Practice Q&As Flashcards
(129 cards)
1
Q
Which of the following is NOT an integral part of VPN communication within a network:
- VPN Key
- VPN Community
- VPN Trust Entities
- VPN Domain
A
VPN Key
✑ VPN trust entities, such as a Check Point Internal Certificate Authority (ICA). The ICA is part of the Check Point suite used for creating SIC trusted connection between Security Gateways, authenticating administrators and third party servers. The ICA provides certificates for internal Security Gateways and remote access clients which negotiate the VPN link.
✑ VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway that handles encryption and protects the VPN Domain members.
✑ VPN Community - A named collection of VPN domains, each protected by a VPN gateway.
2
Q
How can you tell if another Checkpoint Admin is working on a rule, but has not published the changes?
A
There’s a little pencil symbol next to the rule.
3
Q
What encryption is used in SIC, and what does SIC stand for?
A
Gateways above R71 use AES128 for SIC, R71 and below use 3DES. SIC stands for Secure Internal Communications.
4
Q
What are the five types of SecureXL flow?
A
Accelerated Path (sometimes called “fastpath” or SXL)
F2V (Forward to Virtual Machine) Path
PSLXL Path (also called the “Medium Path” or “Passive Streaming”)
CPASXL Path (also called “Active Streaming”)
Firewall Path (also called “slowpath”, “non-accelerated”, or F2F)
5
Q
What are the three main components of the Checkpoint Three-tier architecture?
A
SmartConsole
Security Management Server
Security Gateway
6
Q
What is the main purpose of the SmartConsole?
A
SmartConsole is a GUI software installed on a windows platform allowing for centralised management of a Check Point environment
7
Q
What is the main purpose of the Security Management Server?
A
The Security Management Server is a dedicated server that runs Check Point software to manage the objects and policies in a Check Point environment. The Security Management Server is installed on a server running the Check Point Gaia OS.
8
Q
What is the main purpose of a security gateway?
A
The security gateway is essentially a firewall - it’s Check Points term for it
9
Q
What are the two main shells that the gaia OS provides?
A
Gaia Clish and Bash (Expert Mode)
10
Q
Which shell is the most restrictive
A
Clish
11
Q
What is the default shell?
A
Clish
12
Q
What is the default password for Expert Mode?
A
There is no default password, you must define it using the ‘set expert-password’ command
13
Q
What physical components may be represented by a network object?
A
A user, a server, a gateway, any physical components
14
Q
What logical components may be represented by a network object?
A
Applications, IP Ranges, Services etc
15
Q
What permissions profile allows unrestricted permissions?
A
Super User
16
Q
Name three types of Software Containers?
A
Security Management
Security Gateway
Endpoint Security
17
Q
What are the subscription blades?
A
Service blades such as IPS, URL Filtering, Application Control are considered subscription blades
18
Q
Name on reason to generate and install a new license?
A
Existing license expires
License is upgraded
IP address of the security management or security gateway has changed
19
Q
What types of rules are created by the security gateway?
A
Implied Rules
20
Q
What type of rules are created by the administrator?
A
Explicit Rules
21
Q
Where should the clean up rule be placed?
A
At the bottom of the rulebase
22
Q
What is the purpose of policy layers?
A
Policy layers are sets of rules or a rulebase. They let you divide up a policy into smaller, more manageable sections.
23
Q
What type of Policy layer is independent of the rest of the rulebase?
A
Inline
24
Q
List the two types of rules that Check Point NAT supports for address translation?
A
Automatic
Manual
25
What is the difference between Hide NAT and Static NAT?
Hide NAT only allows outgoing connections, it translates many private addresses to one public address. Using Hide NAT, the defined hosts and networks share the same address when their traffic is routed by the gateway. (Standard NATing, different source ports are used to identify the internal IP address via NAT table)
Static NAT allows for both incoming and outgoing connections, it involves the translation of one private IP address to a single unique public IP address.
26
List at least two use cases for Application Control?
Learn about applications
Create a granular policy
Track employees online usage
Keep policies updated
27
How does URL filtering work?
URL Filtering works by comparing all web traffic against URL filters, which are typically contained in a database of sites that users are permitted to access / denied from accessing.
28
What is the recommended profile supported by Autonomous Threat Prevention?
Perimeter
29
What is a VPN Community?
A VPN Community is a named collection of VPN domains (hosts / networks that use the Security Gateway to send/receive VPN traffic). Each is protected by a VPN Gateway, all the attributes of the VPN tunnel are defined in the VPN Community.
30
Define IKEv1 and IKEv2
IKEv1 is the default version which is supported on most new and old systems
IKEv2 is the newer version supporting IPv6, but currently Check Point Remote Access VPN clients do not support it
31
List the two topologies on which VPN communities can be based?
VPN communities can be based on Mesh and Star Topologies.
32
Which tool can be used to collect and view logs and monitor devices?
SmartConsole
33
How many logs are typically displayed in the default view?
50
34
What information is available in the Gateway & Servers Monitor View?
Device Status
License Status
System Counters
Traffic
35
Give at least two situations in which a snapshot is recommended?
After a fresh installation of Gaia
Before making a major configuration
Before an upgrade or hotfix change
36
Why is it recommended to schedule regular backups?
To preserve the Gaia OS configuration and Firewall database
37
What is the preferred method of recovery?
Backup and restore
38
In what compressed file format is a backup saved?
.tgz
39
In order to modify security policies the administrator can use which of the following tools?
1) SmartConsole and WebUI on the Security Management Server
2) SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed
3) Command line of the Security Management Server or mgmt_cli.exe on any Windows Computer
4) mgmt_cli (API) or WebUI on Security Gateway, and SmartConsole on the Security Management Server
2
40
What is the user ID of a user that have all the privileges of a root user?
1) User ID 1
2) User ID 2
3) User ID 0
4) User ID 99
3
41
Which type of Check Point license ties the package license to the IP address of the SMS?
1) Local
2) Central
3) Corporate
4) Formal
2
42
In HTTPS Inspection Policy, what actions are available in the 'Actions' column of the rule?
1) Inspect, Bypass
2) Inspect, Bypass, Categorise
3) Inspect, Bypass, Block
4) Detect, Bypass
1
43
What is the main difference between Static NAT and Hide NAT?
1) Hide NAT only allows incoming connections to protect your network
2) Static NAT only allows outgoing connections, Hide NAT allows incoming and outgoing
3) Static NAT allows incoming and outgoing connections, Hide NAT only allows outgoing connections
4) Static NAT only allows incoming connections to protect your NAT
3
44
When a SAM (suspicious activity monitoring) rule is required on a Security Gateway to quickly block suspicious connections which are not restricted by the security policy, what actions does the admin need to take?
1) SmartView Monitor should be opened and then the SAM rule can be applied immediately without needing to install policy
2) The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply publishing the changes applies the SAM rule on the firewall.
3) The administrator must work on the firewall CLI (for example with SSH / Putty) and the command 'sam block' must be used with the right parameters
4) the admin should open the logs and monitor view and find the relevant log, right clicking on the log entry will show the create new SAM rule option
1
45
There are four policy types available for each policy package, what are they?
1) Access Control, Threat Prevention, Mobile Access and HTTPs inspection
2) Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection
3) There are only three, Access Control, Threat Prevention and NAT
4) Access Control, threat Prevention, NAT and HTTPS Inspection
2
46
Where can alerts be viewed?
1) Alerts can be seen from the CLI of the gateway
2) Alerts can be seen in SmartUpdate
3) Alerts can be seen in the Threat Prevention Policy
4) Alerts can be seen in SmartView Monitor
4
47
In SmartConsole, on which tab are Permissions and Administrators defined?
1) GATEWAYS AND SERVERS
2) SECURITY POLICIES
3) MANAGE AND SETTINGS
4) LOGS AND MONITOR
3
48
Which type of Check Point license is tied to the IP address of a specific security gateway and cannot be transferred to a gateway that has a different IP address?
1) Formal
2) Central
3) Corporate
4) Local
4
49
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
1) SmartView Monitor
2) SmartDashboard
3) SmartUpdate
4) SmartEvent
4
50
Which back up method uses the command line to create an image of the OS?
1) System Backup
2) Save Configuration
3) snapshot
4) Migrate
3
51
Which one of the following is the preferred licensing model?
1) Central licensing because it ties the package license to the IP address of the SMS and has no dependency on the gateway
2) Central licensing because it ties the package license to the MAC address of the SMS Mgmt interface and has no dependency on the gateway
3) Local licensing because it ties the package license to the IP address of the gateway and has no dependency on the SMS
4) Local licensing because it ties the package license to the MAC address of the gateway management interface and has no SMS dependency
1
52
What is the purpose of Captive Portal?
1) It provides remote access to SmartConsole
2) It authenticates users, allowing them access to the internet and corporate resources
3) It authenticates users, allowing them access to the Gaia OS
4) It manages user permission in SmartConsole
2
53
When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?
1) SmartConsole Installed device
2) Check point user centre
3) SMS
4) Security Gateway
3
54
Fill in the blank, once a license is activated, a _____ should be installed.
1) Security Gateway Contract File
2) Service Contract File
3) License Management File
4) License Contract file
2
55
A layer can support different combinations of Blades, what are the support blades?
1) Firewall, URLF, Content Awareness and Mobile Access
2) Firewall (Network Access control), Application & URL Filtering, Content Awareness and Mobile Access
3) Firewall, NAT, Content Awareness and Mobile Access
4) Firewall (Network Access Control), Application & URL Filtering and Content Awareness
4
56
If there is a Accept implied policy set to 'first', what is the reason Jorge cannot see any logs?
1) Log implied rule was not set correctly on the track column on the rules base
2) Track log column is set to log, not full log
3) Track log column is set to none
4) Log implied rule was not selected on Global Properties
4
57
Where can alerts be viewed?
1) Alerts can be seen in SmartView Monitor
2) Alerts can be seen in the Threat Prevention Policy
3) Alerts can be seen in SmartUpdate
4) Alerts can be seen from the CLI of the gateway
1
58
What CheckPoint technologies deny or permit network traffic?
1) Application Control, DLP
2) ACL, SandBlast, MPT
3) IPS, Mobile Threat protection
4) Packet Filtering, Stateful Inspection, Application Layer Firewall
4
59
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
1) INSPECT engine
2) Stateful Inspection
3) Packet Filtering
4) Application Layer Firewall
1
60
In the Check Point three-tiered architecture, which of the following is NOT a function of the SMS?
1) Display policies and logs on the admins workstation
2) verify and compile Security Policies
3) Processing and sending alerts such as SNMP traps and email notifications
4) Store firewall logs to hard drive storage
1 - SmartConsole does this
61
What is not an advantage of Packet Filtering?
Low Security and no screening above network layer
Application independence
High performance
Scalability
Low security and no screening above network layer
62
To enforce the security policy correctly, a security gateway requires
1) A routing table
2) awareness of the network topology
3) A DMZ
4) A security policy install
2
63
in SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories, which of the following is NOT a object category?
1) Network Object
2) Limit
3) Custom Application / Site
4) Resource
4
64
DLP and Geo Policy are examples of what type of policies?
1) Standard policies
2) Inspection policies
3) Unified Policies
4) Shared Policies
4
65
What two ordered layers make up the Access Control Policy Layer?
1) URL Filtering and Network
2) Network and Threat Prevention
3) Application Control and URL Filtering
4) Network and Application Control
4
66
Harriet wants to protect sensitive information from intentional loss when users browser to a specific URL: https://personal.mymail.com. Which blade will she enable to achieve her goal?
1) Application Control
2) SSL Inspection
3) URL Filtering
4) DLP
4
67
The ______ software blade enables Application Security policies to allow, block or limit website access based on user, group and machine identities.
1) URL Filtering
2) Application Control
3) Data Awareness
4) Threat Emulation
1
68
How do you manage Gaia?
1) Through SmartConsole only
2) Through CLI and WebUI
3) Through CLI only
4) Through CLI, WebUI and SmartConsole
2
69
What is the implicit clean up rule?
1) A setting that is configured per Policy Layer
2) Another name for the clean up rule
3) A rule automatically created when the clean up rule is defined
4) A setting that is defined in the Global Properties for all policies
4
70
Which threat prevention software blade provides comprehensive protection against malicious and unwanted network traffic - focusing on application and server vulnerabilities?
1) Antivirus
2) IPS
3) Anti-spam
4) Anti-bot
2
71
Which check point software blade provides protection from zero day and undiscovered threats?
1) Firewall
2) Application Control
3) Threat Extraction
4) Threat Emulation
4
72
The _____ software blade enables Application Security policies to allow, block, or limit website access based on user, group and machine identities.
1) URL Filtering
2) Application Control
3) Monitoring
4) Threat Emulation
1
73
Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance
1) Application Control
2) Threat Extraction
3) Compliance
4) Monitoring
Monitoring
74
Which check point software blade provides visibility of users, groups and machines while also providing access control through identity based policies?
1) URL Filtering
2) Firewall
3) Identity Awareness
4) Application Control
3 - Identity Awareness
75
Fill in the blank: _____ information is included in the "Full Log" tracking option, but is not included in the "Log" tracking option?
1) Destination Port
2) Data Type
3) File Attributes
4) Application
2 - Data type
76
The hit count feature allows tracking the number of connections that each rule matches. Will the feature work independently from logging and track the hits even if the track option is set to 'None'?
1) No - it will not work independently. Hit count will be shown only for rules with Track option set as Log or Alert.
2) Yes it will work independently as long as 'analyze all rules' is enabled in the security gateway.
3) No - it will not work independently because hit count requires all rules to be logged
4) Yes it will work independently because when you enable Hit Count, the SMS collects the data from the supported gateways
4
77
Which of the following is NOT a tracking option?
Partial Log
Log
Network Log
Full Log
Partial Log
78
Which of the following is the most secure means of authentication?
Password
Certificate
Token
Pre-shared secret
Certificate
79
Fill in the blank: the most important part of a site-to-site vpn deployment is the _____
Internet
Remote users
Encrypted VPN tunnel
VPN Gateways
Encrypted VPN tunnel
80
Which of the following is NOT an integral part of VPN communication within a network?
VPN Key
VPN Community
VPN Trust Entities
VPN Domain
VPN key
81
Phase 1 of the two-phase negotiation process conducted by IKE operates in ____ mode.
Main
Authentication
Quick
High Alert
Main
82
Fill in the blank: when LDAP is integrated with Check Point Security Management, it is then referred to as ______
UserCheck
User Directory
User Administration
User Centre
User Directory
83
Fill in the blank: An Endpoint Identity Agent uses a _____ for user authentication
Shared Secret
Token
Username/Password or Kerberos ticket
Certificate
username/password or kerberos ticket
84
Which of the following is an identity acquisition method that allows a security gateway to identify AD users and computers?
UserCheck
Active Directory Query
Account Unit Query
User Directory Query
Active directory query
85
Fill in the blank, an LDAP servers holds one or more ____
Server Units
Administrator Units
Account Units
Account Servers
Administrator Units
86
When defining group based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a security policy?
Access Role
user Group
SmartDirectory Group
Group Template
Access Role
87
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address?
High Availability
Master/Backup
Load Sharing Pivot
Load Sharing Multicast
Load Sharing Multicast
88
Check Point ClusterXL active/active deployment is used when?
Only when there is a multicast solution set up
When there is a Load Sharing solution set up
Only when there is a unicast solution set up
When there is a high availability solution set up
When there is a load sharing solution set up
89
What protocol is specifically used for clustered environments?
Cluster Protocol
Synchronized Cluster Protocol
Control Cluster Protocol
Cluster Control Protocol
Cluster Control Protocol
90
Fill in the blank: Each cluster has ____ interfaces
Three
Five
Two
Four
Three
91
Bob and Joe both have admin roles on their Gaia platform. Bob logs in on the WebUI and Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are logged in?
When Joe logs in, Bob will be logged out automatically
Since they are both logging in on different machines, they will both be able to make changes
If Joe tries to make a change, he can't because the database will be locked
Bob will be prompted that Joe logs in
If Joe tries to make a change, he can't because the database is locked
92
Which utility allows you to configure the DHCP service on Gaia from the command line?
ifconfig
dhcp_cfg
sysconfig
cpconfig
sysconfig
93
Which default Gaia user has full read/write access?
Superuser
Monitor
Altuser
admin
admin
94
Which icon in the WebUI indicates that read/write access is enabled?
Eyeglasses
Pencil
Padlock
Book
Pencil
95
Which SmartConsole tab is used to monitor network and security performance?
Logs Monitor
Manage Settings
Security Policies
Gateway Servers
Logs Monitor
96
Check Point Update Service Engine (CPUSE), also known as Deployment Agent (DA), is an advanced and intuitive mechanism for software deployment on Gaia OS. What software packages are supported for deployment?
It supports deployments of single HotFixes (HF), and of Major Versions. Blink packages and hotfix accumulators (jumbo) are not supported.
It supports deployments of single hotfixes (HF), of Hotfix accumulators (jumbo) and of major versions.
It supports deployments of major versions and blink packages only
It supports deployments of single hotfixes (HF), of hotfix accumulators (jumbo) but not of major versions.
It supports deployments of single hotfixes (HF), of HotFix accumulators (jumbo) and of major versions
97
In SmartConsole, on which tab are Permissions and Administrators defined?
Manage & Settings
Security Policies
Gateways and Servers
Logs and Monitors
Manage and Settings
98
Which tool allows automatic update of Gaia OS and Check Point products installed on Gaia OS?
CPDAS - Check Point deployment agent service
CPUSE - Check Point Upgrade Service Engine
CPASE - Check Point Automatic Service Engine
CPAUE - Check Point Automatic Update Engine
CPUSE
99
In the Check Point three tiered architecture, which of the following is NOT a function of the SMS?
Verify and compile security policies
Display policies and logs on the admin workstation
Store firewall logs to hard drive storage
Manage the object database
Display policies and logs on the admin workstation
100
True or false; More than one admin can log into the SMS with SmartConsole with write permissions at the same time?
True - every admin works on a different database that is independent of the other admin
False - only one admin can login with write permission
True - every admin works in a session that is independent of other admins
False - this feature has to be enabled in Global Properties
True - every admin works in a session that is independent of other admins
101
What Check Point tool is used to automatically update Check Point products Gaia OS?
Check Point Update Engine
Check Point Upgrade Installation Service
Check Point Upgrade Service Engine (CPUSE)
Check Point Inspect Engine
CPUSE
102
If there are two admins logged in at the same time to the smartconsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer:
Delete older versions of the database
Publish or discard the session
Revert the session
Save and install the policy
Publish or discard the session
103
What are the two deployment options available for a security gateway
Bridge and switch
Local and remote
Cloud and router
Standalone and Distributed
Standalone and distributed
104
One of the major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editting the same Security Policy?
AdminB sees a pencil icon next to the rule that AdminB is currently editting
AdminA, AdminB and AdminC are editting three different rules at the same time
AdminA and AdminB are editing the same rule at the same time
AdminC sees a lock icon which indicates that the rule is locked for editting by another admin
AdminA and AdminB are editting the same rule at the same time
105
A Check Point Software license consists of two components - the software blade and the software container. There are _____ types of Software Containers: ______.
Two; Security Management and Endpoint Security
Three; Security Management, Security Gateway and Endpoint Security
Three; Security Gateway, Endpoint Security and Gateway Management
Two; Endpoint Security and Security Gateway
Three; Security Management, Security Gateway and Endpoint Security
106
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to another gateway with a different IP address.
Formal
Central
Local
Corporate
Local
107
Tom has connected to a Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when suddenly he loses connectivity. Connectivity is restored shortly afterward, what will happen to the changes already made?
Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot
Tom will have to reboot his SmartConsole computer, clear the cache and restore changes.
Tom's changes will have been stored on the Management Server when he reconnects and he will not lose any of his work
Toms changes will be lost since he lost connectivity and he will have to start again
Tom's changes will have been stored on the Management Server when he reconnects and he will not lose any of his work
108
In which deployment is the security management server and security gateway installed on the same appliance?
Switch
Standalone
Distributed
Remote
Standalone
109
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group and/or machine?
Data Awareness
Threat Emulation
Application Control
Identity Awareness
Identity Awareness
110
DLP and Mobile Access Policy are examples of what type of policy?
Shared Policies
Unified Policies
Inspection Policies
Standard Policies
Shared Policies
111
What is the default shell of Gaia CLI?
Read-only
Expert
Clish
Bash
Clish
112
Which of the following is NOT a valid application navigation tab in SmartConsole?
WEBUI & COMMAND LINE
SECURITY POLICIES
GATEWAYS & SERVERS
LOGS & MONITOR
WEBUI & COMMAND LINE
113
What are two basic rules Check Point recommends for building an effective security policy?
Accept Rule and Drop Rule
Explicit Rule and Implied Rule
Cleanup Rule and Stealth Rule
NAT Rule and Reject Rule
Cleanup Rule and Stealth Rule
114
When dealing with policy layers, what two layer types can be utilised?
Inbound Layers and Outbound Layers
Ordered layers and inline layers
Structured layers and overlap layers
R81.X does not support layers
Ordered layers and inline layers
115
What are the three main components of Check Point Security Management Architecture?
SmartConsole, Security Management Server, Security Gateway
116
Which Check Point software blade provides protection from zero days and undiscovered threats?
Threat Extraction
Threat Emulation
Firewall
Application Control
Threat Emulation
117
What are the three types of UserCheck messages?
Ask, block and notify
block, action and warn
action, inform and ask
inform, ask and drop
Ask, block and notify
118
By default, which port is used to connect to the Gaia portal?
4434
80
8080
443
443
119
Choose what BEST describes a session?
Sessions end when policy is pushed to the Security Gateway
Sessions lock the policy package for editing
Starts when an admin logs in through SmartConsole and ends when the admin logs out
Starts when an admin publishes all changes made on SmartConsole
Starts when an admin logs in through SmartConsole and ends when the admin logs out
120
Which command shows detailed information about VPN tunnels?
cat $FWDIR/conf/vpn.conf
vpn tu tlist
vpn tu
cpview
vpn tu
121
After a new log server is added to the environment and the SIC trust has been established with the SMS, what will the gateways do?
Gateways will send firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new log server
Logs are not automatically forwarded to a new log server. SmartConsole must be used to manually configure each gateway to send it's logs to the server.
The firewalls will detect the new log server after the next policy install and redirect the new logs to the new Log Server
The gateways can only send logs to an SMS and cannot send logs to a log server. Log servers are proprietary log archive servers.
Logs are not automatically forwarded to a new log server, SmartConsole must be used to manually configure each gateway to send its logs to the server.
122
In order for changes made to policy to be enforced by a security gateway, what action must a admin perform?
Publish Changes
Save Changes
Install Policy
Install Database
Install database
123
Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
Both license (.lic) and contract (.xml) file
cp.macro
contract file (.xml)
license file (.lic)
cp.macro - A $CPDIR/conf/cp.macro file is an electronically signed file used by the Check Point software to translate the features included within the installed license (s) file into code, or primitives.
124
Which two identity awareness daemons are used to support identity sharing?
Policy Activation Point (PAP) and Policy Decision Point (PDP)
Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
Policy Decision Point (PDP) and Policy enforcement point (PEP)
125
In which scenario will an admin need to manually define Proxy ARP?
When they configure an automatic static NAT which translates to an IP address that does not belong to one of the firewalls interfaces
When they configure an automatic hide NAT which translates to an IP address that does not belong to one of the firewalls interfaces
When they configure a Manual Static NAT which translates to an IP address that does not belong to one of the firewalls interfaces
When they configure a Manual Hide NAT which translates to an IP address that belongs to one of the firewalls interfaces
When they configure a Manual Static NAT which translates to an IP address that does not belong to one of the firewalls interfaces
126
When enabling tracking on a rule, what is the default option?
Accounting Log
Extended Log
Log
Detailed Log
Log
127
Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for which components?
The Security Gateway and Security Management Server software and the CPUSE engine
Licensed Check Point products for the Gaia OS and the Gaia OS itself
The CPUSE engine and the Gaia OS
The Gaia OS only
Licensed Check Point products for the Gaia OS and the Gaia OS itself
128
Authentication rules are defined for ____
Individual users
All users in the database
Users using usercheck
User groups
User Groups
129
Which routing protocols are supported by the Gaia OS?
BGP, OSPF, RIP
BGP, OSPF, RIP, EIGRP
BGP, OSPF, EIGRP, PIM, IGMP
BGP, OSPF, RIP, PIM, IGMP
BGP, OSPF, RIP
