156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 10

  1. Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?

    • The two algorithms do not have the same key length and so don’t work together. You will get the error … No proposal chosen…
    • All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
    • Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
    • All is fine and can be used as is.
  2. Choose the SmartLog property that is TRUE.

    • SmartLog has been an option since release R71.10.
    • SmartLog is not a Check Point product.
    • SmartLog and SmartView Tracker are mutually exclusive.
    • SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.
  3. Which directory holds the SmartLog index files by default?

    • $SMARTLOGDIR/data
    • $SMARTLOG/dir
    • $FWDIR/smartlog
    • $FWDIR/log
  4. To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?

    • Full HA Cluster
    • High Availability
    • Standalone
    • Distributed
  5. Can a Check Point gateway translate both source IP address and destination IP address in a given packet?

    • Yes
    • No
    • Yes, but only when using Automatic NAT.
    • Yes, but only when using Manual NAT.
  6. Which of the following is NOT defined by an Access Role object?

    • Source Network
    • Source Machine
    • Source User
    • Source Server
  7. You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?

    1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.
    2. Initialize Internal Certificate Authority (ICA) on the Security Management Server.
    3. Configure the Gateway object with the host name and IP addresses for the remote site.
    4. Click the Communication button in the Gateway object’s General screen, enter the activation key, and click Initialize and OK.
    5. Install the Security Policy.

    • 2, 3, 4, 1, 5
    • 2, 1, 3, 4, 5
    • 1, 3, 2, 4, 5
    • 2, 3, 4, 5, 1
  8. You want to reset SIC between smberlin and sgosaka.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q08 044
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q08 044

    In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message:

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q08 045
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q08 045

    What is the reason for this behavior?

    • The Gateway was not rebooted, which is necessary to change the SIC key.
    • You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
    • The check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
    • The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
  9. Which of these components does NOT require a Security Gateway R77 license?

    • Security Management Server
    • Check Point Gateway
    • SmartConsole
    • SmartUpdate upgrading/patching
  10. What statement is true regarding Visitor Mode?

    • VPN authentication and encrypted traffic are tunneled through port TCP 443.
    • Only ESP traffic is tunneled through port TCP 443.
    • Only Main mode and Quick mode traffic are tunneled on TCP port 443.
    • All VPN traffic is tunneled through UDP port 4500.
  11. Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?

    • A star community requires Check Point gateways, as it is a Check Point proprietary technology.
    • In a star community, satellite gateways cannot communicate with each other.
    • In a mesh community, member gateways cannot communicate directly with each other.
    • In a mesh community, all members can create a tunnel with any other member.
  12. What CLI utility allows an administrator to capture traffic along the firewall inspection chain?

    • show interface (interface) –chain
    • tcpdump
    • tcpdump /snoop
    • fw monitor
  13. Your bank’s distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

    • SmartView Tracker
    • SmartPortal
    • SmartUpdate
    • SmartDashboard
  14. NAT can NOT be configured on which of the following objects?

    • HTTP Logical Server
    • Gateway
    • Address Range
    • Host
  15. The fw monitor utility is used to troubleshoot which of the following problems?

    • Phase two key negotiation
    • Address translation
    • Log Consolidation Engine
    • User data base corruption
  16. You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.

    • In the SmartView Tracker, if you activate the column Matching Rate.
    • In SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerning Top Matched Logged Rules.
    • SmartReporter provides this information in the section Firewall Blade – Security > Rule Base Analysis with information concerning Top Matched Logged Rules.
    • It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.
  17. Study the Rule base and Client Authentication Action properties screen.

    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q17 046
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q17 046
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q17 047
    156-215.80 Check Point Certified Security Administrator (CCSA R80) Part 10 Q17 047

    After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:

    • user is prompted for authentication by the Security Gateways again.
    • FTP data connection is dropped after the user is authenticated successfully.
    • user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication
    • FTP connection is dropped by Rule 2.
  18. What are the three tabs available in SmartView Tracker?

    • Network & Endpoint, Management, and Active
    • Network, Endpoint, and Active
    • Predefined, All Records, Custom Queries
    • Predefined, All Records, Custom Queries
  19. In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

    • Rule 0
    • Blank field under Rule Number
    • Rule 1
    • Cleanup Rule
  20. Which SmartConsole component can Administrators use to track changes to the Rule Base?

    • WebUI
    • SmartView Tracker
    • SmartView Monitor
    • SmartReporter