CCSA 156-215.81 Flashcards by Aaron Marselle

When enabling tracking on a rule, what is the default option?

A. Accounting Log

B. Extended Log

C. Log

D. Detailed Log

Correct Answer: C

How well did you know this?

Not at all

Perfectly

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.

B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.

C. The CPUSE engine and the Gaia operating system.

D. The Gaia operating system only.

Correct Answer: B

How well did you know this?

Not at all

Perfectly

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

A. Both License (.lic) and Contract (.xml) +les

B. cp.macro

C. Contract file (.xml)

D. license File (.lie)

Correct Answer: B

A $CPDIR/conf/cp.macro file is an electronically signed file used by the Check Point software to translate the features included within the installed license(s) file into code, or primitives.

How well did you know this?

Not at all

Perfectly

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______.

A. User Center

B. User Administration

C. User Directory

D. UserCheck

Correct Answer: C

How well did you know this?

Not at all

Perfectly

Can you use the same layer in multiple policies or rulebases?

A. Yes - a layer can be shared with multiple policies and rules.

B. No - each layer must be unique.

C. No - layers cannot be shared or reused, but an identical one can be created.

D. Yes - but it must be copied and pasted with a different name.

Correct Answer: A

How well did you know this?

Not at all

Perfectly

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?

A. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.

B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

C. Tom’s changes will be lost since he lost connectivity and he will have to start again.

D. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Correct Answer: D

How well did you know this?

Not at all

Perfectly

Security Gateway software blades must be attached to what?

A. Security Gateway

B. Security Gateway container

C. Management server

D. Management container

The answer is Security Gateway container

Licenses in Check Point are composed by a Software Container (which is the product, GW, SMS, ecc ) and a Software Blade (which is the feature). A software blade must always be attached to a software container (product).

How well did you know this?

Not at all

Perfectly

Which tool allows you to monitor the top bandwidth on smart console?

A. Logs & Monitoring

B. Smart Event

C. Gateways & Severs Tab

D. SmartView Monitor

Correct Answer: D

How well did you know this?

Not at all

Perfectly

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?

A. The zone is based on the network topology and determined according to where the interface leads to.

B. Security Zones are not supported by Check Point firewalls.

C. The firewall rule can be configured to include one or more subnets in a zone.

D. The local directly connected subnet defined by the subnet IP and subnet mask.

Correct Answer: A

How well did you know this?

Not at all

Perfectly

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packet Filtering?

A. Stateful Inspection offers unlimited connections because of virtual memory usage.

B. Stateful Inspection offers no benefits over Packet Filtering.

C. Stateful Inspection does not use memory to record the protocol used by the connection.

D. Only one rule is required for each connection.

Correct Answer: D

How well did you know this?

Not at all

Perfectly

Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

A. Full

B. Custom

C. Complete

D. Light

Correct Answer: A

Full:

Default Identity AgentClosed that includes packet tagging and computer authentication.
It applies to all users on the computer on which it is installed.
Administrator permissions are required to use the Full Identity Agent type. For the Full Identity Agent, you can enforce IP spoofing protection. In addition, you can leverage computer authentication if you specify computers in Access Roles.

How well did you know this?

Not at all

Perfectly

Fill in the blanks: Gaia can be configured using _______ the ________.

A. Command line interface; WebUI

B. Gaia Interface; GaiaUI

C. WebUI; Gaia Interface

D. GaiaUI; command line interface

Correct Answer: A

How well did you know this?

Not at all

Perfectly

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?

A. Section titles are not sent to the gateway side.

B. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.

C. A Sectional Title can be used to disable multiple rules by disabling only the sectional title.

D. Sectional Titles do not need to be created in the SmartConsole.

Correct Answer: C

How well did you know this?

Not at all

Perfectly

In which scenario is it a valid option to transfer a license from one hardware device to another?

A. From a 4400 Appliance to a 2200 Appliance

B. From a 4400 Appliance to an HP Open Server

C. From an IBM Open Server to an HP Open Server

D. From an IBM Open Server to a 2200 Appliance

Correct Answer: C

“You cannot transfer a license from one Check Point appliance to another as these licenses are not transferable.”

https://community.checkpoint.com/t5/General-Topics/licensing-for-replaced-cluster-member/td- p/10102#:~:text=You%20cannot%20transfer%20a%20license,these%20licenses%20are%20not%20transferable

How well did you know this?

Not at all

Perfectly

What are the three types of UserCheck messages?

A. action, inform, and ask

B. ask, block, and notify

C. block, action, and warn

D. inform, ask, and block

Correct Answer: D

How well did you know this?

Not at all

Perfectly

A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?

A. In the system SMEM memory pool.

B. In State tables.

C. In the Sessions table.

D. In a CSV file on the firewall hard drive located in $FWDIR/conf/.

Correct Answer: B

How well did you know this?

Not at all

Perfectly

What is the RFC number that act as a best practice guide for NAT?

A. RFC 1939

B. RFC 1950

C. RFC 1918

D. RFC 793

Correct Answer: C

How well did you know this?

Not at all

Perfectly

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?

A. WebCheck

B. UserCheck

C. Harmony Endpoint

D. URL categorization

Correct Answer: B

How well did you know this?

Not at all

Perfectly

One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

A. AdminA, AdminB and AdminC are editing three different rules at the same time.

B. AdminA and AdminB are editing the same rule at the same time.

C. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.

D. AdminB sees a pencil icon next the rule that AdminB is currently editing.

Correct Answer: B

How well did you know this?

Not at all

Perfectly

What is a role of Publishing?

A. The Security Management Server Installs the updated policy and the entire database on Security Gateways.

B. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.

C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.

D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

Correct Answer: B

How well did you know this?

Not at all

Perfectly

Name one limitation of using Security Zones in the network?

A. Security zones will not work in Automatic NAT rules

B. Security zone will not work in Manual NAT rules

C. Security zones will not work in firewall policy layer

D. Security zones cannot be used in network topology

Correct Answer: B

According to the CCSA-R81.10 guide, page 229, “Security zones will not work in Manual NAT rules.”

How well did you know this?

Not at all

Perfectly

When configuring LDAP with User Directory integration, changes applied to a User Directory template are:

A. Not reflected for any users unless the local user template is changed.

B. Not reflected for any users who are using that template.

C. Reflected for ail users who are using that template and if the local user template is changed as well.

D. Reflected immediately for all users who are using that template.

Correct Answer: D

According to the CCSA-R81.10 guide, page 519, “Changes that are applied to a User Directory template are reflected immediately for all users who are using that template.”

How well did you know this?

Not at all

Perfectly

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

A. True, every administrator works on a different database that Is independent of the other administrators

B. False, this feature has to be enabled in the Global Properties.

C. True, every administrator works in a session that is independent of the other administrators

D. False, only one administrator can login with write permission

Correct Answer: C

According to the CCSA-R81.10 guide, page 127, “More than one administrator can connect to the Security Management Server at the same time. Administrators each have their own name and work in a session that is indipendent to other administratiors.
When an administrator logs in to the Security Management Server through Smart Console, a new editing session begins. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on the object and rules that are being edited “

How well did you know this?

Not at all

Perfectly

What are the three deployment options available for a security gateway?

A. Standalone, Distributed, and Bridge Mode

B. Bridge Mode, Remote, and Standalone

C. Remote, Standalone, and Distributed

D. Distributed, Bridge Mode, and Remote

Correct Answer: A

Remote is not an option

How well did you know this?

Not at all

Perfectly

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway? A. Data Loss Prevention B. Antivirus C. Application Control D.NAT

Correct Answer: D Bridging is done at Layer 2, therefore NATing is not possible.

Choose what BEST describes users on Gaia Platform. A. There are two default users and neither can be deleted. B. There are two default users and one cannot be deleted. C. There is one default user that can be deleted. D. There is one default user that cannot be deleted.

Correct Answer: A The "admin" & "monitor" profiles are default and cannot be deleted

Which type of Check Point license ties the package license to the IP address of the Security Management Server? A. Central B. Corporate C. Local D. Formal

Correct Answer: A

An administrator wishes to use Application objects in a rule in their policy, but there are no Application objects listed as options to add when clicking the "+" to add new items to the "Services & Applications" column of a rule. What should be done to fix this? A. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule. B. The "Application Control" blade should be enabled on a gateway. C. "Applications & URL Filtering" should first be enabled on the policy layer where the rule is being created. D. The administrator should first create some applications to add to the rule.

Correct Answer: C Services, Applications, Categories, and Sites. If Application & URL Filtering is not enabled, only Services show. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/The-Columns- of-the-Access-Control-Rule-Base.htm#Services

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance? A. Threat Emulation B. Monitoring C. Logging and Status D. Application Control

Correct Answer: B

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address? A. Formal B. Central C. Corporate D. Local

Correct Answer: D Local licensing is associated with the IP address of the Security Gateway, to which the license will be applied. Each time the IP address of the Security Gateway changes, a new license must be generated and installed. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62685

What is the purpose of Captive Portal? A. It manages user permission in SmartConsole B. It provides remote access to SmartConsole C. It authenticates users, allowing them access to the Internet and corporate resources D. It authenticates users, allowing them access to the Gaia OS

Correct Answer: C According to the CCSA-R81.10 guide, page 529, "Captive Portal (Browser-Based Authentication) is a simple method that authenticates users through a web interface before granting tem access to Internet and other corporate resources"

Which of these is NOT a feature or benefit of Application Control? A. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk. B. Identify and control which applications are in your IT environment and which to add to the IT environment. C. Scans the content of +les being downloaded by users in order to make policy decisions. D. Automatically identify trusted software that has authorization to run

Correct Answer: C

Identity Awareness allows easy configuration for network access and auditing based on what three items? A. Client machine IP address. B. Network location, the identity of a user and the identity of a machine. C. Log server IP address. D. Gateway proxy IP address.

Correct Answer: B Identity Awareness Check Point Software Blade that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Page 16: https://dl3.checkpoint.com/paid/3f/3f771245354ce0c9670fd4abc9626bfd /CP_R80.40_IdentityAwareness_AdminGuide.pdf?HashKey=1680472180_8f0d5e40c0648e7dfd69cb9c826a54f2&xtn=.pdf

How do logs change when the "Accounting" tracking option is enabled on a traffic rule? A. Involved traffic logs will be forwarded to a log server. B. Provides log details view email to the Administrator. C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection. D. Provides additional information to the connected user.

Correct Answer: C Accounting - Select this to update the log at 10 minutes intervals, to show how much data has passed in the connection: Upload bytes, Download bytes, and browse time. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Tracking- Options.htm

Fill in the blank: The position of an Implied rule is manipulated in the _______ window. A.NAT B. Global Properties C. Object Explorer D. Firewall

Correct Answer: B "Note - In addition, users can access the Implied Rules configurations through Global Properties and use the implied policy view below Configuration." https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk115600

You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason? A. Identity Awareness is not enabled. B. Log Trimming is enabled. C. Logging has disk space issues D. Content Awareness is not enabled.

Correct Answer: D

How many layers make up the TCP/IP model? A.2 B.4 C.6 D.7

Correct Answer: B The TCP/IP model breaks the network stack into four layers while the OSI model is broken up into seven layers. https://www.checkpoint.com/cyber-hub/network-security/what-is-the-osi-model-understanding-the-7-layers/

Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages. A. Concurrent policy packages B. Concurrent policies C. Global Policies D. Shared policies

Correct Answer: D "The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages." https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/SmartConsole- Toolbars-Shared-Policies.htm

Access roles allow the firewall administrator to configure network access according to: A. remote access clients. B. a combination of computer or computer groups and networks. C. users and user groups. D. All of the above.

Correct Answer: D https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Access- Roles.htm

In SmartEvent, a correlation unit (CU) is used to do what? A. Collect security gateway logs, Index the logs and then compress the logs. B. Receive firewall and other software blade logs in a region and forward them to the primary log server. C. Analyze log entries and identify events. D. Send SAM block rules to the firewalls during a DOS attack.

Correct Answer: C "SmartEvent is capable of managing millions of logs per day per correlation unit in large networks. A correlation unit is used to analyze log entry and identify events." https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGuide/Topics- LMG/SmartEvent-Correlation-Unit.htm

The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct? A. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities. B. When it comes to performance, proxies were significantly faster than stateful inspection firewalls. C. Proxies offer far more security because of being able to give visibility of the payload (the data). D. When it comes to performance, stateful inspection was significantly faster than proxies.

Correct Answer: D

What are the Threat Prevention software components available on the Check Point Security Gateway? A. IPS, Threat Emulation and Threat Extraction B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction D. IDS, Forensics, Anti-Virus, Sandboxing

Correct Answer: C

Check Point licenses come in two forms. What are those forms? A. Central and Local. B. Access Control and Threat Prevention. C. On-premise and Public Cloud. D. Security Gateway and Security Management.

Correct Answer: A

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true? A. Manual NAT can offer more flexibility than Automatic NAT. B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation. C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading. D. Automatic NAT can offer more flexibility than Manual NAT.

Correct Answer: A "An Auto-NAT rule only uses the source address and port when matching and translating. Manual NAT can match and translate source and destination addresses and ports." https://networkdirection.net/articles/firewalls/firepowermanagementcentre/fmcnatpolicies/

What is the default tracking option of a rule? A. Tracking B. Log C. None D. Alert

Correct Answer: C

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic? A. Anti-Bot protection B. Anti-Malware protection C. Policy-based routing D. Suspicious Activity Monitoring (SAM) rules

Correct Answer: D

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands? A. Execute the command 'enable' in the cli.sh shell B. Execute the 'conf t' command in the cli.sh shell C. Execute the command 'expert' in the cli.sh shell D. Execute the 'exit' command in the cli.sh shell

Correct Answer: C

Where can administrator edit a list of trusted SmartConsole clients? A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server. B. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients. C. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway. D. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

Correct Answer: D

In which deployment is the security management server and Security Gateway installed on the same appliance? A. Standalone B. Remote C. Distributed D. Bridge Mode

Correct Answer: A

When dealing with rule base layers, what two layer types can be utilized? A. Ordered Layers and Inline Layers B. Inbound Layers and Outbound Layers C. R81.10 does not support Layers D. Structured Layers and Overlap Layers

Correct Answer: A

How can the changes made by an administrator before publishing the session be seen by a Super User administrator? A. By impersonating the administrator with the 'Login as...' option. B. They cannot be seen. C. From the SmartView Tracker audit log. D. From Manage and Settings > Sessions, right click on the session and click 'View Changes...'.

Correct Answer: D

What are the three main components of Check Point security management architecture? A. SmartConsole, Security Management, and Security Gateway B. Smart Console, Standalone, and Security Management C. SmartConsole, Security policy, and Logs & Monitoring D. GUI-Client, Security Management, and Security Gateway

Correct Answer: A

What is the main objective when using Application Control? A. To filter out specific content. B. To assist the firewall blade with handling traffic. C. To see what users are doing. D. Ensure security and privacy of information.

Correct Answer: A

What command from the CLI would be used to view current licensing? A. license view B. fw ctl tab -t license -s C. show license -s D. cplic print

Correct Answer: D

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform? A. Publish changes B. Save changes C. Install policy D. Install database

Correct Answer: C

The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean? A. Cannot reach the Security Gateway. B. The gateway and all its Software Blades are working properly. C. At least one Software Blade has a minor issue, but the gateway works. D. Cannot make SIC between the Security Management Server and the Security Gateway

Correct Answer: C

Which of the following is NOT an authentication scheme used for accounts created through SmartConsole? A. RADIUS B. Check Point password C. Security questions D. SecurID

Correct Answer: C

Which of the following is NOT a component of a Distinguished Name? A. Common Name B. Country C. User container D. Organizational Unit

Correct Answer: C

In SmartConsole, on which tab are Permissions and Administrators defined? A. Manage and Settings B. Logs and Monitor C. Security Policies D. Gateways and Servers

Correct Answer: A

Which of the following is used to initially create trust between a Gateway and Security Management Server? A. Certificate B. Internal Certificate Authority C. Token D. One-time Password

Correct Answer: D

How many users can have read/write access in Gaia Operating System at one time? A. One B. Three C. Two D. Infinite

Correct Answer: A

What is the default shell of Gaia CLI? A. clish B. Monitor C. Read-only D. Bash

Correct Answer: A

The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method? A. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically. B. No action is required if the firewall has internet access and a DNS server to resolve domain names. C. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts. D. The cpinfo command must be run on the firewall with the switch -online-license-activation.

Correct Answer: C

In which scenario will an administrator need to manually define Proxy ARP? A. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. B. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. C. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. D. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.

Correct Answer: C

Which Threat Prevention profile uses sanitization technology? A. Cloud/data Center B. perimeter C. Sandbox D. Guest Network

Correct Answer: B

Which two Identity Awareness daemons are used to support identity sharing? A. Policy Activation Point (PAP) and Policy Decision Point (PDP) B. Policy Manipulation Point (PMP) and Policy Activation Point (PAP) C. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP) D. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Correct Answer: D

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices? A. SmartDashboard B. SmartEvent C. SmartView Monitor D. SmartUpdate

Correct Answer: B

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data? A. Cache the data to speed up its own function. B. Share the data to the ThreatCloud for use by other Threat Prevention blades. C. Log the traffic for Administrator viewing. D. Delete the data to ensure an analysis of the data is done each time.

Correct Answer: B

Which policy type is used to enforce bandwidth and traffic control rules? A. Access Control B. Threat Emulation C. Threat Prevention D. QoS

Correct Answer: D

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take? A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required. B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall. C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters. D. The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.

Correct Answer: A A Security GatewayClosed with SAM enabled has Firewall rules to block suspicious connections that are not restricted by the security policyClosed. These rules are applied immediately (policy installation is not required). https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring- Suspicious-Activity-Rules.htm

Fill in the blank: An Endpoint identity agent uses a _____ for user authentication. A. Token B. Username/password or Kerberos Ticket C. Shared secret D. Certificate

Correct Answer: B

Fill in the blanks: The _______ collects logs and sends them to the _______. A. Log server; Security Gateway B. Log server; security management server C. Security management server; Security Gateway D. Security Gateways; log server

Correct Answer: D

Which of the following is NOT an advantage to using multiple LDAP servers? A. You achieve a faster access time by placing LDAP servers containing the database at remote sites B. You achieve compartmentalization by allowing a large number of users to be distributed across several servers C. Information on a user is hidden, yet distributed across several servers. D. You gain High Availability by replicating the same information on several servers

Correct Answer: C

Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer. A. Upper; Application B. First two; Internet C. Lower; Application D. First two; Transport

Correct Answer: C

When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate? A. The gateway is not powered on. B. Incorrect routing to reach the gateway. C. The Admin would need to login to Read-Only mode D. Another Admin has made an edit to that object and has yet to publish the change.

Correct Answer: D

DLP and Geo Policy are examples of what type of Policy? A. Inspection Policies B. Shared Policies C. Unified Policies D. Standard Policies

Correct Answer: B

Fill in the blanks: In _____ NAT, Only the ________ is translated. A. Static; source B. Simple; source C. Hide; destination D. Hide; source

Correct Answer: D

Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years? A. IPS blade B. IPSEC VPN Blade C. Identity Awareness Blade D. Firewall Blade

Correct Answer: A

In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs it is recommended to Install the Log Server on a dedicated computer. Which statement is FALSE? A. The dedicated Log Server must be the same version as the Security Management Server. B. More than one Log Server can be installed. C. A Log Server has a SIC certificate which allows secure communication with the SMS and Security Gateways. D. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

Correct Answer: D

In order to modify Security Policies the administrator can use which of the following tools? (Choose the best answer.) A. SmartConsole and WebUI on the Security Management Server. B. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed. C. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer. D. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.

Correct Answer: B

A SAM rule Is implemented to provide what function or benefit? A. Allow security audits. B. Handle traffic as defined in the policy. C. Monitor sequence activity. D. Block suspicious activity.

Correct Answer: D

Is it possible to have more than one administrator connected to a Security Management Server at once? A. Yes, but only if all connected administrators connect with read-only permissions. B. Yes, but objects edited by one administrator will be locked for editing by others until the session is published. C. No, only one administrator at a time can connect to a Security Management Server D. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.

Correct Answer: B

Which default Gaia user has full read/write access? A. admin B. superuser C. monitor D. altuser

Correct Answer: A

Which is a main component of the Check Point security management architecture? A. Identity Collector B. Endpoint VPN client C. SmartConsole D. Proxy Server

Correct Answer: C

When using Automatic Hide NAT, what is enabled by default? A. Source Port Address Translation (PAT) B. Static NAT C. Static Route D. HTTPS Inspection

Correct Answer: A

Which of the following cannot be configured in an Access Role Object? A. Networks B. Users C. Time D. Machines

Correct Answer: C

What are the two types of NAT supported by the Security Gateway? A. Source and Destination B. Static and Source C. Hide and Static D. Destination and Hide

Correct Answer: C

In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway? A. Logging & Monitoring B. None - the data is available by default C. Monitoring Blade D. SNMP

Correct Answer: C

What is UserCheck? A. Administrator tool used to monitor users on their network. B. Communication tool used to notify an administrator when a new user is created. C. Messaging tool used to verify a user s credentials. D. Communication tool used to inform a user about a website or application they are trying to access.

Correct Answer: D

What is the default shell for the command line interface? A. Clish B. Admin C. Normal D. Expert

Correct Answer: A

When configuring Anti-Spoofing, which tracking options can an Administrator select? A. Log, Alert, None B. Log, Allow Packets, Email C. Drop Packet, Alert, None D. Log, Send SNMP Trap, Email

Correct Answer: A

Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? (Choose the best answer.) A. IPS B. Anti-Virus C. Anti-Malware D. Content Awareness

Correct Answer: B

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1? A. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop C. 192.168.1.1 AND 172.26.1.1 AND drop D. 192.168.1.1 OR 172.26.1.1 AND action:Drop

Correct Answer: B

Which of the following licenses are considered temporary? A. Plug-and-play (Trial) and Evaluation B. Perpetual and Trial C. Evaluation and Subscription D. Subscription and Perpetual

Correct Answer: A

Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server. A. SecurID B. LDAP C. NT domain D. SMTP

Correct Answer: B

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms? A. Different computers or appliances. B. The same computer or appliance. C. Both on virtual machines or both on appliances but not mixed. D. In Azure and AWS cloud environments.

Correct Answer: A

Core Protections are installed as part of what Policy? A. Access Control Policy. B. Desktop Firewall Policy C. Mobile Access Policy. D. Threat Prevention Policy.

Correct Answer: A

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ______ types of Software Containers: ________. A. Two; Security Management and Endpoint Security B. Two; Endpoint Security and Security Gateway C. Three; Security Management, Security Gateway, and Endpoint Security D. Three; Security Gateway, Endpoint Security, and Gateway Management

Correct Answer: C

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule? A. "Inspect", "Bypass" B. "Inspect", "Bypass", "Categorize" C. "Inspect", "Bypass", "Block" D. "Detect", "Bypass"

Correct Answer: A

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________. A. Captive Portal and Transparent Kerberos Authentication B. UserCheck C. User Directory D. Captive Portal

Correct Answer: A

With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis? A. The complete communication is sent for inspection. B. The IP address of the source machine. C. The end user credentials. D. The host portion of the URL.

Correct Answer: D When URL Filtering is set, employee data is kept private when attempting to determine a site category. Only the host part of the URL is sent to the CheckPoint Online Web Service. This data is also encrypted. Check Point Certified Security Administrator (CCSA) R81.10 page 403

Choose what BEST describes the reason why querying logs now are very fast. A. The amount of logs being stored is less than previous versions. B. New Smart-1 appliances double the physical memory install. C. Indexing Engine indexes logs for faster search results. D. SmartConsole now queries results directly from the Security Gateway.

Correct Answer: C

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system? A. Centos Linux B. Gaia embedded C. Gaia D. Red Hat Enterprise Linux version 5

Correct Answer: B

What is the main difference between Static NAT and Hide NAT? A. Static NAT only allows incoming connections to protect your network. B. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections. C. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections. D. Hide NAT only allows incoming connections to protect your network.

