156-215.13 Check Point Certified Security Administrator Exam Set 5

Secure Internal Communications (SIC) is completely NAT-tolerant because it is based on:


Options are :

  • MAC addresses.
  • SIC names (Correct)
  • IP addresses
  • SIC is not NAT-tolerant.

Answer : SIC names

The fw monitor utility is used to troubleshoot which of the following problems?


Options are :

  • Log Consolidation Engine
  • Address translation (Correct)
  • Phase two key negotiation
  • User data base corruption

Answer : Address translation

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R76 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?


Options are :

  • Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway. (Correct)
  • Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
  • Do nothing, as long as 10.1.1.0 network has the correct default Gateway.
  • Use automatic Static NAT for network 10.1.1.0/24.

Answer : Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

You plan to create a backup of the rules, objects, policies, and global properties from an R76 Security Management Server. Which of the following backup and restore solutions can you use? 1) Upgrade_export and upgrade_import utilities 2) Database revision control 3) SecurePlatform backup utilities 4) Policy package management 5) Manual copies of the $CPDIR/conf directory


Options are :

  • 2, 4, and 5
  • 1, 3, and 4
  • 1, 2, 3, 4, and 5
  • 1, 2, and 3 (Correct)

Answer : 1, 2, and 3

You have configured Automatic Static NAT on an internal host-node object. You clear the box Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in Global Properties are selected, what else must be configured so that a host on the Internet can initiate an inbound connection to this host?


Options are :

  • A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface. (Correct)
  • A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway's external interface.
  • The NAT IP address must be added to the external Gateway interface anti-spoofing group.
  • No extra configuration is needed.

Answer : A static route, to ensure packets destined for the public NAT IP address will reach the Gateway's internal interface.

Which of the following can be found in cpinfo from an enforcement point?


Options are :

  • VPN keys for all established connections to all enforcement points
  • Everything NOT contained in the file r2info
  • The complete file objects_5_0.c
  • Policy file information specific to this enforcement point (Correct)

Answer : Policy file information specific to this enforcement point

You have detected a possible intruder listed in SmartView Tracker's active pane. What is the fastest method to block this intruder from accessing your network indefinitely?


Options are :

  • Modify the Rule Base to drop these connections from the network.
  • In SmartView Monitor, select Tools > Suspicious Activity Rules
  • In SmartView Tracker, select Tools > Block Intruder. (Correct)
  • In SmartDashboard, select IPS > Network Security > Denial of Service

Answer : In SmartView Tracker, select Tools > Block Intruder.

Which SmartConsole tool would you use to see the last policy pushed in the audit log?


Options are :

  • SmartView Tracker (Correct)
  • SmartView Status
  • None, SmartConsole applications only communicate with the Security Management Server.
  • SmartView Server

Answer : SmartView Tracker

Which answers are TRUE? Automatic Static NAT CANNOT be used when: 1) NAT decision is based on the destination port. 2) Both Source and Destination IP's have to be translated. 3) The NAT rule should only be installed on a dedicated Gateway. 4) NAT should be performed on the server side.


Options are :

  • 2 and 3
  • 1, 3, and 4
  • 1 and 2
  • 2 and 4 (Correct)

Answer : 2 and 4

Where is the easiest and BEST place to find information about connections between two machines?


Options are :

  • On a Security Gateway using the command fw log.
  • On a Security Management Server, using SmartView Tracker (Correct)
  • All options are valid.
  • On a Security Gateway Console interface; it gives you detailed access to log files and state table information.

Answer : On a Security Management Server, using SmartView Tracker

To reduce the information given to you in SmartView Tracker, what can you do to find information about data being sent between pcosaka and pctokyo?


Options are :

  • Use a regular expression to filter out relevant logging entries.
  • Press CTRL+F in order to open the find dialog, and then search the corresponding IP addresses.
  • Apply a source filter by adding both endpoint IP addresses with the equal option set. (Correct)
  • Double-click an entry representing a connection between both endpoints

Answer : Apply a source filter by adding both endpoint IP addresses with the equal option set.

You are working with three other Security Administrators. Which SmartConsole component can be used to monitor changes to rules or object properties made by the other administrators?


Options are :

  • Eventia Monitor
  • SmartView Tracker (Correct)
  • SmartView Monitor
  • Eventia Tracker

Answer : SmartView Tracker

How do you view a Security Administrator's activities with SmartConsole?


Options are :

  • SmartView Tracker in the Management tab (Correct)
  • SmartView Tracker in the Network and Endpoint tabs
  • SmartView Monitor using the Administrator Activity filter
  • Eventia Suite

Answer : SmartView Tracker in the Management tab

Which R76 feature or command allows Security Administrators to revert to earlier Security Policy versions without changing object configurations?


Options are :

  • fwm dbexport/fwm dbimport
  • c
  • Policy Package management (Correct)
  • Database Revision Control

Answer : Policy Package management

Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?


Options are :

  • cpstat fw -f policy
  • fw stat
  • fw ctl get string active_secpol (Correct)
  • Check the Security Policy name of the appropriate Gateway in SmartView Monitor.

Answer : fw ctl get string active_secpol

You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:“Unknown established connection” .How do you resolve this problem without causing other security issues? Choose the BEST answer.


Options are :

  • Create a new TCP service object on port 23 called Telnet-mainframe. Define a servicebased session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe. (Correct)
  • Ask the mainframe users to reconnect every time this error occurs.
  • Increase the TCP session timeout under Global Properties > Stateful Inspection.
  • Increase the service-based session timeout of the default Telnet service to 24-hours.

Answer : Create a new TCP service object on port 23 called Telnet-mainframe. Define a servicebased session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

Where are custom queries stored in R76 SmartView Tracker?


Options are :

  • On the Security Management Server tied to the Administrator User Database login name (Correct)
  • On the SmartView Tracker PC local file system under the user's profile.
  • On the Security Management Server tied to the GUI client IP.
  • On the SmartView Tracker PC local file system shared by all users of that local PC.

Answer : On the Security Management Server tied to the Administrator User Database login name

In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:


Options are :

  • It is necessary to add a static route to the Gateway's routing table.
  • VLAN tagging cannot be defined for any hosts protected by the Gateway.
  • The Security Gateway's ARP file must be modified.
  • It is not necessary to add a static route to the Gateway's routing table. (Correct)

Answer : It is not necessary to add a static route to the Gateway's routing table.

How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?


Options are :

  • Custom scripts cannot be executed through alert scripts.
  • User-defined alert script (Correct)
  • SNMP trap alert script
  • Pop-up alert script

Answer : User-defined alert script

You are MegaCorp's Security Administrator. There are various network objects which must be NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the best answer.


Options are :

  • The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range. (Correct)
  • The Administrator decides the rule order by shifting the corresponding rules up and down.
  • The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.
  • The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

Answer : The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block? 1) Select Active Mode tab in SmartView Tracker. 2) Select Tools > Block Intruder. 3) Select Log Viewing tab in SmartView Tracker. 4) Set Blocking Timeout value to 60 minutes. 5) Highlight connection that should be blocked.


Options are :

  • 1, 5, 2, 4 (Correct)
  • 1, 2, 5, 4
  • 3, 5, 2, 4
  • 3, 2, 5, 4

Answer : 1, 5, 2, 4

In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules. Which of the following is NOT true?


Options are :

  • If you chose Automatic NAT instead, all necessary entries are done for you.
  • When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address. (Correct)
  • When using Dynamic Hide NAT with an address that is not configured on a Gateway interface, you need to add a proxy ARP entry for that address.
  • When using Static NAT, you must add proxy ARP entries to the Gateway for all hiding addresses.

Answer : When using Static NAT, you must enter ARP entries for the Gateway on all hosts that are using the NAT Gateway with that Gateway's internal interface IP address.

You are reviewing the Security Administrator activity for a bank and comparing it to the change log. How do you view Security Administrator activity?


Options are :

  • SmartView Tracker cannot display Security Administrator activity; instead, view the system logs on the Security Management Server's Operating System.
  • SmartView Tracker in Network and Endpoint Mode
  • SmartView Tracker in Active Mode
  • SmartView Tracker in Management Mode (Correct)

Answer : SmartView Tracker in Management Mode

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?


Options are :

  • Custom filter
  • Management tab (Correct)
  • Network and Endpoint tab
  • Active tab

Answer : Management tab

When translation occurs using automatic Hide NAT, what also happens?


Options are :

  • The source port is modified. (Correct)
  • Nothing happens.
  • The destination port is modified
  • The destination is modified.

Answer : The source port is modified.

Which of the following R76 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?


Options are :

  • Account Query
  • Active Tab (Correct)
  • Audit Tab
  • All Records Query

Answer : Active Tab

Which statement below describes the most correct strategy for implementing a Rule Base?


Options are :

  • Add the Stealth Rule before the last rule.
  • Limit grouping to rules regarding specific access
  • Place a network-traffic rule above the administrator access rule.
  • Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down (Correct)

Answer : Place the most frequently used rules at the top of the Policy and the ones that are not frequently used further down

You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.


Options are :

  • Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
  • No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
  • Yes, there are always as many active NAT rules as there are connections
  • Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT). (Correct)

Answer : Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).

You can include External commands in SmartView Tracker by the menu Tools > Custom Commands.The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command traceroute on an IP address?


Options are :

  • Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list. (Correct)
  • Use the program GUIdbedit to add the command traceroute to the Security Management Server properties.
  • There is no possibility to expand the three pre-defined options Ping, Whois, and Nslookup.
  • Go to the menu, Tools > Custom Commands and configure the Linux command traceroute to the list.

Answer : Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list.

Which of the following is a viable consideration when determining Rule Base order?


Options are :

  • Grouping authentication rules with QOS rules
  • Placing more restrictive rules before more permissive rules (Correct)
  • Grouping IPS rules with dynamic drop rules
  • Grouping reject and drop rules after the CleanUp Rule

Answer : Placing more restrictive rules before more permissive rules

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions