Check Point Certified Security Administrator Set 5

How do you view a Security Administrator's activities with SmartConsole?


Options are :

  • SmartView Tracker in the Management tab
  • SmartView Tracker in the Network and Endpoint tabs
  • Eventia Suite
  • SmartView Monitor using the Administrator Activity filter

Answer : SmartView Tracker in the Management tab

NAT can NOT be configured on which of the following objects?


Options are :

  • Host
  • Gateway
  • HTTP Logical Serve
  • Address Range

Answer : HTTP Logical Serve

Check Point Certified Security Expert Exam Set 1

You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error: Unknown established connection How do you resolve this problem without causing other security issues? Choose the BEST answer.


Options are :

  • Increase the service-based session timeout of the default Telnet service to 24-hours.
  • Increase the TCP session timeout under Global Properties > Stateful Inspection.
  • Ask the mainframe users to reconnect every time this error occurs.
  • Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

Answer : Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your DMZ?


Options are :

  • Hide Address Translation
  • Port Address Translation
  • Dynamic Source Address Translation
  • Static Destination Address Translation

Answer : Static Destination Address Translation

Which of the following statements BEST describes Check Point’s Hide Network Address Translation method?


Options are :

  • Translates many destination IP addresses into one destination IP address
  • Translates many source IP addresses into one source IP address
  • Many-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation
  • One-to-one NAT which implements PAT (Port Address Translation) for accomplishing both Source and Destination IP address translation

Answer : Translates many source IP addresses into one source IP address

Check Point Certified Security Expert Exam Set 10

SmartView Tracker R77 consists of three different modes. They are:


Options are :

  • Log, Active, and Management
  • Log, Track, and Management
  • Network and Endpoint, Active, and Management
  • Log, Active, and Audit

Answer : Network and Endpoint, Active, and Management

Where is the easiest and BEST place to find information about connections between two machines?


Options are :

  • On a Security Management Server, using SmartView Tracker.
  • On a Security Gateway Console interface; it gives you detailed access to log files and state table information.
  • All options are valid.
  • On a Security Gateway using the command fw log.

Answer : On a Security Management Server, using SmartView Tracker.

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?


Options are :

  • Use automatic Static NAT for network 10.1.1.0/24.
  • Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
  • Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
  • Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

Answer : Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

Check Point Certified Security Expert Exam Set 11

You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?


Options are :

  • Eventia Monitor
  • Eventia Tracker
  • SmartView Monitor
  • SmartView Tracker

Answer : SmartView Tracker

Where can an administrator specify the notification action to be taken by the firewall in the event that available disk space drops below 15%?


Options are :

  • SmartView Monitor > Gateway Status > Threshold Settings
  • SmartView Monitor > Gateway Status > System Information > Thresholds
  • This can only be monitored by a user-defined script.
  • SmartView Tracker > Audit Tab > Gateway Counters

Answer : SmartView Monitor > Gateway Status > System Information > Thresholds

In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:


Options are :

  • It is necessary to add a static route to the Gateway’s routing table.
  • VLAN tagging cannot be defined for any hosts protected by the Gateway.
  • It is not necessary to add a static route to the Gateway’s routing table.
  • The Security Gateway’s ARP file must be modified.

Answer : It is not necessary to add a static route to the Gateway’s routing table.

Check Point Certified Security Expert Exam Set 12

What is the default setting when you use NAT?


Options are :

  • Destination Translated on Client side
  • Source Translated on Client side
  • Destination Translated on Server side
  • Source Translated on both sides

Answer : Destination Translated on Client side

You have detected a possible intruder listed in SmartView Tracker’s active pane. What is the fastest method to block this intruder from accessing your network indefinitely?


Options are :

  • In SmartView Tracker, select Tools > Block Intruder.
  • Modify the Rule Base to drop these connections from the network.
  • In SmartView Monitor, select Tools > Suspicious Activity Rules.
  • In SmartDashboard, select IPS > Network Security > Denial of Service.

Answer : In SmartView Tracker, select Tools > Block Intruder.

Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?


Options are :

  • Static Source
  • Dynamic Destination
  • Hide
  • Static Destination

Answer : Hide

Check Point Certified Security Expert Exam Set 2

When translation occurs using automatic Hide NAT, what also happens?


Options are :

  • The source port is modified.
  • Nothing happens.
  • The destination is modified.
  • The destination port is modified.

Answer : The source port is modified.

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateway’s external interface. You browse to the Google Website from host, 10.1.1.10 successfully. You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?


Options are :

  • Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • Only one, outbound
  • Two, one for outbound, one for inbound
  • Only one, inbound

Answer : Only one, outbound

Static NAT connections, by default, translate on which firewall kernel inspection point?


Options are :

  • Eitherbound
  • Post-inbound
  • Outbound
  • Inbound

Answer : Inbound

Check Point Certified Security Expert Exam Set 3

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?


Options are :

  • SmartView Server
  • SmartUpdate
  • SmartView Tracker
  • None, SmartConsole applications only communicate with the Security Management Server.

Answer : SmartView Tracker

What happens when you select File > Export from the SmartView Tracker menu?


Options are :

  • Exported log entries are deleted from fw.log.
  • Exported log entries are not viewable in SmartView Tracker.
  • Current logs are exported to a new *.log file.
  • Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

Answer : Logs in fw.log are exported to a file that can be opened by Microsoft Excel.

The fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Log Consolidation Engine
  • Phase two key negotiation
  • Address translation
  • User data base corruption

Answer : Address translation

Check Point Certified Security Expert Exam Set 4

You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.


Options are :

  • No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
  • Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
  • Yes, there are always as many active NAT rules as there are connections.
  • Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).

Answer : Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

Which SmartConsole tool would you use to see the last policy pushed in the audit log?


Options are :

  • SmartView Tracker
  • SmartView Status
  • SmartView Server
  • None, SmartConsole applications only communicate with the Security Management Server.

Answer : SmartView Tracker

A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter Security Gateway. Which SmartConsole application should you use to check these objects and rules?


Options are :

  • SmartView Tracker
  • SmartDashboard
  • SmartView Status
  • SmartView Monitor

Answer : SmartDashboard

Check Point Certified Security Expert Exam Set 5

Which of the following describes the default behavior of an R77 Security Gateway?


Options are :

  • All traffic is expressly permitted via explicit rules.
  • Traffic not explicitly permitted is dropped.
  • Traffic is filtered using controlled port scanning.
  • IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.

Answer : Traffic not explicitly permitted is dropped.

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.


Options are :

  • source NAT
  • destination NAT
  • None of these
  • client side NAT

Answer : source NAT

Where are custom queries stored in R77 SmartView Tracker?


Options are :

  • On the SmartView Tracker PC local file system shared by all users of that local PC.
  • On the SmartView Tracker PC local file system under the user's profile.
  • On the Security Management Server tied to the Administrator User Database login name.
  • On the Security Management Server tied to the GUI client IP.

Answer : On the Security Management Server tied to the Administrator User Database login name.

Check Point Certified Security Expert Exam Set 6

You are a Security Administrator who has installed Security Gateway R77 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:

1) Created manual Static NAT rules for the Web server.

2) Cleared the following settings in the Global Properties > Network Address Translation screen:

- Allow bi-directional NAT

- Translate destination on client side

Do the above settings limit the partner’s access?


Options are :

  • No. The first setting is not applicable. The second setting will reduce performance.
  • No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.
  • Yes. Both of these settings are only applicable to automatic NAT rules.
  • Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

Answer : No. The first setting is only applicable to automatic NAT rules. The second setting will force translation by the kernel on the interface nearest to the client.

When you use the Global Properties’ default settings on R77, which type of traffic will be dropped if NO explicit rule allows the traffic?


Options are :

  • RIP traffic
  • SmartUpdate connections
  • Firewall logging and ICA key-exchange information
  • Outgoing traffic originating from the Security Gateway

Answer : RIP traffic

When you change an implicit rule’s order from Last to First in Global Properties, how do you make the change take effect?


Options are :

  • Select Save from the File menu.
  • Run fw fetch from the Security Gateway.
  • Select Install Database from the Policy menu.
  • Reinstall the Security Policy.

Answer : Reinstall the Security Policy.

Check Point Certified Security Expert Exam Set 7

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?


Options are :

  • The NAT IP address must be added to the external Gateway interface anti-spoofing group.
  • A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.
  • A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
  • No extra configuration is needed.

Answer : A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now