156-315.77 Check Point Certified Security Expert Exam Set 3

A Smart ProvisioningGateway could be a member of which VPN communities? (i) Center In Star Topology (ii) Satellite in Star Topology (iii) Carter in Remote Access Community (iv) Meshed Community


Options are :

  • (i), (ii) and (iii)
  • All
  • (ii) and (iii) (Correct)
  • (ii) only

Answer : (ii) and (iii)

Which of the following statements is FALSE about the DLP Software Blade and Active Directory (AD) or LDAP?


Options are :

  • .For SMTP traffic, each recipient e-mail address is translated using AD/LDAP to a user name and group that is checked vs. the destination column of the DLP rule base.
  • When a user authenticates in the DLP Portal to view all his unhandled incidents, the portal authenticates the user using only AD/LDAP. (Correct)
  • For SMTP traffic, the sender e-mail address is translated using AD/LDAP to a user name and group that is checked vs. the source column of the DLP rule base.
  • Check Point User Check client authentication is based on AD

Answer : When a user authenticates in the DLP Portal to view all his unhandled incidents, the portal authenticates the user using only AD/LDAP.

When using Connector with Endpoint Security Policies, what option is not available when configuring DAT enforcement?


Options are :

  • Maximum DAT file version (Correct)
  • Oldest DAT file timestamp
  • Minimum DAT file version
  • Maximum DAT file age

Answer : Maximum DAT file version

Which of the following operating systems support numbered VTI's?


Options are :

  • Solaris
  • Secure PlatformPro (Correct)
  • Windows Server 2008
  • IPSO 4.0 +

Answer : Secure PlatformPro

You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10.The H.323 rule includes a per-connection guarantee of 384 Kbps. and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional connections are allowed in the Action properties. If traffic is passing through the QoS Module matches both rules, which of the following statements is TRUE?


Options are :

  • Neither rule will be allocated more than 10% of available bandwidth.
  • The H.323 rule will consume no more than 2048 Kbps of available bandwidth. (Correct)
  • 50% of available bandwidth will be allocated to the Default Rule.
  • Each H.323 connection will receive at least 512 Kbps of bandwidth.

Answer : The H.323 rule will consume no more than 2048 Kbps of available bandwidth.

How is change approved for implementation in SmartWorkflow?


Options are :

  • The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the change.
  • The change is submitted for approval and is automatically installed by the approver once Approve is clicked.
  • The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change. (Correct)
  • The change is submitted for approval and is manually installed by the approver once Approve is clicked.

Answer : The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.

For best performance in Event Correlation, you should use:


Options are :

  • IP address ranges (Correct)
  • Nothing slows down Event Correlation
  • Many objects
  • Large groups

Answer : IP address ranges

Provisioning Profiles can NOT be applied to:


Options are :

  • Power-1 Appliances
  • UTM-1 EDGE Appliances
  • IP Appliances (Correct)
  • UTM-1 Appliances

Answer : IP Appliances

Which technology is responsible for assembling packet streams and passing ordered data to the protocol parsers in IPS?


Options are :

  • Content Management Infrastructure
  • Accelerated INSPECT
  • Packet Streaming Layer (Correct)
  • .Pattern Matcher

Answer : Packet Streaming Layer

Check Point recommends deploying SSL VPN:


Options are :

  • In parallel to the firewall
  • In front of the firewall with a LAN connection (Correct)
  • In a DMZ
  • On the Primary cluster member

Answer : In front of the firewall with a LAN connection

When running DLP Wizard for the first time, which of the following is a mandatory configuration?


Options are :

  • DLP Portal URL
  • E-mail Domain in My Organization (Correct)
  • Active Directory
  • Mail Server

Answer : E-mail Domain in My Organization

What Smart Console application allows you to change the Log Consolidation Policy?


Options are :

  • Smart Update
  • Smart Dashboard
  • Smart Event Server
  • Smart Reporter (Correct)

Answer : Smart Reporter

What is the lowest possible version a Security Gateway may be running in order to use it as an LSM enabled Gateway?


Options are :

  • NGXR65HFA_50
  • NGX R71
  • NGX R60
  • NG-AI R55 HFAJ7 (Correct)

Answer : NG-AI R55 HFAJ7

You need to publish GaiA routes using the OSPF routing protocol. What is the correct command structure, once entering the route command, to implement OSPF successfully?


Options are :

  • Enable Configure terminal Router ospf [id] Network [network] [wildmask] area [id] (Correct)
  • Use DBedit utility to either the objects_5_0.c file
  • ip route ospf ospf network1 ospf network2
  • Run cpconfig utility to enable ospf routing

Answer : Enable Configure terminal Router ospf [id] Network [network] [wildmask] area [id]

Which of the following commands would you run to remove site-to-site IKE and IPSec Keys?


Options are :

  • vpn tu (Correct)
  • vpn export_p12
  • vpn accel off
  • ikeoff

Answer : vpn tu

Due to some recent performance issues, you are asked to add additional processors to your firewall. If you already have CoreXL enabled, how are you able to increase Kernel instances?


Options are :

  • Kernel instances are automatically added after process installed and no additional configuration is needed.
  • In Smart Update, right-click on Firewall Object and choose Add Kernel Instances.
  • Once CoreXL is installed you cannot enable additional Kernel instances without reinstalling R76.
  • Use cpconfig to reconfigure CoreXL. (Correct)

Answer : Use cpconfig to reconfigure CoreXL.

After Travis added new processing cores on his server, CoreXL did not use them.What would be the most plausible reason why? Travis did not:


Options are :

  • Run cpconfig to increase the kernel instances. (Correct)
  • Run cpconfig to increase the number of CPU cores
  • Edit the Gateway Properties and increase the kernel instances.
  • Edit the Gateway Properties and increase the number of CPU cores.

Answer : Run cpconfig to increase the kernel instances.

You have installed Secure Platform R76 as Security Gateway operating system. As company requirements changed, you need the VTI features of R76. What should you do?


Options are :

  • Only IPSO 3.9 supports VTI feature, so you have to replace your Security Gateway with Nokia appliances.
  • In Smart Dashboard click on the OS drop down menu and choose Secure Platform Pro. You have to reboot the Security Gateway in order for the change to take effect.
  • Type pro enable on your Security Gateway and reboot it. (Correct)
  • .You have to re-install your Security Gateway with Secure Platform Pro R76, as Secure Platform R76 does not support VTIs.

Answer : Type pro enable on your Security Gateway and reboot it.

What is the router command to save your OSPF configuration?


Options are :

  • write config
  • save memory
  • save
  • write mem (Correct)

Answer : write mem

Which operating system(s) support(s) unnumbered VPN Tunnel Interfaces (VTIs) for routebased VPN's?


Options are :

  • Secure Platform for NGX and higher
  • Solaris 9 and higher
  • .IPSO 3.9 and higher (Correct)
  • Red Hat Linux

Answer : .IPSO 3.9 and higher

You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server.When you run patch add cd from the NGX CD, what does this command allow you to upgrade?


Options are :

  • Only VPN-1 Pro Security Gateway
  • All products, except the Policy Server
  • Only the patch utility is upgraded using this command
  • Only the OS
  • Both the operating system (OS) and all Check Point products (Correct)

Answer : Both the operating system (OS) and all Check Point products

Cody is notified by blacklist.org that his site has been reported as a spam relay, due to his SMTP Server being unprotected. Cody decides to implement an SMTP Security Server, to prevent the server from being a spam relay.Which of the following is the most efficient configuration method?


Options are :

  • Configure the SMTP Security Server to perform MX resolving
  • Configure the SMTP Security Server to work with an OPSEC based product, for content checking.
  • .Configure the SMTP Security Server to apply a generic "from" address to all outgoing mail.
  • Configure the SMTP Security Server to perform filtering, based on IP address and SMTP protocols.
  • Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain. (Correct)

Answer : Configure the SMTP Security Server to allow only mail to or from names, within Cody's corporate domain.

You want to create an IKE VPN between two VPN-1 NGX Security Gateways, to protect two networks. The network behind one Gateway is 10.15.0.0/16, and network 192.168.9.0/24 is behind the peer's Gateway.Which type of address translation should you use, to ensure the two networks access each other through the VPN tunnel?


Options are :

  • None (Correct)
  • Hide NAT
  • Hide NAT
  • Manual NAT
  • Static NAT

Answer : None

DShield is a Check Point feature used to block which of the following threats?


Options are :

  • SQL injection
  • Buffer overflows
  • DDOS (Correct)
  • Trojan horses
  • Cross Site Scripting

Answer : DDOS

If you check the box "Use Aggressive Mode", in the IKE Properties dialog box:


Options are :

  • The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange.
  • The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a twelve-packet exchange.
  • The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange. (Correct)
  • The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange.

Answer : The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange.

Robert has configured a Common Internet File System (CIFS) resource to allow access to the public partition of his company's file server, on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the shared partition, unless they use the file server's IP address.Which of the following is a possible cause?


Options are :

  • Remote registry access is blocked.
  • The CIFS resource is not configured to use Windows name resolution (Correct)
  • Null CIFS sessions are blocked.
  • Access violations are not logged.
  • Mapped shares do not allow administrative locks.

Answer : The CIFS resource is not configured to use Windows name resolution

VPN-1 NGX supports VoIP traffic in all of the following environments, EXCEPT which environment?


Options are :

  • SIP
  • MGCP
  • SCCP
  • MEGACO (Correct)
  • H.323

Answer : MEGACO

Your company has two headquarters, one in London, one in New York. Each headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and only the headquarters need to communicate directly. What is the BEST configuration for VPN Communities among the branch offices and their headquarters, and between the two headquarters?VPN Communities comprised of:


Options are :

  • Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters (Correct)
  • Three mesh Communities: one for London headquarters and its branches, one for New York headquarters and its branches, and one for London and New York headquarters.
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, in which London is the center of the Community and New York, is the satellite.
  • Two mesh Communities, one for each headquarters and their branch offices; and one star Community, where New York is the center of the Community and London is the satellite.

Answer : Two stars and one mesh Community; each star Community is set up for each site, with headquarters as the center of the Community, and branches as satellites. The mesh Communities are between the New York and London headquarters

Which is the BEST configuration option to protect internal users from malicious Java code, without stripping Java scripts?


Options are :

  • Use the URI resource to strip ActiveX tags
  • Use CVP in the URI resource to block Java code
  • Use the URI resource to strip applet tags
  • Use the URI resource to block Java code (Correct)

Answer : Use the URI resource to block Java code

You have an internal FTP server, and you allow downloading, but not uploading.Assume Network Address Translation is set up correctly, and you want to add an inbound rule with: Source: Any Destination: FTP server Service: FTP resources object. How do you configure the FTP resource object and the action column in the rule to achieve this goal?


Options are :

  • Enable only the "Get" method in the FTP Resource Properties, and use this method in the rule, with action accept. (Correct)
  • Enable only the "Put" method in the FTP Resource Properties and use it in the rule, with action accept.
  • Enable only the "Get" method in the FTP Resource Properties and use it in the rule, with action drop.
  • Enable both "Put" and "Get" methods in the FTP Resource Properties and use them in the rule, with action drop.
  • Disable "Get" and "Put" methods in the FTP Resource Properties and use it in the rule, with action accept.

Answer : Enable only the "Get" method in the FTP Resource Properties, and use this method in the rule, with action accept.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions