156-315.71 Check Point Security Expert R71

Page 1   
Question 1

Which of the following explains Role Segregation?

  • A. Administrators have different abilities than managers within SmartWorkflow.
  • B. Different tasks within SmartDashboard are divided according to firewall administrator permissions.
  • C. Changes made by an administrator in a SmartWorkflow session must have managerial approval prior to commitment.
  • D. SmartWorkflow can be configured so that managers can only view their assigned sessions

Answer : C

Question 2

Using SmartProvisioning Profiles, which of the following could be configured for both
SecurePlatform AND UTM-1 Edge devices?
(i) Backup
(ii) Routing
(iii) Interfaces
(iv) Hosts
(v) NTP server
(vi) DNS

  • A. (ii), (iii), (iv) and (vi)
  • B. (i), (iii), (iv) and (vi)
  • C. none of these options are available for both.
  • D. (i), (ii) and (iv)

Answer : C

Question 3

A VPN Tunnel Interface (VTI) is defined on SecurePlatform Pro as:
vpn shell interface add numbered "madrid.cp".
What do you know about this VTI?

  • A. The peer Security Gateway's name is "madrid.cp".
  • B. The local Gateway's object name is "madrid.cp".
  • C. The VTI name is "madrid.cp".
  • D. is the local Gateway's internal interface, and is the internal interface Gateway.

Answer : A

Question 4

Which Check Point product implements a Consolidation policy?

  • A. SmartView Monitor
  • B. SmartLSM
  • C. SmartView Tracker
  • D. SmartReporter

Answer : D

Question 5

John is upgrading a cluster from NGX R65 to R71. John knows that you can verify the
upgrade process using the pre-upgrade verifier tool. When John is running Pre-Upgrade
Verification, he see this warning message:Title: Incompatible pattern.What's happening?

  • A. The actual configuration contains user defined patterns in IPS that are not supported in R71. If the patterns are not fixed after upgrade, they will not be used with R71 Security Gateways.
  • B. R71 uses a new pattern matching engine. Incompatible patterns should be deleted before upgrade process to complete it successfully.
  • C. Pre-Upgrade Verification tool only shows that message but it is only informational.
  • D. Pre-Upgrade Verification process detected a problem with actual configuration and upgrade will be aborted.

Answer : C

Question 6

Check point Clustering protocol, works on:

  • A. UDP 8116
  • B. UDP 500
  • C. TCP 8116
  • D. TCP 19864

Answer : A

Question 7

Which of the following manages Standard Reports and allows the administrator to specify
automatic uploads of reports to a central FTP server?

  • A. Smart Dashboard Log Consolidator
  • B. Security Management Server
  • C. Smart Reporter Database
  • D. Smart Reporter

Answer : D

Question 8

Given the following protection detailed and the enforcing gateways list, is the Tool many
DNS queries with the RD flag set protection enabled on the Gateway R71?

Please choose the answer with the correct justification.

  • A. yes because it is set to prevent on the Default_Protrction, which R71 gateway has applied.
  • B. No because the protection is only supported on IPS-1 Sensor
  • C. No enough information to determine one way or other
  • D. No, because the Too many DNS queries with the flag set protection is not a valid protection in R71

Answer : B

Question 9

When using Connectra with Endpoint Security Policies, what option is not available when
configuring DAT enforcement?

  • A. Maximum DAT file version
  • B. Maximum DAT file age
  • C. Minimum DAT file version
  • D. Oldest DAT file timestamp

Answer : A

Question 10

Which of the following platforms does NOT support SecureXL?

  • A. UTM-1 Appliance
  • B. Power-1 Appliance
  • C. IP Appliance
  • D. UNIX

Answer : D

Question 11

SmartWorkflow has been enabled with the following configuration:

If a security administrator opens a new session and after making changes to policy,
submits the session for approval will be displayed as:

  • A. Approved
  • B. In progress
  • C. Not Approved
  • D. Awaiting Approval

Answer : B

Question 12

In which case is a Sticky Decision Function relevant?

  • A. Load Sharing - Unicast
  • B. Load Balancing - Forward
  • C. High Availability
  • D. Load Sharing - Multicast

Answer : C

Question 13

Which of the following components receives events and assigns severity levels to the
events; then invokes any defined automatic reactions and adds the events to the Events
Data Base?

  • A. SmartEvent Client
  • B. SmartEvent Server
  • C. SmartEvent Correlation Unit
  • D. SmartEvent Analysis Data Server

Answer : B

Question 14

Which external user authentication protocols are supported in SSL VPN?

  • A. LDAP, Active Directory, SecurID
  • B. DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS
  • C. LDAP, RADIUS, Active Directory, SecurID

Answer : B

Question 15

How is change approved for implementation in SmartWorkflow?

  • A. The change is submitted for approval and is automatically installed by the approver once Approve is clicked
  • B. The change is submitted for approval and is automatically installed by the original submitter the next time he logs in after approval of the 3nge
  • C. The change is submitted for approval and is manually installed by the original submitter the next time he logs in after approval of the change.
  • D. The change is submitted for approval and is manually installed by the approver once Approve is clicked

Answer : C

Page 1