March Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

156-315.81 Exam Dumps - Check Point Certified Security Expert R81

Question # 4

In which deployment is the security management server and Security Gateway installed on the same appliance?

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Full Access
Question # 5

In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?

A.

If the Action of the matching rule is Accept the gateway will drop the packet

B.

If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down

C.

If the Action of the matching rule is Drop the gateway stops matching against later rules in the Policy Rule Base and drops the packet

D.

If the rule does not match in the Network policy it will continue to other enabled polices

Full Access
Question # 6

Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?

A.

Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".

B.

Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"

C.

Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"

D.

Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".

Full Access
Question # 7

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

A.

User data base corruption

B.

LDAP conflicts

C.

Traffic issues

D.

Phase two key negotiations

Full Access
Question # 8

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

A.

Application and Client Service

B.

Network and Application

C.

Network and Layers

D.

Virtual Adapter and Mobile App

Full Access
Question # 9

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

A.

Check Point Remote User

B.

Check Point Capsule Workspace

C.

Check Point Mobile Web Portal

D.

Check Point Capsule Remote

Full Access
Question # 10

Which command shows actual allowed connections in state table?

A.

fw tab –t StateTable

B.

fw tab –t connections

C.

fw tab –t connection

D.

fw tab connections

Full Access
Question # 11

What Factor preclude Secure XL Templating?

A.

Source Port Ranges/Encrypted Connections

B.

IPS

C.

ClusterXL in load sharing Mode

D.

CoreXL

Full Access
Question # 12

Which packet info is ignored with Session Rate Acceleration?

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Full Access
Question # 13

Which statement is true about ClusterXL?

A.

Supports Dynamic Routing (Unicast and Multicast)

B.

Supports Dynamic Routing (Unicast Only)

C.

Supports Dynamic Routing (Multicast Only)

D.

Does not support Dynamic Routing

Full Access
Question # 14

What is the purpose of the command "ps aux | grep twd"?

A.

You can check the Process ID and the processing time of the twd process.

B.

You can convert the log file into Post Script format.

C.

You can list all Process IDs for all running services.

D.

You can check whether the IPS default setting is set to Detect or Prevent mode

Full Access
Question # 15

Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

A.

Synchronized

B.

Never been synchronized

C.

Lagging

D.

Collision

Full Access
Question # 16

What component of R81 Management is used for indexing?

A.

DBSync

B.

API Server

C.

fwm

D.

SOLR

Full Access
Question # 17

By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?

A.

Six times per day

B.

Seven times per day

C.

Every two hours

D.

Every three hours

Full Access
Question # 18

What destination versions are supported for a Multi-Version Cluster Upgrade?

A.

R81.40 and later

B.

R76 and later

C.

R70 and Later

D.

R81.10 and Later

Full Access
Question # 19

John detected high load on sync interface. Which is most recommended solution?

A.

For FTP connections – do not sync

B.

Add a second interface to handle sync traffic

C.

For short connections like http service – do not sync

D.

For short connections like icmp service – delay sync for 2 seconds

Full Access
Question # 20

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?

A.

Network, and defining your Class A space

B.

Topology, and you are defining the Internal network

C.

Internal addresses you are defining the gateways

D.

Internal network(s) you are defining your networks

Full Access
Question # 21

Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .

A.

Firewall policy install

B.

Threat Prevention policy install

C.

Anti-bot policy install

D.

Access Control policy install

Full Access
Question # 22

SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?

A.

Source address. Destination address. Source Port, Destination port

B.

Source address. Destination address. Destination port

C.

Source address. Destination address. Destination port. Pro^col

D.

Source address. Destination address. Source Port, Destination port. Protocol

Full Access
Question # 23

What is the default shell of Gaia CLI?

A.

Monitor

B.

CLI.sh

C.

Read-only

D.

Bash

Full Access
Question # 24

UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

A.

Ask

B.

Drop

C.

Inform

D.

Reject

Full Access
Question # 25

What is a possible command to delete all of the SSH connections of a gateway?

A.

fw sam -I dport 22

B.

fw ctl conntab -x -dpott=22

C.

fw tab -t connections -x -e 00000016

D.

fwaccel dos config set dport ssh

Full Access
Question # 26

The back-end database for Check Point R81 Management uses:

A.

DBMS

B.

MongoDB

C.

PostgreSQL

D.

MySQL

Full Access
Question # 27

Fill in the blank: __________ information is included in “Full Log” tracking option, but is not included in “Log” tracking option?

A.

Destination port

B.

Data type

C.

File attributes

D.

Application

Full Access
Question # 28

Which of the following is NOT an internal/native Check Point command?

A.

fwaccel on

B.

fw ct1 debug

C.

tcpdump

D.

cphaprob

Full Access
Question # 29

While using the Gaia CLI. what is the correct command to publish changes to the management server?

A.

json publish

B.

mgmt publish

C.

mgmt_cli commit

D.

commit

Full Access
Question # 30

Which of the following describes how Threat Extraction functions?

A.

Detect threats and provides a detailed report of discovered threats.

B.

Proactively detects threats.

C.

Delivers file with original content.

D.

Delivers PDF versions of original files with active content removed.

Full Access
Question # 31

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

A.

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B.

Mail, Block Source, Block Destination, Block Services, SNMP Trap

C.

Mail, Block Source, Block Destination, External Script, SNMP Trap

D.

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Full Access
Question # 32

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

A.

mgmt_cli add-host “Server_1” ip_address “10.15.123.10” --format txt

B.

mgmt_cli add host name “Server_1” ip-address “10.15.123.10” --format json

C.

mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” --format json

D.

mgmt._cli add object “Server-1” ip-address “10.15.123.10” --format json

Full Access
Question # 33

What processes does CPM control?

A.

Object-Store, Database changes, CPM Process and web-services

B.

web-services, CPMI process, DLEserver, CPM process

C.

DLEServer, Object-Store, CP Process and database changes

D.

web_services, dle_server and object_Store

Full Access
Question # 34

Which command shows detailed information about VPN tunnels?

A.

cat $FWDIR/conf/vpn.conf

B.

vpn tu tlist

C.

vpn tu

D.

cpview

Full Access
Question # 35

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20GB

D.

At least 20GB

Full Access
Question # 36

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

A.

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Full Access
Question # 37

What is considered Hybrid Emulation Mode?

A.

Manual configuration of file types on emulation location.

B.

Load sharing of emulation between an on premise appliance and the cloud.

C.

Load sharing between OS behavior and CPU Level emulation.

D.

High availability between the local SandBlast appliance and the cloud.

Full Access
Question # 38

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Full Access
Question # 39

John is using Management HA. Which Smartcenter should be connected to for making changes?

A.

secondary Smartcenter

B.

active Smartenter

C.

connect virtual IP of Smartcenter HA

D.

primary Smartcenter

Full Access
Question # 40

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

A.

ffff

B.

1

C.

2

D.

3

Full Access
Question # 41

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

A.

cphaprob –f register

B.

cphaprob –d –s report

C.

cpstat –f all

D.

cphaprob –a list

Full Access
Question # 42

Which of the following will NOT affect acceleration?

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Full Access
Question # 43

To add a file to the Threat Prevention Whitelist, what two items are needed?

A.

File name and Gateway

B.

Object Name and MD5 signature

C.

MD5 signature and Gateway

D.

IP address of Management Server and Gateway

Full Access
Question # 44

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?

A.

Smart Cloud Services

B.

Load Sharing Mode Services

C.

Threat Agent Solution

D.

Public Cloud Services

Full Access
Question # 45

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;

A.

FWD

B.

CPD

C.

FWM

D.

RAD

Full Access
Question # 46

What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?

A.

1-254

B.

1-255

C.

0-254

D.

0 – 255

Full Access
Question # 47

Which Queue in the Priority Queue has the maximum priority?

A.

High Priority

B.

Control

C.

Routing

D.

Heavy Data Queue

Full Access
Question # 48

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

A.

Threat Emulation

B.

Mobile Access

C.

Mail Transfer Agent

D.

Threat Cloud

Full Access
Question # 49

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

A.

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

B.

Correlates all the identified threats with the consolidation policy.

C.

Collects syslog data from third party devices and saves them to the database.

D.

Connects with the SmartEvent Client when generating threat reports.

Full Access
Question # 50

What is the port used for SmartConsole to connect to the Security Management Server?

A.

CPMI port 18191/TCP

B.

CPM port/TCP port 19009

C.

SIC port 18191/TCP

D.

https port 4434/TCP

Full Access
Question # 51

Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.

A.

upgrade_import

B.

cpconfig

C.

fwm dbimport -p

D.

cpinfo –recover

Full Access
Question # 52

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

A.

IP

B.

SIC

C.

NAT

D.

FQDN

Full Access
Question # 53

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

A.

cphaprob –d STOP unregister

B.

cphaprob STOP unregister

C.

cphaprob unregister STOP

D.

cphaprob –d unregister STOP

Full Access
Question # 54

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

A.

SOAP

B.

REST

C.

XLANG

D.

XML-RPC

Full Access
Question # 55

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Full Access
Question # 56

What is the most recommended way to install patches and hotfixes?

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Full Access
Question # 57

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

A.

fwd

B.

fwm

C.

cpd

D.

cpwd

Full Access
Question # 58

Under which file is the proxy arp configuration stored?

A.

$FWDIR/state/proxy_arp.conf on the management server

B.

$FWDIR/conf/local.arp on the management server

C.

$FWDIR/state/_tmp/proxy.arp on the security gateway

D.

$FWDIR/conf/local.arp on the gateway

Full Access
Question # 59

Which GUI client is supported in R81?

A.

SmartProvisioning

B.

SmartView Tracker

C.

SmartView Monitor

D.

SmartLog

Full Access
Question # 60

What information is NOT collected from a Security Gateway in a Cpinfo?

A.

Firewall logs

B.

Configuration and database files

C.

System message logs

D.

OS and network statistics

Full Access
Question # 61

Which of these is an implicit MEP option?

A.

Primary-backup

B.

Source address based

C.

Round robin

D.

Load Sharing

Full Access
Question # 62

You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

A.

TCP port 443

B.

TCP port 257

C.

TCP port 256

D.

UDP port 8116

Full Access
Question # 63

NO: 180

What command can you use to have cpinfo display all installed hotfixes?

A.

cpinfo -hf

B.

cpinfo –y all

C.

cpinfo –get hf

D.

cpinfo installed_jumbo

Full Access
Question # 64

How do Capsule Connect and Capsule Workspace differ?

A.

Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

B.

Capsule Workspace can provide access to any application.

C.

Capsule Connect provides Business data isolation.

D.

Capsule Connect does not require an installed application at client.

Full Access
Question # 65

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

A.

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.

You can make sure that documents are sent to the intended recipients only.

Full Access
Question # 66

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Full Access
Question # 67

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

A.

cpwd

B.

fwd

C.

cpd

D.

fwm

Full Access
Question # 68

Which Remote Access Client does not provide an Office-Mode Address?

A.

SecuRemote

B.

Endpoint Security Suite

C.

Endpoint Security VPN

D.

Check Point Mobile

Full Access
Question # 69

What is the command used to activated Multi-Version Cluster mode?

A.

set cluster member mvc on in Clish

B.

set mvc on on Clish

C.

set cluster MVC on in Expert Mode

D.

set cluster mvc on in Expert Mode

Full Access
Question # 70

You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

What does this mean?

A.

This rule No. 6 has been marked for deletion in your Management session.

B.

This rule No. 6 has been marked for deletion in another Management session.

C.

This rule No. 6 has been marked for editing in your Management session.

D.

This rule No. 6 has been marked for editing in another Management session.

Full Access
Question # 71

Which of the following is NOT an alert option?

A.

SNMP

B.

High alert

C.

Mail

D.

User defined alert

Full Access
Question # 72

Which SmartConsole tab is used to monitor network and security performance?

A.

Manage Setting

B.

Security Policies

C.

Gateway and Servers

D.

Logs and Monitor

Full Access
Question # 73

Which Check Point feature enables application scanning and the detection?

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Full Access
Question # 74

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

A.

ffff

B.

1

C.

3

D.

2

Full Access
Question # 75

What is the SandBlast Agent designed to do?

A.

Performs OS-level sandboxing for SandBlast Cloud architecture

B.

Ensure the Check Point SandBlast services is running on the end user’s system

C.

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.

Clean up email sent with malicious attachments

Full Access
Question # 76

Which Check Point software blade provides Application Security and identity control?

A.

Identity Awareness

B.

Data Loss Prevention

C.

URL Filtering

D.

Application Control

Full Access
Question # 77

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

A.

3

B.

2

C.

1

D.

4

Full Access
Question # 78

What is the order of NAT priorities?

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Full Access
Question # 79

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Full Access
Question # 80

What is the minimum amount of RAM needed for a Threat Prevention Appliance?

A.

6 GB

B.

8GB with Gaia in 64-bit mode

C.

4 GB

D.

It depends on the number of software blades enabled

Full Access
Question # 81

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

A.

All UDP packets

B.

All IPv6 Traffic

C.

All packets that match a rule whose source or destination is the Outside Corporate Network

D.

CIFS packets

Full Access
Question # 82

SandBlast agent extends 0 day prevention to what part of the network?

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Full Access
Question # 83

Which application should you use to install a contract file?

A.

SmartView Monitor

B.

WebUI

C.

SmartUpdate

D.

SmartProvisioning

Full Access
Question # 84

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Full Access
Question # 85

The SmartEvent R81 Web application for real-time event monitoring is called:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Full Access
Question # 86

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Full Access
Question # 87

Which NAT rules are prioritized first?

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Full Access
Question # 88

On what port does the CPM process run?

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Full Access
Question # 89

What is not a purpose of the deployment of Check Point API?

A.

Execute an automated script to perform common tasks

B.

Create a customized GUI Client for manipulating the objects database

C.

Create products that use and enhance the Check Point solution

D.

Integrate Check Point products with 3rd party solution

Full Access
Question # 90

Which process handles connection from SmartConsole R81?

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Full Access
Question # 91

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Full Access
Question # 92

What is UserCheck?

A.

Messaging tool used to verify a user’s credentials.

B.

Communication tool used to inform a user about a website or application they are trying to access.

C.

Administrator tool used to monitor users on their network.

D.

Communication tool used to notify an administrator when a new user is created.

Full Access
Question # 93

The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

A.

Next Generation Threat Prevention

B.

Next Generation Threat Emulation

C.

Next Generation Threat Extraction

D.

Next Generation Firewall

Full Access
Question # 94

With SecureXL enabled, accelerated packets will pass through the following:

A.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B.

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C.

Network Interface Card and the Acceleration Device

D.

Network Interface Card, OSI Network Layer, and the Acceleration Device

Full Access
Question # 95

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Full Access
Question # 96

What are the blades of Threat Prevention?

A.

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.

IPS, AntiVirus, AntiBot

D.

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Full Access
Question # 97

SandBlast appliances can be deployed in the following modes:

A.

using a SPAN port to receive a copy of the traffic only

B.

detect only

C.

inline/prevent or detect

D.

as a Mail Transfer Agent and as part of the traffic flow only

Full Access
Question # 98

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Full Access
Question # 99

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

A.

cvpnd_restart

B.

cvpnd_restart

C.

cvpnd restart

D.

cvpnrestart

Full Access
Question # 100

Using ClusterXL, what statement is true about the Sticky Decision Function?

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Full Access
Question # 101

Which of the following links will take you to the SmartView web application?

A.

https:// /smartviewweb/

B.

https:// /smartview/

C.

https:// smartviewweb

D.

https:// /smartview

Full Access
Question # 102

SmartEvent does NOT use which of the following procedures to identify events:

A.

Matching a log against each event definition

B.

Create an event candidate

C.

Matching a log against local exclusions

D.

Matching a log against global exclusions

Full Access
Question # 103

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

A.

Publish changes

B.

Save changes

C.

Install policy

D.

Install database

Full Access
Question # 104

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .

A.

On all satellite gateway to satellite gateway tunnels

B.

On specific tunnels for specific gateways

C.

On specific tunnels in the community

D.

On specific satellite gateway to central gateway tunnels

Full Access
Question # 105

What are the two ClusterXL Deployment options?

A.

Distributed and Full High Availability

B.

Broadcast and Multicast Mode

C.

Distributed and Standalone

D.

Unicast and Multicast Mode

Full Access
Question # 106

How would you enable VMAC Mode in ClusterXL?

A.

Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

B.

fw ctl set int vmac_mode 1

C.

cphaconf vmac_mode set 1

D.

Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC

Full Access
Question # 107

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

A.

Better understand the behavior of the Access Control Policy

B.

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

C.

Automatically rearrange Access Control Policy based on Hit Count Analysis

D.

Analyze a Rule Base - You can delete rules that have no matching connections

Full Access
Question # 108

The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?

A.

In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

B.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up

C.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up

D.

In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

Full Access
Question # 109

What two ordered layers make up the Access Control Policy Layer?

A.

URL Filtering and Network

B.

Network and Threat Prevention

C.

Application Control and URL Filtering

D.

Network and Application Control

Full Access
Question # 110

Which upgrade method you should use upgrading from R80.40 to R81.10 to avoid any downtime?

A.

Zero Downtime Upgrade (ZDU)

B.

Connectivity Upgrade (CU)

C.

Minimal Effort Upgrade (ME)

D.

Multi-Version Cluster Upgrade (MVC)

Full Access
Question # 111

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.

A.

False, this feature has to be enabled in the Global Properties.

B.

True, every administrator works in a session that is independent of the other administrators.

C.

True, every administrator works on a different database that is independent of the other administrators.

D.

False, only one administrator can login with write permission.

Full Access
Question # 112

What does the "unknown" SIC status shown on SmartConsole mean?

A.

SIC activation key requires a reset

B.

Administrator input the wrong SIC key

C.

The management can contact the Security Gateway but cannot establish Secure Internal Communication

D.

There is no connection between the Security Gateway and Security Management Server

Full Access
Question # 113

You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it?

A.

A Quantum Spark Appliance is selected as Installation Target for the policy packet.

B.

The Mobile Access Blade is not enabled for the Access Control Layer of the policy.

C.

The Mobile Access Policy Source under Gateway properties Is set to Legacy Policy and not to Unified Access Policy.

D.

The Mobile Access Blade is not enabled under Gateway properties.

Full Access
Question # 114

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?

A.

The corresponding feature is new to R81.10 and is called "Management Data Plane Separation"

B.

The corresponding feature is called "Dynamic Dispatching"

C.

There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing.

D.

The corresponding feature is called "Dynamic Split"

Full Access
Question # 115

SmartEvent Security Checkups can be run from the following Logs and Monitor activity:

A.

Reports

B.

Advanced

C.

Checkups

D.

Views

Full Access
Question # 116

The WebUI offers several methods for downloading hotfixes via CPUSE except:

A.

Automatic

B.

Force override

C.

Manually

D.

Scheduled

Full Access
Question # 117

The “MAC magic” value must be modified under the following condition:

A.

There is more than one cluster connected to the same VLAN

B.

A firewall cluster is configured to use Multicast for CCP traffic

C.

There are more than two members in a firewall cluster

D.

A firewall cluster is configured to use Broadcast for CCP traffic

Full Access
Question # 118

In which scenario will an administrator need to manually define Proxy ARP?

A.

When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

B.

When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

C.

When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

D.

When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall’s interfaces.

Full Access
Question # 119

Which two Identity Awareness daemons are used to support identity sharing?

A.

Policy Activation Point (PAP) and Policy Decision Point (PDP)

B.

Policy Manipulation Point (PMP) and Policy Activation Point (PAP)

C.

Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)

D.

Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Full Access
Question # 120

Which TCP port does the CPM process listen on?

A.

18191

B.

18190

C.

8983

D.

19009

Full Access
Question # 121

Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?

A.

You can install Hotfixes with the Central Deployment in SmartConsole

B.

You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole.

C.

Only be installed Hotfixes can with the Central Deployment in SmartConsole

D.

You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.10.

Full Access
Question # 122

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

A.

Kerberos Ticket Renewed

B.

Kerberos Ticket Requested

C.

Account Logon

D.

Kerberos Ticket Timed Out

Full Access
Question # 123

Which is not a blade option when configuring SmartEvent?

A.

Correlation Unit

B.

SmartEvent Unit

C.

SmartEvent Server

D.

Log Server

Full Access
Question # 124

Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.

What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?

A.

Missing an installed R77.20 Add-on on Security Management Server

B.

Unsupported firmware on UTM-1 Edge-W appliance

C.

Unsupported version on UTM-1 570 series appliance

D.

Unsupported appliances on remote locations

Full Access
Question # 125

What is the Implicit Clean-up Rule?

A.

A setting is defined in the Global Properties for all policies.

B.

A setting that is configured per Policy Layer.

C.

Another name for the Clean-up Rule.

D.

Automatically created when the Clean-up Rule is defined.

Full Access
Question # 126

Check Point security components are divided into the following components:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Full Access
Question # 127

What command would show the API server status?

A.

cpm status

B.

api restart

C.

api status

D.

show api status

Full Access
Question # 128

Which is NOT a SmartEvent component?

A.

SmartEvent Server

B.

Correlation Unit

C.

Log Consolidator

D.

Log Server

Full Access
Question # 129

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

A.

User Directory

B.

Captive Portal and Transparent Kerberos Authentication

C.

Captive Portal

D.

UserCheck

Full Access
Question # 130

What is the responsibility of SOLR process on R81.10 management server?

A.

Validating all data before it’s written into the database

B.

It generates indexes of data written to the database

C.

Communication between SmartConsole applications and the Security Management Server

D.

Writing all information into the database

Full Access
Question # 131

What will be the effect of running the following command on the Security Management Server?

A.

Remove the installed Security Policy.

B.

Remove the local ACL lists.

C.

No effect.

D.

Reset SIC on all gateways.

Full Access
Question # 132

What are the types of Software Containers?

A.

Three; security management, Security Gateway, and endpoint security

B.

Three; Security Gateway, endpoint security, and gateway management

C.

Two; security management and endpoint security

D.

Two; endpoint security and Security Gateway

Full Access
Question # 133

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Full Access
Question # 134

Which is NOT an example of a Check Point API?

A.

Gateway API

B.

Management API

C.

OPSEC SDK

D.

Threat Prevention API

Full Access
Question # 135

Which path below is available only when CoreXL is enabled?

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Full Access
Question # 136

Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

A.

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

B.

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C.

The CoreXL FW instances assignment mechanism is based on IP Protocol type

D.

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Full Access
Question # 137

Please choose the path to monitor the compliance status of the Check Point R81.10 based management.

A.

Gateways & Servers --> Compliance View

B.

Compliance blade not available under R81.10

C.

Logs & Monitor --> New Tab --> Open compliance View

D.

Security & Policies --> New Tab --> Compliance View

Full Access
Question # 138

You want to verify if your management server is ready to upgrade to R81.10. What tool could you use in this process?

A.

migrate export

B.

upgrade_tools verify

C.

pre_upgrade_verifier

D.

migrate import

Full Access
Question # 139

Which blades and or features are not supported in R81?

A.

SmartEvent Maps

B.

SmartEvent

C.

Identity Awareness

D.

SmartConsole Toolbars

Full Access
Question # 140

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Full Access
Question # 141

Which command can you use to enable or disable multi-queue per interface?

A.

cpmq set

B.

Cpmqueue set

C.

Cpmq config

D.

St cpmq enable

Full Access
Question # 142

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Full Access
Question # 143

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

A.

TCP 18211

B.

TCP 257

C.

TCP 4433

D.

TCP 443

Full Access
Question # 144

Which statement is true regarding redundancy?

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Full Access
Question # 145

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

A.

Big l

B.

Little o

C.

Little i

D.

Big O

Full Access
Question # 146

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

A.

UDP port 265

B.

TCP port 265

C.

UDP port 256

D.

TCP port 256

Full Access
Question # 147

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

A.

fwd via cpm

B.

fwm via fwd

C.

cpm via cpd

D.

fwd via cpd

Full Access
Question # 148

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

A.

logd

B.

fwd

C.

fwm

D.

cpd

Full Access
Question # 149

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

A.

50%

B.

75%

C.

80%

D.

15%

Full Access
Question # 150

fwssd is a child process of which of the following Check Point daemons?

A.

fwd

B.

cpwd

C.

fwm

D.

cpd

Full Access
Question # 151

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

A.

Anti-Bot is the only countermeasure against unknown malware

B.

Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers

C.

Anti-Bot is the only signature-based method of malware protection.

D.

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

Full Access
Question # 152

What is the limitation of employing Sticky Decision Function?

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Full Access
Question # 153

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

A.

SecureID

B.

SecurID

C.

Complexity

D.

TacAcs

Full Access
Question # 154

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Full Access
Question # 155

Advanced Security Checkups can be easily conducted within:

A.

Reports

B.

Advanced

C.

Checkups

D.

Views

E.

Summary

Full Access
Question # 156

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Full Access
Question # 157

Which of the SecureXL templates are enabled by default on Security Gateway?

A.

Accept

B.

Drop

C.

NAT

D.

None

Full Access
Question # 158

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?

A.

fw accel stat

B.

fwaccel stat

C.

fw acces stats

D.

fwaccel stats

Full Access
Question # 159

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?

A.

Severity

B.

Automatic reactions

C.

Policy

D.

Threshold

Full Access
Question # 160

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

A.

fw ctl multik dynamic_dispatching on

B.

fw ctl multik dynamic_dispatching set_mode 9

C.

fw ctl multik set_mode 9

D.

fw ctl multik pq enable

Full Access
Question # 161

Which of the following authentication methods ARE NOT used for Mobile Access?

A.

RADIUS server

B.

Username and password (internal, LDAP)

C.

SecurID

D.

TACACS+

Full Access
Question # 162

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Full Access
Question # 163

On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

A.

18210

B.

18184

C.

257

D.

18191

Full Access
Question # 164

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

A.

Detects and blocks malware by correlating multiple detection engines before users are affected.

B.

Configure rules to limit the available network bandwidth for specified users or groups.

C.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

D.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Full Access
Question # 165

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

A.

Dynamic ID

B.

RADIUS

C.

Username and Password

D.

Certificate

Full Access
Question # 166

CoreXL is supported when one of the following features is enabled:

A.

Route-based VPN

B.

IPS

C.

IPv6

D.

Overlapping NAT

Full Access
Question # 167

If you needed the Multicast MAC address of a cluster, what command would you run?

A.

cphaprob –a if

B.

cphaconf ccp multicast

C.

cphaconf debug data

D.

cphaprob igmp

Full Access
Question # 168

Session unique identifiers are passed to the web api using which http header option?

A.

X-chkp-sid

B.

Accept-Charset

C.

Proxy-Authorization

D.

Application

Full Access
Question # 169

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Full Access
Question # 170

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Full Access
Question # 171

What is the mechanism behind Threat Extraction?

A.

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

B.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

C.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

D.

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Full Access
Question # 172

Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

A.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

Time object to a rule to make the rule active only during specified times.

D.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Full Access
Question # 173

In R81 spoofing is defined as a method of:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Full Access
Question # 174

Which command can you use to verify the number of active concurrent connections?

A.

fw conn all

B.

fw ctl pstat

C.

show all connections

D.

show connections

Full Access
Question # 175

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

A.

Secure Internal Communication (SIC)

B.

Restart Daemons if they fail

C.

Transfers messages between Firewall processes

D.

Pulls application monitoring status

Full Access