Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Check Point Certified Security Expert R81.20 Question and Answers

Check Point Certified Security Expert R81.20

Last Update Dec 2, 2024
Total Questions : 628

We are offering FREE 156-315.81 Checkpoint exam questions. All you do is to just go and sign up. Give your details, prepare 156-315.81 free exam questions and then go for complete pool of Check Point Certified Security Expert R81.20 test questions that will help you more.

156-315.81 pdf

156-315.81 PDF

$36.75  $104.99
156-315.81 Engine

156-315.81 Testing Engine

$43.75  $124.99
156-315.81 PDF + Engine

156-315.81 PDF + Testing Engine

$57.75  $164.99
Questions 1

In R81, how do you manage your Mobile Access Policy?

Options:

A.  

Through the Unified Policy

B.  

Through the Mobile Console

C.  

From SmartDashboard

D.  

From the Dedicated Mobility Tab

Discussion 0
Questions 2

The Firewall kernel is replicated multiple times, therefore:

Options:

A.  

The Firewall kernel only touches the packet if the connection is accelerated

B.  

The Firewall can run different policies per core

C.  

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

D.  

The Firewall can run the same policy on all cores.

Discussion 0
Questions 3

Identify the API that is not supported by Check Point currently.

Options:

A.  

R81 Management API-

B.  

Identity Awareness Web Services API

C.  

Open REST API

D.  

OPSEC SDK

Discussion 0
Questions 4

Which packet info is ignored with Session Rate Acceleration?

Options:

A.  

source port ranges

B.  

source ip

C.  

source port

D.  

same info from Packet Acceleration is used

Discussion 0
Questions 5

The SmartEvent R81 Web application for real-time event monitoring is called:

Options:

A.  

SmartView Monitor

B.  

SmartEventWeb

C.  

There is no Web application for SmartEvent

D.  

SmartView

Discussion 0
Questions 6

What is the order of NAT priorities?

Options:

A.  

Static NAT, IP pool NAT, hide NAT

B.  

IP pool NAT, static NAT, hide NAT

C.  

Static NAT, automatic NAT, hide NAT

D.  

Static NAT, hide NAT, IP pool NAT

Discussion 0
Questions 7

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

Options:

A.  

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.  

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.  

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.  

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Discussion 0
Questions 8

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

Options:

A.  

User Directory

B.  

Captive Portal and Transparent Kerberos Authentication

C.  

Captive Portal

D.  

UserCheck

Discussion 0
Questions 9

What kind of information would you expect to see using the sim affinity command?

Options:

A.  

The VMACs used in a Security Gateway cluster

B.  

The involved firewall kernel modules in inbound and outbound packet chain

C.  

Overview over SecureXL templated connections

D.  

Network interfaces and core distribution used for CoreXL

Discussion 0
Questions 10

Which application should you use to install a contract file?

Options:

A.  

SmartView Monitor

B.  

WebUI

C.  

SmartUpdate

D.  

SmartProvisioning

Discussion 0
Questions 11

In which formats can Threat Emulation forensics reports be viewed in?

Options:

A.  

TXT, XML and CSV

B.  

PDF and TXT

C.  

PDF, HTML, and XML

D.  

PDF and HTML

Discussion 0
Questions 12

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

Options:

A.  

Smart Cloud Services

B.  

Load Sharing Mode Services

C.  

Threat Agent Solution

D.  

Public Cloud Services

Discussion 0
Questions 13

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?

Options:

A.  

SFWDIR/smartevent/conf

B.  

$RTDIR/smartevent/conf

C.  

$RTDIR/smartview/conf

D.  

$FWDIR/smartview/conf

Discussion 0
Questions 14

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Options:

A.  

cvpnd_restart

B.  

cvpnd_restart

C.  

cvpnd restart

D.  

cvpnrestart

Discussion 0
Questions 15

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

Options:

A.  

IP

B.  

SIC

C.  

NAT

D.  

FQDN

Discussion 0
Questions 16

What is the command to check the status of the SmartEvent Correlation Unit?

Options:

A.  

fw ctl get int cpsead_stat

B.  

cpstat cpsead

C.  

fw ctl stat cpsemd

D.  

cp_conf get_stat cpsemd

Discussion 0
Questions 17

Which command gives us a perspective of the number of kernel tables?

Options:

A.  

fw tab -t

B.  

fw tab -s

C.  

fw tab -n

D.  

fw tab -k

Discussion 0
Questions 18

Which tool is used to enable ClusterXL?

Options:

A.  

SmartUpdate

B.  

cpconfig

C.  

SmartConsole

D.  

sysconfig

Discussion 0
Questions 19

Which of the following is NOT an option to calculate the traffic direction?

Options:

A.  

Incoming

B.  

Internal

C.  

External

D.  

Outgoing

Discussion 0
Questions 20

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

Options:

A.  

Kerberos Ticket Renewed

B.  

Kerberos Ticket Requested

C.  

Account Logon

D.  

Kerberos Ticket Timed Out

Discussion 0
Questions 21

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Options:

A.  

Accounting

B.  

Suppression

C.  

Accounting/Suppression

D.  

Accounting/Extended

Discussion 0
Questions 22

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

Options:

A.  

logd

B.  

fwd

C.  

fwm

D.  

cpd

Discussion 0
Questions 23

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

Options:

A.  

restore_backup

B.  

import backup

C.  

cp_merge

D.  

migrate import

Discussion 0
Questions 24

What command would show the API server status?

Options:

A.  

cpm status

B.  

api restart

C.  

api status

D.  

show api status

Discussion 0
Questions 25

What is the SandBlast Agent designed to do?

Options:

A.  

Performs OS-level sandboxing for SandBlast Cloud architecture

B.  

Ensure the Check Point SandBlast services is running on the end user’s system

C.  

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.  

Clean up email sent with malicious attachments

Discussion 0
Questions 26

Which command would you use to set the network interfaces’ affinity in Manual mode?

Options:

A.  

sim affinity -m

B.  

sim affinity -l

C.  

sim affinity -a

D.  

sim affinity -s

Discussion 0
Questions 27

On what port does the CPM process run?

Options:

A.  

TCP 857

B.  

TCP 18192

C.  

TCP 900

D.  

TCP 19009

Discussion 0
Questions 28

What is the most ideal Synchronization Status for Security Management Server High Availability deployment?

Options:

A.  

Lagging

B.  

Synchronized

C.  

Never been synchronized

D.  

Collision

Discussion 0
Questions 29

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.  

/opt/CPshrd-R81/conf/local.arp

B.  

/var/opt/CPshrd-R81/conf/local.arp

C.  

$CPDIR/conf/local.arp

D.  

$FWDIR/conf/local.arp

Discussion 0
Questions 30

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

Options:

A.  

4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

B.  

3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

C.  

1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

D.  

2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Discussion 0
Questions 31

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Options:

A.  

Threat Emulation

B.  

Mobile Access

C.  

Mail Transfer Agent

D.  

Threat Cloud

Discussion 0
Questions 32

Which Remote Access Client does not provide an Office-Mode Address?

Options:

A.  

SecuRemote

B.  

Endpoint Security Suite

C.  

Endpoint Security VPN

D.  

Check Point Mobile

Discussion 0
Questions 33

What are the blades of Threat Prevention?

Options:

A.  

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.  

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.  

IPS, AntiVirus, AntiBot

D.  

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Discussion 0
Questions 34

You need to see which hotfixes are installed on your gateway, which command would you use?

Options:

A.  

cpinfo –h all

B.  

cpinfo –o hotfix

C.  

cpinfo –l hotfix

D.  

cpinfo –y all

Discussion 0
Questions 35

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.  

ffff

B.  

1

C.  

3

D.  

2

Discussion 0
Questions 36

Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

Options:

A.  

WMI

B.  

Eventvwr

C.  

XML

D.  

Services.msc

Discussion 0
Questions 37

What is the purpose of extended master key extension/session hash?

Options:

A.  

UDP VOIP protocol extension

B.  

In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication

C.  

Special TCP handshaking extension

D.  

Supplement DLP data watermark

Discussion 0
Questions 38

The following command is used to verify the CPUSE version:

Options:

A.  

HostName:0>show installer status build

B.  

[Expert@HostName:0]#show installer status

C.  

[Expert@HostName:0]#show installer status build

D.  

HostName:0>show installer build

Discussion 0
Questions 39

SmartEvent does NOT use which of the following procedures to identify events:

Options:

A.  

Matching a log against each event definition

B.  

Create an event candidate

C.  

Matching a log against local exclusions

D.  

Matching a log against global exclusions

Discussion 0
Questions 40

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

Options:

A.  

cpwd

B.  

fwd

C.  

cpd

D.  

fwm

Discussion 0
Questions 41

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.  

Initial Path; Medium Path; Accelerated Path

B.  

Layer Path; Blade Path; Rule Path

C.  

Firewall Path; Accept Path; Drop Path

D.  

Firewall Path; Accelerated Path; Medium Path

Discussion 0
Questions 42

For Management High Availability, which of the following is NOT a valid synchronization status?

Options:

A.  

Collision

B.  

Down

C.  

Lagging

D.  

Never been synchronized

Discussion 0
Questions 43

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

Options:

A.  

fwd

B.  

fwm

C.  

cpd

D.  

cpwd

Discussion 0
Questions 44

Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

Options:

A.  

host name myHost12 ip-address 10.50.23.90

B.  

mgmt: add host name ip-address 10.50.23.90

C.  

add host name emailserver1 ip-address 10.50.23.90

D.  

mgmt: add host name emailserver1 ip-address 10.50.23.90

Discussion 0
Questions 45

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

Options:

A.  

ffff

B.  

1

C.  

2

D.  

3

Discussion 0
Questions 46

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

Options:

A.  

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.  

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.  

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.  

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Discussion 0
Questions 47

Can multiple administrators connect to a Security Management Server at the same time?

Options:

A.  

No, only one can be connected

B.  

Yes, all administrators can modify a network object at the same time

C.  

Yes, every administrator has their own username, and works in a session that is independent of other administrators.

D.  

Yes, but only one has the right to write.

Discussion 0
Questions 48

What is the main difference between Threat Extraction and Threat Emulation?

Options:

A.  

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.  

Threat Extraction always delivers a file and takes less than a second to complete.

C.  

Threat Emulation never delivers a file that takes less than a second to complete.

D.  

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Discussion 0
Questions 49

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.  

cphaprob set int fwha_vmac_global_param_enabled 1

B.  

clusterXL set int fwha_vmac_global_param_enabled 1

C.  

fw ctl set int fwha_vmac_global_param_enabled 1

D.  

cphaconf set int fwha_vmac_global_param_enabled 1

Discussion 0
Questions 50

John is using Management HA. Which Smartcenter should be connected to for making changes?

Options:

A.  

secondary Smartcenter

B.  

active Smartenter

C.  

connect virtual IP of Smartcenter HA

D.  

primary Smartcenter

Discussion 0
Questions 51

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

Options:

A.  

Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B.  

Install appliance TE250X in standalone mode and setup MTA.

C.  

You can utilize only Check Point Cloud Services for this scenario.

D.  

It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Discussion 0
Questions 52

Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

Options:

A.  

cphaprob stat

B.  

cphaprob –a if

C.  

cphaprob –l list

D.  

cphaprob all show stat

Discussion 0
Questions 53

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Options:

A.  

cphaprob –f register

B.  

cphaprob –d –s report

C.  

cpstat –f all

D.  

cphaprob –a list

Discussion 0
Questions 54

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

Options:

A.  

SOAP

B.  

REST

C.  

XLANG

D.  

XML-RPC

Discussion 0
Questions 55

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.  

Can only be changed for Load Sharing implementations

B.  

All connections are processed and synchronized by the pivot

C.  

Is configured using cpconfig

D.  

Is only relevant when using SecureXL

Discussion 0
Questions 56

Under which file is the proxy arp configuration stored?

Options:

A.  

$FWDIR/state/proxy_arp.conf on the management server

B.  

$FWDIR/conf/local.arp on the management server

C.  

$FWDIR/state/_tmp/proxy.arp on the security gateway

D.  

$FWDIR/conf/local.arp on the gateway

Discussion 0
Questions 57

What is the benefit of “tw monitor” over “tcpdump”?

Options:

A.  

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.  

“fw monitor” is also available for 64-Bit operating systems.

C.  

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.  

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Discussion 0
Questions 58

Which of the following describes how Threat Extraction functions?

Options:

A.  

Detect threats and provides a detailed report of discovered threats.

B.  

Proactively detects threats.

C.  

Delivers file with original content.

D.  

Delivers PDF versions of original files with active content removed.

Discussion 0
Questions 59

Which method below is NOT one of the ways to communicate using the Management API’s?

Options:

A.  

Typing API commands using the “mgmt_cli” command

B.  

Typing API commands from a dialog box inside the SmartConsole GUI application

C.  

Typing API commands using Gaia’s secure shell(clish)19+

D.  

Sending API commands over an http connection using web-services

Discussion 0
Questions 60

Session unique identifiers are passed to the web api using which http header option?

Options:

A.  

X-chkp-sid

B.  

Accept-Charset

C.  

Proxy-Authorization

D.  

Application

Discussion 0
Questions 61

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

Options:

A.  

TCP 18211

B.  

TCP 257

C.  

TCP 4433

D.  

TCP 443

Discussion 0
Questions 62

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Options:

A.  

Block Port Overflow

B.  

Local Interface Spoofing

C.  

Suspicious Activity Monitoring

D.  

Adaptive Threat Prevention

Discussion 0
Questions 63

Which of the SecureXL templates are enabled by default on Security Gateway?

Options:

A.  

Accept

B.  

Drop

C.  

NAT

D.  

None

Discussion 0
Questions 64

Which command would disable a Cluster Member permanently?

Options:

A.  

clusterXL_admin down

B.  

cphaprob_admin down

C.  

clusterXL_admin down-p

D.  

set clusterXL down-p

Discussion 0
Questions 65

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

Options:

A.  

50%

B.  

75%

C.  

80%

D.  

15%

Discussion 0
Questions 66

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

Options:

A.  

Host having a Critical event found by Threat Emulation

B.  

Host having a Critical event found by IPS

C.  

Host having a Critical event found by Antivirus

D.  

Host having a Critical event found by Anti-Bot

Discussion 0
Questions 67

What happen when IPS profile is set in Detect Only Mode for troubleshooting?

Options:

A.  

It will generate Geo-Protection traffic

B.  

Automatically uploads debugging logs to Check Point Support Center

C.  

It will not block malicious traffic

D.  

Bypass licenses requirement for Geo-Protection control

Discussion 0
Questions 68

Which of these statements describes the Check Point ThreatCloud?

Options:

A.  

Blocks or limits usage of web applications

B.  

Prevents or controls access to web sites based on category

C.  

Prevents Cloud vulnerability exploits

D.  

A worldwide collaborative security network

Discussion 0
Questions 69

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Options:

A.  

Symmetric routing

B.  

Failovers

C.  

Asymmetric routing

D.  

Anti-Spoofing

Discussion 0
Questions 70

Where you can see and search records of action done by R81 SmartConsole administrators?

Options:

A.  

In SmartView Tracker, open active log

B.  

In the Logs & Monitor view, select “Open Audit Log View”

C.  

In SmartAuditLog View

D.  

In Smartlog, all logs

Discussion 0
Questions 71

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

Options:

A.  

Check Point Remote User

B.  

Check Point Capsule Workspace

C.  

Check Point Mobile Web Portal

D.  

Check Point Capsule Remote

Discussion 0
Questions 72

Which command will allow you to see the interface status?

Options:

A.  

cphaprob interface

B.  

cphaprob –I interface

C.  

cphaprob –a if

D.  

cphaprob stat

Discussion 0
Questions 73

Which CLI command will reset the IPS pattern matcher statistics?

Options:

A.  

ips reset pmstat

B.  

ips pstats reset

C.  

ips pmstats refresh

D.  

ips pmstats reset

Discussion 0
Questions 74

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

Options:

A.  

1, 2, 3, 4

B.  

1, 4, 2, 3

C.  

3, 1, 2, 4

D.  

4, 3, 1, 2

Discussion 0
Questions 75

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

Options:

A.  

User data base corruption

B.  

LDAP conflicts

C.  

Traffic issues

D.  

Phase two key negotiations

Discussion 0
Questions 76

fwssd is a child process of which of the following Check Point daemons?

Options:

A.  

fwd

B.  

cpwd

C.  

fwm

D.  

cpd

Discussion 0
Questions 77

Which command can you use to enable or disable multi-queue per interface?

Options:

A.  

cpmq set

B.  

Cpmqueue set

C.  

Cpmq config

D.  

St cpmq enable

Discussion 0
Questions 78

Which command shows actual allowed connections in state table?

Options:

A.  

fw tab –t StateTable

B.  

fw tab –t connections

C.  

fw tab –t connection

D.  

fw tab connections

Discussion 0
Questions 79

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.  

Stateful Mode

B.  

VPN Routing Mode

C.  

Wire Mode

D.  

Stateless Mode

Discussion 0
Questions 80

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Options:

A.  

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.  

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.  

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.  

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Discussion 0
Questions 81

What must you do first if “fwm sic_reset” could not be completed?

Options:

A.  

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.  

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.  

Reset SIC from Smart Dashboard

D.  

Change internal CA via cpconfig

Discussion 0
Questions 82

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.  

SND is a feature to accelerate multiple SSL VPN connections

B.  

SND is an alternative to IPSec Main Mode, using only 3 packets

C.  

SND is used to distribute packets among Firewall instances

D.  

SND is a feature of fw monitor to capture accelerated packets

Discussion 0
Questions 83

What command lists all interfaces using Multi-Queue?

Options:

A.  

cpmq get

B.  

show interface all

C.  

cpmq set

D.  

show multiqueue all

Discussion 0
Questions 84

When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.

Which phase of the VPN negotiations has failed?

Options:

A.  

IKE Phase 1

B.  

IPSEC Phase 2

C.  

IPSEC Phase 1

D.  

IKE Phase 2

Discussion 0
Questions 85

You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?

Options:

A.  

migrate export

B.  

upgrade_tools verify

C.  

pre_upgrade_verifier

D.  

migrate import

Discussion 0
Questions 86

What is the command to show SecureXL status?

Options:

A.  

fwaccel status

B.  

fwaccel stats -m

C.  

fwaccel -s

D.  

fwaccel stat

Discussion 0
Questions 87

Which Check Point feature enables application scanning and the detection?

Options:

A.  

Application Dictionary

B.  

AppWiki

C.  

Application Library

D.  

CPApp

Discussion 0
Questions 88

Where do you create and modify the Mobile Access policy in R81?

Options:

A.  

SmartConsole

B.  

SmartMonitor

C.  

SmartEndpoint

D.  

SmartDashboard

Discussion 0
Questions 89

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Options:

A.  

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.  

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.  

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.  

You can make sure that documents are sent to the intended recipients only.

Discussion 0
Questions 90

What is not a purpose of the deployment of Check Point API?

Options:

A.  

Execute an automated script to perform common tasks

B.  

Create a customized GUI Client for manipulating the objects database

C.  

Create products that use and enhance the Check Point solution

D.  

Integrate Check Point products with 3rd party solution

Discussion 0
Questions 91

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .

Options:

A.  

Sent to the Internal Certificate Authority.

B.  

Sent to the Security Administrator.

C.  

Stored on the Security Management Server.

D.  

Stored on the Certificate Revocation List.

Discussion 0
Questions 92

What are the types of Software Containers?

Options:

A.  

Three; security management, Security Gateway, and endpoint security

B.  

Three; Security Gateway, endpoint security, and gateway management

C.  

Two; security management and endpoint security

D.  

Two; endpoint security and Security Gateway

Discussion 0
Questions 93

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

Options:

A.  

3

B.  

2

C.  

1

D.  

4

Discussion 0
Questions 94

SandBlast agent extends 0 day prevention to what part of the network?

Options:

A.  

Web Browsers and user devices

B.  

DMZ server

C.  

Cloud

D.  

Email servers

Discussion 0
Questions 95

What will SmartEvent automatically define as events?

Options:

A.  

Firewall

B.  

VPN

C.  

IPS

D.  

HTTPS

Discussion 0
Questions 96

What is the minimum amount of RAM needed for a Threat Prevention Appliance?

Options:

A.  

6 GB

B.  

8GB with Gaia in 64-bit mode

C.  

4 GB

D.  

It depends on the number of software blades enabled

Discussion 0
Questions 97

Which process handles connection from SmartConsole R81?

Options:

A.  

fwm

B.  

cpmd

C.  

cpm

D.  

cpd

Discussion 0
Questions 98

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Options:

A.  

Accept Template

B.  

Deny Template

C.  

Drop Template

D.  

NAT Template

Discussion 0
Questions 99

What are the steps to configure the HTTPS Inspection Policy?

Options:

A.  

Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B.  

Go to Application&url filtering blade > Advanced > Https Inspection > Policy

C.  

Go to Manage&Settings > Blades > HTTPS Inspection > Policy

D.  

Go to Application&url filtering blade > Https Inspection > Policy

Discussion 0
Questions 100

What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

Options:

A.  

CCP and 18190

B.  

CCP and 257

C.  

CCP and 8116

D.  

CPC and 8116

Discussion 0
Questions 101

When an encrypted packet is decrypted, where does this happen?

Options:

A.  

Security policy

B.  

Inbound chain

C.  

Outbound chain

D.  

Decryption is not supported

Discussion 0
Questions 102

The Correlation Unit performs all but the following actions:

Options:

A.  

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

B.  

Generates an event based on the Event policy.

C.  

Assigns a severity level to the event.

D.  

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Discussion 0
Questions 103

You want to store the GAIA configuration in a file for later reference. What command should you use?

Options:

A.  

write mem

B.  

show config –f

C.  

save config –o

D.  

save configuration

Discussion 0
Questions 104

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.  

fw ctl Dyn_Dispatch on

B.  

fw ctl Dyn_Dispatch enable

C.  

fw ctl multik set_mode 4

D.  

fw ctl multik set_mode 1

Discussion 0
Questions 105

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.  

He can use the fw accel stat command on the gateway.

B.  

He can use the fw accel statistics command on the gateway.

C.  

He can use the fwaccel stat command on the Security Management Server.

D.  

He can use the fwaccel stat command on the gateway

Discussion 0
Questions 106

NO: 180

What command can you use to have cpinfo display all installed hotfixes?

Options:

A.  

cpinfo -hf

B.  

cpinfo –y all

C.  

cpinfo –get hf

D.  

cpinfo installed_jumbo

Discussion 0
Questions 107

Automation and Orchestration differ in that:

Options:

A.  

Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B.  

Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.

C.  

Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.

D.  

Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Discussion 0
Questions 108

What is the purpose of a SmartEvent Correlation Unit?

Options:

A.  

The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

B.  

The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C.  

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

D.  

The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Discussion 0
Questions 109

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

Options:

A.  

Any size

B.  

Less than 20GB

C.  

More than 10GB and less than 20GB

D.  

At least 20GB

Discussion 0
Questions 110

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

Options:

A.  

Security Gateway is not part of the Domain

B.  

SmartConsole machine is not part of the domain

C.  

Identity Awareness is not enabled on Global properties

D.  

Security Management Server is not part of the domain

Discussion 0
Questions 111

Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

Options:

A.  

assign privileges to users.

B.  

edit the home directory of the user.

C.  

add users to your Gaia system.

D.  

assign user rights to their home directory in the Security Management Server.

Discussion 0
Questions 112

How can you switch the active log file?

Options:

A.  

Run fw logswitch on the gateway

B.  

Run fwm logswitch on the Management Server

C.  

Run fwm logswitch on the gateway

D.  

Run fw logswitch on the Management Server

Discussion 0
Questions 113

What two ordered layers make up the Access Control Policy Layer?

Options:

A.  

URL Filtering and Network

B.  

Network and Threat Prevention

C.  

Application Control and URL Filtering

D.  

Network and Application Control

Discussion 0
Questions 114

You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

Options:

A.  

Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.

B.  

On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.

C.  

In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.

D.  

On the Security Management Server object, check the box ‘Identity Logging’.

Discussion 0
Questions 115

Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?

Options:

A.  

Each network environment is dependent and includes interfaces, routes, sockets, and processes

B.  

Management Plane – To access, provision and monitor the Security Gateway

C.  

Data Plane – To access, provision and monitor the Security Gateway

D.  

Management Plane – for all other network traffic and processing

Discussion 0
Questions 116

After verifying that API Server is not running, how can you start the API Server?

Options:

A.  

Run command "set api start" in CLISH mode

B.  

Run command "mgmt__cli set api start" in Expert mode

C.  

Run command "mgmt api start" in CLISH mode

D.  

Run command "api start" in Expert mode

Discussion 0
Questions 117

When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

Options:

A.  

RADIUS

B.  

Remote Access and RADIUS

C.  

AD Query

D.  

AD Query and Browser-based Authentication

Discussion 0
Questions 118

You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.  

Check Point Capsule Cloud

B.  

Sandblast Mobile Protect

C.  

SecuRemote

D.  

SmartEvent Client Info

Discussion 0
Questions 119

Which of the following is NOT an attribute of packet acceleration?

Options:

A.  

Source address

B.  

Protocol

C.  

Destination port

D.  

VLAN Tag

Discussion 0
Questions 120

What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?

Options:

A.  

A host route to route to the destination IP.

B.  

Use the file local.arp to add the ARP entries for NAT to work.

C.  

Nothing, the Gateway takes care of all details necessary.

D.  

Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

Discussion 0
Questions 121

What can we infer about the recent changes made to the Rule Base?

Options:

A.  

Rule 7 was created by the ‘admin’ administrator in the current session

B.  

8 changes have been made by administrators since the last policy installation

C.  

The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator

D.  

Rule 1 and object webserver are locked by another administrator

Discussion 0
Questions 122

Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?

Options:

A.  

You can install Hotfixes with the Central Deployment in SmartConsole

B.  

You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole.

C.  

Only be installed Hotfixes can with the Central Deployment in SmartConsole

D.  

You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.20.

Discussion 0
Questions 123

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

Options:

A.  

Windows Management Instrumentation (WMI)

B.  

Hypertext Transfer Protocol Secure (HTTPS)

C.  

Lightweight Directory Access Protocol (LDAP)

D.  

Remote Desktop Protocol (RDP)

Discussion 0
Questions 124

What does the "unknown" SIC status shown on SmartConsole mean?

Options:

A.  

SIC activation key requires a reset

B.  

Administrator input the wrong SIC key

C.  

The management can contact the Security Gateway but cannot establish Secure Internal Communication

D.  

There is no connection between the Security Gateway and Security Management Server

Discussion 0
Questions 125

Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?

Options:

A.  

mgmt_cli add host name “myHost12 ip” address 10.50.23.90

B.  

mgmt_cli add host name ip-address 10.50.23.90

C.  

mgmt_cli add host “emailserver1” address 10.50.23.90

D.  

mgmt_cli add host name “emailserver1” ip-address 10.50.23.90

Discussion 0
Questions 126

SmartEvent Security Checkups can be run from the following Logs and Monitor activity:

Options:

A.  

Reports

B.  

Advanced

C.  

Checkups

D.  

Views

Discussion 0
Questions 127

What are the two high availability modes?

Options:

A.  

Load Sharing and Legacy

B.  

Traditional and New

C.  

Active and Standby

D.  

New and Legacy

Discussion 0
Questions 128

D18912E1457D5D1DDCBD40AB3BF70D5D

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?

Options:

A.  

The connection is destined for a server within the network

B.  

The connection required a Security server

C.  

The packet is the second in an established TCP connection

D.  

The packets are not multicast

Discussion 0
Questions 129

IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel?

Options:

A.  

Nothing

B.  

TCP FIN

C.  

TCP RST

D.  

ICMP unreachable

Discussion 0
Questions 130

Is it possible to establish a VPN before the user login to the Endpoint Client?

Options:

A.  

yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password

attribute in the trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway

B.  

no, the user must login first.

C.  

yes. you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the

trac_client_1 .ttm file located in the SFWDIR/conf directory on the Security Gateway

D.  

yes, you had to enable Machine Authentication in the Gateway object of the Smart Console

Discussion 0
Questions 131

What are the main stages of a policy installation?

Options:

A.  

Initiation, Conversion and FWD REXEC

B.  

Verification, Commit, Installation

C.  

Initiation, Conversion and Save

D.  

Verification Compilation, Transfer and Commit

Discussion 0
Questions 132

While using the Gaia CLI. what is the correct command to publish changes to the management server?

Options:

A.  

json publish

B.  

mgmt publish

C.  

mgmt_cli commit

D.  

commit

Discussion 0
Questions 133

Which utility allows you to configure the DHCP service on Gaia from the command line?

Options:

A.  

ifconfig

B.  

dhcp_ofg

C.  

sysconfig

D.  

cpconfig

Discussion 0
Questions 134

Which Queue in the Priority Queue has the maximum priority?

Options:

A.  

High Priority

B.  

Control

C.  

Routing

D.  

Heavy Data Queue

Discussion 0
Questions 135

What is the default shell for the command line interface?

Options:

A.  

Expert

B.  

Clish

C.  

Admin

D.  

Normal

Discussion 0
Questions 136

Which component is NOT required to communicate with the Web Services API?

Options:

A.  

API key

B.  

session ID token

C.  

content-type

D.  

Request payload

Discussion 0
Questions 137

Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:

Options:

A.  

api mgmt status

B.  

api status

C.  

status api

D.  

status mgmt apt

Discussion 0
Questions 138

What is false regarding prerequisites for the Central Deployment usage?

Options:

A.  

The administrator must have write permission on SmartUpdate

B.  

Security Gateway must have the latest CPUSE Deployment Agent

C.  

No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

D.  

The Security Gateway must have a policy installed

Discussion 0
Questions 139

What is the biggest benefit of policy layers?

Options:

A.  

To break one policy into several virtual policies

B.  

Policy Layers and Sub-Policies enable flexible control over the security policy

C.  

They improve the performance on OS kernel version 3.0

D.  

To include Threat Prevention as a sub policy for the firewall policy

Discussion 0
Questions 140

What are the two modes for SNX (SSL Network Extender)?

Options:

A.  

Network Mode and Application Mode

B.  

Visitor Mode and Office Mode

C.  

Network Mode and Hub Mode

D.  

Office Mode and Hub Mode

Discussion 0
Questions 141

Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?

Options:

A.  

R76 Splat

B.  

R77.X Gaia

C.  

R75 Splat

D.  

R75 Gaia

Discussion 0
Questions 142

What Is the difference between Updatable Objects and Dynamic Objects

Options:

A.  

Dynamic Objects ate maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

B.  

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally For Dynamic Objects

there is no need to install policy for the changes to take effect.

C.  

Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally In both cases there is no

need to install policy for the changes to take effect.

D.  

Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there rs no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.

Discussion 0
Questions 143

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

Options:

A.  

Better understand the behavior of the Access Control Policy

B.  

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

C.  

Automatically rearrange Access Control Policy based on Hit Count Analysis

D.  

Analyze a Rule Base - You can delete rules that have no matching connections

Discussion 0
Questions 144

Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the

inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire

mode configuration, chain modules marked with _______ will not apply.

Options:

A.  

ffffffff

B.  

00000001

C.  

00000002

D.  

00000003

Discussion 0
Questions 145

Besides fw monitor, what is another command that can be used to capture packets?

Options:

A.  

arp

B.  

traceroute

C.  

tcpdump

D.  

ping

Discussion 0
Questions 146

The installation of a package via SmartConsole CANNOT be applied on

Options:

A.  

A single Security Gateway

B.  

A full Security Cluster (All Cluster Members included)

C.  

Multiple Security Gateways and/or Clusters

D.  

R81.20 Security Management Server

Discussion 0
Questions 147

What could NOT be a reason for synchronization issues in a Management HA environment?

Options:

A.  

Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate

B.  

There is a network connectivity failure between the servers

C.  

Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.

D.  

The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server

Discussion 0
Questions 148

When using the Mail Transfer Agent, where are the debug logs stored?

Options:

A.  

$FWDIR/bin/emaild.mta. elg

B.  

$FWDIR/log/mtad elg

C.  

/var/log/mail.mta elg

D.  

$CPDIR/log/emaild elg

Discussion 0
Questions 149

What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?

Options:

A.  

Manually, Scheduled, Automatic

B.  

Manually, Automatic, Disabled

C.  

Manually, Scheduled, Disabled

D.  

Manually, Scheduled, Enabled

Discussion 0
Questions 150

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Options:

A.  

Basic, Optimized, Strict

B.  

Basic, Optimized, Severe

C.  

General, Escalation, Severe

D.  

General, purposed, Strict

Discussion 0
Questions 151

What is a possible command to delete all of the SSH connections of a gateway?

Options:

A.  

fw sam -I dport 22

B.  

fw ctl conntab -x -dpott=22

C.  

fw tab -t connections -x -e 00000016

D.  

fwaccel dos config set dport ssh

Discussion 0
Questions 152

In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?

Options:

A.  

If the Action of the matching rule is Accept the gateway will drop the packet

B.  

If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down

C.  

If the Action of the matching rule is Drop the gateway stops matching against later rules in the Policy Rule Base and drops the packet

D.  

If the rule does not match in the Network policy it will continue to other enabled polices

Discussion 0
Questions 153

On R81.20 the IPS Blade is managed by:

Options:

A.  

Threat Protection policy

B.  

Anti-Bot Blade

C.  

Threat Prevention policy

D.  

Layers on Firewall policy

Discussion 0
Questions 154

In R81.20 a new feature dynamic log distribution was added. What is this for?

  • Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  • In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log

  • Synchronize the log between the primary and secondary management server in case of a Management High Availability

Options:

A.  

To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

Discussion 0
Questions 155

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

Options:

A.  

Application Control

B.  

Firewall

C.  

Identity Awareness

D.  

URL Filtering

Discussion 0
Questions 156

Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?

Options:

A.  

Zero Downtime Upgrade (ZDU)

B.  

Connectivity Upgrade (CU)

C.  

Minimal Effort Upgrade (ME)

D.  

Multi-Version Cluster Upgrade (MVC)

Discussion 0
Questions 157

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Options:

A.  

INSPECT Engine

B.  

Stateful Inspection

C.  

Packet Filtering

D.  

Application Layer Firewall

Discussion 0
Questions 158

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

Options:

A.  

There is a virus found. Traffic is still allowed but not accelerated.

B.  

The connection required a Security server.

C.  

Acceleration is not enabled.

D.  

The traffic is originating from the gateway itself.

Discussion 0
Questions 159

Check Point security components are divided into the following components:

Options:

A.  

GUI Client, Security Gateway, WebUI Interface

B.  

GUI Client, Security Management, Security Gateway

C.  

Security Gateway, WebUI Interface, Consolidated Security Logs

D.  

Security Management, Security Gateway, Consolidate Security Logs

Discussion 0
Questions 160

Office mode means that:

Options:

A.  

SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

B.  

Users authenticate with an Internet browser and use secure HTTPS connection.

C.  

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

D.  

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Discussion 0
Questions 161

What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)

Options:

A.  

SmartCenter Server cannot reach this Security Gateway.

B.  

There is a blade reporting a problem.

C.  

VPN software blade is reporting a malfunction.

D.  

Security Gateway’s MGNT NIC card is disconnected.

Discussion 0
Questions 162

Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.

Which of the following statements correctly identify each product's capabilities?

Options:

A.  

Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only

B.  

For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.

C.  

For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.

D.  

Workspace can support any application, whereas Connect has a limited number of application types which it will support.

Discussion 0
Questions 163

What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?

Options:

A.  

Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

B.  

Security Gateway failover as well as Security Management Server failover is a manual procedure.

C.  

Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.

D.  

Security Gateway failover as well as Security Management Server failover is an automatic procedure.

Discussion 0
Questions 164

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.  

Create new dashboards to manage 3rd party task

B.  

Create products that use and enhance 3rd party solutions

C.  

Execute automated scripts to perform common tasks

D.  

Create products that use and enhance the Check Point Solution

Discussion 0
Questions 165

What is true of the API server on R81.20?

Options:

A.  

By default the API-server is activated and does not have hardware requirements.

B.  

By default the API-server is not active and should be activated from the WebUI.

C.  

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.  

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Discussion 0
Questions 166

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Options:

A.  

ThreatWiki

B.  

Whitelist Files

C.  

AppWiki

D.  

IPS Protections

Discussion 0
Questions 167

Which file gives you a list of all security servers in use, including port number?

Options:

A.  

$FWDIR/conf/conf.conf

B.  

$FWDIR/conf/servers.conf

C.  

$FWDIR/conf/fwauthd.conf

D.  

$FWDIR/conf/serversd.conf

Discussion 0
Questions 168

Which command shows the current connections distributed by CoreXL FW instances?

Options:

A.  

fw ctl multik stat

B.  

fw ctl affinity -l

C.  

fw ctl instances -v

D.  

fw ctl iflist

Discussion 0
Questions 169

What are the different command sources that allow you to communicate with the API server?

Options:

A.  

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.  

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.  

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.  

API_cli Tool, Gaia CLI, Web Services

Discussion 0
Questions 170

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.  

None, Security Management Server would be installed by itself.

B.  

SmartConsole

C.  

SecureClient

D.  

Security Gateway

E.  

SmartEvent

Discussion 0
Questions 171

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?

Options:

A.  

Severity

B.  

Automatic reactions

C.  

Policy

D.  

Threshold

Discussion 0
Questions 172

What is the difference between an event and a log?

Options:

A.  

Events are generated at gateway according to Event Policy

B.  

A log entry becomes an event when it matches any rule defined in Event Policy

C.  

Events are collected with SmartWorkflow form Trouble Ticket systems

D.  

Log and Events are synonyms

Discussion 0
Questions 173

In R81 spoofing is defined as a method of:

Options:

A.  

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.  

Hiding your firewall from unauthorized users.

C.  

Detecting people using false or wrong authentication logins

D.  

Making packets appear as if they come from an authorized IP address.

Discussion 0
Questions 174

CoreXL is supported when one of the following features is enabled:

Options:

A.  

Route-based VPN

B.  

IPS

C.  

IPv6

D.  

Overlapping NAT

Discussion 0
Questions 175

There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?

Options:

A.  

Using Web Services

B.  

Using Mgmt_cli tool

C.  

Using CLISH

D.  

Using SmartConsole GUI console

E.  

Events are collected with SmartWorkflow from Trouble Ticket systems

Discussion 0
Questions 176

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Options:

A.  

fw ctl multik set_mode 1

B.  

fw ctl Dynamic_Priority_Queue on

C.  

fw ctl Dynamic_Priority_Queue enable

D.  

fw ctl multik set_mode 9

Discussion 0
Questions 177

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

Options:

A.  

UDP port 265

B.  

TCP port 265

C.  

UDP port 256

D.  

TCP port 256

Discussion 0
Questions 178

Which of the following authentication methods ARE NOT used for Mobile Access?

Options:

A.  

RADIUS server

B.  

Username and password (internal, LDAP)

C.  

SecurID

D.  

TACACS+

Discussion 0
Questions 179

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Options:

A.  

Detects and blocks malware by correlating multiple detection engines before users are affected.

B.  

Configure rules to limit the available network bandwidth for specified users or groups.

C.  

Use UserCheck to help users understand that certain websites are against the company’s security policy.

D.  

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Discussion 0
Questions 180

What is true about the IPS-Blade?

Options:

A.  

In R81, IPS is managed by the Threat Prevention Policy

B.  

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C.  

In R81, IPS Exceptions cannot be attached to “all rules”

D.  

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Discussion 0
Questions 181

What is the mechanism behind Threat Extraction?

Options:

A.  

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

B.  

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

C.  

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

D.  

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Discussion 0
Questions 182

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Options:

A.  

add host name ip-address

B.  

add hostname ip-address

C.  

set host name ip-address

D.  

set hostname ip-address

Discussion 0
Questions 183

What command verifies that the API server is responding?

Options:

A.  

api stat

B.  

api status

C.  

show api_status

D.  

app_get_status

Discussion 0
Questions 184

What has to be taken into consideration when configuring Management HA?

Options:

A.  

The Database revisions will not be synchronized between the management servers

B.  

SmartConsole must be closed prior to synchronized changes in the objects database

C.  

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

D.  

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

Discussion 0
Questions 185

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.  

SmartEvent Client Info

B.  

SecuRemote

C.  

Check Point Protect

D.  

Check Point Capsule Cloud

Discussion 0
Questions 186

Which TCP-port does CPM process listen to?

Options:

A.  

18191

B.  

18190

C.  

8983

D.  

19009

Discussion 0
Questions 187

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

Options:

A.  

fw ctl multik dynamic_dispatching on

B.  

fw ctl multik dynamic_dispatching set_mode 9

C.  

fw ctl multik set_mode 9

D.  

fw ctl multik pq enable

Discussion 0
Questions 188

Which command can you use to verify the number of active concurrent connections?

Options:

A.  

fw conn all

B.  

fw ctl pstat

C.  

show all connections

D.  

show connections

Discussion 0