Best Deal for Unlimited Exam Access
The Fastest Way to Pass Any Exam for Only $149.00

Exam Code: 156-315.13
Exam Name: Check Point Certified Security Expert
Certifications: View All..
Vendor: Checkpoint

639 Questions & Answers
Last update: Dec 08,19
Verified by IT Certification Professionals

Get Instant Access to 156-315.13 Exam and 1,200+ More

Unlimited Lifetime Access Package

  • Access any exam on the entire ActualTests site for life!

  • Our $149.00 Unlimited Access Package buys unlimited access to our library of downloadable PDFs for 1200+ exams.

  • You download the exam you need, and come back and download again when you need more. Your PDF is ready to read or print, and when there is an update, you can download the new version. Download one exam or all the exams - its up to you.


Actual Test Exam Engine

Upgrade your Unlimited Lifetime Access with our interactive Exam Engine! Working with the ActualTests Exam Engine is just like taking the actual tests, except we also give you the correct answers. See More >>

Total Cost: $348.00

Checkpoint 156-315.13 Exam Reviews 156-315.13 Exam Engine Features

Checkpoint 156-315.13 Exam Tips

User Authentication can be used to authenticate which services? (Select all that apply.)

A. HTTP (correct)
C. RLOGIN (correct)
D. FTP (correct)
E. TELNET (correct)

With Session Authentication you can authenticate 4 services: HTTP, FTP, Telnet and RLogin. See Page 282 of Syngress Book "Check Point NG - Next Generation Security Administration".

When can Hide Mode not be used?

A. Where the port number cannot be changed (correct)
B. Where the port number can be changed
C. Where the external server must distinguish between clients based on their IP address (correct)
D. something else

Hide mode NAT can't be used when the port number cannot change because hide mode changes the source IP port to recognize the connections, also you can't reach a host through the gateway from the outside if you are applying Hide mode NAT to it. If you have one of this 2 cases you have to use Static NAT.

What is true of the Enforcement Module? (Select all that apply)

A. Usually installed on a multihomed machine (correct)
B. Manages logging
C. Is installed on a host enforcement point (correct)
D. Examines all communications according to a Enterprise Security Policy (correct)
E. Can provide authentication and Content Security features at the application level (correct)

We normally use a multihomed machine to have internal, external and DMZ interfaces. It's also installed in a enforcement point, because it will analyze the network traffic to comply with the enterprise security policy. Additionally, it can provide authentication through the supported schemes (Client, Session, User) and also some content security at the application level like stripping off Java code from HTTP connections.

Which is not a step in Session Authentication?

A. The user initiates a connection directly to the server.
B. The Session Authentication agent prompts the user for the authentication data and returns this information to the Inspection Module.
C. If the authentication is successful, then the VPN-1/Firewall-1 NG module allows the connection to pass through the gateway, and continue to the target server.
D. The Session Authentication agent prompts the user for authentication data and returns this information to the Inspection Module.
E. The Session Authentication agent prompts the user for authentication data after a valid check of (something) and returns this information to the Inspection Module. (correct)

In session authentication the session agent doesn't try to authenticate the user if the validation checking is already done.
Here is the complete process:
First, the user connects directly to the destination server, then the inspection module intercepts the connection and the inspection module connects to the session agent on the client PC, then the session agent prompts the user for authentication data and returns it to the inspection engine in the firewall, at the end, if the authentication is successful, the gateway allows the connection to pass through to the target server.

What is not a feature of the SVN Foundation.

A. Watch dog for critical services
B. Cpstart/CPstop
C. CPMAD (correct)
D. Check Point Registry

CPMAD is a log analyzer for Checkpoint, it compares the logs with the rules defined for alerting. It's not part of the SVN Foundation package. See Page 1.19 of the official CCSA NG Courseware - Management I.

______ rules, defined in a firewall object's properties, are enforced before any rule in the Security Policy's Rule Base.

A. Anti-spoofing (correct)
B. Explicit
C. Implicit
D. Implicit drop
E. None of the above

Users must enter a username and a password on the first attempt while using Secure Client Authentication window to connect to a site. Passwords are shared in memory instead if being written to disk, and are erased upon reboot.

A. True (correct)
B. False

This is true, the passwords are saved in the Secure Client Daemon, instead of being written to disk, they are erased when you reboot. See Page 12.31 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

The IKE encryption scheme encrypts the original TCP and IP headers along with the packet data.

A. True (correct)
B. False

IKE uses Tunneling-mode encryption, which work by encapsulating the entire packet, and then adding its own encryption protocol header to the encrypted packet.See Page 7.15 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).

You are setting up an IKE VPN between the VPN-1/Firewall-1 modules protecting two networks. One network is using a RFC 1918 compliant address range of and the other network is using a RFC1 818 compliant address range What method of address translation would you use?

A. Static Source.
B. Static destination.
C. Dynamic source.
D. Dynamic
E. None (correct)

NAT is not required in a IKE VPN unless the two networks are sharing the same address range.

Related Certifications Included