Check Point Certified Security Administrator Set 3

A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?


Options are :

  • As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.
  • As expert user, type the command revert --file MySnapshot.tgz. (Correct)
  • As expert user, type the command snapshot -r MySnapshot.tgz.
  • Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.

Answer : As expert user, type the command revert --file MySnapshot.tgz.

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?


Options are :

  • Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.
  • Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. (Correct)
  • Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
  • Run the command revert to restore the snapshot, establish SIC, and install the Policy.

Answer : Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

Where do you verify that UserDirectory is enabled?


Options are :

  • Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
  • Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked (Correct)
  • Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Answer : Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Check Point Certified Security Administrator Set 4

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute Only and choosing the target Gateway, the:


Options are :

  • SmartUpdate wizard walks the Administrator through a distributed installation.
  • selected package is copied from the CD-ROM of the SmartUpdate PC directly to the Security Gateway and the installation IS performed.
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed. (Correct)
  • selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

Answer : selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration. An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?


Options are :

  • The restore is not possible because the backup file does not have the same build number (version).
  • The restore is done by selecting Snapshot Management from the boot menu of GAiA.
  • The restore can be done easily by the command restore and copying netconf.C from the production environment. (Correct)
  • A backup cannot be restored, because the binary files are missing.

Answer : The restore can be done easily by the command restore and copying netconf.C from the production environment.

You have included the Cleanup Rule in your Rule Base. Where in the Rule Base should the Accept ICMP Requests implied rule have no effect?


Options are :

  • First
  • After Stealth Rule
  • Before Last
  • Last (Correct)

Answer : Last

Check Point Certified Security Administrator Set 5

Which of the following statements is TRUE about management plug-ins?


Options are :

  • The plug-in is a package installed on the Security Gateway.
  • Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
  • A management plug-in interacts with a Security Management Server to provide new features and support for new products. (Correct)
  • Installing a management plug-in is just like an upgrade process.

Answer : A management plug-in interacts with a Security Management Server to provide new features and support for new products.

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19. He has received a new laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy. John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?


Options are :

  • Install the Identity Awareness Agent
  • Investigate this as a network connectivity issue
  • Set static IP to DHCP (Correct)
  • After enabling Identity Awareness, reboot the gateway

Answer : Set static IP to DHCP

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?


Options are :

  • All FTP downloads are reset; users have to start their downloads again.
  • Users being authenticated by Client Authentication have to re-authenticate. (Correct)
  • Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.
  • All connections are reset, so a policy install is recommended during announced downtime only.

Answer : Users being authenticated by Client Authentication have to re-authenticate.

Check Point Certified Security Expert Exam Set 1

In a distributed management environment, the administrator has removed all default check boxes from the Policy > Global Properties > Firewall tab. In order for the Security Gateway to send logs to the Security Management Server, an explicit rule must be created to allow the Security Gateway to communicate to the Security Management Server on port ______.


Options are :

  • 259
  • 257 (Correct)
  • 900
  • 256

Answer : 257

Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currently installed on a firewall module?


Options are :

  • fw ctl pstat
  • cpstat fwd
  • fw stat (Correct)
  • fw ver

Answer : fw stat

Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?


Options are :

  • Bridge (Correct)
  • High Availability
  • Fail Open
  • Load Sharing

Answer : Bridge

Check Point Certified Security Expert Exam Set 10

During which step in the installation process is it necessary to note the fingerprint for first-time verification?


Options are :

  • When configuring the Security Gateway object in SmartDashboard
  • When configuring the Gateway in the WebUI
  • When configuring the Security Management Server using cpconfig (Correct)
  • When establishing SIC between the Security Management Server and the Gateway

Answer : When configuring the Security Management Server using cpconfig

You are working with multiple Security Gateways that enforce an extensive number of rules. To simplify security administration, which one of the following would you choose to do?


Options are :

  • Create a separate Security Policy package for each remote Security Gateway. (Correct)
  • Create network objects that restrict all applicable rules to only certain networks.
  • Run separate SmartConsole instances to login and configure each Security Gateway directly.
  • Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

Answer : Create a separate Security Policy package for each remote Security Gateway.

