CCSE Flashcards by Senan Sager

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from CLI?
* mgmt_cli add-host “Server_1” ip_adress “10.15.123.10” –format txt
* mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object “Server_1” ip-address “10.15.123.10” –format json

mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json

How well did you know this?

Not at all

Perfectly

You want to store GAiA configuration in a file for later reference. What command should you use?

write mem <filename>
show config -f <filename>
save config -o <filename>
save configuration <filename>

save configuration <filename>

How well did you know this?

Not at all

Perfectly

What is the command to check the status of the SmartEvent Server?
* fw ctl get int cpsemd_stat
* cp_conf get_stat cpsead
* fw ctl stat cpsead
* cpstat cpsemd

cpstat cpsemd

How well did you know this?

Not at all

Perfectly

SandBlast appliances can be deployed in the following modes:
* using a SPAN port to receive a copy of the traffic only
* detect only
* inline/prevent or detect
* as a Mail Transfer Agent and as part of the we traffic flow only

inline/prevent or detect

How well did you know this?

Not at all

Perfectly

In order to optimize performance of a Security Gateway you plan to use SecureXL technology. Your company uses different types of applications. Identify application traffic that will NOT be accelerated.
* Corporate relational database TCP traffic
* Custom application multicast traffic
* Transactions to the external application server using UDP
* TCP connections to the corporate Web-server

Custom application multicast traffic

How well did you know this?

Not at all

Perfectly

In a ClusterXL high-availability environment, what MAC address will answer for Virtual IP in the default configuration?
* MAC address of Active Member
* Virtual MAC Address
* MAC Address of Standby Member
* MAC Address of Management Server

MAC address of Active Member

How well did you know this?

Not at all

Perfectly

What is the minimum amount of RAM needed for a Threat Prevention Appliance?
* 6 GB
* 8 GB with Gaia in 64-bit mode
* 4 GB
* It depends on the number of software blades enabled

4 GB

How well did you know this?

Not at all

Perfectly

When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
* Any size
* Less than 20 GB
* More than 10 GB and less than 20 GB
* At least 20 GB

At least 20 GB

How well did you know this?

Not at all

Perfectly

What is the purpose of a SmartEvent Correlation Unit?
* The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
* The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events
* The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
* The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events

How well did you know this?

Not at all

Perfectly

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
* 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
* 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization
* 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization
* 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization

3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization

How well did you know this?

Not at all

Perfectly

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
* Detects and blocks malware by correlating multiple detection engines before users are affected
* Configure rules to limit the available network bandwidth for specified users or groups
* Use UserCheck to help users understand that certain websites are against the company’s security policy
* Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels

Detects and blocks malware by correlating multiple detection engines before users are affected

How well did you know this?

Not at all

Perfectly

Which is the suitable command to check whether Drop Templates are activated or not?
* fw ctl get int activate_drop_templates
* fwaccel stat
* fwaccel stats
* fw ctl templates -d

fwaccel stat

How well did you know this?

Not at all

Perfectly

You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first to run management API commands on GAIA’s shell?
* mgmt admin admin@teabag > id.txt
* mgmt login
* login user admin password teabag
* mgmt_cli login user "admin" password "teabag" > id.txt

mgmt_cli login user "admin" password "teabag" > id.txt

How well did you know this?

Not at all

Perfectly

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster
* Symmetric routing
* Failovers
* Asymmetric routing
* Anti-Spoofing

Asymmetric routing

How well did you know this?

Not at all

Perfectly

How can SmartView Web application accessed?
* https://<Security Management IP Address>/smartview
* https://<Security Management IP Address>:4434/smartview/
* https://<Sercurity Management IP Address>/smartview/
* https://<Security Management IP host name>:4434/smartview/

https://<Sercurity Management IP Address>/smartview/

How well did you know this?

Not at all

Perfectly

Which command can you use to enable or disable multi-queue per interface?
* cpmq set
* cpmqueue set
* cpmq config
* set cpmq enable

cpmq set

How well did you know this?

Not at all

Perfectly

What is the most recommended way to install patches and hotfixes?
* CPUSE Check Point Update Service Engine
* rpm -Uv
* Software Update Service
* UnixInstallScript

CPUSE Check Point Update Service Engine

How well did you know this?

Not at all

Perfectly

Advanced Security Checkups can be easily conducted within:
* Reports
* Advanced
* Checkups
* Views

Reports

How well did you know this?

Not at all

Perfectly

Which of the following authentication methods ARE NOT used for Mobile Access?
* RADIUS server
* Username and password (internal, LDAP)
* SecureID
* TACACS+

TACACS+

How well did you know this?

Not at all

Perfectly

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput
* This statement is true because SecureXL does improve all traffic
* This statement is false because SecureXL does not improve this traffic but CoreXL does
* This statement is true because SecureXL does improve this traffic
* This statement is false because encrypted traffic cannot be inspected

This statement is true because SecureXL does improve this traffic

How well did you know this?

Not at all

Perfectly

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
* 20 minutes
* 15 minutes
* Admin account cannot be unlocked automatically
* 30 minutes at least

30 minutes at least

How well did you know this?

Not at all

Perfectly

What is the command to see cluster status in cli expert mode?
* fw ctl stat
* clusterXL stat
* clusterXL status
* cphaprob stat

cphaprob stat

How well did you know this?

Not at all

Perfectly

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
* test_connectivity_ad -d <domain>
* test_ldap_connectivity -d <domain>
* test_ad_connectivity -d <domain>
* ad_connectivity_test -d <domain>

test_ad_connectivity -d <domain>

How well did you know this?

Not at all

Perfectly

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using:
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, the need to install the SSL Network Extender
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additinal software is required
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender

How well did you know this?

Not at all

Perfectly

What is the limitation of employing Sticky Decision Function? * With SDF enabled, the involved VPN Gateways only supports IKEv1 * Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF * With SDF enabled, only ClusterXL in legacy mode is supported * With SDF enabled, you can only have three Sync interfaces at most

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

When defining Qos global properties, which option below is not valid? * Weight * Authenticated timeout * Schedule * Rate

Schedule

There are 4 ways to use the Management API for creating hos object with R80 Management API. Which one is NOT correct? * Using Web Services * Using Mgmt_cli tool * Using CLISH * Using SmartConsole GUI console

Using CLISH

What is the SOLR database for? * Used for full text search and enables powerful matching capabilities * Writes data to the database and full text search * Serves GUI responsible to transfer request to the DLEserver * Enables powerful matching capabilities and writes data to the database

Used for full text search and enables powerful matching capabilities

What is the best sync method in the ClusterXL deployment? * Use 1 cluster + 1st sync * Use 1 dedicated sync interface * Use 3 clusters + 1st sync + 2nd sync + 3rd sync * Use 2 clusters + 1st sync + 2nd sync

Use 1 dedicated sync interface

To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer. * `fw ctl set int fwha vmac global param enabled` * `fw ctl get int fwha vmac global param enabled; result of command should return value 1` * `cphaprob -a if` * `fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1`

`fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1`

# [](http://) What must you do first if "fwm sic_reset" could not be completed? * cpstop then find keyword "certificate" in objects_5_0.C and delete the section * Reinitialize SIC on the security gateway then Run "fw unloadlocal" * Reset SIC from Smart Dashboard * Change internal CA via cpconfig

cpstop then find keyword "certificate" in objects_5_0.C and delete the section

The SmartEvent R80 Web application for real-time event monitoring is called: * SmartView Monitor * SmartEventWeb * There is no Web application for SmartEvent * SmartView

SmartView

# [](http://) What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? * Anti-Bot is the only countermeasure against unknown malware * Anti-Bot is the only protection mechanisms which starts a counter-attack against known Command & Control Centers * Anti-Bot is the only signature-based method of malware protection * Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

What is the command to show SecureXL status? * `fwaccel status` * `fwaccel stats -m` * `fwaccel -s` * `fwaccel stat`

``` fwaccel stat ```

How often does Threat Emulation download packages by default? * Once a week * Once an hour * Twice per day * Once per day

Once per day

Several users report that the Mobile Access portal is not responding. Where would you check core dump files? * `/var/log/dump/MAB` * `/var/log/modules/MAB` * `/var/log/dump/usermode/` * `$FWDIR/log/MAB`

``` /var/log/dump/usermode/ ```

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following? * Secure Internal Communication (SIC) * Restart Daemons if they fail * Transfers messages between Firewall processes * Pulls application monitoring status

Restart Daemons if they fail

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection? * Smart Cloud Services * Load Sharing Mode Services * Threat Agent Solution * Public Cloud Services

Public Cloud Services

What are the available options for downloading Check Point hotfixes in Gaia WebUI (CPUSE)? * Manually, Scheduled, Automatic * Update Now, Schedule Update, Offline Update * Update Automatically, Update Now, Disable Update * Manual Update, Disable Update, Automatic Update

Manually, Scheduled, Automatic

What scenario indicates that SecureXL is enabled? * Dynamic objects are available in the object Explorer * SecureXL can be disaabled in cpconfig * fwaccel commands can be used in clish * Only one packet in a stream is seen in a fw monitor packet capture

Only one packet in a stream is seen in a fw monitor packet capture

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is `________` . * Sent to the Internal Certificate Authority. * Sent to the Security Administrator. * Stored on the Security Management Server. * Stored on the Certificate Revocation List.

Stored on the Certificate Revocation List.

To fully enable Dynamic Dispatcher on a Security Gateway: * run fw ctl multik set_mode 9 in Expert mode and then Reboot. * Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu. * Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. * run fw multik set_mode 1 in Expert mode and then reboot.

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway. * True, CLI is the prefer method for Licensing * False, Central License are handled via Security Management Server * False, Central Licenses are installed via Gaia on Security Gateways * True, Central License can be installed with CPLIC command on a Security Gateway

True, Central License can be installed with CPLIC command on a Security Gateway

You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor. Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users? * IPS AND Application Control * IPS, anti-virus and anti-bot * IPS, anti-virus and e-mail security * SandBlast

SandBlast

Which of the following is NOT an attribute of packet acceleration? * Source address * Protocol * Destination port * VLAN Tag

VLAN Tag

Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them? * Auditor * Read Only All * Super User * Full Access

Read Only All

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status? * $FWDIR/database/fwauthd.conf * $FWDIR/conf/fwauth.conf * $FWDIR/conf/fwauthd.conf * $FWDIR/state/fwauthd.conf

$FWDIR/conf/fwauthd.conf

When using the Mail Transfer Agent, where are the debug logs stored? * $FWDIR/bin/emaild.mta. elg * $FWDIR/log/mtad elg * /var/log/mail.mta elg * $CPDIR/log/emaild elg

$FWDIR/bin/emaild.mta. elg

What has to be taken into consideration when configuring Management HA? * The Database revisions will not be synchronized between the management servers * SmartConsole must be closed prior to synchronized changes in the objects database * If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections. * For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

The Database revisions will not be synchronized between the management servers

Which command can you use to verify the number of active concurrent connections? * `fw conn all` * `fw ctl pstat` * `show all connections` * `show connections`

``` fw ctl pstat ```

What needs to be configured if the NAT property 'Translate destination or client side' is not enabled in Global Properties? * A host route to route to the destination IP. * Use the file local.arp to add the ARP entries for NAT to work. * Nothing, the Gateway takes care of all details necessary. * Enabling 'Allow bi-directional NAT' for NAT to work correctly.

Nothing, the Gateway takes care of all details necessary.

What component of R81 Management is used for indexing? * DBSync * API Server * fwm * SOLR

fwm

Which 3 types of tracking are available for Threat Prevention Policy? * SMS Alert, Log, SNMP alert * Syslog, None, User-defined scripts * None, Log, Syslog * Alert, SNMP trap, Mail

Syslog, None, User-defined scripts

You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways * action:"Key Install" AND 1.1.1.1 AND Main Mode * action:"Key Install- AND 1.1.1.1 ANDQuick Mode * Blade:"VPN" AND VPN-Stores AND Main Mode * Blade:"VPN" AND VPN-Stores AND Quick Mode

Blade:"VPN" AND VPN-Stores AND Main Mode

By default, which port does the WebUI listen on? * 80 * 4434 * 443 * 8080

443

How many policy layers do Access Control policy support? * 2 * 4 * 1 * 3

2 ## Footnote Two policy layers: - Network Policy Layer - Application Control Policy Layer

Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade? * The Standby Member * The Active Member * The Primary Member * The Secondary Member

The Standby Member

Which command would disable a Cluster Member permanently? * clusterXL_admin down * cphaprob_admin down * clusterXL_admin down-p * set clusterXL down-p

clusterXL_admin down-p

What are the blades of Threat Prevention? * IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction * DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction * IPS, AntiVirus, AntiBot * IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

What is UserCheck? * Messaging tool used to verify a user's credentials * Communication tool used to inform a user about a website or application they are trying to access. * Administrator tool used to monitor users on their network * Communication tool used to notify an administrator when a new user is created

Communication tool used to inform a user about a website or application they are trying to access.

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities? * All Connections (Clear or Encrypted) * Accept all encrypted traffic * Specific VPN Communities * All Site-to-Site VPN Communities

Accept all encrypted traffic

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time. * False, this feature has to be enabled in the Global Properties. * True, every administrator works in a session that is independent of the other administrators. * True, every administrator works on a different database that is independent of the other administrators. * False, only one administrator can login with write permission.

True, every administrator works in a session that is independent of the other administrators.

Which command is used to display status information for various components? * `show all systems` * `show system messages` * `sysmess all` * `show sysenv all`

``` show sysenv all ```

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every * 15 sec * 60 sec * 5 sec * 30 sec

60 sec

When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud? * ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data * ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments * ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud * ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

What is the valid range for VRID value in VRRP configuration? * 1 - 254 * 1 - 255 * 0 - 254 * 0 - 255

1 - 255 ## Footnote Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.

What is the default shell of Gaia CLI? * Monitor * CLI.sh * Read-only * Bash

CLI.sh

Connections to the Check Point R81 Web API use what protocol? * HTTPS * RPC * VPN * SIC

HTTPS

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members? * `fw ctl set int fwha vmac global param enabled` * `fw ctl get int vmac global param enabled; result of command should return value 1` *` cphaprob-a if` * `fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1`

``` fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1 ```

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions: * All UDP packets * All IPv6 Traffic * All packets that match a rule whose source or destination is the Outside Corporate Network * CIFS packets

CIFS packets

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? * Security Gateway IP-address cannot be changed without re-establishing the trust. * The Security Gateway name cannot be changed in command line without re-establishing trust. * The Security Management Server name cannot be changed in SmartConsole without reestablishing trust. * The Security Management Server IP-address cannot be changed without re-establishing the trust.

Security Gateway IP-address cannot be changed without re-establishing the trust.

Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI? * host name myHost12 ip-address 10.50.23.90 * mgmt: add host name ip-address 10.50.23.90 * add host name emailserver1 ip-address 10.50.23.90 * mgmt: add host name emailserver1 ip-address 10.50.23.90

mgmt: add host name emailserver1 ip-address 10.50.23.90

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup? * `restore_backup` * `import backup` * `cp_merge` * `migrate import`

migrate import

What are the methods of SandBlast Threat Emulation deployment? * Cloud, Appliance and Private * Cloud, Appliance and Hybrid * Cloud, Smart-1 and Hybrid * Cloud, OpenServer and Vmware

Cloud, Appliance and Private

What are the main stages of a policy installations? * Verification & Compilation, Transfer and Commit * Verification & Compilation, Transfer and Installation * Verification, Commit, Installation * Verification, Compilation & Transfer, Installation

Verification & Compilation, Transfer and Commit

What are the attributes that SecureXL will check after the connection is allowed by Security Policy? * Source address, Destination address, Source port, Destination port, Protocol * Source MAC address, Destination MAC address, Source port, Destination port, Protocol * Source address, Destination address, Source port, Destination port * Source address, Destination address, Destination port, Protocol

Source address, Destination address, Source port, Destination port, Protocol

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component? * None, Security Management Server would be installed by itself. * SmartConsole * SecureClient * Security Gateway * SmartEvent

Security Gateway

Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser? * Error! Hyperlink reference not valid. * Error! Hyperlink reference not valid. IP_Address>:443 * Error! Hyperlink reference not valid. * Error! Hyperlink reference not valid.

Error! Hyperlink reference not valid.

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated? * The connection is destined for a server within the network * The connection required a Security server * The packet is the second in an established TCP connection * The packets are not multicast

The connection required a Security server

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use? * sim erdos -e 1 * sim erdos - m 1 * sim erdos -v 1 * sim erdos -x 1

sim erdos -e 1

Identify the API that is not supported by Check Point currently. * R81 Management API- * Identity Awareness Web Services API * Open REST API * OPSEC SDK

Open REST API

What is the base level encryption key used by Capsule Docs? * RSA 2048 * RSA 1024 * SHA-256 * AES

RSA 2048

Which of the following is NOT an alert option? * SNMP * High alert * Mail * User defined alert

High alert

# ``` Which of the following is a new R81 Gateway feature that had not been available in R77.X and older? * The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. * Limits the upload and download throughput for streaming media in the company to 1 Gbps. * Time object to a rule to make the rule active only during specified times. * Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Which command is used to obtain the configuration lock in Gaia? * Lock database override * Unlock database override * Unlock database lock * Lock database user

Lock database override

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails? * Check Point Remote User * Check Point Capsule Workspace * Check Point Mobile Web Portal * Check Point Capsule Remote

Check Point Mobile Web Portal

Which of the following is NOT a type of Check Point API available in R81.x? * Identity Awareness Web Services * OPSEC SDK * Mobile Access * Management

Mobile Access

Fill in the blank: Authentication rules are defined for `________` . * User groups * Users using UserCheck * Individual users * All users in the database

User groups

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first? * Host having a Critical event found by Threat Emulation * Host having a Critical event found by IPS * Host having a Critical event found by Antivirus * Host having a Critical event found by Anti-Bot

Host having a Critical event found by Anti-Bot

What traffic does the Anti-bot feature block? * Command and Control traffic from hosts that have been identified as infected * Command and Control traffic to servers with reputation for hosting malware * Network traffic that is directed to unknown or malicious servers * Network traffic to hosts that have been identified as infected

Command and Control traffic from hosts that have been identified as infected

Fill in the blank: A` ________` VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser. * Clientless remote access * Clientless direct access * Client-based remote access * Direct access

Clientless remote access

When using CPSTAT, what is the default port used by the AMON server? * 18191 * 18192 * 18194 * 18190

18192

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia. What must you do to get SIC to work? * Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this. * Create a rule at the top in the Sydney firewall to allow control traffic from your network * Nothing - Check Point control connections function regardless of Geo-Protection policy * Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Nothing - Check Point control connections function regardless of Geo-Protection policy

What is the difference between an event and a log? * Events are generated at gateway according to Event Policy * A log entry becomes an event when it matches any rule defined in Event Policy * Events are collected with SmartWorkflow form Trouble Ticket systems * Log and Events are synonyms

A log entry becomes an event when it matches any rule defined in Event Policy

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? * Detects and blocks malware by correlating multiple detection engines before users are affected. * Configure rules to limit the available network bandwidth for specified users or groups. * Use UserCheck to help users understand that certain websites are against the company's security policy. * Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Detects and blocks malware by correlating multiple detection engines before users are affected.

Which is NOT an example of a Check Point API? * Gateway API * Management API * OPSC SDK * Threat Prevention API

Gateway API

Which TCP port does the CPM process listen on? * 18191 * 18190 * 8983 * 19009

19009

What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81? * 2 CPU cores, 4GB of RAM and 15GB of disk space * 8 CPU cores, 16GB of RAM and 500 GB of disk space * 4 CPU cores, 8GB of RAM and 500GB of disk space * 8 CPU cores, 32GB of RAM and 1 TB of disk space

4 CPU cores, 8GB of RAM and 500GB of disk space

Which command shows the current connections distributed by CoreXL FW instances? * `fw ctl multik stat` * `fw ctl affinity -l` * `fw ctl instances -v` * `fw ctl iflist`

`fw ctl multik stat`

Which file gives you a list of all security servers in use, including port number? * `$FWDIR/conf/conf.conf` * `$FWDIR/conf/servers.conf` * `$FWDIR/conf/fwauthd.conf` * `$FWDIR/conf/serversd.conf`

`$FWDIR/conf/fwauthd.conf`

Which utility allows you to configure the DHCP service on Gaia from the command line? * `ifconfig` * `dhcp_ofg` * `sysconfig` * `cpconfig`

``` sysconfig ```

# ``` Which is not a blade option when configuring SmartEvent? * Correlation Unit * SmartEvent Unit * SmartEvent Server * Log Server

SmartEvent Unit ## Footnote On the Management tab, enable these Software Blades:

How long may verification of one file take for Sandblast Threat Emulation? * up to 1 minutes * within seconds cleaned file will be provided * up to 5 minutes * up to 3 minutes

within seconds cleaned file will be provided

For best practices, what is the recommended time for automatic unlocking of locked admin accounts? * 20 minutes * 15 minutes * Admin account cannot be unlocked automatically * 30 minutes at least

30 minutes at least

What destination versions are supported for a Multi-Version Cluster Upgrade? * R81.40 and later * R76 and later * R70 and Later * R81.10 and Later

R81.10 and Later

What is the default size of NAT table fwx_alloc? * 20000 * 35000 * 25000 * 10000

25000

How can SmartView application accessed? * Error! Hyperlink reference not valid. Management IP Address>/smartview * Error! Hyperlink reference not valid. Management IP Address>:4434/smartview/ * Error! Hyperlink reference is not valid. Management IP Address>/smartview/ * Error! Hyperlink reference not valid. Management host name>:4434/smartview/

Error! Hyperlink reference is not valid. Management IP Address>/smartview/

The `_______` software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware. * Next Generation Threat Prevention * Next Generation Threat Emulation * Next Generation Threat Extraction * Next Generation Firewall

Next Generation Threat Emulation

What is the command to check the status of the SmartEvent Correlation Unit? * `fw ctl get int cpsead_stat` * `cpstat cpsead` * `fw ctl stat cpsemd` * `cp_conf get_stat cpsemd`

`cpstat cpsead`

What a valid SecureXL paths in R81.10? * F2F (Slow path). Templated Path. PQX and F2V * F2F (Slow path). PXL, QXL and F2V * F2F (Slow path), Accelerated Path, PQX and F2V * F2F (Slow path), Accelerated Path, Medium Path and F2V

F2F (Slow path), Accelerated Path, Medium Path and F2V

The Correlation Unit performs all but the following actions: * Marks logs that individually are not events, but may be part of a larger pattern to be identified later. * Generates an event based on the Event policy. * Assigns a severity level to the event. * Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Assigns a severity level to the event.

While using the Gaia CLI. what is the correct command to publish changes to the management server? * `json publish` * ` mgmt publish` * `mgmtcli commit` * `commit`

`mgmt publish`

The Check Point history feature in R81 provides the following: * View install changes and install specific version * View install changes * Policy Installation Date, view install changes and install specific version * Policy Installation Date only

Policy Installation Date, view install changes and install specific version

Fill in the blank: The R81 utility fw monitor is used to troubleshoot `________` * User data base corruption * LDAP conflicts * Traffic issues * Phase two key negotiations

Traffic issues ## Footnote Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.

What are the services used for Cluster Synchronization? * 256H-CP tor Full Sync and 8116/UDP for Delta Sync * 8116/UDP for Full Sync and Delta Sync * TCP/256 for Full Sync and Delta Sync * No service needed when using Broadcast Mode

TCP/256 for Full Sync and Delta Sync

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel? * Yes, but they need to have a mutually trusted certificate authority * Yes, but they have to have a pre-shared secret key * No, they cannot share certificate authorities * No, Certificate based VPNs are only possible between Check Point devices

Yes, but they need to have a mutually trusted certificate authority

R81.10 management server can manage gateways with which versions installed? * Versions R77 and higher * Versions R76 and higher * Versions R75.20 and higher * Versions R75 and higher

Versions R75.20 and higher

# *

# 1.

CCSE Flashcards

(160 cards)