156-215.77 Exam Dumps - Check Point Certified Security Administrator

SmartLog has been an option since release R71.10.

SmartLog is not a Check Point product.

SmartLog and SmartView Tracker are mutually exclusive.

SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

By using the Clear User Cache button in SmartDashboard.

Usernames and passwords only clear from memory after they time out.

By retrieving LDAP user information using the command fw fetchldap.

By installing a Security Policy.

Yes, but you need SPLAT operating system to enable the feature Hits Count in the SmartDashboard client.

Yes, since R75 40 you can use the feature Hits Count in the SmartDashboard client.

Yes, but you need Gala operating system to enable the feature Hits Count in the SmartDashboard client.

No, due to an architecture limitation it is not possible to track the number of connections each rule matches.

Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.

Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

The collective name of the Security Policy, Address Translation, and IPS Policies.

The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.

The collective name of the logs generated by SmartReporter.

A global Policy used to share a common enforcement policy for multiple Security Gateways.

Phase two key negotiation

Address translation

Log Consolidation Engine

User data base corruption

Stand-Alone Installation.

Distributed Installation.

Unsupported configuration.

Hybrid Installation.

Distributed Installation

Unsupported configuration

Hybrid Installation

Stand-Alone Installation

Asymmetric encryption

Dynamic encryption

Certificate-based encryption

Symmetric encryption

SIC Certificates

Licenses

Route tables

Global properties

Create a new logical-server object to represent your partner’s CA.

Exchange exported CA keys and use them to create a new server object to represent your partner’s Certificate Authority (CA).

Manually import your partner’s Certificate Revocation List.

Manually import your partner’s Access Control List.

2, 4, 7, 10, 11

3, 4, 5, 6, 9, 12, 13

5, 6, 9, 12, 13

1, 2, 8, 10, 11

(5) Delete all IPsec SAs for a given peer (GW)

(7) Delete all IPsec+IKE SAs for a given peer (GW)

(6) Delete all IPsec SAs for a given User (Client)

(8) Delete all IPsec+IKE SAs for a given User (Client)

Session and Transport

Physical and Data

Presentation and Application

Datalink and Network

The firewall has failed to sync with the Security Management Server for 60 minutes.

The firewall object has been created but SIC has not yet been established.

The firewall is not listed in the Policy Installation Targets screen for this policy package.

The license for this specific firewall has expired.

Rule 3

Rule 4

Rule 6

Rule 5

When accuracy in detecting identity is crucial

Leveraging identity for Data Center protection

Protecting highly sensitive servers

Identity based enforcement for non-AD users (non-Windows and guest users)

Gateway

Interoperable Device

Externally managed gateway

Network Node

can connect to the Internet successfully after being authenticated.

is prompted three times before connecting to the Internet successfully.

can go to the Internet after Telnetting to the client authentication daemon port 259.

can go to the Internet, without being prompted for authentication.

An alert cannot be configured in SmartView Monitor.

By choosing the Gateway, and Configure Thresholds.

By right-clicking on the Gateway, and selecting Properties.

By right-clicking on the Gateway, and selecting System Information.

user is prompted for authentication by the Security Gateway again.

FTP data connection is dropped after the user is authenticated successfully.

user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication.

FTP connection is dropped by Rule 2.

Policy Package Management

Copying the directories $FWDIR\conf and $CPDIR\conf to another server

Execute command upgrade_export

Database Revision Control

Inbound

Outbound

Post-inbound

Eitherbound

Hide

Static Destination

Static Source

Dynamic Destination

The Administrator decides the rule order by shifting the corresponding rules up and down.

The Static NAT rules have priority over the Hide NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

The Hide NAT rules have priority over the Static NAT rules and the NAT on a node has priority over the NAT on a network or an address range.

The rule position depends on the time of their creation. The rules created first are placed at the top; rules created later are placed successively below the others.

Rule 4

Rule 6

Rule 3

Rule 5

A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are defined by the selection in the Rule Base row Install On.

When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is shown in the list of possible installation targets after selecting Policy > Install on Target.

In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct firewall via Specific Targets.

A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the appropriate target directly after selecting Policy > Install on Target.

Eventia Tracker

SmartView Monitor

Eventia Monitor

SmartView Tracker

Destination Translated on Server side

Destination Translated on Client side

Source Translated on both sides

Source Translated on Client side

Using SmartDashboard, under Users, select Add New Administrator

Using SmartDashboard or cpconfig

Using the Web console on GAiA under Product configuration, select Administrators

Using cpconfig on the Security Management Server, choose Administrators

Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to an authentication (captive) portal?

Have the security administrator reboot the firewall

Have the security administrator select Any for the Machines tab in the appropriate Access Role

Install the Identity Awareness agent on her iPad

Peers agree on encryption method.

Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.

Peers agree on integrity method.

Each side generates a session key from its private key and the peer’s public key.

Run cpconfig, and click Reset.

Click the Communication button for the firewall object, then click Reset. Run cpconfig and type a new activation key.

Run cpconfig, and select Secure Internal Communication > Change One Time Password.

Click Communication > Reset on the Gateway object, and type a new activation key.

12

1

3

6

AD Query

Captive Portal

Identity Agent

GPO

259, 900

256, 600

80, 256

8080, 529

The Allow Control Connections setting in Policy > Global Properties has been unchecked.

A Stealth Rule has been configured for the R77 Gateway.

The Security Policy installed to the Gateway had no rules in it.

The Gateway Object representing your Gateway was configured as an Externally Managed VPN Gateway.

A group with generic user

All users

LDAP Account Unit Group

Internal user Group

Client Authentication

Manual Authentication

User Authentication

Session Authentication

IPS

Cleanup

Reject

Stealth

Export setup

DHCP Server configuration

Time & Date

GUI Clients

Export setup

DHCP Server configuration

GUI Clients

Time & Date

Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.

As expert user, type the command snapshot -r MySnapshot.tgz.

As expert user, type the command revert --file MySnapshot.tgz.

As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.

You create them in SmartDashboard.

The Gateway enforces implicit rules that enable outgoing packets only.

Changes to the Security Gateway’s default settings do not affect implicit rules.

They are derived from Global Properties and explicit object properties.

clish -c show routing active enable

cat /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/ip_forward

ipsofwd list

User Authentication

Client Authentication

Session Authentication

Cleanup

manual backup

upgrade_export

backup

snapshot

Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows

Check Point GAiA and SecurePlatform, and Microsoft Windows

Check Point GAiA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO

Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows

Specific ICA Certificate

AD User

Radius Group

Windows Domain

If the user credentials do not match an Access Role, the system displays the Captive Portal.

If the user credentials do not match an Access Role, the system displays a sandbox.

If the user credentials do not match an Access Role, the traffic is automatically dropped.

If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

First. It explicitly accepts otherwise dropped traffic.

Last. It explicitly drops otherwise accepted traffic.

Last. It serves a logging function before the implicit drop.

Before last followed by the Stealth Rule.

test_ldap

test_ad_connectivity

test_ldap_connectivity

test_ad

IP spoofing/IP options

Security Policy First rule

Administrator-defined Rule Base

Network Address Translation

Using the remote Gateway’s IP address, and attaching the license to the remote Gateway via SmartUpdate.

Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.

Using the remote Gateway's IP address, and applying the license locally with the command cplic put.

Using each of the Gateways’ IP addresses, and applying the licenses on the Security Management Server with the command.

Using the command line, enter snmp_install.

From cpconfig, select SNMP extension.

Any of these options will work.

In SmartDashboard, right-click a Check Point object and select Activate SNMP.