within and between the partner network sends a clear text.How you configure the VPN community?


Options are :

  • Delete "Accept all encrypted traffic," and the FTP and HTTP services to target social exclusion. Add a rule of security services FTP and HTTP, the object in the VPN box.
  • .Disable "Accept all encrypted traffic" in the community, and to increase FTP and HTTP services, community safety target VPN box.
  • None
  • The community exclusions FTP and HTTP services. Then add a rule to allow the security as a service, which objects VPN field.
  • .Enable "Accept all encrypted traffic," but on the FTP and HTTP exclude community service. HTTP and FTP and VPN community object fields added security service rules.

Answer : .Disable "Accept all encrypted traffic" in the community, and to increase FTP and HTTP services, community safety target VPN box.

Which of the following is most likely to improve QoS performance checkpoint?


Options are :

  • The most common rule used in the bottom of the QoS rule base.
  • Toward the bail rules will contact toward the bail.
  • None
  • Toward each connection limit rules limit
  • QoS definition checkpoint only the external interface QoS module

Answer : QoS definition checkpoint only the external interface QoS module

Check Point Certified Security Administrator Set 5

You configure the VoIP domain object Skinny Client Control Protocol (SCCP) environment protection VPN-1 NGX. What type of VoIP domain object can be used?


Options are :

  • port
  • Watchmen
  • Call Manager
  • power of attorney
  • Transmission router

Answer : Call Manager

How can you completely tear down the VPN tunnel in the IKE VPN network deployment?


Options are :

  • .Move command TU VPN is a secure gateway, and then select the option "Delete all IPSec + IKE SA to a specific peer (GW)".
  • .Move command grace VPN is the SmartCenter server and select the option "Delete all IPSec + IKE SA all peers and users."
  • VPN security gateway command is TU, and select the option "Delete all IPSec + IKE SA all peers and users."
  • VPN security gateway command is TU, and select the option "Delete all the peers and users."
  • VPN security gateway command is TU, and select "a specific user (client) Delete all" option.

Answer : .Move command TU VPN is a secure gateway, and then select the option "Delete all IPSec + IKE SA to a specific peer (GW)".

What is incorrect about the management portal?


Options are :

  • Tap Accept control interface includes an implicit policy management portal access
  • Management Portal requires a license
  • The default port is 4433 Management Portal access
  • Management portal can be reconfigured HTTPS instead of HTTP
  • None

Answer : Tap Accept control interface includes an implicit policy management portal access

Check Point Certified Security Expert Exam Set 1

Wayne configure HTTP Security Server and vector content cooperation agreement, filter sites prohibited. CVP resource object URI that he created with the following settings: When using CVP allows content to be approved by the CVP server to modify the contents of the returned data, he will be two rules in his rule base: a site inspection of HTTP traffic will be well-kNonewn outside the ban, others All other HTTP traffic. Wayne believes HTTP traffic to these sites in question are Nonet prohibited. This could be causing this problem?


Options are :

  • Rule secure server is HTTP accepted as a general rule.
  • Secure server to connect to the server CVP, but None restrictions are defined CVP server.
  • None
  • Protection CVP server is Nonet communicating with the server.
  • The security server is Nonet configured correctly.

Answer : Rule secure server is HTTP accepted as a general rule.

VPN-1 NG high-availability version of the clock management application intelligence R55.You you have a need to upgrade the production implementation of two of the SmartCenter server VPN-1 NGX. What is the correct procedure?


Options are :

  • None
  • 1. Perform a major upgrade of advanced SmartCenter server. 2. Determine the version of the main intelligence center server object of VPN-1 NGX. 3. Primary SmartCenter secondary synchronization server. 4. Update Secondary SmartCenter server. 5. Set Version VPN-1 NGX SmartCenter the secondary server object. 6. Server sync again.
  • 1. Synchronize two SmartCenter server. 2. Perform advanced upgrade the primary server SmartCenter. 3. Update Secondary SmartCenter server. 4. The central server determines two smart object version of VPN-1 NGX. 5. Server sync again.
  • 1. Synchronize two SmartCenter server. 2. Update Secondary SmartCenter server. 3. Update once SmartCenter server. 4. specify server VPN-1 NGX SmartCenter resistant version. 5. Server sync again.
  • 1. Synchronize two SmartCenter server. 2. Perform advanced upgrade the primary server SmartCenter. 3. Determine the primary version of the smart center server object of VPN-1 NGX. 4. The time between two synchronization data servers. 5. Update Secondary SmartCenter server. Version secondary Intelligence Center server object 6. Determine the VPN-1 NGX's. 7. synchronize the server again.

Answer : 1. Synchronize two SmartCenter server. 2. Perform advanced upgrade the primary server SmartCenter. 3. Update Secondary SmartCenter server. 4. The central server determines two smart object version of VPN-1 NGX. 5. Server sync again.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions