156-315.77 Check Point Certified Security Expert Exam Set 2

What is the default port number for standard TCP connections with the LDAP server?


Options are :

  • 398
  • 363
  • 389 (Correct)
  • 636

Answer : 389

The process that performs the authentication for Remote Access is:


Options are :

  • cpd
  • fwm
  • cvpnd
  • vpnd (Correct)

Answer : vpnd

You want to verify that your Check Point cluster is working correctly.Which command line tool can you use?


Options are :

  • cphastart -status
  • .cphaprob state (Correct)
  • cphainfo -s
  • cphaconf state

Answer : .cphaprob state

Which of the following statements accurately describes the upgrade_export command?


Options are :

  • Used primarily when upgrading the Security Management Server, upgrade export stores all object databases and the conf directories for importing to a newer version of the Security Gateway. (Correct)
  • upgrade export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.
  • .Used when upgrading the Security Gateway, upgrade exporting cludes modified files, such as in the directories /lib and /conf.
  • upgrade export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.

Answer : Used primarily when upgrading the Security Management Server, upgrade export stores all object databases and the conf directories for importing to a newer version of the Security Gateway.

When upgrading Check Point products in a distributed environment, in which order should you upgrade these components? 1 GUI Client 2 Security Management Server 3 Security Gateway


Options are :

  • 1,2,3
  • 2,3,1 (Correct)
  • 3,1,2
  • 3,2,1

Answer : 2,3,1

You have two IP Appliances: one IP565 and one IP395. Both appliances have IPSO 6.2 and R76 installed in a distributed deployment. Can they be members of a Gateway Cluster?


Options are :

  • No, because the appliances must be of the same model (both should be IP565 or IP395)
  • .No, because IP does not have a cluster option.
  • Yes, as long as they have the same IPSO and Check Point versions. (Correct)
  • No, because the Security Gateways must be installed in a stand-alone installation.

Answer : Yes, as long as they have the same IPSO and Check Point versions.

When configuring an LDAP Group object, which option should you select if you want the gateway to reference the groups defined on the LDAP server for authentication purposes?


Options are :

  • OU Auth and select Group Name
  • All Account-Unit's Users
  • Only Sub Tree
  • Only Group in Branch (Correct)

Answer : Only Group in Branch

You are preparing computers for a new ClusterXL deployment.For your cluster, you plan to use four machines with the following configurations:Cluster Member 1: OS:Secure Platform, NICs: QuadCard, memory: 1 GB, Security Gateway only,version: R76 Cluster Member 2: OS:Secure Platform, NICs: 4 Intel 3Com, memory: 1 GB, Security Gateway only, version: R76 Cluster Member 3: OS:Secure Platform, NICs: 4 other manufacturers, memory: 512 MB, Security Gateway only, version: R76 Security Management Server: MS Windows 2003, NIC. Intel NIC (1), Security Gateway and primary Security Management Server installed, version: R76 Are these machines correctly configured for a ClusterXL deployment?


Options are :

  • No, the Security Management Server is not running the same operating system as the cluster members.
  • Yes, these machines are configured correctly for a ClusterXL deployment. (Correct)
  • No, Cluster Member 3 does not have the required memory.
  • No, the Security Gateway cannot be installed on the Security Management Pro Server.

Answer : Yes, these machines are configured correctly for a ClusterXL deployment.

You want to upgrade a cluster with two members to VPN-1 NGX. The Smart CenterServer and both members are version VPN-1/Firewall-1 NG FP3, with the latest Hotfix.What is the correct upgrade procedure? 1. Change the version, in the General Properties of the gateway-cluster object. 2. Upgrade the Smart CenterServer, and reboot after upgrade. 3. Run cpstop on one member, while leaving the other member running. Upgrade one member at a time, and reboot after upgrade. 4. Reinstall the Security Policy.


Options are :

  • 2, 3, 1, 4 (Correct)
  • 2, 4, 3, 1
  • 3, 2, 1, 4
  • 1, 2, 3, 4
  • 1, 3, 2, 4

Answer : 2, 3, 1, 4

You need to back up the routing, interface, and DNS configuration information from your R76 Secure Platform Security Gateway. Which backup-and-restore solution do you use?


Options are :

  • Commands upgrade_export and upgrade_import
  • Database Revision Control
  • Secure Platform back up utilities (Correct)
  • Manual copies of the directory $FWDIR/conf

Answer : Secure Platform back up utilities

Which Check Point QoS feature is used to dynamically allocate relative portions of available bandwidth?


Options are :

  • Guarantees
  • Low Latency Queuing
  • Weighted Fair Queuing (Correct)
  • Differentiated Services

Answer : Weighted Fair Queuing

How can you verify that SecureXL is running?


Options are :

  • cpstat os
  • fwaccel stat (Correct)
  • fw ver
  • securexl stat

Answer : fwaccel stat

Which of the following platforms does NOT support SecureXL?


Options are :

  • UTM-1 Appliance
  • Power-1 Appliance
  • UNIX (Correct)
  • IP Appliance

Answer : UNIX

Based on the following information, which of the statements below is FALSE? A DLP Rule Base has the following conditions: Data Type =Password Protected File Source=My Organization Destination=Outside My Organization Protocol=Any Action=Ask User Exception: Data Type=Any, Source=Research and Development (R&D) Destination=Pratner1.com Protocol=Any All other rules are set to Detect. User Check is enabled and installed on all client machines


Options are :

  • Another rule is added: Source = R&D, Destination = partner1.com, Protocol = Any, Action = Inform. When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to, he will be prompted by User Check.
  • .When a user from Finance sends an e-mail with an encrypted ZIP file as an attachment to. He will be prompted by User Check. (Correct)
  • When a user from R&D sends an e-mail with an encrypted ZIP file as an attachment to , he will NOT be prompted by User Check.
  • When a user from R&D sends an e-mail with a password protected PDF file as an attachment to xyz@partner1 .com, he will be prompted by User Check.

Answer : .When a user from Finance sends an e-mail with an encrypted ZIP file as an attachment to. He will be prompted by User Check.

You are running R71 and using the new IPS Software Blade.To maintain the highest level of security, you are doing IPS updates regularly.What kind of problems can be caused by the automatic updates?


Options are :

  • All checks will be activated from the beginning and might cause unwanted traffic outage due to false positives of the new checks and non-RFC compliant self-written applications.
  • None; updates will not add any new security checks causing problematic behavior on the systems.
  • None, all the checks will be activated from the beginning, but will only detect attacks and not disturb any non-malicious traffic in the network.
  • None, all new updates will be implemented in Detect only mode to avoid unwanted traffic interruptions. They have to be activated manually later. (Correct)

Answer : None, all new updates will be implemented in Detect only mode to avoid unwanted traffic interruptions. They have to be activated manually later.

Based on the following information, which of the statements below is TRUE? A DLP Rule Base has the following conditions: Data Type = Large file (> 500KB) Source = My Organization Destination = Free Web Mails Protocol = Any Action = Ask User All other rules are set to Detect. User Check is enabled and installed on all client machines.


Options are :

  • When a user sends an e-mail with a small body and 5 attachments, each of 200 KB to, he will be prompted by User Check.
  • When a user sends an e-mail with an attachment larger than 500 KB to, he will be prompted by User Check.
  • When a user sends an e-mail with an attachment larger than 500KB to, he will be prompted by User Check.
  • When a user uploads a 600 KB file to his Yahoo account via Web Mail (via his browser), he will be prompted by User Check (Correct)

Answer : When a user uploads a 600 KB file to his Yahoo account via Web Mail (via his browser), he will be prompted by User Check

Which of the following statements is FALSE regarding OSPF configuration on Secure Platform Pro?


Options are :

  • router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
  • router ospf 1 creates an OSPF routing instance and this process ID should be different for each Security Gateway.
  • router ospf 1 creates an OSPF routing instance and this process ID should be the same on all Gateways. (Correct)
  • router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.

Answer : router ospf 1 creates an OSPF routing instance and this process ID should be the same on all Gateways.

What is the command to enter the router shell?


Options are :

  • router (Correct)
  • gated
  • clirouter
  • routerd

Answer : router

Which of the following deployment scenarios CANNOT be managed by Check Point QoS?


Options are :

  • Two lines connected to separate routers, and each router is connected to separate interfaces on the Gateway
  • Two lines connected to a single router, and the router is connected directly to the Gateway (Correct)
  • Two lines connected directly to the Gateway through a hub
  • One LAN line and one DMZ line connected to separate Gateway interfaces

Answer : Two lines connected to a single router, and the router is connected directly to the Gateway

How is SmartWorkflow enabled?


Options are :

  • .In SmartViewTracker, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode Once a mode is selected, the wizard finishes.
  • .In SmartView Monitor, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.
  • In SmartDashboard, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes. (Correct)
  • .In SmartEvent, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.

Answer : In SmartDashboard, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.

You use the snapshot feature to store your Connector SSL VPN configuration.What do you expect to find?


Options are :

  • Specified directories of the local file system
  • .The management configuration of the current product, on a management or stand-alone machine
  • A complete image of the local file system (Correct)
  • Nothing; snapshot is not supported in Connector SSL VPN

Answer : A complete image of the local file system

What could the following regular expression be used for in a DLP rule?\$([0-9]*,[0-9] [0-9] [0-9]. [0-9] [0-9] Select the best answer.


Options are :

  • As a Data Type to prevent the Finance Department from leaking salary information to employees (Correct)
  • As a compound data type representation
  • As a Data Type to prevent programmers from leaking code outside the company
  • As a Data Type to prevent employees from sending an email that contains a complete price-list of nine products.

Answer : As a Data Type to prevent the Finance Department from leaking salary information to employees

Which of the following is NOT supported by CoreXL?


Options are :

  • Smart ViewTracker
  • IPV4
  • IPS
  • Route-based VPN (Correct)

Answer : Route-based VPN

John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is the Security Administrator of a partner company and is using a different vendor's product and both have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing for their firewalls and John is using ClusterXL as a Check Point clustering solution.While trying to establish the VPN, they are constantly noticing problems and the tunnel is not stable and then Malcolm notices that there seems to be 2 SPIs with the same IP from the Check Point site. How can they solve this problem and stabilize the tunnel?


Options are :

  • This is surely a problem in the ISPs network and not related to the VPN configuration.
  • This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps the VPN Sticky to one member and the problem is resolved.
  • This can easily be solved by using the Sticky decision function in ClusterXL. (Correct)
  • This can be solved when using clusters; they have to use single firewalls.

Answer : This can easily be solved by using the Sticky decision function in ClusterXL.

One profile in SmartProvisioning can update:


Options are :

  • Only Clustered Gateways
  • Potentially hundreds and thousands of gateways. (Correct)
  • Profiles are not used for updating, just reporting.
  • Specific gateways.

Answer : Potentially hundreds and thousands of gateways.

What are the SmartProvisioning Provisioning Profile indicators?


Options are :

  • OK, Needs Attention, Uninitialized, Unknown
  • OK, In Use. Out of date, not used
  • OK, Waiting, Unknown, Not Installed, Not Updated, May be out of date
  • OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown (Correct)

Answer : OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown

What is not available for Express Reports compared to Standard Reports?


Options are :

  • Period
  • Schedule
  • Filter (Correct)
  • Content

Answer : Filter

There are times when you want to use Link Selection to manage high-traffic VPN connections.With Link Selection you can:


Options are :

  • Use links based on services. (Correct)
  • Assign links to specific VPN communities.
  • Prohibit Dynamic DNS.
  • Assign links to use Dynamic DNS.

Answer : Use links based on services.

What's true about Troubleshooting option in the IPS profile properties?


Options are :

  • Temporary sets all active protections to detect
  • Temporary changes the active protection profile to “Default_Protection”
  • Temporary sets all protections to track (log) in SmartView Tracker (Correct)
  • Temporary will disable IPS kernel engine

Answer : Temporary sets all protections to track (log) in SmartView Tracker

Which of the following is the default port for Management Portal?


Options are :

  • 4433 (Correct)
  • 444
  • 443
  • 4434

Answer : 4433

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions