Check Point Certified Security Expert CCSA Questions + Answers Part 2
Posted: Tue Feb 22, 2022 5:02 pm
QUESTION 110
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4Interfaces–aninterfaceleadingtotheorganization,asecondinterfaceleadingtotheinternet,athirdinterfaceforsynchronization,afourthinterfaceleadingto the Security Management Server.
B. 3Interfaces–aninterfaceleadingtotheorganization,asecondinterfaceleadingtotheInternet,athirdinterfaceforsynchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41723.htm QUESTION 111
Which process handles connection from SmartConsole R80?
A. fwm B. cpmd C. cpm D. cpd
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 112
What is the command to show SecureXL status?
A. fwaccelstatus B. fwaccelstats-m C. fwaccel -s
D. fwaccel stat
Correct Answer: D
Section: (none) Explanation
Explanation/Reference:
Explanation:
To check overall SecureXL status: [Expert@HostName]# fwaccel stat
Reference: https://supportcenter.checkpoint.com/su ... id=sk41397 QUESTION 113
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartViewMonitor
B. SmartEventWeb
C. There is no Web application for SmartEvent D. SmartView
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 114
What will SmartEvent automatically define as events?
A. Firewall B. VPN
C. IPS
D. HTTPS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 115
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. ThreatCloudIntelligence
B. ThreatPreventionSoftwareBladePackage C. Endpoint Total Protection
D. Traffic on port 25
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
What is not a purpose of the deployment of Check Point API?
A. Executeanautomatedscripttoperformcommontasks
B. CreateacustomizedGUIClientformanipulatingtheobjectsdatabase C. Create products that use and enhance the Check Point solution
D. Integrate Check Point products with 3rd party solution
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: Check Point APIs Reference Guide R80 PDF
QUESTION 117
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
A. editfwaffinity.conf;rebootrequired
B. cpconfig;rebootrequired
C. edit fwaffinity.conf; reboot not required
D. cpconfig; reboot not required
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... htm#o94530 QUESTION 118
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/e0/e01d7 ... nGuide.pdf? HashKey=1553448919_104b8593c2a2087ec2ffe8e86b314d66&xtn=.pdf page 17
QUESTION 119
Which is not a blade option when configuring SmartEvent?
A. CorrelationUnit
B. SmartEventUnit C. SmartEvent Server D. Log Server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
On the Management tab, enable these Software Blades: Logging & Status
SmartEvent Server
SmartEvent Correlation Unit
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/120829
QUESTION 120
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf C. cphad
D. cphastart
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://etherealmind.com/checkpoint-nok ... 2470703125 QUESTION 121
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
A. TheCoreXLFWinstancesassignmentmechanismisbasedonSourceMACaddresses,DestinationMACaddresses
B. TheCoreXLFWinstancesassignmentmechanismisbasedontheutilizationofCPUcores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk105261 QUESTION 122
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. fwm compile B. fwm load
C. fwm fetch D. fwm install
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_SecurityManagement_WebAdminGuide/13141
QUESTION 123
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool- fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
A. PamelashouldcheckSecureXLstatusonDMZSecuritygatewayandifit’sturnedON.SheshouldturnOFFSecureXLbeforeusingfwmonitortoavoid misleading traffic captures.
B. PamelashouldcheckSecureXLstatusonDMZSecurityGatewayandifit’sturnedOFF.SheshouldturnONSecureXLbeforeusingfwmonitortoavoid misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic. D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
A. AVissues
B. VPNerrors
C. Network issues
D. Authentication issues
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 125
In which formats can Threat Emulation forensics reports be viewed in?
A. TXT , XML and CSV
B. PDFandTXT
C. PDF, HTML, and XML
D. PDF and HTML
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 126
With SecureXL enabled, accelerated packets will pass through the following:
A. NetworkInterfaceCard,OSINetworkLayer,OSIPStack,andtheAccelerationDevice B. NetworkInterfaceCard,CheckPointFirewallKernal,andtheAccelerationDevice
C. Network Interface Card and the Acceleration Device
D. Network Interface Card, OSI Network Layer, and the Acceleration Device
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Which command would you use to set the network interfaces’ affinity in Manual mode?
A. simaffinity-m B. simaffinity-l C. sim affinity -a D. sim affinity -s
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 128
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
A. simerdos–e1 B. simerdos–m1 C. sim erdos –v 1 D. sim erdos –x 1
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming B. Internal C. External D. Outgoing
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 130
What command lists all interfaces using Multi-Queue?
A. cpmqget
B. showinterfaceall C. cpmq set
D. show multiqueue all
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /93689.htm QUESTION 131
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
A. ThreatCloudisadatabase-relatedapplicationwhichislocatedon-premisetopreserveprivacyofcompany-relateddata
B. ThreatCloudisacollaborationplatformforalltheCheckPointcustomerstoformavirtualcloudconsistingofacombinationofallon-premiseprivatecloud environments
C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can
benefit from as it makes emulation of known files unnecessary
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 132
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Droppedwithoutsendinganegativeacknowledgment
B. Droppedwithoutlogsandwithoutsendinganegativeacknowledgment C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R80.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?
A. MissinganinstalledR77.20Add-ononSecurityManagementServer B. Unsupported firmware on UTM-1 Edge-W appliance
C. Unsupported version on UTM-1 570 series appliance
D. Unsupported appliances on remote locations
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Please choose the path to monitor the compliance status of the Check Point R80.10 based management.
A. Gateways&Servers-->ComplianceView
B. CompliancebladenotavailableunderR80.10
C. Logs & Monitor --> New Tab --> Open compliance View D. Security & Policies --> New Tab --> Compliance View
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 135
When using CPSTAT, what is the default port used by the AMON server?
A. 18191 B. 18192 C. 18194 D. 18190
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/162534
QUESTION 136
What must you do first if “fwm sic_reset” could not be completed?
A. Cpstopthenfindkeyword“certificate”inobjects_5_0.Canddeletethesection
B. ReinitializeSIConthesecuritygatewaythenrun“fwunloadlocal” C. Reset SIC from Smart Dashboard
D. Change internal CA via cpconfig
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Check Point security components are divided into the following components:
A. GUIClient,SecurityGateway,WebUIInterface
B. GUIClient,SecurityManagement,SecurityGateway
C. Security Gateway, WebUI Interface, Consolidated Security Logs
D. SecurityManagement,SecurityGateway,ConsolidateSecurityLogs
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
A. RemoveGeo-Protection,astheIP-to-countrydatabaseisupdatedexternally,andyouhavenocontrolofthis. B. CreatearuleatthetopintheSydneyfirewalltoallowcontroltrafficfromyournetwork
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /92707.htm
QUESTION 139
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
A. ffff B. 1 C. 3 D. 2
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2016/0 ... odule.html QUESTION 140
In what way are SSL VPN and IPSec VPN different?
A. SSLVPNisusingHTTPSinadditiontoIKE,whereasIPSecVPNisclientless
B. SSLVPNaddsanextraVPNheadertothepacket,IPSecVPNdoesnot
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 141
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SNDisafeaturetoacceleratemultipleSSLVPNconnections B. SNDisanalternativetoIPSecMainMode,usingonly3packets C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 142
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
A. 3 B. 2 C. 1 D. 4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 143
Which NAT rules are prioritized first?
A. Post-Automatic/Manual NAT rules B. Manual/Pre-AutomaticNAT
C. Automatic Hide NAT
D. Automatic Static NAT
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
QUESTION 144
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized D. Collision
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
A. Sizeofthe/var/logfolderofthesourcemachinemustbeatleast25%ofthesizeofthe/var/logdirectoryonthetargetmachine
B. Sizeofthe/var/logfolderofthetargetmachinemustbeatleast25%ofthesizeofthe/var/logdirectoryonthesourcemachine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine D. Size of the /var/log folder of the target machine must be at least 25GB or more
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_Gaia_Installation_and_Upgrade_Guide/90083
QUESTION 146
Which is NOT an example of a Check Point API?
A. GatewayAPI
B. Management API
C. OPSEC SDK
D. Threat Prevention API
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 147
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud,ApplianceandPrivate
B. Cloud,ApplianceandHybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 148
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
A. 6GB
B. 8GBwithGaiain64-bitmode
C. 4GB
D. It depends on the number of software blades enabled
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 149
Which of the following is NOT a VPN routing option available in a star community?
A. T o satellites through center only.
B. Tocenter,orthroughthecentertoothersatellites,toInternetandotherVPNtargets.
C. To center and to other satellites through center.
D. To center only.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ameset.htm QUESTION 150
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
A. SenttotheInternalCertificateAuthority.
B. SenttotheSecurityAdministrator.
C. Stored on the Security Management Server. D. Stored on the Certificate Revocation List.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 151
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? A. SecurityGatewayIP-addresscannotbechangedwithoutre-establishingthetrust.
B. TheSecurityGatewaynamecannotbechangedincommandlinewithoutre-establishingtrust.
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust. D. The Security Management Server IP-address cannot be changed without re-establishing the trust.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 152
What is the order of NAT priorities?
A. StaticNAT,IPpoolNAT,hideNAT
B. IPpoolNAT,staticNAT,hideNAT
C. Static NAT, automatic NAT, hide NAT D. Static NAT, hide NAT, IP pool NAT
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... .htm#o6919 QUESTION 153
Which Check Point feature enables application scanning and the detection?
A. ApplicationDictionary B. AppWiki
C. Application Library
D. CPApp
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/products/app ... are-blade/ QUESTION 154
Which SmartConsole tab is used to monitor network and security performance?
A. ManageSetting
B. SecurityPolicies
C. GatewayandServers D. Logs and Monitor
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 155
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
A. SmartMonitor
B. SmartViewWebApplication C. SmartReporter
D. SmartTracker
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 156
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present. Which phase of the VPN negotiations has failed?
A. IKEPhase1
B. IPSECPhase2 C. IPSEC Phase 1 D. IKE Phase 2
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
A. KerberosTicketRenewed B. KerberosTicketRequested C. Account Logon
D. Kerberos Ticket Timed Out
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
A. UserDirectory
B. CaptivePortalandTransparentKerberosAuthentication C. Captive Portal
D. UserCheck
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /62050.htm QUESTION 159
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
A. NextGenerationThreatPrevention B. NextGenerationThreatEmulation C. Next Generation Threat Extraction D. Next Generation Firewall
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Which tool is used to enable ClusterXL?
A. SmartUpdate B. cpconfig
C. SmartConsole D. sysconfig
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_ClusterXL_WebAdminGuide/161105
QUESTION 161
One of major features in R80 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy? A. Alockiconshowsthataruleoranobjectislockedandwillbeavailable.
B. AdminAandAdminBareeditingthesameruleatthesametime.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule. D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference:
http://downloads.checkpoint.com/dc/down ... m?ID=65846
QUESTION 162
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. setinterfaceMgmtipv4-address192.168.80.200mask-length24 set static-route default nexthop gateway address 192.168.80.1 on save config
B. setinterfaceMgmtipv4-address192.168.80.200255.255.255.0 add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 add static-route default nexthop gateway address 192.168.80.1 on save config
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
A. Tom’schangeswillhavebeenstoredontheManagementwhenhereconnectsandhewillnotloseanyofhiswork.
B. TomwillhavetoreboothisSmartConsolecomputer,andaccesstheManagementcachestoreonthatcomputer,whichisonlyaccessibleafterareboot. C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 164
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
A. KerberosSSOwhichwillbeworkingforActiveDirectoryintegration
B. BasedonActiveDirectoryintegrationwhichallowstheSecurityGatewaytocorrelateActiveDirectoryusersandmachinestoIPaddressesinamethodthatis completely transparent to the user.
C. Obligatory usage of Captive Portal.
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80BC_IdentityAwareness/62050
QUESTION 165
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
A. assignprivilegestousers.
B. editthehomedirectoryoftheuser.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /73101.htm QUESTION 166
In the Check Point Security Management Architecture, which component(s) can store logs?
A. SmartConsole
B. SecurityManagementServerandSecurityGateway C. SecurityManagementServer
D. SmartConsole and Security Management Server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 167
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
A. Thecurrentadministratorhasread-onlypermissionstoThreatPreventionPolicy.
B. Anotheruserhaslockedtheruleforediting.
C. Configuration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
https://sc1.checkpoint.com/documents/R8 ... GMT/124265
QUESTION 168
By default, which port does the WebUI listen on?
A. 80 B. 4434 C. 443 D. 8080
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... IUG/132120 QUESTION 169
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. T o satellites through center only
B. T o center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk31021 QUESTION 170
Which of the following is NOT a type of Endpoint Identity Agent?
A. Terminal B. Light
C. Full
D. Custom
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_IdentityAwareness_WebAdminGuide/64917
QUESTION 171
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
A. SecurityPolicies
B. LogsandMonitor
C. Manage and Settings D. Gateways and Servers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
A. Clientlessremoteaccess
B. Clientlessdirectaccess
C. Client-based remote access D. Direct access
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... wall/92704 QUESTION 173
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
A. AhostroutetoroutetothedestinationIP.
B. Usethefilelocal.arptoaddtheARPentriesforNATtowork. C. Nothing, the Gateway takes care of all details necessary.
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 174
At what point is the Internal Certificate Authority (ICA) created?
A. Uponcreationofacertificate.
B. DuringtheprimarySecurityManagementServerinstallationprocess. C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R76/ CP_R76_SecMan_WebAdmin/13118
QUESTION 175
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
A. Auditor
B. ReadOnlyAll C. Super User D. Full Access
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... GMT/124265 QUESTION 176
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.
A. False,thisfeaturehastobeenabledintheGlobalProperties.
B. True,everyadministratorworksinasessionthatisindependentoftheotheradministrators.
C. True, every administrator works on a different database that is independent of the other administrators. D. False, only one administrator can login with write permission.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 177
Which utility allows you to configure the DHCP service on Gaia from the command line?
A. ifconfig B. dhcp_ofg C. sysconfig D. cpconfig
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 178
DLP and Geo Policy are examples of what type of Policy?
A. StandardPolicies B. SharedPolicies
C. Inspection Policies D. Unified Policies
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... GMT/126197 QUESTION 179
How many users can have read/write access in Gaia at one time?
A. Infinite B. One C. Three D. Two
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4Interfaces–aninterfaceleadingtotheorganization,asecondinterfaceleadingtotheinternet,athirdinterfaceforsynchronization,afourthinterfaceleadingto the Security Management Server.
B. 3Interfaces–aninterfaceleadingtotheorganization,asecondinterfaceleadingtotheInternet,athirdinterfaceforsynchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /41723.htm QUESTION 111
Which process handles connection from SmartConsole R80?
A. fwm B. cpmd C. cpm D. cpd
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 112
What is the command to show SecureXL status?
A. fwaccelstatus B. fwaccelstats-m C. fwaccel -s
D. fwaccel stat
Correct Answer: D
Section: (none) Explanation
Explanation/Reference:
Explanation:
To check overall SecureXL status: [Expert@HostName]# fwaccel stat
Reference: https://supportcenter.checkpoint.com/su ... id=sk41397 QUESTION 113
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartViewMonitor
B. SmartEventWeb
C. There is no Web application for SmartEvent D. SmartView
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 114
What will SmartEvent automatically define as events?
A. Firewall B. VPN
C. IPS
D. HTTPS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 115
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. ThreatCloudIntelligence
B. ThreatPreventionSoftwareBladePackage C. Endpoint Total Protection
D. Traffic on port 25
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
What is not a purpose of the deployment of Check Point API?
A. Executeanautomatedscripttoperformcommontasks
B. CreateacustomizedGUIClientformanipulatingtheobjectsdatabase C. Create products that use and enhance the Check Point solution
D. Integrate Check Point products with 3rd party solution
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: Check Point APIs Reference Guide R80 PDF
QUESTION 117
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
A. editfwaffinity.conf;rebootrequired
B. cpconfig;rebootrequired
C. edit fwaffinity.conf; reboot not required
D. cpconfig; reboot not required
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... htm#o94530 QUESTION 118
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/e0/e01d7 ... nGuide.pdf? HashKey=1553448919_104b8593c2a2087ec2ffe8e86b314d66&xtn=.pdf page 17
QUESTION 119
Which is not a blade option when configuring SmartEvent?
A. CorrelationUnit
B. SmartEventUnit C. SmartEvent Server D. Log Server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
On the Management tab, enable these Software Blades: Logging & Status
SmartEvent Server
SmartEvent Correlation Unit
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/120829
QUESTION 120
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf C. cphad
D. cphastart
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://etherealmind.com/checkpoint-nok ... 2470703125 QUESTION 121
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
A. TheCoreXLFWinstancesassignmentmechanismisbasedonSourceMACaddresses,DestinationMACaddresses
B. TheCoreXLFWinstancesassignmentmechanismisbasedontheutilizationofCPUcores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... d=sk105261 QUESTION 122
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. fwm compile B. fwm load
C. fwm fetch D. fwm install
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_SecurityManagement_WebAdminGuide/13141
QUESTION 123
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool- fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
A. PamelashouldcheckSecureXLstatusonDMZSecuritygatewayandifit’sturnedON.SheshouldturnOFFSecureXLbeforeusingfwmonitortoavoid misleading traffic captures.
B. PamelashouldcheckSecureXLstatusonDMZSecurityGatewayandifit’sturnedOFF.SheshouldturnONSecureXLbeforeusingfwmonitortoavoid misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic. D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
A. AVissues
B. VPNerrors
C. Network issues
D. Authentication issues
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 125
In which formats can Threat Emulation forensics reports be viewed in?
A. TXT , XML and CSV
B. PDFandTXT
C. PDF, HTML, and XML
D. PDF and HTML
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 126
With SecureXL enabled, accelerated packets will pass through the following:
A. NetworkInterfaceCard,OSINetworkLayer,OSIPStack,andtheAccelerationDevice B. NetworkInterfaceCard,CheckPointFirewallKernal,andtheAccelerationDevice
C. Network Interface Card and the Acceleration Device
D. Network Interface Card, OSI Network Layer, and the Acceleration Device
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Which command would you use to set the network interfaces’ affinity in Manual mode?
A. simaffinity-m B. simaffinity-l C. sim affinity -a D. sim affinity -s
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 128
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
A. simerdos–e1 B. simerdos–m1 C. sim erdos –v 1 D. sim erdos –x 1
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming B. Internal C. External D. Outgoing
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 130
What command lists all interfaces using Multi-Queue?
A. cpmqget
B. showinterfaceall C. cpmq set
D. show multiqueue all
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /93689.htm QUESTION 131
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
A. ThreatCloudisadatabase-relatedapplicationwhichislocatedon-premisetopreserveprivacyofcompany-relateddata
B. ThreatCloudisacollaborationplatformforalltheCheckPointcustomerstoformavirtualcloudconsistingofacombinationofallon-premiseprivatecloud environments
C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can
benefit from as it makes emulation of known files unnecessary
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 132
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Droppedwithoutsendinganegativeacknowledgment
B. Droppedwithoutlogsandwithoutsendinganegativeacknowledgment C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R80.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?
A. MissinganinstalledR77.20Add-ononSecurityManagementServer B. Unsupported firmware on UTM-1 Edge-W appliance
C. Unsupported version on UTM-1 570 series appliance
D. Unsupported appliances on remote locations
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Please choose the path to monitor the compliance status of the Check Point R80.10 based management.
A. Gateways&Servers-->ComplianceView
B. CompliancebladenotavailableunderR80.10
C. Logs & Monitor --> New Tab --> Open compliance View D. Security & Policies --> New Tab --> Compliance View
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 135
When using CPSTAT, what is the default port used by the AMON server?
A. 18191 B. 18192 C. 18194 D. 18190
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... documents/ R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/162534
QUESTION 136
What must you do first if “fwm sic_reset” could not be completed?
A. Cpstopthenfindkeyword“certificate”inobjects_5_0.Canddeletethesection
B. ReinitializeSIConthesecuritygatewaythenrun“fwunloadlocal” C. Reset SIC from Smart Dashboard
D. Change internal CA via cpconfig
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Check Point security components are divided into the following components:
A. GUIClient,SecurityGateway,WebUIInterface
B. GUIClient,SecurityManagement,SecurityGateway
C. Security Gateway, WebUI Interface, Consolidated Security Logs
D. SecurityManagement,SecurityGateway,ConsolidateSecurityLogs
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
A. RemoveGeo-Protection,astheIP-to-countrydatabaseisupdatedexternally,andyouhavenocontrolofthis. B. CreatearuleatthetopintheSydneyfirewalltoallowcontroltrafficfromyournetwork
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /92707.htm
QUESTION 139
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
A. ffff B. 1 C. 3 D. 2
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2016/0 ... odule.html QUESTION 140
In what way are SSL VPN and IPSec VPN different?
A. SSLVPNisusingHTTPSinadditiontoIKE,whereasIPSecVPNisclientless
B. SSLVPNaddsanextraVPNheadertothepacket,IPSecVPNdoesnot
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 141
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SNDisafeaturetoacceleratemultipleSSLVPNconnections B. SNDisanalternativetoIPSecMainMode,usingonly3packets C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 142
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
A. 3 B. 2 C. 1 D. 4
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 143
Which NAT rules are prioritized first?
A. Post-Automatic/Manual NAT rules B. Manual/Pre-AutomaticNAT
C. Automatic Hide NAT
D. Automatic Static NAT
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
QUESTION 144
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized D. Collision
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
A. Sizeofthe/var/logfolderofthesourcemachinemustbeatleast25%ofthesizeofthe/var/logdirectoryonthetargetmachine
B. Sizeofthe/var/logfolderofthetargetmachinemustbeatleast25%ofthesizeofthe/var/logdirectoryonthesourcemachine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine D. Size of the /var/log folder of the target machine must be at least 25GB or more
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_Gaia_Installation_and_Upgrade_Guide/90083
QUESTION 146
Which is NOT an example of a Check Point API?
A. GatewayAPI
B. Management API
C. OPSEC SDK
D. Threat Prevention API
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 147
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud,ApplianceandPrivate
B. Cloud,ApplianceandHybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 148
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
A. 6GB
B. 8GBwithGaiain64-bitmode
C. 4GB
D. It depends on the number of software blades enabled
Correct Answer: C Section: (none)
Explanation Explanation/Reference:
QUESTION 149
Which of the following is NOT a VPN routing option available in a star community?
A. T o satellites through center only.
B. Tocenter,orthroughthecentertoothersatellites,toInternetandotherVPNtargets.
C. To center and to other satellites through center.
D. To center only.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ameset.htm QUESTION 150
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
A. SenttotheInternalCertificateAuthority.
B. SenttotheSecurityAdministrator.
C. Stored on the Security Management Server. D. Stored on the Certificate Revocation List.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 151
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? A. SecurityGatewayIP-addresscannotbechangedwithoutre-establishingthetrust.
B. TheSecurityGatewaynamecannotbechangedincommandlinewithoutre-establishingtrust.
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust. D. The Security Management Server IP-address cannot be changed without re-establishing the trust.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 152
What is the order of NAT priorities?
A. StaticNAT,IPpoolNAT,hideNAT
B. IPpoolNAT,staticNAT,hideNAT
C. Static NAT, automatic NAT, hide NAT D. Static NAT, hide NAT, IP pool NAT
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... .htm#o6919 QUESTION 153
Which Check Point feature enables application scanning and the detection?
A. ApplicationDictionary B. AppWiki
C. Application Library
D. CPApp
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/products/app ... are-blade/ QUESTION 154
Which SmartConsole tab is used to monitor network and security performance?
A. ManageSetting
B. SecurityPolicies
C. GatewayandServers D. Logs and Monitor
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 155
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
A. SmartMonitor
B. SmartViewWebApplication C. SmartReporter
D. SmartTracker
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80_LoggingAndMonitoring/131915
QUESTION 156
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present. Which phase of the VPN negotiations has failed?
A. IKEPhase1
B. IPSECPhase2 C. IPSEC Phase 1 D. IKE Phase 2
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
A. KerberosTicketRenewed B. KerberosTicketRequested C. Account Logon
D. Kerberos Ticket Timed Out
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
A. UserDirectory
B. CaptivePortalandTransparentKerberosAuthentication C. Captive Portal
D. UserCheck
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /62050.htm QUESTION 159
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
A. NextGenerationThreatPrevention B. NextGenerationThreatEmulation C. Next Generation Threat Extraction D. Next Generation Firewall
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Which tool is used to enable ClusterXL?
A. SmartUpdate B. cpconfig
C. SmartConsole D. sysconfig
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_ClusterXL_WebAdminGuide/161105
QUESTION 161
One of major features in R80 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy? A. Alockiconshowsthataruleoranobjectislockedandwillbeavailable.
B. AdminAandAdminBareeditingthesameruleatthesametime.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule. D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference:
http://downloads.checkpoint.com/dc/down ... m?ID=65846
QUESTION 162
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. setinterfaceMgmtipv4-address192.168.80.200mask-length24 set static-route default nexthop gateway address 192.168.80.1 on save config
B. setinterfaceMgmtipv4-address192.168.80.200255.255.255.0 add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 add static-route default nexthop gateway address 192.168.80.1 on save config
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
A. Tom’schangeswillhavebeenstoredontheManagementwhenhereconnectsandhewillnotloseanyofhiswork.
B. TomwillhavetoreboothisSmartConsolecomputer,andaccesstheManagementcachestoreonthatcomputer,whichisonlyaccessibleafterareboot. C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 164
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
A. KerberosSSOwhichwillbeworkingforActiveDirectoryintegration
B. BasedonActiveDirectoryintegrationwhichallowstheSecurityGatewaytocorrelateActiveDirectoryusersandmachinestoIPaddressesinamethodthatis completely transparent to the user.
C. Obligatory usage of Captive Portal.
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... ments/R80/ CP_R80BC_IdentityAwareness/62050
QUESTION 165
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
A. assignprivilegestousers.
B. editthehomedirectoryoftheuser.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... /73101.htm QUESTION 166
In the Check Point Security Management Architecture, which component(s) can store logs?
A. SmartConsole
B. SecurityManagementServerandSecurityGateway C. SecurityManagementServer
D. SmartConsole and Security Management Server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 167
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
A. Thecurrentadministratorhasread-onlypermissionstoThreatPreventionPolicy.
B. Anotheruserhaslockedtheruleforediting.
C. Configuration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
https://sc1.checkpoint.com/documents/R8 ... GMT/124265
QUESTION 168
By default, which port does the WebUI listen on?
A. 80 B. 4434 C. 443 D. 8080
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... IUG/132120 QUESTION 169
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. T o satellites through center only
B. T o center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/su ... id=sk31021 QUESTION 170
Which of the following is NOT a type of Endpoint Identity Agent?
A. Terminal B. Light
C. Full
D. Custom
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R77/ CP_R77_IdentityAwareness_WebAdminGuide/64917
QUESTION 171
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
A. SecurityPolicies
B. LogsandMonitor
C. Manage and Settings D. Gateways and Servers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
A. Clientlessremoteaccess
B. Clientlessdirectaccess
C. Client-based remote access D. Direct access
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... wall/92704 QUESTION 173
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
A. AhostroutetoroutetothedestinationIP.
B. Usethefilelocal.arptoaddtheARPentriesforNATtowork. C. Nothing, the Gateway takes care of all details necessary.
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.
Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 174
At what point is the Internal Certificate Authority (ICA) created?
A. Uponcreationofacertificate.
B. DuringtheprimarySecurityManagementServerinstallationprocess. C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R7 ... ments/R76/ CP_R76_SecMan_WebAdmin/13118
QUESTION 175
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
A. Auditor
B. ReadOnlyAll C. Super User D. Full Access
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... GMT/124265 QUESTION 176
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.
A. False,thisfeaturehastobeenabledintheGlobalProperties.
B. True,everyadministratorworksinasessionthatisindependentoftheotheradministrators.
C. True, every administrator works on a different database that is independent of the other administrators. D. False, only one administrator can login with write permission.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 177
Which utility allows you to configure the DHCP service on Gaia from the command line?
A. ifconfig B. dhcp_ofg C. sysconfig D. cpconfig
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 178
DLP and Geo Policy are examples of what type of Policy?
A. StandardPolicies B. SharedPolicies
C. Inspection Policies D. Unified Policies
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R8 ... GMT/126197 QUESTION 179
How many users can have read/write access in Gaia at one time?
A. Infinite B. One C. Three D. Two
Correct Answer: B Section: (none) Explanation
Explanation/Reference: