Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Checkpoint 156-215.77 Check Point Certified Security Administrator Exam Practice Test

Demo: 58 questions
Total 388 questions

Check Point Certified Security Administrator Questions and Answers

Question 1

If a SmartUpdate upgrade or distribution operation fails on GAiA, how is the system recovered?

Options:

A.

The Administrator can only revert to a previously created snapshot (if there is one) with the command cprinstall snapshot .

B.

The Administrator must reinstall the last version via the command cprinstall revert .

C.

The Administrator must remove the rpm packages manually, and re-attempt the upgrade.

D.

GAiA will reboot and automatically revert to the last snapshot version prior to upgrade.

Question 2

When you hide a rule in a Rule Base, how can you then disable the rule?

Options:

A.

Hidden rules are already effectively disabled from Security Gateway enforcement.

B.

Right-click on the hidden rule place-holder bar and select Disable Rule(s).

C.

Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

D.

Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).

Question 3

A Cleanup rule:

Options:

A.

logs connections that would otherwise be dropped without logging by default.

B.

drops packets without logging connections that would otherwise be dropped and logged by default.

C.

logs connections that would otherwise be accepted without logging by default.

D.

drops packets without logging connections that would otherwise be accepted and logged by default.

Question 4

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Options:

A.

Check Point Password

B.

TACACS

C.

LDAP

D.

Windows password

Question 5

What physical machine must have access to the User Center public IP address when checking for new packages with SmartUpdate?

Options:

A.

A Security Gateway retrieving the new upgrade package

B.

SmartUpdate installed Security Management Server PC

C.

SmartUpdate GUI PC

D.

SmartUpdate Repository SQL database Server

Question 6

Which of the following objects is a valid source in an authentication rule?

Options:

A.

Host@Any

B.

User@Network

C.

User_group@Network

D.

User@Any

Question 7

Which of the following is a CLI command for Security Gateway R77?

Options:

A.

fw tab -u

B.

fw shutdown

C.

fw merge

D.

fwm policy_print

Question 8

What mechanism does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?

Options:

A.

WMI

B.

CIFS

C.

RCP

D.

LDAP

Question 9

Which command gives an overview of your installed licenses?

Options:

A.

cplicense

B.

showlic

C.

fw lic print

D.

cplic print

Question 10

Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed.

Can the administrator use a restore to fix the errors in static routing?

Options:

A.

The restore is not possible because the backup file does not have the same build number (version).

B.

The restore is done by selecting Snapshot Management from the boot menu of GAiA.

C.

The restore can be done easily by the command restore and copying netconf.C from the production environment.

D.

A backup cannot be restored, because the binary files are missing.

Question 11

What is the primary benefit of using the command upgrade_export over either backup or snapshot?

Options:

A.

upgrade_export is operating system independent and can be used when backup or snapshot is not available.

B.

upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.

C.

The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.

D.

upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.

Question 12

Identify the correct step performed by SmartUpdate to upgrade a remote Security Gateway. After selecting Packages > Distribute and Install Selected Package and choosing the target Gateway, the:

Options:

A.

selected package is copied from the Package Repository on the Security Management Server to the Security Gateway and the installation IS performed.

B.

SmartUpdate wizard walks the Administrator through a distributed installation.

C.

selected package is copied from the Package Repository on the Security Management Server to the Security Gateway but the installation IS NOT performed.

D.

selected package is copied from the SmartUpdate PC CD-ROM directly to the Security Gateway and the installation IS performed.

Question 13

Which of the following is NOT defined by an Access Role object?

Options:

A.

Source Network

B.

Source Machine

C.

Source User

D.

Source Server

Question 14

You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?

Options:

A.

Perform the actual license-upgrade process

B.

Simulate the license-upgrade process

C.

View the licenses in the SmartUpdate License Repository

D.

View the status of currently installed licenses

Question 15

Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

Options:

A.

fw cpinfo

B.

cpinfo -o date.cpinfo.txt

C.

diag

D.

cpstat - date.cpstat.txt

Question 16

John is the Security Administrator in his company. He installs a new R77 Security Management Server and a new R77 Gateway. He now wants to establish SIC between them. After entering the activation key, he gets the following message in SmartDashboard -

“Trust established?”

SIC still does not seem to work because the policy won’t install and interface fetching does not work. What might be a reason for this?

Options:

A.

SIC does not function over the network.

B.

It always works when the trust is established

C.

The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.

D.

This must be a human error.

Question 17

Which of the following is a viable consideration when determining Rule Base order?

Options:

A.

Placing frequently accessed rules before less frequently accessed rules

B.

Grouping IPS rules with dynamic drop rules

C.

Adding SAM rules at the top of the Rule Base

D.

Grouping rules by date of creation

Question 18

Which of the following methods is NOT used by Identity Awareness to catalog identities?

Options:

A.

AD Query

B.

Captive Portal

C.

Identity Agent

D.

GPO

Question 19

Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:

Options:

A.

Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.

B.

Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.

C.

Two star communities and one mesh: A star community for each city with headquarters as center, and branches as satellites. Then one mesh community for the two headquarters.

D.

One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the “mesh center Gateways�? option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.

Question 20

Charles requests a Website while using a computer not in the net_singapore network. What is TRUE about his location restriction?

Exhibit:

Options:

A.

Source setting in Source column always takes precedence.

B.

Source setting in User Properties always takes precedence.

C.

As location restrictions add up, he would be allowed from net_singapore and net_sydney.

D.

It depends on how the User Auth object is configured; whether User Properties or Source Restriction takes precedence.

Question 21

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

Options:

A.

vpn debug ipsec

B.

vpn ipsec

C.

fw ipsec tu

D.

vpn tu

Question 22

When configuring anti-spoofing on the Security Gateway object interfaces, which of the following is NOT a valid R77 topology configuration?

Options:

A.

External

B.

Any

C.

Specific

D.

Not Defined

Question 23

All R77 Security Servers can perform authentication with the exception of one.

Which of the Security Servers can NOT perform authentication?

Options:

A.

FTP

B.

SMTP

C.

HTTP

D.

RLOGIN

Question 24

Anti-Spoofing is typically set up on which object type?

Options:

A.

Security Gateway

B.

Host

C.

Security Management object

D.

Network

Question 25

Why are certificates preferred over pre-shared keys in an IPsec VPN?

Options:

A.

Weak performancE. PSK takes more time to encrypt than Diffie-Hellman.

B.

Weak Security: PSK are static and can be brute-forced.

C.

Weak security: PSKs can only have 112 bit length.

D.

Weak scalability: PSKs need to be set on each and every Gateway.

Question 26

Which of the following actions do NOT take place in IKE Phase 1?

Options:

A.

Peers agree on encryption method.

B.

Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.

C.

Peers agree on integrity method.

D.

Each side generates a session key from its private key and the peer’s public key.

Question 27

Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.

Options:

A.

Key-logging

B.

ICA Certificates

C.

SecureClient

D.

Single Sign-On

Question 28

How many packets are required for IKE Phase 2?

Options:

A.

12

B.

2

C.

6

D.

3

Question 29

Which do you configure to give remote access VPN users a local IP address?

Options:

A.

Encryption domain pool

B.

NAT pool

C.

Office mode IP pool

D.

Authentication pool

Question 30

When configuring the Check Point Gateway network interfaces, you can define the direction as Internal or External. What does the option Interface leads to DMZ mean?

Exhibit:

Options:

A.

Using restricted Gateways, this option automatically turns off the counting of IP Addresses originating from this interface.

B.

Activating this option automatically turns this interface to External.

C.

It defines the DMZ Interface since this information is necessary for Content Control

D.

Select this option to automatically configure Anti-Spoofing to this net.

Question 31

What is the appropriate default Gaia Portal address?

Options:

A.

HTTP: // [IPADDRESS]

B.

HTTPS:// [IPADDRESS] : 8080

C.

HTTPS:// [IPADDRESS] : 4434

D.

HTTPS:// [IPADDRESS]

Question 32

What happens when you run the command. fw sam -J src [Source IP Address]?

Options:

A.

Connections from the specified source are blocked without the need to change the Security Policy.

B.

Connections to the specified target are blocked without the need to change the Security Policy.

C.

Connections to and from the specified target are blocked without the need to change the Security Policy.

D.

Connections to and from the specified target are blocked with the need to change the Security Policy.

Question 33

What is the only SmartConsole you can open without a license?

Options:

A.

SmartDashboard

B.

SmartEvent

C.

SmartUpdate

D.

SmartView Monitor

Question 34

Which of the following is true of the Cleanup rule?

Options:

A.

The Cleanup rule must be the last rule in a policy

B.

The Cleanup rule is an example of an Implied rule

C.

The Cleanup rule is important for blocking unwanted connections

D.

The Cleanup rule should not be logged

Question 35

You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base.

How do you achieve this?

Options:

A.

Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.

B.

Select Block intruder from the Tools menu in SmartView Tracker.

C.

Create a Suspicious Activity Rule in SmartView Monitor.

D.

Add a temporary rule using SmartDashboard and select hide rule.

Question 36

Is it possible to see user activity in SmartView Tracker?

Options:

A.

Yes, seeing user activity is enabled when using the Identity Awareness blade.

B.

No, a Check Point Gateway can only see IP addresses.

C.

Yes, but you have to enable the option: See user information in SmartView Tracker.

D.

Yes, but you need to use the SPLAT operating system.

Question 37

Which tool CANNOT be launched from SmartUpdate R77?

Options:

A.

IP Appliance Voyager

B.

snapshot

C.

GAiA WebUI

D.

cpinfo

Question 38

You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.

Unfortunately, you get the message.

"There are no machines that contain Firewall Blade and SmartView Monitor."

What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.

Options:

A.

Purchase the SmartView Monitor license for your Security Management Server.

B.

Enable Monitoring on your Security Management Server.

C.

Purchase the SmartView Monitor license for your Security Gateway.

D.

Enable Monitoring on your Security Gateway.

Question 39

What information is found in the SmartView Tracker Management log?

Options:

A.

Historical reports log

B.

Policy rule modification date/time stamp

C.

Destination IP address

D.

Most accessed Rule Base rule

Question 40

How do you configure an alert in SmartView Monitor?

Options:

A.

An alert cannot be configured in SmartView Monitor.

B.

By choosing the Gateway, and Configure Thresholds.

C.

By right-clicking on the Gateway, and selecting Properties.

D.

By right-clicking on the Gateway, and selecting System Information.

Question 41

How do you use SmartView Monitor to compile traffic statistics for your company’s Internet Web activity during production hours?

Options:

A.

Select Tunnels view, and generate a report on the statistics.

B.

Configure a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway.

C.

Use Traffic settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day.

D.

View total packets passed through the Security Gateway.

Question 42

Choose the correct statement regarding Stealth Rules:

Options:

A.

The Stealth Rule is a default rule that always exists when using Check Point products.

B.

The Stealth Rule is part of the Implicit rules.

C.

Check Point recommends you include a Stealth Rule as a best practice.

D.

The Stealth Rule is a rule that hides your internal networks.

Question 43

Which of the following is true of a Stealth Rule?

Options:

A.

The Stealth rule should not be logged

B.

The Stealth rule is required for proper firewall protection

C.

The Stealth rule should be located just before the Cleanup rule

D.

The Stealth rule must be the first rule in a policy

Question 44

Complete this statement. The block Intruder option in the Active log is available ____________.

Options:

A.

in the SmartView Monitor client

B.

in the SmartView Tracker client

C.

since R75.40 release

D.

only if you have the IPS blade enabled at least in one gateway

Question 45

Lilly needs to review VPN History counters for the last week.

Where would she do this?

Options:

A.

SmartView Monitor > Tunnels > VPN History

B.

SmartView Monitor > System Counters > VPN History

C.

SmartView Monitor > System Counters > Firewall Security History

D.

SmartView Monitor > System Counters > VPN

Question 46

Which of the following can be found in cpinfo from an enforcement point?

Options:

A.

Everything NOT contained in the file r2info

B.

VPN keys for all established connections to all enforcement points

C.

The complete file objects_5_0.c

D.

Policy file information specific to this enforcement point

Question 47

The customer has a small Check Point installation which includes one Windows 7 workstation as the SmartConsole, one GAiA device working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n):

Options:

A.

Hybrid Installation

B.

Unsupported configuration

C.

Stand-Alone Installation

D.

Distributed Installation

Question 48

By default, when you click File > Switch Active File in SmartView Tracker, the Security Management Server:

Options:

A.

Saves the current log file, names the log file by date and time, and starts a new log file.

B.

Purges the current log file, and starts a new log file.

C.

Prompts you to enter a filename, and then saves the log file.

D.

Purges the current log file, and prompts you for the new log’s mode.

Question 49

The customer has a small Check Point installation which includes one Windows 2008 server as SmartConsole and Security Management Server with a second server running GAiA as Security Gateway. This is an example of a(n):

Options:

A.

Stand-Alone Installation.

B.

Distributed Installation.

C.

Unsupported configuration.

D.

Hybrid Installation.

Question 50

Which utility allows you to configure the DHCP service on GAiA from the command line?

Options:

A.

ifconfig

B.

sysconfig

C.

cpconfig

D.

dhcp_cfg

Question 51

Where can an administrator configure the notification action in the event of a policy install time change?

Options:

A.

SmartView Monitor > Gateways > Thresholds Settings

B.

SmartView Monitor > Gateway Status > System Information > Thresholds

C.

SmartDashboard > Policy Package Manager

D.

SmartDashboard > Security Gateway Object > Advanced Properties Tab

Question 52

Where can you find the Check Point’s SNMP MIB file?

Options:

A.

$CPDIR/lib/snmp/chkpt.mib

B.

$FWDIR/conf/snmp.mib

C.

It is obtained only by request from the TAC.

D.

There is no specific MIB file for Check Point products.

Question 53

You receive a notification that long-lasting Telnet connections to a mainframe are dropped after an hour of inactivity. Reviewing SmartView Tracker shows the packet is dropped with the error:

Unknown established connection

How do you resolve this problem without causing other security issues? Choose the BEST answer.

Options:

A.

Increase the service-based session timeout of the default Telnet service to 24-hours.

B.

Ask the mainframe users to reconnect every time this error occurs.

C.

Increase the TCP session timeout under Global Properties > Stateful Inspection.

D.

Create a new TCP service object on port 23 called Telnet-mainframe. Define a service-based session timeout of 24-hours. Use this new object only in the rule that allows the Telnet connections to the mainframe.

Question 54

Which of the following R77 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?

Options:

A.

All Records Query

B.

Account Query

C.

Active Tab

D.

Audit Tab

Question 55

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways.

Which two SmartConsole applications will you use to create this report and outline?

Options:

A.

SmartView Tracker and SmartView Monitor

B.

SmartLSM and SmartUpdate

C.

SmartDashboard and SmartView Tracker

D.

SmartView Monitor and SmartUpdate

Question 56

Which SmartConsole tool would you use to see the last policy pushed in the audit log?

Options:

A.

SmartView Tracker

B.

None, SmartConsole applications only communicate with the Security Management Server.

C.

SmartView Status

D.

SmartView Server

Question 57

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

Options:

A.

The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

B.

The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.

C.

The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.

D.

The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.

Question 58

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

Options:

A.

Allow bi-directional NAT

B.

Automatic ARP configuration

C.

Translate destination on client-side

D.

Enable IP Pool NAT

Demo: 58 questions
Total 388 questions