A.  

edit fwaffinity.conf; reboot required

B.  

cpconfig; reboot required

C.  

edit fwaffinity.conf; reboot not required

D.  

cpconfig; reboot not required

A.  

SND is a feature to accelerate multiple SSL VPN connections

B.  

SND is an alternative to IPSec Main Mode, using only 3 packets

C.  

SND is used to distribute packets among Firewall instances

D.  

SND is a feature of fw monitor to capture accelerated packets

A.  

cpwd_admin -l

B.  

cpwd -l

C.  

cpwd admin_list

D.  

cpwd_admin list

A.  

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

B.  

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C.  

The CoreXL FW instances assignment mechanism is based on IP Protocol type

D.  

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

A.  

Performs OS-level sandboxing for SandBlast Cloud architecture

B.  

Ensure the Check Point SandBlast services is running on the end user’s system

C.  

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.  

Clean up email sent with malicious attachments

A.  

$FWDIR/conf/conf.conf

B.  

$FWDIR/conf/servers.conf

C.  

$FWDIR/conf/fwauthd.conf

D.  

$FWDIR/conf/serversd.conf

A.  

Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.

B.  

Create a rule at the top in the Sydney firewall to allow control traffic from your network

C.  

Nothing - Check Point control connections function regardless of Geo-Protection policy

D.  

Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

A.  

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.  

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.  

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.  

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

A.  

SmartMonitor

B.  

SmartView Web Application

C.  

SmartReporter

D.  

SmartTracker

A.  

3

B.  

2

C.  

1

D.  

4

A.  

S

B.  

W

C.  

C

D.  

Space bar

A.  

Stateful Packets

B.  

No Match

C.  

All Packets

D.  

Stateless Packets

A.  

Accounting

B.  

Suppression

C.  

Accounting/Suppression

D.  

Accounting/Extended

A.  

The VMACs used in a Security Gateway cluster

B.  

The involved firewall kernel modules in inbound and outbound packet chain

C.  

Overview over SecureXL templated connections

D.  

Network interfaces and core distribution used for CoreXL

A.  

A setting is defined in the Global Properties for all policies.

B.  

A setting that is configured per Policy Layer.

C.  

Another name for the Clean-up Rule.

D.  

Automatically created when the Clean-up Rule is defined.

A.  

There is a virus found. Traffic is still allowed but not accelerated.

B.  

The connection required a Security server.

C.  

Acceleration is not enabled.

D.  

The traffic is originating from the gateway itself.

A.  

UDP VOIP protocol extension

B.  

In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication

C.  

Special TCP handshaking extension

D.  

Supplement DLP data watermark

A.  

fw ctl Dyn_Dispatch on

B.  

fw ctl Dyn_Dispatch enable

C.  

fw ctl multik set_mode 4

D.  

fw ctl multik set_mode 1

A.  

$FWDIR/database/fwauthd.conf

B.  

$FWDIR/conf/fwauth.conf

C.  

$FWDIR/conf/fwauthd.conf

D.  

$FWDIR/state/fwauthd.conf

A.  

write mem

B.  

show config –f

C.  

save config –o

D.  

save configuration

A.  

SmartProvisioning

B.  

SmartView Tracker

C.  

SmartView Monitor

D.  

SmartLog

A.  

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B.  

Mail, Block Source, Block Destination, Block Services, SNMP Trap

C.  

Mail, Block Source, Block Destination, External Script, SNMP Trap

D.  

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

A.  

Verification & Compilation, Transfer and Commit

B.  

Verification & Compilation, Transfer and Installation

C.  

Verification, Commit, Installation

D.  

Verification, Compilation & Transfer, Installation

A.  

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.  

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.  

IPS, AntiVirus, AntiBot

D.  

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

A.  

CPMI port 18191/TCP

B.  

CPM port/TCP port 19009

C.  

SIC port 18191/TCP

D.  

https port 4434/TCP

A.  

DBSync

B.  

API Server

C.  

fwm

D.  

SOLR

A.  

cphaprob –f register

B.  

cphaprob –d –s report

C.  

cpstat –f all

D.  

cphaprob –a list

A.  

TCP port 443

B.  

TCP port 257

C.  

TCP port 256

D.  

UDP port 8116

A.  

By default the API-server is activated and does not have hardware requirements.

B.  

By default the API-server is not active and should be activated from the WebUI.

C.  

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.  

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

A.  

The number of cores must be the same on every participating cluster node

B.  

The Magic MAC number must be unique per cluster node

C.  

The Sync interface must not have an IP address configured

D.  

If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members

A.  

Manage Setting

B.  

Security Policies

C.  

Gateway and Servers

D.  

Logs and Monitor

A.  

fw ctl stat

B.  

clusterXL stat

C.  

clusterXL status

D.  

cphaprob stat

A.  

show all systems

B.  

show system messages

C.  

sysmess all

D.  

show sysenv all

A.  

Run the command: fw monitor debug on

B.  

Clear the connections table

C.  

Disable CoreXL

D.  

Disable SecureXL

A.  

The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

B.  

The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C.  

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

D.  

The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

A.  

Detect threats and provides a detailed report of discovered threats.

B.  

Proactively detects threats.

C.  

Delivers file with original content.

D.  

Delivers PDF versions of original files with active content removed.

A.  

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B.  

One machine

C.  

Two machines

D.  

Three machines

A.  

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

B.  

Generates an event based on the Event policy.

C.  

Assigns a severity level to the event.

D.  

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

A.  

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.  

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.  

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.  

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

A.  

/opt/CPshrd-R81/conf/local.arp

B.  

/var/opt/CPshrd-R81/conf/local.arp

C.  

$CPDIR/conf/local.arp

D.  

$FWDIR/conf/local.arp

A.  

R81.10 SmartConsole and Application Wiki

B.  

Threat Prevention and Threat Tools

C.  

Threat Wiki and Check Point Website

D.  

R81.10 SmartConsole and Threat Prevention

A.  

SmartCenter Server cannot reach this Security Gateway.

B.  

There is a blade reporting a problem.

C.  

VPN software blade is reporting a malfunction.

D.  

Security Gateway’s MGNT NIC card is disconnected.

A.  

Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

B.  

Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

C.  

Tom’s changes will be lost since he lost connectivity and he will have to start again.

D.  

Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

A.  

UDP port 265

B.  

TCP port 265

C.  

UDP port 256

D.  

TCP port 256

A.  

cpinfo -hf

B.  

cpinfo –y all

C.  

cpinfo –get hf

D.  

cpinfo installed_jumbo

A.  

Security Gateway with GAiA does NOT have SFTP access to Internet

B.  

Security Gateway with GAiA does NOT have access to Internet.

C.  

Security Gateway with GAiA does NOT have SSH access to Internet.

D.  

The desired CPUSE package is ONLY available in the Check Point CLOU

D.  

A.  

Three; security management, Security Gateway, and endpoint security

B.  

Three; Security Gateway, endpoint security, and gateway management

C.  

Two; security management and endpoint security

D.  

Two; endpoint security and Security Gateway

A.  

SmartUpdate

B.  

cpconfig

C.  

SmartConsole

D.  

sysconfig

A.  

Web Browsers and user devices

B.  

DMZ server

C.  

Cloud

D.  

Email servers

A.  

Slow path

B.  

Firewall path

C.  

Medium path

D.  

Accelerated path

A.  

migrate export

B.  

upgrade_tools verify

C.  

pre_upgrade_verifier

D.  

migrate import

A.  

4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

B.  

3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

C.  

1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

D.  

2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

A.  

IPSec VPN does not require installation of a resilient VPN client.

B.  

SSL VPN requires installation of a resident VPN client.

C.  

SSL VPN and IPSec VPN are the same.

D.  

IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.

A.  

This statement is true because SecureXL does improve all traffic.

B.  

This statement is false because SecureXL does not improve this traffic but CoreXL does.

C.  

This statement is true because SecureXL does improve this traffic.

D.  

This statement is false because encrypted traffic cannot be inspected.

A.  

Export R81 configuration, clean install R81.10 and import the configuration

B.  

CPUSE offline upgrade

C.  

CPUSE online upgrade

D.  

SmartUpdate upgrade

A.  

Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B.  

Go to Application&url filtering blade > Advanced > Https Inspection > Policy

C.  

Go to Manage&Settings > Blades > HTTPS Inspection > Policy

D.  

Go to Application&url filtering blade > Https Inspection > Policy

A.  

Supports Dynamic Routing (Unicast and Multicast)

B.  

Supports Dynamic Routing (Unicast Only)

C.  

Supports Dynamic Routing (Multicast Only)

D.  

Does not support Dynamic Routing

A.  

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.  

Threat Extraction always delivers a file and takes less than a second to complete.

C.  

Threat Emulation never delivers a file that takes less than a second to complete.

D.  

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

A.  

ips reset pmstat

B.  

ips pstats reset

C.  

ips pmstats refresh

D.  

ips pmstats reset

A.  

It will generate Geo-Protection traffic

B.  

Automatically uploads debugging logs to Check Point Support Center

C.  

It will not block malicious traffic

D.  

Bypass licenses requirement for Geo-Protection control

A.  

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

B.  

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.  

Time object to a rule to make the rule active only during specified times.

D.  

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

A.  

X-chkp-sid

B.  

Accept-Charset

C.  

Proxy-Authorization

D.  

Application

A.  

Capsule Docs, Capsule Cloud, Capsule Connect

B.  

Capsule Workspace, Capsule Cloud, Capsule Connect

C.  

Capsule Workspace, Capsule Docs, Capsule Connect

D.  

Capsule Workspace, Capsule Docs, Capsule Cloud

A.  

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B.  

Create a separate Security Policy package for each remote Security Gateway.

C.  

Create network objects that restricts all applicable rules to only certain networks.

D.  

Run separate SmartConsole instances to login and configure each Security Gateway directly.

A.  

logd

B.  

fwd

C.  

fwm

D.  

cpd

A.  

Using UDP Multicast or Broadcast on port 8161

B.  

Using UDP Multicast or Broadcast on port 8116

C.  

Quicker than Full sync

D.  

Transfers changes in the Kernel tables between cluster members.

A.  

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.  

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.  

Reset SIC from Smart Dashboard

D.  

Change internal CA via cpconfig

A.  

SmartView Monitor

B.  

SmartEventWeb

C.  

There is no Web application for SmartEvent

D.  

SmartView

A.  

cpm status

B.  

api restart

C.  

api status

D.  

show api status

A.  

In SmartView Tracker, open active log

B.  

In the Logs & Monitor view, select “Open Audit Log View”

C.  

In SmartAuditLog View

D.  

In Smartlog, all logs

A.  

a list of options available for running a query.

B.  

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.  

events generated by a query.

D.  

the details of a selected event.

A.  

Consolidation Policy

B.  

Correlation Unit

C.  

SmartEvent Policy

D.  

SmartEvent GUI

A.  

SmartEvent Client Info

B.  

SecuRemote

C.  

Check Point Protect

D.  

Check Point Capsule Cloud

A.  

cphaprob interface

B.  

cphaprob –I interface

C.  

cphaprob –a if

D.  

cphaprob stat

A.  

User data base corruption

B.  

LDAP conflicts

C.  

Traffic issues

D.  

Phase two key negotiations

A.  

The Database revisions will not be synchronized between the management servers

B.  

SmartConsole must be closed prior to synchronized changes in the objects database

C.  

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

D.  

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

A.  

ELA and CPD

B.  

FWD and LEA

C.  

FWD and CPLOG

D.  

ELA and CPLOG

A.  

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

B.  

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.  

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

D.  

Time object to a rule to make the rule active only during specified times.

A.  

VRRP membership is enabled in cpconfig

B.  

VRRP can be used together with ClusterXL, but with degraded performance

C.  

You cannot have a standalone deployment

D.  

You cannot have different VRIDs in the same physical network

A.  

Allow GUI Client and management server to communicate via TCP Port 19001

B.  

Allow GUI Client and management server to communicate via TCP Port 18191

C.  

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D.  

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

A.  

HTTPS

B.  

RPC

C.  

VPN

D.  

SIC

A.  

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B.  

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

C.  

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

D.  

run fw multik set_mode 1 in Expert mode and then reboot.

A.  

5 Network; Host; Objects; Services; API

B.  

3 Incoming; Outgoing; Network

C.  

2 Internal; External

D.  

4 Incoming; Outgoing; Internal; Other

A.  

fwd via cpm

B.  

fwm via fwd

C.  

cpm via cpd

D.  

fwd via cpd

A.  

None, Security Management Server would be installed by itself.

B.  

SmartConsole

C.  

SecureClient

D.  

Security Gateway

E.  

SmartEvent

A.  

Application and Client Service

B.  

Network and Application

C.  

Network and Layers

D.  

Virtual Adapter and Mobile App

A.  

15 sec

B.  

60 sec

C.  

5 sec

D.  

30 sec

A.  

fwd

B.  

cpwd

C.  

fwm

D.  

cpd

A.  

ccp

B.  

cphaconf

C.  

cphad

D.  

cphastart

A.  

Automatic proxy ARP configuration can be enabled

B.  

Translate Destination on Client Side should be configured

C.  

fw ctl proxy should be configured

D.  

local.arp file must always be configured

A.  

sim erdos –e 1

B.  

sim erdos – m 1

C.  

sim erdos –v 1

D.  

sim erdos –x 1

A.  

AV issues

B.  

VPN errors

C.  

Network traffic issues

D.  

Authentication issues

A.  

Publish or discard the session.

B.  

Revert the session.

C.  

Save and install the Policy.

D.  

Delete older versions of database.

A.  

80

B.  

4434

C.  

443

D.  

8080

A.  

Publish changes

B.  

Save changes

C.  

Install policy

D.  

Install database

A.  

IPS AND Application Control

B.  

IPS, anti-virus and anti-bot

C.  

IPS, anti-virus and e-mail security

D.  

SandBlast

A.  

By modifying the firewall rulebase

B.  

By creating event candidates

C.  

By matching logs against exclusions

D.  

By matching logs against event rules

A.  

To filter out specific content.

B.  

To assist the firewall blade with handling traffic.

C.  

To see what users are doing.

D.  

Ensure security and privacy of information.

A.  

Weight

B.  

Authenticated timeout

C.  

Schedule

D.  

Rate

A.  

Once per day

B.  

Once an hour

C.  

Once a week

D.  

Twice per day

A.  

Idle <20%

B.  

USR <20%

C.  

SYS <20%

D.  

Wait <20%

A.  

Rename the hostname of the Standby member to match exactly the hostname of the Active member.

B.  

Change the Standby Security Management Server to Active.

C.  

Change the Active Security Management Server to Standby.

D.  

Manually synchronize the Active and Standby Security Management Servers.

A.  

api mgmt status

B.  

api status

C.  

status api

D.  

status mgmt apt

A.  

You can install Hotfixes with the Central Deployment in SmartConsole

B.  

You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole.

C.  

Only be installed Hotfixes can with the Central Deployment in SmartConsole

D.  

You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.10.

A.  

Use Multi-Domain Management Server.

B.  

Choose different setting for log storage and SmartEvent db

C.  

Install Management and SmartEvent on different machines.

D.  

it is not possible.

A.  

top

B.  

cptop

C.  

cphaprob list

D.  

cpwd_admin list

A.  

Each network environment is dependent and includes interfaces, routes, sockets, and processes

B.  

Management Plane – To access, provision and monitor the Security Gateway

C.  

Data Plane – To access, provision and monitor the Security Gateway

D.  

Management Plane – for all other network traffic and processing

A.  

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.  

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.  

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.  

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

A.  

upgrade_import

B.  

cpconfig

C.  

fwm dbimport -p

D.  

cpinfo –recover

A.  

TCP port 19009

B.  

TCP Port 18190

C.  

TCP Port 18191

D.  

TCP Port 18209

A.  

Big l

B.  

Little o

C.  

Little i

D.  

Big O

A.  

18191

B.  

18190

C.  

8983

D.  

19009

A.  

cpinfo

B.  

migrate export

C.  

sysinfo

D.  

cpview

A.  

fw monitor –e “accept[12:4,b]=224.0.0.18;”

B.  

fw monitor –e “accept port(6118;”

C.  

fw monitor –e “accept proto=mcVRRP;”

D.  

fw monitor –e “accept dst=224.0.0.18;”

A.  

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

B.  

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

C.  

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

D.  

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

A.  

IDA

B.  

RAD

C.  

PDP

D.  

VPN

A.  

Source Port Ranges/Encrypted Connections

B.  

IPS

C.  

ClusterXL in load sharing Mode

D.  

CoreXL

A.  

Secure Internal Communication (SIC)

B.  

Restart Daemons if they fail

C.  

Transfers messages between Firewall processes

D.  

Pulls application monitoring status

A.  

cphaprob –a if

B.  

cphaconf ccp multicast

C.  

cphaconf debug data

D.  

cphaprob igmp

A.  

fw accel stat

B.  

fwaccel stat

C.  

fw acces stats

D.  

fwaccel stats

A.  

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.  

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.  

