156-215.13 Check Point Certified Security Administrator Exam Set 7

The London Security Gateway Administrator has just installed the Security Gateway and Management Server. He has not changed any default settings. As he tries to configure the Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?


Options are :

  • Check if some intermediate network device has a wrong routing table entry, VLAN assignment, duplex-mismatch, or trunk issue.
  • Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client
  • Verify the SIC initialization.
  • Verify that the Rule Base explicitly allows management connections (Correct)

Answer : Verify that the Rule Base explicitly allows management connections

Which command displays the installed Security Gateway version?


Options are :

  • cpstat -gw
  • fw ver (Correct)
  • fw printver
  • fw stat

Answer : fw ver

Which of the following are available SmartConsole clients which can be installed from the R76 Windows CD? Read all answers and select the most complete and valid list.


Options are :

  • SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
  • Security Policy Editor, Log Viewer, Real Time Monitor GUI
  • SmartView Tracker, CPINFO, SmartUpdate (Correct)
  • SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor

Answer : SmartView Tracker, CPINFO, SmartUpdate

Which of the following statements accurately describes the command upgrade_export?


Options are :

  • This command is no longer supported in GAiA.
  • Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version. (Correct)
  • upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
  • upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.

Answer : Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.

Your network is experiencing connectivity problems and you want to verify if routing problems are present. You need to disable the firewall process but still allow routing to pass through the Gateway running on an IP Appliance running IPSO. What command do you need to run after stopping the firewall service?


Options are :

  • ipsofwd on admin (Correct)
  • fw load routed
  • fw fwd routing
  • ipsofwd slowpath

Answer : ipsofwd on admin

How can you recreate the Security Administrator account, which was created during initial Management Server installation on SecurePlatform?


Options are :

  • Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the Administrator Account portion of the file. You will be prompted to create a new account.
  • Launch cpconfig and delete the Administrator's account. Recreate the account with the same name. (Correct)
  • Launch SmartDashboard in the User Management screen, and delete the cpconfig administrator.
  • Type cpm -a, and provide the existing Administrator's account name. Reset the Security Administrator's password.

Answer : Launch cpconfig and delete the Administrator's account. Recreate the account with the same name.

The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n):


Options are :

  • Distributed Installation (Correct)
  • Stand-Alone Installation.
  • Unsupported configuration.
  • Hybrid Installation.

Answer : Distributed Installation

Where can you find the Check Point's SNMP MIB file?


Options are :

  • $FWDIR/conf/snmp.mib
  • $CPDIR/lib/snmp/chkpt.mib (Correct)
  • There is no specific MIB file for Check Point products.
  • It is obtained only by request from the TAC.

Answer : $CPDIR/lib/snmp/chkpt.mib

What is the syntax for uninstalling a package using newpkg?


Options are :

  • newpkg CANNOT be used to uninstall a package (Correct)
  • -s
  • -i
  • -u

Answer : newpkg CANNOT be used to uninstall a package

When Jon first installed his new security system, he forgot to configure DNS servers on his Security Gateway. How could Jon configure DNS servers now that his Security Gateway is in production?


Options are :

  • Login to the SmartDashboard, edit the firewall Gateway object, select the tab Interfaces > Domain Name Servers.
  • Login to the firewall using SSH and run fwm, then select System Configuration > Domain Name Servers.
  • Login to the firewall using SSH and run cpconfig, then select Domain Name Servers.
  • Login to the firewall using SSH and run sysconfig, then select Domain Name Servers. (Correct)

Answer : Login to the firewall using SSH and run sysconfig, then select Domain Name Servers.

When restoring R76 using the command upgrade_import, which of the following items are NOT restored?


Options are :

  • Global properties
  • Licenses
  • Route tables (Correct)
  • SIC Certificates

Answer : Route tables

Which component functions as the Internal Certificate Authority for R76?


Options are :

  • Management Server (Correct)
  • Policy Server
  • Security Gateway
  • SmartLSM

Answer : Management Server

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?


Options are :

  • Run the command revert to restore the snapshot, establish SIC, and install the Policy.
  • Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy. (Correct)
  • Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.
  • Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.

Answer : Reinstall the base operating system (i.e., SecurePlatform). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

You need to back up the routing, interface, and DNS configuration information from your R76 GAiA Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • Manual copies of the directory $FWDIR/conf
  • upgrade_export and upgrade_import commands
  • GAiA back up utilities (Correct)
  • Database Revision Control

Answer : GAiA back up utilities

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?