Access Role objects define users, machines, and network locations as:


Options are :

  • Separate objects
  • Linked objects
  • Credentialed objects
  • One object (Correct)

Answer : One object

Check Point Certified Security Expert Exam Set 11

You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?


Options are :

  • As many as you want
  • Depends on the license installed on the Security Management Server
  • One (Correct)
  • Only one with full access and one with read-only access

Answer : One

What is the syntax for uninstalling a package using newpkg?


Options are :

  • -i
  • -u
  • -S
  • newpkg CANNOT be used to uninstall a package (Correct)

Answer : newpkg CANNOT be used to uninstall a package

Which statement is TRUE about implicit rules?


Options are :

  • Changes to the Security Gateway’s default settings do not affect implicit rules.
  • The Gateway enforces implicit rules that enable outgoing packets only.
  • You create them in SmartDashboard.
  • They are derived from Global Properties and explicit object properties. (Correct)

Answer : They are derived from Global Properties and explicit object properties.

Check Point Certified Security Expert Exam Set 12

What command syntax would you use to turn on PDP logging in a distributed environment?


Options are :

  • pdp tracker on (Correct)
  • pdp log=1
  • pdp logging on
  • pdp track=1

Answer : pdp tracker on

What action CANNOT be run from SmartUpdate R77?


Options are :

  • Preinstall verifier
  • Reboot Gateway
  • Fetch sync status (Correct)
  • Get all Gateway Data

Answer : Fetch sync status

You are running a R77 Security Gateway on GAiA. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?


Options are :

  • snapshot (Correct)
  • manual backup
  • backup
  • upgrade_export

Answer : snapshot

Check Point Certified Security Expert Exam Set 2

Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.


Options are :

  • Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO
  • Check Point GAiA and SecurePlatform, and Microsoft Windows (Correct)
  • Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows
  • Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows

Answer : Check Point GAiA and SecurePlatform, and Microsoft Windows

What are you required to do before running the command upgrade_export?


Options are :

  • Run a cpstop on the Security Gateway.
  • Run cpconfig and set yourself up as a GUI client.
  • Run a cpstop on the Security Management Server.
  • Close all GUI clients. (Correct)

Answer : Close all GUI clients.

You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • GAiA back up utilities (Correct)
  • Database Revision Control
  • Manual copies of the directory $FWDIR/conf
  • upgrade_export and upgrade_import commands

Answer : GAiA back up utilities

Check Point Certified Security Expert Exam Set 3

What CANNOT be configured for existing connections during a policy install?


Options are :

  • Keep data connections
  • Re-match connections
  • Keep all connections
  • Reset all connections (Correct)

Answer : Reset all connections

What command syntax would you use to see accounts the gateway suspects are service accounts?


Options are :

  • pdp check_log
  • adlog a service_accounts (Correct)
  • pdp show service
  • adlog check_accounts

Answer : adlog a service_accounts

A Security Policy has several database versions. What configuration remains the same no matter which version is used?


Options are :

  • Rule Bases_5_0.fws
  • Objects_5_0.C
  • Internal Certificate Authority (ICA) certificate (Correct)
  • fwauth.NDB

Answer : Internal Certificate Authority (ICA) certificate

Check Point Certified Security Expert Exam Set 4

MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you apply the license?


Options are :

  • Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.
  • Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate. (Correct)
  • Using the remote Gateway's IP address, and applying the license locally with the command cplic put.
  • Using each of the Gateways’ IP addresses, and applying the licenses on the Security Management Server with the command.

Answer : Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

Which command displays the installed Security Gateway version?


Options are :

  • fw stat
  • fw printver
  • fw ver (Correct)
  • cpstat –gw

Answer : fw ver

You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?


Options are :

  • database revision
  • snapshot
  • backup (Correct)
  • upgrade_export

Answer : backup

Check Point Certified Security Expert Exam Set 5

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now