Correct Answer: B

Which application is used for the central management and deployment of licenses and packages? A. SmartProvisioning B. SmartLicense C. SmartUpdate D. Deployment Agent

Correct Answer: C

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud? A. Firewall B. Application Control C. Anti-spam and Email Security D. Anti-Virus

Correct Answer: D

Why is a Central License the preferred and recommended method of licensing? A. Central Licensing is actually not supported with Gaia. B. Central Licensing is the only option when deploying Gaia C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed. D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Correct Answer: D

Which of the following technologies extracts detailed information from packets and stores that information in state tables? A. Next-Generation Firewall B. Application Layer Firewall C. INSPECT Engine D. Packet Filtering

Correct Answer: C

What default layers are included when creating a new policy layer? A. Application Control, URL Filtering and Threat Prevention B. Access Control, Threat Prevention and HTTPS Inspection C. Firewall, Application Control and IPSec VPN D. Firewall, Application Control and IPS

Correct Answer: B

When changes are made to a Rule base, it is important to _______________ to enforce changes. A. Publish database B. Activate policy C. Install policy D. Save changes

Correct Answer: C

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do? A. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers. B. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server. C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server. D. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Correct Answer: D

Secure Internal Communication (SIC) is handled by what process? A. CPM B. HTTPS C. FWD D. CPD

Correct Answer: D - Page 111 in the Check Point Security Administrator R81.10 documentation. More specifically: "SIC relies on a process called Check Point Daemon (CPD)"

To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes? A. The Access Control and Threat Prevention Policies. B. The Access Control Policy. C. The Access Control & HTTPS Inspection Policy. D. The Threat Prevention Policy.

Correct Answer: B

Name the utility that is used to block activities that appear to be suspicious. A. Penalty Box B. Drop Rule in the rulebase C. Suspicious Activity Monitoring (SAM) D. Stealth rule

Correct Answer: C

When should you generate new licenses? A. When the existing license expires, the license is upgraded, or the IP address associated with the license changes. B. After a device upgrade. C. Before installing contract files. D. Only when the license is upgraded.

Correct Answer: A

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service? A. The URL and server certificate are sent to the Check Point Online Web Service B. The full URL, including page data, is sent to the Check Point Online Web Service C. The host part of the URL is sent to the Check Point Online Web Service D. The URL and IP address are sent to the Check Point Online Web Service

Correct Answer: C

Which deployment adds a Security Gateway to an existing environment without changing IP routing? A. Remote B. Standalone C. Distributed D. Bridge Mode

Correct Answer: D

Name the pre-de+ned Roles included in Gaia OS. A. AdminRole, and MonitorRole B. ReadWriteRole, and ReadyOnly Role C. AdminRole, cloningAdminRole, and Monitor Role D. AdminRole

Correct Answer: A

Gaia has two default user accounts that cannot be deleted. What are those user accounts? A. Admin and Default B. Expert and Clish C. Control and Monitor D. Admin and Monitor

Correct Answer: D

Name the authentication method that requires token authenticator. A. SecureID B. Radius C. DynamicID D. TACACS

Correct Answer: A

Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware? A. Anti-Bot B. None - both Anti-Virus and Anti-Bot are required for this C. Anti-Virus D. None - both URL Filtering and Anti-Virus are required for this.

Correct Answer: C

Log query results can be exported to what file format? A. Word Document (docx) B. Comma Separated Value (csv) C. Portable Document Format (pdf) D. Text (txt)

Correct Answer: B

There are four policy types available for each policy package. What are those policy types? A. Access Control, Threat Prevention, Mobile Access and HTTPS Inspection B. Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection C. There are only three policy types: Access Control, Threat Prevention and NAT. D. Access Control, Threat Prevention, NAT and HTTPS Inspection

Correct Answer: B

Which tool allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS? A. CPASE - Check Point Automatic Service Engine B. CPAUE - Check Point Automatic Update Engine C. CPDAS - Check Point Deployment Agent Service D. CPUSE - Check Point Upgrade Service Engine

Correct Answer: D

The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways. Which statement best describes this Secure Internal Communication (SIC)? A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA. B. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed. C. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA. D. New firewalls can easily establish the trust by using the expert password de+ned on the SMS and the SMS IP address.

Correct Answer: A

Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events. A. SmartView Web Application B. SmartTracker C. SmartMonitor D. SmartReporter

Correct Answer: A

What kind of NAT enables Source Port Address Translation by default? A. Automatic Static NAT B. Manual Hide NAT C. Automatic Hide NAT D. Manual Static NAT

Correct Answer: C

Application Control/URL filtering database library is known as: A. Application database B. AppWiki C. Application-Forensic Database D. Application Library

Correct Answer: B

What are the types of Software Containers? A. Smart Console, Security Management, and Security Gateway B. Security Management, Security Gateway, and Endpoint Security C. Security Management, Log & Monitoring, and Security Policy D. Security Management, Standalone, and Security Gateway

Correct Answer: B

Stateful Inspection compiles and registers connections where? A. Connection Cache B. State Cache C. State Table D. Network Table

Correct Answer: C

Security Zones do no work with what type of defined rule? A. Application Control rule B. Manual NAT rule C. IPS bypass rule D. Firewall rule

Correct Answer: B

Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code (with unification in R81.10)? A. Enterprise Network Security Appliances B. Rugged Appliances C. Scalable Platforms D. Small Business and Branch Office Appliances

Correct Answer: C

Which of the following is NOT a valid deployment option? A. All-in-one (stand-alone) B. CloudGuard C. Bridge Mode D. Distributed

Correct Answer: B

Which of the following is NOT a method used by Identity Awareness for acquiring identity? A. Remote Access B. Cloud IdP (Identity Provider) C. Active Directory Query D. RADIUS

Correct Answer: B

What Check Point tool is used to automatically update Check Point products for the Gaia OS? A. Check Point Update Engine B. Check Point Upgrade Service Engine (CPUSE) C. Check Point Upgrade Installation Service D. Check Point INSPECT Engine

Correct Answer: B

What are the advantages of a "shared policy"? A. Allows the administrator to share a policy between all the users identified by the Security Gateway. B. Allows the administrator to share a policy so that it is available to use in another Policy Package. C. Allows the administrator to share a policy between all the administrators managing the Security Management Server. D. Allows the administrator to install a policy on one Security Gateway and it gets installed on another managed Security Gateway.

Correct Answer: B

URL Filtering cannot be used to: A. Control Bandwidth issues B. Control Data Security C. Improve organizational security D. Decrease legal liability

Correct Answer: B

Which SmartConsole application shows correlated logs and aggregated data to provide an overview of potential threats and attack patterns? A. SmartEvent B. SmartView Tracker C. SmartLog D. SmartView Monitor

Correct Answer: A

Which of the following is used to extract state related information from packets and store that information in state tables? A. STATE Engine B. TRACK Engine C. RECORD Engine D. INSPECT Engine

Correct Answer: D

Which part of SmartConsole allows administrators to add, edit delete, and clone objects? A. Object Browser B. Object Editor C. Object Navigator D. Object Explorer

Correct Answer: D

For Automatic Hide NAT rules created by the administrator what is a TRUE statement? A. Source Port Address Translation (PAT) is enabled by default. B. Automatic NAT rules are supported for Network objects only. C. Automatic NAT rules are supported for Host objects only. D. Source Port Address Translation (PAT) is disabled by default.

Correct Answer: A

Which of the following is true about Stateful Inspection? B. Stateful Inspection looks at both the headers of packets, as well as deeply examining their content. C. Stateful Inspection requires that a server reply to a request, in order to track a connection's state D. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.

Correct Answer: B

What is the user ID of a user that have all the privileges of a root user? A.UserID1 B.UserID2 C.UserID0 D. User ID 99

Correct Answer: C

What are the two elements of address translation rules? A. Original packet and translated packet B. Manipulated packet and original packet C. Translated packet and untranslated packet D. Untranslated packet and manipulated packet

Correct Answer: A

Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a _______ license is automatically attached to a Security Gateway. A. Formal; corporate B. Local; central C. Local; formal D. Central; local

Correct Answer: D

Fill in the blank: RADIUS protocol uses _________ to communicate with the gateway. A. UDP B. CCP C. TDP D. HTTP

Correct Answer: A

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine? A. Application Control B. Threat Emulation C. Data Awareness D. Identity Awareness

Correct Answer: A

Which one of the following is TRUE? A. One policy can be either inline or ordered, but not both. B. Inline layer can be defined as a rule action. C. Ordered policy is a sub-policy within another policy. D. Pre-R80 Gateways do not support ordered layers.

Correct Answer: B

You have discovered suspicious activity in your network. What is the BEST immediate action to take? A. Contact your ISP to request them to block the traffic. B. Wait until traffic has been identified before making any changes. C. Create a new policy rule to block the traffic. D. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.

Correct Answer: D

Which of the following is NOT an identity source used for Identity Awareness? A. Remote Access B. UserCheck C. RADIUS D. AD Query

Correct Answer: B

Which statement describes what Identity Sharing is in Identity Awareness? A. Users can share identities with other users B. Management servers can acquire and share identities with Security Gateways C. Administrators can share identities with other administrators D. Security Gateways can acquire and share identities with other Security Gateways

Correct Answer: D

What is the order of NAT priorities? A. IP pool NAT, static NAT, hide NAT B. Static NAT, hide NAT, IP pool NAT C. Static NAT, IP pool NAT, hide NAT D. Static NAT, automatic NAT, hide NAT

Correct Answer: C

Which Security Blade needs to be enabled in order to sanitize and remove potentially malicious content from files, before those files enter the network? A. Threat Emulation B. Anti-Malware C. Anti-Virus D. Threat Extraction

Correct Answer: D

What are the three essential components of the Check Point Security Management Architecture? A. WebUI, SmartConsole, Security Gateway B. SmartConsole, Security Management Server, Security Gateway C. SmartConsole, SmartUpdate, Security Gateway D. Security Management Server, Security Gateway, Command Line Interface

Correct Answer: B

A layer can support different combinations of blades. What are the supported blades: A. Firewall, URLF, Content Awareness and Mobile Access B. Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access C. Firewall, NAT, Content Awareness and Mobile Access D. Firewall (Network Access Control), Application & URL Filtering and Content Awareness

Correct Answer: B

What type of NAT is a one-to-one relationship where each host is translated to a unique address? A. Hide B. Source C. Destination D. Static

Correct Answer: D

Which option in tracking allows you to see the amount of data passed in the connection? A. Data B. Accounting C. Logs D. Advanced

Correct Answer: B

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? (Choose the BEST answer.) A. Save and install the Policy. B. Delete older versions of database. C. Revert the session. D. Publish or discard the session.

Correct Answer: D

Which of the following is NOT an alert option? A. User defined alert B. Mail C. SNMP D. High alert

Correct Answer: D

Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers? A. RADIUS and Account Logon B. AD Query C. Endpoint Identity Agent and Browser-Based Authentication D. Terminal Servers Endpoint Identity Agent

Correct Answers: C

Which Check Point software blade provides protection from zero-day and undiscovered threats? A. Threat Emulation B. Firewall C. Application Control D. Threat Extraction

Correct Answer: A

Which options are given on features, when editing a Role on Gaia Platform? A. Read/Write, None B. Read/Write, Read Only, None C. Read/Write, Read Only D. Read Only, None

Correct Answer: B

AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a lock icon on a rule? (Choose the BEST answer.) A. Rule is locked by AdminA and will be made available if the session is published. B. Rule is locked by AdminA because the rule is currently being edited. C. Rule is locked by AdminA and if the session is saved, the rule will be made available. D. Rule is locked by AdminA because the save button has not been pressed.

Correct Answer: B

Fill in the blanks: A Security Policy is created in _____, stored in the _____, and Distributed to the various _______. A. Rule base, Security Management Server, Security Gateways B. The Check Point database, SmartConsole, Security Gateways C. SmartConsole, Security Gateway, Security Management Servers D. SmartConsole, Security Management Server, Security Gateways

Correct Answer: D

What is NOT an advantage of Stateful Inspection? A. Good Security B. Transparency C. No Screening above Network Layer D. High Performance

Correct Answer: C

Fill in the blank: Once a license is activated, a ______ should be installed. A. Security Gateway Contract file B. Service Contract file C. License Management file D. License Contract file

Correct Answer: B Once a license is activated, a Service Contract file should be installed. The Service Contract file contains information about the services th are available for the firewall, such as support, updates, and technical documentation. The Service Contract file is typically downloaded fro the Check Point User Center and imported into the firewall using the SmartUpdate utility.

Where is the “Hit Count” feature enabled or disabled in SmartConsole? A. On the Policy layer. B. On each Security Gateway C. In Global Properties D. On the Policy Package

Correct Answer: C

Fill in the blank: The ______ is used to obtain identification and security information about network users. A. User index B. UserCheck C. User Directory D. User server

Correct Answer: C

When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored? A. SmartConsole installed device B. Check Point user center C. Security Management Server D. Security Gateway

Correct Answer: C

By default, which port does the WebUI listen on? A. 8080 B. 80 C. 4434 D. 443

Correct Answer: D

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway. A. False, Central Licenses are handled via Security Management Server B. True, CLI is the preferred method for Licensing C. False, Central Licenses are installed via Gaia on Security Gateways D. True, Central Licenses can be installed with CPLIC command on a Security Gateway

Correct Answer: D

Fill in the blanks: A Check Point software license consists of a _______ and _______. A. Software blade; software container B. Software package; signature C. Signature; software blade D. Software container; software package

Correct Answer: A

SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following: A. Security Policy Management and Log Analysis. B. Security Policy Management, Log Analysis, System Health Monitoring, Multi-Domain Security Management. C. Security Policy Management, Log Analysis and System Health Monitoring. D. Security Policy Management, Threat Prevention rules, System Health Monitoring and Multi-Domain Security Management.

Correct Answer: B

Which of the following is NOT a tracking log option in R80.x? A. Full Log B. Detailed Log C. Log D. Extended Log

Correct Answer: A

Fill in the blank: To create a policy for traffic to or from a specific geographical location, use the ______. A. HTTPS Inspection B. Data Loss Prevention (DLP) shared policy C. Mobile Access software blade D. Geo Policy shared policy

Correct Answer: D

Where can alerts be viewed? A. Alerts can be seen in SmartView Monitor B. Alerts can be seen in the Threat Prevention policy C. Alerts can be seen in SmartUpdate D. Alert can be seen from the CLI of the gateway

Correct Answer: A

Which of the following is NOT a valid application navigation tab in SmartConsole? A. Manage and Command Line B. Logs and Monitor C. Gateway and Servers D. Security Policies

Correct Answer: A

Fill in the blank: An identity server uses a _________ to trust a Terminal Server Identity Agent. A. One-time password B. Shared secret C. Certificate D. Token

Correct Answer: B

John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators before installing a policy, what should John do? A. File > Save B. Install database. C. Logout of the session. D. Publish the session.

Correct Answer: D

What technologies are used to deny or permit network traffic? A. Stateful Inspection, Firewall Blade, and URL/Application Blade B. Packet Filtering, Stateful Inspection, and Application Layer Firewall C. Firewall Blade, URL/Application Blade, and IPS D. Stateful Inspection, URL/Application Blade, and Threat Prevention

Correct Answer: B

When connected to the Check Point Management Server using the SmartConsole the first administrator to connect has a lock on: A. only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions. B. the entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read- only. C. the entire Management Database and all sessions and other administrators can connect only as Read-only. D. only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.

Correct Answer: A

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol? A. Windows Management Instrumentation (WMI) B. Hypertext Transfer Protocol Secure (HTTPS) C. Lightweight Directory Access Protocol (LDAP) D. Remote Desktop Protocol (RDP)

Correct Answer: A

Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in: A. Since they both are logged in on different interfaces, they will both be able to make changes. B. When Joe logs in, Bob will be logged out automatically. C. The database will be locked by Bob and Joe will not be able to make any changes. D. Bob will receive a prompt that Joe has logged in.

Correct Answer: C

If there is an Accept Implied Policy set to “First", what is the reason Jorge cannot see any logs? A. Log Implied Rule was not set correctly on the track column on the rules base. B. Track log column is set to Log instead of Full Log. C. Track log column is set to none. D. Log Implied Rule was not selected on Global Properties.

Correct Answer: D

Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities? A. IPS B. Anti-Virus C. Anti-Spam D. Anti-bot

Correct Answer: A

What is the purpose of a Stealth Rule? A. A rule that allows administrators to access SmartConsole from any device. B. To drop any traffic destined for the firewall that is not otherwise explicitly allowed. C. A rule at the end of your policy to drop any traffic that is not explicitly allowed. D. A rule used to hide a server's IP address from the outside world.

Correct Answer: B

Which one of the following is the preferred licensing model? (Choose the best answer.) A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server. B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway. C. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway. D. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.

Correct Answer: B

Fill in the blanks: Default port numbers for an LDAP server is____ for standard connections and____ SSL connections. A. 636; 8080 B. 290; 3389 C. 389; 636 D. 443, 389

Correct Answer: C

Identity Awareness allows the Security Administrator to configure network access based on which of the following? A. Identity of the machine, username, and certificate B. Network location, identity of a user, and identity of a machine C. Name of the application, identity of the user, and identity of the machine D. Browser-Based Authentication, identity of a user, and network location

Correct Answer: B

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them? A. Full Access B. Read Only All C. Super User D. Editor

Correct Answer: B

If an administrator wants to restrict access to a network resource, only allowing certain users to access it, and only when they are on a specific network, what is the best way to accomplish this? A. Create an inline layer where the destination is the target network resource. Define sub-rules allowing only specific sources to access the target resource. B. Use a “New Legacy User At Location”, specifying the LDAP user group that the users belong to, at the desired location. C. Create a rule allowing only specific source IP addresses access to the target network resource. D. Create an Access Role object, with specific users or user groups specified, and specific networks defined. Use this access role as the “Source” of an Access Control rule.

Correct Answer: D

Which command shows the installed licenses in Expert mode? A. print cplic B. show licenses C. fwlic print D. cplic print

Correct Answer: D

Which type of attack can a firewall NOT prevent? A. Buffer Overflow B. SYN Flood C. SQL Injection D. Network Bandwidth Saturation

Correct Answer: D

What object type would you use to grant network access to an LDAP user group? A. User Group B. SmartDirectory Group C. Access Role D. Group Template

Correct Answer: C

In the Check Point Security Management Architecture, which component(s) can store logs? A. Security Management Server B. SmartConsole and Security Management Server C. SmartConsole D. Security Management Server and Security Gateway

Correct Answer: A

Choose what BEST describes a Session. A. Sessions ends when policy is pushed to the Security Gateway. B. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out. C. Sessions locks the policy package for editing. D. Starts when an Administrator publishes all the changes made on SmartConsole.

Correct Answer: B

Which Check Point Application Control feature enables application scanning and detection? A. CPApp B. AppWiki C. Application Library D. Application Dictionary

Correct Answer: B AppWiki: Comprehensive application control that uses the industry's largest application library. It scans for and detects more than 4,500 applications and more than 100,000 Web 2.0 widgets. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_NextGenSecurityGateway_Guide/Topics-FWG/Application- Control-Blade.htm

Fill in the blank: In order to install a license, it must first be added to the ______. A. License and Contract repository B. Package repository C. Download Center Web site D. User Center

Correct Answer: A

Which software blade does NOT accompany the Threat Prevention policy? A. IPS B. Application Control and URL Filtering C. Threat Emulation D. Anti-virus

Correct Answer: B

Which of the following is an authentication method used for Identity Awareness? A. RSA B. PKI C. Captive Portal D. SSL

Correct Answer: C

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server? A. Display policies and logs on the administrator’s workstation. B. Processing and sending alerts such as SNMP traps and email notifications. C. Verify and compile Security Policies. D. Store firewall logs to hard drive storage.

Correct Answer: A

Fill in the blank: RADIUS Accounting gets ____ data from requests generated by the accounting client. A. Location B. Payload C. Destination D. Identity

Correct Answer: D

When a gateway requires user information for authentication, what order does it query servers for user information? A. First - Internal user database, then LDAP servers in order of priority, finally the generic external user profile. B. First the Internal user database, then generic external user profile, finally LDAP servers in order of priority. C. First the highest priority LDAP server, then the internal user database, then lower priority LDAP servers, finally the generic external profile. D. The external generic profile, then the internal user database, finally the LDAP servers in order of priority.

Correct Answer: A

Which Threat Tool within SmartConsole provides a list of trusted files for the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed? A. AppWiki B. ThreatWiki C. IPS Protections D. Whitelist Files

Correct Answer: D

What is the Transport layer of the TCP/IP model responsible for? A. It deals with all aspects of the physical components of network connectivity and connects with different network types. B. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer. C. It manages the now of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application. D. It transports packets as datagrams along different routes to reach their destination.

Correct Answer: C

Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and: A. add users to your Gaia system. B. assign privileges to users. C. assign user rights to their home directory in the Security Management Server. D. edit the home directory of the user.

Correct Answer: C

An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company? A. AD Query B. Browser-Based Authentication C. Identity Agents D. Terminal Servers Agent

Correct Answer: B

Which Check Point supported authentication scheme typically requires a user to possess a token? A. RADIUS B. Check Point password C. TACACS D. SecurID

Correct Answer: D

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies? A. Firewall B. Identity Awareness C. Application Control D. URL Filtering

Correct Answer: B

Fill in the blank: Backup and restores can be accomplished through _________. A. SmartUpdate, SmartBackup. or SmartConsole B. WebUI, CLI, or SmartUpdate C. CLI, SmartUpdate, or SmartBackup D. SmartConsole, WebUI, or CLI

Correct Answer: D

Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices? A. Logs Monitor B. Security Policies C. Manage Settings D. Gateway Servers

Correct Answer: A

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic? A. Open SmartEvent to see why they are being blocked. B. Open SmartMonitor and connect remotely to the wireless controller C. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet. D. Open SmartUpdate and review the logs tab.

Correct Answer: C

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain? A. SmartConsole machine is not part of the domain B. Security Gateway is not part of the Domain C. Identity Awareness is not enabled on Global properties D. Security Management Server is not part of the domain

Correct Answer: A

In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category? A. Custom Application / Site B. IP Address C. Network Object D. Limit

Correct Answer: B

What is the purpose of the Stealth Rule? A. To make the gateway visible to the Internet. B. To prevent users from directly connecting to a Security Gateway. C. To reduce the amount of logs for performance issues. D. To reduce the number of rules in the database.

Correct Answer: B

Identity Awareness lets an administrator easily con+gure network access and auditing based on three items. Choose the correct statement. A. Network location, the identity of a user and the active directory membership. B. Network location, the identity of a user and the identity of a machine. C. Network location, the telephone number of a user and the UID of a machine. D. Geographical location, the identity of a user and the identity of a machine.

Correct Answer: B

Which SmartConsole tab is used to monitor network and security performance? A. Security Policies B. Logs Monitor C. Manage Settings D. Gateway Servers

Correct Answer: B

From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server? A. Add a static route B. Verify a Security Policy C. Open a terminal shell D. View Security Management GUI Clients

Correct Answer: B

The SIC Status “Unknown” means: A. There is no connection between the gateway and Security Management Server. B.The Security Management Server can contact the gateway, but cannot establish SIC. C. The secure communication is established. D. There is connection between the gateway and Security Management Server but it is not trusted.

Correct Answer: A

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certi+cate information is __________. A. Sent to the Security Administrator. B. Stored on the Certificate Revocation List. C. Sent to the Internal Certificate Authority. D. Stored on the Security Management Server.

Correct Answer: B

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis? A. Anti-Virus B. Threat Emulation C. Application Control D. Advanced Networking Blade

Correct Answer: D

Which of the following situations would not require a new license to be generated and installed? A. The IP address of the Security Management or Security Gateway has changed. B. The license is upgraded C. The Security Gateway is upgraded D. The existing license expires

Correct Answer: C

CCSA 156-215.81 Flashcards

(222 cards)