Options are :

  • Security Gateway (Correct)
  • None, Security Management Server would be installed by itself.
  • SmartConsole
  • SecureClient

Answer : Security Gateway

Message digests use which of the following?


Options are :

  • IDEA and RC4
  • SHA-1 and MD5 (Correct)
  • SSL and MD4
  • DES and RC4

Answer : SHA-1 and MD5

You believe Phase 2 negotiations are failing while you are attempting to configure a site-tosite VPN with one of your firm's business partners. Which SmartConsole application should you use to confirm your suspicions?


Options are :

  • SmartUpdate
  • SmartView Status
  • SmartView Tracker (Correct)
  • SmartDashboard

Answer : SmartView Tracker

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?


Options are :

  • SmartDashboard and SmartView Tracker (Correct)
  • SmartView Monitor and SmartUpdate
  • SmartView Tracker and SmartView Monitor
  • SmartLSM and SmartUpdate

Answer : SmartDashboard and SmartView Tracker

During which step in the installation process is it necessary to note the fingerprint for firsttime verification?


Options are :

  • When configuring the Security Management Server using cpconfig (Correct)
  • When configuring the Security Gateway object in SmartDashboard
  • When configuring the Gateway in the WebUI
  • When establishing SIC between the Security Management Server and the Gateway

Answer : When configuring the Security Management Server using cpconfig

Your R76 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?


Options are :

  • Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object. (Correct)
  • Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.
  • Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.
  • On a SecurePlatform Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility

Answer : Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object.

Which utility allows you to configure the DHCP service on SecurePlatform from the command line?


Options are :

  • ifconfig
  • dhcp_cfg
  • cpconfig
  • sysconfig (Correct)

Answer : sysconfig

Before upgrading SecurePlatform, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?


Options are :

  • A backup cannot be restored, because the binary files are missing.
  • The restore is not possible because the backup file does not have the same build number (version).
  • The restore is done by selecting Snapshot Management from the boot menu of GAiA
  • The restore can be done easily by the command restore and selecting the file netconf.C. (Correct)

Answer : The restore can be done easily by the command restore and selecting the file netconf.C.

Over the weekend, an Administrator without access to SmartDashboard installed a new R76 Security Gateway using GAiA. You want to confirm communication between the Gateway and the Management Server by installing the Security Policy. What might prevent you from installing the Policy?


Options are :

  • You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on both the Security Gateway and the Management Server
  • You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server. (Correct)
  • You first need to initialize SIC in SmartUpdate.
  • You first need to run the command fw unloadlocal on the new Security Gateway.

Answer : You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.

How is wear on the flash storage device mitigated on diskless appliance platforms?


Options are :

  • Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
  • A RAM drive reduces the swap file thrashing which causes fast wear on the device. (Correct)
  • PRAM flash devices are used, eliminating the longevity
  • The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.

Answer : A RAM drive reduces the swap file thrashing which causes fast wear on the device.

A digital signature:


Options are :

  • Decrypts data to its original form
  • Provides a secure key exchange mechanism over the Internet.
  • Guarantees the authenticity and integrity of a message. (Correct)
  • Automatically exchanges shared keys.

Answer : Guarantees the authenticity and integrity of a message.

Your company is running Security Management Server R76 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?


Options are :

  • Using SmartDashboard or cpconfig
  • Using cpconfig on the Security Management Server, choose Administrators
  • Using the Web console on SecurePlatform under Product configuration, select Administrators
  • Using SmartDashboard, under Users, select Add New Administrator (Correct)

Answer : Using SmartDashboard, under Users, select Add New Administrator

You intend to upgrade a Check Point Gateway from R71 to R76. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?


Options are :

  • backup (Correct)
  • snapshot
  • upgrade_export
  • database revision

Answer : backup

You are installing a Security Management Server. Your security plan calls for three administrators for this particular server. How many can you create during installation?


Options are :

  • As many as you want
  • Depends on the license installed on the Security Management Server
  • One (Correct)
  • Only one with full access and one with read-only access

Answer : One

You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.


Options are :

  • /etc/sysconfig/network
  • /etc/conf/route.C
  • /etc/sysconfig/network-scripts/ifcfg-ethx
  • /etc/sysconfig/netconf.C (Correct)

Answer : /etc/sysconfig/netconf.C

You are running a R76 Security Gateway on SecurePlatform. In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?


Options are :

  • snapshot (Correct)
  • backup
  • manual backup
  • upgrade_export

Answer : snapshot

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions