Check Point Certified Security Administrator Set 4

All of the following are Security Gateway control connections defined by default implied rules, EXCEPT:


Options are :

  • Specific traffic that facilitates functionality, such as logging, management, and key exchange.
  • Acceptance of IKE and RDP traffic for communication and encryption purposes.
  • Communication with server types, such as RADIUS, CVP, UFP, TACACS, and LDAP.
  • Exclusion of specific services for reporting purposes. (Correct)

Answer : Exclusion of specific services for reporting purposes.

Several Security Policies can be used for different installation targets. The firewall protecting Human Resources’ servers should have a unique Policy Package. These rules may only be installed on this machine and not accidentally on the Internet firewall. How can this be configured?


Options are :

  • In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule. (Correct)
  • When selecting the correct firewall in each line of the row Install On of the Rule Base, only this firewall is shown in the list of possible installation targets after selecting Policy > Install.
  • A Rule Base is always installed on all possible targets. The rules to be installed on a firewall are defined by the selection in the row Install On of the Rule Base.
  • A Rule Base can always be installed on any Check Point firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install.

Answer : In the SmartDashboard policy, select the correct firewall to be the Specific Target of the rule.

How can you recreate the Security Administrator account, which was created during initial Management Server installation on GAiA?


Options are :

  • Type cpm -a, and provide the existing Administrator’s account name. Reset the Security Administrator’s password.
  • Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account.
  • Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.
  • Launch cpconfig and delete the Administrator's account. Recreate the account with the same name. (Correct)

Answer : Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.

Check Point Certified Security Expert Exam Set 9

To check the Rule Base, some rules can be hidden so they do not distract the administrator from the unhidden rules. Assume that only rules accepting HTTP or SSH will be shown. How do you accomplish this?


Options are :

  • Ask your reseller to get a ticket for Check Point SmartUse and deliver him the Security Management Server cpinfo file.
  • In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”?) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND. (Correct)
  • In SmartDashboard, right-click in the column field Service > Query Column. Then, put the services HTTP and SSH in the list. Do the same in the field Action and select Accept here.
  • This cannot be configured since two selections (Service, Action) are not possible.

Answer : In SmartDashboard menu, select Search > Rule Base Queries. In the window that opens, create a new Query, give it a name (e.g. “HTTP_SSH”?) and define a clause regarding the two services HTTP and SSH. When having applied this, define a second clause for the action Accept and combine them with the Boolean operator AND.

A _______ rule is used to prevent all traffic going to the R77 Security Gateway.


Options are :

  • IPS
  • Stealth (Correct)
  • Cleanup
  • Reject

Answer : Stealth

Which of the following items should be configured for the Security Management Server to authenticate via LDAP?


Options are :

  • WMI object
  • Active Directory Server object (Correct)
  • Check Point Password
  • Windows logon password

Answer : Active Directory Server object

156-315.71 Check Point Security Expert R71 Practical Exam Set 7

How can you most quickly reset Secure Internal Communications (SIC) between a Security Management Server and Security Gateway?


Options are :

  • From the Security Management Server’s command line, type fw putkey -p .
  • Run the command fwm sic_reset to reinitialize the Security Management Server Internal Certificate Authority (ICA). Then retype the activation key on the Security Gateway from SmartDashboard.
  • Use SmartUpdate to retype the Security Gateway activation key. This will automatically sync SIC to both the Security Management Server and Gateway.
  • From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC). (Correct)

Answer : From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).

What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?


Options are :

  • A Security Gateway retrieving the new upgrade package
  • SmartUpdate installed Security Management Server PC
  • SmartUpdate Repository SQL database Server
  • SmartUpdate GUI PC (Correct)

Answer : SmartUpdate GUI PC

Which rules are not applied on a first-match basis?


Options are :

  • Cleanup
  • Client Authentication
  • Session Authentication
  • User Authentication (Correct)

Answer : User Authentication

Check Point Certified Security Administrator Set 1

Your primary Security Gateway runs on GAiA. What is the easiest way to back up your Security Gateway R77 configuration, including routing and network configuration files?


Options are :

  • Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.
  • Using the command upgrade_export.
  • Using the native GAiA backup utility from command line or in the Web based user interface. (Correct)
  • Copying the directories $FWDIR/conf and $FWDIR/lib to another location.

Answer : Using the native GAiA backup utility from command line or in the Web based user interface.

You can include External commands in SmartView Tracker by the menu Tools > Custom Commands. The Security Management Server is running under GAiA, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?


Options are :

  • Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.
  • Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.
  • Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list. (Correct)
  • There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.

Answer : Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.

156-315.71 Check Point Security Expert R71 Practical Exam Set 1

Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?


Options are :

  • Nothing else must be configured.
  • Automatic ARP must be unchecked in the Global Properties.
  • A static route for the NAT IP must be added to the Gateway’s upstream router.
  • A static route must be added on the Security Gateway to the internal host. (Correct)

Answer : A static route must be added on the Security Gateway to the internal host.

You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.) When you run fw monitor on the R77 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?


Options are :

  • O=outbound kernel, after the virtual machine
  • o=outbound kernel, before the virtual machine
  • I=inbound kernel, after the virtual machine (Correct)
  • i=inbound kernel, before the virtual machine

Answer : I=inbound kernel, after the virtual machine

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.


Options are :

  • source on client side
  • source on server side
  • destination on client side (Correct)
  • destination on server side

Answer : destination on client side

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 5

How does the button Get Address, found on the Host Node Object > General Properties page retrieve the address?


Options are :

  • Route Table
  • SNMP Get
  • Name resolution (hosts file, DNS, cache) (Correct)
  • Address resolution (ARP, RARP)

Answer : Name resolution (hosts file, DNS, cache)

You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?


Options are :

  • SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server’s Operating System.
  • SmartView Tracker in Network and Endpoint Mode
  • SmartView Tracker in Active Mode
  • SmartView Tracker in Management Mode (Correct)

Answer : SmartView Tracker in Management Mode

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?

1) Select Active Mode tab in SmartView Tracker.

2) Select Tools > Block Intruder.

3) Select Log Viewing tab in SmartView Tracker.

4) Set Blocking Timeout value to 60 minutes.

5) Highlight connection that should be blocked.


Options are :

  • 3, 2, 5, 4
  • 3, 5, 2, 4
  • 1, 5, 2, 4 (Correct)
  • 1, 2, 5, 4

Answer : 1, 5, 2, 4

Check Point Certified Security Expert Exam Set 8

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?


Options are :

  • Custom filter
  • Management tab (Correct)
  • Active tab
  • Network and Endpoint tab

Answer : Management tab

After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?


Options are :

  • The packet has been sent out through a VPN tunnel unencrypted.
  • A SmartDefense module has blocked the packet.
  • It is due to NAT. (Correct)
  • An IPSO ACL has blocked the packet’s outbound passage.

Answer : It is due to NAT.

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:


Options are :

  • Saves the current log file, names the log file by date and time, and starts a new log file. (Correct)
  • Purges the current log file, and prompts you for the new log’s mode.
  • Purges the current log file, and starts a new log file.
  • Prompts you to enter a filename, and then saves the log file.

Answer : Saves the current log file, names the log file by date and time, and starts a new log file.

156-315.77 Check Point Certified Security Expert Exam Set 15

Spoofing is a method of:


Options are :

  • Making packets appear as if they come from an authorized IP address. (Correct)
  • Hiding your firewall from unauthorized users.
  • Detecting people using false or wrong authentication logins.
  • Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

Answer : Making packets appear as if they come from an authorized IP address.

Where can an administrator configure the notification action in the event of a policy install time change?


Options are :

  • SmartView Monitor > Gateway Status > System Information > Thresholds
  • SmartDashboard > Security Gateway Object > Advanced Properties Tab
  • SmartView Monitor > Gateways > Thresholds Settings (Correct)
  • SmartDashboard > Policy Package Manager

Answer : SmartView Monitor > Gateways > Thresholds Settings

Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?


Options are :

  • Account Query
  • Active Tab (Correct)
  • Audit Tab
  • All Records Query

Answer : Active Tab

156-315.77 Check Point Certified Security Expert Exam Set 4

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:


Options are :

  • SIC names. (Correct)
  • MAC addresses.
  • IP addresses.
  • SIC is not NAT-tolerant.

Answer : SIC names.

Anti-Spoofing is typically set up on which object type?


Options are :

  • Host
  • Security Gateway (Correct)
  • Security Management object
  • Network

Answer : Security Gateway

SmartView Tracker logs the following Security Administrator activities, EXCEPT:


Options are :

  • Tracking SLA compliance (Correct)
  • Rule Base changes
  • Administrator login and logout
  • Object creation, deletion, and editing

Answer : Tracking SLA compliance

Check Point Certified Security Administrator Set 2

You have installed a R77 Security Gateway on GAiA. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?


Options are :

  • The Gateway object is not specified in the first policy rule column Install On.
  • The new Gateway's temporary license has expired.
  • The object was created with Node > Gateway. (Correct)
  • No Masters file is created for the new Gateway.

Answer : The object was created with Node > Gateway.

Which SmartView Tracker mode allows you to read the SMTP e-mail body sent from the Chief Executive Officer (CEO) of a company?


Options are :

  • Display Capture Action
  • Network and Endpoint Tab
  • Display Payload View
  • This is not a SmartView Tracker feature. (Correct)

Answer : This is not a SmartView Tracker feature.

How can you activate the SNMP daemon on a Check Point Security Management Server?


Options are :

  • From cpconfig, select SNMP extension. (Correct)
  • In SmartDashboard, right-click a Check Point object and select Activate SNMP.
  • Using the command line, enter snmp_install.
  • Any of these options will work.

Answer : From cpconfig, select SNMP extension.

156-315.71 Check Point Security Expert R71 Practical Exam Set 4

Which of the following can be found in cpinfo from an enforcement point?


Options are :

  • The complete file objects_5_0.c
  • VPN keys for all established connections to all enforcement points
  • Policy file information specific to this enforcement point (Correct)
  • Everything NOT contained in the file r2info

Answer : Policy file information specific to this enforcement point

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions