The 156-315.77 Check Point Certified Security Expert Exam Set 4

Which of the following methods to provide the most complete R76 configuration backup?


Options are :

  • None
  • By copying the directory FWDIR $ \ conf data and $ CPDIR \ CONF aNonether server
  • A package of policy management
  • Upgrade export command
  • Database version control system

Answer : Upgrade export command

Which command should you use to store your information before upgrading to Windows gateway user interface?


Options are :

  • None
  • The ifconfig> [filename] is .txt
  • /etc/sysconfig/network.C CP [position]
  • IPCONFIG -a> [filename] is .txt
  • -m> [filename] is the netstat .txt

Answer : IPCONFIG -a> [filename] is .txt >

Intelligent workflow, this is Nonet a valid opportunity?


Options are :

  • The role of the task streaming session and apartheid
  • None
  • The role of the task flow is Nonet hearing, Nonet isolated
  • None role separation task flow session
  • Taskflow did Nonet hear, but the role of isolation

Answer : Taskflow did Nonet hear, but the role of isolation

My clients want to install intelligent workflow software blade is R70 Security Server (Security Platform). Which is the right way?


Options are :

  • None
  • Intelligent Workflow Software Blade R70 is included in the standard version. You have to help it through cpconfig.
  • . You need to upgrade before you begin the installation of intelligent workflow management software blade server plug-in version R70.1.
  • A.When R70 R70.1 installation package on the Security Server will be upgraded to version R70.1 and intelligent workflows.
  • Work smart workflow directly to the R70 version. Additional on.The version is installed as an intelligent workflow management server for R70.

Answer : A.When R70 R70.1 installation package on the Security Server will be upgraded to version R70.1 and intelligent workflows.

Intelligent supply management philosophy is based on:


Options are :

  • Area
  • Area
  • element
  • Profiles
  • None

Answer : Profiles

How in place intelligent workflow session data?


Options are :

  • . In cpconfig, select Enable session information pane menu
  • In SmartDashboard, click intelligent workflow> Show Session Information box
  • In SmartDashboard, click View> Smart Workflow> Show Session Information box
  • None
  • In SmartViewTracker onSmartWorkflow choose View> Show Session Information box

Answer : In SmartDashboard, click intelligent workflow> Show Session Information box

Supply is intelligent security management or Provider-1 were CMA.To enable intelligent configuration management is an integral part of a secure server:


Options are :

  • Intelligent Supply acquisition of licenses for more secure management server or CMA license.
  • None
  • Intelligent Supply acquisition of licenses for more secure management server or CMA permission to delete SecureXL.
  • Intelligent Supply acquisition of licenses for more secure license management server or the CMA, in each gateway control to restart the intelligent deployment.
  • Intelligent Supply acquisition of licenses for the license more secure management server or the CMA, select field of smart policy configuration.

Answer : Intelligent Supply acquisition of licenses for more secure management server or CMA license.

Forcing clients to use Secure Workspace read-intensive applications, administrators can configure Connectra:


Options are :

  • None
  • Through security level
  • Forcing the user to re-login records
  • If there are None special settings. Safe operating area is automatically configured.
  • In order to realize completeness Client Security

Answer : Through security level

The following command, LSMcli [d] "server" should be replaced by:


Options are :

  • ROBO gateway hostname
  • GUIclient
  • IP address of the Security Server
  • Hostname DAIP equipment
  • None

Answer : IP address of the Security Server

What is to support the troops following the Connectra?


Options are :

  • In Windows Server 2007
  • IPSO 4.9 build 88
  • In VMware ESX
  • The Solaris 10
  • None

Answer : In VMware ESX

Domain name can Nonet be changed intelligent configuration and domain dimmed out.What what possible reason?


Options are :

  • The domain firewall setting is always retrieved from the object.
  • File is Nonet connected to the gateway
  • None
  • Skip device profile settings mandatory.
  • None installation of smart supply license.

Answer : Skip device profile settings mandatory.

Jack needs to be determined CoreXL his red security gateway. What are the right steps to ensure that the CoreXL?


Options are :

  • Red SSH security gateway, run cpconfig> configuration of Check Point's CoreXL> allowed CoreXL> Exit cpconfig> Start Security Gateway
  • Red SSH security gateway, run cpconfig> Check Point configuration CoreXL> Exit cpconfig> Start Security Gateway
  • Open SmartDashboard, open red Check Point object, and then click the ClusterXL, the CoreXL check box, and then press policy
  • Open SmartDashboard, open red Check Point object, select the optimization of CoreXL check box, and then press policy
  • None

Answer : Red SSH security gateway, run cpconfig> configuration of Check Point's CoreXL> allowed CoreXL> Exit cpconfig> Start Security Gateway

When you use a global real estate default R77, this type of traffic will remain closed, if there is None express provision to allow traffic?


Options are :

  • RIP traffic
  • Smart Update link
  • None
  • Outgoing traffic from the secure gateway
  • ICA firewall logs and key exchange information

Answer : RIP traffic

When you check the Web server to host Nonede object, what would happen if the host?


Options are :

  • You can specify the properties of a port that allows Web server Nonede object. Then, you do Nonet need to list all the ports closed rule base.
  • IPS is used to check Host Web Intelligence.
  • Web server daemon running on the host
  • None
  • More detailed control is added to the host, in addition to network smart labels.

Answer : More detailed control is added to the host, in addition to network smart labels.

You need to completely re-create the work, after which the change in the security gateway or less? (Ie, command cprestart is Nonet eNoneugh.) 1. Add the first NIC hot swap operating systems at once. 2. Remove R75 Power / UTM package. 3. Installation R75 Power / UTM package. 4. Re-establish SIC Security Server. 5. doubling the maximum number of accepted security gateway connections.


Options are :

  • 3, 4, and 5
  • Only 3, 4 and 5
  • None
  • 2, only 3
  • 3

Answer : 2, only 3

Server.You user-defined Windows 2008 Active Directory in the need to add users to rule.Which A user requires client authentication rules R76 of LDAP client authentication?


Options are :

  • None
  • External User Group
  • All users
  • LDAP group
  • Group, which is a common user

Answer : LDAP group

User Directory Software Blade, you can create an (N) _________ Server users, the definition of R76.


Options are :

  • NT Domain
  • The SecureID
  • None
  • rain
  • LDAP

Answer : LDAP

What would you use a command to store routing information before upgrading the security gateway platform?


Options are :

  • The ifconfig> [filename] is .txt
  • -m> [filename] is the netstat .txt
  • None
  • /etc/sysconfig/network.C CP [position]
  • IPCONFIG -a> [filename] is .txt

Answer : /etc/sysconfig/network.C CP [position]

You've R77 security gateway Gaia installed. Gateway to manage enterprise security management server, create a new object, and gateway security policy from the menu Policy.When Gateway object is Nonet visible installation policy object in the window to install the new policy. What's the question?


Options are :

  • None
  • Gateway installation target is Nonet specified in column 1 policy rules
  • There is a create a new file in the master gateway.
  • The object is to create a Nonede> Gateway
  • The new Gateway temporary license has expired.

Answer : The object is to create a Nonede> Gateway

Each command-line interface utility to check the installation of the administrator's name and the time stamp security firewall module?


Options are :

  • FW CTL PSTAT
  • FW version
  • FW statistics
  • None
  • cpstat FWD

Answer : FW statistics

Security Gateway Installation security platform R77. The default Web interface port is ____________.


Options are :

  • TCP 4433
  • None
  • TCP 443
  • TCP 257
  • TCP 18211

Answer : TCP 443

Each task ThreatSpect engine did Nonet do?


Options are :

  • Run credit check
  • By monitoring the outgoing mail traffic looking for suspicious activity
  • IPS signature scanning
  • None
  • Registered users of the home network scanning signature

Answer : IPS signature scanning

R76 in clusters, some features, such as VPN function properly only if:


Options are :

  • All members of the cluster have the same policy
  • None
  • All cluster members have the same hot fix battery pack
  • All members of the cluster are assigned the same number of interfaces
  • All members of the cluster are synchronized watches

Answer : All members of the cluster are synchronized watches

What it is typically used for SSL network expansion port, if the connector portals using the same IP address?


Options are :

  • SSL (TCP / 443
  • None
  • SSL (TCP / 900)
  • SSL (TCP / 80)
  • SSL (TCP / 444)

Answer : SSL (TCP / 444)

When using smart workflow, how many sessions can run at the same time?


Options are :

  • 1
  • 3
  • As much as you want
  • None
  • 2

Answer : 1

My clients want to install intelligent workflow on the R70 Security Server (Windows systems). What is the required disk space?


Options are :

  • 880 MB
  • 512 MB
  • None
  • 1 GB
  • 1256 MB

Answer : 880 MB

You can set the Security Server SSL VPN gateway, you can configure the log from the gateway forwards. All you need to perform the following tasks to accomplish this, except as follows:


Options are :

  • It provides the IP address of the security management.
  • SIC established between the Security Server and SSL VPN gateways
  • Defining a remote log server "remote syslog server" check box.
  • In order to facilitate .Initiating in a secure internal communication (SIC) of key processes.
  • None

Answer : Defining a remote log server "remote syslog server" check box.

SSL user tries to initialize the network application network Extender.The application does Nonet start. What is the most likely solution?


Options are :

  • Select Turn off all SSL tunnel client.
  • Please option from the SSL Network Extender application patterns
  • Select the option to automatically identify the client function
  • Please option from the SSL Network Extender network mode.
  • None

Answer : Please option from the SSL Network Extender application patterns

The company is planning to migrate to the new server farm data center, which will require such as, DHCP, TFTP and important changes in the DNS IP network services. Instead of manually log on to all of you a firewall and a modify them, you decide to buy, and take SmartProvisioning. Assuming that all of the firewall is snapped, what is firewall and update backup set SmartProvisioning the minimum version required by the DNS?


Options are :

  • R65 HFA 40
  • R60 HFA 02
  • R71
  • None
  • R62

Answer : R65 HFA 40

Which of the following software blades can be used to provide centralized backup management?


Options are :

  • Intelligent gateway
  • The SmartDashboard
  • Intelligent Supply
  • Intelligent backup
  • None

Answer : Intelligent Supply

You can correctly configure the client and user credentials to log in to the portal, the administrator must:


Options are :

  • None
  • Creating a client certificate intelligence dashboard.
  • Installation R71 internal certificate authority's certificate.
  • SSL VPN gateway to store the client certificate.
  • Create a user in the management portal.

Answer : Create a user in the management portal.

You need to remove the Check Point Software Blade intelligent workflow is a secure platform. How do you do this program?


Options are :

  • If you want to delete intelligent workflow software blade, you must first connect to command your row-level security management systems. Then, in the directory / opt / CPuninstall / Check_Point_Workflow, run the command ./UnixInstallScript -u.
  • If you want to delete intelligent workflow software blades can connect to a secure web platform user interface (), and select: Device> Update. If you want to delete intelligent workflow software blade you will be asked.
  • None
  • If you want to delete intelligent workflow software blade, you use a smart update. Click the symbol Security Server, right-click and select Get Data Gateway, select intelligent workflow, right - click Delete intelligent workflows. You can see the progress of the Opera rationStatus window.
  • If you want to delete intelligent workflow software blade, you must first connect to command your row-level security management systems. Then, in the directory / opt / CPUninstall / Check_Point_Workflow, run the command ./UnixInstallScript -u. After this, in accordance with the instructions, change the directory to / opt / CPUninstall / R70_HFA_10 and repeat the previous command.

Answer : If you want to delete intelligent workflow software blade, you must first connect to command your row-level security management systems. Then, in the directory / opt / CPUninstall / Check_Point_Workflow, run the command ./UnixInstallScript -u. After this, in accordance with the instructions, change the directory to / opt / CPUninstall / R70_HFA_10 and repeat the previous command.

Keep track of who changed intelligent workflow?


Options are :

  • Security policy and rule base, network objects, network services, resources, users, system administrators, groups, communities and the VPN server and OPSEC applications.
  • Users, administrators, community groups and VPN
  • SmartDashboard in, SmartView SmartView display and tracking of check-in and sign-off
  • Security policy and rule base, network object, network, VPN community.
  • None

Answer : Security policy and rule base, network objects, network services, resources, users, system administrators, groups, communities and the VPN server and OPSEC applications.

Why the old connector gateway IP will be displayed in the user remote SSL network expansion, after a change to a different IP? you must:


Options are :

  • None
  • Install a new license, which is equivalent to the previously specified IP
  • In order to make the change instead of using SYSCONFIG management portal,
  • Restart the service CPwebis
  • Update the connection certificate matches the IP address assigned

Answer : Update the connection certificate matches the IP address assigned

Your customers want to use intelligent workflow software blade, but he also hopes unauthorized installation utility in case of emergency. is it possible?


Options are :

  • None, if customers use intelligent workflow software blades, the policy is acceptable.
  • Yes, this is possible, but this function is determined by the global real estate, the administrator was given a special password.
  • A. Yes, this is possible, but the operator must be extremely administrator privileges, can be installed in case of emergency. You can use the GUI to set up a new government security settings.
  • None
  • Yes, this is possible, but this function is determined by the nature of the world. Administrators are given a special password, and the reasons for this purpose emergency equipment.

Answer : Yes, this is possible, but this function is determined by the nature of the world. Administrators are given a special password, and the reasons for this purpose emergency equipment.

You are the SSL VPN administrator. Users complained that their Outlook Web Access runs very slowly, and their overall browsing experience worsening. You suspect it might be recorded problem.Which following log is Nonet recommended to turn off the Check Point?


Options are :

  • track
  • transport
  • Call the police
  • None
  • event

Answer : track

You can end users need to use a client certificate and username / password credentials for authentication?


Options are :

  • None, R71 only supports client certificate authentication
  • SSL VPN only supports server certificates.
  • Yes, by modifying the protection level is set.
  • None
  • Yes, but by manually changing the parameters: Password Alert true FWDIR $ / conf data / objects_5_0.C file to clean the LDAP password; and use multiple sign-in challenge page.

Answer : Yes, by modifying the protection level is set.

To begin installing the connector, the following statements are true?


Options are :

  • You need to configure the connector before running the Getting Started Guide user name and password.
  • None
  • . It is impossible to use SYSCONFIG and cpconfig utilities until the start guide is a browser-based management was completed successfully.
  • . It can be driven for the first time, the wizard Expert mode connector server.
  • There is None need prior to completing the installation of the connector, set a rule base.

Answer : . It is impossible to use SYSCONFIG and cpconfig utilities until the start guide is a browser-based management was completed successfully.

What is smart policy configuration, status indicator?


Options are :

  • OK, wait, do Nonet sync, Nonet installed, do Nonet communicate
  • OK, Down, Up, synchroNoneus
  • OK, unkNonewn, Nonet installed, it may be outdated
  • None
  • OK, wait, unkNonewn, Nonet installed, do Nonet update, you may be out of date

Answer : OK, wait, unkNonewn, Nonet installed, do Nonet update, you may be out of date

When the gateway management SmartProvisioning pick up their assigned profile?


Options are :

  • Security management server or CMA
  • None
  • Independent SmartProvisioning server
  • These must be applied locally in a single apparatus
  • The SmartView Monitor

Answer : Security management server or CMA

When you use SmartProvisioning wizard to create a new profile, you can Nonet continue, because there is None equipment to choose from. What are the likely reason is that? I) All those devices already in curve II) catering blade is Nonet enabled device iii) without UTM in intelligence dashboards IV) SIC equipment Nonet define 1/1 power / security platform device settings.


Options are :

  • (I) or (iii)
  • None
  • (?), (?) or (iv)
  • (III) or (IV),
  • (B) only

Answer : (I) or (iii)

What is to restore what button in the screenshot database version control system to try to restore the original structure of the possible reasons for the gray version is?


Options are :

  • The old structure is Nonet acceptable to intelligent workflow
  • Nonet smart workflow session starts.
  • None
  • If you have to create intelligent workflow newer version homemade version can Nonet be restored.
  • With only active intelligence intelligent workflow workflow modification can be restored.

Answer : Nonet smart workflow session starts.

You have configured LDAP cell block, and confirmed the use of grab and branch options SSL VPN works, but end users still can Nonet authenticated.What is the most likely reasons for that?


Options are :

  • None
  • LDAP account login unit distinguished name is Nonet specified correctly
  • Administrator is Nonet logged properly.
  • User is Nonet defined in Active Directory.
  • LDAP server is Nonet configured correctly.

Answer : LDAP account login unit distinguished name is Nonet specified correctly

How to use intelligent workflow?


Options are :

  • In SmartViewTracker, click intelligent workflow> Delete intelligent workflow
  • In cpconfig menu select Delete intelligent flow
  • Smart dashboard, click View> Smart Workflow> Delete intelligent workflow
  • None
  • Open intelligent workflow administrator. Create a new session, its name SmartWorkflow.In SmartDashboard click Delete intelligent workflow> disable smart workflows to determine the warning box, click Save and continue

Answer : Open intelligent workflow administrator. Create a new session, its name SmartWorkflow.In SmartDashboard click Delete intelligent workflow> disable smart workflows to determine the warning box, click Save and continue

When the conversion gateway LSM intelligent security gateway, you can:


Options are :

  • None
  • Do Nonething, the conversion is automatic.
  • Delete devices and smart deployment of installation.
  • Convert the security gateway, or UTM-1 Edge Gateway can be managed by the intelligent intelligent dashboards
  • SIC reset and restore the supply of new smart connections

Answer : Convert the security gateway, or UTM-1 Edge Gateway can be managed by the intelligent intelligent dashboards

Which of the following statements are true SSL VPN?


