March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Checkpoint 156-215.77 Check Point Certified Security Administrator Exam Practice Test

Page: 1 / 39
Total 388 questions

Check Point Certified Security Administrator Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$36  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$31.5  $104.99
Question 1

An internal host initiates a session to the Google.com website and is set for Hide NAT behind the Security Gateway. The initiating traffic is an example of __________.

Options:

A.

client side NAT

B.

source NAT

C.

destination NAT

D.

None of these

Question 2

Which NAT option applicable for Automatic NAT applies to Manual NAT as well?

Options:

A.

Allow bi-directional NAT

B.

Automatic ARP configuration

C.

Translate destination on client-side

D.

Enable IP Pool NAT

Question 3

Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R77 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?

Options:

A.

Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.

B.

Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.

C.

Use automatic Static NAT for network 10.1.1.0/24.

D.

Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

Question 4

Where is the easiest and BEST place to find information about connections between two machines?

Options:

A.

All options are valid.

B.

On a Security Gateway using the command fw log.

C.

On a Security Management Server, using SmartView Tracker.

D.

On a Security Gateway Console interface; it gives you detailed access to log files and state table information.

Question 5

NAT can NOT be configured on which of the following objects?

Options:

A.

HTTP Logical Server

B.

Gateway

C.

Address Range

D.

Host

Question 6

Which of the following commands can provide the most complete restoration of a R77 configuration?

Options:

A.

upgrade_import

B.

cpinfo -recover

C.

cpconfig

D.

fwm dbimport -p

Question 7

Which component functions as the Internal Certificate Authority for R77?

Options:

A.

Security Gateway

B.

Management Server

C.

Policy Server

D.

SmartLSM

Question 8

When launching SmartDashboard, what information is required to log into R77?

Options:

A.

User Name, Management Server IP, certificate fingerprint file

B.

User Name, Password, Management Server IP

C.

Password, Management Server IP

D.

Password, Management Server IP, LDAP Server IP

Question 9

Which of the following is NOT useful to verify whether or not a Security Policy is active on a Gateway?

Options:

A.

fw ctl get string active_secpol

B.

fw stat

C.

cpstat fw -f policy

D.

Check the Security Policy name of the appropriate Gateway in SmartView Monitor.

Question 10

You want to generate a cpinfo file via CLI on a system running GAiA. This will take about 40 minutes since the log files are also needed.

What action do you need to take regarding timeout?

Options:

A.

No action is needed because cpshell has a timeout of one hour by default.

B.

Log in as the default user expert and start cpinfo.

C.

Log in as admin, switch to expert mode, set the timeout to one hour with the command, idle 60, then start cpinfo.

D.

Log in as Administrator, set the timeout to one hour with the command idle 60 and start cpinfo.

Question 11

A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?

Options:

A.

Automatic ARP must be unchecked in the Global Properties.

B.

Nothing else must be configured.

C.

A static route must be added on the Security Gateway to the internal host.

D.

A static route for the NAT IP must be added to the Gateway’s upstream router.

Question 12

SmartView Tracker logs the following Security Administrator activities, EXCEPT:

Options:

A.

Object creation, deletion, and editing

B.

Tracking SLA compliance

C.

Administrator login and logout

D.

Rule Base changes

Question 13

You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database.

How can you do this?

Options:

A.

Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.

B.

Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

C.

Restore the entire database, except the user database, and then create the new user and user group.

D.

Restore the entire database, except the user database.

Question 14

Which SmartView Tracker selection would most effectively show who installed a Security Policy blocking all traffic from the corporate network?

Options:

A.

Management tab

B.

Custom filter

C.

Network and Endpoint tab

D.

Active tab

Question 15

You believe Phase 2 negotiations are failing while you are attempting to configure a site-to-site VPN with one of your firm’s business partners.

Which SmartConsole application should you use to confirm your suspicions?

Options:

A.

SmartDashboard

B.

SmartUpdate

C.

SmartView Status

D.

SmartView Tracker

Question 16

Which command allows you to view the contents of an R77 table?

Options:

A.

fw tab -a

B.

fw tab -t

C.

fw tab -s

D.

fw tab -x

Question 17

You are running the license_upgrade tool on your GAiA Gateway. Which of the following can you NOT do with the upgrade tool?

Options:

A.

Perform the actual license-upgrade process

B.

Simulate the license-upgrade process

C.

View the licenses in the SmartUpdate License Repository

D.

View the status of currently installed licenses

Question 18

Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.

Options:

A.

Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows

B.

Check Point GAiA and SecurePlatform, and Microsoft Windows

C.

Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

D.

Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows

Question 19

Can you use Captive Portal with HTTPS?

Options:

A.

No, it only works with FTP

B.

No, it only works with FTP and HTTP

C.

Yes

D.

No, it only works with HTTP

Question 20

MegaCorp’s security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway.

How do you apply the license?

Options:

A.

Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.

B.

Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

C.

Using the remote Gateway's IP address, and applying the license locally with the command cplic put.

D.

Using each of the Gateways’ IP addresses, and applying the licenses on the Security Management Server with the command.

Question 21

Access Role objects define users, machines, and network locations as:

Options:

A.

Credentialed objects

B.

Linked objects

C.

One object

D.

Separate objects

Question 22

When you hide a rule in a Rule Base, how can you then disable the rule?

Options:

A.

Hidden rules are already effectively disabled from Security Gateway enforcement.

B.

Right-click on the hidden rule place-holder bar and select Disable Rule(s).

C.

Right-click on the hidden rule place-holder bar and uncheck Hide, then right-click and select Disable Rule(s); re-hide the rule.

D.

Use the search utility in SmartDashboard to view all hidden rules. Select the relevant rule and click Disable Rule(s).

Question 23

Installing a policy usually has no impact on currently existing connections. Which statement is TRUE?

Options:

A.

Users being authenticated by Client Authentication have to re-authenticate.

B.

All connections are reset, so a policy install is recommended during announced downtime only.

C.

All FTP downloads are reset; users have to start their downloads again.

D.

Site-to-Site VPNs need to re-authenticate, so Phase 1 is passed again after installing the Security Policy.

Question 24

Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server.

What is the correct procedure for rebuilding the Gateway quickly?

Options:

A.

Reinstall the base operating system (i.e., GAiA). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the Security Policy.

B.

Run the command revert to restore the snapshot, establish SIC, and install the Policy.

C.

Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. Establish SIC and install the Policy.

D.

Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and previously applied hotfixes. Revert to the stored snapshot image, and install the Policy.

Question 25

A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

Options:

A.

Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.

B.

As expert user, type the command snapshot -r MySnapshot.tgz.

C.

As expert user, type the command revert --file MySnapshot.tgz.

D.

As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.

Question 26

Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Options:

A.

Check Point Password

B.

TACACS

C.

LDAP

D.

Windows password

Question 27

Which of the following options is available with the GAiA cpconfig utility on a Management Server?

Options:

A.

Export setup

B.

DHCP Server configuration

C.

GUI Clients

D.

Time & Date

Question 28

What is the purpose of a Stealth Rule?

Options:

A.

To prevent users from connecting directly to the gateway.

B.

To permit management traffic.

C.

To drop all traffic to the management server that is not explicitly permitted.

D.

To permit implied rules.

Question 29

Where does the security administrator activate Identity Awareness within SmartDashboard?

Options:

A.

Gateway Object > General Properties

B.

Security Management Server > Identity Awareness

C.

Policy > Global Properties > Identity Awareness

D.

LDAP Server Object > General Properties

Question 30

What is the syntax for uninstalling a package using newpkg?

Options:

A.

-u

B.

-i

C.

-S

D.

newpkg CANNOT be used to uninstall a package

Question 31

Exhibit:

You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office.

What is the correct order for pushing SIC certificates to the Gateway before shipping it?

Options:

A.

2, 3, 4, 1, 5

B.

2, 1, 3, 4, 5

C.

1, 3, 2, 4, 5

D.

2, 3, 4, 5, 1

Question 32

John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

Options:

A.

John should install the Identity Awareness Agent

B.

The firewall admin should install the Security Policy

C.

John should lock and unlock the computer

D.

Investigate this as a network connectivity issue

Question 33

Which Client Authentication sign-on method requires the user to first authenticate via the User Authentication mechanism, when logging in to a remote server with Telnet?

Options:

A.

Manual Sign On

B.

Agent Automatic Sign On

C.

Partially Automatic Sign On

D.

Standard Sign On

Question 34

Reviewing the Rule Base, you see that ________ is responsible for the client authentication failure.

Exhibit:

Options:

A.

Rule 4

B.

Rule 7

C.

Rule 8

D.

Rule 5

Question 35

Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway’s side with the command cpconfig and put in the same activation key in the Gateway’s object on the Security Management Server. Unfortunately, SIC can not be established. What is a possible reason for the problem?

Options:

A.

The installed policy blocks the communication.

B.

The old Gateway object should have been deleted and recreated.

C.

Joe forgot to exit from cpconfig.

D.

Joe forgot to reboot the Gateway.

Question 36

Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.

Options:

A.

Key-logging

B.

ICA Certificates

C.

SecureClient

D.

Single Sign-On

Question 37

Which of the following commands can be used to remove site-to-site IPsec Security Association (SA)?

Options:

A.

vpn debug ipsec

B.

vpn ipsec

C.

fw ipsec tu

D.

vpn tu

Question 38

The SIC certificate is stored in the directory _______________.

Options:

A.

$CPDIR/registry

B.

$CPDIR/conf

C.

$FWDIR/database

D.

$FWDIR/conf

Question 39

Exhibit:

Chris has lost SIC communication with his Security Gateway and he needs to re-establish SIC. What would be the correct order of steps needed to perform this task?

Options:

A.

5, 1, 2, 4

B.

5, 1, 4, 2

C.

3, 1, 4, 2

D.

2, 3, 1, 4

Question 40

Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?

Options:

A.

Access Policy

B.

Access Role

C.

Access Rule

D.

Access Certificate

Question 41

Which rule is responsible for the installation failure?

Exhibit:

Options:

A.

Rule 5

B.

Rule 4

C.

Rule 3

D.

Rule 6

Question 42

What type of traffic can be re-directed to the Captive Portal?

Options:

A.

SMTP

B.

HTTP

C.

All of the above

D.

FTP

Question 43

Identify the ports to which the Client Authentication daemon listens by default.

Options:

A.

259, 900

B.

256, 600

C.

80, 256

D.

8080, 529

Question 44

When using an encryption algorithm, which is generally considered the best encryption method?

Options:

A.

Triple DES

B.

AES-256

C.

CAST cipher

D.

DES

Question 45

Your company has two headquarters, one in London, one in New York. Each of the headquarters includes several branch offices. The branch offices only need to communicate with the headquarters in their country, not with each other, and the headquarters need to communicate directly. What is the BEST configuration for establishing VPN Communities among the branch offices and their headquarters, and between the two headquarters? VPN Communities comprised of:

Options:

A.

Three mesh Communities: one for London headquarters and its branches; one for New York headquarters and its branches; and one for London and New York headquarters.

B.

Two mesh and one star Community: Each mesh Community is set up for each site between headquarters their branches. The star Community has New York as the center and London as its satellite.

C.

Two star communities and one mesh: A star community for each city with headquarters as center, and branches as satellites. Then one mesh community for the two headquarters.

D.

One star Community with the option to mesh the center of the star: New York and London Gateways added to the center of the star with the “mesh center Gateways�? option checked; all London branch offices defined in one satellite window; but, all New York branch offices defined in another satellite window.

Question 46

What information is found in the SmartView Tracker Management log?

Options:

A.

Historical reports log

B.

Policy rule modification date/time stamp

C.

Destination IP address

D.

Most accessed Rule Base rule

Question 47

Is it possible to see user activity in SmartView Tracker?

Options:

A.

Yes, seeing user activity is enabled when using the Identity Awareness blade.

B.

No, a Check Point Gateway can only see IP addresses.

C.

Yes, but you have to enable the option: See user information in SmartView Tracker.

D.

Yes, but you need to use the SPLAT operating system.

Question 48

According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):

Options:

A.

Gateway

B.

Interoperable Device

C.

Externally managed gateway

D.

Network Node

Question 49

Choose the correct statement regarding Implied Rules:

Options:

A.

To edit Implied rules you go to: Launch Button > Policy > Global Properties > Firewall.

B.

Implied rules are fixed rules that you cannot change.

C.

You can directly edit the Implied rules by double-clicking on a specific Implicit rule.

D.

You can edit the Implied rules but only if requested by Check Point support personnel.

Question 50

Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?

Options:

A.

Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

B.

Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.

C.

Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

D.

Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Question 51

Katie has been asked to setup a rule to allow the new webserver in the DMZ to be accessible from the internet on port 443. The IP address of the Web Server, Apothos, is 192.168.126.3 and the external address should be 10.4.2.3. This needs to be the only server associated with this External IP address.

Which answer below will accomplish the steps needed to complete this task?

Options:

A.

Katie will create a host node object with an IP address of 10.4.2.3 and will configure a static NAT of 192.168.126.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object andservice of HTTPS”.

B.

Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.

C.

Katie will create a Network object with an IP address of 192.168.126.3 and will configure a Hide NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Any Source, Destination of Apothos Host Object and service of HTTPS”.

D.

Katie will create a host node object with an IP address of 192.168.126.3 and will configure a static NAT of 10.4.2.3. She will add a new rule in the DMZ section of the policy for the Apothos server. The rule will have an “Apothos Host Object Source, Destination of Any andservice of HTTPS”.

Question 52

Which of the following is true of the Cleanup rule?

Options:

A.

The Cleanup rule must be the last rule in a policy

B.

The Cleanup rule is an example of an Implied rule

C.

The Cleanup rule is important for blocking unwanted connections

D.

The Cleanup rule should not be logged

Question 53

One of your remote Security Gateway’s suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the Security Management Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic Gateway object, you receive an error message. What is the problem?

Options:

A.

The remote Gateway's IP address has changed, which invalidates the SIC Certificate.

B.

The time on the Security Management Server’s clock has changed, which invalidates the remote Gateway's Certificate.

C.

The Internal Certificate Authority for the Security Management Server object has been removed from objects_5_0.C.

D.

There is no connection between the Security Management Server and the remote Gateway. Rules or routing may block the connection.

Question 54

What action can be performed from SmartUpdate R77?

Options:

A.

upgrade_export

B.

fw stat -l

C.

cpinfo

D.

remote_uninstall_verifier

Question 55

What is one potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?

Options:

A.

Degrades performance as the Security Policy grows in size.

B.

Requires additional Check Point Appliances

C.

Requires additional software subscription

D.

Increases cost

Question 56

Which authentication type requires specifying a contact agent in the Rule Base?

Options:

A.

Client Authentication with Partially Automatic Sign On

B.

Client Authentication with Manual Sign On

C.

User Authentication

D.

Session Authentication

Question 57

Review the rules.

Assume domain UDP is enabled in the impled rules.

What happens when a user from the internal network tries to browse to the internet using HTTP? The user:

Options:

A.

can connect to the Internet successfully after being authenticated.

B.

is prompted three times before connecting to the Internet successfully.

C.

can go to the Internet after Telnetting to the client authentication daemon port 259.

D.

can go to the Internet, without being prompted for authentication.

Question 58

Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it. What would be the most likely reason she cannot do so?

Options:

A.

She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.

B.

She needs to run sysconfig and restart the SSH process.

C.

She needs to edit /etc/scpusers and add the Standard Mode account.

D.

She needs to run cpconfig to enable the ability to SCP files.

Page: 1 / 39
Total 388 questions