Machines in a ClusterXL High Availability configuration must be synchronized.

D.  

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

A.  

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.  

Hiding your firewall from unauthorized users.

C.  

Detecting people using false or wrong authentication logins

D.  

Making packets appear as if they come from an authorized IP address.

A.  

clusterXL_admin down

B.  

cphaprob_admin down

C.  

clusterXL_admin down-p

D.  

set clusterXL down-p

A.  

Remove the installed Security Policy.

B.  

Remove the local ACL lists.

C.  

No effect.

D.  

Reset SIC on all gateways.

A.  

6 GB

B.  

8GB with Gaia in 64-bit mode

C.  

4 GB

D.  

It depends on the number of software blades enabled

A.  

20 minutes

B.  

15 minutes

C.  

Admin account cannot be unlocked automatically

D.  

30 minutes at least

A.  

Firewall

B.  

VPN

C.  

IPS

D.  

HTTPS

A.  

2

B.  

7

C.  

6

D.  

4

A.  

Execute an automated script to perform common tasks

B.  

Create a customized GUI Client for manipulating the objects database

C.  

Create products that use and enhance the Check Point solution

D.  

Integrate Check Point products with 3rd party solution

A.  

SmartEvent Server

B.  

Correlation Unit

C.  

Log Consolidator

D.  

Log Server

A.  

fwm

B.  

cpd

C.  

cpwd

D.  

cpm

A.  

You will find it in the home directory of your usef account (e.g. /home/admirV)

B.  

You can locate the file via SmartConsole > Command Line.

C.  

You have to launch the WebUl and go to "Config" -> "Export Conflg File" and specifly the destination directory of your local tile system

D.  

You cannot locate the file in the file system sine© Clish does not have any access to the bash fie system

A.  

Assign the user a permission profile in SmartConsole

B.  

Assign the user the admin RBAC role in dish

C.  

No need to grant access since every user has access by default.

D.  

In bash, use the following command: "gaia_api access --user Tom -enable true"

A.  

A host route to route to the destination IP.

B.  

Use the file local.arp to add the ARP entries for NAT to work.

C.  

Nothing, the Gateway takes care of all details necessary.

D.  

Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

A.  

Removed from the Rule Base.

B.  

Towards the middle of the Rule Base.

C.  

Towards the top of the Rule Base.

D.  

Towards the bottom of the Rule Base.

A.  

Policy-based tests and Global properties

B.  

Global tests and Object-based tests

C.  

Access Control policy analysis and Threat Prevention policy analysis

D.  

Tests conducted based on the loC XMfcfile and analysis of SOLR documents

A.  

life sign polling interval

B.  

life sign timeout

C.  

life_sign_polling_interval

D.  

life_sign_timeout

A.  

Check Point Security Management HA (Secondary): set cluster member mvc on

B.  

Check Point Security Gateway Only: set cluster member mvc on

C.  

Check Point Security Management HA (Primary): set cluster member mvc on

D.  

Check Point Security Gateway Cluster Member: set cluster member mvc on

A.  

clusterXL_admin down in Expert Mode

B.  

clusterXL_admin down in Clish

C.  

set cluster member state down in Clish

D.  

set cluster down in Expert Mode

A.  

Correction Mechanisms are only available of Maestro Hyperscale Orchestrators

B.  

Pre-Correction and SDF (Sticky Decision Function)

C.  

SDF (Sticky Decision Function) and Flush and ACK

D.  

Dispatcher (Early Correction) and Firewall (Late Correction)

A.  

Command and Control traffic from hosts that have been identified as infected

B.  

Command and Control traffic to servers with reputation for hosting malware

C.  

Network traffic that is directed to unknown or malicious servers

D.  

Network traffic to hosts that have been identified as infected

A.  

The license is attached to the wrong Security Gateway.

B.  

The existing license expires.

C.  

The license is upgraded.

D.  

The IP address of the Security Management or Security Gateway has changed.

A.  

Nothing

B.  

TCP FIN

C.  

TCP RST

D.  

ICMP unreachable

A.  

R81.40 and later

B.  

R76 and later

C.  

R70 and Later

D.  

R81.10 and Later

A.  

“write memory” was not issued on clish

B.  

changes are only possible via SmartConsole

C.  

“save config” was not issued in expert mode

D.  

“save config” was not issued on clish

A.  

set cluster member down

B.  

cpstop

C.  

clusterXL_admin down

D.  

set clusterXL down

A.  

F2F (Slow path). Templated Path. PQX and F2V

B.  

F2F (Slow path). PXL, QXL and F2V

C.  

F2F (Slow path), Accelerated Path, PQX and F2V

D.  

F2F (Slow path), Accelerated Path, Medium Path and F2V

A.  

Authentication requests

B.  

CPMI dbsync

C.  

Logs

D.  

Event Policy

A.  

When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

B.  

When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

C.  

When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

D.  

When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall’s interfaces.

A.  

View install changes and install specific version

B.  

Policy Installation Date only

C.  

Policy Installation Date, view install changes and install specific version

D.  

View install changes

A.  

set mdps split brain on

B.  

set mdps split plane on

C.  

set mdps mgmt plane on

D.  

set mdps data plane off

A.  

The idle timeout for the web session is specified with the "set web session-timeout" command.

B.  

The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command "set inactivity-timeout 600" instead.

C.  

Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.

D.  

The number of minutes is correct. Probably, you have forgotten to save this setting with the "save config" command.

A.  

In WebUI Status and Actions page or by running the following command in CLISH: show installer status build

B.  

In WebUI Status and Actions page or by running the following command in CLISH: show installer status version

C.  

In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build

D.  

In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent

A.  

SMS Alert, Log, SNMP alert

B.  

Syslog, None, User-defined scripts

C.  

None, Log, Syslog

D.  

Alert, SNMP trap, Mail

A.  

CPUSE offline upgrade only

B.  

Advanced upgrade or CPUSE offline upgrade

C.  

Advanced Upgrade only

D.  

SmartUpdate offline upgrade

A.  

$FWDIR/bin/emaild.mta. elg

B.  

$FWDIR/log/mtad elg

C.  

/var/log/mail.mta elg

D.  

$CPDIR/log/emaild elg

A.  

Synchronized

B.  

Never been synchronized

C.  

Lagging

D.  

Collision

A.  

Domain-based- VPN domains are pre-defined for all VPN Gateways.

When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

B.  

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to

forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

C.  

Domain-based- VPN domains are pre-defined for all VPN Gateways.

A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

D.  

Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

A.  

IP

B.  

SIC

C.  

NAT

D.  

FQDN

A.  

CPUSE Check Point Update Service Engine

B.  

rpm -Uv

C.  

Software Update Service

D.  

UnixinstallScript

A.  

fw tab -t

B.  

fw tab -s

C.  

fw tab -n

D.  

fw tab -k

A.  

HostName:0>show installer status build

B.  

[Expert@HostName:0]#show installer status

C.  

[Expert@HostName:0]#show installer status build

D.  

HostName:0>show installer build

A.  

cat $FWDIR/conf/vpn.conf

B.  

vpn tu tlist

C.  

vpn tu

D.  

cpview

A.  

secondary Smartcenter

B.  

active Smartenter

C.  

connect virtual IP of Smartcenter HA

D.  

primary Smartcenter

A.  

Any size

B.  

Less than 20GB

C.  

More than 10GB and less than 20GB

D.  

At least 20GB

A.  

SecuRemote

B.  

Endpoint Security Suite

C.  

Endpoint Security VPN

D.  

Check Point Mobile

A.  

https:// /smartviewweb/

B.  

https:// /smartview/

C.  

https:// smartviewweb

D.  

https:// /smartview

A.  

Manual configuration of file types on emulation location.

B.  

Load sharing of emulation between an on premise appliance and the cloud.

C.  

Load sharing between OS behavior and CPU Level emulation.

D.  

High availability between the local SandBlast appliance and the cloud.

A.  

Can only be changed for Load Sharing implementations

B.  

All connections are processed and synchronized by the pivot

C.  

Is configured using cpconfig

D.  

Is only relevant when using SecureXL

A.  

Capsule Workspace

B.  

Capsule Mail

C.  

Capsule VPN

D.  

Secure Workspace

A.  

ffff

B.  

1

C.  

2

D.  

3

A.  

Threat Emulation

B.  

Mobile Access

C.  

Mail Transfer Agent

D.  

Threat Cloud

A.  

Matching a log against each event definition

B.  

Create an event candidate

C.  

Matching a log against local exclusions

D.  

Matching a log against global exclusions

A.  

Once a week

B.  

Once an hour

C.  

Twice per day

D.  

Once per day