Check Point Certified Security Expert Exam Set 12

What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?


Options are :

  • Change the cluster mode to Unicast on each of the cluster-member objects.
  • Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy. (Correct)
  • Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.
  • Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy

Answer : Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.

156-215.75 Check Point Certified Security Administrator Exam Set 5

In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?


Options are :

  • Multicast Load Sharing
  • Hot Standby Load Sharing
  • Unicast Load Sharing (Correct)
  • CCP Load Sharing

Answer : Unicast Load Sharing

You want to upgrade a cluster with two members to R77. The Security Management Server and both members are version NGX R65, with the latest Hotfix Accumulator. What is the correct upgrade procedure?

1) Change the version in the General Properties of the Gateway-cluster object.

2) Upgrade the Security Management Server, and reboot.

3) Run cpstop on one member, while leaving the other member running. Upgrade one member at

a time and reboot after upgrade.

4) Install the Security Policy.


Options are :

  • 2, 3, 1, 4 (Correct)
  • 3, 2, 1, 4
  • 1, 3, 2, 4
  • 2, 4, 3, 1

Answer : 2, 3, 1, 4

What access level cannot be assigned to an Administrator in Smart Event?


Options are :

  • Events Database
  • Read only
  • No Access
  • Write only (Correct)

Answer : Write only

Check Point Certified Security Expert Exam Set 11

_____ generates a Smart Event Report from its SQL database.


Options are :

  • Smart Dashboard Log Consolidator
  • Smart Event Client
  • Smart Reporter (Correct)
  • Security Management Server

Answer : Smart Reporter

Which Check Point product implements a Consolidation Policy?


Options are :

  • Smart View Tracker
  • Smart Reporter (Correct)
  • Smart LSM
  • Smart View Monitor

Answer : Smart Reporter

The customer wishes to install a cluster. In his network, there is a switch which is incapable of forwarding multicast. Is it possible to install a cluster in this situation?


Options are :

  • Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast. (Correct)
  • Yes, the ClusterXL changes automatically to the broadcast mode if the multicast is not forwarded.
  • No, the customer needs to replace the switch with a new switch, which supports multicast forwarding.
  • Yes, you can toggle on ClusterXL between broadcast and multicast by setting the multicast mode using the command cphaconf set_ccp multicast on¶off. The default setting is broadcast.

Answer : Yes, you can toggle on ClusterXL between broadcast and multicast using the command cphaconf set_ccp broadcast/multicast.

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

The Smart Event Correlation Unit:


Options are :

  • displays the received events
  • analyzes each IPS log entry as it enters the Log server (Correct)
  • assigns a severity level to an event
  • adds events to the events database.

Answer : analyzes each IPS log entry as it enters the Log server

Check Point New Mode HA is a(n) _____ solution.


Options are :

  • acceleration
  • load-balancing
  • primary-domain
  • hot-standby (Correct)

Answer : hot-standby

What could be a reason why synchronization between primary and secondary Security Management Servers does not occur?


Options are :

  • You are using different time zones.
  • You did not activate synchronization within Global Properties.
  • You have installed both Security Management Servers on different server systems (e. g. one machine on HP hardware and the other one on DELL).
  • If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other. (Correct)

Answer : If the set of installed products differ from each other, the Security Management Servers do not synchronize the database to each other.

156-115 Check Point Certified Security Master Practice Exam Set 4

Which Smart Reporter report type is generated from the Smart View Monitor history file?


Options are :

  • Express (Correct)
  • Custom
  • Traditional
  • Standard

Answer : Express

By default Check Point High Availability components send updates about their state every:


Options are :

  • 0.1 second (Correct)
  • 5 seconds.
  • 0.5 second.
  • 1 second.

Answer : 0.1 second

For Management High Availability synchronization, what does the Advance status mean?


Options are :

  • The peer SMS is properly synchronized
  • The peer SMS is more up-to-date (Correct)
  • The active SMS and its peer have different installed policies and databases
  • The peer SMS has not been synchronized properly.

Answer : The peer SMS is more up-to-date

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

By default, the Cluster Control Protocol (CCP) uses this to send delta sync messages to other cluster members


Options are :

  • Anycast
  • Unicast
  • Broadcast
  • Multicast (Correct)

Answer : Multicast

When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which valid Load Sharing method will consider VPN information?


Options are :

  • Load Sharing based on IP addresses, ports, and serial peripheral interfaces
  • Load Sharing based on SPIs
  • Load Sharing based on ports, VTI, and IP addresses
  • Load Sharing based on IP addresses, ports, and security parameter indexes (Correct)

Answer : Load Sharing based on IP addresses, ports, and security parameter indexes

Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?


Options are :

  • SmartEvent Correlation Unit
  • SmartEvent Server (Correct)
  • SmartEvent Analysis DataServer
  • SmartEvent Client

Answer : SmartEvent Server

156-315.77 Check Point Certified Security Expert Exam Set 11

_____ is NOT an SmartEvent event-triggered Automatic Reaction


Options are :

  • External Script
  • SNMP Trap
  • Mail
  • Block Access (Correct)

Answer : Block Access

Which Check Point product is used to create and save changes to a Log Consolidation Policy?


Options are :

  • Smart Reporter Client
  • Smart Dashboard Log Consolidator (Correct)
  • Smart Event Server
  • Security Management Server

Answer : Smart Dashboard Log Consolidator

A tracked SmartEvent Candidate in a Candidate Pool becomes an Event. What does NOT happen in the Analyzer Server?


Options are :

  • The Correlation Unit keeps adding matching logs to the Event.
  • Smart Event provides the beginning and end time of the Event.
  • The Event is kept open, but condenses many instances into one Event.
  • SmartEvent stops tracking logs related to the Candidate (Correct)

Answer : SmartEvent stops tracking logs related to the Candidate

156-315.77 Check Point Certified Security Expert Exam Set 1

The Smart Event Correlation Unit:


Options are :

  • adds events to the events database
  • looks for patterns according to the installed Event Policy. (Correct)
  • displays the received events.
  • assigns a severity level to an event.

Answer : looks for patterns according to the installed Event Policy.

What is a Sticky Connection?


Options are :

  • A Sticky Connection is a VPN connection that remains up until you manually bring it down
  • A Sticky Connection is a connection that remains the same.
  • A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet (Correct)
  • A Sticky Connection is a connection that always chooses the same gateway to set up the initial connection

Answer : A Sticky Connection is one in which a reply packet returns through the same gateway as the original packet

How many pre-defined exclusions are included by default in SmartEvent R77 as part of the product installation?


Options are :

  • 3 (Correct)
  • 10
  • 0
  • 5

Answer : 3

Check Point Certified Security Expert Exam Set 7

After Travis added new processing cores on his server, CoreXL did not use them. What would be the most plausible reason why? Travis did not:


Options are :

  • edit Gateway Properties and increase the kernel instances
  • run cpconfig to increase the firewall instances (Correct)
  • run cpconfig to increase the number of CPU cores.P
  • edit Gateway Properties and increase the number of CPU cores

Answer : run cpconfig to increase the firewall instances

For Management High Availability, if an Active SMS goes down, does the Standby SMS automatically take over?


Options are :

  • Yes, if you set up ClusterXL
  • Yes, if you set up VRRP
  • Yes, if you set up SecureXL
  • No, the transition should be initiated manually (Correct)

Answer : No, the transition should be initiated manually

You are reviewing computer information collected in ClientInfo. You can NOT:


Options are :

  • Run Google.com search using the contents of the selected cell
  • Save the information in the active tab to an .exe file. (Correct)
  • Copy the contents of the selected cells.
  • Enter new credential for accessing the computer information.

Answer : Save the information in the active tab to an .exe file.

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following does NOT happen when using Pivot Mode in ClusterXL?


Options are :

  • The Pivotís Load Sharing decision function decides which cluster member should handle the packet.
  • The Pivot forwards the packet to the appropriate cluster member
  • The packet is forwarded through the same physical interface from which it originally came, not on the sync interface
  • The Security Gateway analyzes the packet and forwards it to the Pivot. (Correct)

Answer : The Security Gateway analyzes the packet and forwards it to the Pivot.

What is the Smart Event Correlation Unitís function?


Options are :

  • Analyze log entries, looking for Event Policy patterns. (Correct)
  • Assign severity levels to events.
  • Display received threats and tune the Events Policy.
  • Invoke and define automatic reactions and add events to the database

Answer : Analyze log entries, looking for Event Policy patterns.

The Smart Event Client:


Options are :

  • assigns a severity level to an event
  • analyzes each IPS log entry as it enters the Log server.
  • adds events to the events database.
  • displays the received events. (Correct)

Answer : displays the received events.

Check Point Certified Security Expert Exam Set 7

Which load-balancing method below is NOT valid?


Options are :

  • Random
  • Domain
  • They are all valid (Correct)
  • Round Trip

Answer : They are all valid

The Smart Event Server:


Options are :

  • forwards what is known as an event to the Smart Event Server.
  • assigns a severity level to an event (Correct)
  • displays the received events.
  • analyzes each IPS log entry as it enters the Log server.

Answer : assigns a severity level to an event

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions