CCSE Flashcards by clair t

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

Install policy

How well did you know this?

Not at all

Perfectly

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

cp.macro

How well did you know this?

Not at all

Perfectly

Which two Identity Awareness daemons are used to support identity sharing?

Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

How well did you know this?

Not at all

Perfectly

In which scenario will an administrator need to manually define Proxy ARP?

A. When they configure an “Automatic Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

B. When they configure an “Automatic Hide NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

D. When they configure a “Manual Hide NAT” which translates to an IP address that belongs to one of the firewall’s interfaces.

C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

How well did you know this?

Not at all

Perfectly

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

A. Centos Linux
B. Gaia embedded.
C. Gaia
D. Red Hat Enterprise Linux version 5

B. Gaia embedded.

How well did you know this?

Not at all

Perfectly

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

A. Source Port Address Translation (PAT) is enabled by default.
B. Automatic NAT rules are supported for Network objects only.
C. Automatic NAT rules are supported for Host objects only.
D. Source Port Address Translation (PAT) is disabled by default.

A. Source Port Address Translation (PAT) is enabled by default.

How well did you know this?

Not at all

Perfectly

What technologies are used to deny or permit network traffic?

A. Stateful Inspection, Firewall Blade, and URL/Application Blade
B. Packet Filtering, Stateful Inspection, and Application Layer Firewall
C. Firewall Blade, URL/Application Blade, and IPS
D. Stateful Inspection, URL/Application Blade, and Threat Prevention

B. Packet Filtering, Stateful Inspection, and Application Layer Firewall

How well did you know this?

Not at all

Perfectly

Identity Awareness allows easy configuration for network access and auditing based on what three items?

A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.

B. Network location, the identity of a user and the identity of a machine.

How well did you know this?

Not at all

Perfectly

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

A. Windows Management Instrumentation (WMI)
B. Hypertext Transfer Protocol Secure (HTTPS)
C. Lightweight Directory Access Protocol (LDAP)
D. Remote Desktop Protocol (RDP)

Windows Management Instrumentation (WMI)

How well did you know this?

Not at all

Perfectly

What are the types of Software Containers?

A. Smart Console, Security Management, and Security Gateway
B. Security Management, Security Gateway, and Endpoint Security
C. Security Management, Log & Monitoring, and Security Policy
D. Security Management, Standalone, and Security Gateway

B. Security Management, Security Gateway, and Endpoint Security

How well did you know this?

Not at all

Perfectly

What are the Threat Prevention software components available on the Check Point Security Gateway?

A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing

C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction

How well did you know this?

Not at all

Perfectly

When using Automatic Hide NAT, what is enabled by default?

Source Port Address Translation (PAT)

How well did you know this?

Not at all

Perfectly

In which deployment is the security management server and Security Gateway installed on the same appliance?

Standalone

How well did you know this?

Not at all

Perfectly

What is the main objective when using Application Control?

A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.

A. To filter out specific content.

How well did you know this?

Not at all

Perfectly

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

Admin and Monitor

How well did you know this?

Not at all

Perfectly

When changes are made to a Rule base, It is important to __________ to enforce changes.

Install policy

How well did you know this?

Not at all

Perfectly

Why is a Central License the preferred and recommended method of licensing?

A. Central Licensing actually not supported with Gaia.
B. Central Licensing is the only option when deploying Gala.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

How well did you know this?

Not at all

Perfectly

What does the “unknown” SIC status shown on SmartConsole mean?

A. SIC activation key requires a reset
B. Administrator input the wrong SIC key
C. The management can contact the Security Gateway but cannot establish Secure Internal Communication
D. There is no connection between the Security Gateway and Security Management Server

D. There is no connection between the Security Gateway and Security Management Server

How well did you know this?

Not at all

Perfectly

What are valid authentication methods for mutual authenticating the VPN gateways?

A. PKI Certificates and Kerberos Tickets
B. PKI Certificates and DynamicID OTP
C. Pre-Shared Secrets and Kerberos Ticket
D. Pre-shared Secret and PKI Certificates

D. Pre-shared Secret and PKI Certificates

How well did you know this?

Not at all

Perfectly

What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?

A. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism

B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy

C. 1) In SmartConsole, change the version of the cluster object
2) Upgrade the passive node M2 to R81.10
3) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object

D. 1) Upgrade the passive node M2 to R81.10
2) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.10

How well did you know this?

Not at all

Perfectly

Which Operating Systems are supported for the Endpoint Security VPN?

A. Windows and x86 Solaris
B. Windows and macOS computers
C. Windows and SPARC Solaris
D. Windows and Red Hat Linux

B. Windows and macOS computers

How well did you know this?

Not at all

Perfectly

What are the three SecureXL Templates available in R81.10?

A. PEP Templates, QoS Templates, VPN Templates
B. Accept Templates, Drop Templates, NAT Templates
C. Accept Templates, Drop Templates, Reject Templates
D. Accept Templates, PDP Templates, PEP Templates

B. Accept Templates, Drop Templates, NAT Templates

How well did you know this?

Not at all

Perfectly

Which Queue in the Priority Queue has the maximum priority?

A. High Priority
B. Control
C. Routing
D. Heavy Data Queue

C. Routing

How well did you know this?

Not at all

Perfectly

Which upgrade method you should use upgrading from R80.40 to R81.10 to avoid any downtime?

A. Zero Downtime Upgrade (ZDU)
B. Connectivity Upgrade (CU)
C. Minimal Effort Upgrade (ME)
D. Multi-Version Cluster Upgrade (MVC)

Multi-Version Cluster Upgrade (MVC)

How well did you know this?

Not at all

Perfectly

The Check Point installation history feature in provides the following: A. View install changes and install specific version B. Policy Installation Date only C. Policy Installation Date, view install changes and install specific version D. View install changes

C. Policy Installation Date, view install changes and install specific version

What is the SOLR database for? A. Writes data to the database and full text search B. Enables powerful matching capabilities and writes data to the database C. Serves GUI responsible to transfer request to the DLEserver D. Used for full text search and enables powerful matching capabilities

D. Used for full text search and enables powerful matching capabilities

Which command lists firewall chain?

fw ctl chain

Sand Blast appliances can be deployed in the following modes: A. as a Mail Transfer Agent and as part of the we traffic flow only B. using a SPAN port to receive a copy of the traffic only C. detect only D. inline/prevent or detect

D. inline/prevent or detect

Which SmartEvent component is responsible to collect the logs from different Log Servers?

SmartEvent Correlation Unit

How can you switch the active log file? A. Run fw logswitch on the gateway B. Run fwm logswitch on the Management Server C. Run fwm logswitch on the gateway D. Run fw logswitch on the Management Server

Run fw logswitch on the Management Server

What is the purpose of the command "ps aux | grep fwd"? A. You can check the Process ID and the processing time of the fwd process. B. You can convert the log file into Post Script format. C. You can list all Process IDs for all running services. D. You can check whether the IPS default setting is set to Detect or Prevent mode.

You can check the Process ID and the processing time of the fwd process.

What is the command switch to specify the Gaia API context? A. You have to specify it in the YAML file api.yml which is located underneath the /etc directory of the security management server B. You have to change to the zsh-Shell which defaults to the Gaia API context. C. No need to specify a context, since it defaults to the Gaia API context. D. mgmt_cli --context gaia_api

D. mgmt_cli --context gaia_api

What are the two types of tests when using the Compliance blade? A. Policy-based tests and Global properties B. Global tests and Object-based tests C. Access Control policy analysis and Threat Prevention policy analysis D. Tests conducted based on the IoC XML file and analysis of SOLR documents

Global tests and Object-based tests

Besides fw monitor, what is another command that can be used to capture packets?

tcpdump

When performing a minimal effort upgrade, what will happen to the network traffic? A. All connections that were initiated before the upgrade will be dropped, causing network downtime. B. All connections that were initiated before the upgrade will be handled by the active gateway C. All connections that were initiated before the upgrade will be handled normally D. All connections that were initiated before the upgrade will be handled by the standby gateway

A. All connections that were initiated before the upgrade will be dropped, causing network downtime.

Using fw monitor you see the following inspection point notion E and i what does that mean? A. E shows the packet before the VPN encryption, i after the inbound firewall VM B. E shows the packet reaching the external interface, i leaving the internal interface C. E shows the packet after the VPN encryption, i before the inbound firewall VM D. E shows the packet leaving the external interface, i reaching the internal interface

C. E shows the packet after the VPN encryption, i before the inbound firewall VM

You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies? A. Open SmartView Monitor and select the SmartEvent Window from the main menu. B. In the SmartConsole / Logs & Monitor --> open the Logs View and use type:Correlated as query filter. C. In the SmartConsole / Logs & Monitor -> open a new Tab and select External Apps / SmartEvent. D. Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.

B. In the SmartConsole / Logs & Monitor --> open the Logs View and use type:Correlated as query filter.

What is the biggest benefit of policy layers? A. To break one policy into several virtual policies B. Policy Layers and Sub-Policies enable flexible control over the security policy C. They improve the performance on OS kernel version 3.0 D. To include Threat Prevention as a sub policy for the firewall policy

B. Policy Layers and Sub-Policies enable flexible control over the security policy

Which packet info is masked with Session Rate Acceleration? A. same info from Packet Acceleration is used B. source port ranges C. source port D. source ip

source port

What does Backward Compatibility mean when upgrading the Management Server and how can you check it? A. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Installation and Upgrade Guide B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes C. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide D. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Release Notes

B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes

Bob is going to prepare the import of the exported R81.10 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.10 release. Which of the following Check Point command is true? A. $FWDIR/scripts/migrate_server print_installed_tools -v R77.30 B. $CPDIR/scripts/migrate_server print_installed_tools -v R81.10 C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.10 D. $FWDIR/scripts/migrate_server print_uninstalled_tools -v R81.10

C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.10

What a valid SecureXL paths in R81.10? A. F2F (Slow path), Templated Path, PQX and F2V B. F2F (Slow path), PXL, QXL and F2V C. F2F (Slow path), Accelerated Path, PQX and F2V D. F2F (Slow path), Accelerated Path, Medium Path and F2V

D. F2F (Slow path), Accelerated Path, Medium Path and F2V

Alice was asked by Bob to implement the Check Point Mobile Access VPN blade – therefore are some basic configuration steps required – which statement about the configuration steps is true? A. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal B. 1. Configure Mobile Access parameters in Security Gateway object 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal C. 1. Connect to the Mobile Access Portal 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Configure Mobile Access parameters in Security Gateway object 4. Add a rule in the Access Control Policy and install policy D. 1. Add a rule in the Access Control Policy and install policy 2. Configure Mobile Access parameters in Security Gateway object 3. Enable Mobile Access blade on the Security Gateway object and complete the wizard 4. Connect to the Mobile Access Portal

A. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal

What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI? A. set config-lock on override B. Click the Lock icon in the WebUI C. "set rbac rw = 1" D. lock database override

C. "set rbac rw = 1"

The customer has about 150 remote access user with a Windows laptop. Not more than 50 Clients will be connected at the same time. The customer wants to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him? A. He will need Capsule Connect using MEP (multiple entry points). B. Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed. C. He will need Harmony Endpoint because of the personal firewall. D. Mobile Access license because he needs only a 50 user license, license count is per concurrent user.

C. He will need Harmony Endpoint because of the personal firewall.

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX? A. Application and Client Service B. Network and Layers C. Virtual Adapter and Mobile App D. Network and Application

Network and Application

The admin is connected via ssh to the management server. He wants to run a mgmt_cli command but got an Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue? [Expert@SMS:0]# mgmt_cli show service-tcp name FTP Username: admin - Password: message: "Error 404. The Management API service is not available. Please check that the Management API server is up and running." code: "generic_error" [Expert@SMS:0]# netstat -anp | grep http tcp00 0.0.0.0:800.0.0.0:*LISTEN18114/httpd tcp00127.0.0.1:810.0.0.0:*LISTEN18114/httpd tcp00 0.0.0.0:44340.0.0.0:*LISTEN9019/httpd2 tcp00 0.0.0.0:4430.0.0.0:*LISTEN 18114/httpd A. Wrong Management API Access settings for the client IP. To correct it go to SmartConsole / Management & Settings / Blades / Management API and press 'Advanced Settings...' and choose GUI clients or ALL IP's. B. The API didn't run on the default port check it with 'api status' and add '--port 4434' to the mgmt_cli command. C. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions. D. The API is not running, the services shown by netstat are the Gaia services. To start the API run 'api start'.

C. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions.

From SecureXL perspective, what are the three paths of traffic flow: A. Initial Path; Medium Path; Accelerated Path B. Layer Path; Blade Path; Rule Path C. Firewall Path; Accelerated Path; Medium Path D. Firewall Path; Accept Path; Drop Path

Firewall Path; Accelerated Path; Medium Path

What are the services used for Cluster Synchronization? A. 256/TCP for Full Sync and 8116/UDP for Delta Sync B. 8116/UDP for Full Sync and Delta Sync C. TCP/256 for Full Sync and Delta Sync D. No service needed when using Broadcast Mode

A. 256/TCP for Full Sync and 8116/UDP for Delta Sync

Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login? A. X-chkp-sid Session Unique Identifier B. API-Key C. user-uid D. uuid Universally Unique Identifier

A. X-chkp-sid Session Unique Identifier

Which two Cluster Solutions are available under R81.10? A. ClusterXL and NSRP B. VRRP and HSRP C. VRRP and IP Clustering D. ClusterXL and VRRP

ClusterXL and VRRP

Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true? A. Each network environment is dependent and includes interfaces, routes, sockets, and processes B. Management Plane – To access, provision and monitor the Security Gateway C. Data Plane – To access, provision and monitor the Security Gateway D. Management Plane – for all other network traffic and processing

B. Management Plane – To access, provision and monitor the Security Gateway

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service? A. The URL and server certificate are sent to the Check Point Online Web Service. B. The full URL, including page data, is sent to the Check Point Online Web Service. C. The host part of the URL is sent to the Check Point Online Web Service. D. The URL and IP address are sent to the Check Point Online Web Service.

C. The host part of the URL is sent to the Check Point Online Web Service.

How do logs change when the "Accounting" tracking option is enabled on a traffic rule? A. Involved traffic logs will be forwarded to a log server. B. Provides log details view email to the Administrator. C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection. D. Provides additional information to the connected user.

C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to 'High' Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes? A. The Access Control and Threat Prevention Policies. B. The Access Control Policy. C. The Access Control & HTTPS Inspection Policy. D. The Threat Prevention Policy.

The Access Control Policy.

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server providing Log Export API (LEA) & Event Logging API (ELA) services? A. DASSERVICE B. FWD C. CPVIEWD D. CPD

B. FWD

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources? A. The corresponding feature is new to R81.10 and is called "Management Data Plane Separation" B. The corresponding feature is called "Dynamic Dispatching" C. There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing D. The corresponding feature is called "Dynamic Split"

A. The corresponding feature is new to R81.10 and is called "Management Data Plane Separation"

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side, a process receives them and first stores them into a temporary directory. Which process is true for receiving these files: A. FWD B. CPD C. FWM D. RAD

CPD

What is the amount of Priority Queues by default? A. There are 8 priority queues and this number cannot be changed. B. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements. C. There are 7 priority queues by default and this number cannot be changed. D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

In R81.10 a new feature dynamic log distribution was added. What is this for? A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy B. In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log C. Synchronize the log between the primary and secondary management server in case of a Management High Availability D. To save disk space in case of a firewall cluster local logs are distributed between the cluster members

A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

What could NOT be a reason for synchronization issues in a Management HA environment? A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate B. There is a network connectivity failure between the servers C. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually. D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.

A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate

What is the correct Syntax for adding an access-rule via R80 API? A. add access-rule layer "Network" action "Allow" B. add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "http" C. add access-rule and follow the wizard D. add rule position 1 name "Rule 1" policy-package "Standard" add service "http"

B. add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "http"

Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory are true? A. $FWDIR/conf/client.scv B. $CPDIR/conf/local.scv C. $CPDIR/conf/client.scv D. $FWDIR/conf/local.scv

D. $FWDIR/conf/local.scv

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel? A. Network Access VPN Domain B. Remote Access VPN Switch C. Community Specific VPN Domain D. Mobile Access VPN Domain

Community Specific VPN Domain

Main Mode in IKEv1 uses how many packages for negotiation? A. 4 B. depends on the make of the peer gateway C. 3 D. 6

D. 6

To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? A. fw ctl set int fwha vmac global param enabled B. cphaprob -a if C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1 D. fw ctl get int fwha vmac global param enabled; result of command should return value 1

C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Can multiple administrators connect to a Security Management Server at the same time? A. Yes, all administrators can modify a network object at the same time. B. No, only one can be connected. C. Yes, every administrator has their own username, and works in a session that is independent of other administrators. D. Yes, but only one has the right to write.

C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.

You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why? A. The idle timeout for the web session is specified with the “set web session-timeout" command. B. The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command "set inactivity-timeout 600" instead. C. Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database. D. The number of minutes is correct. Probably, you have forgotten to save this setting with the "save config" command.

A. The idle timeout for the web session is specified with the “set web session-timeout" command.

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager? A. fw acces stats B. fw accel stat C. fwaccel stats D. fwaccel stat

D. fwaccel stat

What command lists all interfaces using Multi-Queue? A. show multiqueue all B. cpmq set C. mq_mng --show D. show interface all

C. mq_mng --show

There are 4 ways to use the Management API for creating host object with the Management API. Which one is NOT correct? A. Using SmartConsole GUI console B. Using CLISH C. Using Web Services D. Using cpconfig

Using cpconfig

Which 3 types of tracking are available for Threat Prevention Policy? A. Syslog, None, User-defined scripts B. Alert, SNMP trap, Mail C. None, Log, Syslog D. SMS Alert, Log, SNMP alert

Alert, SNMP trap, Mail

Bob is asked by Alice to disable the SecureXL mechanism temporary for further diagnostic by their Check Point partner. Which of the following Check Point Command is true? A. fwaccel suspend B. fwaccel standby C. fwaccel off D. fwaccel templates

C. fwaccel off

What are the attributes that SecureXL will check after the connection is allowed by Security Policy? A. Source address, Destination address, Destination port, Protocol B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol C. Source address, Destination address, Source port, Destination port, Protocol D. Source address, Destination address, Source port, Destination port

A. Source address, Destination address, Destination port, Protocol

The VPN Link Selection will perform the following if the primary VPN link goes down? A. The Firewall will drop the packets B. The Firewall will inform the client that the tunnel is down C. The Firewall will send out the packet on all interfaces D. The Firewall can update the Link Selection entries to start using a different link for the same tunnel

D. The Firewall can update the Link Selection entries to start using a different link for the same tunnel

In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following: A. The Firewall can run different policies per core B. The Firewall can run the same policy on all cores C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out D. The Firewall kernel only touches the packet if the connection is accelerated

B. The Firewall can run the same policy on all cores

What is FALSE regarding a Management HA environment? A. Only one Management Server should be active, while any others be in standby mode. B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. C. SmartConsole can connect to any management server in ReadOnly mode. D. Synchronization will occur automatically with each Publish event if the Standby servers are available.

B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.

Which command will allow you to see the interface status? A. cphaprob interface B. cphaprob stat C. cphaprob -a if D. cphaprob -l interface

C. cphaprob -a if

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. A. Asymmetric routing B. Anti-Spoofing C. Failovers D. Symmetric routing

Asymmetric routing

Matt wants to upgrade his old Security Management Server to R80.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade? A. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine B. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine C. Size of the /var/log folder of the target machine must be 25GB or more D. Size of the $FWDIR/log folder of the target machine must be at least 25% of the size of the $FWDIR/log directory on the source machine

A. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

Which of the following is NOT a type of Check Point API available in R80.x? A. Management B. OPSEC SDK C. Identity Awareness Web Services D. Mobile Access

Mobile Access

How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade? A. 4 B. 3 C. 1 D. 2

C. 1

What are the blades of Threat Prevention? A. DLP, AntiVirus, QoS, AntiBot, Threat Emulation, Threat Extraction B. IPS, QoS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction D. IPS, AntiVirus, AntiBot

C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction

How long may verification of one file take for Sandblast Threat Emulation?

up to 3 minutes

How do you enable virtual mac (VMAC) on-the-fly on a cluster member? A. fw ctl set int fwha_vmac_global_param_enabled 1 B. clusterXL set int fwha_vmac_global_param_enabled 1 C. cphaprob set int fwha_vmac_global_param_enabled 1 D. cphaconf set int fwha_vmac_global_param_enabled 1

A. fw ctl set int fwha_vmac_global_param_enabled 1

What component of Management is used for indexing? A. DBSync B. API Server C. fwm D. SOLR

SOLR

Which process is used mainly for backward compatibility of gateways in R80.x? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.

fwm

Which command shows actual allowed connections in state table? A. fw tab -t connection B. fw tab connections C. fw tab -t connections D. fw tab -t StateTable

C. fw tab -t connections

Which one is not a valid Package Option in the Web GUI for CPUSE? A. Clean Install B. Export Package C. Upgrade D. Database Conversion to R81.10 only

D. Database Conversion to R81.10 only

What is the minimum number of CPU cores required to enable CoreXL? A. 1 B. 6 C. 2 D. 4

C. 2

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?

The connection required a Security server

Which command shows only the table names of all kernel tables? A. fw tab -t B. fw tab -k C. fw tab -n D. fw tab -s

D. fw tab -s

If a "ping"-packet is dropped by FW1 Policy – on how many inspection Points do you see this packet in "fw monitor"? A. "i" only B. "i", "l" and "o" C. "i" and "l" D. I don't see it in fw monitor

A. "i" only

Which of the following is NOT an attribute of packet acceleration?

VLAN tag

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

TCP port 256

Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole? A. You can install Hotfixes with the Central Deployment in SmartConsole. B. You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole. C. Only Hotfixes can be installed with the Central Deployment in SmartConsole. D. You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.10.

C. Only Hotfixes can be installed with the Central Deployment in SmartConsole.

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? A. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. B. Configure rules to limit the available network bandwidth for specified users or groups. C. Detects and blocks malware by correlating multiple detection engines before users are affected. D. Use UserCheck to help users understand that certain websites are against the company's security policy.

C. Detects and blocks malware by correlating multiple detection engines before users are affected.

Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R80.X. The Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server. Aaron wants to confirm API services are working properly. What should he do first? A. Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start". B. Aaron should check API Server status with "api status" from Expert mode. If services are stopped, he should start them with "api start". C. Aaron should check API Server status with "fwm api status" from Expert mode. If services are stopped, he should start them with "fwm api start". D. Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start".

B. Aaron should check API Server status with "api status" from Expert mode. If services are stopped, he should start them with "api start".

What is required for a site-to-site VPN tunnel that does not use certificates? A. Pre-Shared Secret B. RSA Token C. Unique Passwords D. SecureID

A. Pre-Shared Secret

The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be? A. name_field:string B. field_name:string C. field name:string D. name field:string

B. field_name:string

What is the correct order of the default "fw monitor" inspection points? A. i, o, l, O B. i, l, o, O C. 1, 2, 3, 4 D. l, i, O, o

B. i, l, o, O

Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day, he wants to use for scripting daily tasks the API services from Check Point for the GAIA API. Firstly, he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true: A. gaia_clish status B. status gaia_api C. api_gaia status D. gaia_api status

D. gaia_api status

What is the recommended way to have a redundant Sync connection between the cluster nodes? A. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces without using a switch. B. Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync interface. C. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to connect both Sync interfaces. D. Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

D. Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

To fully enable Dynamic Dispatcher on a Security Gateway: A. Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. B. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu. C. Run fw ctl multik set_mode 1 in Expert mode and then reboot. D. Run "fw ctl multik dynamic_dispatching on" and then reboot.

D. Run "fw ctl multik dynamic_dispatching on" and then reboot.

Which Remote Access Client does not provide an Office-Mode Address? A. Check Point Mobile B. SecuRemote C. Endpoint Security Suite D. Endpoint Security VPN

B. SecuRemote

What command verifies that the API server is responding? A. api stat B. api_get_status C. api status D. show api_status

C. api status

Which command shows the current Security Gateway Firewall chain? A. show current chain B. show firewall chain C. fw ctl chain D. fw ctl firewall-chain

C. fw ctl chain

By default, the web API uses which content-type in its response? A. Java Script B. XML C. JSON D. Text

C. JSON

What is Dynamic Balancing? A. It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput. B. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load. C. It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate. D. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces.

B. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load.

What command can you use to have cpinfo display all installed hotfixes?

cpinfo -y all

What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)? A. Manually, Scheduled, Enabled B. Manually, Scheduled, Automatic C. Manually, Scheduled, Disabled D. Manually, Automatic, Disabled

B. Manually, Scheduled, Automatic

What is the most Ideal Synchronization Status for Security Management Server High Availability deployment?

Synchronized

Which statements below are CORRECT regarding Threat Prevention profiles in SmartConsole? A. You can assign only one profile per gateway and a profile can be assigned to one or more rules. B. You can assign only one profile per gateway and a profile can be assigned to one rule Only. C. You can assign multiple profiles per gateway and a profile can be assigned to one rule only. D. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

fwssd is a child process of which of the following Check Point daemons? A. fwd B. cpwd C. fwm D. cpd

A. fwd

Which command shows the current connections distributed by CoreXL FW instances? A. fw ctl instances -v B. fw ctl multik stat C. fw ctl affinity -l D. fw ctl iflist

B. fw ctl multik stat

After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file? A. You will find it in the home directory of your user account (e.g. /home/admin/). B. You can locate the file via SmartConsole > Command Line. C. You have to launch the WebUI and go to "Config" -> "Export Config File" and specify the destination directory of your local file system. D. You cannot locate the file in the file system since Clish does not have any access to the bash file system.

A. You will find it in the home directory of your user account (e.g. /home/admin/).

What state is the Management HA in when both members have different policies/databases? A. Never been synchronized B. Synchronized C. Lagging D. Collision

D. Collision

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _______ or _______ action for the file types. A. Detect/Bypass B. Prevent/Bypass C. Inspect/Prevent D. Inspect/Bypass

D. Inspect/Bypass

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use? A. To AND 10.0.4.210 NOT 10.0.4.76 B. Toni? AND 10.0.4.210 NOT 10.0.4.76 C. "Toni" AND 10.0.4.210 NOT 10.0.4.76 D. Ton* AND 10.0.4.210 NOT 10.0.4.75

C. "Toni" AND 10.0.4.210 NOT 10.0.4.76

What happen when IPS profile is set in Detect Only Mode for troubleshooting? A. It will not block malicious traffic B. Automatically uploads debugging logs to Check Point Support Center C. It will generate Geo-Protection traffic D. Bypass licenses requirement for Geo-Protection control

A. It will not block malicious traffic

How would you enable VMAC Mode in ClusterXL? A. Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC B. fw ctl set int vmac_mode 1 C. cphaconf vmac_mode set 1 D. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

D. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

The Log server sends what to the Correlation Unit? A. Event Policy B. Authentication requests C. CPMI dbsync D. Logs

D. Logs

In SmartConsole, where do you manage your Mobile Access Policy? A. Through the Mobile Console B. Smart Dashboard C. Shared Gateways Policy D. From the Dedicated Mobility Tab

B. Smart Dashboard

What is NOT a Cluster Mode? A. Load Sharing Unicast B. Load Sharing Multicast C. Active-Active D. High Availability Multicast

D. High Availability Multicast

What is the command used to activate Multi-Version Cluster mode? A. set cluster member mvc on in Clish B. set cluster mvc on in Expert Mode C. set cluster MVC on in Expert Mode D. set mvc on in Clish

A. set cluster member mvc on in Clish

Which TCP port does the CPM process listen on? A. 18191 B. 19009 C. 8983 D. 18190

B. 19009

Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true? A. cphaprob -a if B. cphaprob state C. cphaprob list D. probcpha -a if

A. cphaprob -a if

CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is: A. SOLR B. MariaDB C. PostgreSQL D. MySQL

C. PostgreSQL

What is the correct description for the Dynamic Balancing / Split feature? A. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark) B. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark) C. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server) D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application ‘File Share’ to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the ‘Service & Application’ column. How to fix it? A. A Quantum Spark Appliance is selected as Installation Target for the policy. B. The Mobile Access Blade is not enabled for the Access Control Layer of the policy. C. The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy. D. The Mobile Access Blade is not enabled under Gateway properties.

C. The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy.

Please choose the path to monitor the compliance status of the Check Point Security Management. A. Logs Monitor -> New Tab -> Open compliance View B. Gateways Servers -> Compliance View C. Security Policies -> New Tab -> Compliance View D. Compliance blade not available under R80.10

A. Logs Monitor -> New Tab -> Open compliance View

In a client to server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network? A. Big I B. Big O C. Little i D. Little o

A. Big I

When defining QoS global properties, which option below is not valid? A. Schedule B. Weight C. Rate D. Authenticated timeout

A. Schedule

Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS): A. set mdps split brain on B. set mdps split plane on C. set mdps mgmt plane on D. set mdps data plane off

C. set mdps mgmt plane on

What is the command to check the status of Check Point processes? A. cpwd_admin list B. cptop C. cphaprob list D. top

A. cpwd_admin list

What API command below creates a new host object with the name "My Host" and IP address of "192.168.0.10"? A. set host name "My Host" ip-address "192.168.0.10" B. new host name "My Host" ip-address "192.168.0.10" C. create host name "My Host" ip-address "192.168.0.10" D. mgmt_cli -m add host name "My Host" ip-address "192.168.0.10"

D. mgmt_cli -m add host name "My Host" ip-address "192.168.0.10"

What command would show the API server status? A. show api status B. api restart C. api status D. cpm status

C. api status

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause? A. cpstat -f all B. cphaprob -d -s report C. cphaprob -f register D. cphaprob list

D. cphaprob list

Which User-mode process is responsible for the FW CLI commands? A. cpm B. fwm C. cpd D. fwd

D. fwd

What are the different command sources that allow you to communicate with the API server? A. API_cli Tool, Gaia CLI, Web Services B. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services C. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services D. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

D. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

What is the difference between SSL VPN and IPSec VPN? A. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser B. SSL VPN and IPSec VPN are the same C. SSL VPN requires installation of a resident VPN client D. IPSec VPN does not require installation of a resident VPN client

A. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

What is the command to see cluster status in cli expert mode? A. fw ctl stat B. clusterXL stat C. clusterXL status D. cphaprob stat

D. cphaprob stat

Which of the following is NOT supported by CPUSE? A. Automatic download of full installation and upgrade packages B. Offline installations C. Automatic download of hotfixes D. Installation of private hotfixes

A. Automatic download of full installation and upgrade packages

Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAIA Management CLI? A. mgmt_cli add host "emailserver1" address 10.50.23.90 B. mgmt_cli add host name "myHost12 ip" address 10.50.23.90 C. mgmt_cli add host name ip-address 10.50.23.90 D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

Which one of the following is true about Threat Extraction? A. Delivers file only if no threats found B. Can take up to 3 minutes to complete C. Works on all MS Office, Executables, and PDF files D. Always delivers a file to user

D. Always delivers a file to user

Which statement is most correct regarding “CoreXL Dynamic Dispatcher”? A. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores. B. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP-addresses, and the IP ‘Protocol’ type. C. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses. D. The CoreXL FW instances assignment mechanism is based on IP Protocol type.

A. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores.

Where can you see and search records of action done by R80 SmartConsole administrators? A. In the Logs & Monitor, logs, select “Audit Log View” B. In Smartlog, all logs C. In SmartView Tracker, open active log D. In SmartAudit Log View

A. In the Logs & Monitor, logs, select “Audit Log View”

You have successfully backed up your Management Server database without the OS information. What command would you use to restore this backup? A. restore_backup B. migrate_server import C. import backup D. cp_merge

B. migrate_server import

Which of the following is NOT a valid type of SecureXL template? A. Drop Template B. NAT Template C. Deny Template D. Accept Template

C. Deny Template

Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product's capabilities? A. Workspace can support any application, whereas Connect has a limited number of application types which it will support. B. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications. C. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement. D. Workspace supports iOS, Android, and WP8, whereas Connect supports iOS and Android only.

B. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications.

What destination versions are supported for a Multi-Version Cluster Upgrade? A. R80.10 and Later B. R77.30 and Later C. R76 and Later D. R70 and Later

A. R80.10 and Later

Which command can you use to verify the number of active concurrent connections? A. fw ctl pstat B. show connections C. show all connections D. fw conn all

A. fw ctl pstat

Automation and Orchestration differ in that: A. Orchestration relates to codifying tasks, whereas automation relates to codifying processes. B. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. C. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes. D. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

D. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

CoreXL is NOT supported when one of the following features is enabled: A. Route-based VPN B. IPS C. IPv6 D. Overlapping NAT

D. Overlapping NAT

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway? A. SandBlast Agent B. SandBlast Threat Extraction C. Check Point Protect D. SandBlast Threat Emulation

B. SandBlast Threat Extraction

In terms of “Order of Rule Enforcement”. When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom. Which Statement is correct? A. If the rule does not match in the Network policy it will continue to other enabled polices. B. If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down. C. If the Action of the matching rule is Accept, the gateway will drop the packet. D. If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.

D. If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.

SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection? A. Source address, Destination address, Source port, Destination port B. Source address, Destination address, Destination port C. Source address, Destination address, Destination port, Protocol D. Source address, Destination address, Source port, Destination port, Protocol

C. Source address, Destination address, Destination port, Protocol

Using Threat Emulation technologies, what is the best way to block .exe and .bat file types? A. create FW rule for particular protocol B. tecli advanced attributes set prohibited_file_types.exe.bat C. Enable .exe bat protection in IPS Policy D. enable DLP and select .exe and .bat file type

B. tecli advanced attributes set prohibited_file_types.exe.bat

In which formats can Threat Emulation forensics reports be viewed in? A. PDF and HTML B. PDF and TXT C. TXT, XML and CSV D. PDF, HTML, and XML

A. PDF and HTML

In ClusterXL Load Sharing Multicast Mode: A. every member of the cluster received all of the packets sent to the cluster IP address. B. only the secondary member receives packets sent to the cluster IP address. C. packets sent to the cluster IP address are distributed equally between all members of the cluster. D. only the primary member received packets sent to the cluster IP address.

A. every member of the cluster received all of the packets sent to the cluster IP address.

Which process handles connections from SmartConsole R80? A. cpmd B. fwd C. cpm D. cpd

cpm

Which of the following is NOT a component of Check Point Capsule? A. Capsule Cloud B. Capsule Docs C. Capsule Enterprise D. Capsule Workspace

C. Capsule Enterprise

Alice & Bob are concurrently logged in via SSH on the same Check Point Security Gateway as user "admin" however Bob was first logged in and acquired the lock. Alice is not aware that Bob is also logged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAIA clish command is true for overriding Bobs configuration database lock: A. lock database override B. unlock override database C. unlock database override D. database unlock override

A. lock database override

What is not a component of Check Point SandBlast? A. Threat Simulator B. Threat Extraction C. Threat Emulation D. Threat Cloud

A. Threat Simulator

You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access? A. "fw cpstop" B. "fw unloadlocal" C. "fw undo" D. "fw unloadpolicy"

B. "fw unloadlocal"

How to can you make sure that the old logs will be available after updating the Management to version R81.10 using the Advanced Upgrade Method? A. Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server B. The logs will be included running $FWDIR/scripts/migrate_server export -v R81.10 C. Use the WebUI to save a snapshot before updating the Management -> Maintenance > Snapshot Management D. Use the migrate_server tool with the option '-l' for the logs and '-x' for the index

D. Use the migrate_server tool with the option '-l' for the logs and '-x' for the index

Bob has finished provisioning a secondary security management server. Now he wants to check if the provisioning is correct. Which of the following Check Point commands can be used to check if the security management server has been installed as a primary or a secondary security management server? A. cpprod_util MgmtIsPrimary B. cpprod_util FwIsSecondary C. cpprod_util MgmtIsSecondary D. cpprod_util FwIsPrimary

D. cpprod_util FwIsPrimary

For Management High Availability, which of the following is NOT a valid synchronization status? A. Lagging B. Collision C. Never been synchronized D. Down

D. Down

In what way are SSL VPN and IPSec VPN different? A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless. B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not. C. IPSec VPN does not support authentication, SSL VPN does support this. D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Which statement is FALSE in respect of the SmartConsole after upgrading the management server to R81.10? A. Yes. You can download the SmartConsole directly from the Download Center. B. As far as you use version R80.40, no upgrade is needed due to compatibility mode. C. Yes, using CPUSE you can make the installer available in the Web Portal of the Management Server. D. Yes, the SmartConsole Upgrade package can be installed using CPUSE.

B. As far as you use version R80.40, no upgrade is needed due to compatibility mode.

Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily tasks the API services from Check Point for the Management API. Firstly, she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true: A. api mgmt status B. api status C. status api D. status mgmt api

B. api status

Aggressive Mode in IKEv1 uses how many packages for negotiation? A. 6 B. 5 C. depends on the make of the peer gateway D. 3

D. 3

What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions? A. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure. B. Security Gateway failover as well as Security Management Server failover is a manual procedure. C. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.

C. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

What is a possible command to delete all of the SSH connections of a gateway? A. fw sam -l dport 22 B. fw ctl conntab -x -dport=22 C. fw tab -t connections -x -e 00000016 D. fwaccel dos config set dport ssh

B. fw ctl conntab -x -dport=22

Where is the license for Check Point Mobile users installed? A. The Security Management Server B. The Primary Gateway C. The Standby Gateway D. The Endpoint Server

B. The Primary Gateway

What is mandatory for ClusterXL to work properly? A. The number of cores must be the same on every participating cluster node. B. If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members. C. The Sync interface must not have an IP address configured. D. The Magic MAC number must be unique per cluster node.

A. The number of cores must be the same on every participating cluster node.

Which of the following authentication methods ARE NOT used for Mobile Access? A. RADIUS server B. SecurID C. Username and password (internal, LDAP) D. TACACS+

D. TACACS+

Alice wants to upgrade the current security management machine from R80.40 to R81.10 and she wants to check the Deployment Agent status over the GAIA CUSH. Which of the following GAIA CUSH command is true? A. show agent status B. show uninstaller status C. show installer packages D. show installer status

D. show installer status

When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system Which of the following statement is false and NOT part of possible automatic reactions: A. Syslog B. SNMP Trap C. Block Source D. Mail

A. Syslog

What are scenarios supported by the Central Deployment in SmartConsole? A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode B. Upgrading a Standalone environment C. Upgrading a Dedicated SmartEvent Server D. Upgrading a Dedicated Log Server to R81.10

A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode

Which view is NOT a valid CPVIEW view? A. IDA B. DLP C. VPN D. PDP

D. PDP

After verifying that API Server is not running, how can you start the API Server? A. Run command "api start" in any mode B. Run command "mgmt api start" in any mode C. Run command "mgmt_cli set api start" in Expert mode D. Run command "set api start" in CLISH mode

A. Run command "api start" in any mode

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

fwm

Which is the lowest version supported in R81.10? A. R77 B. R77.30 C. R65 D. R80.20

B. R77.30

Which one of the following is true about Capsule Connect? A. It does not support all VPN authentication methods B. It offers full enterprise mobility management C. It is supported only on iOS phones and Windows PCs D. It is a full layer 3 VPN client

D. It is a full layer 3 VPN client

You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use? A. Check Point Capsule Cloud B. Sandblast Mobile Protect C. SecuRemote D. SmartEvent Client Info

B. Sandblast Mobile Protect

Which command is used to display status information for various components? A. show system messages B. sysmess all C. show all systems D. show sysenv all

D. show sysenv all

What is the benefit of Manual NAT over Automatic NAT? A. On IPSO and GAIA Gateways, it is handled in a stateful manner. B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT. C. You have the full control about the priority of the NAT rules. D. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.D. show sysenv all

C. You have the full control about the priority of the NAT rules.

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot: A. fw ctl multik set_mode 1 B. fw ctl multik prioq 2 C. fw ctl Dyn_Dispatch on D. fw ctl Dyn_Dispatch enable

B. fw ctl multik prioq 2

Is it possible to establish a VPN before the user login to the Endpoint Client. A. yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway. B. no, the user must login first. C. yes, you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway. D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console.

D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console.

What is required for a certificate-based VPN tunnel between two gateways with separate management systems? A. Mutually Trusted Certificate Authorities B. Shared User Certificates C. Shared Secret Passwords D. Unique Passwords

A. Mutually Trusted Certificate Authorities

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? A. VPN Routing Mode B. Stateless Mode C. Wire Mode D. Stateful Mode

C. Wire Mode

Which statement is NOT TRUE about Delta synchronization? A. Using UDP Multicast or Broadcast on port 8161 B. Quicker than Full sync C. Transfers changes in the Kernel tables between cluster members D. Using UDP Multicast or Broadcast on port 8116

A. Using UDP Multicast or Broadcast on port 8161

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails? A. Check Point Mobile Web Portal B. Check Point Capsule Remote C. Check Point Remote User D. Check Point Capsule Workspace

D. Check Point Capsule Workspace

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement? A. mgmt_cli -m add host name ip-address B. set host name ip-address C. add hostname ip-address D. set hostname ip-address

A. mgmt_cli -m add host name ip-address

While using the Gaia CLI, what is the correct command to publish changes to the management server? A. commit B. mgmt publish C. mgmt cli commit D. json publish

A. commit

John is using Management HA. Which Security Management Server should he use for making changes? A. active SmartConsole B. Primary Log Server C. secondary Smartcenter D. connect virtual IP of Smartcenter HA

B. Primary Log Server

GAiA Software update packages can be imported and installed offline in situation where: A. The desired CPUSE package is ONLY available in the Check Point CLOUD. B. Security Gateway with GAiA does NOT have SFTP access to Internet. C. Security Gateway with GAiA does NOT have access to Internet. D. Security Gateway with GAiA does NOT have SSH access to Internet.

C. Security Gateway with GAiA does NOT have access to Internet.

What order should be used when upgrading a Management High Availability Cluster? A. Standby Management, then Active Management B. Secondary Management, then Primary Management C. Active Management, then Standby Management D. Primary Management, then Secondary Management

D. Primary Management, then Secondary Management

By default, how often does Threat Emulation update the engine on the Security Gateway? A. Once per day B. Once an hour C. Once a week D. Twice per day

A. Once per day

Steve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances. Steve's manager, Diana, asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day? A. fw tab -t connections B. fw tab -t connections -c C. fw tab -t connections -f D. fw tab -t connections -s

C. fw tab -t connections -f

Which of the following processes pulls the application monitoring status from gateways?

cpd

Which directory below contains log files? A. /opt/CPshrd-R80/log B. /opt/CPsuite-R80/fw1/log C. /opt/CPsuite-R80/log D. /opt/CPSmartlog-R80/log

B. /opt/CPsuite-R80/fw1/log

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client side logic to Server-side logic. The cpm process: A. Performs database tasks such as creating, deleting, and modifying objects and indexing logs B. Allows SmartConsole to communicate over TCP Port 19001 C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy. D. Allows SmartConsole to communicate over TCP Port 18190

C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

What is the most recommended way to install patches and hotfixes? A. CPUSE Check Point Update Service Engine B. rpm -Uv C. Software Update Service D. UnixInstallScript

A. CPUSE Check Point Update Service Engine

Which command shows detailed information about VPN tunnels? A. vpn tu B. vpn tu tlist C. cat $FWDIR/conf/vpn.conf D. cpview

B. vpn tu tlist

After upgrading the primary security management server from R80.40 to R81.10 Bob wants to use the central deployment in SmartConsole R81.10 for the first time. How many installations (e.g. Jumbo Hotfix, Hotfixes or Upgrade Packages) can run of such at the same time: A. Up to 5 gateways B. only 1 gateway C. Up to 10 gateways D. Up to 3 gateways

C. Up to 10 gateways

The Check Point Central Deployment Tool (CDT) communicates with the Security Gateway(s) over Check Point SIC via ________. A. TCP Port 18190 B. TCP Port 18191 C. TCP Port 19009 D. TCP Port 18209

D. TCP Port 18209

The back end database for Check Point Management uses: A. MongoDB B. MySQL C. DBMS D. PostgreSQL

D. PostgreSQL

You need to change the number of firewall instances used by CoreXL. How can you achieve this goal? A. cpconfig; reboot not required B. edit fwaffinity.conf; reboot not required C. edit fwaffinity.conf; reboot required D. cpconfig; reboot required

D. cpconfig; reboot required

You need to see which hotfixes are installed on your Check Point server, which command would you use? A. cpinfo -h all B. cpinfo -l hotfix C. cpinfo -o hotfix D. cpinfo -y all

D. cpinfo -y all

Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called: A. cpexport B. cpsizeme C. sysinfo D. cpinfo

D. cpinfo

There are multiple types of licenses for the various VPN components and types. License type related to management and functioning of Remote Access VPNs are - which of the following license requirement statement is NOT true: A. MobileAccessLicense - This license is required on the Security Gateway for the following Remote Access solutions B. EndpointPolicyManagementLicense - The Endpoint Security Suite includes blades other than the Remote Access VPN, hence this license is required to manage the suite C. EndpointContainerLicense - The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base D. IPSecVPNLicense - This license is installed on the VPN Gateway and is a basic requirement for a Remote Access VPN solution

C. EndpointContainerLicense - The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base

You have a Gateway that is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores. How many cores can be used in a Cluster for Firewall-kernel on the new device? A. 4 B. 1 C. 2 D. 3

C. 2

What solution is Multi-queue intended to provide? A. Reduce the performance of network interfaces B. Improve the efficiency of traffic handling by SecureXL SNDs C. Improve the efficiency of CoreXL Kernel Instances D. Reduce the confusion for traffic capturing in FW Monitor

C. Improve the efficiency of CoreXL Kernel Instances

Which command can you use to enable or disable multi-queue per interface? A. Cpmqueue set B. cpmq set C. Cpmq config D. Set cpmq enable

B. cpmq set

The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used? A. In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled. B. In clish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up C. In clish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.

D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.

Connections to the Check Point R80 Web API use what protocol? A. SOAP B. HTTP C. SIC D. HTTPS

D. HTTPS

What is the command to check the status of the SmartEvent Correlation Unit? A. cpstat cpsead B. cp_conf get_stat cpsemd C. fw ctl stat cpsemd D. fw ctl get int cpsead_sta

A. cpstat cpsead

Which of the SecureXL templates are enabled by default on Security Gateway? A. Drop B. Accept C. None D. NAT

B. Accept

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature? A. show interface eth0 mq B. ethtool -i eth0 C. ifconfig -i eth0 verbose D. ip show int eth0

B. ethtool -i eth0

How can you see historical data with cpview? A. cpview -f B. cpview -e C. cpview -t D. cpview -d

C. cpview -t

What is considered Hybrid Emulation Mode? A. Load sharing between OS behavior and CPU Level emulation B. Manual configuration of file types on emulation location C. Load sharing of emulation between an on premise appliance and the cloud D. Load Sharing of Threat Emulation Server and Firewall blade

C. Load sharing of emulation between an on premise appliance and the cloud

The installation of a package via SmartConsole CANNOT be applied on: A. A single Security Gateway B. Multiple Security Gateways and/or Clusters C. A full Security Cluster (All Cluster Members included) D. R81.10 Security Management Server

D. R81.10 Security Management Server

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment? A. 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization B. 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization C. 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server D. 1 interface - an interface leading to the organization and the Internet, and configure for synchronization

A. 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization

What is not a purpose of the deployment of Check Point API? A. Integrate Check Point products with 3rd party solution B. Create products that use and enhance the Check Point solution C. Create a customized GUI Client for manipulating the objects database D. Execute an automated script to perform common tasks

C. Create a customized GUI Client for manipulating the objects database

What should the admin do in case the Primary Management Server is temporary down? A. Use the VIP in SmartConsole you always reach the active Management Server. B. The Secondary will take over automatically. Change the IP in SmartConsole to logon to the private IP of the Secondary Management Server. C. Run the ‘promote_util’ to activate the Secondary Management server. D. Logon with SmartConsole to the Secondary Management Server and choose 'Make Active' under Actions in the HA Management Menu

D. Logon with SmartConsole to the Secondary Management Server and choose 'Make Active' under Actions in the HA Management Menu

An established connection is going to www.google.com. The Application Control Blade is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic? A. Slow Path B. Fast Path C. Medium Path D. Accelerated Path

C. Medium Path

You are investigating issues with two gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization? A. UDP port 8116 B. TCP port 257 C. TCP port 443 D. TCP port 256

D. TCP port 256

Which encryption algorithm is the least secured?

DES

SandBlast offers businesses flexibility in implementation based on their individual business needs. Which of these is an option for deployment of Check Point SandBlast Zero-Day Protection? A. Smart Cloud Service B. Any Cloud Service C. Threat Agent Service D. Public Cloud Service

D. Public Cloud Service

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of: A. Basic, Optimized, Strict B. General, purposed, Strict C. General, Escalation, Severe D. Basic, Optimized, Severe

A. Basic, Optimized, Strict

You plan to automate creating new objects using the Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA’s shell? A. mgmt admin@teabag > id.txt B. login user admin password teabag C. mgmt login D. mgmt_cli login user “admin” password “teabag” > id.txt

C. mgmt login

Which command collects diagnostic data for analyzing a customer setup remotely? A. sysinfo B. migrate export C. cpv D. cpinfo

D. cpinfo

How Capsule Connect and Capsule Workspace differ? A. Capsule Connect provides Business data isolation B. Capsule Workspace can provide access to any application C. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications. D. Capsule Connect does not require an installed application at client

C. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? A. After upgrading the hardware, increase the number of kernel instances using cpconfig B. Hyperthreading must be enabled in the bios to use CoreXL C. Run cprestart from clish D. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.

A. After upgrading the hardware, increase the number of kernel instances using cpconfig

What level of CPU load on a Secure Network Distributor would indicated that another may be necessary? A. Idle <20% B. USR <20% C. Wati <20% D. SYS <20%

A. Idle <20%

With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway? A. Endpoint Total Protection B. Threat Prevention Software Blade Package C. Threat Cloud Intelligence D. Traffic on port 25

B. Threat Prevention Software Blade Package

Native Applications require a thin client under which circumstances? A. If you want to use a legacy 32-Bit Windows OS B. If you want to use a VPN Client that is not officially supported by the underlying operating system C. If you want to have assigned a particular Office Mode IP address D. If you are about to use a client (FTP, RDP, ...) that is installed on the endpoint.

D. If you are about to use a client (FTP, RDP, ...) that is installed on the endpoint.

Which the following type of authentication on Mobile Access can NOT be used as the first authentication method? A. Username and Password B. Dynamic ID C. Certificate D. RADIUS

B. Dynamic ID

Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig" to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary". Which configuration option does she need to look for: A. Certificate's Fingerprint B. Random Pool C. CA Authority D. Certificate Authority

D. Certificate Authority

What are the two ClusterXL Deployment options? A. Distributed and Full High Availability B. Broadcast and Multicast Mode C. Distributed and Standalone D. Unicast and Multicast Mode

A. Distributed and Full High Availability

What traffic does the Anti-bot feature block? A. Command and Control traffic from hosts that have been identified as infected B. Command and Control traffic to servers with reputation for hosting malware C. Network traffic to hosts that have been identified as infected D. Network traffic that is directed to unknown or malicious servers

A. Command and Control traffic from hosts that have been identified as infected

What is the protocol and port used for Health Check and State Synchronization in ClusterXL? A. CCP and 8116 B. CCP and 18190 C. CCP and 257 D. CPC and 8116

A. CCP and 8116

John detected high load on sync interface. Which is most recommended solution? A. For short connections like icmp service - delay sync for 2 seconds B. For FTP connections - do not sync C. Add a second interface to handle sync traffic D. For short connections like http service - do not sync

D. For short connections like http service - do not sync

What is the command to show SecureXL status? A. fwaccel stat B. fwaccel status C. fwaccel stats -m D. fwaccel -s

A. fwaccel stat

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. A. False, because SecureXL does not improve this traffic but CoreXL does B. True, because SecureXL does improve all traffic C. False because encrypted traffic cannot be inspected D. True, because SecureXL does improve this traffic

D. True, because SecureXL does improve this traffic

Fill in the blank: Identity Awareness AD-Query is using the Microsoft____API to learn users from AD. A. Services.msc B. WMI C. XML D. Eventvwr

B. WMI

The essential means by which state synchronization works to provide failover in the event an active member goes down, ________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster. A. cphaconf B. ccp C. cphad D. cphastart

B. ccp

What is the benefit of "fw monitor" over "tcpdump"? A. "fw monitor" is also available for 64-Bit operating systems. B. "fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways. C. "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3. D. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump".

D. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump".

To find records in the logs that shows log records from the Application URL Filtering Software Blade where traffic was dropped, what would be the query syntax? A. blade:"application control" AND action:drop B. blade;"application control" AND action;drop C. blade: application control AND action:drop D. (blade: application control AND action;drop)

A. blade:"application control" AND action:drop

When an encrypted packet is decrypted, where does this happen? A. Inbound chain B. Outbound chain C. Security policy D. Decryption is not supported

A. Inbound chain

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail? A. fwm B. cpd C. cpm D. cpwd

D. cpwd

What is the SandBlast Agent designed to do? A. Ensure the Check Point SandBlast services is running on the end user's system B. Clean up email sent with malicious attachments C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network D. Performs OS-level sandboxing for SandBlast Cloud architecture

C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network

After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue? A. The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup. B. The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine. C. The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing. D. The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

D. The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Which one of the following is true about Threat Extraction? A. Takes minutes to complete (less than 3 minutes) B. Takes less than a second to complete C. Works on MS Office and PDF files only D. Always delivers a file

D. Always delivers a file

In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared 'down', you would set the_______ ? A. life sign polling interval B. life sign timeout C. life_sign_timeout D. life_sign_polling_interval

C. life_sign_timeout

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request? A. /var/opt/CPshrd-R80/conf/local.arp B. /opt/CPshrd-R80/conf/local.arp C. $CPDIR/conf/local.arp D. $FWDIR/conf/local.arp

D. $FWDIR/conf/local.arp

What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days? A. It is not possible B. Use Multi-Domain Management Server C. Choose different setting for log storage and SmartEvent db D. Install Management and SmartEvent on different machines

C. Choose different setting for log storage and SmartEvent db

You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway. A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { }; B. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies /Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column. C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network. D. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };

C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network.

When using the Mail Transfer Agent, where are the debug logs stored? A. $FWDIR/bin/emaild.mta.elg B. /var/log/mail.mta.elg C. $FWDIR/log/mtad.elg D. $CPDIR/log/emaild.elg

C. $FWDIR/log/mtad.elg

With SecureXL enabled, accelerated packets will pass through the following: A. Network Interface Card, OSI Network Layer, and the Acceleration Device B. Network Interface Card, Check Point Firewall Kernel, and the AccelerationDevice C. Network InterfaceCard and the Acceleration Device D. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

C. Network InterfaceCard and the Acceleration Device

Which of the following statements about SecureXL NAT Templates is true? A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled. B. DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled. C. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled. D. ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

Which NAT rules are prioritized first? A. Manual Post-Automatic NAT Rules B. Automatic Hide NAT Rules C. Manual Pre-Automatic NAT Rules D. Automatic Static NAT Rules

C. Manual Pre-Automatic NAT Rules

What is the best method to upgrade a Security Management Server to R80.x when it is not connected to the Internet? A. SmartUpdate offline upgrade B. Advanced upgrade or CPUSE offline upgrade C. Advanced upgrade or CPUSE offline upgrade only D. Advanced Upgrade only

B. Advanced upgrade or CPUSE offline upgrade

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services. Which of the following is NOT a possible use case? A. Create products that use and enhance 3rd party solutions. B. Create new dashboards to manage 3rd party task. C. Create products that use and enhance the Check Point Solution. D. Execute automated scripts to perform common tasks.

B. Create new dashboards to manage 3rd party task.

Which statement is true about ClusterXL? A. Supports Dynamic Routing (Unicast Only) B. Does not support Dynamic Routing C. Supports Dynamic Routing (Unicast and Multicast) D. Supports Dynamic Routing (Multicast Only)

C. Supports Dynamic Routing (Unicast and Multicast)

You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3? A. fw unloadlocal B. fwm unload policy C. fw unloadpolicy D. fwm unload local

A. fw unloadlocal

If SecureXL is disabled which path is used to process traffic? A. Passive path B. Firewall path C. Accelerated path D. Medium path

B. Firewall path

What kind of information would you expect to see when using the "sim affinity -l" command? A. Affinity Distribution B. Overview over SecureXL templated connections C. The involved firewall kernel modules in inbound and outbound packet chain D. The VMACs used in a Security Gateway cluster

A. Affinity Distribution

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. CPM allows the GUI client and management server to communicate via web services using __________. A. TCP Port 18191 B. TCP Port 18190 C. TCP Port 18209 D. TCP port 19009

D. TCP port 19009

What are valid Policy Types in R81.10? A. Access Control, IPS, Threat Emulation, NAT B. Access Control, RemoteAccess VPN, NAT, IPS C. Access Control, IPS, QoS, DLP D. Access Control, Threat Prevention, QoS, Desktop Security

D. Access Control, Threat Prevention, QoS, Desktop Security

What is true about the IPS-Blade? A. IPS Exceptions cannot be attached to "all rules" B. In the IPS Layer, the only three possible actions are Basic, Optimized and Strict C. The GeoPolicy Exceptions and the Threat Prevention Exceptions are the same D. IPS is managed by the Threat Prevention Policy

D. IPS is managed by the Threat Prevention Policy

Return oriented programming (ROP) exploits are detected by which security blade? A. Data Loss Prevention B. Check Point Anti-Virus / Threat Emulation C. Application control D. Intrusion Prevention Software

B. Check Point Anti-Virus / Threat Emulation

Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy: A. ReverseCLIProxy B. ReverseProxyCLI C. ReverseProxy D. ProxyReverseCLI

B. ReverseProxyCLI

In the Firewall chain mode FFF refers to: A. Stateful Packets B. No Match C. Stateless Packets D. All Packets

D. All Packets

You want to verify if your management server is ready to upgrade. What tool could you use in this process? A. migrate import B. migrate export C. upgrade tools verify D. pre_upgrade_verifier

D. pre_upgrade_verifier

# **** With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using: A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender. B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required. C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required. D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

Under which file is the proxy arp configuration stored? A. $FWDIR/conf/local.arp on the management server B. $FWDIR/conf/local.arp on the gateway C. $FWDIR/state/tmp/proxy.arp on the security gateway D. $FWDIR/state/proxy_arp.conf on the management server

B. $FWDIR/conf/local.arp on the gateway

What is "Accelerated Policy Installation"? A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly

C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command? A. fw ctl affinity -l -a -r -v B. fw ctl multik stat C. fw ctl sdstat D. cpinfo

A. fw ctl affinity -l -a -r -v

What are the minimum open server hardware requirements for a Security Management Server/Standalone Security Gateway? A. 2 CPU cores, 4GB of RAM and 15GB of disk space B. 4 CPU cores, 8GB of RAM and 500 GB of disk space C. 8 CPU cores, 16GB of RAM and 500 GB of disk space D. 8 CPU cores, 32GB of RAM and 1 TB of disk space

B. 4 CPU cores, 8GB of RAM and 500 GB of disk space

The “fw monitor” tool can be best used to troubleshoot_____. A. Network traffic issues B. Logging issues C. Authentication issues D. FWD issues

A. Network traffic issues

Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build? A. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent version B. In WebUI Status and Actions page or by running the following command in CLISH: show installer agent version C. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build

C. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build

Which one is not a valid upgrade method to R81.10? A. RPM Upgrade B. Upgrade with Migration C. Advanced Upgrade D. CPUSE Upgrade

A. RPM Upgrade

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution? A. Behavior Risk Engine B. Gateway C. Personal User Storage D. Management Dashboard

C. Personal User Storage

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? A. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command Control Centers B. Anti-Bot is the only countermeasure against unknown malware C. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command Control Center D. Anti-Bot is the only signature-based method of malware protection

C. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command Control Center

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway? A. SND is a feature of fw monitor to capture accelerated packets B. SND is an alternative to IPSec Main Mode, using only 3 packets C. SND is used to distribute packets among Firewall instances D. SND is a feature to accelerate multiple SSL VPN connections

C. SND is used to distribute packets among Firewall instances

Which of the following is true regarding the Proxy ARP feature for Manual NAT? A. Translate Destination on Client Side should be configured B. fw ctl proxy should be configured C. The local.arp file must always be configured D. Automatic proxy ARP configuration can be enabled

D. Automatic proxy ARP configuration can be enabled

What Factors preclude Secure XL Templating? A. Source Port Ranges/Encrypted Connections B. CoreXL C. Simple Groups D. ClusterXL in load sharing Mode

A. Source Port Ranges/Encrypted Connections

What is the main difference between Threat Extraction and Threat Emulation? A. Threat Emulation never delivers a file that takes less than a second to complete B. Threat Emulation never delivers a file and takes more than 3 minutes to complete C. Threat Extraction always delivers a file and takes less than a second to complete D. Threat Extraction never delivers a file and takes more than 3 minutes to complete

C. Threat Extraction always delivers a file and takes less than a second to complete

What command is used to manually failover a cluster during a zero downtime upgrade? A. set cluster member down B. cpstop C. clusterXL_admin down D. set clusterXL down

C. clusterXL_admin down

What is the name of the secure application for Mail/Calendar for mobile devices? A. Capsule Mail B. Capsule VPN C. Capsule Workspace D. Secure Workspace

C. Capsule Workspace

When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud? A. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary. B. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud. C. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data. D. ThreatCloud is a collaboration platform for all the Check Point customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments.

A. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary.

What is the responsibility of SOLR process on the management server? A. Writing all information into the database B. It generates indexes of data written to the database C. Validating all data before it’s written into the database D. Communication between SmartConsole applications and the Security Management Server

B. It generates indexes of data written to the database

Which of the following is a task of the CPD process? A. Responsible for processing most traffic on a security gateway B. Transfers messages between Firewall processes C. Invoke and monitor critical processes and attempts to restart them if they fail D. Log forwarding

B. Transfers messages between Firewall processes

You had setup the VPN Community 'VPN-Stores' with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways. A. action:"Key Install" AND 1.1.1.1 AND Main Mode B. action:"Key Install" AND 1.1.1.1 AND Quick Mode C. Blade:"VPN" AND VPN-Stores AND Main Mode D. Blade:"VPN" AND VPN-Stores AND Quick Mode

C. Blade:"VPN" AND VPN-Stores AND Main Mode

What are the two modes for SNX (SSL Network Extender)? A. Network Mode and Application Mode B. Visitor Mode and Office Mode C. Network Mode and Hub Mode D. Office Mode and Hub Mode

A. Network Mode and Application Mode

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway? A. logd B. fwd C. fwm D. cpd

fwd

What is the mechanism behind Threat Extraction? A. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast. B. This is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender. C. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient. D. This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring).

A. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Which of these statements describes the Check Point ThreatCloud? A. Blocks or limits usage of web applications B. Prevents or controls access to web sites based on category C. Prevents Cloud vulnerability exploits D. A worldwide collaborative security network

D. A worldwide collaborative security network

What are possible Automatic Reactions in SmartEvent? A. Mail, SNMP Trap, Block Source, Block Event Activity, External Script B. Web Mail, Block Destination, SNMP Trap, SmartTask C. Web Mail, Block Service, SNMP Trap, SmartTask, Geo Protection D. Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script

A. Mail, SNMP Trap, Block Source, Block Event Activity, External Script

Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)? A. Check Point Security Management HA (Secondary): set cluster member mvc on B. Check Point Security Gateway Only: set cluster member mvc on C. Check Point Security Management HA (Primary): set cluster member mvc on D. Check Point Security Gateway Cluster Member: set cluster member mvc on

D. Check Point Security Gateway Cluster Member: set cluster member mvc on

Hit Count is a feature to track the number of connections that each rule matches, which one is NOT a benefit of Hit Count. A. Better understand the behavior of the Access Control Policy B. Improve Firewall performance - You can move a rule that has a high hit count to a higher position in the Rule Base C. Automatically rearrange Access Control Policy based on Hit Count Analysis. D. Analyze a Rule Base - You can delete rules that have no matching connections

C. Automatically rearrange Access Control Policy based on Hit Count Analysis.

Which Correction mechanisms are available with ClusterXL under R81.10? A. Correction Mechanisms are only available of Maestro Hyperscale Orchestrators B. Pre-Correction and SDF (Sticky Decision Function) C. SDF (Sticky Decision Function) and Flush and ACK D. Dispatcher (Early Correction) and Firewall (Late Correction)

D. Dispatcher (Early Correction) and Firewall (Late Correction)

What are the methods of SandBlast Threat Emulation deployment? A. Cloud, Appliance and Private B. Cloud, Appliance and Hybrid C. Cloud, Smart-1 and Hybrid D. Cloud, OpenServer and Vmware

B. Cloud, Appliance and Hybrid

By default, what information is NOT collected from a Security Gateway in a CPINFO? A. OS and Network Statistics B. System message logs C. Configuration and database files D. Firewall logs

D. Firewall logs

To add a file to the Threat Prevention Whitelist, what two items are needed? A. File name and Gateway B. IP address of Management Server and Gateway C. Object Name and MDS signature D. MD5 signature and Gateway

C. Object Name and MDS signature

Which of the following describes how Threat Extraction functions? A. Detect threats and provides a detailed report of discovered threats. B. Proactively detects threats. C. Delivers file with original content. D. Delivers PDF versions of original files with active content removed.

D. Delivers PDF versions of original files with active content removed.

Which method below is NOT one of the ways to communicate using the Management API’s? A. Sending API commands over an http connection using web-services B. Typing API commands from a dialog box inside the SmartConsole GUI application C. Typing API commands using Gaia’s secure shell (clish) D. Typing API commands using the “mgmt_cli” command

A. Sending API commands over an http connection using web-services

What is false regarding prerequisites for the Central Deployment usage? A. The administrator must have write permission on SmartUpdate B. Security Gateway must have the latest CPUSE Deployment Agent C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically. D. The Security Gateway must have a policy installed

C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller? A. ad_connectivity_test -d B. test_ldap_connectivity -d C. test_connectivity_ad -d D. test_ad_connectivity -d

D. test_ad_connectivity -d

Which command will reset the kernel debug options to default settings? A. fw ctl dbg -a 0 B. fw ctl dbg resetall C. fw ctl debug set 0 D. fw ctl debug 0

D. fw ctl debug 0

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state? A. cphaprob –d STOP unregister B. cphaprob STOP unregister C. cphaprob unregister STOP D. cphaprob –d unregister STOP

A. cphaprob –d STOP unregister

How can you grant GAiA API Permissions for a newly created user? A. Assign the user a permission profile in SmartConsole B. Assign the user the admin RBAC role in clish C. No need to grant access since every user has access by default. D. In bash, use the following command: “gaia_api access --user Tom --enable true”

D. In bash, use the following command: “gaia_api access --user Tom --enable true”

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel? A. Yes, but they need to have a mutually trusted certificate authority B. Yes, but they have to have a pre-shared secret key C. No, they cannot share certificate authorities D. No, Certificate based VPNs are only possible between Check Point devices

A. Yes, but they need to have a mutually trusted certificate authority

Which of the following statements about Site-to-Site VPN Domain-based is NOT true? A. Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways. B. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI. C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway. D. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

What is the best sync method in the ClusterXL deployment? A. Use 3 clusters + 1st sync + 2nd sync + 3rd sync B. Use 2 clusters + 1st sync + 2nd sync C. Use 1 cluster + 1st sync D. Use 1 dedicated sync interface

D. Use 1 dedicated sync interface

Alice & Bob are concurrently logged in via SSH on the same Check Point Security Gateway as user "admin" however Bob was first logged in and acquired the lock. Alice tells Bob that she also needs to perform some important configuration changes. Therefore, Bob is releasing his read/write lock from the GAIA configuration database - which of the following GAIA clish command is true: A. unlock clish database B. lock database override C. unlock database D. override lock database

C. unlock database

SandBlast agent extends Zero-day prevention to what part of the network? A. Email servers B. Web Browsers and user devices C. DMZ server D. Cloud

B. Web Browsers and user devices

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN? A. Full layer3 VPN -IPSec VPN that gives users network access to all mobile applications B. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager C. Full Layer4 VPN -SSL VPN that gives users network access to all mobile applications D. You can make sure that documents are sent to the intended recipients only

A. Full layer3 VPN -IPSec VPN that gives users network access to all mobile applications

After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again. He detected that the expert password is no longer valid. What is the most probable reason for this behavior? A. changes are only possible via SmartConsole B. "save config" was not issued in expert mode C. "write memory" was not issued on clish D. "save config" was not issued on clish

D. "save config" was not issued on clish

Which Mobile Access Solution is clientless? A. SecuRemote B. Checkpoint Mobile C. Mobile Access Portal D. Endpoint Security Suite

C. Mobile Access Portal

Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection? A. Source Port B. TCP Acknowledgment Number C. Source Address D. Destination Address

B. TCP Acknowledgment Number

Which command would disable a Cluster Member permanently? A. cphaprob_admin down B. clusterXL_admin down -p C. set clusterXL down -p D. clusterXL_admin_down

B. clusterXL_admin down -p

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to ______ via ______. A. cpd, fwm B. cpm, cpd C. fwm, cpd D. cpwd, fwssd

C. fwm, cpd

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed: A. Rename the hostname of the Standby member to match exactly the hostname of the Active member. B. Manually synchronize the Active and Standby Security Management Servers. C. Change the Active Security Management Server to Standby. D. Change the Standby Security Management Server to Active.

A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.

Which command lists all tables in Gaia? A. fw tab -I B. fw tab -list C. fw tab -t D. fw tab -s

D. fw tab -s

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component? A. Threat Emulation B. Threat Cloud C. Mail Transfer Agent D. Mobile Access

D. Mobile Access

After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it? A. Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button. B. Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action ‘Revert to this revision...’ Restore the management snapshot. C. In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action ‘Revert to this revision...’. D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button.

D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button.

What CLI command will reset the IPS pattern matcher statistics? A. ips reset pmstat B. ips pmstats reset C. ips pstats reset D. ips pmstats refresh

B. ips pmstats reset

What is the difference between Updatable Objects and Dynamic Objects? A. Dynamic Objects are maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect. B. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. For Dynamic Objects there is no need to install policy for the changes to take effect. C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect. D. Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there is no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

Which of the following Central Deployment is NOT a limitation in R81.10 SmartConsole? A. Security Gateway Clusters in Load Sharing mode B. Dedicated Log Server C. Dedicated SmartEvent Server D. Security Gateways/Clusters in ClusterXL HA new mode

D. Security Gateways/Clusters in ClusterXL HA new mode

By default, the web API uses which content-type in its response? A. Java Script B. XML C. JSON D. Text

C. JSON

Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade? A. The Active Member B. The Primary Member C. The Standby Member D. The Secondary Membe

C. The Standby Member

Where you can see and search records of action done by R80 SmartConsole administrators? A. In the Logs & Monitor, logs, select “Audit Log View” B. In Smartlog, all logs C. In SmartView Tracker, open active log D. In SmartAudit Log View

A. In the Logs & Monitor, logs, select “Audit Log View”

Which command is used to set the CCP protocol to Multicast? A. cphaconf set_ccp no broadcast B. cphaprob set_ccp multicast C. cphaconf set_ccp multicast D. cphaprob set_ccp no_broadcast

C. cphaconf set_ccp multicast

When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application? A. Basic Approach B. Very Advanced Approach C. Medium Approach D. Strong Approach

B. Very Advanced Approach

In SmartConsole the IPS Blade is managed by: A. Layers on Firewall policy B. Threat Prevention policy C. Threat Protection policy D. Anti-Bot Blade

B. Threat Prevention policy

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites? A. By matching logs against ThreatCloud information about the reputation of the website. B. By dropping traffic that is not proven to be from clean websites in the URL Filtering blade C. By allowing traffic from websites that are known to run Antivirus Software on servers regularly D. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

D. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

Which Check Point software blades could be enforced under a Threat Prevention profile using a Check Point SmartConsole application? A. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation B. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction D. Firewall, PS, Threat Emulation, Application Control

C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction

Fill in the blank: RADIUS protocol uses ________ to communicate with the gateway. A. TDP B. CCP C. HTTP D. UDP

D. UDP

What object type would you use to grant network access to an LDAP user group? A. Access Role B. Group Template C. SmartDirectory Group D. User Group

A. Access Role

A user complains that some Internet resources are not available. The Administrator is having issues seeing if packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue? A. run “fw ctl zdebug drop” on the relevant gateway B. run “cpstop” on the relevant gateway and check the ping again C. run “fw unloadlocal” on the relevant gateway and check the ping again D. run “fw log” on the relevant gateway

A. run “fw ctl zdebug drop” on the relevant gateway

CCSE Flashcards

(344 cards)