156-910.70 Check Point Certified Security Administrator R70 Upgrade

Page 1   
Question 1

Which of the following is true regarding addition of a new Software Blades to your existing
hardware?

  • A. You will have to add a new hardware to accommodate the change
  • B. There is no way to add a new Software Blades to your existing hardware
  • C. No need to do anything aside from turning on their functionality
  • D. You will need to update the driver of your existing hardware
  • E. You will need to update the firmware of your existing hardware


Answer : C

Question 2

Why should User Authentication not be suitable with HTTP sessions?

  • A. Because User Authentication requires authentication on a per-session basis which in contrast to HTTP that requires in one session
  • B. Because User Authentication requires authentication scheme that requires persession authentication
  • C. Because User Authentication requires authentication on a per-session basis which in contrast to HTTP that requires in many sessions
  • D. Because User Authentication requires authentication scheme that would not work with HTTP authentication
  • E. Because User Authentication requires authentication scheme that requires persession authentications


Answer : C

Question 3

Your network configuration is shown in the diagram. Host 1 and host 6 need to
communicate. A VPN tunnel is established in order that the communication can be
encrypted. Which of the following are the correct steps of communication between host 1
and host 6 using the VPN tunnel?
1 A packet leaves the source host and reaches the gateway
2 The gateway encrypts the packet
3 The packet goes down the VPN tunnel to the second gateway. In actual fact, the packets
are standard IP packets passing through the Internet. However, because the packets are
encrypted, they can be considered as passing through a private virtual tunnel
4 The packet is delivered in the clear to the destination host. From the hosts perspective,
they are connecting directly
5 The second gateway decrypts the packet


  • A. 1,2,5,3,4
  • B. 1,2,4,3,5
  • C. 1,2,3,5,4
  • D. 1,2,3,4,5
  • E. 1,2,5,4,3


Answer : C

Question 4

Study the diagram and answer the question below.
George was initiating a client authentication session by beginning an HTTP session on port
259 with the gateway named london as shown. What do you think might be wrong with the
address George specified in the browser?


  • A. The user should bypass the firewall at port 259 to connect successfully.
  • B. The user should use Session Authentication method to successfully connect to the destination server.
  • C. The user should bypass the firewall at port 900 to connect successfully.
  • D. The user was using the wrong port. He needs to use port 900 to connect successfully.
  • E. The user should be able to connect, since he was using the right port.


Answer : D

Question 5

In the IPS Software Blade, you want to activate all critical protections and minimize the rate
of false positive. Do you think this is possible?

  • A. Activating all checks with critical severity comes with high false positive
  • B. Yes, as the IPS gives you the ability to activate all checks with critical severity and high confidence level
  • C. Partially true, as the IPS gives you the ability to activate all checks with critical severity and cannot allow you to minimize the rate of false positive
  • D. Partially true, as the IPS does not give you the ability to activate all checks with critical severity and but does allow you to minimize the rate of false positive
  • E. This is not possible


Answer : B

Question 6

What Dashboard will you go to in Network Voyager in order to get information regarding
CPU Utilization and memory Utilization when performing Performance Monitoring ?

  • A. Forwarding Dashboard
  • B. System Dashboard
  • C. Connection Dashboard
  • D. Connection Map Dashboard
  • E. Traffic Dashboard


Answer : B

Question 7

Which of the following is true of INSPECT Engine? Select all the correct answers.


  • A. INSPECT Engine is the mechanism used for extracting the state-related information from all transport layers
  • B. INSPECT Engine is the mechanism used for extracting the state-related information from all application layers
  • C. The INSPECT Engine enforces Security Policies on the Security Gateway on which they reside
  • D. The INSPECT Engine enforces Security Policies on any Security Gateway
  • E. The INSPECT Engine is dynamically loaded into the kernel between layer 2 and layer 3 of the OSI


Answer : B,C,E

Question 8

You have not performed software upgrade to NGX R70. You have upgraded your license
and every time you try to run commands such as cplic print; cpstop, you receive all sort of
errors. In order to resolve this you will have to:

  • A. Remove the upgraded license
  • B. Re-upgrade the license to the version before the upgrade
  • C. Do nothing. The error will go away with time
  • D. Remove the software
  • E. Upgrade the software to version NGX


Answer : E

Question 9

Using the Network Voyager to monitor your system health check, which of the following
statistics can you not view there?

  • A. System Statistics
  • B. Interface Queue Statistics
  • C. SecurePlatform Connection Statistics
  • D. SecureXL Connection Statistics
  • E. Interface Traffic Statistics


Answer : C

Question 10

Security Management server supports two main VPN topologies: Meshed and




  • A. Token
  • B. Ethernet
  • C. Ring
  • D. Cross
  • E. Star


Answer : E

Question 11

Which of the following multicast commands would you use to remove routes from the
multicast routing table?









  • A. show ip mroute
  • B. ip multicast boundary
  • C. clear ip mroute
  • D. ip multicast ttl-threshold
  • E. show ip multicast boundary


Answer : C

Question 12

The SmartUpdate command line "cprinstall get" will:

  • A. Install Check Point products on remote Check Point gateways
  • B. Verify if a specific product can be installed on the remote Check Point gateway
  • C. Delete Check Point products on remote Check Point gateways
  • D. Verify that the Operating System and currently installed products are appropriate for the package
  • E. Obtain details of the products and the Operating System installed on the specified Check Point gateway, and to update the database


Answer : E

Question 13

The diagrams show your network and the encrypt rule. If the source and destination are
inside the VPN Domain of the same gateway i.e. Source X is in Net_A and Destination Y is
in Net_B. The connection originates at X and reaches the gateway, which forwards the
response back to Y. Which of the following is true?



  • A. The gateway 1 will drops the connection from Net_A to Net_B
  • B. The connection from Net_A to Net_B will not be encrypted
  • C. The connection from Net_A to Net_B will be authenticated
  • D. The gateway 1 will need authentication
  • E. The connection from Net_A to Net_B will be encrypted


Answer : B

Question 14

IPSO file systems are based on which of the following file system type?

  • A. UFS
  • B. FAT32
  • C. NTFS
  • D. FAT
  • E. DOS


Answer : A

Question 15

When upgrading ClusterXL , which of the following options will you choose if network
activity is required during the upgrade process?

  • A. Full Downtime
  • B. Minimal Effort Upgrade
  • C. Full Connectivity Upgrade
  • D. Zero Downtime
  • E. Maximum Effort Upgrade


Answer : D

Page 1