CCSE Flashcards by Senan Sager

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from CLI?
* mgmt_cli add-host “Server_1” ip_adress “10.15.123.10” –format txt
* mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object “Server_1” ip-address “10.15.123.10” –format json

mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json

How well did you know this?

Not at all

Perfectly

You want to store GAiA configuration in a file for later reference. What command should you use?

write mem <filename>
show config -f <filename>
save config -o <filename>
save configuration <filename>

save configuration <filename>

How well did you know this?

Not at all

Perfectly

What is the command to check the status of the SmartEvent Server?
* fw ctl get int cpsemd_stat
* cp_conf get_stat cpsead
* fw ctl stat cpsead
* cpstat cpsemd

cpstat cpsemd

How well did you know this?

Not at all

Perfectly

SandBlast appliances can be deployed in the following modes:
* using a SPAN port to receive a copy of the traffic only
* detect only
* inline/prevent or detect
* as a Mail Transfer Agent and as part of the we traffic flow only

inline/prevent or detect

How well did you know this?

Not at all

Perfectly

In order to optimize performance of a Security Gateway you plan to use SecureXL technology. Your company uses different types of applications. Identify application traffic that will NOT be accelerated.
* Corporate relational database TCP traffic
* Custom application multicast traffic
* Transactions to the external application server using UDP
* TCP connections to the corporate Web-server

Custom application multicast traffic

How well did you know this?

Not at all

Perfectly

In a ClusterXL high-availability environment, what MAC address will answer for Virtual IP in the default configuration?
* MAC address of Active Member
* Virtual MAC Address
* MAC Address of Standby Member
* MAC Address of Management Server

MAC address of Active Member

How well did you know this?

Not at all

Perfectly

What is the minimum amount of RAM needed for a Threat Prevention Appliance?
* 6 GB
* 8 GB with Gaia in 64-bit mode
* 4 GB
* It depends on the number of software blades enabled

4 GB

How well did you know this?

Not at all

Perfectly

When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
* Any size
* Less than 20 GB
* More than 10 GB and less than 20 GB
* At least 20 GB

At least 20 GB

How well did you know this?

Not at all

Perfectly

What is the purpose of a SmartEvent Correlation Unit?
* The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
* The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events
* The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
* The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events

How well did you know this?

Not at all

Perfectly

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
* 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
* 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization
* 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization
* 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization

3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization

How well did you know this?

Not at all

Perfectly

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
* Detects and blocks malware by correlating multiple detection engines before users are affected
* Configure rules to limit the available network bandwidth for specified users or groups
* Use UserCheck to help users understand that certain websites are against the company’s security policy
* Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels

Detects and blocks malware by correlating multiple detection engines before users are affected

How well did you know this?

Not at all

Perfectly

Which is the suitable command to check whether Drop Templates are activated or not?
* fw ctl get int activate_drop_templates
* fwaccel stat
* fwaccel stats
* fw ctl templates -d

fwaccel stat

How well did you know this?

Not at all

Perfectly

You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first to run management API commands on GAIA’s shell?
* mgmt admin admin@teabag > id.txt
* mgmt login
* login user admin password teabag
* mgmt_cli login user "admin" password "teabag" > id.txt

mgmt_cli login user "admin" password "teabag" > id.txt

How well did you know this?

Not at all

Perfectly

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster
* Symmetric routing
* Failovers
* Asymmetric routing
* Anti-Spoofing

Asymmetric routing

How well did you know this?

Not at all

Perfectly

How can SmartView Web application be accessed?
* https://<Security Management IP Address>/smartview
* https://<Security Management IP Address>:4434/smartview/
* https://<Sercurity Management IP Address>/smartview/
* https://<Security Management IP host name>:4434/smartview/

https://<Sercurity Management IP Address>/smartview/

How well did you know this?

Not at all

Perfectly

Which command can you use to enable or disable multi-queue per interface?
* cpmq set
* cpmqueue set
* cpmq config
* set cpmq enable

cpmq set

How well did you know this?

Not at all

Perfectly

What is the most recommended way to install patches and hotfixes?
* CPUSE Check Point Update Service Engine
* rpm -Uv
* Software Update Service
* UnixInstallScript

CPUSE Check Point Update Service Engine

How well did you know this?

Not at all

Perfectly

Advanced Security Checkups can be easily conducted within:
* Reports
* Advanced
* Checkups
* Views

Reports

How well did you know this?

Not at all

Perfectly

Which of the following authentication methods ARE NOT used for Mobile Access?
* RADIUS server
* Username and password (internal, LDAP)
* SecureID
* TACACS+

TACACS+

How well did you know this?

Not at all

Perfectly

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput
* This statement is true because SecureXL does improve all traffic
* This statement is false because SecureXL does not improve this traffic but CoreXL does
* This statement is true because SecureXL does improve this traffic
* This statement is false because encrypted traffic cannot be inspected

This statement is true because SecureXL does improve this traffic

How well did you know this?

Not at all

Perfectly

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
* 20 minutes
* 15 minutes
* Admin account cannot be unlocked automatically
* 30 minutes at least

30 minutes at least

How well did you know this?

Not at all

Perfectly

What is the command to see cluster status in cli expert mode?
* fw ctl stat
* clusterXL stat
* clusterXL status
* cphaprob stat

cphaprob stat

How well did you know this?

Not at all

Perfectly

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
* test_connectivity_ad -d <domain>
* test_ldap_connectivity -d <domain>
* test_ad_connectivity -d <domain>
* ad_connectivity_test -d <domain>

test_ad_connectivity -d <domain>

How well did you know this?

Not at all

Perfectly

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using:
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, the need to install the SSL Network Extender
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additinal software is required
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender

How well did you know this?

Not at all

Perfectly

What is the limitation of employing Sticky Decision Function? * With SDF enabled, the involved VPN Gateways only supports IKEv1 * Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF * With SDF enabled, only ClusterXL in legacy mode is supported * With SDF enabled, you can only have three Sync interfaces at most

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

When defining Qos global properties, which option below is NOT valid? * Weight * Authenticated timeout * Schedule * Rate

Schedule

There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct? * Using Web Services * Using Mgmt_cli tool * Using CLISH * Using SmartConsole GUI console

Using CLISH

What is the SOLR database for? * Used for full text search and enables powerful matching capabilities * Writes data to the database and full text search * Serves GUI responsible to transfer request to the DLEserver * Enables powerful matching capabilities and writes data to the database

Used for full text search and enables powerful matching capabilities

What is the best sync method in the ClusterXL deployment? * Use 1 cluster + 1st sync * Use 1 dedicated sync interface * Use 3 clusters + 1st sync + 2nd sync + 3rd sync * Use 2 clusters + 1st sync + 2nd sync

Use 1 dedicated sync interface

To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer. * `fw ctl set int fwha vmac global param enabled` * `fw ctl get int fwha vmac global param enabled; result of command should return value 1` * `cphaprob -a if` * `fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1`

`fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1`

# [](http://) What must you do first if "fwm sic_reset" could not be completed? * cpstop then find keyword "certificate" in objects_5_0.C and delete the section * Reinitialize SIC on the security gateway then Run "fw unloadlocal" * Reset SIC from Smart Dashboard * Change internal CA via cpconfig

cpstop then find keyword "certificate" in objects_5_0.C and delete the section

The SmartEvent R80 Web application for real-time event monitoring is called: * SmartView Monitor * SmartEventWeb * There is no Web application for SmartEvent * SmartView

SmartView

# [](http://) What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? * Anti-Bot is the only countermeasure against unknown malware * Anti-Bot is the only protection mechanisms which starts a counter-attack against known Command & Control Centers * Anti-Bot is the only signature-based method of malware protection * Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

What is the command to show SecureXL status? * `fwaccel status` * `fwaccel stats -m` * `fwaccel -s` * `fwaccel stat`

``` fwaccel stat ```

How often does Threat Emulation download packages by default? * Once a week * Once an hour * Twice per day * Once per day

Once per day

Several users report that the Mobile Access portal is not responding. Where would you check core dump files? * `/var/log/dump/MAB` * `/var/log/modules/MAB` * `/var/log/dump/usermode/` * `$FWDIR/log/MAB`

``` /var/log/dump/usermode/ ```

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following? * Secure Internal Communication (SIC) * Restart Daemons if they fail * Transfers messages between Firewall processes * Pulls application monitoring status

Restart Daemons if they fail

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection? * Smart Cloud Services * Load Sharing Mode Services * Threat Agent Solution * Public Cloud Services

Public Cloud Services

What are the available options for downloading Check Point hotfixes in Gaia WebUI (CPUSE)? * Manually, Scheduled, Automatic * Update Now, Schedule Update, Offline Update * Update Automatically, Update Now, Disable Update * Manual Update, Disable Update, Automatic Update

Manually, Scheduled, Automatic

What scenario indicates that SecureXL is enabled? * Dynamic objects are available in the object Explorer * SecureXL can be disaabled in cpconfig * fwaccel commands can be used in clish * Only one packet in a stream is seen in a fw monitor packet capture

Only one packet in a stream is seen in a fw monitor packet capture

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is `________` . * Sent to the Internal Certificate Authority. * Sent to the Security Administrator. * Stored on the Security Management Server. * Stored on the Certificate Revocation List.

Stored on the Certificate Revocation List.

To fully enable Dynamic Dispatcher on a Security Gateway: * run fw ctl multik set_mode 9 in Expert mode and then Reboot. * Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu. * Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. * run fw multik set_mode 1 in Expert mode and then reboot.

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway. * True, CLI is the prefer method for Licensing * False, Central License are handled via Security Management Server * False, Central Licenses are installed via Gaia on Security Gateways * True, Central License can be installed with CPLIC command on a Security Gateway

True, Central License can be installed with CPLIC command on a Security Gateway

You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor. Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users? * IPS AND Application Control * IPS, anti-virus and anti-bot * IPS, anti-virus and e-mail security * SandBlast

SandBlast

Which of the following is NOT an attribute of packet acceleration? * Source address * Protocol * Destination port * VLAN Tag

VLAN Tag

Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them? * Auditor * Read Only All * Super User * Full Access

Read Only All

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status? * $FWDIR/database/fwauthd.conf * $FWDIR/conf/fwauth.conf * $FWDIR/conf/fwauthd.conf * $FWDIR/state/fwauthd.conf

$FWDIR/conf/fwauthd.conf

When using the Mail Transfer Agent, where are the debug logs stored? * $FWDIR/bin/emaild.mta. elg * $FWDIR/log/mtad elg * /var/log/mail.mta elg * $CPDIR/log/emaild elg

$FWDIR/bin/emaild.mta. elg

What has to be taken into consideration when configuring Management HA? * The Database revisions will not be synchronized between the management servers * SmartConsole must be closed prior to synchronized changes in the objects database * If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections. * For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

The Database revisions will not be synchronized between the management servers

Which command can you use to verify the number of active concurrent connections? * `fw conn all` * `fw ctl pstat` * `show all connections` * `show connections`

``` fw ctl pstat ```

What needs to be configured if the NAT property 'Translate destination or client side' is not enabled in Global Properties? * A host route to route to the destination IP. * Use the file local.arp to add the ARP entries for NAT to work. * Nothing, the Gateway takes care of all details necessary. * Enabling 'Allow bi-directional NAT' for NAT to work correctly.

Nothing, the Gateway takes care of all details necessary.

What component of R81 Management is used for indexing? * DBSync * API Server * fwm * SOLR

fwm

Which 3 types of tracking are available for Threat Prevention Policy? * SMS Alert, Log, SNMP alert * Syslog, None, User-defined scripts * None, Log, Syslog * Alert, SNMP trap, Mail

Syslog, None, User-defined scripts

You had setup the VPN Community VPN-Stores with 3 gateways. There are some issues with one remote gateway (1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways * action:"Key Install" AND 1.1.1.1 AND Main Mode * action:"Key Install- AND 1.1.1.1 AND Quick Mode * Blade:"VPN" AND VPN-Stores AND Main Mode * Blade:"VPN" AND VPN-Stores AND Quick Mode

Blade:"VPN" AND VPN-Stores AND Main Mode

By default, which port does the WebUI listen on? * 80 * 4434 * 443 * 8080

443

How many policy layers do Access Control policy support? * 2 * 4 * 1 * 3

2 ## Footnote Two policy layers: - Network Policy Layer - Application Control Policy Layer

Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade? * The Standby Member * The Active Member * The Primary Member * The Secondary Member

The Standby Member

Which command would disable a Cluster Member permanently? * clusterXL_admin down * cphaprob_admin down * clusterXL_admin down-p * set clusterXL down-p

clusterXL_admin down-p

What are the blades of Threat Prevention? * IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction * DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction * IPS, AntiVirus, AntiBot * IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

What is UserCheck? * Messaging tool used to verify a user's credentials * Communication tool used to inform a user about a website or application they are trying to access. * Administrator tool used to monitor users on their network * Communication tool used to notify an administrator when a new user is created

Communication tool used to inform a user about a website or application they are trying to access.

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities? * All Connections (Clear or Encrypted) * Accept all encrypted traffic * Specific VPN Communities * All Site-to-Site VPN Communities

Accept all encrypted traffic

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time. * False, this feature has to be enabled in the Global Properties. * True, every administrator works in a session that is independent of the other administrators. * True, every administrator works on a different database that is independent of the other administrators. * False, only one administrator can login with write permission.

True, every administrator works in a session that is independent of the other administrators.

Which command is used to display status information for various components? * `show all systems` * `show system messages` * `sysmess all` * `show sysenv all`

``` show sysenv all ```

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every * 15 sec * 60 sec * 5 sec * 30 sec

60 sec

When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud? * ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data * ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments * ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud * ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

What is the valid range for VRID value in VRRP configuration? * 1 - 254 * 1 - 255 * 0 - 254 * 0 - 255

1 - 255 ## Footnote Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.

What is the default shell of Gaia CLI? * Monitor * CLI.sh * Read-only * Bash

CLI.sh

Connections to the Check Point R81 Web API use what protocol? * HTTPS * RPC * VPN * SIC

HTTPS

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members? * `fw ctl set int fwha vmac global param enabled` * `fw ctl get int vmac global param enabled; result of command should return value 1` *` cphaprob-a if` * `fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1`

``` fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1 ```

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions: * All UDP packets * All IPv6 Traffic * All packets that match a rule whose source or destination is the Outside Corporate Network * CIFS packets

CIFS packets

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? * Security Gateway IP-address cannot be changed without re-establishing the trust. * The Security Gateway name cannot be changed in command line without re-establishing trust. * The Security Management Server name cannot be changed in SmartConsole without reestablishing trust. * The Security Management Server IP-address cannot be changed without re-establishing the trust.

Security Gateway IP-address cannot be changed without re-establishing the trust.

Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI? * host name myHost12 ip-address 10.50.23.90 * mgmt: add host name ip-address 10.50.23.90 * add host name emailserver1 ip-address 10.50.23.90 * mgmt: add host name emailserver1 ip-address 10.50.23.90

mgmt: add host name emailserver1 ip-address 10.50.23.90

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup? * `restore_backup` * `import backup` * `cp_merge` * `migrate import`

migrate import

What are the methods of SandBlast Threat Emulation deployment? * Cloud, Appliance and Private * Cloud, Appliance and Hybrid * Cloud, Smart-1 and Hybrid * Cloud, OpenServer and Vmware

Cloud, Appliance and Private

What are the main stages of a policy installations? * Verification & Compilation, Transfer and Commit * Verification & Compilation, Transfer and Installation * Verification, Commit, Installation * Verification, Compilation & Transfer, Installation

Verification & Compilation, Transfer and Commit

What are the attributes that SecureXL will check after the connection is allowed by Security Policy? * Source address, Destination address, Source port, Destination port, Protocol * Source MAC address, Destination MAC address, Source port, Destination port, Protocol * Source address, Destination address, Source port, Destination port * Source address, Destination address, Destination port, Protocol

Source address, Destination address, Source port, Destination port, Protocol

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component? * None, Security Management Server would be installed by itself. * SmartConsole * SecureClient * Security Gateway * SmartEvent

Security Gateway

Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser? * `https://` * `http://:443` * `https://:10000` * `https://:4434`

`https://`

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated? * The connection is destined for a server within the network * The connection required a Security server * The packet is the second in an established TCP connection * The packets are not multicast

The connection required a Security server

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use? * sim erdos -e 1 * sim erdos - m 1 * sim erdos -v 1 * sim erdos -x 1

sim erdos -e 1

Identify the API that is not supported by Check Point currently. * R81 Management API- * Identity Awareness Web Services API * Open REST API * OPSEC SDK

Open REST API

What is the base level encryption key used by Capsule Docs? * RSA 2048 * RSA 1024 * SHA-256 * AES

RSA 2048

Which of the following is NOT an alert option? * SNMP * High alert * Mail * User defined alert

High alert

# ``` Which of the following is a new R81 Gateway feature that had not been available in R77.X and older? * The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. * Limits the upload and download throughput for streaming media in the company to 1 Gbps. * Time object to a rule to make the rule active only during specified times. * Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Which command is used to obtain the configuration lock in Gaia? * Lock database override * Unlock database override * Unlock database lock * Lock database user

Lock database override

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails? * Check Point Remote User * Check Point Capsule Workspace * Check Point Mobile Web Portal * Check Point Capsule Remote

Check Point Mobile Web Portal

Which of the following is NOT a type of Check Point API available in R81.x? * Identity Awareness Web Services * OPSEC SDK * Mobile Access * Management

Mobile Access

Fill in the blank: Authentication rules are defined for `________` . * User groups * Users using UserCheck * Individual users * All users in the database

User groups

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first? * Host having a Critical event found by Threat Emulation * Host having a Critical event found by IPS * Host having a Critical event found by Antivirus * Host having a Critical event found by Anti-Bot

Host having a Critical event found by Anti-Bot

What traffic does the Anti-bot feature block? * Command and Control traffic from hosts that have been identified as infected * Command and Control traffic to servers with reputation for hosting malware * Network traffic that is directed to unknown or malicious servers * Network traffic to hosts that have been identified as infected

Command and Control traffic from hosts that have been identified as infected

Fill in the blank: A` ________` VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser. * Clientless remote access * Clientless direct access * Client-based remote access * Direct access

Clientless remote access

When using CPSTAT, what is the default port used by the AMON server? * 18191 * 18192 * 18194 * 18190

18192

You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia. What must you do to get SIC to work? * Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this. * Create a rule at the top in the Sydney firewall to allow control traffic from your network * Nothing - Check Point control connections function regardless of Geo-Protection policy * Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Nothing - Check Point control connections function regardless of Geo-Protection policy

What is the difference between an event and a log? * Events are generated at gateway according to Event Policy * A log entry becomes an event when it matches any rule defined in Event Policy * Events are collected with SmartWorkflow form Trouble Ticket systems * Log and Events are synonyms

A log entry becomes an event when it matches any rule defined in Event Policy

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? * Detects and blocks malware by correlating multiple detection engines before users are affected. * Configure rules to limit the available network bandwidth for specified users or groups. * Use UserCheck to help users understand that certain websites are against the company's security policy. * Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Detects and blocks malware by correlating multiple detection engines before users are affected.

Which is NOT an example of a Check Point API? * Gateway API * Management API * OPSC SDK * Threat Prevention API

Gateway API

Which TCP port does the CPM process listen on? * 18191 * 18190 * 8983 * 19009

19009

What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81? * 2 CPU cores, 4GB of RAM and 15GB of disk space * 8 CPU cores, 16GB of RAM and 500 GB of disk space * 4 CPU cores, 8GB of RAM and 500GB of disk space * 8 CPU cores, 32GB of RAM and 1 TB of disk space

4 CPU cores, 8GB of RAM and 500GB of disk space

Which command shows the current connections distributed by CoreXL FW instances? * `fw ctl multik stat` * `fw ctl affinity -l` * `fw ctl instances -v` * `fw ctl iflist`

`fw ctl multik stat`

Which file gives you a list of all security servers in use, including port number? * `$FWDIR/conf/conf.conf` * `$FWDIR/conf/servers.conf` * `$FWDIR/conf/fwauthd.conf` * `$FWDIR/conf/serversd.conf`

`$FWDIR/conf/fwauthd.conf`

Which utility allows you to configure the DHCP service on Gaia from the command line? * `ifconfig` * `dhcp_ofg` * `sysconfig` * `cpconfig`

``` sysconfig ```

# ``` Which is not a blade option when configuring SmartEvent? * Correlation Unit * SmartEvent Unit * SmartEvent Server * Log Server

SmartEvent Unit

How long may verification of one file take for Sandblast Threat Emulation? * up to 1 minutes * within seconds cleaned file will be provided * up to 5 minutes * up to 3 minutes

within seconds cleaned file will be provided

For best practices, what is the recommended time for automatic unlocking of locked admin accounts? * 20 minutes * 15 minutes * Admin account cannot be unlocked automatically * 30 minutes at least

30 minutes at least

What destination versions are supported for a Multi-Version Cluster Upgrade? * R81.40 and later * R76 and later * R70 and Later * R81.10 and Later

R81.10 and Later

What is the default size of NAT table fwx_alloc? * 20000 * 35000 * 25000 * 10000

25000

How can SmartView application accessed? * Error! Hyperlink reference not valid. Management IP Address>/smartview * Error! Hyperlink reference not valid. Management IP Address>:4434/smartview/ * Error! Hyperlink reference is not valid. Management IP Address>/smartview/ * Error! Hyperlink reference not valid. Management host name>:4434/smartview/

Error! Hyperlink reference is not valid. Management IP Address>/smartview/

The `_______` software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware. * Next Generation Threat Prevention * Next Generation Threat Emulation * Next Generation Threat Extraction * Next Generation Firewall

Next Generation Threat Emulation

What is the command to check the status of the SmartEvent Correlation Unit? * `fw ctl get int cpsead_stat` * `cpstat cpsead` * `fw ctl stat cpsemd` * `cp_conf get_stat cpsemd`

`cpstat cpsead`

What a valid SecureXL paths in R81.10? * F2F (Slow path). Templated Path. PQX and F2V * F2F (Slow path). PXL, QXL and F2V * F2F (Slow path), Accelerated Path, PQX and F2V * F2F (Slow path), Accelerated Path, Medium Path and F2V

F2F (Slow path), Accelerated Path, Medium Path and F2V

The Correlation Unit performs all but the following actions: * Marks logs that individually are not events, but may be part of a larger pattern to be identified later. * Generates an event based on the Event policy. * Assigns a severity level to the event. * Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Assigns a severity level to the event.

While using the Gaia CLI. what is the correct command to publish changes to the management server? * `json publish` * ` mgmt publish` * `mgmtcli commit` * `commit`

`mgmt publish`

The Check Point history feature in R81 provides the following: * View install changes and install specific version * View install changes * Policy Installation Date, view install changes and install specific version * Policy Installation Date only

Policy Installation Date, view install changes and install specific version

Fill in the blank: The R81 utility fw monitor is used to troubleshoot `________` * User data base corruption * LDAP conflicts * Traffic issues * Phase two key negotiations

Traffic issues ## Footnote Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.

What are the services used for Cluster Synchronization? * 256H-CP tor Full Sync and 8116/UDP for Delta Sync * 8116/UDP for Full Sync and Delta Sync * TCP/256 for Full Sync and Delta Sync * No service needed when using Broadcast Mode

TCP/256 for Full Sync and Delta Sync

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel? * Yes, but they need to have a mutually trusted certificate authority * Yes, but they have to have a pre-shared secret key * No, they cannot share certificate authorities * No, Certificate based VPNs are only possible between Check Point devices

Yes, but they need to have a mutually trusted certificate authority

R81.10 management server can manage gateways with which versions installed? * Versions R77 and higher * Versions R76 and higher * Versions R75.20 and higher * Versions R75 and higher

Versions R75.20 and higher

List the four categories (product families) for Check Point APIs.

-CloudGuard -Quantum -Harmony -Infinity

Which Quantum API is used to configure and view the security policies and objects on a Management Server?

Management API

List at least two ways to run Management APIs.

1. CLI (SmartConsole or Gaia) 2. Standalone management tool (mgmt_cli.exe mgmt_cli) 3. Web Services (POST)

How many Primary Security Management Server are supported in a typical Management HA environment?

A Management HA enironment includes one Primary Security Management Server and one or more Secondary Security Management Server

How many Active servers are there at a time in standard Management HA configuration?

In a standard Management HA configuration there is one Active server at a time.

Why might be necessary to make one than one server Active?

There is no connectivity to the primary.

What is the Cluster Control Protocol (CCP)?

The Cluster Control Protocol (CCP) connects and binds the cluster members to each other. It passes synchronization and other information between the cluster members. CCP is used specifically for clustered environments to allow gateways to report their own states and learn about states of other members in the cluster. The CCP maintains a heartbeat between cluster members to ensure that the cluster members are active and processing network traffic. If after a pre-defined time, no message is recieved from a cluster member, that member assumed to be down, and a failover occurs. At this point, another cluster member automatically assumes the functionality of the failed member. In the event that a system failure occurs, ClusterXL ensures data is not lost.

Describe a situation that causes a failover to occur on the Active cluster member.

-Hardware or software fails -Security Policy is not installed -Planned maintenance -Different version -CPU related configuration -Critical process is down -License has issue

Describe what a VMAC is and how it works.

VMAC is a virtual MAC address assigned to a Virtual Router. It is a variation of the High Availability New mode and Load Sharing Unicast mode. Configuring the cluster to use VMAC mode allows all cluster members to use the same Virtual MAC address and minimizes possible traffic outages during a failover. In addition, GARPs for NAT'd addresses are no longer needed.

How many concurrent policy installation tasks can each administrator run?

Five

What are the two database dump modes involved in policy in policy installation?

Legacy and Modern

What type of object is a network object that represents an external service, such as Office 365, AWS, and GEO locations?

Updatable object

What is the purpose of network feed objects?

Enforce feeds that are generated on external HTTP/HTTPS servers.

What identity source is used for identity enforcement for Data Centers and protection of highly sensitive servers when accuracy in detecting identity is crucial?

Identity Agents

What Browser-Based Authentication identity source transparently authenticates users already logged into AD?

Browser-Based Authentication - Transparent Kerberos Authentication

Define **Check Point Certified Security Expert (CCSE)**.

A certification validating expertise in Check Point security solutions and management.

What is the purpose of **SmartConsole**?

It is the primary management interface for Check Point security products.

True or false: **R81.20** is the latest version of Check Point software.

FALSE ## Footnote R81.20 is a recent version, but newer versions may exist.

Fill in the blank: **Threat Prevention** includes ______, antivirus, and anti-bot.

Intrusion Prevention

What does **Identity Awareness** do?

It allows security policies to be enforced based on user identity.

Define **Security Gateway**.

A device that enforces security policies and protects network traffic.

What is the function of **Application Control**?

It manages and controls application usage on the network.

True or false: **VPN** stands for Virtual Private Network.

TRUE

What is the role of **SmartEvent**?

It provides real-time event monitoring and analysis for security incidents.

Fill in the blank: **CPR** stands for _______ Recovery.

Check Point

What does **Central Management** allow?

It enables management of multiple Check Point devices from a single interface.

Define **ClusterXL**.

A technology for high availability and load sharing in Check Point clusters.

What is the purpose of **User Check**?

It provides user awareness and prompts for security actions.

True or false: **IPSec** is a protocol for secure network communications.

TRUE

What is the function of **ThreatCloud**?

It is a global threat intelligence service that enhances security.

Fill in the blank: **NAT** stands for _______ Address Translation.

Network

What does **SmartLog** provide?

It offers detailed logging and reporting for security events.

Define **Security Policy**.

A set of rules that defines how security is enforced in a network.

What is the role of **Anti-Bot**?

It detects and prevents botnet-related activities on the network.

True or false: **SSL VPN** provides secure remote access.

TRUE

What is the purpose of **Compliance Blade**?

It helps organizations meet regulatory compliance requirements.

Fill in the blank: **URL Filtering** restricts access to _______ websites.

inappropriate

What does **R81.20** improve over previous versions?

Enhanced performance, security features, and management capabilities.

Define **Log Exporter**.

A tool for exporting logs to external systems for analysis.

What is the function of **Mobile Access**?

It enables secure access to corporate resources from mobile devices.

True or false: **Check Point** only provides firewall solutions.

FALSE ## Footnote Check Point offers a wide range of security products.

What is the purpose of extended master key extension/session hash? (A). UDP VOIP protocol extension (B). In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication (C). Special TCP handshaking extension (D). Supplement DLP data watermark

(B). In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication

Which firewall daemon is responsible for the FW CLI commands? (A). fwd (B). fwm (C). cpm (D). cpd

(A). fwd

Which command shows the current Security Gateway Firewall chain? (A). show current chain (B). show firewall chain (C). fw ctl chain (D). fw ctl firewall-chain

(C). fw ctl chain

Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI? (A). mgmt_cli add host name "myHost12 ip" address 10.50.23.90 (B). mgmt_cli add host name ip-address 10.50.23.90 (C). mgmt_cli add host "emailserver1" address 10.50.23.90 (D). mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

(D). mgmt_cli add host name "emailserver1" ip-address 10.50.23.90

You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal? (A). set interface eth2 mac-addr 11:11:11:11:11:11; CLISH (B). ifconfig eth1 hw 11:11:11:11:11:11; expert (C). set interface eth2 hw-addr 11:11:11:11:11:11; CLISH (D). ethtool -i eth2 mac 11:11:11:11:11:11; expert

(A). set interface eth2 mac-addr 11:11:11:11:11:11; CLISH

SandBlast agent extends 0 day prevention to what part of the network? (A). Web Browsers and user devices (B). DMZ server (C). Cloud (D). Email servers

(A). Web Browsers and user devices

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API? (A). SOAP (B). REST (C). XLANG (D). XML-RPC

(B). REST The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX? (A). Application and Client Service (B). Network and Application (C). Network and Layers (D). Virtual Adapter and Mobile App

(B). Network and Application

Which statement is NOT TRUE about Delta synchronization? (A). Using UDP Multicast or Broadcast on port 8161 (B). Using UDP Multicast or Broadcast on port 8116 (C). Quicker than Full sync (D). Transfers changes in the Kernel tables between cluster members.

(A). Using UDP Multicast or Broadcast on port 8161

How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade? (A). 1 (B). 3 (C). 2 (D). 4

(B). 3

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel? (A). Specific VPN Communities (B). Remote Access VPN Switch (C). Mobile Access VPN Domain (D). Network Access VPN Domain

(B). Remote Access VPN Switch

What will SmartEvent automatically define as events? (A). Firewall (B). VPN (C). IPS (D). HTTPS

(C). IPS

Office mode means that: (A). SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client. (B). Users authenticate with an Internet browser and use secure HTTPS connection. (C). Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user. (D). Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

(D). Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Which of the following Central Deployment is NOT a limitation in R81.10 SmartConsole? (A). Security Gateway Clusters in Load Sharing mode (B). Dedicated Log Server (C). Dedicated SmartEvent Server (D). Security Gateways/Clusters in ClusterXL HA new mode

(A). Security Gateway Clusters in Load Sharing mode

Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port? (A). set web ssl-port (B). set Gaia-portal port (C). set Gaia-portal https-port (D). set web https-port

(A). set web ssl-port

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose? (A). Eliminate all possible contradictory rules such as the Stealth or Cleanup rules. (B). Create a separate Security Policy package for each remote Security Gateway. (C). Create network objects that restricts all applicable rules to only certain networks. (D). Run separate SmartConsole instances to login and configure each Security Gateway directly.

(B). Create a separate Security Policy package for each remote Security Gateway.

What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution? (A). Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. (B). Security Gateway failover as well as Security Management Server failover is a manual procedure. (C). Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure. (D). Security Gateway failover as well as Security Management Server failover is an automatic procedure.

(A). Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

What is the purpose of the command "ps aux | grep twd"? (A). You can check the Process ID and the processing time of the twd process. (B). You can convert the log file into Post Script format. (C). You can list all Process IDs for all running services. (D). You can check whether the IPS default setting is set to Detect or Prevent mode

(A). You can check the Process ID and the processing time of the twd process.

John detected high load on sync interface. Which is most recommended solution? (A). For FTP connections - do not sync (B). Add a second interface to handle sync traffic (C). For short connections like http service - do not sync (D). For short connections like icmp service - delay sync for 2 seconds

(A). For FTP connections - do not sync

What is the protocol and port used for Health Check and State Synchronization in ClusterXL? (A). CCP and 18190 (B). CCP and 257 (C). CCP and 8116 (D). CPC and 8116

(C). CCP and 8116

What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures"? (A). S (B). W (C). C (D). Space bar

(C). C

If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.) (A). Publish or discard the session. (B). Revert the session. (C). Save and install the Policy. (D). Delete older versions of database.

(A). Publish or discard the session.

What cloud-based SandBlast Mobile application is used to register new devices and users? (A). Check Point Protect Application (B). Management Dashboard (C). Behavior Risk Engine (D). Check Point Gateway

(D). Check Point Gateway

When attempting to start a VPN tunnel, in the logs the error "no proposal chosen" is seen numerous times. No other VPN-related entries are present. Which phase of the VPN negotiations has failed? (A). IKE Phase 1 (B). IPSEC Phase 2 (C). IPSEC Phase 1 (D). IKE Phase 2

(A). IKE Phase 1

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. (A). Symmetric routing (B). Failovers (C). Asymmetric routing (D). Anti-Spoofing

(C). Asymmetric routing

What is a best practice before starting to troubleshoot using the "fw monitor" tool? (A). Run the command: fw monitor debug on (B). Clear the connections table (C). Disable CoreXL (D). Disable SecureXL

(D). Disable SecureXL

When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control? (A). RADIUS (B). Remote Access and RADIUS (C). AD Query (D). AD Query and Browser-based Authentication

(D). AD Query and Browser-based Authentication

What is the recommended way to have a redundant Sync connection between the cluster nodes? (A). In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces without using a switch. (B). Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync interface. (C). In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to connect both Sync interfaces. (D). Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

(A). In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces without using a switch.

Which command can you use to enable or disable multi-queue per interface? (A). cpmq set (B). Cpmqueue set (C). Cpmq config (D). St cpmq enable

(A). cpmq set

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count. (A). Better understand the behavior of the Access Control Policy (B). Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base (C). Automatically rearrange Access Control Policy based on Hit Count Analysis (D). Analyze a Rule Base - You can delete rules that have no matching connections

(C). Automatically rearrange Access Control Policy based on Hit Count Analysis

Which options are given on features, when editing a Role on Gaia Platform? (A). Read/Write, Read Only (B). Read/Write, Read Only, None (C). Read/Write, None (D). Read Only, None

(B). Read/Write, Read Only, None

Which is the least ideal Synchronization Status for Security Management Server High Availability deployment? (A). Synchronized (B). Never been synchronized (C). Lagging (D). Collision

(D). Collision

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers? (A). UserCheck (B). Active Directory Query (C). Account Unit Query (D). User Directory Query

(B). Active Directory Query

The "MAC magic" value must be modified under the following condition: (A). There is more than one cluster connected to the same VLAN (B). A firewall cluster is configured to use Multicast for CCP traffic (C). There are more than two members in a firewall cluster (D). A firewall cluster is configured to use Broadcast for CCP traffic

(D). A firewall cluster is configured to use Broadcast for CCP traffic

To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction? (A). 5 Network; Host; Objects; Services; API (B). 3 Incoming; Outgoing; Network (C). 2 Internal; External (D). 4 Incoming; Outgoing; Internal; Other

(D). 4 Incoming; Outgoing; Internal; Other

Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire mode configuration, chain modules marked with _______ will not apply. (A). ffffffff (B). 00000001 (C). 00000002 (D). 00000003

(B). 00000001

Which of these is an implicit MEP option? (A). Primary-backup (B). Source address based (C). Round robin (D). Load Sharing

(A). Primary-backup

SmartConsole R81 x requires the following ports to be open for SmartEvent. (A). 19009, 19090 & 443 (B). 19009, 19004 & 18190 (C). 18190 & 443 (D). 19009, 18190 & 443

(D). 19009, 18190 & 443

Which command shows detailed information about VPN tunnels? (A). cat $FWDIR/conf/vpn.conf (B). vpn tu tlist (C). vpn tu (D). cpview

(B). vpn tu tlist

When defining QoS global properties, which option below is not valid? (A). Weight (B). Authenticated timeout (C). Schedule (D). Rate

(D). Rate

What is the default shell for the command line interface? (A). Expert (B). Clish (C). Admin (D). Normal

(B). Clish The default shell of the CLI is called clish

What is the command to show SecureXL status? (A). fwaccel status (B). fwaccel stats -m (C). fwaccel -s (D). fwaccel stat

(D). fwaccel stat To check overall SecureXL status: [Expert@HostName]# fwaccel stat

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply. (A). ffff (B). 1 (C). 3 (D). 2

(D). 2

You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA's shell? (A). mgmt_admin@teabag > id.txt (B). mgmt_login (C). login user admin password teabag (D). mgmt_cli login user "admin" password "teabag" > id.txt

(B). mgmt_login

What command is used to manually failover a Multi-Version Cluster during the upgrade? (A). clusterXL_admin down in Expert Mode (B). clusterXL_admin down in Clish (C). set cluster member state down in Clish (D). set cluster down in Expert Mode

(B). clusterXL_admin down in Clish

Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)? (A). Check Point Security Management HA (Secondary): set cluster member mvc on (B). Check Point Security Gateway Only: set cluster member mvc on (C). Check Point Security Management HA (Primary): set cluster member mvc on (D). Check Point Security Gateway Cluster Member: set cluster member mvc on

(B). Check Point Security Gateway Only: set cluster member mvc on

You need to see which hotfixes are installed on your gateway, which command would you use? (A). cpinfo -h all (B). cpinfo -o hotfix (C). cpinfo -l hotfix (D). cpinfo -y all

(D). cpinfo -y all

Which statement is most correct regarding about "CoreXL Dynamic Dispatcher"? (A). The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses (B). The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores (C). The CoreXL FW instances assignment mechanism is based on IP Protocol type (D). The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type

(B). The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

How can you switch the active log file? (A). Run fw logswitch on the gateway (B). Run fwm logswitch on the Management Server (C). Run fwm logswitch on the gateway (D). Run fw logswitch on the Management Server

(C). Run fwm logswitch on the gateway

You want to verify if your management server is ready to upgrade to R81.10. What tool could you use in this process? (A). migrate export (B). upgrade_tools verify (C). pre_upgrade_verifier (D). migrate import

(C). pre_upgrade_verifier

The log server sends what to the Correlation Unit? (A). Authentication requests (B). CPMI dbsync (C). Logs (D). Event Policy

(C). Logs

Which of the following authentication methods ARE NOT used for Mobile Access? (A). RADIUS server (B). Username and password (internal, LDAP) (C). SecurID (D). TACACS+

(D). TACACS+

What two ordered layers make up the Access Control Policy Layer? (A). URL Filtering and Network (B). Network and Threat Prevention (C). Application Control and URL Filtering (D). Network and Application Control

(D). Network and Application Control

Automation and Orchestration differ in that: (A). Automation relates to codifying tasks, whereas orchestration relates to codifying processes. (B). Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes. (C). Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. (D). Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

(A). Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

From SecureXL perspective, what are the tree paths of traffic flow: (A). Initial Path; Medium Path; Accelerated Path (B). Layer Path; Blade Path; Rule Path (C). Firewall Path; Accept Path; Drop Path (D). Firewall Path; Accelerated Path; Medium Path

(D). Firewall Path; Accelerated Path; Medium Path

Check Point ClusterXL Active/Active deployment is used when: (A). Only when there is Multicast solution set up. (B). There is Load Sharing solution set up. (C). Only when there is Unicast solution set up. (D). There is High Availability solution set up.

(D). There is High Availability solution set up.

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ . (A). On all satellite gateway to satellite gateway tunnels (B). On specific tunnels for specific gateways (C). On specific tunnels in the community (D). On specific satellite gateway to central gateway tunnels

(C). On specific tunnels in the community

Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI. Which command should he use in CLI? (Choose the correct answer.) (A). remove database lock (B). The database feature has one command lock database override. (C). override database lock (D). The database feature has two commands lock database override and unlock database. Both will work.

(D). The database feature has two commands lock database override and unlock database. Both will work.

The back end database for Check Point R81 Management uses: (A). DBMS (B). MongoDB (C). PostgreSQL (D). MySQL

(C). PostgreSQL

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server? (A). IP (B). SIC (C). NAT (D). FQDN

(C). NAT

Which of the following will NOT affect acceleration? (A). Connections destined to or originated from the Security gateway (B). A 5-tuple match (C). Multicast packets (D). Connections that have a Handler (ICMP, FTP, H.323, etc.)

(B). A 5-tuple match

Which Check Point feature enables application scanning and the detection? (A). Application Dictionary (B). AppWiki (C). Application Library (D). CPApp

(B). AppWiki

Which is NOT a SmartEvent component? (A). SmartEvent Server (B). Correlation Unit (C). Log Consolidator (D). Log Server

(C). Log Consolidator

Which command would you use to set the network interfaces' affinity in Manual mode? (A). sim affinity -m (B). sim affinity -l (C). sim affinity -a (D). sim affinity -s

(D). sim affinity -s

To optimize Rule Base efficiency, the most hit rules should be where? (A). Removed from the Rule Base. (B). Towards the middle of the Rule Base. (C). Towards the top of the Rule Base. (D). Towards the bottom of the Rule Base.

(C). Towards the top of the Rule Base.

What SmartEvent component creates events? (A). Consolidation Policy (B). Correlation Unit (C). SmartEvent Policy (D). SmartEvent GUI

(B). Correlation Unit

When synchronizing clusters, which of the following statements is FALSE? (A). The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized. (B). Only cluster members running on the same OS platform can be synchronized. (C). In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization. (D). Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

(D). Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect. Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1. (A). set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config (B). set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config (C). set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config (D). set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

(A). set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.10. Company's Developer Team is having random access issue to newly deployed Application Server in DMZ's Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an investigation. Pamela decides to use Check Point's Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window. What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic? (A). Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures. (B). Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures. (C). Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic. (D). Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

(A). Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

Which directory below contains log files? (A). /opt/CPSmartlog-R81/log (B). /opt/CPshrd-R81/log (C). /opt/CPsuite-R81/fw1/log (D). /opt/CPsuite-R81/log

(C). /opt/CPsuite-R81/fw1/log

What scenario indicates that SecureXL is enabled? (A). Dynamic objects are available in the Object Explorer (B). SecureXL can be disabled in cpconfig (C). fwaccel commands can be used in clish (D). Only one packet in a stream is seen in a fw monitor packet capture

(C). fwaccel commands can be used in clish

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources? (A). The corresponding feature is new to R81.10 and is called "Management Data Plane Separation" (B). The corresponding feature is called "Dynamic Dispatching" (C). There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing. (D). The corresponding feature is called "Dynamic Split"

(D). The corresponding feature is called "Dynamic Split"

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request? (A). /opt/CPshrd-R81/conf/local.arp (B). /var/opt/CPshrd-R81/conf/local.arp (C). $CPDIR/conf/local.arp (D). $FWDIR/conf/local.arp

(D). $FWDIR/conf/local.arp

Which command is used to set the CCP protocol to Multicast? (A). cphaprob set_ccp multicast (B). cphaconf set_ccp multicast (C). cphaconf set_ccp no_broadcast (D). cphaprob set_ccp no_broadcast

(B). cphaconf set_ccp multicast

Which application should you use to install a contract file? (A). SmartView Monitor (B). WebUI (C). SmartUpdate (D). SmartProvisioning

(C). SmartUpdate

Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from? (A). R76 Splat (B). R77.X Gaia (C). R75 Splat (D). R75 Gaia

(D). R75 Gaia

What happen when IPS profile is set in Detect Only Mode for troubleshooting? (A). It will generate Geo-Protection traffic (B). Automatically uploads debugging logs to Check Point Support Center (C). It will not block malicious traffic (D). Bypass licenses requirement for Geo-Protection control

(C). It will not block malicious traffic It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic. During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

Which Check Point software blade provides protection from zero-day and undiscovered threats? (A). Firewall (B). Threat Emulation (C). Application Control (D). Threat Extraction

(B). Threat Emulation

GAiA Software update packages can be imported and installed offline in situation where: (A). Security Gateway with GAiA does NOT have SFTP access to Internet (B). Security Gateway with GAiA does NOT have access to Internet. (C). Security Gateway with GAiA does NOT have SSH access to Internet. (D). The desired CPUSE package is ONLY available in the Check Point CLOUD.

(B). Security Gateway with GAiA does NOT have access to Internet.

Which command will reset the kernel debug options to default settings? (A). fw ctl dbg -a 0 (B). fw ctl dbg resetall (C). fw ctl debug 0 (D). fw ctl debug set 0

(C). fw ctl debug 0

Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is: (A). 224.0.0.18 (B). 224 00 5 (C). 224.0.0.102 (D). 224.0.0.22

(A). 224.0.0.18

Which two of these Check Point Protocols are used by SmartEvent Processes? (A). ELA and CPD (B). FWD and LEA (C). FWD and CPLOG (D). ELA and CPLOG

(D). ELA and CPLOG

What is mandatory for ClusterXL to work properly? (A). The number of cores must be the same on every participating cluster node (B). The Magic MAC number must be unique per cluster node (C). The Sync interface must not have an IP address configured (D). If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members

(B). The Magic MAC number must be unique per cluster node

Which of the following is NOT a type of Endpoint Identity Agent? (A). Terminal (B). Light (C). Full (D). Custom

(A). Terminal

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following? (A). Secure Internal Communication (SIC) (B). Restart Daemons if they fail (C). Transfers messages between Firewall processes (D). Pulls application monitoring status

(D). Pulls application monitoring status

Main Mode in IKEv1 uses how many packages for negotiation? (A). 4 (B). depends on the make of the peer gateway (C). 3 (D). 6

(D). 6

You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use? (A). Check Point Capsule Cloud (B). Sandblast Mobile Protect (C). SecuRemote (D). SmartEvent Client Info

(B). Sandblast Mobile Protect SandBlast Mobile Protect is a lightweight app for iOS and Android that gathers data and helps analyze threats to devices in your environment.

When gathering information about a gateway using CPINFO, what information is included or excluded when using the "-x" parameter? (A). Includes the registry (B). Gets information about the specified Virtual System (C). Does not resolve network addresses (D). Output excludes connection table

(B). Gets information about the specified Virtual System

What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)? (A). Manually, Scheduled, Automatic (B). Manually, Automatic, Disabled (C). Manually, Scheduled, Disabled (D). Manually, Scheduled, Enabled

(A). Manually, Scheduled, Automatic

Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all the following except: (A). Create new dashboards to manage 3rd party task (B). Create products that use and enhance 3rd party solutions (C). Execute automated scripts perform common tasks (D). Create products that use and enhance the Check Point Solution

(A). Create new dashboards to manage 3rd party task Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to: * Use an automated script to perform common tasks * Integrate Check Point products with 3rd party solutions * Create products that use and enhance the Check Point solution

The SmartEvent R81 Web application for real-time event monitoring is called: (A). SmartView Monitor (B). SmartEventWeb (C). There is no Web application for SmartEvent (D). SmartView

(B). SmartEventWeb

What is the SOLR database for? (A). Used for full text search and enables powerful matching capabilities (B). Writes data to the database and full text search (C). Serves GUI responsible to transfer request to the DLE server (D). Enables powerful matching capabilities and writes data to the database

(A). Used for full text search and enables powerful matching capabilities

What is true of the API server on R81.10? (A). By default the API-server is activated and does not have hardware requirements. (B). By default the API-server is not active and should be activated from the WebUI. (C). By default the API server is active on management and stand-alone servers with 16GB of RAM (or more). (D). By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

(D). By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Which process handles connection from SmartConsole R81? (A). fwm (B). cpmd (C). cpm (D). cpd

(C). cpm

In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway? (A). Pentagon (B). Combined (C). Meshed (D). Star

(D). Star

What are possible Automatic Reactions in SmartEvent? (A). Mail. SNMP Trap, Block Source. Block Event Activity, External Script (B). Web Mail. Block Destination, SNMP Trap. SmartTask (C). Web Mail, Block Service. SNMP Trap. SmartTask, Geo Protection (D). Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script

(C). Web Mail, Block Service. SNMP Trap. SmartTask, Geo Protection

Which of the following statements is TRUE about R81 management plug-ins? (A). The plug-in is a package installed on the Security Gateway. (B). Installing a management plug-in requires a Snapshot, just like any upgrade process. (C). A management plug-in interacts with a Security Management Server to provide new features and support for new products. (D). Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

(C). A management plug-in interacts with a Security Management Server to provide new features and support for new products.

What is the main difference between Threat Extraction and Threat Emulation? (A). Threat Emulation never delivers a file and takes more than 3 minutes to complete. (B). Threat Extraction always delivers a file and takes less than a second to complete. (C). Threat Emulation never delivers a file that takes less than a second to complete. (D). Threat Extraction never delivers a file and takes more than 3 minutes to complete.

(B). Threat Extraction always delivers a file and takes less than a second to complete.

Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first? (A). Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start". (B). Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start" (C). Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start" (D). Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".

(C). Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"

Which component is NOT required to communicate with the Web Services API? (A). API key (B). session ID token (C). content-type (D). Request payload

(A). API key

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ . (A). User Directory (B). Captive Portal and Transparent Kerberos Authentication (C). Captive Portal (D). UserCheck

(B). Captive Portal and Transparent Kerberos Authentication

Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization. (A). cpm (B). fwd (C). cpd (D). fwm

(D). fwm

Which software blade does NOT accompany the Threat Prevention policy? (A). Anti-virus (B). IPS (C). Threat Emulation (D). Application Control and URL Filtering

(D). Application Control and URL Filtering

Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ . (A). Firewall policy install (B). Threat Prevention policy install (C). Anti-bot policy install (D). Access Control policy install

(C). Anti-bot policy install

What solution is Multi-queue intended to provide? (A). Improve the efficiency of traffic handling by SecureXL SNDs (B). Reduce the confusion for traffic capturing in FW Monitor (C). Improve the efficiency of CoreXL Kernel Instances (D). Reduce the performance of network interfaces

(C). Improve the efficiency of CoreXL Kernel Instances

Fill in the blank: __________ information is included in "Full Log" tracking option, but is not included in "Log" tracking option? (A). Destination port (B). Data type (C). File attributes (D). Application

(B). Data type

Which of these statements describes the Check Point ThreatCloud? (A). Blocks or limits usage of web applications (B). Prevents or controls access to web sites based on category (C). Prevents Cloud vulnerability exploits (D). A worldwide collaborative security network

(D). A worldwide collaborative security network

What is the amount of Priority Queues by default? (A). There are 8 priority queues and this number cannot be changed. (B). There is no distinct number of queues since it will be changed in a regular basis based on its system requirements. (C). There are 7 priority queues by default and this number cannot be changed. (D). There are 8 priority queues by default, and up to 8 additional queues can be manually configured

(D). There are 8 priority queues by default, and up to 8 additional queues can be manually configured

Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made? (A). Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work. (B). Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. (C). Tom's changes will be lost since he lost connectivity and he will have to start again. (D). Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

(A). Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Which of the following describes how Threat Extraction functions? (A). Detect threats and provides a detailed report of discovered threats. (B). Proactively detects threats. (C). Delivers file with original content (D). Delivers PDF versions of original files with active content removed

(B). Proactively detects threats.

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores. How many cores can be used in a Cluster for Firewall-kernel on the new device? (A). 3 (B). 2 (C). 1 (D). 4

(D). 4

Which of the following commands shows the status of processes? (A). cpwd_admin -l (B). cpwd -l (C). cpwd admin_list (D). cpwd_admin list

(D). cpwd_admin list

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? (A). fw ctl multik dynamic_dispatching on (B). fw ctl multik dynamic_dispatching set_mode 9 (C). fw ctl multik set_mode 9 (D). fw ctl multik pq enable

(C). fw ctl multik set_mode 9

Which Check Point software blade provides Application Security and identity control? (A). Identity Awareness (B). Data Loss Prevention (C). URL Filtering (D). Application Control

(D). Application Control

What is true about VRRP implementations? (A). VRRP membership is enabled in cpconfig (B). VRRP can be used together with ClusterXL, but with degraded performance (C). You cannot have a standalone deployment (D). You cannot have different VRIDs in the same physical network

(C). You cannot have a standalone deployment

Which command collects diagnostic data for analyzing customer setup remotely? (A). cpinfo (B). migrate export (C). sysinfo (D). cpview

(A). cpinfo CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.

Which command will allow you to see the interface status? (A). cphaprob interface (B). cphaprob -I interface (C). cphaprob -a if (D). cphaprob stat

(C). cphaprob -a if

You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3? (A). fw unloadlocal (B). fw unloadpolicy (C). fwm unload local (D). fwm unload policy

(A). fw unloadlocal

What command verifies that the API server is responding? (A). api stat (B). api status (C). show api_status (D). app_get_status

(B). api status

What processes does CPM control? (A). Object-Store, Database changes, CPM Process and web-services (B). web-services, CPMI process, DLEserver, CPM process (C). DLEServer, Object-Store, CP PRocess and database changes (D). web_services, dle_server and object_Store

(D). web_services, dle_server and object_Store

Fill in the blanks: Gaia can be configured using the ______ or _____ . (A). GaiaUI; command line interface (B). WebUI; Gaia Interface (C). Command line interface; WebUI (D). Gaia Interface; GaiaUI

(C). Command line interface; WebUI

If SecureXL is disabled which path is used to process traffic? (A). Passive path (B). Medium path (C). Firewall path (D). Accelerated path

(C). Firewall path

In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct? (A). If the Action of the matching rule is Accept the gateway will drop the packet (B). If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down (C). If the Action of the matching rule is Drop the gateway stops matching against later rules in the Policy Rule Base and drops the packet (D). If the rule does not matched in the Network policy it will continue to other enabled polices

(C). If the Action of the matching rule is Drop the gateway stops matching against later rules in the Policy Rule Base and drops the packet

What is the port used for SmartConsole to connect to the Security Management Server? (A). CPMI port 18191/TCP (B). CPM port/TCP port 19009 (C). SIC port 18191/TCP (D). https port 4434/TCP

(A). CPMI port 18191/TCP

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period. (A). Block Port Overflow (B). Local Interface Spoofing (C). Suspicious Activity Monitoring (D). Adaptive Threat Prevention

(C). Suspicious Activity Monitoring Suspicious Activity Rules Solution Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name 'cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server? (A). SFWDIR/smartevent/conf (B). $RTDIR/smartevent/conf (C). $RTDIR/smartview/conf (D). $FWDIR/smartview/conf

(C). $RTDIR/smartview/conf

When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions: (A). Syslog (B). SNMPTrap (C). Block Source (D). Mail

(B). SNMPTrap

In R81, where do you manage your Mobile Access Policy? (A). Access Control Policy (B). Through the Mobile Console (C). Shared Gateways Policy (D). From the Dedicated Mobility Tab

(A). Access Control Policy

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon? (A). cvpnd_restart (B). cvpnd_restart (C). cvpnd restart (D). cvpnrestart

(B). cvpnd_restart

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed: (A). Rename the hostname of the Standby Security Management Server to Active. (B). Change the Standby Security Management Server to Active (C). Change the Active Security Management Server to Standby (D). Manually synchronize the Active and Standby Security Management Servers

(A). Rename the hostname of the Standby Security Management Server to Active.

Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called: (A). cpexport (B). sysinfo (C). cpsizeme (D). cpinfo

(D). cpinfo

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? (A). UDP port 265 (B). TCP port 265 (C). UDP port 256 (D). TCP port 256

(D). TCP port 256 Synchronization works in two modes: Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256. Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.

Which of the following process pulls application monitoring status? (A). fwd (B). fwm (C). cpwd (D). cpd

(D). cpd

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ . (A). TCP 18211 (B). TCP 257 (C). TCP 4433 (D). TCP 443

(D). TCP 443

What are the modes of SandBlast Threat Emulation deployment? (A). Cloud, Smart-1 and Hybrid (B). Cloud. OpenServer and Vmware (C). Cloud, Appliance and Private (D). Cloud, Appliance and Hybrid

(D). Cloud, Appliance and Hybrid

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI? (A). mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt (B). mgmt_cli add host name "Server_1" ip-address "10.15.123.10" --format json (C). mgmt_cli add object-host "Server_1" ip-address "10.15.123.10" --format json (D). mgmt._cli add object "Server-1" ip-address "10.15.123.10" --format json

(B). mgmt_cli add host name "Server_1" ip-address "10.15.123.10" --format json Example: mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json * "--format json" is optional. By default the output is presented in plain text.

What is Dynamic Balancing? (A). It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput (B). It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load (C). It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate. (D). It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces

(B). It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load

What command can you use to have cpinfo display all installed hotfixes? (A). cpinfo -hf (B). cpinfo -y all (C). cpinfo -get hf (D). cpinfo installed_jumbo

(B). cpinfo -y all

The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used? (A). In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled. (B). In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up (C). In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up (D). In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

(C). In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up

Which command gives us a perspective of the number of kernel tables? (A). fw tab -t (B). fw tab -s (C). fw tab -n (D). fw tab -k

(B). fw tab -s

DLP and Geo Policy are examples of what type of Policy? (A). Standard Policies (B). Shared Policies (C). Inspection Policies (D). Unified Policies

(B). Shared Policies

What are the three components for Check Point Capsule? (A). Capsule Docs, Capsule Cloud, Capsule Connect (B). Capsule Workspace, Capsule Cloud, Capsule Connect (C). Capsule Workspace, Capsule Docs, Capsule Connect (D). Capsule Workspace, Capsule Docs, Capsule Cloud

(D). Capsule Workspace, Capsule Docs, Capsule Cloud

What kind of information would you expect to see using the sim affinity command? (A). The VMACs used in a Security Gateway cluster (B). The involved firewall kernel modules in inbound and outbound packet chain (C). Overview over SecureXL templated connections (D). Network interfaces and core distribution used for CoreXL

(D). Network interfaces and core distribution used for CoreXL

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command? (A). fw ctl sdstat (B). fw ctl affinity -l -a -r -v (C). fw ctl multik stat (D). cpinfo

(B). fw ctl affinity -l -a -r -v

What API command below creates a new host with the name "New Host" and IP address of "192.168.0.10"? (A). new host name "New Host" ip-address "192.168.0.10" (B). set host name "New Host" ip-address "192.168.0.10" (C). create host name "New Host" ip-address "192.168.0.10" (D). add host name "New Host" ip-address "192.168.0.10"

(D). add host name "New Host" ip-address "192.168.0.10"

What statement best describes the Proxy ARP feature for Manual NAT in R81.10? (A). Automatic proxy ARP configuration can be enabled (B). Translate Destination on Client Side should be configured (C). fw ctl proxy should be configured (D). local.arp file must always be configured

(D). local.arp file must always be configured

Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup? (A). Server, SCP, Username, Password, Path, Comment, Member (B). Server, TFTP, Username, Password, Path, Comment, All Members (C). Server, Protocol, Username, Password, Path, Comment, All Members (D). Server, Protocol, username Password, Path, Comment, Member

(C). Server, Protocol, Username, Password, Path, Comment, All Members

Which statement is true about ClusterXL? (A). Supports Dynamic Routing (Unicast and Multicast) (B). Supports Dynamic Routing (Unicast Only) (C). Supports Dynamic Routing (Multicast Only) (D). Does not support Dynamic Routing

(A). Supports Dynamic Routing (Unicast and Multicast)

With SecureXL enabled, accelerated packets will pass through the following: (A). Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device (B). Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device (C). Network Interface Card and the Acceleration Device (D). Network Interface Card, OSI Network Layer, and the Acceleration Device

(C). Network Interface Card and the Acceleration Device

In R81, how do you manage your Mobile Access Policy? (A). Through the Unified Policy (B). Through the Mobile Console (C). From SmartDashboard (D). From the dedicated Mobility Tab

(A). Through the Unified Policy

What Factor preclude Secure XL Templating? (A). Source Port Ranges/Encrypted Connections (B). IPS (C). ClusterXL in load sharing Mode (D). CoreXL

(A). Source Port Ranges/Encrypted Connections

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller? (A). test_connectivity_ad -d (B). test_ldap_connectivity -d (C). test_ad_connectivity -d (D). ad_connectivity_test -d

(C). test_ad_connectivity -d

After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior? (A). "write memory" was not issued on clish (B). changes are only possible via SmartConsole (C). "save config" was not issued in expert mode (D). "save config" was not issued on clish

(A). "write memory" was not issued on clish

Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product's capabilities? (A). Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only (B). For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement. (C). For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support. (D). Workspace can support any application, whereas Connect has a limited number of application types which it will support.

(C). For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.

Which blades and or features are not supported in R81? (A). SmartEvent Maps (B). SmartEvent (C). Identity Awareness (D). SmartConsole Toolbars

(A). SmartEvent Maps

Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events. (A). SmartMonitor (B). SmartView Web Application (C). SmartReporter (D). SmartTracker

(B). SmartView Web Application

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out- of-the-box profiles of: (A). Basic, Optimized, Strict (B). Basic, Optimized, Severe (C). General, Escalation, Severe (D). General, purposed, Strict

(A). Basic, Optimized, Strict

You have existing dbedit scripts from R77. Can you use them with R81.10? (A). dbedit is not supported in R81.10 (B). dbedit is fully supported in R81.10 (C). You can use dbedit to modify threat prevention or access policies, but not create or modify layers (D). dbedit scripts are being replaced by mgmt_cli in R81.10

(D). dbedit scripts are being replaced by mgmt_cli in R81.10

What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI? (A). set config-lock on override (B). Click the Lock icon in the WebUI (C). "set rbac rw =1" (D). lock database override

(C). "set rbac rw =1"

Which SmartConsole tab is used to monitor network and security performance? (A). Manage Setting (B). Security Policies (C). Gateway and Servers (D). Logs and Monitor

(D). Logs and Monitor

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled. Why does it not allow him to specify the pre-shared secret? (A). IPsec VPN blade should be enabled on both Security Gateway. (B). Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway. (C). Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS. (D). The Security Gateways are pre-R75.40.

(C). Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

Which of the following is NOT an internal/native Check Point command? (A). fwaccel on (B). fw ct1 debug (C). tcpdump (D). cphaprob

(C). tcpdump

You can access the ThreatCloud Repository from: (A). R81.10 SmartConsole and Application Wiki (B). Threat Prevention and Threat Tools (C). Threat Wiki and Check Point Website (D). R81.10 SmartConsole and Threat Prevention

(D). R81.10 SmartConsole and Threat Prevention

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? (A). After upgrading the hardware, increase the number of kernel instances using cpconfig (B). Hyperthreading must be enabled in the bios to use CoreXL (C). Run cprestart from dish (D). Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.

(A). After upgrading the hardware, increase the number of kernel instances using cpconfig

What is considered Hybrid Emulation Mode? (A). Manual configuration of file types on emulation location. (B). Load sharing of emulation between an on premise appliance and the cloud. (C). Load sharing between OS behavior and CPU Level emulation. (D). High availability between the local SandBlast appliance and the cloud.

(B). Load sharing of emulation between an on premise appliance and the cloud.

Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81. What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R81? (A). Missing an installed R77.20 Add-on on Security Management Server (B). Unsupported firmware on UTM-1 Edge-W appliance (C). Unsupported version on UTM-1 570 series appliance (D). Unsupported appliances on remote locations

(A). Missing an installed R77.20 Add-on on Security Management Server

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway? (A). SND is a feature to accelerate multiple SSL VPN connections (B). SND is an alternative to IPSec Main Mode, using only 3 packets (C). SND is used to distribute packets among Firewall instances (D). SND is a feature of fw monitor to capture accelerated packets

(C). SND is used to distribute packets among Firewall instances

What is the limitation of employing Sticky Decision Function? (A). With SDF enabled, the involved VPN Gateways only supports IKEv1 (B). Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF (C). With SDF enabled, only ClusterXL in legacy mode is supported (D). With SDF enabled, you can only have three Sync interfaces at most

(B). Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

Which of the following processes pulls the application monitoring status from gateways? (A). cpd (B). cpwd (C). cpm (D). fwm

(A). cpd

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report. (A). infoCP (B). infoview (C). cpinfo (D). fw cpinfo

(C). cpinfo

What state is the Management HA in when both members have different policies/databases? (A). Synchronized (B). Never been synchronized (C). Lagging (D). Collision

(D). Collision

After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file? (A). You will find it in the home directory of your user account (e.g. /home/admin/) (B). You can locate the file via SmartConsole > Command Line. (C). You have to launch the WebUI and go to "Config" -> "Export Config File" and specifiy the destination directory of your local file system. (D). You cannot locate the file in the file system since Clish does not have any access to the bash file system

(D). You cannot locate the file in the file system since Clish does not have any access to the bash file system

Which components allow you to reset a VPN tunnel? (A). vpn tu command or SmartView monitor (B). delete vpn ike sa or vpn she11 command (C). vpn tunnelutil or delete vpn ike sa command (D). SmartView monitor only

(D). SmartView monitor only

GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the: (A). Check Point Update Service Engine (B). Check Point Software Update Agent (C). Check Point Remote Installation Daemon (CPRID) (D). Check Point Software Update Daemon

(A). Check Point Update Service Engine

What is the most recommended way to install patches and hotfixes? (A). CPUSE Check Point Update Service Engine (B). rpm -Uv (C). Software Update Service (D). UnixinstallScript

(A). CPUSE Check Point Update Service Engine

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? (A). Anti-Bot is the only countermeasure against unknown malware (B). Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers (C). Anti-Bot is the only signature-based method of malware protection. (D). Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

(D). Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be? (A). field_name:string (B). name field:string (C). name_field:string (D). field name:string

(A). field_name:string

fwssd is a child process of which of the following Check Point daemons? (A). fwd (B). cpwd (C). fwm (D). cpd

(A). fwd

When simulating a problem on ClusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state? (A). cphaprob -d STOP unregister (B). cphaprob STOP unregister (C). cphaprob unregister STOP (D). cphaprob -d unregister STOP

(A). cphaprob -d STOP unregister Testing a failover in a controlled manner using following command; # cphaprob -d STOP -s problem -t 0 register This will register a problem state on the cluster member this was entered on; If you then run; # cphaprob list this will show an entry named STOP. to remove this problematic register run following; # cphaprob -d STOP unregister

When an encrypted packet is decrypted, where does this happen? (A). Security policy (B). Inbound chain (C). Outbound chain (D). Decryption is not supported

(A). Security policy

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture? (A). Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server. (B). Correlates all the identified threats with the consolidation policy. (C). Collects syslog data from third party devices and saves them to the database. (D). Connects with the SmartEvent Client when generating threat reports.

(A). Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

How often does Threat Emulation download packages by default? (A). Once a week (B). Once an hour (C). Twice per day (D). Once per day

(D). Once per day

At what point is the Internal Certificate Authority (ICA) created? (A). Upon creation of a certificate. (B). During the primary Security Management Server installation process. (C). When an administrator decides to create one. (D). When an administrator initially logs into SmartConsole.

(B). During the primary Security Management Server installation process.

Which Remote Access Client does not provide an Office-Mode Address? (A). SecuRemote (B). Endpoint Security Suite (C). Endpoint Security VPN (D). Check Point Mobile

(A). SecuRemote

The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"? (A). No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert. (B). Yes it will work independently as long as "analyze all rules" tick box is enabled on the Security Gateway. (C). No, it will not work independently because hit count requires all rules to be logged. (D). Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

(D). Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component? (A). Threat Emulation (B). Mobile Access (C). Mail Transfer Agent (D). Threat Cloud

(C). Mail Transfer Agent

Under which file is the proxy arp configuration stored? (A). $FWDIR/state/proxy_arp.conf on the management server (B). $FWDIR/conf/local.arp on the management server (C). $FWDIR/state/_tmp/proxy.arp on the security gateway (D). $FWDIR/conf/local.arp on the gateway

(D). $FWDIR/conf/local.arp on the gateway

Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true? (A). cphaprob-aif (B). cp hap rob state (C). cphaprob list (D). probcpha -a if

(A). cphaprob-aif

What is the Implicit Clean-up Rule? (A). A setting is defined in the Global Properties for all policies. (B). A setting that is configured per Policy Layer. (C). Another name for the Clean-up Rule. (D). Automatically created when the Clean-up Rule is defined.

(C). Another name for the Clean-up Rule.

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment? (A). 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server. (B). 3 Interfaces - an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization. (C). 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization. (D). 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization.

(B). 3 Interfaces - an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

How would you enable VMAC Mode in ClusterXL? (A). Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC (B). fw ctl set int vmac_mode 1 (C). cphaconf vmac_mode set 1 (D). Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC

(A). Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

Which VPN routing option uses VPN routing for every connection a satellite gateway handles? (A). To satellites through center only (B). To center only (C). To center and to other satellites through center (D). To center, or through the center to other satellites, to Internet and other VPN targets

(D). To center, or through the center to other satellites, to Internet and other VPN targets

SandBlast agent extends 0 day prevention to what part of the network? (A). Web Browsers and user devices (B). DMZ server (C). Cloud (D). Email servers

(A). Web Browsers and user devices

What level of CPU load on a Secure Network Distributor would indicate that another may be necessary? (A). Idle <20% (B). USR <20% (C). SYS <20% (D). Wait <20%

(A). Idle <20%

Which of the following is NOT supported by CPUSE? (A). Automatic download of full installation and upgrade packages (B). Automatic download of hotfixes (C). Installation of private hotfixes (D). Offline installations

(D). Offline installations

What is the command to see cluster status in cli expert mode? (A). fw ctl stat (B). clusterXL stat (C). clusterXL status (D). cphaprob stat

(D). cphaprob stat

The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster. (A). ccp (B). cphaconf (C). cphad (D). cphastart

(A). ccp

Which is NOT an example of a Check Point API? (A). Gateway API (B). Management API (C). OPSEC SDK (D). Threat Prevention API

(A). Gateway API

Which command shows actual allowed connections in state table? (A). fw tab -t StateTable (B). fw tab -t connections (C). fw tab -t connection (D). fw tab connections

(B). fw tab -t connections

What is "Accelerated Policy Installation"? (A). Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly (B). Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly (C). Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly (D). Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly

(B). Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client- side logic to Server-side logic. The cpm process: (A). Allow GUI Client and management server to communicate via TCP Port 19001 (B). Allow GUI Client and management server to communicate via TCP Port 18191 (C). Performs database tasks such as creating, deleting, and modifying objects and compiling policy. (D). Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

(C). Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using: (A). HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender. (B). HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender. (C). HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required. (D). HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

(A). HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

What is the difference between SSL VPN and IPSec VPN? (A). IPSec VPN does not require installation of a resilient VPN client. (B). SSL VPN requires installation of a resident VPN client. (C). SSL VPN and IPSec VPN are the same. (D). IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.

(D). IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.

The following command is used to verify the CPUSE version: (A). HostName:0>show installer status build (B). [Expert@HostName:0]#show installer status (C). [Expert@HostName:0]#show installer status build (D). HostName:0>show installer build

(A). HostName:0>show installer status build

Packet acceleration (SecureXL) identifies connections by several attributes- Which of the attributes is NOT used for identifying connection? (A). Source Address (B). Destination Address (C). TCP Acknowledgment Number (D). Source Port

(C). TCP Acknowledgment Number

Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application? (A). IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation. (B). Firewall, IPS, Threat Emulation, Application Control. (C). IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction. (D). Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

(C). IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.

When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application? (A). Basic Approach (B). Strong Approach (C). Very Advanced Approach (D). Medium Approach

(C). Very Advanced Approach

Which packet info is ignored with Session Rate Acceleration? (A). source port ranges (B). source ip (C). source port (D). same info from Packet Acceleration is used

(C). source port

In the R81 SmartConsole, on which tab are Permissions and Administrators defined? (A). Security Policies (B). Logs and Monitor (C). Manage and Settings (D). Gateways and Servers

(C). Manage and Settings

Which command lists firewall chain? (A). fwctl chain (B). fw list chain (C). fw chain module (D). fw tab -t chainmod

(A). fwctl chain

If a "ping"-packet is dropped by FW1 Policy -on how many inspection Points do you see this packet in "fw monitor"? (A). "i", "l" and "o" (B). I don't see it in fw monitor (C). "i" only (D). "i" and "l"

(C). "i" only

Which of the following statements about SecureXL NAT Templates is true? (A). NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled. (B). DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled. (C). NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled. (D). ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

(A). NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

What is the minimum amount of RAM needed for a Threat Prevention Appliance? (A). 6 GB (B). 8GB with Gaia in 64-bit mode (C). 4 GB (D). It depends on the number of software blades enabled

(C). 4 GB

Which of the SecureXL templates are enabled by default on Security Gateway? (A). Accept (B). Drop (C). NAT (D). None

(D). None

What is the name of the secure application for Mail/Calendar for mobile devices? (A). Capsule Workspace (B). Capsule Mail (C). Capsule VPN (D). Secure Workspace

(A). Capsule Workspace

In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category? (A). Limit (B). Resource (C). Custom Application / Site (D). Network Object

(B). Resource

Which process handles connection from SmartConsole R81? (A). fwm (B). cpmd (C). cpm (D). cpd

(C). cpm

In ClusterXL Load Sharing Multicast Mode: (A). only the primary member received packets sent to the cluster IP address (B). only the secondary member receives packets sent to the cluster IP address (C). packets sent to the cluster IP address are distributed equally between all members of the cluster (D). every member of the cluster received all of the packets sent to the cluster IP address

(D). every member of the cluster received all of the packets sent to the cluster IP address

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________. (A). SecureID (B). SecurID (C). Complexity (D). TacAcs

(B). SecurID

UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects? (A). Ask (B). Drop (C). Inform (D). Reject

(D). Reject

SmartConsole R81 requires the following ports to be open for SmartEvent R81 management: (A). 19090,22 (B). 19190,22 (C). 18190,80 (D). 19009,443

(D). 19009,443

What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration? (A). 1-254 (B). 1-255 (C). 0-254 (D). 0 - 255

(B). 1-255

Which statement is correct about the Sticky Decision Function? (A). It is not supported with either the Performance pack of a hardware based accelerator card (B). Does not support SPI's when configured for Load Sharing (C). It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster (D). It is not required L2TP traffic

(A). It is not supported with either the Performance pack of a hardware based accelerator card

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services. (A). DASSERVICE (B). FWD (C). CPVIEWD (D). CPD

(A). DASSERVICE

Which of the following is NOT a VPN routing option available in a star community? (A). To satellites through center only. (B). To center, or through the center to other satellites, to Internet and other VPN targets. (C). To center and to other satellites through center. (D). To center only.

(A). To satellites through center only. (D). To center only.

The Event List within the Event tab contains: (A). a list of options available for running a query. (B). the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list. (C). events generated by a query. (D). the details of a selected event.

(C). events generated by a query.

You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it? (A). A Quantum Spark Appliance is selected as Installation Target for the policy packet. (B). The Mobile Access Blade is not enabled for the Access Control Layer of the policy. (C). The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy. (D). The Mobile Access Blade is not enabled under Gateway properties.

(C). The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy.

What is the benefit of "tw monitor" over "tcpdump"? (A). "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3. (B). "fw monitor" is also available for 64-Bit operating systems. (C). With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump" (D). "fw monitor" can be used from the CLI of the Management Server to collect information from multiple gateways.

(C). With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump"

CoreXL is supported when one of the following features is enabled: (A). Route-based VPN (B). IPS (C). IPv6 (D). Overlapping NAT

(B). IPS

The WebUI offers several methods for downloading hotfixes via CPUSE except: (A). Automatic (B). Force override (C). Manually (D). Scheduled

(B). Force override

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log? (A). Accounting (B). Suppression (C). Accounting/Suppression (D). Accounting/Extended

(C). Accounting/Suppression

Which one of the following is NOT a configurable Compliance Regulation? (A). GLBA (B). CJIS (C). SOCI (D). NCIPA

(C). SOCI

Which GUI client is supported in R81? (A). SmartProvisioning (B). SmartView Tracker (C). SmartView Monitor (D). SmartLog

(C). SmartView Monitor

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________. (A). TCP port 19009 (B). TCP Port 18190 (C). TCP Port 18191 (D). TCP Port 18209

(A). TCP port 19009

Which Check Point daemon monitors the other daemons? (A). fwm (B). cpd (C). cpwd (D). fwssd

(C). cpwd

Which one of the following is true about Threat Emulation? (A). Takes less than a second to complete (B). Works on MS Office and PDF files only (C). Always delivers a file (D). Takes minutes to complete (less than 3 minutes)

(D). Takes minutes to complete (less than 3 minutes)

How many interfaces can you configure to use the Multi-Queue feature? (A). 10 interfaces (B). 3 interfaces (C). 4 interfaces (D). 5 interfaces

(D). 5 interfaces

John detected high load on sync interface. Which is most recommended solution? (A). For short connections like http service - delay sync for 2 seconds (B). Add a second interface to handle sync traffic (C). For short connections like http service - do not sync (D). For short connections like icmp service - delay sync for 2 seconds

(A). For short connections like http service - delay sync for 2 seconds

In what way are SSL VPN and IPSec VPN different? (A). SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless (B). SSL VPN adds an extra VPN header to the packet, IPSec VPN does not (C). IPSec VPN does not support two factor authentication, SSL VPN does support this (D). IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

(D). IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Session unique identifiers are passed to the web api using which http header option? (A). X-chkp-sid (B). Accept-Charset (C). Proxy-Authorization (D). Application

(C). Proxy-Authorization

Which command shows only the table names of all kernel tables? (A). fwtab-t (B). fw tab -s (C). fw tab -n (D). fw tab -k

(A). fwtab-t

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are: (A). ping, traceroute, netstat, and route (B). ping, nslookup, Telnet, and route (C). ping, whois, nslookup, and Telnet (D). ping, traceroute, netstat, and nslookup

(C). ping, whois, nslookup, and Telnet

When performing a minimal effort upgrade, what will happen to the network traffic? (A). All connections that were initiated before the upgrade will be dropped, causing network downtime (B). All connections that were initiated before the upgrade will be handled normally (C). All connections that were initiated before the upgrade will be handled by the standby gateway (D). All connections that were initiated before the upgrade will be handled by the active gateway

(A). All connections that were initiated before the upgrade will be dropped, causing network downtime

You want to store the GAIA configuration in a file for later reference. What command should you use? (A). write mem (B). show config -f (C). save config -o (D). save configuration

(D). save configuration

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? (A). Run cprestart from clish (B). After upgrading the hardware, increase the number of kernel instances using cpconfig (C). Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores (D). Hyperthreading must be enabled in the bios to use CoreXL

(B). After upgrading the hardware, increase the number of kernel instances using cpconfig

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization? (A). cpwd (B). fwd (C). cpd (D). fwm

(D). fwm Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent, It provides the following: - GUI Client communication - Database manipulation - Policy Compilation - Management HA sync

In the Check Point Security Management Architecture, which component(s) can store logs? (A). SmartConsole (B). Security Management Server and Security Gateway (C). Security Management Server (D). SmartConsole and Security Management Server

(B). Security Management Server and Security Gateway

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness? (A). Kerberos Ticket Renewed (B). Kerberos Ticket Requested (C). Account Logon (D). Kerberos Ticket Timed Out

(D). Kerberos Ticket Timed Out

Please choose the path to monitor the compliance status of the Check Point R81.10 based management. (A). Gateways & Servers --> Compliance View (B). Compliance blade not available under R81.10 (C). Logs & Monitor --> New Tab --> Open compliance View (D). Security & Policies --> New Tab --> Compliance View

(C). Logs & Monitor --> New Tab --> Open compliance View

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to? (A). 50% (B). 75% (C). 80% (D). 15%

(D). 15%

Matt wants to upgrade his old Security Management server to R81.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade? (A). Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine (B). Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine (C). Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine (D). Size of the /var/log folder of the target machine must be at least 25GB or more

(B). Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

John is using Management HA. Which Security Management Server should he use for making changes? (A). secondary Smartcenter (B). active SmartConsole (C). connect virtual IP of Smartcenter HA (D). primary Log Server

(B). active SmartConsole

Which statement is true regarding redundancy? (A). System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob -f if command. (B). ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast. (C). Machines in a ClusterXL High Availability configuration must be synchronized. (D). Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

(D). Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and: (A). assign privileges to users. (B). edit the home directory of the user. (C). add users to your Gaia system. (D). assign user rights to their home directory in the Security Management Server.

(D). assign user rights to their home directory in the Security Management Server.

Which features are only supported with R81.10 Gateways but not R77.x? (A). Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies. (B). Limits the upload and download throughput for streaming media in the company to 1 Gbps. (C). The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. (D). Time object to a rule to make the rule active only during specified times.

(C). The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

VPN Link Selection will perform the following when the primary VPN link goes down? (A). The Firewall will drop the packets. (B). The Firewall can update the Link Selection entries to start using a different link for the same tunnel. (C). The Firewall will send out the packet on all interfaces. (D). The Firewall will inform the client that the tunnel is down.

(B). The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

SmartEvent uses it's event policy to identify events. How can this be customized? (A). By modifying the firewall rulebase (B). By creating event candidates (C). By matching logs against exclusions (D). By matching logs against event rules

(D). By matching logs against event rules

How do Capsule Connect and Capsule Workspace differ? (A). Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications. (B). Capsule Workspace can provide access to any application. (C). Capsule Connect provides Business data isolation. (D). Capsule Connect does not require an installed application at client.

(A). Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types. (A). Inspect/Bypass (B). Inspect/Prevent (C). Prevent/Bypass (D). Detect/Bypass

(A). Inspect/Bypass

Fill in the blank: An identity server uses a __________ for user authentication. (A). Shared secret (B). Certificate (C). One-time password (D). Token

(A). Shared secret

Using ClusterXL, what statement is true about the Sticky Decision Function? (A). Can only be changed for Load Sharing implementations (B). All connections are processed and synchronized by the pivot (C). Is configured using cpconfig (D). Is only relevant when using SecureXL

(A). Can only be changed for Load Sharing implementations

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining? (A). Network, and defining your Class A space (B). Topology, and you are defining the Internal network (C). Internal addresses you are defining the gateways (D). Internal network(s) you are defining your networks

(D). Internal network(s) you are defining your networks

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway? (A). logd (B). fwd (C). fwm (D). cpd

(B). fwd

If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly? (A). Nothing - the proxy ARP is automatically handled in the R81 version (B). Add the proxy ARP configurations in a file called /etc/conf/local.arp (C). Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp (D). Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp

(D). Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp

In SmartEvent, what are the different types of automatic reactions that the administrator can configure? (A). Mail, Block Source, Block Event Activity, External Script, SNMP Trap (B). Mail, Block Source, Block Destination, Block Services, SNMP Trap (C). Mail, Block Source, Block Destination, External Script, SNMP Trap (D). Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

(A). Mail, Block Source, Block Event Activity, External Script, SNMP Trap

What is required for a certificate-based VPN tunnel between two gateways with separate management systems? (A). Mutually Trusted Certificate Authorities (B). Shared User Certificates (C). Shared Secret Passwords (D). Unique Passwords

(A). Mutually Trusted Certificate Authorities

What command lists all interfaces using Multi-Queue? (A). cpmq get (B). show interface all (C). cpmq set (D). show multiqueue all

(A). cpmq get

What is the mechanism behind Threat Extraction? (A). This a new mechanism which extracts malicious files from a document to use it as a counter- attack against its sender. (B). This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient. (C). This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring). (D). Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

(D). Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

When users connect to the Mobile Access portal they are unable to open File Shares. Which log file would you want to examine? (A). cvpnd.elg (B). httpd.elg (C). vpnd.elg (D). fw.elg

(A). cvpnd.elg

What are types of Check Point APIs available currently as part of R81.10 code? (A). Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API (B). Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API (C). OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API (D). CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API

(B). Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API

What is the most ideal Synchronization Status for Security Management Server High Availability deployment? (A). Lagging (B). Synchronized (C). Never been synchronized (D). Collision

(B). Synchronized

What is not a component of Check Point SandBlast? (A). Threat Emulation (B). Threat Simulator (C). Threat Extraction (D). Threat Cloud

(B). Threat Simulator

On R81.10 the IPS Blade is managed by: (A). Threat Protection policy (B). Anti-Bot Blade (C). Threat Prevention policy (D). Layers on Firewall policy

(C). Threat Prevention policy

Which of the following is NOT a valid type of SecureXL template? (A). Accept Template (B). Deny template (C). Drop Template (D). NAT Template

(B). Deny template

What is the purpose of the CPCA process? (A). Monitoring the status of processes. (B). Sending and receiving logs. (C). Communication between GUI clients and the SmartCenter server. (D). Generating and modifying certificates.

(D). Generating and modifying certificates.

The Firewall kernel is replicated multiple times, therefore: (A). The Firewall kernel only touches the packet if the connection is accelerated (B). The Firewall can run different policies per core (C). The Firewall kernel is replicated only with new connections and deletes itself once the connection times out (D). The Firewall can run the same policy on all cores.

(D). The Firewall can run the same policy on all cores. On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.

Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway? (A). SandBlast Threat Emulation (B). SandBlast Agent (C). Check Point Protect (D). SandBlast Threat Extraction

(D). SandBlast Threat Extraction

You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization? (A). TCP port 443 (B). TCP port 257 (C). TCP port 256 (D). UDP port 8116

(C). TCP port 256

On what port does the CPM process run? (A). TCP 857 (B). TCP 18192 (C). TCP 900 (D). TCP 19009

(D). TCP 19009

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes? (A). fwd via cpm (B). fwm via fwd (C). cpm via cpd (D). fwd via cpd

(A). fwd via cpm

What is the correct description for the Dynamic Balancing / Split feature? (A). Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark) (B). Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark) (C). Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server) (D). Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

(D). Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

NAT rules are prioritized in which order? 1. Automatic Static NAT 2. Automatic Hide NAT 3. Manual/Pre-Automatic NAT 4. Post-Automatic/Manual NAT rules (A). 1, 2, 3, 4 (B). 1, 4, 2, 3 (C). 3, 1, 2, 4 (D). 4, 3, 1, 2

(A). 1, 2, 3, 4

SmartEvent does NOT use which of the following procedures to identify events: (A). Matching a log against each event definition (B). Create an event candidate (C). Matching a log against local exclusions (D). Matching a log against global exclusions

(C). Matching a log against local exclusions Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events: * Matching a Log Against Global Exclusions * Matching a Log Against Each Event Definition * Creating an Event Candidate * When a Candidate Becomes an Event

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this. What is one of the requirements for his success? (A). Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine (B). Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine (C). Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine (D). Size of the /var/log folder of the target machine must be at least 25GB or more

(B). Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway? (A). Install appliance TE250X on SpanPort on LAN switch in MTA mode. (B). Install appliance TE250X in standalone mode and setup MTA. (C). You can utilize only Check Point Cloud Services for this scenario. (D). It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

(C). You can utilize only Check Point Cloud Services for this scenario.

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot: (A). fw ctl multik set_mode 1 (B). fw ctl Dynamic_Priority_Queue on (C). fw ctl Dynamic_Priority_Queue enable (D). fw ctl multik set_mode 9

(D). fw ctl multik set_mode 9

Both ClusterXL and VRRP are fully supported by Gaia R81.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions? (A). cphaprob stat (B). cphaprob -a if (C). cphaprob -l list (D). cphaprob all show stat

(D). cphaprob all show stat

According to out of the box SmartEvent policy, which blade will automatically be correlated into events? (A). Firewall (B). VPN (C). IPS (D). HTTPS

(C). IPS

What is the benefit of Manual NAT over Automatic NAT? (A). If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy. (B). There is no benefit since Automatic NAT has in any case higher priority over Manual NAT (C). You have the full control about the priority of the NAT rules (D). On IPSO and GAIA Gateways, it is handled in a stateful manner

(C). You have the full control about the priority of the NAT rules

What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days? (A). Use Multi-Domain Management Server. (B). Choose different setting for log storage and SmartEvent db (C). Install Management and SmartEvent on different machines. (D). it is not possible.

(B). Choose different setting for log storage and SmartEvent db

CoreXL is NOT supported when one of the following features is enabled: (Choose three) (A). Route-based VPN (B). IPS (C). IPv6 (D). Overlapping NAT

(A). Route-based VPN (C). IPv6 (D). Overlapping NAT CoreXL does not support Check Point Suite with these features: Check Point QoS (Quality of Service) Route-based VPN IPv6 on IPSO Overlapping NAT

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection? (A). Smart Cloud Services (B). Load Sharing Mode Services (C). Threat Agent Solution (D). Public Cloud Services

(A). Smart Cloud Services

Can multiple administrators connect to a Security Management Server at the same time? (A). No, only one can be connected (B). Yes, all administrators can modify a network object at the same time (C). Yes, every administrator has their own username, and works in a session that is independent of other administrators. (D). Yes, but only one has the right to write.

(C). Yes, every administrator has their own username, and works in a session that is independent of other administrators.

Which Queue in the Priority Queue has the maximum priority? (A). High Priority (B). Control (C). Routing (D). Heavy Data Queue

(D). Heavy Data Queue

You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal? (A). edit fwaffinity.conf; reboot required (B). cpconfig; reboot required (C). edit fwaffinity.conf; reboot not required (D). cpconfig; reboot not required

(B). cpconfig; reboot required

There are multiple types of licenses for the various VPN components and types. License type related to management and functioning of Remote Access VPNs are - which of the following license requirement statement is NOT true: (A). MobileAccessLicense This license is required on the Security Gateway for the following Remote Access solutions (B). EndpointPolicy ManagementLicense The Endpoint Security Suite includes blades other than the Remote Access VPN, hence this license is required to manage the suite (C). Endpoint ContainerLicense The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base (D). IPSecVPNLicense * This license is installed on the VPN Gateway and is a basic requirement for a Remote Access VPN solution

(C). Endpoint ContainerLicense The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are: (A). Dropped without sending a negative acknowledgment (B). Dropped without logs and without sending a negative acknowledgment (C). Dropped with negative acknowledgment (D). Dropped with logs and without sending a negative acknowledgment

(D). Dropped with logs and without sending a negative acknowledgment

What is the least amount of CPU cores required to enable CoreXL? (A). 2 (B). 1 (C). 4 (D). 6

(B). 1

Which of the following is NOT an option to calculate the traffic direction? (A). Incoming (B). Internal (C). External (D). Outgoing

(D). Outgoing

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic? (A). Slow Path (B). Medium Path (C). Fast Path (D). Accelerated Path

(A). Slow Path

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method? (A). Dynamic ID (B). RADIUS (C). Username and Password (D). Certificate

(A). Dynamic ID

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template? (A). Accept Template (B). Deny Template (C). Drop Template (D). NAT Template

(B). Deny Template

There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct? (A). Using Web Services (B). Using Mgmt_cli tool (C). Using CLISH (D). Using SmartConsole GUI console (E). Events are collected with SmartWorkflow from Trouble Ticket systems

(E). Events are collected with SmartWorkflow from Trouble Ticket systems

Besides fw monitor, what is another command that can be used to capture packets? (A). arp (B). traceroute (C). tcpdump (D). ping

(C). tcpdump

Which tool is used to enable ClusterXL? (A). SmartUpdate (B). cpconfig (C). SmartConsole (D). sysconfig

(B). cpconfig

In R81 spoofing is defined as a method of: (A). Disguising an illegal IP address behind an authorized IP address through Port Address Translation. (B). Hiding your firewall from unauthorized users. (C). Detecting people using false or wrong authentication logins (D). Making packets appear as if they come from an authorized IP address.

(D). Making packets appear as if they come from an authorized IP address. IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

Security Checkup Summary can be easily conducted within: (A). Summary (B). Views (C). Reports (D). Checkups

(B). Views

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? (A). Go to clash-Run cpstop | Run cpstart (B). Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway (C). Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores (D). Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

(B). Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway

What is the correct order of the default "fw monitor" inspection points? (A). i, I, o, O (B). 1, 2, 3, 4 (C). i, o, I, O (D). I, i, O, o

(C). i, o, I, O

One of major features in R81 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy? (A). A lock icon shows that a rule or an object is locked and will be available. (B). AdminA and AdminB are editing the same rule at the same time. (C). A lock icon next to a rule informs that any Administrator is working on this particular rule. (D). AdminA, AdminB and AdminC are editing three different rules at the same time.

(C). A lock icon next to a rule informs that any Administrator is working on this particular rule.

Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true: (A). fwaccel suspend (B). fwaccel standby (C). fwaccel off (D). fwaccel templates

(C). fwaccel off

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN? (A). That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager. (B). Fill Layer4 VPN -SSL VPN that gives users network access to all mobile applications. (C). Full Layer3 VPN -IPSec VPN that gives users network access to all mobile applications. (D). You can make sure that documents are sent to the intended recipients only.

(C). Full Layer3 VPN -IPSec VPN that gives users network access to all mobile applications.

If you needed the Multicast MAC address of a cluster, what command would you run? (A). cphaprob -a if (B). cphaconf ccp multicast (C). cphaconf debug data (D). cphaprob igmp

(D). cphaprob igmp

Which of the following is NOT a component of Check Point Capsule? (A). Capsule Docs (B). Capsule Cloud (C). Capsule Enterprise (D). Capsule Workspace

(C). Capsule Enterprise

What is the best sync method in the ClusterXL deployment? (A). Use 1 cluster + 1st sync (B). Use 1 dedicated sync interface (C). Use 3 clusters + 1st sync + 2nd sync + 3rd sync (D). Use 2 clusters +1st sync + 2nd sync

(B). Use 1 dedicated sync interface

When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of: (A). Threat Emulation (B). HTTPS (C). QOS (D). VoIP

(D). VoIP

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network? (A). Big l (B). Little o (C). Little i (D). Big O

(A). Big l

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use? (A). Toni? AND 10.0.4.210 NOT 10.0.4.76 (B). To** AND 10.0.4.210 NOT 10.0.4.76 (C). Ton* AND 10.0.4.210 NOT 10.0.4.75 (D). "Toni" AND 10.0.4.210 NOT 10.0.4.76

(D). "Toni" AND 10.0.4.210 NOT 10.0.4.76

What CLI command compiles and installs a Security Policy on the target's Security Gateways? (A). fwm compile (B). fwm load (C). fwm fetch (D). fwm install

(B). fwm load

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply. (A). ffff (B). 1 (C). 2 (D). 3

(B). 1

In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared 'down', you would set the_________? (A). life sign polling interval (B). life sign timeout (C). life_sign_polling_interval (D). life_sign_timeout

(D). life_sign_timeout

Which view is NOT a valid CPVIEW view? (A). IDA (B). RAD (C). PDP (D). VPN

(C). PDP

What is the best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet? (A). CPUSE offline upgrade only (B). Advanced upgrade or CPUSE offline upgrade (C). Advanced Upgrade only (D). SmartUpdate offline upgrade

(B). Advanced upgrade or CPUSE offline upgrade

Using Threat Emulation technologies, what is the best way to block .exe and .bat file types? (A). enable DLP and select.exe and .bat file type (B). enable .exe & .bat protection in IPS Policy (C). create FW rule for particular protocol (D). tecli advanced attributes set prohibited_file_types exe.bat

(A). enable DLP and select.exe and .bat file type

Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build? (A). In WebUI Status and Actions page or by running the following command in CLISH: show installer status build (B). In WebUI Status and Actions page or by running the following command in CLISH: show installer status version (C). In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build (D). In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent

(A). In WebUI Status and Actions page or by running the following command in CLISH: show installer status build

You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason? (A). Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database. (B). Data Awareness is not enabled (C). Identity Awareness is not enabled (D). Logs are arriving from Pre-R81 gateways

(A). Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.

Where you can see and search records of action done by R81 SmartConsole administrators? (A). In SmartView Tracker, open active log (B). In the Logs & Monitor view, select "Open Audit Log View" (C). In SmartAuditLog View (D). In Smartlog, all logs

(B). In the Logs & Monitor view, select "Open Audit Log View"

Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically attached to a Security Gateway. (A). Formal; corporate (B). Local; formal (C). Local; central (D). Central; local

(D). Central; local

How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer. (A). By using IPSEC (B). By using SIC (C). By using ICA (D). By using 3DES

(B). By using SIC

Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic. (A). Accept; redirect (B). Accept; drop (C). Redirect; drop (D). Drop; accept

(D). Drop; accept

A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue? (A). run fw unloadlocal" on the relevant gateway and check the ping again (B). run "cpstop" on the relevant gateway and check the ping again (C). run ''fw log" on the relevant gateway (D). run ''fw ctl zdebug drop" on the relevant gateway

(D). run ''fw ctl zdebug drop" on the relevant gateway

Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration. (A). upgrade_import (B). cpconfig (C). fwm dbimport -p (D). cpinfo -recover

(A). upgrade_import

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition? (A). Any size (B). Less than 20GB (C). More than 10GB and less than 20GB (D). At least 20GB

(D). At least 20GB

How do you enable virtual mac (VMAC) on-the-fly on a cluster member? (A). cphaprob set int fwha_vmac_global_param_enabled 1 (B). clusterXL set int fwha_vmac_global_param_enabled 1 (C). fw ctl set int fwha_vmac_global_param_enabled 1 (D). cphaconf set int fwha_vmac_global_param_enabled 1

(C). fw ctl set int fwha_vmac_global_param_enabled 1

What is the correct command to observe the Sync traffic in a VRRP environment? (A). fw monitor -e "accept[12:4,b]=224.0.0.18;" (B). fw monitor -e "accept port(6118;" (C). fw monitor -e "accept proto=mcVRRP;" (D). fw monitor -e "accept dst=224.0.0.18;"

(D). fw monitor -e "accept dst=224.0.0.18;"

Check Point security components are divided into the following components: (A). GUI Client, Security Gateway, WebUI Interface (B). GUI Client, Security Management, Security Gateway (C). Security Gateway, WebUI Interface, Consolidated Security Logs (D). Security Management, Security Gateway, Consolidate Security Logs

(B). GUI Client, Security Management, Security Gateway

Which one of the following is true about Threat Extraction? (A). Always delivers a file to user (B). Works on all MS Office, Executables, and PDF files (C). Can take up to 3 minutes to complete (D). Delivers file only if no threats found

(A). Always delivers a file to user

What information is NOT collected from a Security Gateway in a Cpinfo? (A). Firewall logs (B). Configuration and database files (C). System message logs (D). OS and network statistics

(A). Firewall logs

Which is the correct order of a log flow processed by SmartEvent components? (A). Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client (B). Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client (C). Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client (D). Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client

(D). Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed? (A). ThreatWiki (B). Whitelist Files (C). AppWiki (D). IPS Protections

(B). Whitelist Files

To add a file to the Threat Prevention Whitelist, what two items are needed? (A). File name and Gateway (B). Object Name and MD5 signature (C). MD5 signature and Gateway (D). IP address of Management Server and Gateway

(B). Object Name and MD5 signature

What is the SandBlast Agent designed to do? (A). Performs OS-level sandboxing for SandBlast Cloud architecture (B). Ensure the Check Point SandBlast services is running on the end user's system (C). If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network (D). Clean up email sent with malicious attachments

(C). If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager? (A). fw accel stat (B). fwaccel stat (C). fw acces stats (D). fwaccel stats

(B). fwaccel stat

Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations? (A). One machine, but it needs to be installed using SecurePlatform for compatibility purposes. (B). One machine (C). Two machines (D). Three machines

(C). Two machines One for Security Management Server and the other one for the Security Gateway.

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated? (A). There is a virus found. Traffic is still allowed but not accelerated. (B). The connection required a Security server. (C). Acceleration is not enabled. (D). The traffic is originating from the gateway itself.

(B). The connection required a Security server.

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their dat a. Which component is NOT part of the SandBlast Mobile solution? (A). Management Dashboard (B). Gateway (C). Personal User Storage (D). Behavior Risk Engine

(C). Personal User Storage

IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel? (A). Nothing (B). TCP FIN (C). TCP RST (D). ICMP unreachable

(A). Nothing

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use? (A). SmartEvent Client Info (B). SecuRemote (C). Check Point Protect (D). Check Point Capsule Cloud

(C). Check Point Protect

Which path below is available only when CoreXL is enabled? (A). Slow path (B). Firewall path (C). Medium path (D). Accelerated path

(C). Medium path

On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port: (A). 18210 (B). 18184 (C). 257 (D). 18191

(B). 18184

Customer's R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet? (A). Export R81 configuration, clean install R81.10 and import the configuration (B). CPUSE offline upgrade (C). CPUSE online upgrade (D). SmartUpdate upgrade

(C). CPUSE online upgrade

What is false regarding prerequisites for the Central Deployment usage? (A). The administrator must have write permission on SmartUpdate (B). Security Gateway must have the latest CPUSE Deployment Agent (C). No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically. (D). The Security Gateway must have a policy installed

(D). The Security Gateway must have a policy installed

How many images are included with Check Point TE appliance in Recommended Mode? (A). 2(OS) images (B). images are chosen by administrator during installation (C). as many as licensed for (D). the most new image

(A). 2(OS) images

Identify the API that is not supported by Check Point currently. (A). R81 Management API- (B). Identity Awareness Web Services API (C). Open REST API (D). OPSEC SDK

(C). Open REST API

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot: (A). fw ctl Dyn_Dispatch on (B). fw ctl Dyn_Dispatch enable (C). fw ctl multik set_mode 4 (D). fw ctl multik set_mode 1

(C). fw ctl multik set_mode 4

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server? (A). fwd (B). fwm (C). cpd (D). cpwd

(B). fwm

What are the different command sources that allow you to communicate with the API server? (A). SmartView Monitor, API_cli Tool, Gaia CLI, Web Services (B). SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services (C). SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services (D). API_cli Tool, Gaia CLI, Web Services

(B). SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax? (A). blada: application control AND action:drop (B). blade."application control AND action;drop (C). (blade: application control AND action;drop) (D). blade;"application control AND action:drop

(D). blade;"application control AND action:drop

Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true? (A). $FWDIR/conf/client.scv (B). $CPDIR/conf/local.scv (C). $CPDIR/conf/client.svc (D). $FWDIR/conf/local.scv

(D). $FWDIR/conf/local.scv

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ . (A). TCP Port 18190 (B). TCP Port 18209 (C). TCP Port 19009 (D). TCP Port 18191

(D). TCP Port 18191

For Management High Availability, which of the following is NOT a valid synchronization status? (A). Collision (B). Down (C). Lagging (D). Never been synchronized

(B). Down

Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard? (A). You can assign only one profile per gateway and a profile can be assigned to one rule Only. (B). You can assign multiple profiles per gateway and a profile can be assigned to one rule only. (C). You can assign multiple profiles per gateway and a profile can be assigned to one or more rules. (D). You can assign only one profile per gateway and a profile can be assigned to one or more rules.

(C). You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically? (A). No, since 'maintain' current active cluster member' option on the cluster object properties is enabled by default. (B). No, since 'maintain' current active cluster member' option is enabled by default on the Global Properties. (C). Yes, since 'Switch to higher priority cluster member' option on the cluster object properties is enabled by default. (D). Yes, since 'Switch to higher priority cluster member' option is enabled by default on the Global Properties.

(A). No, since 'maintain' current active cluster member' option on the cluster object properties is enabled by default.

Which NAT rules are prioritized first? (A). Post-Automatic/Manual NAT rules (B). Manual/Pre-Automatic NAT (C). Automatic Hide NAT (D). Automatic Static NAT

(B). Manual/Pre-Automatic NAT

Which CLI command will reset the IPS pattern matcher statistics? (A). ips reset pmstat (B). ips pstats reset (C). ips pmstats refresh (D). ips pmstats reset

(D). ips pmstats reset

In the Firewall chain mode FFF refers to: (A). Stateful Packets (B). No Match (C). All Packets (D). Stateless Packets

(C). All Packets

What are the steps to configure the HTTPS Inspection Policy? (A). Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard (B). Go to Application&url filtering blade > Advanced > Https Inspection > Policy (C). Go to Manage&Settings > Blades > HTTPS Inspection > Policy (D). Go to Application&url filtering blade > Https Inspection > Policy

(A). Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is: (A). MySQL (B). Postgres SQL (C). MarisDB (D). SOLR

(B). Postgres SQL

How many users can have read/write access in Gaia at one time? (A). Infinite (B). One (C). Three (D). Two

(B). One

How many layers make up the TCP/IP model? (A). 2 (B). 7 (C). 6 (D). 4

(D). 4

What is the responsibility of SOLR process on R81.10 management server? (A). Validating all data before it's written into the database (B). It generates indexes of data written to the database (C). Communication between SmartConsole applications and the Security Management Server (D). Writing all information into the database

(B). It generates indexes of data written to the database

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis? (A). Application Control (B). Threat Emulation (C). Anti-Virus (D). Advanced Networking Blade

(B). Threat Emulation

SmartEvent Security Checkups can be run from the following Logs and Monitor activity: (A). Reports (B). Advanced (C). Checkups (D). Views

(A). Reports

When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true? (A). If the Action is Accept, the gateway allows the packet to pass through the gateway. (B). If the Action is Drop, the gateway continues to check rules in the next Policy Layer down. (C). If the Action is Accept, the gateway continues to check rules in the next Policy Layer down. (D). If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

(C). If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.

Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail? (A). fwm (B). cpd (C). cpwd (D). cpm

(C). cpwd

Which of the following is a task of the CPD process? (A). Invoke and monitor critical processes and attempts to restart them if they fail (B). Transfers messages between Firewall processes (C). Log forwarding (D). Responsible for processing most traffic on a security gateway

(B). Transfers messages between Firewall processes

Which TCP-port does CPM process listen to? (A). 18191 (B). 18190 (C). 8983 (D). 19009

(D). 19009

Which command lists all tables in Gaia? (A). fw tab -t (B). fw tab -list (C). fw-tab -s (D). fw tab -1

(C). fw-tab -s

What must you do first if "fwm sic_reset" could not be completed? (A). Cpstop then find keyword "certificate" in objects_5_0.C and delete the section (B). Reinitialize SIC on the security gateway then run "fw unloadlocal" (C). Reset SIC from Smart Dashboard (D). Change internal CA via cpconfig

(D). Change internal CA via cpconfig

Advanced Security Checkups can be easily conducted within: (A). Reports (B). Advanced (C). Checkups (D). Views (E). Summary

(A). Reports

John is using Management HA. Which Smartcenter should be connected to for making changes? (A). secondary Smartcenter (B). active Smartenter (C). connect virtual IP of Smartcenter HA (D). primary Smartcenter

(B). active Smartenter

What can we infer about the recent changes made to the Rule Base? (A). Rule 7 was created by the 'admin' administrator in the current session (B). 8 changes have been made by administrators since the last policy installation (C). The rules 1, 5 and 6 cannot be edited by the 'admin' administrator (D). Rule 1 and object webserver are locked by another administrator

(D). Rule 1 and object webserver are locked by another administrator

What is the purpose of a SmartEvent Correlation Unit? (A). The SmartEvent Correalation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server. (B). The SmartEvent Correlation Unit's task is to assign severity levels to the identified events. (C). The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events. (D). The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

(C). The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

Which one of the following is true about Capsule Connect? (A). It is a full layer 3 VPN client (B). It offers full enterprise mobility management (C). It is supported only on iOS phones and Windows PCs (D). It does not support all VPN authentication methods

(A). It is a full layer 3 VPN client

Which method below is NOT one of the ways to communicate using the Management API's? (A). Typing API commands using the "mgmt_cli" command (B). Typing API commands from a dialog box inside the SmartConsole GUI application (C). Typing API commands using Gaia's secure shell(clish)19+ (D). Sending API commands over an http connection using web-services

(D). Sending API commands over an http connection using web-services

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement? (A). add host name ip-address (B). add hostname ip-address (C). set host name ip-address (D). set hostname ip-address

(A). add host name ip-address

Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________. (A). AV issues (B). VPN errors (C). Network traffic issues (D). Authentication issues

(C). Network traffic issues

What is the minimum number of CPU cores required to enable CoreXL? (A). 1 (B). 6 (C). 2 (D). 4

(C). 2 Default number of CoreXL IPv4 FW instances: Note: The real number of CoreXL FW instances depends on the current CoreXL license. Number of CPU cores Default number of CoreXL IPv4 FW instances Default number of Secure Network Distributors (SNDs) 1 1 Note: CoreXL is disabled 0 Note: CoreXL is disabled 2 2 2 4 3 1 6 - 20 [Number of CPU cores] - 2 2 More than 20 (1) [Number of CPU cores] - 4 4

SandBlast appliances can be deployed in the following modes: (A). using a SPAN port to receive a copy of the traffic only (B). detect only (C). inline/prevent or detect (D). as a Mail Transfer Agent and as part of the traffic flow only

(C). inline/prevent or detect

Which of the following technologies extracts detailed information from packets and stores that information in state tables? (A). INSPECT Engine (B). Stateful Inspection (C). Packet Filtering (D). Application Layer Firewall

(A). INSPECT Engine

What is not a purpose of the deployment of Check Point API? (A). Execute an automated script to perform common tasks (B). Create a customized GUI Client for manipulating the objects database (C). Create products that use and enhance the Check Point solution (D). Integrate Check Point products with 3rd party solution

(B). Create a customized GUI Client for manipulating the objects database

Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ . (A). The license is attached to the wrong Security Gateway. (B). The existing license expires. (C). The license is upgraded. (D). The IP address of the Security Management or Security Gateway has changed.

(A). The license is attached to the wrong Security Gateway.

Which encryption algorithm is the least secured? (A). AES-128 (B). AES-256 (C). DES (D). 3DES

(C). DES

What is false regarding a Management HA environment? (A). Only one Management Server should be active, while any others be in standby mode (B). It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. (C). SmartConsole can connect to any management server in Readonly mode. (D). Synchronization will occur automatically with each Publish event if the Standby servers are available.

(B). It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.

Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day? (A). fw tab -t connections -s (B). fw tab -t connections (C). fw tab -t connections -c (D). fw tab -t connections -f

(B). fw tab -t connections

What is the order of NAT priorities? (A). Static NAT, IP pool NAT, hide NAT (B). IP pool NAT, static NAT, hide NAT (C). Static NAT, automatic NAT, hide NAT (D). Static NAT, hide NAT, IP pool NAT

(A). Static NAT, IP pool NAT, hide NAT

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled? (A). He can use the fw accel stat command on the gateway. (B). He can use the fw accel statistics command on the gateway. (C). He can use the fwaccel stat command on the Security Management Server. (D). He can use the fwaccel stat command on the gateway

(D). He can use the fwaccel stat command on the gateway

What are the two high availability modes? (A). Load Sharing and Legacy (B). Traditional and New (C). Active and Standby (D). New and Legacy

(D). New and Legacy ClusterXL has four working modes.

What is the purpose of Priority Delta in VRRP? (A). When a box up, Effective Priority = Priority + Priority Delta (B). When an Interface is up, Effective Priority = Priority + Priority Delta (C). When an Interface fail, Effective Priority = Priority - Priority Delta (D). When a box fail, Effective Priority = Priority - Priority Delta

(C). When an Interface fail, Effective Priority = Priority - Priority Delta Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure? (A). Severity (B). Automatic reactions (C). Policy (D). Threshold

(C). Policy

You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the down member but unfortunately the member continues to show down. What command do you run to determine the cause? (A). cphaprob -f register (B). cphaprob -d -s report (C). cpstat -f all (D). cphaprob -a list

(D). cphaprob -a list

Is it possible to establish a VPN before the user login to the Endpoint Client? (A). yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway (B). no, the user must login first. (C). yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway (D). yes, you had to enable Machine Authentication in the Gateway object of the Smart Console

(C). yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway

What command would show the API server status? (A). cpm status (B). api restart (C). api status (D). show api status

(C). api status

You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia? (A). In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11 (B). In expert-mode run ifconfig eth1 hw 11:11:11:11 11 11 (C). In CLISH run set interface eth2 hw-addr 11 11 11:11:11 11 (D). In expert-mode run: ethtool -4 eth2 mac 11 11:11:11:11:11

(A). In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11

Which command is used to add users to or from existing roles? (A). Add rba user roles (B). Add rba user (C). Add user roles (D). Add user

(A). Add rba user roles

By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic? (A). Six times per day (B). Seven times per day (C). Every two hours (D). Every three hours

(D). Every three hours

Which feature is NOT provided by all Check Point Mobile Access solutions? (A). Support for IPv6 (B). Granular access control (C). Strong user authentication (D). Secure connectivity

(A). Support for IPv6

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. (A). This statement is true because SecureXL does improve all traffic. (B). This statement is false because SecureXL does not improve this traffic but CoreXL does. (C). This statement is true because SecureXL does improve this traffic. (D). This statement is false because encrypted traffic cannot be inspected.

(C). This statement is true because SecureXL does improve this traffic. SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.

Which two of these Check Point Protocols are used by SmartEvent Processes? (A). ELA and CPD (B). FWD and LEA (C). FWD and CPLOG (D). ELA and CPLOG

(D). ELA and CPLOG

What does the Log "Views" tab show when SmartEvent is Correlating events? (A). A list of common reports (B). Reports for customization (C). Top events with charts and graphs (D). Details of a selected logs

(D). Details of a selected logs

Where do you create and modify the Mobile Access policy in R81? (A). SmartConsole (B). SmartMonitor (C). SmartEndpoint (D). SmartDashboard

(A). SmartConsole

What is the command to check the status of Check Point processes? (A). top (B). cptop (C). cphaprob list (D). cpwd_admin list

(D). cpwd_admin list

In which formats can Threat Emulation forensics reports be viewed in? (A). TXT, XML and CSV (B). PDF and TXT (C). PDF, HTML and XML (D). PDF and HTML

(C). PDF, HTML and XML

After verifying that API Server is not running, how can you start the API Server? (A). Run command "set api start" in CLISH mode (B). Run command "mgmt__cli set api start" in Expert mode (C). Run command "mgmt api start" in CLISH mode (D). Run command "api start" in Expert mode

(B). Run command "mgmt__cli set api start" in Expert mode

Which of the following links will take you to the SmartView web application? (A). Management Server host name>/smartviewweb/ (B). Management Server IP Address>/smartview/ (C). Management Server host name>smartviewweb (D). Management Server IP Address>/smartview

(B). Management Server IP Address>/smartview/

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? (A). Stateful Mode (B). VPN Routing Mode (C). Wire Mode (D). Stateless Mode

(C). Wire Mode Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".

By default, the R81 web API uses which content-type in its response? (A). Java Script (B). XML (C). Text (D). JSON

(D). JSON

What is true about the IPS-Blade? (A). In R81, IPS is managed by the Threat Prevention Policy (B). In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict (C). In R81, IPS Exceptions cannot be attached to "all rules" (D). In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

(A). In R81, IPS is managed by the Threat Prevention Policy

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites? (A). By dropping traffic from websites identified through ThreatCloud Verification and URL Caching (B). By dropping traffic that is not proven to be from clean websites in the URL Filtering blade (C). By allowing traffic from websites that are known to run Antivirus Software on servers regularly (D). By matching logs against ThreatCloud information about the reputation of the website

(D). By matching logs against ThreatCloud information about the reputation of the website

Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD. (A). WMI (B). Eventvwr (C). XML (D). Services.msc

(A). WMI

Fill in the blanks. There are ________ types of software containers: ___________. (A). Three; security management, Security Gateway, and endpoint security (B). Three; Security Gateway, endpoint security, and gateway management (C). Two; security management and endpoint security (D). Two; endpoint security and Security Gateway

(A). Three; security management, Security Gateway, and endpoint security

CCSE Flashcards

(580 cards)