156-915.76 Check Point Certified Security Expert Update Blade

Page 1   
Question 1

Which of the following tools is used to generate a Security Gateway R76 configuration

  • A. infoCP
  • B. cpinfo
  • C. infoview
  • D. fw cpinfo

Answer : B

Question 2

Many companies have defined more than one administrator. To increase security, only one
administrator should be able to install a Rule Base on a specific Firewall. How do you
configure this?

  • A. Define a permission profile in SmartDashboard with read/write privileges, but restrict it to all other firewalls by placing them in the Policy Targets field. Then, an administrator with this permission profile cannot install a policy on any Firewall not listed here.
  • B. Put the one administrator in an Administrator group and configure this group in the specific Firewall object in Advanced > Permission to Install.
  • C. Right-click on the object representing the specific administrator, and select that Firewall in Policy Targets.
  • D. In the object General Properties representing the specific Firewall, go to the Software Blades product list and select Firewall. Right-click in the menu, select Administrator to Install to define only this administrator.

Answer : A

Question 3

  • A. Using the native GAiA backup utility from command line or in the Web based user interface.
  • B. Copying the directories $FWDIR/conf and $FWDIR/lib to another location.
  • C. Using the command upgrade_export.
  • D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp.

Answer : A

Question 4

You intend to upgrade a Check Point Gateway from R71 to R76. Prior to upgrading, you
want to back up the Gateway should there be any problems with the upgrade. Which of the
following allows for the Gateway configuration to be completely backed up into a
manageable size in the least amount of time?

  • A. upgrade_export
  • B. snapshot
  • C. backup
  • D. database revision

Answer : C

Question 5

You have three servers located in a DMZ, using private IP addresses. You want internal
users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net
10.10.10.x is configured for Hide NAT behind the Security Gateways external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the
DMZ servers public IP addresses?

  • A. When connecting to the Internet, configure manual Static NAT rules to translate the DMZ servers.
  • B. When connecting to internal network 10.10.10.x, configure Hide NAT for the DMZ network behind the Security Gateway DMZ interface.
  • C. When the source is the internal network 10.10.10.x, configure manual static NAT rules to translate the DMZ servers.
  • D. When trying to access DMZ servers, configure Hide NAT for 10.10.10.x behind the DMZs interface.

Answer : C

Question 6

Which command allows you to view the contents of an R76 table?

  • A. fw tab -s <tablename>
  • B. fw tab -t <tablename>
  • C. fw tab -x <tablename>
  • D. fw tab -a <tablename>

Answer : B

Question 7

Which of the following statements accurately describes the command upgrade_export?

  • A. Used primarily when upgrading the Security Management Server, upgrade_export stores all object databases and the /conf directories for importing to a newer Security Gateway version.
  • B. upgrade_export stores network-configuration data, objects, global properties, and the database revisions prior to upgrading the Security Management Server.
  • C. This command is no longer supported in GAiA.
  • D. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be included or excluded before exporting.

Answer : A

Question 8

You have created a Rule Base for firewall, websydney. Now you are going to create a new
policy package with security and address translation rules for a second Gateway.

What is TRUE about the new packages NAT rules?

  • A. NAT rules will be empty in the new package.
  • B. Rules 4 and 5 will appear in the new package.
  • C. Rules 1, 2, 3 will appear in the new package.
  • D. Only rule 1 will appear in the new package.

Answer : C

Question 9

How do you recover communications between your Security Management Server and
Security Gateway if you lock yourself out through a rule or policy mis-configuration?

  • A. fw delete all.all@localhost
  • B. fw unload policy
  • C. fwm unloadlocal
  • D. fw unloadlocal

Answer : D

Question 10

Peter is your new Security Administrator. On his first working day, he is very nervous and
enters the wrong password three times. His account is locked. What can be done to unlock
Peters account? Give the BEST answer.

  • A. It is not possible to unlock Peter’s account. You have to install the firewall once again or abstain from Peter’s help.
  • B. You can unlock Peters account by using the command fwm unlock_admin -u Peter on the Security Gateway.
  • C. You can unlock Peters account by using the command fwm lock_admin -u Peter on the Security Management Server.
  • D. You can unlock Peters account by using the command fwm unlock_admin -u Peter on the Security Management Server

Answer : C

Question 11

Looking at the SYN packets in the Wireshark output, select the statement that is true about

  • A. This is an example of Hide NAT.
  • B. This is an example of Static NAT and Translate destination on client side unchecked in Global Properties.
  • C. There is not enough information provided in the Wireshark capture to determine the NAT settings.
  • D. This is an example of Static NAT and Translate destination on client side checked in Global Properties.

Answer : A

Question 12

All R76 Security Servers can perform authentication with the exception of one. Which of the
Security Servers can NOT perform authentication?

  • B. HTTP
  • C. SMTP
  • D. FTP

Answer : C

Question 13

Before upgrading SecurePlatform, you should create a backup. To save time, many
administrators use the command backup. This creates a backup of the Check Point
configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after
creating a backup file. There is a mistake in the very complex static routing configuration.
The Check Point configuration has not been changed. Can the administrator use a restore
to fix the errors in static routing?

  • A. The restore is done by selecting Snapshot Management from the boot menu of GAiA.
  • B. A backup cannot be restored, because the binary files are missing.
  • C. The restore can be done easily by the command restore and selecting the file netconf.C.
  • D. The restore is not possible because the backup file does not have the same build number (version).

Answer : C

Question 14

Which component functions as the Internal Certificate Authority for R76?

  • A. Security Gateway
  • B. Management Server
  • C. Policy Server
  • D. SmartLSM

Answer : C

Question 15

The connection to the first ClusterXL member breaks. The first ClusterXL member leaves
the cluster. Afterwards the switch admin set on port to second ClusterXL member to down.
What will happen?

  • A. Second ClusterXL member still stays active as last member.
  • B. Both ClusterXL members share load equally.
  • C. Second ClusterXL member also left the cluster.
  • D. First ClusterXL member is asked to come back to cluster.

Answer : A

Page 1