Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-910.70
Exam Name: Check Point Certified Security Administrator R70 Upgrade
Certifications: View All..
Vendor: Checkpoint

384 Questions & Answers
Last update: Oct 26,19
Verified by IT Certification Professionals

Get Instant Access to 156-910.70 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.


Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-910.70 Exam Reviews 156-910.70 Exam Engine Features

Checkpoint 156-910.70 Exam Tips

Which logical server type hides the address of the real servers from the clients?

A. HTTP redirect
B. Other (correct)
C. NAT redirect


neither A,C or D are valid types of servers used to hide addresses by clients. You can hide the real address of a server by using NAT (either Static or Dynamic), but there is no a 'NAT redirect' server.

When AMC initializes if there is a red X against the LDAP server (account server) what does this mean?

A. It means that the account server is not functioning.
B. It means that the account server is read only.
C. It means that the account server has not been created in the AMC. (correct)
D. It means that the account server is not accepting commands from this AMC.


according to Checkpoint NG online documentation, this could happen when we have not the account created for the LDAP server in the AMC. This red X, is a clear indicator that your configuration is not complete. See 'Troubleshooting AMC' at the online Checkpoint NG documentation.

Before configuring a new user, group or organizational unit in an LDAP server which of the following should be done?

A. Disable schema checking and restart the LDAP server and AMC. (correct)
B. Enable schema checking and restart the LDAP server and AMC.
C. Disable schema checking but do not restart the LDAP server and AMC.
D. Enable schema checking but do not restart the LDAP server and AMC.


in LDAP implementations, its always better to disable the schema checking of the directory before adding objects to it. This is because the object creating can provide some 'refresh' problems in the directory as a whole. For this reason, its better to disable the checking of the schema. Once you are done with the creation of the objects, you should restart the LDAP server and the AMC to make the new objects effective, and make the 'refresh' process in a correct fashion.

What version of VPN1/FW1 introduced Secure Client?

A. 2.1
B. 3.1
C. 4.1 (correct)
D. 5.1


This is true, the first version of Secure Client was provided with VPN1/FW1 4.1. If you search the checkpoint web site about Secure Client, you will see that you can't get a version earlier than the one that was provided with VPN1/FW1 4.1. You can also see that earlier compatibility is only provided for 4.1 version.

Which encryption method(s) are supported by SecuRemote client pre-version 4.0?

B. FWZ (correct)


Since FWZ or 'Firewall 1Encryption' is the proprietary Checkpoint encryption scheme, it was the first to be supported by SecuRemote. In checkpoint NG, you can use FWZ with the FWZ1 (Checkpoint proprietary symmetric encryption algorithm, It uses a 40 bits key length) and DES encryption algorithms, and, as a Authentication algorithm, it can use MD5.
See Page 7.10 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

When you first connect to a certificate authority you get a warning message because the transaction to get the CA public key cannot be authenticated. What should you do?

A. Your CA has been spoofed take appropriate action.
B. Reject the key and try again, it will probably be OK next time.
C. This is normal, you may want to verify the key over the phone. (correct)
D. Reconfigure your firewall to correct the error.


This is an absolutely normal behavior, since you are connecting for the first time to the certification authority it will display this kind of warning message, so you may want to verify the keys over another alternative communication method, this could be the phone, a FAX or something else. This warning message will not appear again the next time you connect to the certification authority.

Which of the following protocols open back connections on another port to that which the initial connection is made as part of the normal progression of the connection? (Choose all that apply)

A. FTP (correct)
B. RSH (correct)
C. Telnet


A clear case of this behavior is the FTP protocol, because it uses 2 ports in parallel, it uses port 21 for the connection control on port TCP 21 and it use port TCP 20 for the actual data transfer. With FTP we begin the connection in port 20 TCP and with the progression of it, the port 20 TCP is also open as a back connection. This behavior is also true with the RSH protocol, obviously using other ports than FTP.
With telnet and SMTP, we only use 2 ports for the whole protocol functionality at all times. They are port 23 TCP for telnet and port 25 TCP for SMTP.

What parameters are available on the SYNDefender screen of global properties to tune SYNDefender operation? (Choose all that apply)

A. Maximum retries
B. Maximum sessions (correct)
C. Time out (correct)
D. Block source


This are the 2 configurable options in the global properties relating to SynDefender. 'Timeout for SYN attack identification' specified how long VPN1/FW1 NG waits for an acknowledge from the client, before terminating the connection. 'Maximum protected sessions' specifies the maximum number of protected sessions from one connection. The maximum sessions allowed are the number of pending sessions VPN1/FW1 NG allows outside the network.
See Page 6.12 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

Which of the following is NOT true about a SEP VPN?

A. All gateways must be on the same platform.
B. All gateways must be running the same software version.
C. All gateways must have the same hardware configuration. (correct)
D. The management server cannot be on the same host as a gateway.


'Single Entry point' VPN's enable your enterprise to deploy a solution that protects critical elements of the network. Before you go about configuring SEP VPN solutions, you need to make sure that gateway clusters are enabled on the management server, remember that this will be a cluster. There is a limitation for the creation of SEP VPN's, it's the Hardware configuration, it must be the same. See page 488 of Syngress Book 'Checkpoint NG Next Generation Security Administration'.

Related Certifications Included