Checkpoint 156-215.13

Check Point Certified Security Administrator – GAiA

(Page 1 out of 24)
Showing 15 of 358 Questions
Exam Version: 6.2
Question No : 1 - Topic 1

You want to reset SIC between smberlin and sgosaka.


In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start
cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key.
The screen reads The SIC was successfully initialized and jumps back to the cpconfig
menu. When trying to establish a connection, instead of a working connection, you receive
this error message:

What is the reason for this behavior?

  • A. The Gateway was not rebooted, which is necessary to change the SIC key.
  • B. The Check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
  • C. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
  • D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

Answer : B



Question No : 2 - Topic 1

What is the primary benefit of using the command upgrade_export over either backup or
snapshot?

  • A. The commands backup and snapshot can take a long time to run whereas upgrade_export will take a much shorter amount of time.
  • B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where backup and snapshot will not.
  • C. upgrade_export has an option to back up the system and SmartView Tracker logs while backup and snapshot will not.
  • D. upgrade_export is operating system independent and can be used when backup or snapshot is not available.

Answer : D



Question No : 3 - Topic 1

How is wear on the flash storage device mitigated on diskless appliance platforms?

  • A. The external PCMCIA-based flash extension has the swap file mapped to it, allowing easy replacement.
  • B. A RAM drive reduces the swap file thrashing which causes fast wear on the device.
  • C. Issue FW-1 bases its package structure on the Security Management Server, dynamically loading when the firewall is booted.
  • D. PRAM flash devices are used, eliminating the longevity.

Answer : B



Question No : 4 - Topic 1

Which command displays the installed Security Gateway version?

  • A. fw ver
  • B. fw stat
  • C. fw printver
  • D. cpstat -gw

Answer : A



Question No : 5 - Topic 1

Which command allows you to view the contents of an R76 table?

  • A. fw tab -s <tablename>
  • B. fw tab -t <tablename>
  • C. fw tab -x <tablename>
  • D. fw tab -a <tablename>

Answer : B



Question No : 6 - Topic 1

During which step in the installation process is it necessary to note the fingerprint for first-
time verification?

  • A. When configuring the Security Gateway object in SmartDashboard
  • B. When configuring the Security Management Server using cpconfig
  • C. When establishing SIC between the Security Management Server and the Gateway
  • D. When configuring the Gateway in the WebUI

Answer : B



Question No : 7 - Topic 1

When launching SmartDashboard, what information is required to log into R76?

  • A. User Name, Management Server IP, certificate fingerprint file
  • B. User Name, Password, Management Server IP
  • C. Password, Management Server IP
  • D. Password, Management Server IP, LDAP Server IP

Answer : D



Question No : 8 - Topic 1

Which of the following tools is used to generate a Security Gateway R76 configuration
report?

  • A. infoCP
  • B. cpinfo
  • C. infoview
  • D. fw cpinfo

Answer : B



Question No : 9 - Topic 1

You installed Security Management Server on a computer using GAiA in the MegaCorp
home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a
second SecurePlatform computer, which you plan to ship to another Administrator at a
MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway
before shipping it?

  • A. 2, 1, 3, 4, 5
  • B. 2, 3, 4, 5, 1
  • C. 1, 3, 2, 4, 5
  • D. 2, 3, 4, 1, 5

Answer : A



Question No : 10 - Topic 1

How can you check whether IP forwarding is enabled on an IP Security Appliance?

  • A. clish -c show routing active enable
  • B. ipsofwd list
  • C. cat /proc/sys/net/ipv4/ip_forward
  • D. echo 1 > /proc/sys/net/ipv4/ip_forward

Answer : B



Question No : 11 - Topic 1

You have configured SNX on the Security Gateway. The client connects to the Security
Gateway and the user enters the authentication credentials. What must happen after
authentication that allows the client to connect to the Security Gateway's VPN domain?

  • A. Active-X must be allowed on the client.
  • B. The SNX client application must be installed on the client.
  • C. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
  • D. An office mode address must be obtained by the client.

Answer : C



Question No : 12 - Topic 1

UDP packets are delivered if they are ___________.

  • A. referenced in the SAM related dynamic tables
  • B. a valid response to an allowed request on the inverse UDP ports and IP
  • C. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
  • D. bypassing the kernel by the forwarding layer of ClusterXL

Answer : B



Question No : 13 - Topic 1

  • A. Create a time object, and add 48 hours as the interval. Select that time object's Global Properties > Logs and Masters window, to schedule a logswitch.
  • B. Create a time object, and add 48 hours as the interval. Open the primary Security Management Server object's Logs and Masters window, enable Schedule log switch, and select the Time object.
  • C. On a SecurePlatform Security Management Server, this can only be accomplished by configuring the command fw logswitch via the cron utility.
  • D. Create a time object, and add 48 hours as the interval. Open the Security Gateway object's Logs and Masters window, enable Schedule log switch, and select the Time object.

Answer : B



Question No : 14 - Topic 1

The London Security Gateway Administrator has just installed the Security Gateway and
Management Server. He has not changed any default settings. As he tries to configure the
Gateway, he is unable to connect. Which troubleshooting suggestion will NOT help him?

  • A. Check if some intermediate network device has a wrong routing table entry, VLAN assignment, duplex-mismatch, or trunk issue.
  • B. Verify that the Rule Base explicitly allows management connections.
  • C. Test the IP address assignment and routing settings of the Security Management Server, Gateway, and console client.
  • D. Verify the SIC initialization.

Answer : B



Question No : 15 - Topic 1

Which of the below is the MOST correct process to reset SIC from SmartDashboard?

  • A. Run cpconfig, and click Reset.
  • B. Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.
  • C. Click Communication > Reset on the Gateway object, and type a new activation key.
  • D. Run cpconfig, and select Secure Internal Communication > Change One Time Password.

Answer : B



(Page 1 out of 24)
Showing of 358 Questions
Exam Version: 6.2