CCSA Flashcards

Question

You are unabled to login to SmartDashboard. You log into the management server and run `cpwd_admin list` with the following output: What reason could possibly BEST explain why you are unable to connect to SmartDashboard? 1. CPD id down 2. SVR is down 3. CPM is down 4. CPSM is down

Answer 1

3.CPM is down

Answer 2

1. Inform, ask, and block

Answer 3

3. All Connections (Clear or Encrypted)

Answer 4

4. `show configuration`

Answer 5

2. SecureID

Answer 6

1. Define an accept rule in Security Policy. Define Security Gateway to hide all internal networks behind the gateway's external IP. Publish and install the policy.

Answer 7

4. Advanced Networking Blade

Answer 8

1. Three, security management, Security Gateway, and endpoint security

Answer 9

2. 389; 636

Answer 10

2. Load Sharing Multicast

Answer 11

3.SmartConsole, Security Management Server, Security Gateways

Answer 12

3. In `cpconfig` on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole. Manage and Settings > Permissions and Administrators > Trusted Clients.

Answer 13

3. No effect

Answer 14

2. AppWiki

Answer 15

2. cpconfig

Answer 16

2. `upgrade_export` ## Footnote Explanation (Should be "migrate import") "migrate import" Restores backed up configuration for R80 version, in previous versions the command was " upgrade_export ".

Answer 17

The license is attached to the wrong Security Gateway ## Footnote Explanation There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.

Answer 18

Meshed, star, and combination

Answer 19

Sand Blast ## Footnote Explanation Sand Blast Zero-Day Protection Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.

Answer 20

``` cp view ``` ## Footnote Explanation CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views.

Answer 21

Configuration changes should be done in mgmt_cli and use CLISH for monitoring, Expert mode is used only for OS level tasks. ## Footnote Explanation To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session. To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created. When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published.

Answer 22

`https://` ## Footnote Explanation Logging in to the WebUI Logging in To log in to the WebUI: 1. Enter this URL in your browser: https:// 2. Enter your user name and password.

Answer 23

Save backup ## Footnote Explanation The built-in Gaia backup procedures: Snapshot Management System Backup (and System Restore) Save/Show Configuration (and Load Configuration) Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances. Snapshot (Revert) Backup (Restore) upgrade_export (Migrate)

Answer 24

New and Legacy ## Footnote Explanation ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages. Load Sharing Multicast Mode Load Sharing Unicast Mode New High Availability Mode High Availability Legacy Mode

Answer 25

Antivirus ## Footnote Explanation The enhanced Check Point Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from Threat Cloud, the first collaborative network to fight cybercrime, to detect and block malware at the gateway before users are affected.

Answer 26

Suspicious Activity Monitoring ## Footnote Explanation Suspicious Activity Rules Solution Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation

Answer 27

Support for IPv6 ## Footnote Explanation Types of Solutions All of Check Point's Remote Access solutions provide: Enterprise-grade, secure connectivity to corporate resources. Strong user authentication. Granular access control

Answer 28

Three ## Footnote Explanation Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.

Answer 29

Client side ## Footnote Explanation Client Side NAT - destination is NAT`d by the inbound kernel

Answer 30

Clish ## Footnote Explanation The default shell of the CLI is called clish

Answer 31

Access control policy, QoS Policy, Desktop Security Policy and VPN policy. ## Footnote Explanation D is the best answer given the choices. Unified Policy In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades: Firewall and VPN Application Control and URL Filtering Identity Awareness Data Awareness Mobile Access Security Zones

Answer 32

Traffic issues ## Footnote Explanation Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark

Answer 33

Device where Smart Console is installed ## Footnote Explanation Updating IPS Manually You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website. You can only manually update IPS if a proxy is defined in Internet Explorer settings. To obtain updates of all the latest protections from the IPS website: 1. Configure the settings for the proxy server in Internet Explorer. 1. In Microsoft Internet Explorer, open Tools > Internet Options > Connections tab > LAN Settings. The LAN Settings window opens. 2. Select Use a proxy server for your LAN. 3. Configure the IP address and port number for the proxy server. 4. Click OK. The settings for the Internet Explorer proxy server are configured. In the IPS tab, select Download Updates and click Update Now. If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections

Answer 34

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client. ## Footnote Explanation Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.

Answer 35

Two machines ## Footnote Explanation One for Security Management Server and the other one for the Security Gateway.

Answer 36

Read/Write, Read only, None ## Footnote Explanation Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features. You can also specify which access mechanisms (WebUI or the CLI) are available to the user. Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings. Gaia includes these predefined roles: adminRole - Gives the user read/write access to all features. monitorRole- Gives the user read-only access to all features. You cannot delete or change the predefined roles. Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.

Answer 37

AD Query and Browser-based Authentication ## Footnote Explanation Explanation: Identity Awareness gets identities from these acquisition sources: AD Query Browser-Based Authentication Endpoint Identity Agent Terminal Servers Identity Agent

Answer 38

Threat Prevention ## Footnote Explanation The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.

Answer 39

Security Management Server ## Footnote Explanation Smart Update installs two repositories on the Security Management server: License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\. Package Repository, which is stored: - on Windows machines in C:\SUroot. - on UNIX machines in /var/SUroot. The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository.

Answer 40

Information on a user is hidden, yet distributed across several servers

Answer 41

``` show configuration ```

Answer 42

IPS ## Footnote Explanation The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including: Malware attacks Dos and DDoS attacks Application and server vulnerabilities Insider threats Unwanted application traffic, including IM and P2P

Answer 43

BGP, OSPF, RIP ## Footnote Explanation The Advanced Routing Suite CLI is available as part of the For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each.

Answer 44

Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway. ## Footnote Explanation Central License A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are: Only one IP address is needed for all licenses. A license can be taken from one gateway and given to another. The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

Answer 45

Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database. ## Footnote Explanation The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.

Answer 46

Active Directory Query. ## Footnote Explanation AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.

Answer 47

Cleanup; stealth

Answer 48

Smart Console Wizard

Answer 49

Smart Console machine is not part of the domain ## Footnote Explanation To enable Identity Awareness: 1. Log in to Smart Dashboard. 2. From the Network Objects tree, expand the Check Point branch. 3. Double-click the Security Gateway on which to enable Identity Awareness. 4. In the Software Blades section, select Identity Awareness on the Network Security tab. The Identity Awareness Configuration wizard opens. 5. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets. AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers. Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently. Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address). See Choosing Identity Sources. Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80. 6. Click Next. The Integration With Active Directory window opens. When Smart Dashboard is part of the domain, Smart Dashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization's Active Directory.

Answer 50

Security Gateway ## Footnote Explanation There are different deployment scenarios for Check Point software products.

Answer 51

Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption ## Footnote Explanation Secure Internal Communication (SIC) Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers. These security measures make sure of the safety of SIC: Certificates for authentication Standards-based SSL for the creation of the secure channel 3DES for encryption

Answer 52

It authenticates users, allowing them access to the Internet and corporate resources ## Footnote Explanation Captive Portal – a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue.

Answer 53

Static NAT, IP pool NAT, hide NAT ## Footnote Explanation The order of NAT priorities is: 1. Static NAT 2. IP Pool NAT 3. Hide NAT Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.

Answer 54

User container ## Footnote Explanation Distinguished Name Components CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name

Answer 55

``` Add rba user roles ```

Answer 56

If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.

Answer 57

Load Sharing Multicast ## Footnote Explanation ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluste

Answer 58

6 months ## Footnote Explanation Keep Hit Count data up to - Select one of the time range options. The default is 6 months. Data is kept in the Security Management Server database for this period and is shown in the Hits column.

Answer 59

IKE Phase 1

Answer 60

Original packet and translated packet ## Footnote Explanation NAT Rule Base The NAT Rule Base has two sections that specify how the IP addresses are translated: Original Packet Translated Packet

Answer 61

SecurID ## Footnote Explanation SecurID SecurID requires users to both possess a token authenticator and to supply a PIN or password

Answer 62

Smart Console or mgmt_cli on any computer where Smart Console is installed.

Answer 63

assign user rights to their home directory in the Security Management Server ## Footnote Explanation Users Use the WebUI and CLI to manage user accounts. You can: Add users to your Gaia system. Edit the home directory of the user. Edit the default shell for a user. Give a password to a user. Give privileges to users.

Answer 64

Shared policy

Answer 65

Check Point Host has no routing ability even if it has more than one interface installed. ## Footnote Explanation A Check Point host is a host with only one interface, on which Check Point software has been installed, and which is managed by the Security Management server. It is not a routing mechanism and is not capable of IP forwarding.

Answer 66

HTTP Logical Server

Answer 67

Smart Dashboard > Edit Gateway Object > General Properties > Communication

Answer 68

User Directory ## Footnote Explanation Check Point User Directory integrates LDAP, and other external user management technologies, with the Check Point solution. If you have a large user count, we recommend that you use an external user management database such as LDAP for enhanced Security Management Server performance.

Answer 69

Active/standby; active/active ## Footnote Explanation In a High Availability cluster, only one member is active (Active/Standby operation). ClusterXL Load Sharing distributes traffic within a cluster so that the total throughput of multiple members is increased. In Load Sharing configurations, all functioning members in the cluster are active, and handle network traffic (Active/Active operation).

Answer 70

SHA-1 and MD5

Answer 71

The POP3 rule is hidden.

Answer 72

CLI.sh ## Footnote Explanation This chapter gives an introduction to the Gaia command line interface (CLI). The default shell of the CLI is called clish.

Answer 73

Service Contract file ## Footnote Explanation Service Contract File Following the activation of the license, a Service Contract File should be installed. This file contains important information about all subscriptions purchased for a specific device and is installed via Smart Update. A detailed explanation of the Service Contract File can be found in sk33089.

Answer 74

Smart Console

Answer 75

If Joe tries to make changes, he won't, database will be locked.

Answer 76

snapshot ## Footnote Explanation Snapshot Management The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system. Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported. The log partition is not included in the snapshot. Therefore, any locally stored Firewall logs will not be saved.

Answer 77

“Encrypt” action in the Rule Base ## Footnote Explanation Migrating from Traditional Mode to Simplified Mode To migrate from Traditional Mode VPN to Simplified Mode: 1. On the Global Properties > VPN page, select one of these options: * Simplified mode to all new Firewall Policies * Traditional or Simplified per new Firewall Policy 2. Click OK. 3. From the R80 Smart Console Menu, select Manage policies. The Manage Policies window opens. 4. Click New. The New Policy window opens. 5. Give a name to the new policy and select Access Control. In the Security Policy Rule Base, a new column marked VPN shows and the Encrypt option is no longer available in the Action column. You are now working in Simplified Mode.

Answer 78

ISO 37001 ## Footnote Explanation ISO 37001 - Anti-bribery management systems

Answer 79

Threat Emulation

Answer 80

Plug-and-play and Evaluation ## Footnote Explanation Should be Trial or Evaluation, even Plug-and-play (all are synonyms ). Answer B is the best choice.

Answer 81

Smart Log is a client of Smart Console that enables enterprises to centrally track log records and security activity with Google-like search.

Answer 82

There are two default users and one cannot be deleted. ## Footnote Explanation These users are created by default and cannot be deleted: admin — Has full read/write capabilities for all Gaia features, from the WebUI and the CLI. This user has a User ID of 0, and therefore has all of the privileges of a root user. monitor — Has read-only capabilities for all features in the WebUI and the CLI, and can change its own password. You must give a password for this user before the account can be used.

Answer 83

High Availability

Answer 84

If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

Answer 85

1 and 4 ## Footnote Explanation Smart Console For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 Smart Console: 1. On the Star Community window, in the: a. Center Gateways section, select the Security Gateway that functions as the "Hub". b. Satellite Gateways section, select Security Gateways as the "spokes", or satellites. 2. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options: a. To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address. b. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet. 1. Create an appropriate Access Control Policy rule. 2. NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet. The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.

Answer 86

snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.

Answer 87

QoS ## Footnote Explanation Check Point's QoS Solution QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software.

Answer 88

Gaia only ## Footnote Explanation R80 can be installed only on GAIA OS. Supported Check Point Installations All R80 servers are supported on the Gaia Operating System: * Security Management Server * Multi-Domain Security Management Server * Log Server * Multi-Domain Log Server * Smart Event Server

Answer 89

Rule is locked by Admin A and will make it available if session is published.

Answer 90

Security Gateway

Answer 91

Encrypted VPN tunnel ## Footnote Explanation Site to Site VPN The basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time. Reference:

Answer 92

fw monitor

Answer 93

In a mesh community, all members can create a tunnel with any other member.

Answer 94

VPN Tunnel Interface ## Footnote Explanation Route Based VPN VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPN traffic as if it were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic routing protocols.

Answer 95

Software blade; software container ## Footnote Explanation Check Point's licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages as well as the ability to custom build a solution tailored to the needs of the Network Administrator. This is accomplished by the use of the following license components: Software Blades Container

Answer 96

Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.

Answer 97

Starts when an Administrator logs in to the Security Management Server through Smart Console and ends when it is published. ## Footnote Explanation Administrator Collaboration More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators. When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited. To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.

Answer 98

VPN authentication and encrypted traffic are tunneled through port TCP 443.

Answer 99

High alert ## Footnote Explanation In Action, select: none - No alert. log - Sends a log entry to the database. alert - Opens a pop-up window to your desktop. mail - Sends a mail alert to your Inbox. snmptrap - Sends an SNMP alert. useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.

Answer 100

Is transparent, requiring no client or server-side software, or client intervention.

Answer 101

Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

Answer 102

`backup` ## Footnote Explanation System Backup (and System Restore) System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.

Answer 103

Log Implied Rule was not selected on Global Properties. ## Footnote Explanation Implied Rules are configured only on Global Properties.

Answer 104

2, 1, 3, 4, 5

Answer 105

``` $SMARTLOGDIR/data ```

Answer 106

Smart Update

Answer 107

Source Server

Answer 108

``` sysconfig ```

Answer 109

UserUpdate

Answer 110

Quick Mode Complete

Answer 111

``` snapshot ```

Answer 112

Manage and Command Line

Answer 113

`/var/log/CPbackup/backup_fw.tgz`

Answer 114

The second one pre-selects the installation for only the current policy and for the applicable gateways.

Answer 115

A) 1. Define an accept rule in Security Policy. 2. Define Security Gateway to hide all internal networks behind the gateway's external IP. 3. Publish and install policy.

Answer 116

Data Awarenes is not enabled

Answer 117

From an IBM Open Server to an HP Open Server.

Answer 118

Security Gateway container

Answer 119

URL Filtering

Answer 120

Plug-and-play and Evaluation

Answer 121

Open SmartLog and query for the IP address of the Manager's tablet.

Answer 122

USB media created with Check Point ISOMorphic.

Answer 123

SmartEvent

Answer 124

Through CLI and WebUI

Answer 125

Captive Portal

Answer 126

Cluster Control Protocol

Answer 127

AD Query and Browser-based Authentication

Answer 128

Stored on the Certificate Revocation List.

Answer 129

B) 2 and 3

Answer 130

If Joe tries to make changes, he won't, database will be locked.

Answer 131

SmartConsole, Security Management Server, Security Gateways

Answer 132

Clientless remote access

Answer 133

Starts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published.

Answer 134

Another administrator is logged into the Management and currently editing the DNS Rule.

Answer 135

New and Legacy

Answer 136

Log Implied Rule was not selected on Global Properties.

Answer 137

Bridge Mode

Answer 138

High Alert

Answer 139

Security Management Server and Security Gateway.

Answer 140

Plug-and-play and Evaluation

Answer 141

Captive Portal and Transparent Kerberos Authentication

Answer 142

Specific VPN Communities

Answer 143

User Directory

Answer 144

Network and Application Control

Answer 145

SmartConsole machine is not part of the domain.

Answer 146

Check Point Host has no routing ability even if it has more than one interface installed.

Answer 147

A setting that is defined in the Global Properties for all policies.

Answer 148

Display policies and logs on the administrator's workstation.

Answer 149

``` cplic print ```

Answer 150

Identity Awareness

Answer 151

Service Contract File

Answer 152

Open SmartLog and query for the IP address of the Manager's tablet.

Answer 153

True, every administrator works in a session that is independant of the other administrators.

Answer 154

Drop; accept

Answer 155

Explicit Cleanup

Answer 156

During the primary Security Management Server installation process.

Answer 157

Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption.

Answer 158

`cphaprob state`

Answer 159

awareness of the network topology

Answer 160

Meshed, star, and combination

Answer 161

SmartConsole, WebUI, or CLI

Answer 162

No, since "maintain current active cluster member" option on the cluster object properties is enabled by default.

Answer 163

User groups

Answer 164

They cannot be seen

Answer 165

User and objects databases

Answer 166

Explicit default; drop

Answer 167

"Encrypted" action in the Rule Base

Answer 168

AD Query and Browser-based Authentication.

Answer 169

Low Security and No Screening above Network Layer

Answer 170

All the above * Packet Filtering * Statefull Inspection * Application Layer Firewall ## Footnote Managing firewalls and monitoring network traffic is the key role of a network security administrator. Effectively controlling network traffic helps to improve overall network performance and organizational security. The Firewall, or the Security Gateway with a firewall enabled, will deny or permit traffic based on rules defined in the security policy. The following technologies are used to deny or permit network traffic: Packet Filtering Stateful Inspection Application Layer Firewall

Answer 171

Layers 2 and 3

Answer 172

Source and destination address, source and destination port, protocol

Answer 173

Pros: Application Independance, High Performance, Scalability. Cons: Low Security, No Screening above Network Layer (No "state or application context information")

Answer 174

1. Examines the context of a packet. 2. Monitors the state of the connection. 3. Uses Check Point's INSPECT Engine to extract state related information from the packet. ## Footnote Stateful inspection analyzes a packet’s source and destination addresses, source and destination ports, protocol and contents. With Stateful inspection, the state of the connection is monitored and state tables are created to compile the information. State tables hold useful information in regards to monitoring performance through a Security Gateway. As a result filtering includes content that has been established by previous packets passed through the Firewall. For example, Stateful Inspection provides a security measure against port scanning by closing all ports until the specific port is requested. Check Point’s INSPECT Engine, which is installed on a Security Gateway, is used to extract state related information from the packets and store that information in state tables. State tables are key components of the Stateful Inspection technology because they are vital in maintaining state information needed to correctly inspect packets. When new packets arrive, their contents are compared to the state tables to determine whether they are denied or permitted.

Answer 175

Stateful Inspection * Examines the packet header and contents * Only one rule required for each connection Packet Filtering * Examines the packet header * Requires two rules for each connection ## Footnote Stateful Inspection differs from Packet Filtering in that it deeply examines a packet not only in its header, but also the contents of the packet up through the Application layer to determine more about the packet than just information about its source and destination. In addition, Packet filtering requires creating two rules for each user or computer that needs to access resources. For example, if a computer with IP address 10.1.1.201 needs to access 8.8.8.8 on the Internet for DNS, an outgoing request rule is needed for connecting to the server on the Internet and a second rule is required for the incoming reply for the same connection. The creation of Stateful Inspection eliminated the need for two rules. The Firewall remembers each reply for an existing request using the state tables. Therefore only one rule is required for each connection.

Answer 176

Open Systems Interconnect

Answer 177

A. Logs Monitor

Answer 178

B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.

Answer 179

A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.

Answer 180

C. High Priority Path ## Footnote SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows: Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path.

Answer 181

B. Address Range Hide NAT C. Network Hide NAT ## Footnote SmartDashboard organizes the automatic NAT rules in this order: 1. Static NAT rules for Firewall, or node (computer or server) objects 2. Hide NAT rules for Firewall, or node objects 3. Static NAT rules for network or address range objects 4. Hide NAT rules for network or address range objects

Answer 182

VPN gateways authenticate using Digital Certificates and Pre-shared secrets.

Answer 183

D. Making packets appear as if they come from an authorized IP address. ## Footnote IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

Answer 184

A. User Directory

Answer 185

B. AppWiki ## Footnote AppWiki Application Classification Library AppWiki enables application scanning and detection of more than 5,000 distinct applications and over 300,000 Web 2.0 widgets including instant messaging, social networking, video streaming, VoIP, games and more.

Answer 186

B. Shared Policies

Answer 187

C. Standalone ## Footnote Installing Standalone - Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance.

Answer 188

Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources.

Answer 189

C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.

Answer 190

C. Command line interface; WebUI ## Footnote Configuring Gaia for the First Time In This Section: Running the First Time Configuration Wizard in WebUI Running the First Time Configuration Wizard in CLI After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it.

Answer 191

C. 1 and 2

Answer 192

1. SmartConsole 2. Security Management Server 3. Security Gateway

Answer 193

SmartConsole is the management component. It is software installed on a Windows platform that provides a graphical interface for centralized management of the Check Point environment.

Answer 194

The Security Management Server is a dedicated server that runs Check Point software to manage the objects and policies in a Check Point environment. The Security Management Server software is installed on a server running the Check Point Gaia operating system.

Answer 195

A Security Gateway is an entry point or cyber barrier that prevents unauthorized traffic from entering a company's network. It stands between incoming and outgoing traffic and enforces an organization's security policy. Security Gateways are placed at the perimeter of the network topology to protect an organization's environment through enforcement of security policies.

Answer 196

1. Gaia Clish 2. Bash (Expert mode)

Answer 197

Gaia Clish

Answer 198

Gaia Clish

Answer 199

There is no default password for Expert mode. It must be defined using the `set expert-password` command.

Answer 200

Network Objects represent physical components such as Gateways, Management Servers, and users.

Answer 201

Network Objects represent logical components such as applications, IP address ranges, and services.

Answer 202

Super User

Answer 203

1. Security Management 2. Security Gateway 3. Endpoint Security

Answer 204

Service blades, such as IPS, URL Filtering, and Application Control are considered subscription blades. Licenses for subscription blades can expire. The license includes both the software subscription and the associated Support Services Contract. These blades are licensed and renewed for a specified period of time, which is typically 1, 2, or 3 years.

Answer 205

* Existing license expires * License is upgraded * IP address of the Security Management or Security Gateway has changed

Answer 206

Implied Rules

Answer 207

Explicit Rules

Answer 208

At the bottom of the rulebase

Answer 209

Policy layers are sets of rules or a rulebase. They let you divide a policy, such as the Access Control policy, into smaller, more manageable sections that serve a certain purpose. The layers concept also provides more options for policy management, including the ability to set different views and edit permissions per layer for different administrator roles.

Answer 210

* Automatic * Manual

Answer 211

Hide NAT is a solution that only allows outgoing connections. It involves translating many private addresses to one public address. Using Hide NAT, the defined hosts and networks share the same address when their traffic is routed by the gateway. Different source port numbers are used to identify internal IP addresses on the one shared IP address. The source IP address is changed to the shared address and the source port is modified to the identifier port. Hide NAT is most often used to allow internal users access to external resources. Static NAT allows both incoming and outgoing connections. It involves the translation of one private IP address to a unique public IP address to the private address. Static NAT allows a host with a private IP address to be translated to a unique public address. Static NAT allows a host with a private IP address to be translated to a unique public address. This method of translation is often used for Internet Web Servers and Check Point Security Management Servers. Any application that requires both inbound and outbound connectivity, or the ability for external hosts to connect to the servers requires a Static NAT configuration.

Answer 212

* Learn About Application * Create a Granular Policy * Track Employees Online Usage * Keep Policies Updated * Customize Application, Sites, Categories, and Groups

Answer 213

URL filtering works by comparing all web traffic against URL filters, which are typically contained in a database of sites that users are permitted to access or denied from accessing.

Answer 214

Perimeter (Recommended)

Answer 215

A VPN community is a named collection of VPN domains (hosts/networks that use the Security Gateway to send/recieve VPN traffic), each protected by a VPN Gateway. All the attributes of the VPN Tunnels are defined in the VPN Community.

Answer 216

* IKEv1 is the default version which is supported on most new and older systems. * IKEv2 is the newer version supporting IPv6, but currently Check Point Remote Access VPN clients do not support it.

Answer 217

VPN communities can be based on Mesh and Star topologies

Answer 218

SmartConsole

Answer 219

* Device Status * License Status * System Counters * Traffic

Answer 220

* After a fresh installation of Gaia * Before making a major configuration * Before an upgrade or hotfix changes

Answer 221

To preserve the Gaia operating system configuration and Firewall database

Answer 222

Backup and Restore

Answer 223

A *.tgz file

Answer 224

Check Point offers a variety of APIs to automate security tasks, including administrative duties and incident detection and response. Also known as Check Point Management APIs.

Answer 225

Two or more Security Gateways that work together in a redundant configuration - High Availability or Load Sharing.

Answer 226

Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point firewall instances run in parallel on multiple CPU cores.

Answer 227

Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS and the Gaia OS itself.

Answer 228

Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.

Answer 229

Local command line shell in Check Point Gaia operating system.

Answer 230

Web interface for the Check Point Gaia operating system.

Answer 231

Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.

Answer 232

Secure Internal Communication is a Check Point proprietary mechanism with Check Point computers that run Check Point software authenticate each othe over SSL for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.

Answer 233

Virtual Private Network, is a technology that provides a secure, private connection between two points communicating over a network.

Answer 234

2.CPUSE - Check Point Upgrade Service Engine

Answer 235

2.Display policies and logs on the administrator's workstation.

Answer 236

3.True, every administrator works in a session that is independent of the other administrators

Answer 237

4.Standalone and Distributed

Answer 238

3.AdminA and AdminB are editing the same rule at the same time.

Answer 239

3.Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.

Answer 240

2.Three; Security Management, Security Gateway, and Endpoint Security

Answer 241

3.Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Answer 242

2. Standalone

Answer 243

4. Identity Awareness

Answer 244

1.Shared Policies

Answer 245

1.WEBUI & COMMAND LINE

Answer 246

3.Cleanup Rule and Stealth Rule

Answer 247

2.Ordered Layers and Inline Layers

Answer 248

4.SmartConsole, Security Management Server, Security Gateway

Answer 249

2.Threat Emulation

Answer 250

1.ask, block, and notify

Answer 251

3.Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.

Answer 252

2. vpn tu tlist

Answer 253

2.Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Answer 254

4.Standalone deployment

Answer 255

1.Read Only All

Answer 256

Control Data Security

Answer 257

Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Answer 258

Object Editor

Answer 259

Source Port Address Translation (PAT) is disabled by default.

Answer 260

Mobile Access

Answer 261

In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button

Answer 262

file attributes

Answer 263

"Inspect", "Bypass", "Block"

Answer 264

To prevent users from directly connecting to a Security Gateway.

Answer 265

SmartUpdate

Answer 266

False, Central Licenses are handled via Security Management Server

Answer 267

Detailed Log

Answer 268

Cleanup Rule and Stealth Rule

Answer 269

IP Address

Answer 270

To drop any traffic destined for the firewall that is not otherwise explicitly allowed.

Answer 271

Ensure security and privacy of information.

Answer 272

Identity Awareness Blade

Answer 273

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

Answer 274

The Firewall can update the Link Selection entries to start using a different link for the same tunnel

Answer 275

Security Gateways; log server

Answer 276

Global Properties

Answer 277

Command line interface; GAiA Portal

Answer 278

On the Policy layer.

Answer 279

Central and Local.

Answer 280

There are two default users and neither can be deleted.

Answer 281

The zone is based on the network topology and determined according to where the interface leads to.

Answer 282

set cluster member mvc on in Clish

Answer 283

Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.

Answer 284

The installation is done on different computers or appliances.

Answer 285

Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.

Answer 286

From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet.

Answer 287

SmartView Web Application

Answer 288

The Security Gateway is upgraded.

Answer 289

License and Contract repository

Answer 290

Mutually Trusted Certificate Authorities

Answer 291

SmartConsole

Answer 292

Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Answer 293

Lower; Application

Answer 294

vpn tu tlist

Answer 295

After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.

Answer 296

Monitoring

Answer 297

From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet.

Answer 298

License and Contract repository

Answer 299

Manual NAT can offer more flexibility than Automatic NAT.

Answer 300

Stateful Inspection

Answer 301

Security Management Server

Answer 302

Hide; source

Answer 303

Automatic Hide NAT

Answer 304

Security questions

Answer 305

Log Implied Rule was not selected on Global Properties.

Answer 306

Pre-Shared Secret

Answer 307

Monitoring Blade

Answer 308

Standalone and Distributed

Answer 309

AdminA and AdminB are editing the same rule at the same time.

Answer 310

Three; Security Management, Security Gateway, and Endpoint Security

Answer 311

Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Answer 312

Identity Awareness

Answer 313

Shared Policies

Answer 314

WEBUI & COMMAND LINE

Answer 315

Ordered Layers and Inline Layers

Answer 316

Threat Emulation

Answer 317

assign user rights to the directory structure on the Security Management Server.

Answer 318

Hide and Static

Answer 319

Distributed

Answer 320

Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access

Answer 321

Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.

Answer 322

Read Only All

Answer 323

Inline layer can be defined as a rule action.

Answer 324

One-time Password

Answer 325

src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop

Answer 326

Log, Alert, None

Answer 327

Central; local

Answer 328

Access Control, Threat Prevention and HTTPS Inspection

Answer 329

Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, IPS, File and URL Reputation

Answer 330

Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

Answer 331

Content Awareness is not enabled.

Answer 332

The host part of the URL is sent to the Check Point Online Web Service.

Answer 333

A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

Answer 334

Accounting

Answer 335

Pre-shared Secret and PKI Certificates

Answer 336

Automatic licensing

CCSA Flashcards

(401 cards)