156-215.75 Check Point Certified Security Administrator R75

Page 1   
Question 1

ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:

  • A. DHCP Server configuration
  • B. GUI Clients
  • C. Time & Date
  • D. Export setup

Answer : B

Question 2

Your customer wishes to install the SmartConsole on a Windows system. What are the
minimum hardware requirements for R75? Give the BEST answer.

  • A. 500 MB Free disk space and 512 MB RAM
  • B. 1 GB Free disk space and 512 MB RAM
  • C. 1 GB Free disk space and 1 GB RAM
  • D. 512 MB Free disk space and 1 GB RAM

Answer : A

Question 3

Which SmartConsole component can Administrators use to track remote administrative

  • A. WebUI
  • B. Eventia Reporter
  • C. SmartView Monitor
  • D. SmartView Tracker

Answer : D

Question 4

Which of the following commands identifies whether or not a Security Policy is installed or
the Security Gateway is operating with the initial policy?

  • A. fw monitor
  • B. fw ctl pstat
  • C. cp stat
  • D. fw stat

Answer : D

Question 5

Which of the following statements accurately describes the snapshot command?

  • A. snapshot creates a full OS-level backup, including network-interface data, Check Point product information, and configuration settings during an upgrade of a SecurePlatform Security Gateway.
  • B. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.
  • C. snapshot creates a full system-level backup of the Security Management Server on any OS
  • D. snapshot stores only the system-configuration settings on the Gateway.

Answer : A

Question 6

How can you most quickly reset Secure Internal Communications (SIC) between a Security
Management Server and Security Gateway?

  • A. Run the command fwm sic-reset to initialize the Internal Certificate Authority (ICA) of the Security Management Server. Then retype the activation key on the Security Gateway from SmartDashboard.
  • B. Use SmartDashboard to retype the activation key on the Security Gateway. This will automatically Sync SIC to both the Security Management Server and Gateway.
  • C. From cpconfig on the Gateway, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the Gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
  • D. From the Security Management Servers command line, Type fw putkey p <shared key> < IP Address of security Gateway>.

Answer : C

Question 7

You issue the fw monitor command with no arguments. Which of the following inspection
points will be displayed?

  • A. Before the virtual machine, in the inbound direction
  • B. After the virtual machine, in the outbound direction
  • C. All inspection points
  • D. Before the virtual machine, in the outbound direction

Answer : C

Question 8

Another administrator accidentally installed a Security Policy on the wrong firewall. Having
done this, you are both locked out of the firewall that is called myfw1. What command
would you execute on your system console on myfw1 in order for you to push out a new
Security Policy?

  • A. fw dbloadlocal
  • B. fw unloadlocal
  • C. cpstop
  • D. fw ctl filter

Answer : B

Question 9

How can I verify the policy version locally installed on the Firewall?

  • A. fw ver
  • B. fw ctl iflist
  • C. fw ver -k
  • D. fw stat

Answer : D

Question 10

Which command displays the installed Security Gateway version?

  • A. fw stat
  • B. cpstat -gw
  • C. fw ver
  • D. tw printver

Answer : C

Question 11

Your organizations disaster recovery plan needs an update to the backup and restore
section to reap the benefits of the new distributed R75 installation. Your plan must meet the
following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently
than every 24 hours.
Desired Objective: The R75 components that enforce the Security Polices should be
blocked up at least once a week.
Desired Objective: Back up R75 logs at least once a week
Your disaster recovery plan is as follows:
Use the cron utility to run the upgrade_ export command each night on the Security
Management Servers.
Configure the organization's routine backup software to back up the files created by the
upgrade_ export command.
Configure the SecurePlatform backup utility to back up the Security Gateways every
Saturday night
Use the cron utility to run the upgrade export: command each Saturday niqht on the log
Configure an automatic, nightly loqswitch
Configure the organization's routine backup software to back up the switched logs every
Upon evaluation, your plan:

  • A. Meets the required objective but does not meet either desired objective.
  • B. Does not meet the required objective.
  • C. Meets the required objective and only one desired objective.
  • D. Meets the required objective and both desired objectives.

Answer : D

Question 12

When doing a Stand-Alone Installation, you would install the Security Management Server
with which other Check Point architecture component?

  • A. SecureClient
  • B. Security Gateway
  • C. SmartConsole
  • D. None, Security Management Server would be installed by itself

Answer : B

Question 13

You are creating an output file with the following command:
fw monitor -e "accept (src= or dst=;" -o ~/output
Which tool do you use to analyze this file?

  • A. You can analyze it with Wireshark or Ethereal.
  • B. You can analyze the output file with any ASCI editor.
  • C. The output file format is CSV, so you can use MS Excel to analyze it.
  • D. You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12,b]= or [16,b]=; -o ~/output.

Answer : A

Question 14

To monitor all traffic between a network and the Internet on a SecurePlatform Gateway,
what is the BEST utility to use?

  • A. snoop
  • B. cpinfo
  • C. infoview
  • D. tcpdump

Answer : D

Question 15

Your primary Security Management Server runs on SecurePlatform. What is the easiest
way to back up your Security Gateway R75 configuration, including routing and network
configuration files?

  • A. Using the upgrade_export command.
  • B. Copying the $FWDIR/conf and $FWDIR/lib directory to another location.
  • C. Run the pre_upgrade_verifier and save the .tgz file to the /temp directory.
  • D. Using the native SecurePlatform backup utility from command line or in the Web based user interface.

Answer : D

Page 1