Check Point Certified Security Expert CCSA Questions + Answers Part 1
Posted: Tue Feb 22, 2022 5:02 pm
Exam A QUESTION 1
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fwctlsdstat
B. fwctlaffinity–l–a–r–v C. fw ctl multik stat
D. cpinfo
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _____________ .
A. TCPPort18190 B. TCPPort18209 C. TCP Port 19009 D. TCP Port 18191
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 3
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. SecureInternalCommunication(SIC)
B. RestartDaemonsiftheyfail
C. Transfers messages between Firewall processes D. Pulls application monitoring status
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk97638 QUESTION 4
What is not a component of Check Point SandBlast?
A. ThreatEmulation B. ThreatSimulator C. Threat Extraction D. Threat Cloud
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDPport265 B. TCPport265 C. UDP port 256 D. TCP port 256
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288
QUESTION 6
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file> D. cpinfo –recover
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
A. AllowGUIClientandmanagementservertocommunicateviaTCPPort19001
B. AllowGUIClientandmanagementservertocommunicateviaTCPPort18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. DynamicID
B. RADIUS
C. Username and Password D. Certificate
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/41587
QUESTION 9
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept B. Drop C. NAT D. None
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. ItwillgenerateGeo-Protectiontraffic
B. AutomaticallyuploadsdebugginglogstoCheckPointSupportCenter C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.
Reference: https://sc1.checkpoint.com/documents/R7 ... /12750.htm QUESTION 11
What is true about VRRP implementations?
A. VRRPmembershipisenabledincpconfig
B. VRRPcanbeusedtogetherwithClusterXL,butwithdegradedperformance C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /87911.htm QUESTION 12
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.
A. TCP18211 B. TCP257 C. TCP 4433
D. TCP 443
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specified time period.
A. BlockPortOverflow
B. LocalInterfaceSpoofing
C. Suspicious Activity Monitoring D. Adaptive Threat Prevention
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.
Reference: https://sc1.checkpoint.com/documents/R7 ... /17670.htm QUESTION 14
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. Bigl B. Littleo C. Little i D. BigO
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What is the mechanism behind Threat Extraction?
A. Thisanewmechanismwhichextractsmaliciousfilesfromadocumenttouseitasacounter-attackagainstitssender.
B. Thisisanewmechanismwhichisabletocollectmaliciousfilesoutofanykindoffiletypestodestroyitpriortosendingittotheintendedrecipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
A. SmartEventClientInfo
B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.insight.com/content/dam/ins ... alysis.pdf
QUESTION 17
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. logd B. fwd C. fwm D. cpd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk97638 QUESTION 18
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
A. fwdviacpm B. fwmviafwd C. cpm via cpd D. fwd via cpd
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 19
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
A. restore_backup B. importbackup C. cp_merge
D. migrate import
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 20
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
A. addhostname<NewHostName>ip-address<ipaddress>
B. addhostname<NewHostName>ip-address<ipaddress> C. set host name <New HostName> ip-address <ip address> D. set hostname <New HostName> ip-address <ip address>
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... gui_cli%20
QUESTION 21
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
A. Onemachine,butitneedstobeinstalledusingSecurePlatformforcompatibilitypurposes. B. Onemachine
C. Two machines
D. Three machines
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 22
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass B. Inspect/Prevent C. Prevent/Bypass D. Detect/Bypass
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... 101703.htm QUESTION 23
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None,SecurityManagementServerwouldbeinstalledbyitself. B. SmartConsole
C. SecureClient
D. SecurityGateway
E. SmartEvent
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /89230.htm
QUESTION 24
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 18210 B. 18184 C. 257 D. 18191
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 25
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS)images
B. imagesarechosenbyadministratorduringinstallation C. as many as licensed for
D. the most new image
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 26
What is the least amount of CPU cores required to enable CoreXL?
A. 2 B. 1 C. 4 D. 6
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... n/6731.htm QUESTION 27
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. EliminateallpossiblecontradictoryrulessuchastheStealthorCleanuprules.
B. CreateaseparateSecurityPolicypackageforeachremoteSecurityGateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUSserver
B. Usernameandpassword(internal,LDAP) C. SecurID
D. TACACS+
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41587.htm QUESTION 29
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fwmonitor–e“accept[12:4,b]=224.0.0.18;” B. fwmonitor–e“acceptport(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 30
What has to be taken into consideration when configuring Management HA?
A. TheDatabaserevisionswillnotbesynchronizedbetweenthemanagementservers
B. SmartConsolemustbeclosedpriortosynchronizedchangesintheobjectsdatabase
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 31
What is the difference between an event and a log?
A. EventsaregeneratedatgatewayaccordingtoEventPolicy
B. AlogentrybecomesaneventwhenitmatchesanyruledefinedinEventPolicy C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms
Correct Answer: B
Section: (none) Explanation
Explanation/Reference:
QUESTION 32
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Sourceaddress,Destinationaddress,Sourceport,Destinationport,Protocol
B. SourceMACaddress,DestinationMACaddress,Sourceport,Destinationport,Protocol C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which statement is NOT TRUE about Delta synchronization?
A. UsingUDPMulticastorBroadcastonport8161
B. UsingUDPMulticastorBroadcastonport8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7288.htm
QUESTION 34
The Event List within the Event tab contains:
A. alistofoptionsavailableforrunningaquery.
B. thetopevents,destinations,sources,andusersofthequeryresults,eitherasachartorinatalliedlist. C. events generated by a query.
D. the details of a selected event.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 35
Which statement is correct about the Sticky Decision Function?
A. ItisnotsupportedwitheitherthePerformancepackofahardwarebasedacceleratorcard B. DoesnotsupportSPI’swhenconfiguredforLoadSharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster D. It is not required L2TP traffic
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7290.htm QUESTION 36
Which statement is true regarding redundancy?
A. SystemAdministratorsknowwhentheirclusterhasfailedoverandcanalsoseewhyitfailedoverbyusingthecphaprob–fifcommand.
B. ClusterXLoffersthreedifferentLoadSharingsolutions:Unicast,Broadcast,andMulticast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
QUESTION 37
NAT rules are prioritized in which order? 1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1,2,3,4 B. 1,4,2,3 C. 3,1,2,4 D. 4,3,1,2
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 38
In R80.10, how do you manage your Mobile Access Policy?
A. ThroughtheUnifiedPolicy
B. ThroughtheMobileConsole
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 39
R80.10 management server can manage gateways with which versions installed?
A. VersionsR77andhigher
B. VersionsR76andhigher
C. Versions R75.20 and higher D. Versions R75 and higher
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/88/88e25 ... eNotes.pdf? HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf
QUESTION 40
To fully enable Dynamic Dispatcher on a Security Gateway:
A. runfwctlmultikset_mode9inExpertmodeandthenReboot.
B. Usingcpconfig,updatetheDynamicDispatchervalueto“full”undertheCoreXLmenu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. D. run fw multik set_mode 1 in Expert mode and then reboot.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk105261 QUESTION 41
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization D. Application
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Which command shows actual allowed connections in state table?
A. fw tab –t StateT able
B. fwtab–tconnections
C. fw tab –t connection
D. fw tab connections
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 43
What SmartEvent component creates events?
A. ConsolidationPolicy B. CorrelationUnit
C. SmartEvent Policy D. SmartEvent GUI
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /17401.htm QUESTION 44
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrateexport C. sysinfo
D. cpview
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
Reference: https://supportcenter.checkpoint.com/su ... id=sk92739 QUESTION 45
Which features are only supported with R80.10 Gateways but not R77.x?
A. AccessControlpolicyunifiestheFirewall,ApplicationControl&URLFiltering,DataAwareness,andMobileAccessSoftwareBladepolicies
B. Limitstheuploadanddownloadthroughputforstreamingmediainthecompanyto1Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://slideplayer.com/slide/12183998/ QUESTION 46
Which CLI command will reset the IPS pattern matcher statistics?
A. ipsresetpmstat B. ipspstatsreset
C. ips pmstats refresh D. ips pmstats reset
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /84627.htm QUESTION 47
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or _______.
A. SecureID B. SecurID
C. Complexity D. TacAcs
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41587.htm QUESTION 48
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
A. 50% B. 75% C. 80% D. 15%
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 49
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
A. AnalyzeseachlogentryasitarrivesatthelogserveraccordingtotheEventPolicy.Whenathreatpatternisidentified,aneventisforwardedtotheSmartEvent Server.
B. Correlatesalltheidentifiedthreatswiththeconsolidationpolicy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 50
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. ThisstatementistruebecauseSecureXLdoesimprovealltraffic.
B. ThisstatementisfalsebecauseSecureXLdoesnotimprovethistrafficbutCoreXLdoes. C. This statement is true because SecureXL does improve this traffic.
D. This statement is false because encrypted traffic cannot be inspected.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.
Reference: https://downloads.checkpoint.com/filese ... 080401.pdf QUESTION 51
Which command gives us a perspective of the number of kernel tables?
A. fwtab-t B. fwtab-s C. fwtab-n D. fwtab-k
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
A. cphaprob–dSTOPunregister B. cphaprobSTOPunregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run; # cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference: https://fwknowledge.wordpress.com/2013/ ... w-cluster/ QUESTION 53
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
A. InstallapplianceTE250XonSpanPortonLANswitchinMTAmode.
B. InstallapplianceTE250XinstandalonemodeandsetupMTA.
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What is the main difference between Threat Extraction and Threat Emulation?
A. ThreatEmulationneverdeliversafileandtakesmorethan3minutestocomplete. B. ThreatExtractionalwaysdeliversafileandtakeslessthanasecondtocomplete. C. Threat Emulation never delivers a file that takes less than a second to complete. D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 55
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
A. ThreatEmulation B. HTTPS
C. QOS
D. VoIP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
A. SmartCloudServices
B. LoadSharingModeServices C. Threat Agent Solution
D. Public Cloud Services
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which of the following is NOT a component of Check Point Capsule?
A. CapsuleDocs
B. CapsuleCloud
C. Capsule Enterprise D. Capsule Workspace
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 58
What is the purpose of Priority Delta in VRRP?
A. Whenaboxup,EffectivePriority=Priority+PriorityDelta
B. WhenanInterfaceisup,EffectivePriority=Priority+PriorityDelta C. When an Interface fail, Effective Priority = Priority – Priority Delta D. When a box fail, Effective Priority = Priority – Priority Delta
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.
Reference: https://supportcenter.checkpoint.com/su ... id=sk38524 QUESTION 59
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. YoucanassignonlyoneprofilepergatewayandaprofilecanbeassignedtooneruleOnly.
B. Youcanassignmultipleprofilespergatewayandaprofilecanbeassignedtooneruleonly.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules. D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. CanonlybechangedforLoadSharingimplementations
B. Allconnectionsareprocessedandsynchronizedbythepivot C. Is configured using cpconfig
D. Is only relevant when using SecureXL
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What is the name of the secure application for Mail/Calendar for mobile devices? A. CapsuleWorkspace
B. CapsuleMail
C. Capsule VPN
D. Secure Workspace
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/products/mob ... workspace/ QUESTION 62
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint D. SmartDashboard
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
QUESTION 63
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22 B. 19190,22 C. 18190,80 D. 19009,443
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
A. cpwd B. fwd C. cpd D. fwm
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent, It provides the following:
– GUI Client communication
– Database manipulation
– Policy Compilation
– Management HA sync
QUESTION 65
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. FilenameandGateway
B. ObjectNameandMD5signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80BC_ThreatPrevention/101703
QUESTION 66
Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp.confonthemanagementserver B. $FWDIR/conf/local.arponthemanagementserver
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 67
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewalllogs
B. Configurationanddatabasefiles
C. System message logs
D. OS and network statistics
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk92739 QUESTION 68
SandBlast appliances can be deployed in the following modes:
A. usingaSPANporttoreceiveacopyofthetrafficonly
B. detectonly
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the traffic flow only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
A. SlowPath
B. Medium Path
C. Fast Path
D. Accelerated Path
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
The Correlation Unit performs all but the following actions:
A. Markslogsthatindividuallyarenotevents,butmaybepartofalargerpatterntobeidentifiedlater.
B. GeneratesaneventbasedontheEventpolicy.
C. Assignsaseverityleveltotheevent.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What is the difference between SSL VPN and IPSec VPN?
A. IPSecVPNdoesnotrequireinstallationofaresilientVPNclient.
B. SSLVPNrequiresinstallationofaresidentVPNclient.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which of the following will NOT affect acceleration?
A. ConnectionsdestinedtoororiginatedfromtheSecuritygateway B. A5-tuplematch
C. Multicast packets
D. Connections that have a Handler (ICMP, FTP, H.323, etc.)
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
The following command is used to verify the CPUSE version:
A. HostName:0>showinstallerstatusbuild
B. [Expert@HostName:0]#showinstallerstatus
C. [Expert@HostName:0]#show installer status build D. HostName:0>show installer build
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2017/1 ... ssues.html QUESTION 74
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
A. cphaprobsetintfwha_vmac_global_param_enabled1 B. clusterXLsetintfwha_vmac_global_param_enabled1 C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk50840 QUESTION 75
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept T emplate
B. Deny T emplate
C. Drop Template
D. NAT Template
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://community.checkpoint.com/thread ... s-securexl QUESTION 76
Which of the following is NOT a type of Check Point API available in R80.10?
A. IdentityAwarenessWebServices B. OPSECSDK
C. Mobile Access
D. Management
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
When an encrypted packet is decrypted, where does this happen?
A. Securitypolicy
B. Inboundchain
C. Outbound chain
D. Decryption is not supported
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 78
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondarySmartcenter
B. activeSmartenter
C. connect virtual IP of Smartcenter HA D. primarySmartcenter
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 79
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
A. fwd B. fwm C. cpd D. cpwd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 80
What scenario indicates that SecureXL is enabled?
A. DynamicobjectsareavailableintheObjectExplorer
B. SecureXLcanbedisabledincpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 81
What processes does CPM control?
A. Object-Store,Databasechanges,CPMProcessandweb-services B. web-services,CPMIprocess,DLEserver,CPMprocess
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which encryption algorithm is the least secured?
A. AES-128 B. AES-256 C. DES
D. 3DES
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What is the command to check the status of the SmartEvent Correlation Unit?
A. fwctlgetintcpsead_stat B. cpstatcpsead
C. fw ctl stat cpsemd
D. cp_conf get_stat cpsemd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk113265 QUESTION 84
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo–hall
B. cpinfo–ohotfix C. cpinfo –l hotfix D. cpinfo–yall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk72800 QUESTION 85
VPN Link Selection will perform the following when the primary VPN link goes down?
A. TheFirewallwilldropthepackets.
B. TheFirewallcanupdatetheLinkSelectionentriestostartusingadifferentlinkforthesametunnel. C. The Firewall will send out the packet on all interfaces.
D. The Firewall will inform the client that the tunnel is down.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which of the following links will take you to the SmartView web application?
A. https://<SecurityManagementServerhostname>/smartviewweb/ B. https://<SecurityManagementServerIPAddress>/smartview/
C. https://<Security Management Server host name>smartviewweb D. https://<Security Management Server IP Address>/smartview
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://community.checkpoint.com/thread ... s-from-web QUESTION 87
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log D. /opt/CPsuite-R80/log
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which GUI client is supported in R80?
A. SmartProvisioning B. SmartViewTracker C. SmartView Monitor D. SmartLog
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 89
From SecureXL perspective, what are the tree paths of traffic flow:
A. InitialPath;MediumPath;AcceleratedPath B. LayerPath;BladePath;RulePath
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
A. fwctlDyn_Dispatchon
B. fwctlDyn_Dispatchenable
C. fw ctl multik set_mode 4 D. fw ctl multik set_mode 1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... n%20R80.10 QUESTION 91
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCPand18190 B. CCPand257 C. CCP and 8116 D. CPC and 8116
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... index.html QUESTION 92
Which command shows the current connections distributed by CoreXL FW instances?
A. fwctlmultikstat B. fwctlaffinity-l
C. fw ctl instances -v D. fw ctl iflist
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
What is the purpose of extended master key extension/session hash?
A. UDPVOIPprotocolextension
B. IncaseofTLS1.xitisapreventionofaMan-in-the-Middleattack/disclosureoftheclient-servercommunication C. Special TCP handshaking extension
D. Supplement DLP data watermark
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 94
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with __________________ will not apply.
A. ffff B. 1 C. 2 D. 3
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which one of the following is true about Capsule Connect?
A. Itisafulllayer3VPNclient
B. Itoffersfullenterprisemobilitymanagement
C. It is supported only on iOS phones and Windows PCs D. It does not support all VPN authentication methods
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 96
How often does Threat Emulation download packages by default?
A. Onceaweek B. Onceanhour C. Twice per day D. Once per day
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... 101703.htm
QUESTION 97
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
A. TCPport443 B. TCPport257 C. TCP port 256 D. UDP port 8116
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which statement is true about ClusterXL?
A. SupportsDynamicRouting(UnicastandMulticast) B. SupportsDynamicRouting(UnicastOnly)
C. Supports Dynamic Routing (Multicast Only)
D. Does not support Dynamic Routing
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7300.htm QUESTION 99
Which command shows detailed information about VPN tunnels?
A. cat$FWDIR/conf/vpn.conf B. vpntutlist
C. vpn tu
D. cpview
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/209239
QUESTION 100
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
A. IPS,Anti-Bot,URLFiltering,ApplicationControl,ThreatEmulation. B. Firewall,IPS,ThreatEmulation,ApplicationControl.
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
A. Includestheregistry
B. GetsinformationaboutthespecifiedVirtualSystem C. Does not resolve network addresses
D. Output excludes connection table
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://www.networksecurityplus.net/201 ... o-cli.html QUESTION 102
SmartEvent does NOT use which of the following procedures to identify events:
A. Matchingalogagainsteacheventdefinition B. Createaneventcandidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition • Creating an Event Candidate
• When a Candidate Becomes an Event
Reference: https://sc1.checkpoint.com/documents/R7 ... /17401.htm QUESTION 103
What is the most recommended way to install patches and hotfixes?
A. CPUSECheckPointUpdateServiceEngine B. rpm -Uv
C. Software Update Service
D. UnixinstallScript
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Automation and Orchestration differ in that:
A. Automationrelatestocodifyingtasks,whereasorchestrationrelatestocodifyingprocesses.
B. AutomationinvolvestheprocessofcoordinatinganexchangeofinformationthroughwebserviceinteractionssuchasXMLandJSON,butorchestrationdoes not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
A. Hecanusethefwaccelstatcommandonthegateway.
B. Hecanusethefwaccelstatisticscommandonthegateway.
C. He can use the fwaccel stat command on the Security Management Server. D. He can use the fwaccel stat command on the gateway
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. SOAP
B. REST
C. XLANG D. XML-RPC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.
Reference: https://sc1.checkpoint.com/documents/R8 ... ameset.htm? topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/148699
QUESTION 107
What is mandatory for ClusterXL to work properly?
A. Thenumberofcoresmustbethesameoneveryparticipatingclusternode
B. TheMagicMACnumbermustbeuniqueperclusternode
C. The Sync interface must not have an IP address configured
D. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
A. hostnamemyHost12ip-address10.50.23.90
B. mgmt:addhostnameip-address10.50.23.90
C. add host name emailserver1 ip-address 10.50.23.90
D. mgmt: add host name emailserver1 ip-address 10.50.23.90
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. enableDLPandselect.exeand.batfiletype
B. enable.exe&.batprotectioninIPSPolicy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_file_types exe.bat
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fwctlsdstat
B. fwctlaffinity–l–a–r–v C. fw ctl multik stat
D. cpinfo
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _____________ .
A. TCPPort18190 B. TCPPort18209 C. TCP Port 19009 D. TCP Port 18191
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 3
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. SecureInternalCommunication(SIC)
B. RestartDaemonsiftheyfail
C. Transfers messages between Firewall processes D. Pulls application monitoring status
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk97638 QUESTION 4
What is not a component of Check Point SandBlast?
A. ThreatEmulation B. ThreatSimulator C. Threat Extraction D. Threat Cloud
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDPport265 B. TCPport265 C. UDP port 256 D. TCP port 256
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288
QUESTION 6
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file> D. cpinfo –recover
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
A. AllowGUIClientandmanagementservertocommunicateviaTCPPort19001
B. AllowGUIClientandmanagementservertocommunicateviaTCPPort18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. DynamicID
B. RADIUS
C. Username and Password D. Certificate
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/41587
QUESTION 9
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept B. Drop C. NAT D. None
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. ItwillgenerateGeo-Protectiontraffic
B. AutomaticallyuploadsdebugginglogstoCheckPointSupportCenter C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.
Reference: https://sc1.checkpoint.com/documents/R7 ... /12750.htm QUESTION 11
What is true about VRRP implementations?
A. VRRPmembershipisenabledincpconfig
B. VRRPcanbeusedtogetherwithClusterXL,butwithdegradedperformance C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /87911.htm QUESTION 12
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.
A. TCP18211 B. TCP257 C. TCP 4433
D. TCP 443
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specified time period.
A. BlockPortOverflow
B. LocalInterfaceSpoofing
C. Suspicious Activity Monitoring D. Adaptive Threat Prevention
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation.
Reference: https://sc1.checkpoint.com/documents/R7 ... /17670.htm QUESTION 14
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. Bigl B. Littleo C. Little i D. BigO
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What is the mechanism behind Threat Extraction?
A. Thisanewmechanismwhichextractsmaliciousfilesfromadocumenttouseitasacounter-attackagainstitssender.
B. Thisisanewmechanismwhichisabletocollectmaliciousfilesoutofanykindoffiletypestodestroyitpriortosendingittotheintendedrecipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
A. SmartEventClientInfo
B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://www.insight.com/content/dam/ins ... alysis.pdf
QUESTION 17
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. logd B. fwd C. fwm D. cpd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk97638 QUESTION 18
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
A. fwdviacpm B. fwmviafwd C. cpm via cpd D. fwd via cpd
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 19
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
A. restore_backup B. importbackup C. cp_merge
D. migrate import
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 20
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
A. addhostname<NewHostName>ip-address<ipaddress>
B. addhostname<NewHostName>ip-address<ipaddress> C. set host name <New HostName> ip-address <ip address> D. set hostname <New HostName> ip-address <ip address>
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... gui_cli%20
QUESTION 21
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
A. Onemachine,butitneedstobeinstalledusingSecurePlatformforcompatibilitypurposes. B. Onemachine
C. Two machines
D. Three machines
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 22
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass B. Inspect/Prevent C. Prevent/Bypass D. Detect/Bypass
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... 101703.htm QUESTION 23
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None,SecurityManagementServerwouldbeinstalledbyitself. B. SmartConsole
C. SecureClient
D. SecurityGateway
E. SmartEvent
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /89230.htm
QUESTION 24
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 18210 B. 18184 C. 257 D. 18191
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 25
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS)images
B. imagesarechosenbyadministratorduringinstallation C. as many as licensed for
D. the most new image
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 26
What is the least amount of CPU cores required to enable CoreXL?
A. 2 B. 1 C. 4 D. 6
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... n/6731.htm QUESTION 27
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. EliminateallpossiblecontradictoryrulessuchastheStealthorCleanuprules.
B. CreateaseparateSecurityPolicypackageforeachremoteSecurityGateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUSserver
B. Usernameandpassword(internal,LDAP) C. SecurID
D. TACACS+
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41587.htm QUESTION 29
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fwmonitor–e“accept[12:4,b]=224.0.0.18;” B. fwmonitor–e“acceptport(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 30
What has to be taken into consideration when configuring Management HA?
A. TheDatabaserevisionswillnotbesynchronizedbetweenthemanagementservers
B. SmartConsolemustbeclosedpriortosynchronizedchangesintheobjectsdatabase
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 31
What is the difference between an event and a log?
A. EventsaregeneratedatgatewayaccordingtoEventPolicy
B. AlogentrybecomesaneventwhenitmatchesanyruledefinedinEventPolicy C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms
Correct Answer: B
Section: (none) Explanation
Explanation/Reference:
QUESTION 32
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Sourceaddress,Destinationaddress,Sourceport,Destinationport,Protocol
B. SourceMACaddress,DestinationMACaddress,Sourceport,Destinationport,Protocol C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which statement is NOT TRUE about Delta synchronization?
A. UsingUDPMulticastorBroadcastonport8161
B. UsingUDPMulticastorBroadcastonport8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7288.htm
QUESTION 34
The Event List within the Event tab contains:
A. alistofoptionsavailableforrunningaquery.
B. thetopevents,destinations,sources,andusersofthequeryresults,eitherasachartorinatalliedlist. C. events generated by a query.
D. the details of a selected event.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 35
Which statement is correct about the Sticky Decision Function?
A. ItisnotsupportedwitheitherthePerformancepackofahardwarebasedacceleratorcard B. DoesnotsupportSPI’swhenconfiguredforLoadSharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster D. It is not required L2TP traffic
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7290.htm QUESTION 36
Which statement is true regarding redundancy?
A. SystemAdministratorsknowwhentheirclusterhasfailedoverandcanalsoseewhyitfailedoverbyusingthecphaprob–fifcommand.
B. ClusterXLoffersthreedifferentLoadSharingsolutions:Unicast,Broadcast,andMulticast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
QUESTION 37
NAT rules are prioritized in which order? 1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1,2,3,4 B. 1,4,2,3 C. 3,1,2,4 D. 4,3,1,2
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 38
In R80.10, how do you manage your Mobile Access Policy?
A. ThroughtheUnifiedPolicy
B. ThroughtheMobileConsole
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 39
R80.10 management server can manage gateways with which versions installed?
A. VersionsR77andhigher
B. VersionsR76andhigher
C. Versions R75.20 and higher D. Versions R75 and higher
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/88/88e25 ... eNotes.pdf? HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf
QUESTION 40
To fully enable Dynamic Dispatcher on a Security Gateway:
A. runfwctlmultikset_mode9inExpertmodeandthenReboot.
B. Usingcpconfig,updatetheDynamicDispatchervalueto“full”undertheCoreXLmenu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. D. run fw multik set_mode 1 in Expert mode and then reboot.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk105261 QUESTION 41
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization D. Application
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Which command shows actual allowed connections in state table?
A. fw tab –t StateT able
B. fwtab–tconnections
C. fw tab –t connection
D. fw tab connections
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 43
What SmartEvent component creates events?
A. ConsolidationPolicy B. CorrelationUnit
C. SmartEvent Policy D. SmartEvent GUI
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /17401.htm QUESTION 44
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrateexport C. sysinfo
D. cpview
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
Reference: https://supportcenter.checkpoint.com/su ... id=sk92739 QUESTION 45
Which features are only supported with R80.10 Gateways but not R77.x?
A. AccessControlpolicyunifiestheFirewall,ApplicationControl&URLFiltering,DataAwareness,andMobileAccessSoftwareBladepolicies
B. Limitstheuploadanddownloadthroughputforstreamingmediainthecompanyto1Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://slideplayer.com/slide/12183998/ QUESTION 46
Which CLI command will reset the IPS pattern matcher statistics?
A. ipsresetpmstat B. ipspstatsreset
C. ips pmstats refresh D. ips pmstats reset
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /84627.htm QUESTION 47
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or _______.
A. SecureID B. SecurID
C. Complexity D. TacAcs
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41587.htm QUESTION 48
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
A. 50% B. 75% C. 80% D. 15%
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 49
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
A. AnalyzeseachlogentryasitarrivesatthelogserveraccordingtotheEventPolicy.Whenathreatpatternisidentified,aneventisforwardedtotheSmartEvent Server.
B. Correlatesalltheidentifiedthreatswiththeconsolidationpolicy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 50
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. ThisstatementistruebecauseSecureXLdoesimprovealltraffic.
B. ThisstatementisfalsebecauseSecureXLdoesnotimprovethistrafficbutCoreXLdoes. C. This statement is true because SecureXL does improve this traffic.
D. This statement is false because encrypted traffic cannot be inspected.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.
Reference: https://downloads.checkpoint.com/filese ... 080401.pdf QUESTION 51
Which command gives us a perspective of the number of kernel tables?
A. fwtab-t B. fwtab-s C. fwtab-n D. fwtab-k
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
A. cphaprob–dSTOPunregister B. cphaprobSTOPunregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run; # cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference: https://fwknowledge.wordpress.com/2013/ ... w-cluster/ QUESTION 53
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
A. InstallapplianceTE250XonSpanPortonLANswitchinMTAmode.
B. InstallapplianceTE250XinstandalonemodeandsetupMTA.
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What is the main difference between Threat Extraction and Threat Emulation?
A. ThreatEmulationneverdeliversafileandtakesmorethan3minutestocomplete. B. ThreatExtractionalwaysdeliversafileandtakeslessthanasecondtocomplete. C. Threat Emulation never delivers a file that takes less than a second to complete. D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 55
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
A. ThreatEmulation B. HTTPS
C. QOS
D. VoIP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
A. SmartCloudServices
B. LoadSharingModeServices C. Threat Agent Solution
D. Public Cloud Services
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which of the following is NOT a component of Check Point Capsule?
A. CapsuleDocs
B. CapsuleCloud
C. Capsule Enterprise D. Capsule Workspace
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 58
What is the purpose of Priority Delta in VRRP?
A. Whenaboxup,EffectivePriority=Priority+PriorityDelta
B. WhenanInterfaceisup,EffectivePriority=Priority+PriorityDelta C. When an Interface fail, Effective Priority = Priority – Priority Delta D. When a box fail, Effective Priority = Priority – Priority Delta
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP. If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet. Once the master sees this packet with a priority greater than its own, then it releases the VIP.
Reference: https://supportcenter.checkpoint.com/su ... id=sk38524 QUESTION 59
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. YoucanassignonlyoneprofilepergatewayandaprofilecanbeassignedtooneruleOnly.
B. Youcanassignmultipleprofilespergatewayandaprofilecanbeassignedtooneruleonly.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules. D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. CanonlybechangedforLoadSharingimplementations
B. Allconnectionsareprocessedandsynchronizedbythepivot C. Is configured using cpconfig
D. Is only relevant when using SecureXL
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What is the name of the secure application for Mail/Calendar for mobile devices? A. CapsuleWorkspace
B. CapsuleMail
C. Capsule VPN
D. Secure Workspace
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/products/mob ... workspace/ QUESTION 62
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint D. SmartDashboard
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
QUESTION 63
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22 B. 19190,22 C. 18190,80 D. 19009,443
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
A. cpwd B. fwd C. cpd D. fwm
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent, It provides the following:
– GUI Client communication
– Database manipulation
– Policy Compilation
– Management HA sync
QUESTION 65
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. FilenameandGateway
B. ObjectNameandMD5signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80BC_ThreatPrevention/101703
QUESTION 66
Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp.confonthemanagementserver B. $FWDIR/conf/local.arponthemanagementserver
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 67
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewalllogs
B. Configurationanddatabasefiles
C. System message logs
D. OS and network statistics
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk92739 QUESTION 68
SandBlast appliances can be deployed in the following modes:
A. usingaSPANporttoreceiveacopyofthetrafficonly
B. detectonly
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the traffic flow only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
A. SlowPath
B. Medium Path
C. Fast Path
D. Accelerated Path
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
The Correlation Unit performs all but the following actions:
A. Markslogsthatindividuallyarenotevents,butmaybepartofalargerpatterntobeidentifiedlater.
B. GeneratesaneventbasedontheEventpolicy.
C. Assignsaseverityleveltotheevent.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What is the difference between SSL VPN and IPSec VPN?
A. IPSecVPNdoesnotrequireinstallationofaresilientVPNclient.
B. SSLVPNrequiresinstallationofaresidentVPNclient.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which of the following will NOT affect acceleration?
A. ConnectionsdestinedtoororiginatedfromtheSecuritygateway B. A5-tuplematch
C. Multicast packets
D. Connections that have a Handler (ICMP, FTP, H.323, etc.)
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
The following command is used to verify the CPUSE version:
A. HostName:0>showinstallerstatusbuild
B. [Expert@HostName:0]#showinstallerstatus
C. [Expert@HostName:0]#show installer status build D. HostName:0>show installer build
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2017/1 ... ssues.html QUESTION 74
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
A. cphaprobsetintfwha_vmac_global_param_enabled1 B. clusterXLsetintfwha_vmac_global_param_enabled1 C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk50840 QUESTION 75
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept T emplate
B. Deny T emplate
C. Drop Template
D. NAT Template
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://community.checkpoint.com/thread ... s-securexl QUESTION 76
Which of the following is NOT a type of Check Point API available in R80.10?
A. IdentityAwarenessWebServices B. OPSECSDK
C. Mobile Access
D. Management
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
When an encrypted packet is decrypted, where does this happen?
A. Securitypolicy
B. Inboundchain
C. Outbound chain
D. Decryption is not supported
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 78
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondarySmartcenter
B. activeSmartenter
C. connect virtual IP of Smartcenter HA D. primarySmartcenter
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 79
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
A. fwd B. fwm C. cpd D. cpwd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 80
What scenario indicates that SecureXL is enabled?
A. DynamicobjectsareavailableintheObjectExplorer
B. SecureXLcanbedisabledincpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 81
What processes does CPM control?
A. Object-Store,Databasechanges,CPMProcessandweb-services B. web-services,CPMIprocess,DLEserver,CPMprocess
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which encryption algorithm is the least secured?
A. AES-128 B. AES-256 C. DES
D. 3DES
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What is the command to check the status of the SmartEvent Correlation Unit?
A. fwctlgetintcpsead_stat B. cpstatcpsead
C. fw ctl stat cpsemd
D. cp_conf get_stat cpsemd
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk113265 QUESTION 84
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo–hall
B. cpinfo–ohotfix C. cpinfo –l hotfix D. cpinfo–yall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk72800 QUESTION 85
VPN Link Selection will perform the following when the primary VPN link goes down?
A. TheFirewallwilldropthepackets.
B. TheFirewallcanupdatetheLinkSelectionentriestostartusingadifferentlinkforthesametunnel. C. The Firewall will send out the packet on all interfaces.
D. The Firewall will inform the client that the tunnel is down.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which of the following links will take you to the SmartView web application?
A. https://<SecurityManagementServerhostname>/smartviewweb/ B. https://<SecurityManagementServerIPAddress>/smartview/
C. https://<Security Management Server host name>smartviewweb D. https://<Security Management Server IP Address>/smartview
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://community.checkpoint.com/thread ... s-from-web QUESTION 87
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log D. /opt/CPsuite-R80/log
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which GUI client is supported in R80?
A. SmartProvisioning B. SmartViewTracker C. SmartView Monitor D. SmartLog
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 89
From SecureXL perspective, what are the tree paths of traffic flow:
A. InitialPath;MediumPath;AcceleratedPath B. LayerPath;BladePath;RulePath
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
A. fwctlDyn_Dispatchon
B. fwctlDyn_Dispatchenable
C. fw ctl multik set_mode 4 D. fw ctl multik set_mode 1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... n%20R80.10 QUESTION 91
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCPand18190 B. CCPand257 C. CCP and 8116 D. CPC and 8116
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... index.html QUESTION 92
Which command shows the current connections distributed by CoreXL FW instances?
A. fwctlmultikstat B. fwctlaffinity-l
C. fw ctl instances -v D. fw ctl iflist
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
What is the purpose of extended master key extension/session hash?
A. UDPVOIPprotocolextension
B. IncaseofTLS1.xitisapreventionofaMan-in-the-Middleattack/disclosureoftheclient-servercommunication C. Special TCP handshaking extension
D. Supplement DLP data watermark
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 94
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with __________________ will not apply.
A. ffff B. 1 C. 2 D. 3
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which one of the following is true about Capsule Connect?
A. Itisafulllayer3VPNclient
B. Itoffersfullenterprisemobilitymanagement
C. It is supported only on iOS phones and Windows PCs D. It does not support all VPN authentication methods
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 96
How often does Threat Emulation download packages by default?
A. Onceaweek B. Onceanhour C. Twice per day D. Once per day
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... 101703.htm
QUESTION 97
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
A. TCPport443 B. TCPport257 C. TCP port 256 D. UDP port 8116
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which statement is true about ClusterXL?
A. SupportsDynamicRouting(UnicastandMulticast) B. SupportsDynamicRouting(UnicastOnly)
C. Supports Dynamic Routing (Multicast Only)
D. Does not support Dynamic Routing
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... e/7300.htm QUESTION 99
Which command shows detailed information about VPN tunnels?
A. cat$FWDIR/conf/vpn.conf B. vpntutlist
C. vpn tu
D. cpview
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/209239
QUESTION 100
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
A. IPS,Anti-Bot,URLFiltering,ApplicationControl,ThreatEmulation. B. Firewall,IPS,ThreatEmulation,ApplicationControl.
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
A. Includestheregistry
B. GetsinformationaboutthespecifiedVirtualSystem C. Does not resolve network addresses
D. Output excludes connection table
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://www.networksecurityplus.net/201 ... o-cli.html QUESTION 102
SmartEvent does NOT use which of the following procedures to identify events:
A. Matchingalogagainsteacheventdefinition B. Createaneventcandidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition • Creating an Event Candidate
• When a Candidate Becomes an Event
Reference: https://sc1.checkpoint.com/documents/R7 ... /17401.htm QUESTION 103
What is the most recommended way to install patches and hotfixes?
A. CPUSECheckPointUpdateServiceEngine B. rpm -Uv
C. Software Update Service
D. UnixinstallScript
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Automation and Orchestration differ in that:
A. Automationrelatestocodifyingtasks,whereasorchestrationrelatestocodifyingprocesses.
B. AutomationinvolvestheprocessofcoordinatinganexchangeofinformationthroughwebserviceinteractionssuchasXMLandJSON,butorchestrationdoes not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
A. Hecanusethefwaccelstatcommandonthegateway.
B. Hecanusethefwaccelstatisticscommandonthegateway.
C. He can use the fwaccel stat command on the Security Management Server. D. He can use the fwaccel stat command on the gateway
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. SOAP
B. REST
C. XLANG D. XML-RPC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.
Reference: https://sc1.checkpoint.com/documents/R8 ... ameset.htm? topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/148699
QUESTION 107
What is mandatory for ClusterXL to work properly?
A. Thenumberofcoresmustbethesameoneveryparticipatingclusternode
B. TheMagicMACnumbermustbeuniqueperclusternode
C. The Sync interface must not have an IP address configured
D. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
A. hostnamemyHost12ip-address10.50.23.90
B. mgmt:addhostnameip-address10.50.23.90
C. add host name emailserver1 ip-address 10.50.23.90
D. mgmt: add host name emailserver1 ip-address 10.50.23.90
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. enableDLPandselect.exeand.batfiletype
B. enable.exe&.batprotectioninIPSPolicy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_file_types exe.bat
Correct Answer: A Section: (none) Explanation
Explanation/Reference: