Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-215.13
Exam Name: Check Point Certified Security Administrator - GAiA
Certifications: View All..
Vendor: Checkpoint

358 Questions & Answers
Last update: Nov 17,19
Verified by IT Certification Professionals

Get Instant Access to 156-215.13 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.


Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-215.13 Exam Reviews 156-215.13 Exam Engine Features

Checkpoint 156-215.13 Exam Tips

What is the software package through which all Check Point products use infrastructure services?

A. Cpstart/cpstop.
B. Check Point Registry.
D. Watch Dog for critical services.
E. SVN Foundation. (correct)

SVN or "Secure Virtual Network" foundation is the piece of code used by all the checkpoint implementations through the different platforms to achieve infrastructure services and communication between the components.

Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation's Chief Executive Officer?

A. Security Log.
B. Active Connections Log.
C. Accounting Log.
D. Administrative Log.
E. None of the above. (correct)

There is not way to see the actual content inside a data transfer with Checkpoint NG. For example its not possible to display what's the content of an HTML site viewed trough the HTTP protocol from Log Viewer.

The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves.

A. True (correct)
B. False

with "fw fetch" command you can specify an IP address to fetch a policy from, so you just need to specify the IP address of the management server that has the right policy destined to your firewall
module. Remember that you need to have a trust relationship established through SIC certificates. (Secure Internal Communications).
fw fetch

You can edit VPE objects before they are actualized (translated from virtual network objects to real).

A. True
B. False. (correct)

as stated by checkpoint engineers in the checkpoint web site, the objects corresponding to the Visual Policy Editor cannot be edited until they are actualized, and that actualization takes place when the topology calculations get to a consistent state, this makes the Visual Policy editor gets to a convergent state and let you edit the VPE's.

NAT can NOT be configured on which of the objects?

A. Hosts
B. Gateways
C. Networks
D. Users (correct)
E. Routers

you can't configure NAT in a user because there is nothing useful to translate in a user relating to NAT technologies, users do not have network addresses itself, and NAT translates just that, network addresses. The users are not identified by addresses, the hosts are.

What is the command for installing a Security Policy from a *.W file?

A. Fw gen and then the name of the .W file.
B. Fw load and then the name of .W file. (correct)
C. Fw regen and then the name of the .W file.
D. Fw reload and then the directory location of the .W file.
E. Fw import and then the name of the .W file.

The .W files provides contains the information displayed graphically in the GUI regarding the rulebase upon saving or installation of the policy, its editable with a text editor. The command "fw load" will change the .W file to a *.pf file and compile into inspect code for policy installation in the enforcement module.

The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time.

A. True
B. False (correct)

yes, you can use client authentication for any service and the authentication in only valid for a specific length of time, but you can't use it for any number of connection, this number is limited and can be configured. See the product online Documentation of the NG Suite for more detailed information.

The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base.

A. True
B. False (correct)

you don't have blocking rules inside your rulebase, all your blocking actions are made from "Block intruder" dialog box" at the active connection monitor in the log viewer. To unlock connection you
could unload the firewall module (fwstop command) or remove it manual, this is done without modifying the existing rulebase in policy editor. See page 108 from book "Essential Checkpoint Firewall 1".

You are using static Destination NAT. You have VPN-1/FireWall-1 NG running on Windows NT/Solaris platform. By default, routing occurs after the address translation when the packet is passing form the client towards the server.

A. True
B. False (correct)

the statement in the question is wrong,, when the packets are traveling from the client toward the server in a static destination NAT case, the first thing that takes place is routing and the we have the
address translation. See "Static Destination NAT" in the book Essential Checkpoint Firewall-1 from Guru Dameon Welch.

Related Certifications Included