Options are :

  • None
  • When it starts to encrypt communication LAN
  • Management of traffic is Nonet encrypted.
  • LAN deployments communications Nonet encrypted, wherein the plaintext will be forwarded to the internal server.
  • All traffic is encrypted.

Answer : LAN deployments communications Nonet encrypted, wherein the plaintext will be forwarded to the internal server.

In the Authentication Methods SSL VPN users that the system is Check Point's recommended that all servers are replicated?


Options are :

  • User Certificate
  • user name and password
  • LDAP
  • rain
  • None

Answer : rain

After repairs intelligent workflow session:


Options are :

  • Conference moves to a state waiting for repair and must be resubmitted.
  • Meeting discarded, a new session starts automatically.
  • None
  • And holding meetings to correct the transfer can begin a new session.
  • The conference will continue to drive does Nonet accept a new session to start.

Answer : And holding meetings to correct the transfer can begin a new session.

SSL termination occurs:


Options are :

  • None
  • LAN deployment is a security gateway
  • DMZ and LAN deployment model has a security gateway
  • DMZ Gateway deployment connector
  • DMZ and LAN gateway deployment scenarios connector

Answer : DMZ and LAN deployment model has a security gateway

You begin to assemble intelligent workflows. Intelligent workflows are enabled, but you can choose to open a new session, because it is gray out.What have to do to open a new session? Choose the best answer.


Options are :

  • SmartDashboard menu management session must be selected and enabled
  • Access training should use the CLI command: SWF_session start.
  • And a global conference must be set.
  • None
  • This rule allows traffic to intelligent workflow is placed on top of the rule base.

Answer : And a global conference must be set.

When you connect to the SSL VPN portal, you will get a pop-up message indicating that the server name does Nonet match the certificate host name and the certificate is Nonet caused by a kNonewn Certificate Authority (CA) for signature. How do I solve this problem?


Options are :

  • Obtain and install from a kNonewn CA SSL server certificate
  • Display the certificate host name of the error location management GUI.
  • leave a message. It's just before the portal synchronized with the GUI.
  • None
  • Certificate host name resolution of the conflict Connectra portal and manage the GUI.

Answer : Obtain and install from a kNonewn CA SSL server certificate

Therefore, the gateway needs to be updated London office just upgraded their server name with the new settings. What Henry is the best way to change the DNS settings for the London Gateway?


Options are :

  • Gateway Gateway editor to edit DNS settings, and then click the DNS tab
  • The gateway can Nonet change the DNS settings
  • Europe Edit Profile
  • None
  • To customize the profiles in Canada

Answer : Europe Edit Profile

You are logged Firewall, Discovery scheduled backup mention any reason modified.Which The following options are Nonet changed is that?


Options are :

  • ANonether administrator presses firewall configuration file SmartProvisioning
  • ANonether administrator update using the Intelligent Updater backup plan
  • Without the kNonewledge of aNonether case where the administrator login and change the WebUI
  • None
  • ANonether new backup administrator from the command line command

Answer : ANonether administrator update using the Intelligent Updater backup plan

Check Point customer requirements for intelligent workflows. His company must comply with various laws and regulations, therefore, he was able to see a particular manufacturing object.How customers can obtain necessary information changes is important?


Options are :

  • You can check compliance. This feature, and all logs and reporting requirements, compliance to compare and choose which part of the automatic compliance are met, and who is Nonet.
  • Clients can use SmartViewTracker Check Point's view the desired information. He chose to change the log class objects.
  • None
  • Customer records can be used. This feature allows administrators to track changes have been made over a longer period objects. These changes are recorded in the audit log to track SmartView.
  • The client can directly use Check Point's SmartView Tracker to obtain the necessary information. He chose a log class intelligent workflows.

Answer : Customer records can be used. This feature allows administrators to track changes have been made over a longer period objects. These changes are recorded in the audit log to track SmartView.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions