ASCC 2

When launching SmartDashboard, what information is required to log into R77?. User Name, Management Server IP, certificate fingerprint file. User Name, Password, Management Server IP. Password, Management Server IP. Password, Management Server IP, LDAP Server IP.

What is the Transport layer of the TCP/IP model responsible for?. It transports packets as datagrams along different routes to reach their destination. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer. It deals with all aspects of the physical components of network connectivity and connects with different network types.

What is the purpose of a Stealth Rule?. A rule used to hide a server's IP address from the outside world. A rule that allows administrators to access SmartDashboard from any device. To drop any traffic destined for the firewall that is not otherwise explicitly allowed. A rule at the end of your policy to drop any traffic that is not explicitly allowed.

Which default user has full read/write access?. Monitor. Altuser. Administrator. Superuser.

Which of the following actions do NOT take place in IKE Phase 1?. Which of the following actions do NOT take place in IKE Phase 1?. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key. Peers agree on integrity method. Each side generates a session key from its private key and peer's public key.

Identify the ports to which the Client Authentication daemon listens on by default?. 259, 900. 256, 257. 8080, 529. 80, 256.

On the following picture an administrator configures Identity Awareness: After clicking "Next" the above configuration is supported by: Kerberos SSO which will be working for Active Directory integration. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user. Obligatory usage of Captive Portal. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.

How is communication between different Check Point components secured in R80? As with all questions, select the best answer. By using IPSEC. By using SIC. By using ICA. By using 3DES.

Which authentication scheme requires a user to possess a token?. TACACS. SecurID. Check Point password. RADIUS.

Which remote Access Solution is clientless?. Checkpoint Mobile. Endpoint Security Suite. SecuRemote. Mobile Access Portal.

You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database. Data Awareness is not enabled. Identity Awareness is not enabled. Logs are arriving from Pre-R80 gateways.

Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway. Formal; corporate. Local; formal. Local; central. Central; local.

Which firewall daemon is responsible for the FW CLI commands?. fwd. fwm. cpm. cpd.

Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade statistics of VPN, Identity Awareness and DLP?. cpconfig. fw ctl pstat. cpview. fw ctl multik stat.

Where is the "Hit Count" feature enabled or disabled in SmartConsole?. On the Policy Package. On each Security Gateway. On the Policy layer. In Global Properties for the Security Management Server.

After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect. Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config. add interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0.0.0.0.0 gw 192.168.80.1 onsave config. add interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config.

All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?. FTP. SMTP. HTTP. RLOGIN.

When should you generate new licenses?. Before installing contract files. After a device upgrade. When the existing license expires, license is upgraded or the IP-address associated with the license changes. Only when the license is upgraded.

Which of the following is NOT an option for internal network definition of Anti-spoofing?. Specific - derived from a selected object. Route-based - derived from gateway routing table. Network defined by the interface IP and Net Mask. Not-defined.

Check Point ClusterXL Active/Active deployment is used when: Only when there is Multicast solution set up. There is Load Sharing solution set up. Only when there is Unicast solution set up. There is High Availability solution set up.

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server (Security Management Server)?. Display policies and logs on the administrator's workstation. Verify and compile Security Policies. Processing and sending alerts such as SNMP traps and email notifications. Store firewall logs to hard drive storage.

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______. UserCheck. User Directory. User Administration. User Center.

What is Consolidation Policy?. The collective name of the Security Policy, Address Translation, and IPS Policies. The specific Policy written in SmartDashboard to configure which log data is stored in the SmartReporter database. The collective name of the logs generated by SmartReporter. A global Policy used to share a common enforcement policy for multiple Security Gateways.

When should you generate new licenses?. Before installing contract files. After an RMA procedure when the MAC address or serial number of the appliance changes. When the existing license expires, license is upgraded or the IP-address where the license is tied changes. Only when the license is upgraded.

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?. Application Control. Data Awareness. Identity Awareness. Threat Emulation.

The SIC Status "Unknown" means. There is connection between the gateway and Security Management Server but it is not trusted. The secure communication is established. There is no connection between the gateway and Security Management Server. The Security Management Server can contact the gateway, but cannot establish SIC.

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?. Accounting. Suppression. Accounting/Suppression. Accounting/Extended.

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?. Detects and blocks malware by correlating multiple detection engines before users are affected. Configure rules to limit the available network bandwidth for specified users or groups. Use UserCheck to help users understand that certain websites are against the company's security policy. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Which tool is used to enable ClusterXL?. SmartUpdate. cpconfig. SmartConsole. sysconfig.

Which of the following is NOT a component of Check Point Capsule?. Capsule Docs. Capsule Cloud. Capsule Enterprise. Capsule Workspace.

Which of the following describes how Threat Extraction functions?. Detect threats and provides a detailed report of discovered threats. Proactively detects threats. Delivers file with original content. Delivers PDF versions of original files with active content removed.

Can multiple administrators connect to a Security Management Server at the same time?. No, only one can be connected. Yes, all administrators can modify a network object at the same time. Yes, every administrator has their own username, and works in a session that is independent of other administrators. Yes, but only one has the right to write.

Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?. A star community requires Check Point gateways, as it is a Check Point proprietary technology. In a star community, satellite gateways cannot communicate with each other. In a mesh community, member gateways cannot communicate directly with each other. In a mesh community, all members can create a tunnel with any other member.

Which of the following is TRUE regarding Gaia command line?. Configuration changes should be done in mgmt_cli and use CLISH for monitoring, Expert mode is used only for OS level tasks. Configuration changes should be done in expert-mode and CLISH is used for monitoring. Configuration changes should be done in mgmt-cli and use expert-mode for OS-level tasks. All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks.

A digital signature: Guarantees the authenticity and integrity of a message. Automatically exchanges shared keys. Decrypts data to its original form. Provides a secure key exchange mechanism over the Internet.

The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is _______ . TCP 18211. TCP 257. TCP 4433. TCP 443.

What type of NAT is a one-to-one relationship where each host is translated to a unique address?. Source. Static. Hide. Destination.

Which of the following is NOT a back up method?. Save backup. System backup. snapshot. Migrate.

What is true about the IPS-Blade?. in R80, IPS is managed by the Threat Prevention Policy. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict. in R80, IPS Exceptions cannot be attached to "all rules". in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same.

Which Threat Prevention Profile is not included by default in R80 Management?. Basic - Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on network performance. Optimized - Provides excellent protection for common network products and protocols against recent or popular attacks. Strict - Provides a wide coverage for all products and protocols, with impact on network performance. Recommended - Provides all protection for all common network products and servers, with impact on network performance.

Which command is used to add users to or from existing roles?. Add rba user <User Name> roles <List>. Add rba user <User Name>. Add user <User Name> roles <List>. Add user <User Name>.

Which Check Point software blade provides protection from zero-day and undiscovered threats?. Firewall. Threat Emulation. Application Control. Threat Extraction.

Which of the following are types of VPN communities?. Pentagon, star, and combination. Star, octagon, and combination. Combined and star. Meshed, star, and combination.

Which of the following is NOT a tracking log option in R80.x?. Log. Full Log. Detailed Log. Extended Log.

Which of the following is NOT supported by Bridge Mode Check Point Security Gateway. Antivirus. Data Loss Prevention. NAT. Application Control.

You want to define a selected administrator's permission to edit a layer. However, when you click the + sign in the "Select additional profile that will be able edit this layer" you do not see anything. What is the most likely cause of this problem? Select the BEST answer. "Edit layers by Software Blades" is unselected in the Permission Profile. There are no permission profiles available and you need to create one first. All permission profiles are in use. "Edit layers by selected profiles in a layer editor" is unselected in the Permission profile.

Why would an administrator see the message below?. A new Policy Package created on both the Management and Gateway will be deleted and must be packed up first before proceeding. A new Policy Package created on the Management is going to be installed to the existing Gateway. A new Policy Package created on the Gateway is going to be installed on the existing Management. A new Policy Package created on the Gateway and transferred to the management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt. mgmt_cli add host name "Server_1" ip_address "10.15.123.10" --format json. mgmt_cli add object-host "Server_1" ip_address "10.15.123.10" --format json. mgmt_cli add object "Server_1" ip_address "10.15.123.10" --format json.

Fill in the blanks: A High Availability deployment is referred to as a ______ cluster and a Load Sharing deployment is referred to as a ________ cluster. Standby/standby; active/active. Active/active; standby/standby. Active/active; active/standby;. Active/standby; active/active.

When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?. Log, send snmp trap, email. Drop packet, alert, none. Log, alert, none. Log, allow packets, email.

Which NAT rules are prioritized first?. Post-Automatic/Manual NAT rules. Manual/Pre-Automatic NAT. Automatic Hide NAT. Automatic Static NAT.

You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?. SmartView Tracker and SmartView Monitor. SmartLSM and SmartUpdate. SmartDashboard and SmartView Tracker. SmartView Monitor and SmartUpdate.

Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?. Blue > add local backup. Expert&Blue#add local backing. Blue > set backup local. Blue > add backup local.

At what point is the Internal Certificate Authority (ICA) created?. Upon creation of a certificate. During the primary Security Management Server installation process. When an administrator decides to create one. When an administrator initially logs into SmartConsole.

What key is used to save the current CPView page in a filename format cpview_"cpview process ID". cap"number of captures"?. S. W. C. Space bar.

Which deployment adds a Security Gateway to an existing environment without changing IP routing?. Distributed. Bridge Mode. Remote. Standalone.

Which statement is TRUE of anti-spoofing?. Anti-spoofing is not needed when IPS software blade is enabled. it is more secure to create anti-spoofing groups manually. It is BEST Practice to have anti-spoofing groups in sync with the routing table. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change.

Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?. One machine, but it needs to be installed using SecurePlatform for compatibility purposes. One machine. Two machines. Three machines.

To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?. Full HA Cluster. High Availability. Standalone. Distributed.

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?. Install appliance TE250X on SpanPort on LAN switch in MTA mode. Install appliance TE250X in standalone mode and setup MTA. You can utilize only Check Point Cloud Services for this scenario. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Which SmartConsole component can Administrators use to track changes to the Rule Base?. WebUI. SmartView Tracker. SmartView Monitor. SmartReporter.

Which options are given on features, when editing a Role on Gaia Platform?. Read/Write, Read Only. Read/Write, Read only, None. Read/Write, None. Read Only, None.

Look at the following screenshot and select the BEST answer. Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP. Internal clients can upload and download any-files to FTP_Ext-server using FTP. Internal clients can upload and download archive-files to FTP_Ext server using FTP. Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.

Which of these attributes would be critical for a site-to-site VPN?. Scalability to accommodate user groups. Centralized management. Strong authentication. Strong data encryption.

There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?. No, since "maintain current active cluster member" option on the cluster object properties is enabled by default. No, since "maintain current active cluster member" option is enabled by default on the Global Properties. Yes, since "Switch to higher priority cluster member" option on the cluster object properties is enabled by default. Yes, since "Switch to higher priority cluster member" option is enabled by default on the Global Properties.

Which directory holds the SmartLog index files by default?. $SMARTLOGDIR/data. $SMARTLOG/dir. $FWDIR/smartlog. $FWDIR/log.

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________. On all satellite gateway to satellite gateway tunnels. On specific tunnels for specific gateways. On specific tunnels in the community. On specific satellite gateway to central gateway tunnels.

What command would show the API server status?. cpm status. api restart. api status. show api status.

What is the SOLR database for?. Used for full text search and enables powerful matching capabilities. Writes data to the database and full text search. Serves GUI responsible to transfer request to the DLE server. Enables powerful matching capabilities and writes data to the database.

Fill in the blank: Authentication rules are defined for ____________. User groups. Users using UserCheck. Individual users. All users in the database.

Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?. Microsoft Publisher. JSON. Microsoft Word. RC4 Encryption.

Which of the following technologies extracts detailed information from packets and stores that information in state tables?. INSPECT Engine. Next-Generation Firewall. Packet Filtering. Application Layer Firewall.

Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made: Tom's changes will have been stored on the Management when he reconnects and he will not lose any of this work. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. Tom's changes will be lost since he lost connectivity and he will have to start again. Tom will have to reboot his SmartConsole computer, clear the cache and restore changes.

In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?. Pentagon. Combined. Meshed. Star.

What is the purpose of Priority Delta in VRRP?. When a box is up, Effective Priority = Priority + Priority Delta. When an Interface is up, Effective Priority = Priority + Priority Delta. When an Interface fails, Effective Priority = Priority - Priority Delta. When a box fails, Effective Priority = Priority - Priority Delta.

Which statement is TRUE of anti-spoofing?. Anti-spoofing is not needed when IPS software blade is enabled. It is more secure to create anti-spoofing groups manually. It is BEST Practice to have anti-spoofing groups in sync with the routing table. With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change.

Fill in the blank: The position of an implied rule is manipulated in the __________________ window. NAT. Firewall. Global Properties. Object Explorer.

You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?. show unsaved. show save-state. show configuration diff. show config-state.

Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?. SmartView Tracker. SmartPortal. SmartUpdate. SmartDashboard.

What port is used for communication to the User Center with SmartUpdate?. CPMI 200. TCP 8080. HTTP 80. HTTPS 443.

What does it mean if Deyra sees the gateway status: SmartCenter Server cannot reach this Security Gateway. There is a blade reporting a problem. VPN software blade is reporting a malfunction. Security Gateway's MGNT NIC card is disconnected.

Choose what BEST describes a Session. Starts when an Administrator publishes all the changes made on SmartConsole. Starts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published. Sessions ends when policy is pushed to the Security Gateway. Sessions locks the policy package for editing.

Which of these components does NOT require a Security Gateway R77 license?. Security Management Server. Check Point Gateway. SmartConsole. SmartUpdate upgrading/patching.

Fill in the blank: Each cluster, at a minimum, should have at least ___________ interfaces. Five. Two. Three. Four.

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?. SmartManager. SmartConsole. Security Gateway. Security Management Server.

Which one of the following is the preferred licensing model? Select the Best answer. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency. Central licensing because it ties the package license to the MAC-address of the Security Management Server Mgmt-interface and has no dependency of the gateway.

Which of the following statements accurately describes the command snapshot?. snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway. snapshot creates a Security Management Server full system-level backup on any OS. snapshot stores only the system-configuration settings on the Gateway. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server.

What Check Point technologies deny or permit network traffic?. Application Control, DLP. Packet Filtering, Stateful Inspection, Application Layer Firewall. ACL, SandBlast, MPT. IPS, Mobile Threat Protection.

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?. ThreatWiki. Whitelist Files. AppWiki. IPS Protections.

Web Control Layer has been set up using the settings in the following dialogue: Traffic that does not match any rule in the subpolicy is dropped. All employees can access only Youtube and Vimeo. Access to Youtube and Vimeo is allowed only once a day. Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6.

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?. UDP port 265. TCP port 265. UDP port 256. TCP port 256.

The Gaia operating system supports which routing protocols?. BGP, OSPF, RIP. BGP, OSPF, EIGRP, PIM, IGMP. BGP, OSPF, RIP, PIM, IGMP. BGP, OSPF, RIP, EIGRP.

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?. There is a virus found. Traffic is still allowed but not accelerated. The connection required a Security server. Acceleration is not enabled. The traffic is originating from the gateway it self.

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?. fwd. fwm. cpd. cpwd.

True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration. False, log servers are configured on the Log Server General Properties. True, all Security Gateways will only forward logs with a SmartCenter Server configuration. True, all Security Gateways forward logs automatically to the Security Management Server. False, log servers are enabled on the Security Gateway General Properties.

What are the two high availability modes?. Load Sharing and Legacy. Traditional and New. Active and Standby. New and Legacy.

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?. The Gateway is an SMB device. The checkbox "Use only Shared Secret for all external members" is not checked. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS. Pre-shared secret is already configured in Global Properties.

An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?. AD Query. Browser-Based Authentication. Identity Agents. Terminal Servers Agent.

Please choose correct command syntax to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?. host name myHost12 ip-address 10.50.23.90. mgmt add host name ip-address 10.50.23.90. add host name emailserver1 ip-address 10.50.23.90. mgmt add host name emailserver1 ip-address 10.50.23.90.

Which of the following uses the same key to decrypt as it does to encrypt?. Asymmetric encryption. Dynamic encryption. Certificate-based encryption. Symmetric encryption.