156-215.70 Check Point Certified Security Administrator Exam Set 6

Which of the following is true regarding configuration of clustering nodes?


Options are :

  • Each node must have exactly the same set of packages as all the other nodes (Correct)
  • You must install R70 as an enforcement module (only) on each node (Correct)
  • Cluster nodes do not have to run exactly the same version of CheckPoint package
  • You must enable state synchronization (Correct)
  • Each cluster node must run exactly the same version of R70 (Correct)

Answer : Each node must have exactly the same set of packages as all the other nodes You must install R70 as an enforcement module (only) on each node You must enable state synchronization Each cluster node must run exactly the same version of R70

Platforms IP290, IP390 and IP560 are flash-based, diskless platforms. And what do you have to do prior to upgrading their images to R70?


Options are :

  • Backup their images
  • Do nothing
  • Delete old images (Correct)
  • Backup old images
  • Restore old images

Answer : Delete old images

Anti-Spam status is monitored using which of the following tool?


Options are :

  • Cpconfig
  • SmartView Tracker
  • SmartView Monitor (Correct)
  • Eventia Reporter
  • SmartDashboard

Answer : SmartView Monitor

What services are supported by client authentication?


Options are :

  • HTTP and FTP
  • RLOGIN
  • TELNET, HTTP and FTP
  • All services (Correct)
  • FTP
  • HTTPS, HTTP and FTP

Answer : All services

The SmartUpdate command line " cprinstall transfer" will:


Options are :

  • Verify that the Operating System and currently installed products are appropriate for the package
  • Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database
  • Transfers a package from the repository to a Check Point Security Gateway without installing the package (Correct)
  • Verify if a specific product can be installed on the remote Check Point gateway
  • Transfers a package from the repository to a Check Point Security Gateway and install the package

Answer : Transfers a package from the repository to a Check Point Security Gateway without installing the package

259 or connect via HTTP at If SecureClient cannot download a new policy from any Policy Server, it will try again after a fixed interval. If the fixed interval is set to default, then the default time is:


Options are :

  • 5 minutes (Correct)
  • 8 minutes
  • 10 minutes
  • 4 minutes
  • 3 minutes

Answer : 5 minutes

In what situation will you consider and deploy policy management conventions?


Options are :

  • Not in any situation
  • In some rear situations
  • In all situations (Correct)
  • In some situations
  • No available answer

Answer : In all situations

When carrying out a backup operation on R70, you will have to backup which of the following files?


Options are :

  • $FWDIR/conf/rulebases_5_0.fws (Correct)
  • $FWDIR/database/fwauth.NDB* (Correct)
  • $FWDIR/conf/objects_5_0.C (Correct)
  • $FWDIR/database/control.map
  • $FWDIR/conf/rule.fws

Answer : $FWDIR/conf/rulebases_5_0.fws $FWDIR/database/fwauth.NDB* $FWDIR/conf/objects_5_0.C

Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the cpconfig command and put in the same activation key in the Gateway's object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?


Options are :

  • The old Gateway object should have been deleted and recreated.
  • The installed policy blocks the communication.
  • Joe forgot to exit from cpconfig. (Correct)
  • Joe forgot to reboot the Gateway.

Answer : Joe forgot to exit from cpconfig.

What is a Consolidation Policy?


Options are :

  • The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. (Correct)
  • A global Policy used to share a common enforcement policy for multiple Security Gateways.
  • The collective name of the Security Policy, Address Translation, and IPS Policies
  • The collective name of the logs generated by SmartReporter.

Answer : The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

Which of the following are authentication methods that Security Gateway R70 uses to validate connection attempts? Select the response below includes that includes the MOST complete list of valid authentication methods:


Options are :

  • Connection, Proxied, Session
  • Connection, User, Client
  • Proxied, User, Dynamic, Session
  • User, Client. Session (Correct)

Answer : User, Client. Session

Which opponent functions as the Internet Certificate Authority for R70?


Options are :

  • SmartLSM
  • Security Gateway
  • Management Server (Correct)
  • Policy Server

Answer : Management Server

When launching SmartDashboard, what information is required to log into R70?


Options are :

  • User Name, Management Server IP, certificate fingerprint file
  • User Name, Password, Management Server IP (Correct)
  • Password, Management Server IP
  • Password, Management Server IP, LDAP Server IP

Answer : User Name, Password, Management Server IP

The fw stat -l command includes all of the following except:


Options are :

  • The number of times the policy has been installed (Correct)
  • The number of packets that have been dropped
  • The number of packets that have been inspected
  • The date and time of the policy that is installed.

Answer : The number of times the policy has been installed

What does it indicate when a Check Point product name includes the word "SMART"?


Options are :

  • Security Management Architecture. (Correct)
  • Stateful Management of all Routed Traffic.
  • This Check Point product is a GUI Client
  • The Check Point product includes Artificial Intelligence.

Answer : Security Management Architecture.

External commands can be included in SmartView Tracker via the menu Tools > Custom Commands. The Security Management Server is running under SecurePlatform, and the GUI is on a system running Microsoft Windows. How do you run the command, traceroute on an IP address?


Options are :

  • Use the program GUIdbedit to add the command traceroute to the properties of the Security Management Server.
  • Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list (Correct)
  • There is no possibility to expand the three pre-defined options ping, whois, and Nslookup
  • Go to the menu. Tools > Custom Commands and configure the Linux command traceroute to the list

Answer : Go to the menu Tools > Custom Commands and configure the Windows command tracert.exe to the list

Which of the following are available SmartConsole clients which can be installed from the R70 Windows CD? Read all answers and select the most complete and valid list.


Options are :

  • Security Policy Editor, Log Viewer, Real Time Monitor GUI
  • SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor (Correct)
  • SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate. SmartView Status
  • SmartView Tracker, CPINFO, SmartUpdate

Answer : SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor

You are installing your R70Security Gateway. Which is NOT a valid option for the hardware platform?


Options are :

  • Windows
  • Solaris (Correct)
  • Crossbeam
  • IPSO

Answer : Solaris

You are trying to save a custom log query in R70 SmartView Tracker, but getting the following error "Could not save 'query-name' (Error Database is Read Only). Which of the following is a likely explanation for this?


Options are :

  • You do not have the explicit right to save a custom query in your administrator permission profile under SmartConsole customization
  • You do not have OS write permissions on the local SmartView Tracker PC in order to save the custom query locally
  • Another administrator is currently connected to the Security Management Server with read/write permissions which impacts your ability to save custom log queries to the Security Management Server
  • You have read-only rights to the Security Management Server catabase. (Correct)

Answer : You have read-only rights to the Security Management Server catabase.

When using the Anti-Virus Content Security, how are different file types analyzed?


Options are :

  • They are analyzed by their magic number. (Correct)
  • They are analyzed by their un-encoded.
  • They are analyzed by the MIME header
  • They are analyzed by their file extension (i.e. bat, exe, doc)

Answer : They are analyzed by their magic number.

Which command displays the installed Security Gateway version?


Options are :

  • fw stat
  • fw ver (Correct)
  • tw printver
  • cpstat -gw

Answer : fw ver

While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to perform this? 1) Select the Active Mode tab in SmartView Tracker 2) Select Tools > Block Intruder 3) Select the Log Viewing tab in SmartView Tracker 4) Set the Blocking Timeout value to 60 minutes 5) Highlight the connection he wishes to block


Options are :

  • 1, 2, 5, 4
  • 1, 5, 2, 4
  • 3, 2, 5, 4
  • 3, 5, 2, 4 (Correct)

Answer : 3, 5, 2, 4

What is the desired outcome when running the command cpinfo -z -o cpinfo.out?


Options are :

  • Send output to a file called cpinfo. out without address resolution.
  • Send output to a file called cpinfo. out in usable format for the CP InfoView utility
  • Send output to a file called cpinfo. out and provide a screen print at the same time.
  • Send output to a file called cpinfo. out in compressed format. (Correct)

Answer : Send output to a file called cpinfo. out in compressed format.

You have blocked an IP address via the Block Intruder feature of SmartView Tracker How can you view the blocked addresses'?


Options are :

  • Run f wm blockedview
  • In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list (Correct)
  • In SmartView Tracker, click the Active tab. and the actively blocked connections displays
  • In SmartView Monitor, select the Blocked Intruder option from the query tree view

Answer : In SmartView Monitor, select Suspicious Activity Rules from the Tools menu and select the relevant Security Gateway from the list

John is the Security Administrator in his company He installs a new R70 Security Management Server and a new R70 Gateway He now wants to establish SIC between them. After entering the activation key, the message "Trust established" is displayed in SmartDashboard, but SIC still does not seem to work because the policy won't install and interface fetching still does not work. What might be a reason for this?


Options are :

  • SIC does not function over the network.
  • This must be a human error.
  • The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid. (Correct)
  • It always works when the trust is established.

Answer : The Gateway's time is several days or weeks in the future and the SIC certificate is not yet valid.

A digital signature:


Options are :

  • Automatically exchanges shared keys
  • Provides a secure key exchange mechanism over the Internet (Correct)
  • Decrypts data to its original form.
  • Guarantees the authenticity and integrity of a message

Answer : Provides a secure key exchange mechanism over the Internet

Your R70 enterprise Security Management Server is running abnormally on Windows 2003 Server You decide to try reinstalling the Security Management Server, but you want to try keeping the critical Security Management Server configuration settings intact (i.e., all Security Policies, databases, SIC, licensing etc ) What is the BEST method to reinstall the Server and keep its critical configuration?


Options are :

  • 1. Insert the F70 CD-ROM, and select the option to export the configuration using the latest upgrade utilities 2. Perform any requested upgrade_verification suggested steps and re-export the configuration if needed 3. Save the export " tgz file to a local c: \temp directory 4. Uninstall all R70 packages via Add/Remove Programs and reboot 5. Install again using the R70 CD-ROM as a primary Security Management Server and reboot 6. Run upgrade_import to import the configuration
  • 1. Download the latest upgrade_export utility and run it from a c; \temp directory to export the configuration into a . tgz file 2. Skip any upgarde__verification warnings since you are not upgrading 3. Transfer the . tgz file to another networked machine 4. Download and run the cpclean utility and reboot 5. Use the R70 CD-ROM to select the uuarade import ootion to import the confiauration
  • 1. Create a database revision control backup using the SmartDashboard 2. Create a compressed archive of the *FWDlR*\ conf and »FWDiR8\lib directories and copy them to another networked machine. 3. Uninstall all R70 packages via Add/Remove Programs and reboot. 4. Install again as a primary Security Management Server using the R70 CD. 5. Reboot and restore the two archived directories over the top of the new installation, choosing to overwrite existing files.
  • 1. Download the latest upqrade_expoct utility and run it from a \temp directory to export the configuration into a . tgz file 2. Perform any requested upgcade_veri£ic«tion suggested steps 3. Uninstall all R70 packages via Add/Remove Programs and reboot 4. Use SmartUpdate to reinstall the Security Management Server and reboot 5. Transfer the tgz file back to the local \temp 6. Run upgrade__import to import the configuration (Correct)

Answer : 1. Download the latest upqrade_expoct utility and run it from a \temp directory to export the configuration into a . tgz file 2. Perform any requested upgcade_veri£ic«tion suggested steps 3. Uninstall all R70 packages via Add/Remove Programs and reboot 4. Use SmartUpdate to reinstall the Security Management Server and reboot 5. Transfer the tgz file back to the local \temp 6. Run upgrade__import to import the configuration

What are you required to do before running upgrade__ export?


Options are :

  • Close all GUI clients (Correct)
  • Run a cpstop on the Security Gateway. (Correct)
  • Run a cpstop on the Security Management Server (Correct)
  • Run cpconfig and set yourself up as a GUI client.

Answer : Close all GUI clients Run a cpstop on the Security Gateway. Run a cpstop on the Security Management Server

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway After selecting Packages Select > Add from CD, the:


Options are :

  • .selected package is copied to the packages directory on the selected remote Security Gateway
  • selected package is copied to the Package Repository on the Security Management Server (Correct)
  • entire contents of the CD-ROM are copied to the packages directory on the selected remote Security Gateway
  • entire contents of the CD-ROM are copied to the Package Repository on the Security Management Server

Answer : selected package is copied to the Package Repository on the Security Management Server

You are installing a Security Management Server Your security plan calls for three administrators for this particular server. How many can you create during installation'?


Options are :

  • As many as you want
  • Depends on the license installed on the Security Management Server
  • Only one with full access and one with read-only access
  • One (Correct)

Answer : One

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions