00 CCSA Test
00 CCSA Test
00 CCSA Test
536q
QUESTION 1
Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?
A. AES-GCM-256
B. AES-CBC-256
C. AES-GCM-128
D. DES
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/13847
QUESTION 2
What is the most complete definition of the difference between the Install Policy button on the SmartConsole’s tab, and the Install Policy button within a specific
policy?
A. The Global one also saves and publishes the session before installation.
B. The Global one can install multiple selected policies at the same time.
C. The local one does not install the Anti-Malware policy along with the Network policy.
D. The second one pre-selects the installation for only the current policy and for the applicable gateways.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
SmartEvent does NOT use which of the following procedures to identity events:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 4
Which policy type is used to enforce bandwidth and traffic control rules?
A. Threat Emulation
B. Access Control
C. QoS
D. Threat Prevention
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point's QoS Solution
QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS
is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and
software. Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_QoS_AdminGuide/index.html
QUESTION 5
Which of the following is NOT a policy type available for each policy package?
A. Threat Emulation
B. Access Control
C. Desktop Security
D. Threat Prevention
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/119225
QUESTION 6
Which of the following is NOT an identity source used for Identity Awareness?
A. Remote Access
B. UserCheck
C. AD Query
D. RADIUS
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/products/identity-awareness-software-blade/
QUESTION 7
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control
over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it
rather than in the next rule.
Correct Answer: D
Section: (none)
Explanation
QUESTION 8
What Check Point tool is used to automatically update Check Point products for the Gaia OS?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_Installation_and_Upgrade_Guide/129978
QUESTION 9
Which option in a firewall rule would only match and allow traffic to VPN gateways for one Community in common?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. To log all traffic that is not explicitly allowed or denied in the Rule Base
B. To clean up policies found inconsistent with the compliance blade reports
C. To remove all rules that could have a conflict with other rules in the database
D. To eliminate duplicate log entries in the Security Gateway
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
These are basic access control rules we recommend for all Rule Bases:
Stealth rule that prevents direct access to the Security Gateway.
Cleanup rule that drops all traffic that is not allowed by the earlier rules.
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92703.htm
QUESTION 11
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Configure Spoof Tracking - select the tracking action that is done when spoofed packets are detected: Log - Create a log entry (default) Alert - Show an alert None
- Do not log or alert Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 12
A. 259, 900
B. 256, 257
C. 8080, 529
D. 80, 256
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://digitalcrunch.com/check-point-firewall/list-of-check-point-ports/
QUESTION 13
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Which of the following is used to enforce changes made to a Rule Base?
A. Publish database
B. Save changes
C. Install policy
D. Activate policy
Explanation/Reference:
QUESTION 15
Which of the following is NOT a license activation method?
A. SmartConsole Wizard
B. Online Activation
C. License Activation Wizard
D. Offline Activation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Which tool CANNOT be launched from SmartUpdate R77?
A. IP Appliance Voyager
B. snapshot
C. GAiA WebUI
D. cpinfo
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
What are the three essential components of the Check Point Security Management Architecture?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Deployments
Basic deployments:
Standalone deployment - Security Gateway and the Security Management server are installed on the same machine.
Distributed deployment - Security Gateway and the Security Management server are installed on different machines.
QUESTION 18
To enforce the Security Policy correctly, a Security Gateway requires:
A. a routing table
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the
network topology to: Correctly enforce the Security Policy.
Ensure the validity of IP addresses for inbound and outbound traffic. Configure a special domain for Virtual Private Networks.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/118037
QUESTION 19
What two ordered layers make up the Access Control Policy Layer?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
Which Threat Prevention Profile is not included by default in R80 Management?
A. Basic – Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on networkperformance
B. Optimized – Provides excellent protection for common network products and protocols against recent or popular attacks
C. Strict – Provides a wide coverage for all products and protocols, with impact on network performance
D. Recommended – Provides all protection for all common network products and servers, with impact on network performance
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/CP_R80BC_ThreatPrevention/136486
QUESTION 21
What is Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and IPS Policies.
B. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database.
C. The collective name of the logs generated by SmartReporter.
D. A global Policy used to share a common enforcement policy for multiple Security Gateways.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
A. sysdown
B. exit
C. halt
D. shut-down
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
A new license should be generated and installed in all of the following situations EXCEPT when ________ .
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.
QUESTION 25
Check Point ClusterXL Active/Active deployment is used when:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
What are the two types of NAT supported by the Security Gateway?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 28
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of
cluster is it?
A. Full HA Cluster
B. High Availability
C. Standalone
D. Distributed
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
With which command can you view the running configuration of Gaia Operating system?
A. show conf-active
B. show configuration active
C. show configuration
D. show running-configuration
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. a routing table
B. that each Security Gateway enforces at least one rule
C. a Demilitarized Zone
D. a Security Policy install
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Match the following commands to their correct function. Each command has one function only listed.
Explanation/Reference:
QUESTION 32
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
QUESTION 33
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration.
You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base.
You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your
user database. How can you do this?
A. Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.
B. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen.
Then, run fwm_dbimport.
C. Restore the entire database, except the user database, and then create the new user and user group.
D. Restore the entire database, except the user database.
Correct Answer: D
Section: (none)
Explanation
QUESTION 34
In Security Gateways, SIC uses ______________ for encryption.
A. AES-128
B. AES-256
C. DES
D. 3DES
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
QUESTION 35
John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and
amending the rules using SmartConsole. To make John’s changes available to other administrators, and to save the database before installing a policy, what must
John do?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Installing and Publishing
It is important to understand the differences between publishing and installing.
QUESTION 36
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Prevention API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1517088487_4c0acda205460a92f44c83d399826a7b&xtn=.pdf
QUESTION 37
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the
following should you remember?
A. You can only use the rule for Telnet, FTP, SMPT, and rlogin services.
B. The Security Gateway first checks if there is any rule that does not require authentication for this type of connection before invoking the Authentication Security
Server.
C. Once a user is first authenticated, the user will not be prompted for authentication again until logging out.
D. You can limit the authentication attempts in the User Properties' Authentication tab.
Explanation/Reference:
QUESTION 38
When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security
Policy?
A. Access Role
B. User Group
C. SmartDirectory Group
D. Group Template
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
You are using SmartView Tracker to troubleshoot NAT entries Which column do you check to view the NAT’d source port if you are using Source NAT?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
A. https://
B. http://
C. https://:10000
D. https://:4434
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Access to Web UI Gaia administration interface, initiate a connection from a browser to the default administration IP address:
Logging in to the WebUI
Logging in
To log in to the WebUI:
1. Enter this URL in your browser: https://
2. Enter your user name and password.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/75930
QUESTION 41
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the
SandBlast component?
A. Threat Emulation
B. Mobile Access
C. Mail Transfer Agent
D. Threat Cloud
Correct Answer: C
Section: (none)
Explanation
QUESTION 42
Where can administrator edit a list of trusted SmartConsole clients?
A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions
and Administrators>Advanced>Trusted Clients.
D. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via
cpconfig on a Security Gateway.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
The R80 utility fw monitor is used to troubleshoot _____________
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple
capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the
windows domain?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
What are the steps to configure the HTTPS Inspection Policy?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
Which method below is NOT one of the ways to communicate using the Management API’s?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction
QUESTION 48
What is the difference between SSL VPN and IPSec VPN?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/83586.htm
QUESTION 49
Which one of the following is TRUE?
Correct Answer: C
Section: (none)
Explanation
QUESTION 50
Which command is used to obtain the configuration lock in Gaia?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Obtaining a Configuration Lock lock database override unlock database Reference: https://sc1.checkpoint.com/documents/R76/
CP_R76_Gaia_WebAdmin/75697.htm#o73091
QUESTION 51
Which statement describes what Identity Sharing is in Identity Awareness?
A. Management servers can acquire and share identities with Security Gateways
B. Users can share identities with other users
C. Security Gateways can acquire and share identities with other Security Gateways
D. Administrators can share identities with other administrators
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Identity Sharing
Best Practice - In environments that use many Security Gateways and AD Query, we recommend that you set only one Security Gateway to acquire identities
from a given Active Directory domain controller for each physical site. If more than one Security Gateway gets identities from the same AD server, the AD server
can become overloaded with WMI queries.
Set these options on the Identity Awareness > Identity Sharing page of the Security Gateway object:
QUESTION 52
In SmartConsole, on which tab are Permissions and Administrators defined?
A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateway and Servers
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
Which feature in R77 permits blocking specific IP addresses for a specified time period?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54
To view statistics on detected threats, which Threat Tool would an administrator use?
A. Protections
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
Which of the following is NOT an integral part of VPN communication within a network?
A. VPN key
B. VPN community
C. VPN trust entities
D. VPN domain
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
VPN key (to not be confused with pre-shared key that is used for authentication).
VPN trust entities, such as a Check Point Internal Certificate Authority (ICA). The ICA is part of the Check Point suite used for creating SIC trusted connection
between Security Gateways, authenticating administrators and third party servers. The ICA provides certificates for internal Security Gateways and remote access
clients which negotiate the VPN link.
VPN Domain - A group of computers and networks connected to a VPN tunnel by one VPN gateway that handles encryption and protects the VPN Domain
members. VPN Community - A named collection of VPN domains, each protected by a VPN gateway.
Reference: http://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13868.htm
QUESTION 56
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and
valid list.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
RADIUS Accounting gets ______ data from requests generated by the accounting client
A. Destination
B. Identity
C. Payload
D. Location
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
How RADIUS Accounting Works with Identity Awareness
RADIUS Accounting gets identity data from RADIUS Accounting Requests generated by the RADIUS accounting client.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_IdentityAwareness_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_IdentityAwareness_WebAdminGuide/62050
QUESTION 58
Which of the following is NOT a type of Endpoint Identity Agent?
A. Terminal
B. Light
C. Full
D. Custom
Correct Answer: A
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk107415
QUESTION 59
True or False: more than one administrator can login to the Security Management Server with SmartConsole with write permission at the same time.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a
session that is independent of the other administrators.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
QUESTION 60
Browser-based Authentication sends users to a web page to acquire identities using ________ .
A. User Directory
B. Captive Portal and Transparent Kerberos Authentication
C. Captive Portal
D. UserCheck
Correct Answer: B
Section: (none)
Explanation
QUESTION 61
The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for
hotfixes and automatically download them?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/112109
QUESTION 62
Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SmartDashboard organizes the automatic NAT rules in this order:
1. Static NAT rules for Firewall, or node (computer or server) objects 2. Hide NAT rules for Firewall, or node objects 3. Static NAT rules for network or address
range objects 4. Hide NAT rules for network or address range objects Reference: https://sc1.checkpoint.com/documents/R77/
CP_R77_Firewall_WebAdmin/6724.htm
QUESTION 63
The CDT utility supports which of the following?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97443
QUESTION 64
Which path below is available only when CoreXL is enabled?
A. Slow path
B. Firewall path
C. Medium path
D. Accelerated path
Correct Answer: C
Explanation/Reference:
QUESTION 65
Which SmartConsole component can Administrators use to track changes to the Rule Base?
A. WebUI
B. SmartView Tracker
C. SmartView Monitor
D. SmartReporter
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 66
What is the BEST command to view configuration details of all interfaces in Gaia CLISH?
A. ifconfig -a
B. show interfaces all
C. show interfaces detail
D. show configuration interfaces
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 67
Which Check Point Application Control feature enables application scanning and detection?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
AppWiki Application Classification Library
AppWiki enables application scanning and detection of more than 5,000 distinct applications and over 300,000 Web 2.0 widgets including instant messaging,
social networking, video streaming, VoIP, games and more.
Reference: https://www.checkpoint.com/products/application-control-software-blade/
QUESTION 68
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen
on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 69
What happens when you run the command: fw sam -J src [Source IP Address]?
A. Connections from the specified source are blocked without the need to change the Security Policy.
B. Connections to the specified target are blocked without the need to change the Security Policy.
C. Connections to and from the specified target are blocked without the need to change the Security Policy.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 70
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 71
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. Central
B. Corporate
C. Formal
D. Local
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 73
What is the default shell for the command line interface?
A. Expert
B. Clish
C. Admin
D. Normal
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The default shell of the CLI is called clish
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm
QUESTION 74
Which Threat Tool within SmartConsole provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do
not need to be scanned or analyzed?
A. ThreatWiki
B. Whitelist Files
C. AppWiki
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/82209.htm
QUESTION 75
The Administrator wishes to update IPS protections from SmartConsole by clicking on the option “Update Now” under the Updates tab in Threat Tools. Which
device requires internet access for the update to work?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Updating IPS Manually
You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website.
You can only manually update IPS if a proxy is defined in Internet Explorer settings.
To obtain updates of all the latest protections from the IPS website:
1. Configure the settings for the proxy server in Internet Explorer.
1.In Microsoft Internet Explorer, open Tools > Internet Options > Connections tab > LAN Settings. The LAN Settings window opens.
2.Select Use a proxy server for your LAN.
3.Configure the IP address and port number for the proxy server.
4.Click OK.
The settings for the Internet Explorer proxy server are configured.
2. In the IPS tab, select Download Updates and click Update Now.
If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections. Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12850.htm
QUESTION 76
How could you tune the profile in order to lower the CPU load still maintaining security at good level?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 77
A. SmartDashboard
B. SmartUpdate
C. SmartView Status
D. SmartView Tracker
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 78
When should you generate new licenses?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84802
QUESTION 79
How many users can have read/write access in Gaia Operating System at one time?
A. Infinite
B. One
C. Three
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 80
Authentication rules are defined for ____________.
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SGW_WebAdmin/6721.htm
QUESTION 81
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.
B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can
be restored from a periodic backup on the Gateway.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 83
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 84
What are the three deployment options available for a security gateway?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 85
Jack works for a Managed Service Provider and he has been tasked to create 17 new policies for several new customers.
He does not have much time. What is the BEST way to do this with R80 security management?
A. Create a text-file with mgmt_cli script that creates all objects and policies. Open the file in SmartConsole Command Line to run it.
B. Create a text-file with Gaia CLI -commands in order to create all objects and policies. Run the file in CLISH with command load configuration.
C. Create a text-file with DBEDIT script that creates all objects and policies. Run the file in the command line of the management server using command dbedit -f.
D. Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to create the policies.
Explanation/Reference:
Explanation:
Did you know: mgmt_cli can accept csv files as inputs using the --batch option.
The first row should contain the argument names and the rows below it should hold the values for these parameters.
So an equivalent solution to the powershell script could look like this:
data.csv:
mgmt_cli add host --batch data.csv -u -p -m This can work with any type of command not just "add host" : simply replace the column names with the ones
relevant to the command you need.
Reference: https://community.checkpoint.com/thread/1342
https://sc1.checkpoint.com/documents/R80/APIs/#gui-cli/add-access-rule
QUESTION 86
You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?
A. show unsaved
B. show save-state
C. show configuration diff
D. show config-state
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 87
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm
QUESTION 88
What needs to be configured if the NAT property ‘Translate destination on client side’ is not enabled in Global Properties?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 89
Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by
R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1 570
series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?
A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.
B. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
C. The Firewall Administrator can choose which encryption suite will be used by SIC.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Gateways above R71 use AES128 for SIC. If one of the gateways is R71 or below, the gateways use 3DES.
Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?H
ashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 90
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. Set cpmq enable
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm
QUESTION 91
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
Correct Answer: A
Section: (none)
Explanation
QUESTION 92
There are ________ types of software containers ________.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
There are three types of Software Containers: Security Management, Security Gateway, and Endpoint Security. Reference: http://downloads.checkpoint.com/dc/
download.htm?ID=11608
QUESTION 93
What is the purpose of a Stealth Rule?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=387728&seqNum=3
QUESTION 94
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a
session, a new database version is created. When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the
included changes are not published.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 95
You are going to upgrade from R77 to R80. Before the upgrade, you want to back up the system so that, if there are any problems, you can easily restore to the
old version with all configuration and management files intact. What is the BEST backup method in this scenario?
A. backup
B. Database Revision
C. snapshot
D. migrate export
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Snapshot Management
The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system.
Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported.
The log partition is not included in the snapshot. Therefore, any locally stored FireWall logs will not be saved.
QUESTION 96
Two administrators Dave and Jon both manage R80 Management as administrators for ABC Corp. Jon logged into the R80 Management and then shortly after,
Dave logged in to the same server. They are both in the Security Policies view. From the screenshots below, why does Dave not have the rule no.6 in his
SmartConsole view even though Jon has it his in his SmartConsole view?
A. Jon is currently editing rule no.6 but has Published part of his changes.
B. Dave is currently editing rule no.6 and has marked this rule for deletion.
C. Dave is currently editing rule no.6 and has deleted it from his Rule Base.
D. Jon is currently editing rule no.6 but has not yet Published his changes.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes
QUESTION 97
How Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications
B. Capsule Workspace can provide access to any application
C. Capsule Connect provides Business data isolation
D. Capsule Connect does not require an installed application at client
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 98
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 99
SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows them as prioritized security events.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Event Analysis with SmartEvent
The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information.
SmartConsole, SmartView Web Application, and the SmartEvent GUI client consolidate billions of logs and show them as prioritized security events so you can
immediately respond to security incidents, and do the necessary actions to prevent more attacks. You can customize the views to monitor the events that are
most important to you. You can move from a high level view to detailed forensic analysis in a few clicks. With the free-text search and suggestions, you can
quickly run data analysis and identify critical security events.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
QUESTION 100
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
B. Threat Extraction always delivers a file and takes less than a second to complete
C. Threat Emulation never delivers a file that takes less than a second to complete
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 101
An Endpoint identity agent uses a ___________ for user authentication.
A. Shared secret
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
QUESTION 102
Which firewall daemon is responsible for the FW CLI commands?
A. fwd
B. fwm
C. cpm
D. cpd
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 103
Which of the following commands is used to monitor cluster members in CLI?
Correct Answer: A
Section: (none)
Explanation
QUESTION 104
What is NOT an advantage of Stateful Inspection?
A. High Performance
B. Good Security
C. No Screening above Network layer
D. Transparency
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 105
What statement is true regarding Visitor Mode?
A. VPN authentication and encrypted traffic are tunneled through port TCP 443.
B. Only ESP traffic is tunneled through port TCP 443.
C. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
D. All VPN traffic is tunneled through UDP port 4500.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 106
R80 Security Management Server can be installed on which of the following operating systems?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
R80 can be installed only on GAIA OS.
Supported Check Point Installations All R80 servers are supported on the Gaia Operating System:
• Security Management Server
• Multi-Domain Security Management Server
• Log Server
• Multi-Domain Log Server
• SmartEvent Server
Reference: http://dl3.checkpoint.com/paid/1f/1f7e21da67aa992954aa12a0a84e53a8/CP_R80_ReleaseNotes.pdf?HashKey=147983808
5_d6ffcb36c6a3128708b3f6d7bcc4f94e&xtn=.pdf
QUESTION 107
DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Unified Policies
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Shared policies are installed with the Access Control Policy.
QUESTION 108
What are the three components for Check Point Capsule?
Correct Answer: D
Section: (none)
Explanation
QUESTION 109
In SmartConsole, objects are used to represent physical and virtual network components and also some logical components.
These objects are divided into several categories. Which of the following is NOT an objects category?
A. Limit
B. IP Address
C. Custom Application / Site
D. Network Object
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement_AdminGuide/162005
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement_AdminGuide/html_frameset.htm?%20topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_SecurityManagement_AdminGuide/162005
QUESTION 110
When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
A. Any size
B. Less than 20GB
C. More than 10GB and less than 20 GB
D. At least 20GB
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 111
You have discovered suspicious activity in your network. What is the BEST immediate action to take?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/118300
QUESTION 112
Which of the following is NOT an advantage to using multiple LDAP servers?
A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
B. Information on a user is hidden, yet distributed across several servers
C. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
D. You gain High Availability by replicating the same information on several servers
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 113
Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have
licenses that will expire within the next 30 days?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 114
When attempting to start a VPN tunnel, in the logs the error 'no proposal chosen' is seen numerous times. No other VPNrelated log entries are present. Which
phase of the VPN negotiations has failed?
A. IKE Phase 1
B. IPSEC Phase 2
C. IPSEC Phase 1
D. IKE Phase 2
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 115
Which of the following is TRUE regarding Gaia command line?
A. Configuration changes should be done in mgmt_cli and use CLISH for monitoring. Expert mode is used only for OS level tasks.
B. Configuration changes should be done in expert-mode and CLISH is used for monitoring.
C. Configuration changes should be done in mgmt_cli and use expert-mode for OS-level tasks.
D. All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks.
Correct Answer: D
Explanation/Reference:
QUESTION 116
Message digests use which of the following?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 117
A _________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet
browser.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply accessto web-based corporate resources.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm?topic=documents/R80/CP_R80BC_Firewall/92704
What reason could possibly BEST explain why you are unable to connect to SmartConsole?
A. CPD is down
B. SVR is down
C. CPM and FWM are down
D. CPSM is down
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.).
STATE is T (Terminate = Down) Symptoms SmartDashboard fails to connect to the Security Management server.
1. Verify if the FWM process is running. To do this, run the command: [Expert@HostName:0]# ps -aux | grep fwm 2. If the FWM process is not running, then try
force-starting the process with the following command:
[Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm" Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk12120
QUESTION 119
What is the purpose of the Stealth Rule?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=387728&seqNum=3
QUESTION 120
How would you determine the software version from the CLI?
A. fw ver
B. fw stat
C. fw monitor
D. cpinfo
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 121
Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses
connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?
A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of this work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
Correct Answer: A
Section: (none)
Explanation
QUESTION 122
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day
Protection?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 123
You work as a security administrator for a large company. The CSO of your company has attended a security conference where he has learned how hackers
constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right
protections in place. Check Point has been selected for the security vendor. Which Check Point product protects BEST against malware and zero-day attacks
while ensuring quick delivery of safe content to your users?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SandBlast Zero-Day Protection
Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point
QUESTION 124
Which of the following is NOT a set of Regulatory Requirements related to Information Security?
A. ISO 37001
B. Sarbanes Oxley (SOX)
C. HIPAA
D. PCI
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
ISO 37001 - Anti-bribery management systems
Reference: http://www.iso.org/iso/home/standards/management-standards/iso37001.htm
QUESTION 125
What is the purpose of the CPCA process?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
QUESTION 126
There are two Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with
A. No, since “maintain current active cluster member” option on the cluster object properties is enabled by default
B. No, since “maintain current active cluster member” option is enabled by default on the Global Properties
C. Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default
D. Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High
Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security
Gateway in a cluster recovers, the recovery method depends on the configured cluster setting.
The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority
member only if the lower priority memberfails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the
number of failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be
returned to the higher priority member. Thismode is recommended if one member is better equipped for handling connections, so it will be the default Security
Gateway.
Reference: http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?HashKey=14
79822138_31410b1f8360074be87fd8f1ab682464&xtn=.pdf
QUESTION 127
Which of the following is NOT a valid configuration screen of an Access Role Object?
A. Users
B. Networks
C. Time
D. Machines
Correct Answer: C
Section: (none)
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
QUESTION 128
When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule
that matches a packet. Which of the following statements about the order of rule enforcement is true?
A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 129
Which default Gaia user has full read/write access?
A. Monitor
B. Altuser
C. Administrator
D. Superuser
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 130
Where does the security administrator activate Identity Awareness within SmartDashboard?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 131
Access roles allow the firewall administrator to configure network access according to:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To create an access role:
1. Select Users and Administrators in the Objects Tree.
2. Right-click Access Roles > New Access Role. The Access Role window opens.
3. Enter a Name and Comment (optional) for the access role.
4. In the Networks tab, select one of these: Any network
Specific networks - Click the plus sign and select a network.
Your selection is shown in the Networks node in the Role Preview pane.
5. In the Users tab, select one of these: Any user
All identified users - Includes users identified by a supported authentication method (internal users, AD users or LDAP users). Specific users - Click the plus sign.
A window opens. You can search for Active Directory entries or select them from the list.
6. In the Machines tab, select one of these: Any machine
All identified machines - Includes machines identified by a supported authentication method (AD). Specific machines - Click the plus sign.
QUESTION 132
Which of the following statements is TRUE about R80 management plug-ins?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 133
The Captive Portal tool:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 134
In order to install a license, it must first be added to the ____________.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Non_Gaia_Installation_and_Upgrade_Guide/13128.htm
QUESTION 135
Security Gateway software must be attached to a ______________.
A. Security Gateway
B. Management container
C. Management server
D. Security Gateway container
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk80840
QUESTION 136
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that
he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
A. The two algorithms do not have the same key length and so don't work together. You will get the error … No proposal chosen…
B. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
C. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add
security due to a shorter key in phase 1.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 137
Which of the following is NOT a valid backup command for a Security Management Server?
A. save backup
B. add backup
C. add snapshot
D. migrate export
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.networksecurityplus.net/2015/02/check-point-backup-and-restore-command-reference.html
QUESTION 138
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 139
Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 140
Choose the SmartLog property that is TRUE.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 141
Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulation
C. Application Control
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 142
Which utility allows you to configure the DHCP service on GAIA from the command line?
A. ifconfig
B. dhcp_cfg
C. sysconfig
D. cpconfig
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Sysconfig Configuration Options
QUESTION 143
Which of the following is a hash algorithm?
A. 3DES
B. IDEA
C. DES
D. MD5
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 144
Which is a suitable command to check whether Drop Templates are activated or not?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk71200
QUESTION 145
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 146
Which icon in the WebUI indicates that read/write access is enabled?
A. Pencil
B. Padlock
C. Book
D. Eyeglasses
Correct Answer: A
Explanation/Reference:
QUESTION 147
The Gaia operating system supports which routing protocols?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Advanced Routing Suite
The Advanced Routing Suite CLI is available as part of the Advanced Networking Software Blade.
For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry-standard dynamic
routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways.
OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system – like a single department, company, or service provider – to avoid network
failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems – such as when a company uses two
service providers or divides a network into multiple areas with different administrators responsible for the performance of each.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecurePlatform_AdvancedRouting_WebAdmin/html_frameset.htm
QUESTION 148
A Cleanup rule:
Correct Answer: A
Explanation/Reference:
QUESTION 149
By default, which port does the WebUI listen on?
A. 80
B. 4434
C. 443
D. 8080
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To configure Security Management Server on Gaia:
Open a browser to the WebUI: https://
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_Gaia_IUG/html_frameset.htm?topic=documents/R80/CP_R80_Gaia_IUG/132120
QUESTION 150
What is a reason for manual creation of a NAT rule?
A. Network Address Translation is done automatically and there is no need for manually defined NAT-rules.
B. Network Address Translation of RFC1918-compliant networks is needed to access the Internet.
C. Network Address Translation is desired for some services, but not for others.
D. The public IP-address is different from the gateway’s external IP
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Using Endpoint Identity Agents give you: User and machine identity
Minimal user intervention – all necessary configuration is done by administrators and does not require user input.
Seamless connectivity – transparent authentication using Kerberos Single Sign-On (SSO) when users are logged in to the domain. If you do not want to use SSO,
users enter their credentials manually.
You can let them save these credentials.
Connectivity through roaming – users stay automatically identified when they move between networks, as the client detects the movement and reconnects.
Reference: https://www.checkpoint.com/products/identity-awareness-software-blade/
QUESTION 152
Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
A. Yes.
B. No.
C. Yes, but only when using Automatic NAT.
D. Yes, but only when using Manual NAT.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 153
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 154
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://dl3.checkpoint.com/paid/f2/f2faf02dba06acad8cc4c57833593df6/CP_TE100X_TE250X_Appliance_GettingStartedGuid e.pdf?
HashKey=1517091196_a292abdde351bbdb4b3d28e82654b240&xtn=.pdf
QUESTION 155
The Security Gateway is installed on GAiA R80. The default port for the WEB User Interface is _______ .
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Explanation/Reference:
QUESTION 156
What does it mean if Deyra sees the gateway status:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 157
Choose what BEST describes a Session.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 158
View the rule below. What does the lock-symbol in the left column mean? Select the BEST answer
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Administrator Collaboration
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a
session that is independent of the other administrators.
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes
during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session. Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
QUESTION 159
Under which file is the proxy arp configuration stored?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R76SP.10/CP_R76SP.10_Security_System_AdministrationGuide/105233.htm
QUESTION 160
Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92708.htm
QUESTION 161
Which of the following is TRUE about the Check Point Host object?
A. Check Point Host has no routing ability even if it has more than one interface installed.
B. When you upgrade earlier versions, Check Point Host objects are converted to gateway objects.
C. Check Point Host is capable of having an IP forwarding mechanism.
D. Check Point Host can act as a firewall.
Correct Answer: A
Section: (none)
Explanation
QUESTION 162
Which of the following situations would not require a new license to be generated and installed?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 163
Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Migrating from Traditional Mode to Simplified Mode
To migrate from Traditional Mode VPN to Simplified Mode:
QUESTION 164
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the system displays the Captive Portal.
B. If the user credentials do not match an Access Role, the system displays a sandbox.
C. If the user credentials do not match an Access Role, the traffic is automatically dropped.
D. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 165
Default port numbers for an LDAP server is ______ for standard connections and _______ SSL connections.
A. 675, 389
B. 389, 636
C. 636, 290
D. 290, 675
Correct Answer: B
Section: (none)
Explanation
QUESTION 166
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm
QUESTION 167
How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?
A. Change the gateway settings to allow Captive Portal access via an external interface.
B. No action is necessary. This access is available by default.
C. Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
D. Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 168
Which GUI tool can be used to view and apply Check Point licenses?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SmartUpdate GUI is the recommended way of managing licenses.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/79993
QUESTION 169
Office mode means that:
A. SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
B. Users authenticate with an Internet browser and use secure HTTPS connection.
C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
D. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to
the remote client.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is
encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the
Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside
the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send
an internal IP address to the client.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30545
A. Have the security administrator select the Action field of the Firewall Rule “Redirect HTTP connections to anauthentication (captive) portal”.
B. Have the security administrator reboot the firewall.
C. Have the security administrator select Any for the Machines tab in the appropriate Access Role.
D. Install the Identity Awareness agent on her iPad.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 171
What is the default method for destination NAT?
A. Destination side
B. Source side
C. Server side
D. Client side
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Client Side NAT - destination is NAT`d by the inbound kernel
QUESTION 172
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. Monitor
B. clish
C. Read-only
D. Bash
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
This chapter gives an introduction to the Gaia command line interface (CLI).
The default shell of the CLI is called clish.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm
QUESTION 174
When defining QoS global properties, which option below is not valid?
A. Weight
B. Authenticated timeout
C. Schedule
D. Rate
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_QoS_AdminGuide/14871.htm
QUESTION 175
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the
following except:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1517081623_70199443034f806cf2dd0a7ba15f201c&xtn=.pdf
QUESTION 176
You are the administrator for ALPHA Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that
rule No.6 has a pencil icon next to it.
A. The rule No.6 has been marked for deletion in your Management session.
B. The rule No.6 has been marked for deletion in another Management session.
C. The rule No.6 has been marked for editing in your Management session.
D. The rule No.6 has been marked for editing in another Management session.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 178
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Stateful Inspection
C. Packet Filtering
D. Application Layer Firewall
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/smb/help/utm1/8.2/7080.htm
QUESTION 179
Where can I find the file for a Gaia backup named backup_fw on a Check Point Appliance?
A. /var/log/CPbackup/backups/backup_fw.tgz
B. /var/CPbackup/backups/backup_fw.tgz
C. /var/log/backups/backup_fw.tgz
D. $CPDIR/backups/backup_fw.tgz
Correct Answer: A
Explanation/Reference:
QUESTION 180
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 181
Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?
A. Microsoft Publisher
B. JSON
C. Microsoft Word
D. RC4 Encryption
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 182
Which of the following is NOT supported by Bridge Mode Check Point Security Gateway?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SGW_WebAdmin/96332.htm
QUESTION 183
In R80 Management, apart from using SmartConsole, objects or rules can also be modified using:
A. 3rd Party integration of CLI and API for Gateways prior to R80.
B. A complete CLI and API interface using SSH and custom CPCode integration.
C. 3rd Party integration of CLI and API for Management prior to R80.
D. A complete CLI and API interface for Management with 3rd Party integration.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 184
Which key is created during Phase 2 of a site-to-site VPN?
A. Pre-shared secret
B. Diffie-Hellman Public Key
C. Symmetrical IPSec key
D. Diffie-Hellman Private Key
Correct Answer: C
Section: (none)
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm
QUESTION 185
Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?
A. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
B. In a star community, satellite gateways cannot communicate with each other.
C. In a mesh community, member gateways cannot communicate directly with each other.
D. In a mesh community, all members can create a tunnel with any other member.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 186
Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.
A. /var/log/Cpbackup/backups/backup/backup_fw.tgs
B. /var/log/Cpbackup/backups/backup/backup_fw.tar
C. /var/log/Cpbackup/backups/backups/backup_fw.tar
D. /var/log/Cpbackup/backups/backup_fw.tgz
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security Management server database, or restoring a
previously saved configuration.
The configuration is saved to a .tgz file in the following directory:
QUESTION 187
What port is used for communication to the User Center with SmartUpdate?
A. CPMI 200
B. TCP 8080
C. HTTP 80
D. HTTPS 443
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 188
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security
Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC
certificates to the Gateway before shipping it?
1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.
2. Initialize Internal Certificate Authority (ICA) on the Security Management Server.
3. Configure the Gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the Gateway object's General screen, enter the activation key, and click Initialize and OK.
A. 2, 3, 4, 1, 5
B. 2, 1, 3, 4, 5
C. 1, 3, 2, 4, 5
D. 2, 3, 4, 5, 1
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 189
What happens if the identity of a user is known?
A. If the user credentials do not match an Access Role, the traffic is automatically dropped.
B. If the user credentials do not match an Access Role, the system displays a sandbox.
C. If the user credentials do not match an Access Role, the gateway moves onto the next rule.
D. If the user credentials do not match an Access Role, the system displays the Captive Portal.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 190
What is the Manual Client Authentication TELNET port?
A. 23
B. 264
C. 900
D. 259
Correct Answer: D
Explanation/Reference:
QUESTION 191
In the Check Point Security Management Architecture, which component(s) can store logs?
A. SmartConsole
B. Security Management Server and Security Gateway
C. Security Management Server
D. SmartConsole and Security Management Server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 192
Which of the following is NOT an option for internal network definition of Anti-spoofing?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 193
Which application should you use to install a contract file?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Using SmartUpdate: If you already use an NGX R65 (or higher) Security Management / Provider-1 / Multi-Domain Management Server,
SmartUpdate allows you to import the service contract file that you have downloaded in Step #3.
Open SmartUpdate and from the Launch Menu select 'Licenses & Contracts' -> 'Update Contracts' -> 'From File...' and provide the path to the file you have
downloaded in Step #3:
QUESTION 194
An identity server uses a ___________ to trust a Terminal Server Identity Agent.
A. Shared secret
B. Certificate
C. One-time password
D. Token
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
QUESTION 195
Assuming you have a Distributed Deployment, what will be the effect of running the following command on the Security Management Server?
Correct Answer: A
Section: (none)
Explanation
QUESTION 196
AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a lock icon on a rule? Choose the BEST answer.
A. Rule is locked by AdminA, because the save button has not been pressed.
B. Rule is locked by AdminA, because the rule is currently being edited.
C. Rule is locked by AdminA, and will be made it available if the session is published.
D. Rule is locked by AdminA, and if the session is saved, the rule will be made available.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 197
A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ______________ types of Software
Containers: ______________.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://dl3.checkpoint.com/paid/a8/a81bd8771f3d7bf40a269f64f5b536e7/QuickLicenseGuide.pdf?
HashKey=1591197932_63e138c47656005c0a28456090361659&xtn=.pdf page 11
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1517088487_4c0acda205460a92f44c83d399826a7b&xtn=.pdf
QUESTION 199
Which one of the following is true about Threat Extraction?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 200
Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?
A. Source Address
B. Destination Address
C. TCP Acknowledgment Number
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92711.htm
QUESTION 201
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
QUESTION 202
Which Check Point software blade provides Application Security and identity control?
A. HTTPS Inspection
B. Data Loss Prevention
C. URL Filtering
D. Application Control
Correct Answer: D
Section: (none)
Explanation
QUESTION 203
What is UserCheck?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 204
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
A. SmartView Monitor
B. SmartEvent
C. SmartUpdate
D. SmartDashboard
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SmartEvent correlates logs from all Check Point enforcement points, including end-points, to identify suspicious activity from the clutter. Rapid data analysis and
custom event logs immediately alert administrators to anomalous behavior such as someone attempting to use the same credential in multiple geographies
simultaneously. Reference:
https://www.checkpoint.com/products/smartevent/
A. SmartUpdate installation
B. DVD media created with Check Point ISOMorphic
C. USB media created with Check Point ISOMorphic
D. Cloud based installation
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 206
Review the following screenshot and select the BEST answer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 207
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R80.10/
WebAdminGuides/EN/CP_R80.10_Installation_and_Upgrade_Guide/158318
QUESTION 208
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
Explanation/Reference:
QUESTION 209
Licenses can be added to the License and Contract repository ________ .
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm
QUESTION 210
With the User Directory Software Blade, you can create user definitions on a(an) ___________ Server.
A. NT domain
B. SMTP
C. LDAP
D. SecurID
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
QUESTION 211
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 212
What is NOT an advantage of Packet Filtering?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Packet Filter Advantages and Disadvantages
Reference: https://www.checkpoint.com/smb/help/utm1/8.2/7078.htm
QUESTION 213
Which tool is used to enable ClusterXL?
A. SmartUpdate
B. cpconfig
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_ClusterXL_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_ClusterXL_WebAdminGuide/161105
QUESTION 214
Which of the following is NOT an alert option?
A. SNMP
B. High alert
C. Mail
D. User defined alert
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Action, select: none - No alert. log - Sends a log entry to the database. alert - Opens a pop-up window to your desktop. mail - Sends a mail alert to your Inbox.
snmptrap - Sends an SNMP alert. useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and
Alert > Alert Commands.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SmartViewMonitor_AdminGuide/101104.htm
QUESTION 215
Which of the following is NOT a valid option when configuring access for Captive Portal?
Explanation/Reference:
QUESTION 216
How are the backups stored in Check Point appliances?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Backup configurations are stored in: /var/CPbackup/backups/ Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_Installation_and_Upgrade_Guide/107104
QUESTION 217
Which directory holds the SmartLog index files by default?
A. $SMARTLOGDIR/data
B. $SMARTLOG/dir
C. $FWDIR/smartlog
D. $FWDIR/log
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule
written by Administrator in a Security Policy.
B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security
Policy.
C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by Administrator in a Security
Policy.
D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 219
The _________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.
A. Application Control
B. Data Awareness
C. URL Filtering
D. Threat Emulation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 220
Which of the following actions do NOT take place in IKE Phase 1?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 221
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
A. Name of the application, identity of the user, and identity of the machine
B. Identity of the machine, username, and certificate
C. Network location, identity of a user, and identity of a machine
D. Browser-Based Authentication, identity of a user, and network location
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://ccsawannabe.blogspot.com/2016/04/check-point-identity-awareness.html
QUESTION 222
Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone)
B. Log server
C. SmartEvent
D. Multi-domain management server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 224
Which of the following is NOT a SecureXL traffic flow?
A. Medium Path
B. Accelerated Path
C. High Priority Path
D. Slow Path
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security
QUESTION 225
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
A. Firewall
B. Identity Awareness
C. Application Control
D. URL Filtering
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point Identity Awareness Software Blade provides granular visibility of users, groups and machines, providing unmatched application and access control
through the creation of accurate, identitybased policies. Centralized management and monitoring allows for policies to be managed from a single, unified console.
Reference:
https://www.checkpoint.com/products/identity-awareness-software-blade/
QUESTION 226
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway
managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find
a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?
Correct Answer: C
Explanation/Reference:
QUESTION 227
What are the two types of address translation rules?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
NAT Rule Base
The NAT Rule Base has two sections that specify how the IP addresses are translated:
Original Packet
Translated Packet
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
QUESTION 228
Please choose correct command syntax to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked
B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked.
C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.
D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 230
Look at the following screenshot and select the BEST answer.
A. Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
B. Internal clients can upload and download any-files to FTP_Ext-server using FTP.
C. Internal clients can upload and download archive-files to FTP_Ext server using FTP.
D. Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 231
Which message indicates IKE Phase 2 has completed successfully?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 232
MyCorp has the following NAT rules. You need to disable the NAT function when Alpha-internal networks try to reach the Google DNS (8.8.8.8) server. What can
you do in this case?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 233
Where would an administrator enable Implied Rules logging?
Correct Answer: B
Section: (none)
Explanation/Reference:
QUESTION 234
Which command shows the installed licenses in Expert mode?
A. cplic print
B. print cplic
C. fwlic print
D. show licenses
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 235
Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the
Rule Base.
A. DNS Rule is using one of the new features of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.
B. Another administrator is logged into the Management and currently editing the DNS Rule.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 236
What is the purpose of Priority Delta in VRRP?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 237
The IPS policy for pre-R80 gateways is installed during the _______ .
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 238
What component of R80 Management is used for indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf
QUESTION 239
Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? Choose the BEST answer.
A. Anti-Malware
B. IPS
C. Anti-Virus
D. Content Awareness
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Anti-Bot
The Need for Anti-Bot
There are two emerging trends in today's threat landscape:
A profit-driven cybercrime industry that uses different tools to meet its goals. This industry includes cyber-criminals, malware operators, tool providers, coders,
and affiliate programs. Their "products" can be easily ordered online from numerous sites (for example, do-it-yourself malware kits, spam sending, data theft, and
denial of service attacks) and organizations are finding it difficult to fight off these attacks.
QUESTION 240
Which feature is NOT provided by all Check Point Mobile Access solutions?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Types of Solutions
All of Check Point's Remote Access solutions provide:
Enterprise-grade, secure connectivity to corporate resources.
Strong user authentication. Granular access control.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/83586.htm
QUESTION 241
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level
of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your
Gateways. Which two SmartConsole applications will you use to create this report and outline?
Correct Answer: D
Section: (none)
Explanation
QUESTION 242
The IT Management team is interested in the new features of the Check Point R80.x Management and wants to upgrade but they are concerned that the existing
R77.30 Gaia Gateways cannot be managed by R80.x because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm
these concerns?
A. R80.x Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80.
Consult the R80 Release Notes for more information.
B. R80.x Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80.
Consult the R80 Release Notes for more information.
C. R80.x Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.
D. R80.x Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be managed. Consult the R80
Release Notes for more information.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 243
ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he
is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
There is a lock on top left side of the screen. B is the logical answer.
QUESTION 244
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomalybased protections from ThreatCloud?
A. Firewall
B. Application Control
C. Anti-spam and Email Security
D. Antivirus
Explanation/Reference:
Explanation:
The enhanced Check Point Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from ThreatCloud™, the first collaborative
network to fight cybercrime, to detect and block malware at the gateway before users are affected.
Reference: https://www.checkpoint.com/products/antivirus-software-blade/
QUESTION 245
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartcenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 246
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
A. Pentagon
B. Combined
C. Meshed
D. Star
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 247
How can the changes made by an administrator before publishing the session be seen by a Super User administrator?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 248
Which of the following is NOT defined by an Access Role object?
A. Source Network
B. Source Machine
C. Source User
D. Source Server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 249
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 250
You are going to perform a major upgrade. Which back up solution should you use to ensure your database can be restored on that device?
A. backup
B. logswitch
C. Database Revision
D. snapshot
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system.
Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported.
The log partition is not included in the snapshot. Therefore, any locally stored FireWall logs will not be saved. Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108902
QUESTION 251
Where is the “Hit Count” feature enabled or disabled in SmartConsole?
Correct Answer: B
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 252
The following graphic shows:
A. View from SmartLog for logs initiated from source address 10.1.1.202
B. View from SmartView Tracker for logs of destination address 10.1.1.202
C. View from SmartView Tracker for logs initiated from source address 10.1.1.202
D. View from SmartView Monitor for logs initiated from source address 10.1.1.202
Correct Answer: C
Section: (none)
Explanation/Reference:
QUESTION 253
What is the purpose of a Clean-up Rule?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
These are basic access control rules we recommend for all Rule Bases:
Stealth rule that prevents direct access to the Security Gateway.
Cleanup rule that drops all traffic that is not allowed by the earlier rules.
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92703.htm
QUESTION 254
Which limitation of CoreXL is overcome by using (mitigated by) Multi-Queue?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 255
Where do we need to reset the SIC on a gateway object?
A. SmartDashboard > Edit Gateway Object > General Properties > Communication
B. SmartUpdate > Edit Security Management Server Object > SIC
C. SmartUpdate > Edit Gateway Object > Communication
D. SmartDashboard > Edit Security Management Server Object > SIC
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 256
What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?
A. Verification tool
B. Verification licensing
C. Automatic licensing
D. Automatic licensing and Verification tool
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 257
At what point is the Internal Certificate Authority (ICA) created?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Introduction to the ICA
The ICA is a Certificate Authority which is an integral part of the Check Point product suite. It is fully compliant with X.509 standards for both certificates and
CRLs. See the relevant X.509 and PKI documentation, as well as RFC 2459 standards for more information. You can read more about Check Point and PKI in the
R76 VPN Administration Guide.
The ICA is located on the Security Management server. It is created during the installation process, when the Security Management server is configured.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/13118
QUESTION 258
You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely
reason?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.
QUESTION 259
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Blank field under Rule Number
C. Rule 1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 260
In R80, Unified Policy is a combination of
A. Access control policy, QoS Policy, Desktop Security Policy and endpoint policy.
B. Access control policy, QoS Policy, Desktop Security Policy and Threat Prevention Policy.
C. Firewall policy, address Translation and application and URL filtering, QoS Policy, Desktop Security Policy and Threat Prevention Policy.
D. Access control policy, QoS Policy, Desktop Security Policy and VPN policy.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
D is the best answer given the choices.
Unified Policy
In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades:
Firewall and VPN
Application Control and URL Filtering
Identity Awareness
Data Awareness
Mobile Access
Security Zones
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197&anchor=o129934
QUESTION 261
Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server
vulnerabilities?
A. Anti-Virus
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and
unwanted network traffic, including: Malware attacks Dos and DDoS attacks Application and server vulnerabilities Insider threats Unwanted application traffic,
including IM and P2P Reference: https://www.checkpoint.com/products/ips-software-blade/
QUESTION 262
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
A. High Availability
B. Load Sharing Multicast
C. Load Sharing Pivot
D. Master/Backup
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC
address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
QUESTION 263
What is also referred to as Dynamic NAT?
A. Automatic NAT
B. Static NAT
C. Manual NAT
D. Hide NAT
Explanation/Reference:
QUESTION 264
How many packets does the IKE exchange use for Phase 1 Main Mode?
A. 12
B. 1
C. 3
D. 6
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 265
Choose what BEST describes users on Gaia Platform.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
These users are created by default and cannot be deleted: admin – Has full read/write capabilities for all Gaia features, from the WebUI and the CLI. This user
has a User ID of 0, and therefore has all of the privileges of a root user. monitor – Has read-only capabilities for all features in the WebUI and the CLI, and can
QUESTION 266
A digital signature:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 267
The ______ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 268
Which of the following commands is used to monitor cluster members?
A. cphaprob stat
B. cphaprob status
C. cphaprob
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm
QUESTION 269
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect. Which commands could you
use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 set static-route default nexthop gateway address 192.168.80.1 on save config
B. add interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 add static-route 0.0.0.0 0.0.0.0 gw 192.168.80.1 on save config
C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 add static-route 0.0.0.0 0.0.0.0 gw 192.168.80.1 on save config
D. add interface Mgmt ipv4-address 192.168.80.200 mask-length 24 add static-route default nexthop gateway address 192.168.80.1 on save config
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 270
What are the two high availability modes?
Correct Answer: D
Section: (none)
Explanation
QUESTION 271
What is the appropriate default Gaia Portal address?
A. HTTP://[IPADDRESS]
B. HTTPS://[IPADDRESS]:8080
C. HTTPS://[IPADDRESS]:4434
D. HTTPS://[IPADDRESS]
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 272
Which type of attack can a firewall NOT prevent?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 274
To build an effective Security Policy, use a ________ and _______ rule.
A. Cleanup; stealth
B. Stealth; implicit
C. Cleanup; default
D. Implicit; explicit
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 275
In a Network policy with Inline layers, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default
action is ________ all traffic.
A. Accept; redirect
B. Accept; drop
C. Redirect; drop
D. Drop; accept
Explanation/Reference:
QUESTION 276
When launching SmartDashboard, what information is required to log into R77?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 277
A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.
A. Firewall drop
B. Explicit
C. Implicit accept
D. Implicit drop
E. Implied
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation:
This is the order that rules are enforced:
QUESTION 278
Which two of these Check Point Protocols are used by _____ ?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 279
Which information is included in the “Extended Log” tracking option, but is not included in the “Log” tracking option?
A. file attributes
B. application information
C. destination port
D. data type information
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 280
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/13894
QUESTION 281
What type of NAT is a one-to-one relationship where each host is translated to a unique address?
A. Source
B. Static
C. Hide
D. Destination
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 282
The fw monitor utility is used to troubleshoot which of the following problems?
Explanation/Reference:
QUESTION 283
Which of the following uses the same key to decrypt as it does to encrypt?
A. Asymmetric encryption
B. Dynamic encryption
C. Certificate-based encryption
D. Symmetric encryption
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 284
If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Implied Rules are configured only on Global Properties.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 286
Which of the following describes how Threat Extraction functions?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 288
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.
A. Main
B. Authentication
C. Quick
D. High Alert
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Phase I modes
Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1: Main Mode Aggressive Mode Reference: https://
sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13847.htm
QUESTION 289
Which set of objects have an Authentication tab?
A. Templates, Users
B. Users, Networks
C. Users, User Group
D. Networks, Hosts
Correct Answer: A
Section: (none)
Explanation/Reference:
QUESTION 290
To fully enable Dynamic Dispatcher on a Security Gateway:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261#Configuration%20R80.10
QUESTION 291
Packages and licenses are loaded from all of these sources EXCEPT ________.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Packages and licenses are loaded into these repositories from several sources: the Download Center web site (packages) the Check Point DVD (packages) the
User Center (licenses) by importing a file (packages and licenses) by running the cplic command line Reference: https://sc1.checkpoint.com/documents/R76/
CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Service Contract File
Following the activation of the license, a Service Contract File should be installed. This file contains important information about all subscriptions purchased for a
specific device and is installed via SmartUpdate. A detailed explanation of the Service Contract File can be found in sk33089.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk11054
QUESTION 293
Which component functions as the Internal Certificate Authority for R77?
A. Security Gateway
B. Management Server
C. Policy Server
D. SmartLSM
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 294
The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 295
Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She
can SSH into the Security Gateway, but she has never been able to SCP files to it.
What would be the most likely reason she cannot do so?
A. She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.
B. She needs to run sysconfig and restart the SSH process.
C. She needs to edit /etc/scpusers and add the Standard Mode account.
D. She needs to run cpconfig to enable the ability to SCP files.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 296
Which type of the Check Point license ties the package license to the IP address of the Security Management Server?
A. Local
B. Central
C. Corporate
D. Formal
Correct Answer: B
Explanation/Reference:
QUESTION 297
On the following picture an administrator configures Identity Awareness:
Correct Answer: B
Explanation/Reference:
Explanation:
To enable Identity Awareness:
1. Log in to R80 SmartConsole.
2. From the Gateways & Servers view, double-click the Security Gateway on which to enable Identity Awareness.
3. On the Network Security tab, select Identity Awareness. The Identity Awareness Configuration wizard opens.
4. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD
users may be identified transparently.
Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address).
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_IdentityAwareness/html_frameset.htm?topic=documents/R80/CP_R80BC_IdentityAwareness/62050
QUESTION 298
MegaCorp's security infrastructure separates Security Gateways geographically. You must request a central license for one remote Security Gateway. How do you
apply the license?
A. Using the remote Gateway's IP address, and attaching the license to the remote Gateway via SmartUpdate.
B. Using your Security Management Server's IP address, and attaching the license to the remote Gateway via SmartUpdate.
C. Using the remote Gateway's IP address, and applying the license locally with command cplic put.
D. Using each of the Gateway's IP addresses, and applying the licenses on the Security Management Server with the command cprlic put.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 299
Which of the following is an authentication method used for Identity Awareness?
A. SSL
B. Captive Portal
C. PKI
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 300
The __________ is used to obtain identification and security information about network users.
A. User Directory
B. User server
C. UserCheck
D. User index
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://www.checkpoint.com/downloads/product-related/datasheets/DS_UserDirectorySWB.pdf
QUESTION 301
From SecureXL perspective, what are the tree paths of traffic flow:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 302
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC
Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working
connection, you receive this error message:
A. The Gateway was not rebooted, which is necessary to change the SIC key.
B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
C. The check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 303
Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the
following scenario, where Bob and Joe are both logged in:
Correct Answer: C
Section: (none)
Explanation
QUESTION 304
Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Each VPN tunnel in the community may be set to be a Permanent Tunnel. Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a
log, alert, or user defined action, can be issued. A VPN tunnel is monitored by periodically sending "tunnel test" packets. As long as responses to the packets are
received the VPN tunnel is considered "up." If no response is received within a given time period, the VPN tunnel is considered "down." Permanent Tunnels can
only be established between Check Point Security Gateways. The configuration of Permanent Tunnels takes place on the community level and:
Can be specified for an entire community. This option sets every VPN tunnel in the community as permanent.
Can be specified for a specific Security Gateway. Use this option to configure specific Security Gateways to have permanent tunnels.
Can be specified for a single VPN tunnel. This feature allows configuring specific tunnels between specific Security Gateways as permanent. Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14018
QUESTION 305
Choose what BEST describes the Policy Layer Traffic Inspection.
A. If a packet does not match any of the inline layers, the matching continues to the next Layer.
B. If a packet matches an inline layer, it will continue matching the next layer.
C. If a packet does not match any of the inline layers, the packet will be matched against the Implicit Clean-up Rule.
D. If a packet does not match a Network Policy Layer, the matching continues to its inline layer.
Correct Answer: B
Section: (none)
Explanation
QUESTION 306
What is the best sync method in the ClusterXL deployment?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 307
What port is used for delivering logs from the gateway to the management server?
A. Port 258
B. Port 18209
C. Port 257
D. Port 981
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 308
The command __________ provides the most complete restoration of an R80 configuration.
A. upgrade_import
B. cpconfig
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
(Should be "migrate import")
"migrate import" Restores backed up configuration for R80 version, in previous versions the command was " upgrade_import
".
QUESTION 309
A security Policy is created in _________ , stored in the _________ , and Distributed to the various __________ .
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 310
What does it mean if Bob gets this result on an object search? Refer to the image below. Choose the BEST answer.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 311
When configuring Anti-Spoofing, which tracking options can an Administrator select?
Correct Answer: C
Section: (none)
Explanation
QUESTION 312
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 313
Which of the following statements accurately describes the command snapshot?
A. snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security
Gateway.
B. snapshot creates a Security Management Server full system-level backup on any OS
C. snapshot stores only the system-configuration settings on the Gateway
D. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 314
Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once___________.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Office Mode enables a Security Gateway to assign a remote client an IP address. The assignment takes place once the user connects and authenticates. The
assignment lease is renewed as long as the user is connected. Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13857.htm
QUESTION 315
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule
for GRE traffic is configured for ACCEPT/ LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for
GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. Which of the following is the
BEST explanation for this behavior?
A. The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.
B. The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security
Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.
C. The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView
Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the
day.
D. The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 316
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm
QUESTION 317
Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but
gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login
into Gaia is also correct.
A. Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80
SmartConsole. Check that the correct key details are used.
B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 318
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
A. RADIUS
B. Active Directory Query
C. Remote Access
D. Certificates
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/products/identity-awareness-software-blade/
QUESTION 319
By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.
A. SHA-256
B. SHA-200
C. MD5
D. SHA-128
Correct Answer: A
Section: (none)
Explanation
QUESTION 320
The _________ collects logs and sends them to the _________ .
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 321
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 322
What is the benefit of Manual NAT over Automatic NAT?
A. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 323
One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and
AdminC are editing the same Security Policy?
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are
saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on
objects and rules that are being edited in other sessions. Reference: http://downloads.checkpoint.com/dc/download.htm?ID=65846
QUESTION 324
To view the policy installation history for each gateway, which Access Tool in SmartConsole would an administrator use?
A. Revision History
B. Gateway installations
C. Installation history
D. Gateway history
Correct Answer: C
Section: (none)
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/119225
QUESTION 325
As you review this Security Policy, what changes could you make to accommodate Rule 4?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 326
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss.
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Change the Standby Security Management Server to Active.
C. Change the Active Security Management Server to Standby.
D. Manually synchronize the Active and Standby Security Management Servers.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 327
Examine the following Rule Base.
What can we infer about the recent changes made to the Rule Base?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Explantation:
On top of the print screen there is a number "8" which consists for the number of changes made and not saved.
Session Management Toolbar (top of SmartConsole)
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/117948
QUESTION 328
On the following graphic, you will find layers of policies.
A. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if Implicit Drop Rule drops the packet, it comes next to IPS
layer and then after accepting the packet it passes to Threat Prevention layer.
B. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next
to IPS layer and then after accepting the packet it passes to Threat Prevention layer
C. A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next
to Threat Prevention layer and then after accepting the packet it passes to IPS layer.
D. A packet arrives at the gateway, it is checked against the rules in IPS policy layer and then if it is accepted then it comes next to the Network policy layer and
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To simplify Policy management, R80 organizes the policy into Policy Layers. A layer is a set of rules, or a Rule Base. For example, when you upgrade to R80
from earlier versions:
Gateways that have the Firewall and the Application Control Software Blades enabled will have their Access Control Policy split into two ordered layers: Network
and Applications.
When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer.
Gateways that have the IPS and Threat Emulation Software Blades enabled will have their Threat Prevention policies split into two parallel layers: IPS and Threat
Prevention. All layers are evaluated in parallel Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 329
From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 330
Which of the following commands is used to verify license installation?
Explanation/Reference:
QUESTION 331
You can see the following graphic:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 332
Using R80 Smart Console, what does a “pencil icon” in a rule mean?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 333
Each cluster, at a minimum, should have at least ___________ interfaces.
A. Five
B. Two
C. Three
D. Four
Correct Answer: C
Section: (none)
Explanation
QUESTION 334
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User
Authentication. Choose the BEST reason why.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 335
An LDAP server holds one or more ______________.
A. Server Units
B. Administrator Units
C. Account Units
D. Account Servers
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_SecurityManagement_WebAdminGuide/94041
QUESTION 336
A. Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they
all connect from the same LAN network.
B. The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.
C. The entire Management Database and all sessions and other administrators can connect only as Read-only.
D. Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 337
Which repositories are installed on the Security Management Server by SmartUpdate?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm
QUESTION 338
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. RADIUS
B. Remote Access and RADIUS
C. AD Query
D. AD Query and Browser-based Authentication
Explanation/Reference:
Explanation:
Identity Awareness gets identities from these acquisition sources:
AD Query
Browser-Based Authentication
Endpoint Identity Agent
Terminal Servers Identity Agent
Remote Access Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm
QUESTION 339
What data MUST be supplied to the SmartConsole System Restore window to restore a backup?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents/R80/CP_R80_SmartDashboard_OLH/
ud_B7RJG2xrUQywsBK5buA2
QUESTION 340
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Next-Generation Firewall
C. Packet Filtering
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 341
When LDAP is integrated with Check Point Security Management, it is then referred to as _______
A. UserCheck
B. User Directory
C. User Administration
D. User Center
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point User Directory integrates LDAP, and other external user management technologies, with the Check Point solution. If you have a large user count, we
recommend that you use an external user management database such as LDAP for enhanced Security Management Server performance.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/118981
QUESTION 342
________information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?
A. File attributes
B. Application
C. Destination port
D. Data type
Correct Answer: D
Section: (none)
Explanation
QUESTION 343
What is the Transport layer of the TCP/IP model responsible for?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 344
VPN gateways authenticate using ___________ and ___________ .
A. Passwords; tokens
B. Certificates; pre-shared secrets
C. Certificates; passwords
D. Tokens; pre-shared secrets
Correct Answer: B
Section: (none)
Explanation
QUESTION 345
Which of these statements describes the Check Point ThreatCloud?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/support-services/threatcloud-managed-security-service/
QUESTION 346
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
A. Application Control
B. Data Awareness
C. Identity Awareness
D. Threat Emulation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 347
The most important part of a site-to-site VPN deployment is the ________ .
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Site to Site VPN
The basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more
than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92709.htm
QUESTION 348
Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?
A. SmartManager
B. SmartConsole
C. Security Gateway
D. Security Management Server
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 349
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect
installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
A. Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a
separate log file for documentation.
B. Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 350
Which software blade does NOT accompany the Threat Prevention policy?
A. Anti-virus
B. IPS
C. Threat Emulation
D. Application Control and URL Filtering
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92707.htm
QUESTION 351
A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.
A. Formal; corporate
B. Local; formal
C. Local; central
D. Central; local
Correct Answer: D
Section: (none)
Explanation
QUESTION 352
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 353
Which R77 GUI would you use to see number of packets accepted since the last policy install?
A. SmartView Monitor
B. SmartView Tracker
C. SmartDashboard
D. SmartView Status
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 354
Which of these components does NOT require a Security Gateway R77 license?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 355
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of
your Security Policy to its previous configuration after testing the changes?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 356
Fill in the blanks. A High Availability deployment is referred to as a ______ cluster.
A. Standby/standby
B. Active/active
C. Active standby/active
D. Active/standby
Correct Answer: D
Section: (none)
Explanation
QUESTION 357
What is the difference between an event and a log?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 358
Back up and restores can be accomplished through_________.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Backup and Restore
These options let you:
Back up the Gaia OS configuration and the firewall database to a compressed file Restore the Gaia OS configuration and the firewall database from a
compressed file To back up a configuration:
1. Right-click the Security Gateway.
2. Select Backup and Restore > Backup. The Backup window opens.
QUESTION 359
Review the rules. Assume domain UDP is enabled in the implied rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 360
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLE server
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://en.wikipedia.org/wiki/Apache_Solr
A. No, it will not work independently. Hit Count will be shown only for rules with Track options set as Log or alert
B. Yes, it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway
C. No, it will not work independently because hit count requires all rules to be logged
D. Yes, it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 362
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU.
After installation, is the administrator required to perform any additional tasks?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 363
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:
A. Security Management Server’s /home/.fgpt file and is available for future SmartConsole authentications.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/118037
QUESTION 364
Which of the following is considered to be the more secure and preferred VPN authentication method?
A. Password
B. Certificate
C. MD5
D. Pre-shared secret
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13894.htm
QUESTION 365
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. RADIUS
B. Remote Access and RADIUS
C. All of the above
D. AD Query and Browser-based Authentication
Correct Answer: D
Section: (none)
Explanation/Reference:
Explanation:
Identity Awareness gets identities from these acquisition sources:
AD Query
Browser-Based Authentication
Endpoint Identity Agent
Terminal Servers Identity Agent
Remote Access Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm
QUESTION 366
Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade
statistics of VPN, Identity Awareness and DLP?
A. cpconfig
B. fw ctl pstat
C. cpview
D. fw ctl multik stat
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security
Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different
Software Blades (only on Security Gateway). The data is continuously updated in easy to access views.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101878
QUESTION 367
Which of the following is the most secure means of authentication?
A. Password
B. Certificate
C. Token
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 368
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
QUESTION 369
The default method for destination NAT is _____________, where NAT occurs on the Inbound interface closest to the client.
A. Destination side
B. Source side
C. Server side
D. Client side
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 370
Which of the following is NOT a VPN routing option available in a star community?
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SmartConsole
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
1. On the Star Community window, in the: a. Center Gateways section, select the Security Gateway that functions as the "Hub". b. Satellite Gateways section,
select Security Gateways as the "spokes", or satellites.
2. On the VPN Routing page, Enable VPN routing for satellites section, select one of these options: a. To center and to other Satellites through center - This
allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway
with a static IP address. b. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security
Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
3. Create an appropriate Access Control Policy rule.
4. NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm
QUESTION 371
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware
upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Correct Answer: A
Explanation/Reference:
QUESTION 372
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host.
You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
B. Select Block intruder from the Tools menu in SmartView Tracker.
C. Create a Suspicious Activity Rule in Smart Monitor.
D. Add a temporary rule using SmartDashboard and select hide rule.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 373
What is true about the IPS-Blade?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 374
Web Control Layer has been set up using the settings in the following dialogue:
A. Traffic that does not match any rule in the subpolicy is dropped.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Policy Layers and Sub-Policies
R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In
addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators With layers, the rule
base is organized into a set of security rules. These set of rules or layers, are inspected in the order in which they are defined, allowing control over the rule base
flow and the security functionalities that take precedence. If an “accept” action is performed across a layer, the inspection will continue to the next layer. For
example, a compliance layer can be created to overlay across a cross-section of rules.
Sub-policies are sets of rules that are created for a specific network segment, branch office or business unit, so if a rule is matched, inspection will continue
through this subset of rules before it moves on to the next rule.
Sub-policies and layers can be managed by specific administrators, according to their permissions profiles. This facilitates task delegation and workload
distribution. Reference: https://community.checkpoint.com/docs/DOC-1065
QUESTION 375
Which NAT rules are prioritized first?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 376
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 377
Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server Operating System.
He can do this via WebUI or via CLI. Which command should he use in CLI?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Use the database feature to obtain the configuration lock. The database feature has two commands: lock database [override]. unlock database The commands do
the same thing: obtain the configuration lock from another administrator.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm#o73091
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Roles
Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by
including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features,
monitoring (read-only) access to other features, and no access to other features. You can also specify which access mechanisms (WebUI or the CLI) are available
to the user.
Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature,
they can see the settings pages, but cannot change the settings.
Gaia includes these predefined roles: adminRole - Gives the user read/write access to all features. monitorRole- Gives the user read-only access to all features.
You cannot delete or change the predefined roles.
Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on
the local Gaia system.
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/75930
QUESTION 379
What Identity Agent allows packet tagging and computer authentication?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_IdentityAwareness_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_IdentityAwareness_WebAdminGuide/62838
QUESTION 380
Which tool is used to enable cluster membership on a Gateway?
A. SmartUpdate
B. cpconfig
C. SmartConsole
D. sysconfig
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_ClusterXL_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_ClusterXL_WebAdminGuide/161105
QUESTION 381
Which option will match a connection regardless of its association with a VPN community?
Correct Answer: B
Explanation/Reference:
QUESTION 382
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet,
they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
A. Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
B. On the firewall object, Legacy Authentication screen, check “Enable Identity Captive Portal”
C. In the Captive Portal screen of Global Properties, check “Enable Identity Captive Portal”
D. On the Security Management Server object, check the box “Identity Logging”
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 383
In which deployment is the security management server and Security Gateway installed on the same appliance?
A. Bridge Mode
B. Remote
C. Standalone
D. Distributed
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/89230.htm#o98246
QUESTION 384
What is the order of NAT priorities?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The order of NAT priorities is:
1. Static NAT
2. IP Pool NAT
3. Hide NAT
Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919
QUESTION 385
A. Cluster Protocol
B. Synchronized Cluster Protocol
C. Control Cluster Protocol
D. Cluster Control Protocol
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/5990/FILE/sk31085_Cluster_Control_Protocol_Functionality.pdf
QUESTION 386
When a policy package is installed, ________ are also distributed to the target installation Security Gateways.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A policy package is a collection of different types of policies. After installation, the Security Gateway enforces all the policies in the package. A policy package can
have one or more of these policy types: Access Control - consists of these types of rules:
- Firewall
- NAT
- Application Control and URL Filtering
- Data Awareness
QoS
Desktop Security - the Firewall policy for endpoint computers that have the Endpoint Security VPN remote access client installed as a standalone client. Threat
Prevention - consists of:
QUESTION 387
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
A. Security questions
B. Check Point password
C. SecurID
D. RADIUS
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Authentication Schemes:
- Check Point Password
- Operating System Password
- RADIUS
- SecurID
- TACAS
- Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.
QUESTION 388
In ____________ NAT, only the ____________ is translated.
A. Hide; source
B. Static; source
C. Simple; source
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 389
Which of the following is used to initially create trust between a Gateway and Security Management Server?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To establish the initial trust, a gateway and a Security Management Server use a one-time password. After the initial trust is established, further communication is
based on security certificates.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
QUESTION 390
You want to store the GAiA configuration in a file for later reference. What command should you use?
A. write mem
B. show config -f
C. save config -o
D. save configuration
Correct Answer: D
Section: (none)
Explanation
QUESTION 391
When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?
A. Distributed
B. Standalone
C. Bridge Mode
D. Targeted
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/86429.htm
QUESTION 392
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a
secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
B. Install the View Implicit Rules package using SmartUpdate.
C. Define two log servers on the R77 Gateway object. Lof Implied Rules on the first log server. Enable Log Rule Base on the second log server. Use
SmartReporter to merge the two log server records into the same database for HIPPA log audits.
D. Check the Log Implied Rules Globally box on the R77 Gateway object.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
QUESTION 394
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 395
Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Users
Use the WebUI and CLI to manage user accounts. You can:
Add users to your Gaia system.
Edit the home directory of the user.
Edit the default shell for a user.
Give a password to a user. Give privileges to users.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm
QUESTION 396
The tool _______ generates an R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it
replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while
viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case. Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739
QUESTION 397
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log
and Extended Log?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131914
QUESTION 398
What object type would you use to grant network access to an LDAP user group?
A. Access Role
B. User Group
C. SmartDirectory Group
D. Group Template
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 399
When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?
A. Security Gateway
B. Check Point user center
C. Security Management Server
D. SmartConsole installed device
Explanation/Reference:
Explanation:
SmartUpdate installs two repositories on the Security Management server:
License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\.
Package Repository, which is stored:
- on Windows machines in C:\SUroot.
- on UNIX machines in /var/suroot.
The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of
nodes that can be managed in the Package Repository.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm#o13527
QUESTION 400
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
A. Nothing
B. TCP FIN
C. TCP RST
D. ICMP unreachable
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 401
Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.CheckPoint.com”, which is hosted on Web server with IP address
203.0.113.111. How many rules on Check Point Firewall are required for this connection?
A. Two rules – first one for the HTTP traffic and second one for DNS traffic.
B. Only one rule, because Check Point firewall is a Packet Filtering firewall
C. Two rules – one for outgoing request and second one for incoming replay.
D. Only one rule, because Check Point firewall is using Stateful Inspection technology.
Explanation/Reference:
QUESTION 402
Which Check Point supported authentication scheme typically requires a user to possess a token?
A. TACACS
B. SecurID
C. Check Point password
D. RADIUS
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SecurID
SecurID requires users to both possess a token authenticator and to supply a PIN or password Reference: https://sc1.checkpoint.com/documents/R77/
CP_R77_SecurityGatewayTech_WebAdmin/6721.htm
QUESTION 403
Gaia can be configured using the _______ or ______ .
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 404
Which of these attributes would be critical for a site-to-site VPN?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 405
A(n) __________ rule is created by an administrator and configured to allow or block traffic based on specified criteria.
A. Inline
B. Explicit
C. Implicit accept
D. Implicit drop
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents/R80/CP_R80_SmartDashboard_OLH/
NFHf4E9NLQBJlVkHRpc16w2
A. 3 month
B. 4 weeks
C. 12 months
D. 1 week
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://community.checkpoint.com/t5/General-Topics/What-is-the-default-time-that-HIT-count-data-is-kept-in-R80/td-p/33636
QUESTION 407
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
There are different deployment scenarios for Check Point software products.
Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/86429.htm
QUESTION 408
What are the advantages of a “shared policy” in R80?
A. Allows the administrator to share a policy between all the users identified by the Security Gateway
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 409
Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?
A. Application Control
B. Threat Emulation
C. Logging and Status
D. Monitoring
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/DS_Monitoring.pdf
QUESTION 410
A Check Point software license consists of a _______ and _______ .
Correct Answer: B
Section: (none)
Explanation
QUESTION 411
Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security
Management Server?
A. Save Policy
B. Install Database
C. Save session
D. Install Policy
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 412
RADIUS protocol uses ______ to communicate with the gateway.
A. UDP
B. TDP
C. CCP
D. HTTP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Parameters:
QUESTION 413
Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 414
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 415
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes,
but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker. 2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 416
To quickly review when Threat Prevention signatures were last updated, which Threat Tool would an administrator use?
A. Protections
B. IPS Protections
C. Profiles
D. ThreatWiki
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 417
How is communication between different Check Point components secured in R80? Choose the BEST answer.
A. By using IPSEC
B. By using SIC
C. By using ICA
D. By using 3DES
Correct Answer: B
Section: (none)
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
QUESTION 418
You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules
match. Where can you see it? Give the BEST answer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 419
One of major features in R80 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC
are editing the same Security Policy?
A. A lock icon shows that a rule or an object is locked and will be available.
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 420
SmartConsole is supported by which of the following operating systems:
A. Windows only
B. Gaia only
C. Gaia, SecurePlatform, and Windows
D. SecurePlatform only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://community.checkpoint.com/t5/General-Management-Topics/R80-x-FAQ/td-p/39994
QUESTION 421
When a Security Gateways sends its logs to an IP address other than its own, which deployment option is installed?
A. Distributed
B. Standalone
C. Bridge
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 422
The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her
access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 423
In order to modify Security Policies the administrator can use which of the following tools? Choose the BEST answer.
A. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
B. SmartConsole and WebUI on the Security Management Server.
C. mgmt_cli or WebUI on Security Gateway and SmartConsole on the Security Management Server.
D. SmartConsole or mgmt_cli on any computer where SmartConsole is installed.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 424
What is the command to see cluster status in cli expert mode?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 425
Which deployment adds a Security Gateway to an existing environment without changing IP routing?
A. Distributed
B. Bridge Mode
C. Remote
D. Standalone
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/86429.htm
QUESTION 426
Which of the following is NOT a component of a Distinguished Name?
A. Organizational Unit
B. Country
C. Common Name
D. User container
Correct Answer: D
Section: (none)
Explanation/Reference:
Explanation:
Distinguished Name Components
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/71950
QUESTION 427
In which scenario is it a valid option to transfer a license from one hardware device to another?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 428
When configuring LDAP with User Directory integration, changes applied to a User Directory template are:
A. Reflected immediately for all users who are using that template.
B. Not reflected for any users unless the local user template is changed.
C. Reflected for all users who are using that template and if the local user template is changed as well.
D. Not reflected for any users who are using that template.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The users and user groups are arranged on the Account Unit in the tree structure of the LDAP server. User management in User Directory is external, not local.
You can change the User Directory templates. Users associated with this template get the changes immediately. You can change user definitions manually in
QUESTION 429
Which of the following is NOT a role of the SmartCenter:
A. Status monitoring
B. Policy configuration
C. Certificate authority
D. Address translation
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: www.checkfirewalls.com/datasheets/smartcenter_datasheet.pdf
QUESTION 430
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 431
Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk106127
QUESTION 432
What is a role of Publishing?
A. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public
B. The Security Management Server installs the updated policy and the entire database on Security Gateways
C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/119225
QUESTION 433
A _______ is used by a VPN gateway to send traffic as if it was a physical interface.
Explanation/Reference:
Explanation:
Route Based VPN
VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN
Tunnel Interface) to send the VPN traffic as if it was a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic
routing protocols. Reference: http://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13868.htm
QUESTION 434
Which rule is responsible for the user authentication failure?
A. Rule 4
B. Rule 6
C. Rule 3
D. Rule 5
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. AD Query
B. Browser-Based Authentication
C. Identity Agents
D. Terminal Servers Agent
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62007.htm
QUESTION 436
How many layers make up the TCP/IP model?
A. 2
B. 7
C. 6
D. 4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 437
You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is
connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 438
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network.
Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?H
ashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 439
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway
object, the object does not appear in the Install On check box. What should you look for?
Explanation/Reference:
QUESTION 440
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 441
Administrator Kofi has just made some changes on his Management Server and then clicks on the Publish button in SmartConsole but then gets the error
message shown in the screenshot below. Where can the administrator check for more information on these errors?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Validation Errors
The validations pane in SmartConsole shows configuration error messages. Examples of errors are object names that are not unique, and the use of objects that
are not valid in the Rule Base.
To publish, you must fix the errors.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
A. UserCheck
B. Active Directory Query
C. Account Unit Query
D. User Directory Query
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a
user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive. Reference :
https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm
QUESTION 443
Study the Rule base and Client Authentication Action properties screen.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 444
The destination server for Security Gateway logs depends on a Security Management Server configuration.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 445
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you
need in the Client Authentication rule in R77?
A. External-user group
B. LDAP group
C. A group with a genetic user
D. All Users
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 446
What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?
Correct Answer: A
Section: (none)
Explanation/Reference:
QUESTION 447
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56.
After restarting the network the old MAC address should be active. How do you configure this change?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 448
How do you configure an alert in SmartView Monitor?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
A. Gateway
B. Interoperable Device
C. Externally managed gateway
D. Network Node
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 450
When using LDAP as an authentication method for Identity Awareness, the query:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 451
Which two Identity Awareness commands are used to support identity sharing?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/66477.htm
QUESTION 452
R80.10 management server can manage gateways with which versions installed?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113113
QUESTION 453
When using Monitored circuit VRRP, what is a priority delta?
Correct Answer: C
Section: (none)
Explanation
QUESTION 454
View the rule below. What does the pen-symbol in the left column mean?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 455
Which command is used to add users to or from existing roles?
Correct Answer: A
Section: (none)
Explanation/Reference:
Explanation:
Configuring Roles - CLI (rba)
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm
QUESTION 456
Which of the below is the MOST correct process to reset SIC from SmartDashboard?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 457
Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is _______.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 458
Anti-Spoofing is typically set up on which object type?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 459
What is the mechanism behind Threat Extraction?
A. This is a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient
C. This is a new mechanism to identify the IP address of the sender of malicious codes and to put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which
makes this solution very fast
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 460
Using ClusterXL, what statement is true about the Sticky Decision Function?
Correct Answer: A
Explanation/Reference:
QUESTION 461
When tunnel test packets no longer invoke a response, Tunnel and User Monitoring displays _____________ for the given VPN tunnel.
A. Down
B. No Response
C. Inactive
D. Failed
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14018
QUESTION 462
Each cluster has __________ interfaces.
A. Five
B. Two
C. Three
D. Four
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each
direction are connected via a switch, router, or VLAN switch.
QUESTION 463
Choose what BEST describes the reason why querying logs now is very fast.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 464
Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 465
Which of the following is NOT a tracking log option in R80.x?
A. Log
B. Full Log
C. Detailed Log
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 466
When should you generate new licenses?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 467
Identify the API that is not supported by Check Point currently.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
QUESTION 468
What does the “unknown” SIC status shown on SmartConsole mean?
A. The SMS can contact the Security Gateway but cannot establish Secure Internal Communication.
B. SIC activation key requires a reset.
C. The SIC activation key is not known by any administrator.
D. There is no connection between the Security Gateway and SMS.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then
there is no connection between the Gateway and the Security Management server. If the SIC status is Not Communicating, the Security Management server is
able to contact the gateway, but SIC communication cannot be established.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/118037
QUESTION 469
What does ExternalZone represent in the presented rule?
A. The Internet.
B. Interfaces that administrator has defined to be part of External Security Zone.
C. External interfaces on all security gateways.
D. External interfaces of specific gateways.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 470
Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which
CLISH commands are required to be able to change this TCP port?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In Clish
A. Connect to command line on Security Gateway / each Cluster member.
B. Log in to Clish.
C. Set the desired port (e.g., port 4434):HostName> set web ssl-port
D. Save the changes:
HostName> save config
E. Verify that the configuration was saved:
[Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83482
QUESTION 471
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Correct Answer: C
Section: (none)
Explanation
QUESTION 472
Which SmartConsole tab is used to monitor network and security performance?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 473
Examine the sample Rule Base.
A. No errors or Warnings
B. Verification Error: Empty Source-List and Service-List in Rule 5 (Mail Inbound)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 474
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active
connection?
A. Change the Rule Base and install the Policy to all Security Gateways
B. Block Intruder feature of SmartView Tracker
C. Intrusion Detection System (IDS) Policy install
D. SAM – Suspicious Activity Rules feature of SmartView Monitor
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 475
It is Best Practice to have a _____ rule at the end of each policy layer.
A. Explicit Drop
B. Implied Drop
C. Explicit CleanUp
D. Implicit Drop
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 476
What are the three conflict resolution rules in the Threat Prevention Policy Layers?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 477
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 478
What is the purpose of Captive Portal?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Captive Portal – a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a
protected resource, they get a web page that must be filled out to continue.
Reference : https://www.checkpoint.com/products/identity-awareness-software-blade/
QUESTION 479
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL:
https://personal.mymail.com, which blade will she enable to achieve her goal?
A. DLP
B. SSL Inspection
C. Application Control
D. URL Filtering
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point revolutionizes DLP by combining technology and processes to move businesses from passive detection to active Data Loss Prevention. Innovative
MultiSpect™ data classification combines user, content and process information to make accurate decisions, while UserCheck™ technology empowers users to
remediate incidents in real time. Check Point’s self-educating network-based DLP solution frees IT/security personnel from incident handling and educates users
on proper data handling policies – protecting sensitive corporate information from both intentional and unintentional loss.
Reference: https://www.checkpoint.com/downloads/product-related/datasheets/DLP-software-blade-datasheet.pdf
QUESTION 480
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103496
QUESTION 481
You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk54100#1.1.
1
QUESTION 482
Which of the following firewall modes DOES NOT allow for Identity Awareness to be deployed?
A. Bridge
B. Load Sharing
C. High Availability
D. Fail Open
Explanation/Reference:
QUESTION 483
Which one of the following is the preferred licensing model? Choose the BEST answer.
A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
B. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
C. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server
dependency.
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmtinterface and has no dependency on the
gateway.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Central License
A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address.
The benefits of a Central License are: Only one IP address is needed for all licenses.
A license can be taken from one gateway and given to another.
The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_GuidewebAdmin/13128.htm#o13527
QUESTION 484
CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings.
The following Threat Prevention Profile has been created.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 485
The R80 feature ________ permits blocking specific IP addresses for a specified time period.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity
(for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system
administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an
expiration date), can be applied immediately without the need to perform an Install Policy operation Reference: https://sc1.checkpoint.com/documents/R76/
CP_R76_SmartViewMonitor_AdminGuide/17670.htm
QUESTION 486
Which policy type has its own Exceptions section?
A. Thread Prevention
B. Access Control
C. Threat Emulation
D. Desktop Security
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group
contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly
required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending
on necessity.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/82209.htm#o97030
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 488
Which of the following cannot be configured in an Access Role Object?
A. Users
B. Networks
C. Time
D. Machines
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92705.htm
QUESTION 489
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1
QUESTION 490
After the initial installation the First Time Configuration Wizard should be run.
A. First Time Configuration Wizard can be run from the Unified SmartConsole.
B. First Time Configuration Wizard can be run from the command line or from the WebUI.
C. First time Configuration Wizard can only be run from the WebUI.
D. Connection to the internet is required before running the First Time Configuration wizard.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point Security Gateway and Check Point Security Management require running the First Time Configuration Wizard in order to be configured correctly. The
First Time Configuration Wizard is available in Gaia Portal and also through CLI.
To invoke the First Time Configuration Wizard through CLI, run the config_system command from the Expert shell.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111119
QUESTION 491
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: B
Explanation/Reference:
QUESTION 492
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
On the VPN Routing page, enable the VPN routing for satellites section, by selecting one of these options:
To center and to other Satellites through center; this allows connectivity between Gateways; for example, if the spoke Gateways are DAIP Gateways, and the hub
is a Gateway with a static IP address To center, or through the center to other satellites, to Internet and other VPN targets; this allows connectivity between the
Gateways, as well as the ability to inspect all communication passing through the hub to the Internet.
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31021
QUESTION 493
Which backup utility captures the most information and tends to create the largest archives?
A. backup
B. snapshot
C. Database Revision
D. migrate export
Correct Answer: B
Section: (none)
Explanation
QUESTION 494
Which of the following is NOT a tracking option? (Choose three.)
A. Partial log
B. Log
C. Network log
D. Full log
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/131914
QUESTION 495
Which of the following licenses are considered temporary?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Should be Trial or Evaluation, even Plug-and-play (all are synonyms ). Answer B is the best choice.
QUESTION 496
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 497
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 498
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
Correct Answer: B
Explanation/Reference:
Explanation:
The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices
VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security
Gateways in these communities.
2. Site to site VPN - Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are
allowed: FTP, HTTP, HTTPS and SMTP.
3. Remote access - Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are
allowed: HTTP, HTTPS, and IMAP.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92709.htm
QUESTION 499
Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?
A. vpn tu
B. vpn ipsec remove -l
C. vpn debug ipsec
D. fw ipsec tu
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: vpn tu Description Launch the TunnelUtil tool which is used to control VPN tunnels.
Usage vpn tu vpn tunnelutil
Example vpn tu
Output
QUESTION 500
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An email with Security_report.pdf file was
delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing
some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 502
The ________ feature allows administrators to share a policy with other policy packages.
A. Global Policies
B. Shared policies
C. Concurrent policy packages
D. Concurrent policies
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 503
You are the senior Firewall administrator for Alpha Corp, and have recently returned from a training course on Check Point's new advanced management
platform. You are presenting an in-house overview of the new features of Check Point Management to the other administrators in Alpha Corp.
A. The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point Cloud, and then saves it
to the database.
B. The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud but does not
save it to the database.
C. The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to
all other administrator sessions.
D. The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to
any new Unified Policy sessions.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a
session, a new database version is created.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 504
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is
enable which path is handling the traffic?
A. Slow Path
B. Medium Path
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 505
A High Availability deployment is referred to as a ______ cluster and a Load Sharing deployment is referred to as a ________ cluster.
A. Standby/standby; active/active
B. Active/active; standby/standby
C. Active/active; active/standby
D. Active/standby; active/active
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In a High Availability cluster, only one member is active (Active/Standby operation).
ClusterXL Load Sharing distributes traffic within a cluster so that the total throughput of multiple members is increased. In Load Sharing configurations, all
functioning members in the cluster are active, and handle network traffic (Active/Active operation).
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ClusterXL_WebAdminGuide/7292.htm
QUESTION 506
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway
managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the
check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?
Explanation/Reference:
QUESTION 507
What are the three types of UserCheck messages?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/94711
QUESTION 508
The organization's security manager wishes to back up just the Gaia operating system parameters such as interface details, Static routes and Proxy ARP entries.
Which command would be BEST suited to accomplish this task?
A. save configuration
B. backup
C. migrate export
D. upgrade export
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 509
Choose the correct statement regarding Implicit Rules.
A. To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.
B. Implied rules are fixed rules that you cannot change.
C. You can directly edit the Implicit rules by double-clicking on a specific Implicit rule.
D. You can edit the Implicit rules but only if requested by Check Point support personnel.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 510
The position of an implied rule is manipulated in the __________________ window.
A. NAT
B. Firewall
C. Global Properties
D. Object Explorer
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92703.htm
QUESTION 511
A. There is connection between the gateway and Security Management Server but it is not trusted.
B. The secure communication is established.
C. There is no connection between the gateway and Security Management Server.
D. The Security Management Server can contact the gateway, but cannot establish SIC.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
SIC Status
After the gateway receives the certificate issued by the ICA, the SIC status shows if the Security Management Server can communicate securely with this
gateway: Communicating - The secure communication is established.
Unknown - There is no connection between the gateway and Security Management Server.
Not Communicating - The Security Management Server can contact the gateway, but cannot establish SIC. A message shows more information.
Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/125443
QUESTION 512
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and
checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 513
According to Check Point Best Practice, when adding a 3rd party gateway to a Check Point security solution what object SHOULD be added? A(n):
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 514
In what way are SSL VPN and IPSec VPN different?
A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 515
What are the three tabs available in SmartView Tracker?
Correct Answer: C
Section: (none)
Explanation/Reference:
QUESTION 516
Where can you trigger a failover of the cluster members?
1. Log in to Security Gateway CLI and run command clusterXL_admin down.
2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
3. Log into Security Gateway CLI and run command cphaprob down.
A. 1, 2, and 3
B. 2 and 3
C. 1 and 2
D. 1 and 3
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
How to Initiate Failover
QUESTION 517
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. Full
B. Light
C. Custom
D. Complete
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Endpoint Identity Agents – dedicated client agents installed on users’ computers that acquire and report identities to the Security Gateway.
A. Passwords, Users, and standards-based SSL for the creation of secure channels
B. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
C. Packet Filtering, certificates, and 3DES or AES128 for encryption
D. Certificates, Passwords, and Tokens
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Secure Internal Communication (SIC)
Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between
gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and
management servers. These security measures make sure of the safety of SIC:
Certificates for authentication
Standards-based SSL for the creation of the secure channel
3DES for encryption
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/CP_R76_SecMan_WebAdmin/71950
QUESTION 519
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3
traffic in the Rule Base. Which of the following is the most likely cause?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A. upgrade_export
B. fw stat -1
C. cpinfo
D. remote_uninstall_verifier
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 521
To optimize Rule Base efficiency the most hit rules should be where?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the device is using.
Checkpoint match a session from the first rule on top till the last on the bottom.
QUESTION 522
Which of the following is NOT an attribute of packer acceleration?
A. Source address
B. Protocol
C. Destination port
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92711.htm
QUESTION 523
You have configured SNX on the Security Gateway. The client connects to the Security Gateway and the user enters the authentication credentials. What must
happen after authentication that allows the client to connect to the Security Gateway's VPN domain?
A. SNX modifies the routing table to forward VPN traffic to the Security Gateway.
B. An office mode address must be obtained by the client.
C. The SNX client application must be installed on the client.
D. Active-X must be allowed on the client.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 524
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW.
She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which
details she need to fill in System Restore window before she can click OK button and test the backup?
Correct Answer: C
Section: (none)
Explanation
QUESTION 525
Which statement is TRUE of anti-spoofing?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 526
Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone)
B. CloudGuard
C. Distributed
D. Bridge Mode
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 527
What key is used to save the current CPView page in a filename format cpview_“cpview process ID”.cap”number of captures”?
A. H
B. Esc
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reference:
https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_SecurityManagement_AdminGuide/html_frameset.htm?topic=documents/
R80.20_GA/WebAdminGuides/EN/CP_R80.20_SecurityManagement_AdminGuide/204685
QUESTION 528
Which back up method uses the command line to create an image of the OS?
A. System backup
B. Save Configuration
C. Migrate
D. snapshot
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 529
Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?
A. AD Query
B. Terminal Servers Endpoint Identity Agent
C. Endpoint Identity Agent and Browser-Based Authentication
D. RADIUS and Account Logon
Correct Answer: C
Section: (none)
Explanation
QUESTION 530
All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
A. FTP
B. SMTP
C. HTTP
D. RLOGIN
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 531
Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 532
A. Save backup
B. System backup
C. snapshot
D. Migrate
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The built-in Gaia backup procedures:
Snapshot Management
System Backup (and System Restore)
Save/Show Configuration (and Load Configuration)
Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances. Snapshot
(Revert) Backup (Restore) upgrade_export (Migrate) Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108902
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk54100
QUESTION 533
To create a policy for traffic to or from a specific geographical location, use the _____________.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Shared Policies
The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages. Shared
policies are installed with the Access Control Policy.
QUESTION 534
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection
and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but
that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a
static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.3) Changes
from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 535
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he
does NOT include a SmartConsole machine in his calculations?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 536
Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without
modifying them?
A. Editor
B. Read Only All
C. Super User
D. Full Access
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To create a new permission profile:
1. In SmartConsole, go to Manage & Settings > Permissions and Administrators > Permission Profiles.
2. Click New Profile.
The New Profile window opens.
3. Enter a unique name for the profile.
4. Select a profile type:
Read/Write All - Administrators can make changes
Auditor (Read Only All) - Administrators can see information but cannot make changes Customized - Configure custom settings 5. Click OK.
Reference:
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: