Check Point Certified Security Expert Exam Set 7

What is the proper command for importing users into the R77 User Database?


Options are :

  • fwm import
  • fwm importdb
  • fwm dbimport (Correct)
  • fwm importusrs

Answer : fwm dbimport

156-315.77 Check Point Certified Security Expert Exam Set 1

Which of the following is a valid Active Directory designation for user Jane Doe in the MIS department of AcmeCorp.com?


Options are :

  • Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
  • Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com (Correct)
  • Cn= jane_doe,ca=MIS,cn=acmecorp,dc=com
  • Cn= jane_doe,ca=MIS,dc=acmecorp,dc=com

Answer : Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com

User definitions are stored in _____.


Options are :

  • $FWDIR/conf/fwauth.NDB (Correct)
  • $FWDIR/conf/fwmuser.conf
  • $FWDIR/conf/fwusers.conf
  • $FWDIR/conf/users.NDB

Answer : $FWDIR/conf/fwauth.NDB

MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R77. Which migration tool is recommended?


Options are :

  • Use already installed Migration Tool.
  • Use Migration Tool from CD/ISO
  • Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website. (Correct)
  • Fetch Migration Tool R71 for IPSO and Migration Tool R77 for Splat/Linux from CheckPoint website

Answer : Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website.

Check Point Certified Security Expert Exam Set 11

Which process should you debug if SmartDashboard login fails?


Options are :

  • fwd
  • fwm (Correct)
  • cpd
  • sdm

Answer : fwm

If using AD Query for seamless identity data reception from Microsoft Active Directory (AD), which of the following methods is NOT Check Point recommended?


Options are :

  • Basic identity enforcement in the internal network
  • Identity-based enforcement for non-AD users (non-Windows and guest users) (Correct)
  • Identity-based auditing and logging
  • Leveraging identity in Internet application control

Answer : Identity-based enforcement for non-AD users (non-Windows and guest users)

Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?


Options are :

  • Local IP addresses are not configured, remote IP addresses are configured.
  • VTIs cannot be assigned a proxy interface.
  • VTIs can only be physical, not loopback
  • They are supported on the GAiA Operating System (Correct)

Answer : They are supported on the GAiA Operating System

156-315.77 Check Point Certified Security Expert Exam Set 17

The process that performs the authentication for legacy session authentication is:


Options are :

  • fwm
  • vpnd
  • fwssd (Correct)
  • cvpnd

Answer : fwssd

you may see the following entries in a debug of the user authentication process. In which order are these messages likely to appear?


Options are :

  • cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth
  • make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth (Correct)
  • au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck
  • make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser

Answer : make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth

The process _____ executes the authentication for logging in to SmartDashboard


Options are :

  • cvpnd
  • fwm (Correct)
  • vpnd
  • cpd

Answer : fwm

156-315.65 Check Point Security Administration NGX R65 Exam Set 7

MEP VPN’s use the Proprietary Probing Protocol to send special UDP RDP packets to port ____ to discover if an IP is accessible.


Options are :

  • 264
  • 201
  • 259 (Correct)
  • 256

Answer : 259

When using a template to define a user in SmartDirectory, the user’s password should be defined in the _____ object.


Options are :

  • VPN Community
  • User (Correct)
  • Template
  • LDAP

Answer : User

VPN routing can also be configured by editing which file?


Options are :

  • $FWDIR/conf/vpn_route.c
  • $FWDIR/VPN/route_conf.c
  • $FWDIR/conf/vpn_route.conf (Correct)
  • $FWDIR/bin/vpn_route.conf

Answer : $FWDIR/conf/vpn_route.conf

Check Point Certified Security Expert Exam Set 10

Fred is troubleshooting a NAT issue and wants to check to see if the inbound connection from this internal network is being translated across the interface in the firewall correctly. He decides to use the fw monitor to capture the traffic from the source 192.168.3.5 or the destination of 10.1.1.25 on his Security Gateway. Green that has an IP of 192.168.4.5. What command captures this traffic in a file that he can download and review with WireShark?


Options are :

  • Expert@Green# fwmonitor –e “accept src=192.168.3.5 and dst=10.1.1.25;” –o monitor.out
  • Expert@Green# fw monitor –e “accept src=192.168.3.5 or dst=10.1.1.25;” –o monitor.out (Correct)
  • Expert@Green# fwmonitor –e “accept src=192.168.3.5 or dst=10.1.1.25;” –o monitor.out
  • Expert@Green# fw monitor –e “accept src=192.168.3.5 and dst=10.1.1.25;” –o monitor.out

Answer : Expert@Green# fw monitor –e “accept src=192.168.3.5 or dst=10.1.1.25;” –o monitor.out

The process _____ is responsible for the authentication for Remote Access clients


Options are :

  • vpnd (Correct)
  • fwm
  • cpd
  • cvpnd

Answer : vpnd

If both domain-based and route-based VPN’s are configured, which will take precedence?


Options are :

  • Must be chosen/configured manually by the Administrator in the VPN community object
  • Route-based
  • Must be chosen/configured manually by the Administrator in the Policy > Global Properties
  • Domain-based (Correct)

Answer : Domain-based

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 2

Which statement is TRUE for route-based VPN’s?


Options are :

  • Route-based VPN’s replace domain-based VPN’s
  • Dynamic-routing protocols are not required. (Correct)
  • Route-based VPN’s are a form of partial overlap VPN Domain
  • IP Pool NAT must be configured on each Gateway.

Answer : Dynamic-routing protocols are not required.

Which of the following CLISH commands would you use to set the admin user's shell to bash?


Options are :

  • set user admin /bin/bash
  • set user admin shell = /bin/bash
  • set user admin shell /bin/bash (Correct)
  • set user admin shell bash

Answer : set user admin shell /bin/bash

There are times when you want to use Link Selection to manage high-traffic VPN connections. With Link Selection you can:


Options are :

  • Probe links for availability (Correct)
  • Use links based on Day/Time
  • Use links based on authentication method
  • Assign links to specific VPN communities.

Answer : Probe links for availability

156-315.77 Check Point Certified Security Expert Exam Set 9

Which of the following is TRUE concerning numbered VPN Tunnel Interfaces (VTIs)?


Options are :

  • VTIs cannot use an already existing physical-interface IP address (Correct)
  • VTIs are only supported on IPSO
  • VTIs are assigned only local addresses, not remote addresses
  • VTIs cannot share IP addresses

Answer : VTIs cannot use an already existing physical-interface IP address

Anytime a client initiates a connection to a server, the firewall kernel signals the FWD process using a trap. FWD spawns the _____ child service, which runs the security server


Options are :

  • FWD
  • FWSD
  • FWSSD (Correct)
  • In.httpd

Answer : FWSSD

What firewall kernel table stores information about port allocations for Hide NAT connections?


Options are :

  • fwx_alloc (Correct)
  • NAT_dst_any_list
  • NAT_alloc
  • NAT_src_any_list

Answer : fwx_alloc

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 10

While authorization for users managed by SmartDirectory is performed by the gateway, the authentication mostly occurs in _____.


Options are :

  • cpShared
  • ldapauth
  • cpauth (Correct)
  • ldapd

Answer : cpauth

When an Endpoint user is able to authenticate but receives a message from the client that it is unable to enforce the desktop policy, what is the most likely scenario?


Options are :

  • The user is attempting to connect with the wrong Endpoint client (Correct)
  • The user’s rights prevent access to the protected network.
  • The gateway could not locate the user in SmartDirectory and is allowing the connection with limitations based on a generic profile
  • A Desktop Policy is not configured.

Answer : The user is attempting to connect with the wrong Endpoint client

You are the MegaCorp Security Administrator. This company uses a firewall cluster, consisting of two cluster members. The cluster generally works well but one day you find that the cluster is behaving strangely. You assume that there is a connectivity problem with the cluster synchronization link (cross-over cable). Which of the following commands is the BEST for testing the connectivity of the crossover cable?


Options are :

  • telnet
  • arping (Correct)
  • ping
  • ifconfig -a

Answer : arping

Check Point Certified Security Expert Exam Set 7

Which of the following is a valid Active Directory designation for user John Doe in the Sales department of AcmeCorp.com?


Options are :

  • Cn=john_doe,ou=Sales,dc=acmecorp,dc=com (Correct)
  • Cn=john_doe,ca=Sales,dc=acmecorp,dc=com
  • Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
  • Cn=john_doe,ca=Sales,ou=acmecorp,dc=com

Answer : Cn=john_doe,ou=Sales,dc=acmecorp,dc=com

When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?

1) Each member must have a unique source IP address.

2) Every interface on each member requires a unique IP address.

3) All VTI's going to the same remote peer must have the same name.

4) Cluster IP addresses are required.


Options are :

  • 1, 2, 3 and 4 (Correct)
  • 1, 2, and 4
  • 2 and 3
  • 1, 3, and 4

Answer : 1, 2, 3 and 4

MultiCorp has bought company OmniCorp and now has two active AD domains. How would you deploy Identity Awareness in this environment?


Options are :

  • You must run an ADquery for every domain (Correct)
  • Identity Awareness can only manage one AD domain.
  • Only Captive Portal can be used
  • Only one ADquery is necessary to ask for all domains.

Answer : You must run an ADquery for every domain

156-315.77 Check Point Certified Security Expert Exam Set 23

Review the following list of actions that Security Gateway R75 can take when it controls packets. The Policy Package has been configured for Simplified Mode VPN. Select the response below that includes the available actions:


Options are :

  • Accept, Reject, Encrypt, Drop
  • Accept, Drop, Reject, Client Auth (Correct)
  • Accept, Drop, Encrypt, Session Auth
  • Accept, Hold, Reject, Proxy

Answer : Accept, Drop, Reject, Client Auth

How do you verify a VPN Tunnel Interface (VTI) is configured properly?


Options are :

  • vpn shell show interface detailed (Correct)
  • vpn shell show detailed
  • vpn shell display detailed
  • vpn shell display interface detailed

Answer : vpn shell show interface detailed

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions