Check Point Certified Security Expert - R82 (CCSE) v1.0

Page:    1 / 7   
Exam contains 100 questions
Expand All

In Management HA, changes in policy and object are performed through the active server. What happens if the active server fails or is taken offline?

  • A. One of the standby servers must be promoted to Primary Management Server to make it active
  • B. The standby server with the highest priority set by the administrator automatically becomes active
  • C. A changeover can be initiated manually to make a standby server become active
  • D. The closest standby server will immediately become active within 3 seconds


Answer : C

According to the policy installation, the transfer state (CPTA) is invoked by the FWM (Firewall) process which initiates the Transfer/Commit phase. On the Security Gateway side a process receives them and first stores them into a temporary directory. Which process is true for receiving these files?

  • A. FWD
  • B. CPD
  • C. FWM
  • D. RAD


Answer : A

Alice & Bob are concurrently logged in to the SmartConsole under Logs & Servers to check for the IKE “Key Install” between a working VPN Site-to-Site Tunnel between site Alpha and site Bravo. Which of the following IKE versions are available?

  • A. IKE
  • B. IKEv1 & IKEv3
  • C. IKEv1 & IKEv2
  • D. IKEv2 & IKEv4


Answer : C

Internet Key Exchange (IKE) a standard key management protocol that is used to do what exactly?

  • A. Renew both Phase 1 and Phase 2 IPSec keys when they expire.
  • B. Renew the Phase 2 key when it expires, after 60 minutes by default.
  • C. Update the VPN Domain information and renew expired keys when they expire.
  • D. Create the VPN tunnels by, Authenticating peers, agreeing on keys and methods to be used for encryption.


Answer : D

Can a VPN Gateway be a member of more than one VPN community?

  • A. No, it could be used only in one VPN Community.
  • B. Yes, it is possible, but with correct modifications of vpn_route.conf file on each VPN Gateway
  • C. Yes, if it doesn’t pair with another VPN Gateway in more than one VPN Community.
  • D. Yes, it could be used in more than one VPN Community, if all VPN Gateways are managed with the same Security Management.


Answer : D

What is true regarding the number of involved Management Servers in a Management HA environment?

  • A. You can have one Primary Management Server and one or more Secondary Management Server(s).
  • B. You can have multiple Primary Management Servers in a Load Sharing Mode HA Environment.
  • C. You can have one Primary Management Server and one Secondary Management Server.
  • D. You can have multiple Primary Management Servers behind a Load Balancer, such as the Logical Server, but in this scenario, you can only use Round Robin as the Distribution Mechanism.


Answer : A

To form a tunnel IKEv2 uses two exchange types - IKE_SA_INIT and IKE_AUTH. How many packets are transferred between the VPN peer gateways during the two exchanges?

  • A. Each exchange involves two messages, making a total of 4 packets.
  • B. For a site-to-site VPN on Check Point using IKEv2, the normal exchange is indeed nine packets
  • C. 9 packets unless legacy peers are included in the VPN community, which uses just 6 packets, 3 per exchange.
  • D. 6 packets. There are 4 in the SA_INIT exchange because of the Diffie Hellman process.


Answer : A

The Gateways has to mutually authenticate during the IPSec negotiation phase. There are two methods for this, namely:

  • A. Pre-shared secret and PKI Certificate
  • B. Kerberos and LDAP
  • C. OCSP and Certificate Revocation List
  • D. RSA SecurID and Dynamic ID


Answer : A

When a solution is configured with Route-based VPN method what interfaces are used?

  • A. The Gaia Portal Web User Interface (WebUI)
  • B. Only the internal interfaces, which are included in a special Route-based Domain (Network Group object).
  • C. Virtual Tunnel Interfaces (VTI)
  • D. External interface with a secondary IP address


Answer : C

When creating a VPN tunnel with a third party product which object should you create in Smart Console to represent the remote side?

  • A. Externally Managed VPN Gateway
  • B. Gateway
  • C. Host
  • D. Interoperable Object


Answer : D

How many packets are used in Aggressive Mode for negotiation?

  • A. 3
  • B. 4
  • C. 8
  • D. 6


Answer : A

Any VPN Gateway that can establish a direct VPN Tunnel with any Peer Gateway is member of which VPN Community

  • A. Direct Community
  • B. Any Community
  • C. Star Community
  • D. Mesh Community


Answer : D

Where can Firewall administrator configure VPN routes between Security Gateways?

  • A. vpn_route.conf (on Security Management)
  • B. via Gaia Portal or CLI (on Security Gateway)
  • C. VTI_route.conf (on Security Management)
  • D. vpn_route.conf (on Security Gateway)


Answer : D

Choose the correct object name for a third-Party (Non-Check Point) IPSec VPN device.

  • A. External Device
  • B. External Gateway
  • C. Interoperable Device
  • D. 3rd-Party Device


Answer : C

How many packets are used in IKEv1 Phase1 Main Mode exchange?

  • A. 6
  • B. 5
  • C. 8
  • D. 3


Answer : A

Page:    1 / 7   
Exam contains 100 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams