Check Point Certified Security Expert Exam Set 11

What is the Smart Event Client’s function?


Options are :

  • Generate a threat analysis report from the Reporter database
  • Display received threats and tune the Events Policy (Correct)
  • Assign severity levels to events.
  • Invoke and define automatic reactions and add events to the database

Answer : Display received threats and tune the Events Policy

156-315.77 Check Point Certified Security Expert Exam Set 11

A Smart Provisioning Gateway could be a member of which VPN communities?

1) Center in Star Topology

2) Satellite in Star Topology

3) Center in Remote Access Community

4) Meshed Community


Options are :

  • 1, 2 and 3
  • 2 and 3 (Correct)
  • All
  • 2 only

Answer : 2 and 3

What is the purpose of the pre-defined exclusions included with SmartEvent R77?


Options are :

  • As a base for starting and building exclusions
  • To give samples of how to write your own exclusion
  • To allow Smart Event R77 to function properly with all other R71 devices.
  • To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71 (Correct)

Answer : To avoid incorrect event generation by the default IPS event definition; a scenario that may occur in deployments that include Security Gateways of versions prior to R71

Which of the following is NOT accelerated by SecureXL?


Options are :

  • SSH
  • HTTPS
  • Telnet
  • FTP (Correct)

Answer : FTP

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 4

In Management High Availability, what is an Active SMS?


Options are :

  • Active Smart Management Server
  • Active Security Master Server
  • Active Smart Master Server
  • Active Security Management Server (Correct)

Answer : Active Security Management Server

Which of the following would be a result of having more than one active Security Management Server in a Management High Availability (HA) configuration?


Options are :

  • Allows for faster seamless failover: from active-to-active instead of standby-to-active.
  • The need to manually synchronize the secondary Security Management Server with the Primary Security Management Server is eliminated
  • Creates a High Availability implementation between the Gateways installed on the Security Management Servers
  • An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status. (Correct)

Answer : An error notification will popup during SmartDashboard login if the two machines can communicate indicating Collision status.

You have just upgraded your Load Sharing gateway cluster (both members) from NGX R65 to R77. cphaprob stat shows:

Cluster Mode: New High Availability (Active Up)

Member Unique Address Assigned Load State

1 (local) 172.16.185.21 100% Active

2 172.16.185.22 0% Ready

Which of the following is NOT a possible cause of this?


Options are :

  • Member 1 is at a lower version than member 2
  • You have a different number of cores defined for CoreXL between the two members
  • Member 1 has CoreXL disabled and member 2 does not
  • You have not run cpconfig on member 2 yet (Correct)

Answer : You have not run cpconfig on member 2 yet

156-215.77 Check Point Certified Security Administrator Exam Set 3

You are establishing a ClusterXL environment, with the following topology:

VIP internal cluster IP = 172.16.10.3; VIP external cluster IP = 192.168.10.3

Cluster Member 1: 4 NICs, 3 enabled. hme0: 192.168.10.1/24, hme1: 10.10.10.1/24, qfe2: 172.16.10.1/24

Cluster Member 2: 5 NICs, 3 enabled; hme3: 192.168.10.2/24, hme1: 10.10.10.2/24, hme2: 172.16.10.2/24

External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3. What is the problem with this configuration?


Options are :

  • Cluster members cannot use the VLAN switch. They must use hubs.
  • The Security Management Server must be in the dedicated synchronization network, not the internal network
  • There is an IP address conflict (Correct)
  • The Cluster interface names must be identical across all cluster members.

Answer : There is an IP address conflict

The CoreXL SND (Secure Network Distributor) is responsible for:


Options are :

  • changing routes to distribute the load across multiple firewalls.
  • distributing non-accelerated packets among kernel instances (Correct)
  • shutting down cores when they are not needed
  • accelerating VPN traffic

Answer : distributing non-accelerated packets among kernel instances

Which of the following is NOT a Smart Event Permission Profile type?


Options are :

  • View (Correct)
  • Events Database
  • Read/Write
  • No Access

Answer : View

156-215.77 Check Point Certified Security Administrator Exam Set 1

Which method of load balancing describes “Round Robin”?


Options are :

  • Assigns service requests to the next server in a series. (Correct)
  • Ensures that incoming requests are handled by the server with the fastest response time
  • Measures the load on each server to determine which server has the most available resources.
  • Assigns service requests to servers at random.

Answer : Assigns service requests to the next server in a series.

In a R75 Management High Availability (HA) configuration, you can configure synchronization to occur automatically, when:

1) The Security Policy is installed.

2) The Security Policy is saved.

3) The Security Administrator logs in to the secondary Security Management Server and changes its status to Active.

4) A scheduled event occurs.

5) The user data base is installed.

Select the BEST response for the synchronization trigger.


Options are :

  • 1, 3, 4
  • 1, 2, 3, 4
  • 1, 2, 5
  • 1, 2, 4 (Correct)

Answer : 1, 2, 4

What is the benefit to running Smart Event in Learning Mode?


Options are :

  • There is no Smart Event Learning Mode
  • To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
  • To generate a report with system Event Policy modification suggestions (Correct)
  • To run SmartEvent with preloaded sample data in a test environment

Answer : To generate a report with system Event Policy modification suggestions

Check Point Certified Security Expert Exam Set 5

The Smart Event Server:


Options are :

  • displays the received events
  • invokes defined automatic reactions (Correct)
  • deletes events from the events database
  • analyzes each IPS log entry as it enters the Log server

Answer : invokes defined automatic reactions

What is a requirement for setting up R77 Management High Availability?


Options are :

  • State synchronization must be enabled on the secondary Security Management Server
  • All Security Management Servers must have the same number of NICs
  • All Security Management Servers must have the same operating system (Correct)
  • All Security Management Servers must reside in the same LAN.

Answer : All Security Management Servers must have the same operating system

The _____ contains the Events Data Base.


Options are :

  • Smart Event Client
  • Smart Event Correlation Unit
  • Smart Event Data Server
  • Smart Event Server (Correct)

Answer : Smart Event Server

156-315.77 Check Point Certified Security Expert Exam Set 6

In a R77 ClusterXL Load Sharing configuration, which type of ARP related problem can force the use of Unicast Mode (Pivot) configuration due to incompatibility on some adjacent routers and switches?


Options are :

  • Unicast MAC address response to a Multicast IP request
  • Multicast MAC address response to a RARP request
  • Multicast MAC address response to a Unicast IP request (Correct)
  • MGCP MAC address response to a Multicast IP request

Answer : Multicast MAC address response to a Unicast IP request

If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine?


Options are :

  • 4
  • 3
  • 8 (Correct)
  • 6

Answer : 8

The Smart Event Correlation Unit:


Options are :

  • assigns a severity level to an event.
  • displays the received events
  • forwards what is identified as an event to the Smart Event server (Correct)
  • adds events to the events database

Answer : forwards what is identified as an event to the Smart Event server

Check Point Certified Security Expert Exam Set 6

What are the 3 main components of the Smart Event Software Blade?

1) Correlation Unit

2) Correlation Client

3) Correlation Server

4) Analyzer Server

5) Analyzer Client

6) Analyzer Unit


Options are :

  • 4, 5, 6
  • 1, 2, 3
  • 1, 4, 5 (Correct)
  • 1, 3, 4

Answer : 1, 4, 5

Included in the client’s network are some switches, which rely on IGMP snooping. You must find a solution to work with these switches. Which of the following answers does NOT lead to a successful solution?


Options are :

  • Configure static CAMs to allow multicast traffic on specific ports.
  • Disable IGMP registration in switches that rely on IGMP packets
  • Set the value of fwha_enable_igmp_snooping module configuration parameter to 1.
  • ClusterXL supports IGMP snooping by default. There is no need to configure anything. (Correct)

Answer : ClusterXL supports IGMP snooping by default. There is no need to configure anything.

Which of these is a type of acceleration in SecureXL?


Options are :

  • GRE
  • connection rate (Correct)
  • FTP
  • QoS

Answer : connection rate

156-215.75 Check Point Certified Security Administrator Exam Set 8

How can you disable SecureXL via the command line (it does not need to survive a reboot)?


Options are :

  • fwaccel off (Correct)
  • fw ctl accel off
  • securexl off
  • fw xl off

Answer : fwaccel off

What is the Smart Event Analyzer's function?


Options are :

  • Assign severity levels to events (Correct)
  • Display received threats and tune the Events Policy
  • Generate a threat analysis report from the Analyzer database
  • Analyze log entries, looking for Event Policy patterns.

Answer : Assign severity levels to events

How do new connections get established through a Security Gateway with SecureXL enabled?


Options are :

  • The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will be passed to the firewall module for a rule match
  • If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match. (Correct)
  • New connection packets never reach the SecureXL module.
  • New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL

Answer : If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

156-215.77 Check Point Certified Security Administrator Test Set 5

How many Events can be shown at one time in the Event preview pane?


Options are :

  • 30,000 (Correct)
  • 5,000
  • 15,000
  • 1,000

Answer : 30,000

Which of the following services will cause SecureXL templates to be disabled?


Options are :

  • FTP (Correct)
  • HTTPS
  • TELNET
  • LDAP

Answer : FTP

What is the behavior of ClusterXL in a High Availability environment?


Options are :

  • The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses. (Correct)
  • Both members respond to the virtual IP address, and both members pass traffic when using their physical addresses.
  • The active member responds to the virtual IP address.nd both members pass traffic when using their physical addresses.
  • Both members respond to the virtual IP address, but only the active member is able to pass traffic

Answer : The active member responds to the virtual IP address.nd is the only member that passes traffic E. The passive member responds to the virtual IP address, and both members route traffic when using their physical addresses.

156-315.77 Check Point Certified Security Expert Exam Set 6

When Load Sharing Multicast mode is defined in a ClusterXL cluster object, how are packets being handled by cluster members?


Options are :

  • All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory. (Correct)
  • The pivot machine will handle it
  • All cluster members process all packets and members synchronize with each other.
  • Only one member at a time is active. The active cluster member processes all packets

Answer : All members receive all packets. All members run an algorithm which determines which member processes packets further and which members delete the packet from memory.

_____ manages Standard Reports and allows the administrator to specify automatic uploads of reports to a central FTP server.


Options are :

  • Security Management Server
  • Smart Dashboard Log Consolidator
  • Smart Reporter Database
  • Smart Reporter (Correct)

Answer : Smart Reporter

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions