156-315.77 Practice Exam Questions with Answers Check Point Certified Security Expert Certification

Identity-based enforcement for non-AD users (non-Windows and guest users)

Basic identity enforcement in the internal network

Leveraging identity in Internet application control

Identity-based auditing and logging

pdp and lad

pdp and pdp-11

pep and lad

pdp and pep

snapshot

backup

backup_export

migrate export

save configuration

cp /etc/sysconfig/network.C [location]

netstat –rn > [filename].txt

ifconfig > [filename].txt

IPSO 4.2 Security Gateways

Edge firmware 6.x and above

R65 HFA 40 Security Gateways arid above

NGX Security Appliances

VPN-1 NGX (R64) and later

VPN-1 NGX (R60) and later

VPN-1 NG with Application Intelligence (R54) and later

None, all versions require a license upgrade

In a LAN deployment on a Security Gateway

In a DMZ and LAN deployment scenario on a Security Gateway

In a DMZ and LAN deployment scenario on a Connecter Gateway

In a DMZ deployment on a Connecter Gateway

fw tab -t connections -s

fw tab -t connections -u

fw tab -t connections

fw tab

Copy the contents of the selected cells.

Save the information in the active tab to an .exe file.

Enter new credential for accessing the computer information.

Run Google.com search using the contents of the selected cell.

SmartEvent Data Server

SmartEvent Server

SmartEvent Correlation Unit

SmartEvent Client

If the DLP Policy is applied to HTTP traffic.

If there are one or more Inform Rules.

If there are one or more Ask User rules.

If the action of all rules is Detect and no Data Owners are configured.

True, but only when the snapshot file is restored to a Secure Platform system running R76.20.

False, you cannot run the Check Point snapshot utility on a Windows gateway.

True, but only when the snapshot file is restored to a Secure Platform system running R76.10.

False, all configuration information conveys to the new system, including the interface configuration settings.

SIP- G ateway/N et_B/s i p_a ny/a c c e pt

VolP_domain_A/Net_B/sip/accept

SIP-Gateway/Net_B/sip/accept

VolP_domain_A/Net_B/sip_any, and sip/accept

VolP_Gateway_MJet_B/sip_any/accept

(ii), (iii) or (iv)

(ii) only

(iii) or (iv)

(i) or (iii)

Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.

VoIP protocol-specific log fields are not included in SmartView Tracker entries.

The log field setting in rules for VoIP protocols are ignored.

IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.

The SmartCenter Server stops importing logs from VoIP servers.

NAT_dst_any_list

NAT_alloc

NAT_src_any_list

fwx_alloc

There are two restrictions: 1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss. 2. The synchronization network may only include switches and hubs.

There is one restriction: The synchronization network must guarantee no more than 150 ms latency (ITU Standard G.114).

There is one restriction: The synchronization network must guarantee no more than 100 ms latency.

There are no restrictions.

6

8

3

4

Schema

SmartDatabase

Access Control List

LDAP Policy

adds events to the events database.

analyzes each IPS log entry as it enters the Log server.

assigns a severity level to an event.

displays the received events.

The Pivot forwards the packet to the appropriate cluster member.

The Pivot’s Load Sharing decision function decides which cluster member should handle the packet.

The Security Gateway analyzes the packet and forwards it to the Pivot.

The packet is forwarded through the same physical interface from which it originally came, not on the sync interface.

Only Check Point support personnel can access that information.

Run command cpconfig.

Execute SmartDashboard client.

Browse to Secure Platform Web GUI.

By using the Clear User Cache button in SmartDashboard

Usernames and passwords only clear from memory after they time out

By retrieving LDAP user information using the command fw fetchldap

By installing a Security Policy

It will not check for any updated policy and load the last installed policy with a warning message indicating that the Security Policy needs to be installed from the Security Management Server.

It will try to take the policy from one of the other cluster members.

It compares its local policy to the one on the Security Management Server.

If the Security Management Server has a newer policy, it will be retrieved, else the local policy will be loaded.

Generate a threat analysis report from the Analyzer database.

Display received threats and tune the Events Policy.

Assign severity levels to events.

Analyze log entries, looking for Event Policy patterns.

FWSD

FWD

In.httpd

FWSSD

the Certificate Authority option and view the fingerprint.

the GUI Clients option and view the fingerprint.

the Certificate's Fingerprint option and view the fingerprint.

the Server Fingerprint option and view the fingerprint.

make_au, au_auth, au_fetchuser, au_auth_auth, cpLdapCheck, cpLdapGetUser

make_au, au_auth, au_fetchuser, cpLdapGetUser, cpLdapCheck, au_auth_auth

cpLdapGetUser, au_fetchuser, cpLdapCheck, make_au, au_auth, au_auth_auth

au_fetchuser, make_au, au_auth, cpLdapGetUser, au_auth_auth, cpLdapCheck

fwm

vpnd

cvpnd

cpd

cpd

cvpnd

fwm

vpnd

$FWDIR/conf/fwauthd.conf

$FWDIR/conf/AMT.conf

$FWDIR/conf/fwopsec.conf

$FWDIR/conf/Fwauth.c

cvpnd

fwm

vpnd

fwssd

Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com

Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com

Cn= jane_doe,ca=MIS,dc=acmecorp,dc=com

Cn= jane_doe,ca=MIS,cn=acmecorp,dc=com

VPN Community

LDAP

Template

User

In SmartView Monitor, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.

In SmartViewTracker, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode Once a mode is selected, the wizard finishes.

In SmartDashboard, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.

In SmartEvent, click on Smart Workflow/ Enable SmartWorkflow. The Enabling SmartWorkflow wizard launches and prompts for SmartWorkflow Operation Mode. Once a mode is selected, the wizard finishes.

The change is submitted for approval and is automatically installed by the approver once Approve is clicked.

The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the change.

The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.

The change is submitted for approval and is manually installed by the approver once Approve is clicked.

As a Data Type to prevent programmers from leaking code outside the company

As a compound data type representation.

As a Data Type to prevent employees from sending an email that contains a complete price-list of nine products.

As a Data Type to prevent the Finance Department from leaking salary information to employees

fw.d

protect.exe

PROT_SRV.EXE

Filter

cpstat os

fw ver

fwaccel stat

securexl stat

Filter

Period

Content

Schedule

(ii) and (iii)

All

(i), (ii) and (iii)

(ii) only

Both machines must have the same number of interfaces installed and configured before migration can be attempted.

The new machine may not have more Check Point products installed than the original Security Management Server.

All product databases are included in the migration.

The Security Management Server on the new machine must be the same or greater than the version on the original machine.

gated

routerd

clirouter

router

cphastart -status

cphainfo -s

cphaprob state

cphaconf state

Run fw ctl kdebug 1024

Run fw ctl set buf 1024

Run fw ctl set int print_cons 1024

Run fw ctl debug -buf 1024

Expert@Green# fwmonitor –e “accept src=192.168.3.5 and dst=10.1.1.25;” –o monitor.out

Expert@Green# fw monitor –e “accept src=192.168.3.5 and dst=10.1.1.25;” –o monitor.out

Expert@Green# fwmonitor –e “accept src=192.168.3.5 or dst=10.1.1.25;” –o monitor.out

Expert@Green# fw monitor –e “accept src=192.168.3.5 or dst=10.1.1.25;” –o monitor.out

Run fw monitor -e "accept;" -f monitor.out

Run fw monitor -e "accept;" -c monitor.out

Run fw monitor -e "accept;" -o monitor.out

Run fw monitor -e "accept;" -m monitor.out

Verify if another rule exists.

Verify if any logging or alerts are defined.

Verify if the packet should be moved through the TCP/IP stack.

Verify if the packet should be rejected.

Run fw monitor -e "accept src-ip=192.168.4.125;"

Run fw monitor -e "accept src=192.168.4.125;"

Run fw monitor -e "accept dst-ip=192.168.4.125;"

Run fw monitor -e "accept ip=192.168.4.125;"

FWM

CPLMD

logtrackerd

fwlogd

PacketDebug.exe

VPNDebugger.exe

IkeView.exe

IPSECDebug.exe

If both a limit and a guarantee per rule are defined in a QoS rule, then the limit must be smaller than the guarantee.

If both a rule limit and a per connection limit are defined for a rule, the per connection limit must not be greater than the rule limit.

A rule guarantee must not be less than the sum the guarantees defined in its sub-rules.

If a guarantee is defined in a sub-rule, then a guarantee must be defined for the rule above it.

QoS

Performance

Management

Security

You must reestablish logging from Connecter to the Management Server, using a dummy log-server object.

R70 does not support a host object with the same IP address as a Management Server used as secondary log server or management station.

You must install the Management Server database.

You must install the Security Policy, and try again.

Assign severity levels to events.

Display received threats and tune the Events Policy

Invoke and define automatic reactions and add events to the database.

Analyze log entries, looking for Event Policy patterns.

2, 3 only

3 only

3, 4, and 5 only

1, 2, 3, 4, and 5

The DLP Gateway can inspect SMTP traffic if a MS Exchange server is located on the internal network, and it either sends e-mails directly to the Internet using SMTP or sends e-mails to the Internet in SMTP via a mail relay that is located on the perimeter's firewall DMZ network.

The DLP Gateway can inspect internal e-mails (e-mails between two users on the internal network) if the organization's internal mail server is located in the internal network and users are configured to send e-mails to this mail server using SMTP.

User's HTTPS and FTP traffic can be inspected by the R71 DLP Gateway.

The DLP Gateway can inspect e-mails (e-mails between two users on an internal or external network) if the organization's internal mail server is located on another network (not the internal network; for instance the DMZ or a different internal network) and users are configured to send e- mails to this mail server using SMTP.

cp /etc/sysconfig/network.C [location]

ipconfig -a > [filename].txt

ifconfig > [filename].txt

netstat -m > [filename].txt

The restore is not possible because the backup file does not have the same build number (version).

The restore is done by selecting Snapshot Management from the SecurePlatform boot menu.

The restore can be done easily by the command restore and selecting the appropriate backup file.

A back up cannot be restored, because the binary files are missing.

TCP 443

TCP 4433

TCP 18211

TCP 257

UNIX

CPShell

CLISH

Bash

Immediately after fwm load runs on the SmartCenter.

Before CPD runs on the Gateway.

It is the last task during policy installation.

It is the first task during policy installation.

No, Cluster Member 3 does not have the required memory.

Yes, these machines are configured correctly for a ClusterXL deployment.

No, the Security Management Server is not running the same operating system as the cluster members.

No, the Security Gateway cannot be installed on the Security Management Server.

Creates a backup file that includes the SmartEvent database.

Creates a backup archive for all the Check Point configuration settings.

Saves all system settings and Check Point product configuration settings to a file.

Creates a backup file that includes the SmartReporter database.

No, Cluster Member 3 does not have the required memory.

No, the Security Gateway cannot be installed on the Security Management Pro Server.

No, the Security Management Server is not running the same operating system as the cluster members.

Yes, these machines are configured correctly for a ClusterXL deployment.

CPGUI

CPD

FWD

FWM

In the CLI with the command “route add”

In Web Portal, under Network Management > IPv4 Static Routes

In the CLI via sysconfig

In SmartDashboard under Gateway Properties > Topology

For deployment of Identity Agents

Identity-based enforcement for non-AD users (non-Windows and guest users)

Leveraging identity in Internet application control

Basic identity enforcement in the internal network

Login to Smart Dashboard, access Properties of the SMS, and verify whether Paul’s IP address is listed.

Type cpconfig on the Management Server and select the option “GUI client List” to see if Paul’s IP address is listed.

Login in to Smart Dashboard, access Global Properties, and select Security Management, to verify whether Paul’s IP address is listed.

Access the WEBUI on the Security Gateway, and verify whether Paul’s IP address is listed as a GUI client.

Download Migration Tool R77 for IPSO and Splat/Linux from Check Point website.

Use already installed Migration Tool.

Use Migration Tool from CD/ISO

Fetch Migration Tool R71 for IPSO and Migration Tool R77 for Splat/Linux from CheckPoint website

Gateway Setting

NAT Rules

Global Properties > NAT definition

Implied Rules

There is more than one cluster connected to the same VLAN

A firewall cluster is configured to use Multicast for CCP traffic

There are more than two members in a firewall cluster

A firewall cluster is configured to use Broadcast for CCP traffic

set static-route default nexthop gateway address 192.168.255.1 priority 1 on

set static-route 192.168.255.0/24 nexthop gateway logical ethl on

set static-route 192.168.255.0/24 nexthop gateway address 192.168.255.1 priority 1 on

set static-route nexthop default gateway logical 192.168.255.1 priority 1 on

ifconfig -a

arping

telnet

ping

IPsec

CRL

PKCS

S/MIME

The encryption strength and hash settings of one peer does not match the other.

The previously established Permanent Tunnel has failed.

There is a network connectivity issue.

The OS and patch level of one gateway does not match the other.

Local IP addresses are not configured, remote IP addresses are configured

VTIs cannot be assigned a proxy interface

VTI specific additional local and remote IP addresses are not configured

VTIs are only supported on SecurePlatform

vpnd

cvpnd

fwm

fwd

Open the SmartDashboard, Select Global properties, select Identity Awareness; check the boxes for Password must include an upper character, Password must include a digit, Password must include a symbol and change the password length to 8 characters.

Open the SmartDashboard, Select Global properties, select User Authority; check the boxes for Password must include an upper character, Password must include a digit and Password must include a symbol.

Open the SmartDashboard, Select Global Properties, select User Directory, check the boxes for Password must include an uppercase character, Password must include a digit, and Password must include a symbol.

Open the SmartDashboard, Select Global Properties, select User Directory, check the boxes for Password must include an uppercase character, Password must include a digit, Password must include a symbol and change the password length to 8 characters.

There is no dynamic update at reboot.

No. The revert will most probably not match to hard disk.

Yes. Everything is dynamically updated at reboot.

No. At installation the necessary hardware support is selected. The snapshot saves this state.

Use a dedicated sync network.

Configure the sync network to operate within the DMZ.

Secure each sync interface in a cluster with Endpoint.

Encrypt all sync traffic between cluster members.

show all |grep commands

show configuration

show commands

get all commands

80%

50%

40%

100%

$FWDIR/log/ike.elg

$FWDIR/opt/vpnd.elg

$FWDIR/opt/ike.elg

$FWDIR/log/vpnd.elg

fw ver -k

fw ctl pstat

fw ctl get kernel

fw kernel

AMON status pull from the Gateway

Management High Availability (HA) sync

SIC (Secure Internal Communication) functions

Policy installation

set bitrate 64

set edition default 64

configure edition 64-bit

set edition default 64-bit

Edit affinity.conf and change the settings

Run fw affinity and change the settings

Edit $FWDIR/conf/fwaffinity.conf and change the settings

Run sim affinity and change the settings