156-315.77 Check Point Certified Security Expert Exam Set 9

When do modifications to the Event Policy take effect?


Options are :

  • When saved on the SmartEvent Client, and installed on the SmartEvent Server.
  • When saved on the Correlation Units, and pushed as a policy.
  • When saved on the SmartEvent Server and installed to the Correlation Units. (Correct)
  • As soon as the Policy Tab window is closed.

Answer : When saved on the SmartEvent Server and installed to the Correlation Units.

The process _____ provides service to access the GAIA configuration database.


Options are :

  • confd (Correct)
  • configdbd
  • fwm
  • ipsrd

Answer : confd

What tool exports the Management Configuration into a single file?


Options are :

  • Upgrade_Export
  • Backup
  • migrate export (Correct)
  • CPConfig_Export

Answer : migrate export

Which of the following is the preferred method for adding static routes in GAiA?


Options are :

  • In the CLI via sysconfig
  • In the CLI with the command “route add”
  • In Web Portal, under Network Management > IPv4 Static Routes (Correct)
  • In SmartDashboard under Gateway Properties > Topology

Answer : In Web Portal, under Network Management > IPv4 Static Routes

Check Point New Mode HA is a(n) _____ solution.


Options are :

  • load-balancing
  • acceleration
  • active-standby (Correct)
  • primary-domain

Answer : active-standby

To help organize events, SmartReporter uses filtered queries. Which of the following is NOT an Smart Event event property you can query?


Options are :

  • TypE. Scans, Denial of Service, Unauthorized Entry
  • TimE. Last Hour, Last Day, Last Week
  • Event: Critical, Suspect, False Alarm (Correct)
  • StatE. Open, Closed, False Alarm

Answer : Event: Critical, Suspect, False Alarm

Which protocol can be used to provide logs to third-party reporting?


Options are :

  • AMON (Application Monitoring)
  • LEA (Log Export API) (Correct)
  • ELA (Event Logging API)
  • CPMI (Check Point Management Interface)

Answer : LEA (Log Export API)

Where is it necessary to configure historical records in SmartView Monitor to generate Express reports in SmartReporter?


Options are :

  • In SmartDashboard, the SmartView Monitor page in the R77 Security Gateway object (Correct)
  • In SmartView Monitor, under Global Properties > Log and Masters
  • In SmartReporter, under Standard > Custom
  • In SmartReporter, under Express > Network Activity

Answer : In SmartDashboard, the SmartView Monitor page in the R77 Security Gateway object

Which of the following is NOT part of the policy installation process?


Options are :

  • Initiation
  • Validation (Correct)
  • Code generation
  • Code compilation

Answer : Validation

When, during policy installation, does the atomic load task run?


Options are :

  • Immediately after fwm load runs on the SmartCenter.
  • It is the first task during policy installation.
  • Before CPD runs on the Gateway.
  • It is the last task during policy installation. (Correct)

Answer : It is the last task during policy installation.

What is the best tool to produce a report which represents historical system information?


Options are :

  • Smartview Monitor
  • SmartReporter-Express Reports (Correct)
  • SmartReporter-Standard Reports
  • SmartView Tracker

Answer : SmartReporter-Express Reports

Select the right answer to export IPS profiles to copy to another management server?


Options are :

  • fwm dbexport –p
  • ips_export_import export (Correct)
  • SmartDashboard – IPS tab – Profiles – select profile + right click and select “export profile”
  • IPS profile exports is not allowed

Answer : ips_export_import export

David wants to manage hundreds of gateways using a central management tool. What tool would David use to accomplish his goal?


Options are :

  • SmartDashboard
  • SmartProvisioning (Correct)
  • SmartLSM
  • SmartBlade

Answer : SmartProvisioning

To clean the system of all SmartEvent events, you should delete the files in which folder(s)?


Options are :

  • $RTDIR/events_db
  • $FWDIR/distrib_db and $FWDIR/events
  • $RTDIR/distrib and $RTDIR/events_db (Correct)
  • $FWDIR/distrib

Answer : $RTDIR/distrib and $RTDIR/events_db

The SmartEvent Correlation Unit:


Options are :

  • looks for patterns according to the installed Event Policy. (Correct)
  • adds events to the events database.
  • displays the received events.
  • assigns a severity level to an event.

Answer : looks for patterns according to the installed Event Policy.

Which SmartReporter report type is generated from the SmartView Monitor history file?


Options are :

  • Traditiona
  • Express (Correct)
  • Custom
  • Standard

Answer : Express

You are establishing a ClusterXL environment, with the following topology: VIP internal cluster IP = 172.16.10.3; VIP external cluster IP = 192.168.10.3 Cluster Member 1: 4 NICs, 3 enabled. hme0: 192.168.10.1/24, hme1: 10.10.10.1/24, qfe2: 172.16.10.1/24 Cluster Member 2: 5 NICs, 3 enabled; hme3: 192.168.10.2/24, hme1: 10.10.10.2/24, hme2: 172.16.10.2/24 External interfaces 192.168.10.1 and 192.168.10.2 connect to a VLAN switch. The upstream router connects to the same VLAN switch. Internal interfaces 172.16.10.1 and 172.16.10.2 connect to a hub. 10.10.10.0 is the synchronization network. The Security Management Server is located on the internal network with IP 172.16.10.3. What is the problem with this configuration?


Options are :

  • Cluster members cannot use the VLAN switch. They must use hubs.
  • The Cluster interface names must be identical across all cluster members.
  • The Security Management Server must be in the dedicated synchronization network, not the internal network.
  • There is an IP address conflict. (Correct)

Answer : There is an IP address conflict.

Which of the following is NOT accelerated by SecureXL?


Options are :

  • HTTPS
  • Telnet
  • SSH
  • FTP (Correct)

Answer : FTP

A tracked SmartEvent Candidate in a Candidate Pool becomes an Event. What does NOT happen in the Analyzer Server?


Options are :

  • SmartEvent stops tracking logs related to the Candidate (Correct)
  • The Event is kept open, but condenses many instances into one Event.
  • The Correlation Unit keeps adding matching logs to the Event.
  • SmartEvent provides the beginning and end time of the Event.

Answer : SmartEvent stops tracking logs related to the Candidate

What is the SmartEvent Analyzer's function?


Options are :

  • Generate a threat analysis report from the Analyzer database.
  • Display received threats and tune the Events Policy.
  • Assign severity levels to events. (Correct)
  • Analyze log entries, looking for Event Policy patterns.

Answer : Assign severity levels to events.

If the number of kernel instances for CoreXL shown is 6, how many cores are in the physical machine?


Options are :

  • 8 (Correct)
  • 3
  • 6
  • 4

Answer : 8

You are reviewing computer information collected in ClientInfo. You can NOT:


Options are :

  • Run Google.com search using the contents of the selected cell.
  • Save the information in the active tab to an .exe file. (Correct)
  • Copy the contents of the selected cells.
  • Enter new credential for accessing the computer information.

Answer : Save the information in the active tab to an .exe file.

In which ClusterXL Load Sharing mode, does the pivot machine get chosen automatically by ClusterXL?


Options are :

  • Unicast Load Sharing (Correct)
  • CCP Load Sharing
  • Hot Standby Load Sharing
  • Multicast Load Sharing

Answer : Unicast Load Sharing

How do new connections get established through a Security Gateway with SecureXL enabled?


Options are :

  • New connection packets never reach the SecureXL module.
  • If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match. (Correct)
  • The new connection will be first inspected by SecureXL and if it does not match the drop table of SecureXL, then it will be passed to the firewall module for a rule match.
  • New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL

Answer : If the connection matches a connection or drop template in SecureXL, it will either be established or dropped without performing a rule match, else it will be passed to the firewall module for a rule match.

Which component receives events and assigns severity levels to the events; invokes any defined automatic reactions, and adds the events to the Events Data Base?


Options are :

  • SmartEvent Analysis DataServer
  • SmartEvent Server (Correct)
  • SmartEvent Client
  • SmartEvent Correlation Unit

Answer : SmartEvent Server

The SmartEvent Client:


Options are :

  • analyzes each IPS log entry as it enters the Log server.
  • assigns a severity level to an event.
  • displays the received events. (Correct)
  • adds events to the events database.

Answer : displays the received events.

What is a requirement for setting up R77 Management High Availability?


Options are :

  • All Security Management Servers must reside in the same LAN.
  • All Security Management Servers must have the same operating system. (Correct)
  • All Security Management Servers must have the same number of NICs.
  • State synchronization must be enabled on the secondary Security Management Server

Answer : All Security Management Servers must have the same operating system.

What configuration change must you make to change an existing ClusterXL cluster object from Multicast to Unicast mode?


Options are :

  • Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy.
  • Change the cluster mode to Unicast on each of the cluster-member objects.
  • Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy. (Correct)
  • Run cpstop and cpstart, to re-enable High Availability on both objects. Select Pivot mode in cpconfig.

Answer : Change the cluster mode to Unicast on the cluster object. Reinstall the Security Policy.

What is the SmartEvent Correlation Unit’s function?


Options are :

  • Analyze log entries, looking for Event Policy patterns. (Correct)
  • Assign severity levels to events.
  • Display received threats and tune the Events Policy.
  • Invoke and define automatic reactions and add events to the database.

Answer : Analyze log entries, looking for Event Policy patterns.

What is the benefit to running SmartEvent in Learning Mode?


Options are :

  • There is no SmartEvent Learning Mode
  • To run SmartEvent, with a step-by-step online configuration guide for training/setup purposes
  • To generate a report with system Event Policy modification suggestions (Correct)
  • To run SmartEvent with preloaded sample data in a test environment

Answer : To generate a report with system Event Policy modification suggestions

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions