What's the comand to see the status cluster in cli expert mode? fw ctl stat ClusterXL status clusterXL stat cphaprob stat.
Which of the secureXL templates are enable by default on Security Gateway? none Accept Drop NAT.
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment? 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard? You can assign only one profile per gateway and a profile can be assigned to one rule Only. You can assign multiple profiles per gateway and a profile can be assigned to one rule only. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Gaia greatly increases operational efficiency by offering an advance and intuitive sotfware update agent, commonly referred to as the Checkpoint Update Service Engine Checkpoint Sotfware Update agent Checkpoint Remote installation Daemon (CPRID) Checkpoint sotfware update daemon.
What is the purpose of a SmartEvent Correlation Unit The smartEvent correlation Unit is designed to check the connectio realiability from smartconsole to the smartEvent server The SmartEvent Correlation Unit's task it to assign severity levels to the identified events The correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events The smartEvent correlation Unit is designed to check the availability of the SmartReporter Server.
What command resembles fw monitor the most? ping arp tcpdump tracerouter.
What is the command to show SecureXL status? fwaccel status fwaccel stats -m fwaccel -s fwaccel stat.
Whats the limitation of employing Sticky Decision Function? With SDF enabled, the involved VPN Gateways only support IKEv1 Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF With SDF enabled, only ClusterXL in legacy mode is support With SDF enabled, you can only have three sync interfaces at most.
What command lists all interfaces using Multi-Queue? cpmq get show interfaces all cpmq set show multiqueue all.
You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first step to run managment API commands on GAIA's shell? mgmt admin@teabag > id.txt mgmt login login user admin password teabag mgmt_cli login user "admin" password "teabag" > id.txt.
What are the blades of Threat Prevention? IPS,DLP,AntiVirus,AntiBot,Sandblast Threat Emulation/Extractions DLP,Antivirus,QoS,AntiBot,SandBlast Threat Emulation/Extractions IPS, Antivirus, AntiBot IPS,AntiVirus,AntiBot,Threat Emulation/Extractions.
In which formats can Threat Emulation forensic reports be viewed in? TXT, XML and CSV PDF and TXT PDF, HTML, and XML PDF and HTML.
The CPD daemon is a Firewall Kernel Process that does NOT do wich of the following? Secure Internal Communication (SIC) Restart daemons if the fail Transfer messages between Firewall process Pulls application monitoring status.
Which statement is NOT TRUE about delta Syncronization? Using UDP Multicast or Broadcast on port 8161 Using UDP Multicast or Broadcast on port 8116 Quicker than Full Sync Transfer changes in the kernel tables between cluster members.
What is the SOLR database for? Used for full text search and enables powerful matching capabilities Writes data to the database and full text search Serves GUI responsible to transfer request to the DLEserver Enables powerful matching capabilities and writes to the database.
On R80.10 the IPS Blade is managed by: Threat Prevention policy Anti-Bot Blade Threat Protection policy Layers on Firewall Policy.
When defining QoS globla properties, which option below is not valid: Weight Authetication timeout Schedule Rate.
Which Threat Prevention Profile is not included by default un R80 Management Basic: Provides reliable protection on range of non-HTTP protocols for servers, with minimal impact on network performance Optimized: Provides excellent protection for common network products and protocols against recent or popular attacks Strict: Provides a wide coverage for all products and protocols, with impact on network performance Recommended: Provide all protection for all common network products and servers, with impact on network performance.
In order to get info about assigment (FW,SDN) of all CPUs in your SGW, what is the most accurate CLI Command? fw ctl sdstat fw ctl affinity -l -a -r -v fw ctl multik stat cpinfo.
What are the available options for downloading Checkpoint hotfiex in Gaia WebUI (CPUSE) Manually, Scheduled, Automatic Update Now, Scheduled Update, Offline Update Update Automatically, Update now, Disabled update Manual Update, Disable update, Automatic update.
When using CPSTAT, what is the default port used by the AMON server 18191 18192 18194 18190.
You want to store the GAIA configuration in a file for later reference. What command should you use? write mem <filename> show config -f <filename> save config <filename> save configuration <filename>.
What statement best describes the proxy ARP feature for Manual NAT in R80.10? Automatic proxy ARP configuration can be enabled Translate Destination on Client Side should be configured. fw ctl proxy should be configured local.arp file must allways be configured.
For best practices, what is the recommended time for automatic unlocking of locked admin accounts? 20 minutes 15 minutes Admin account cannot be unlocked automatically 30 minutes at least.
What is considered Hybrid Emulation Mode? Manual configuration of file types on emulation location Load Sharing of emulation between an on premise appliance and the cloud Load Sharing between OS behavior and CPU Level emulation. High availability between the local SandBlast appliance and the cloud.
How often does Threat Emulation download packages by default? Once a week Once an hour Twice per day Once per day.
What is not a component of Checkpoint SandBlast? Threat Emulation Threat Simulator Threat Extraction Threat Cloud.
What is true of the API server on R80.10? By default the API-server is activated and does not have hardware requirements By default the API-server is not active and should be activated from the webiu By default the API server is active on management and stand-alone servers with 16GB of RAM (or more) By default, the API server is active on mgmt servers with 4GB of RAM (or more) and on stand-alone server with 8GB of RAM (or more).
To ensure that VMAC is enabled, which CLI command you should run on all cluster members? Choose the best answer fw ctl set int fwha vmac global param enabled fw ctl get int fwha vmac globla param enabled; result of command should return value 1 By default the API server is active on management and stand-alone servers with 16GB of RAM (or more) By default, the API server is active on mgmt servers with 4GB of RAM (or more) and on stand-alone server with 8GB of RAM (or more).
How do you enable virtual mac (VMAC) on-the-fly on a cluster member? cphaprob set int fwha_vmac_global_param_enabled 1 clusterXL set int fwha_vmac_global_param_enabled 1 fw ctl set int fwha_vmac_global_param_enabled 1 cphaconf set int fwha_vmac_global_param_enabled 1 .
Which is the correct order of a log flow processed by SmartEvent components? Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client.
What are three components for Checkpoint Capsule? Capsule Docs, Capsule Cloud, Capsule Connect Capsule Workspace, Capusule Cloud, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Cloud.
To add a file to the threat Prevention Whitelist, what two items are needed? File name and Gateway Object Name and MD5 signature MD5 signature and Gateway IP address of MGMT server and gateway.
Packet acceleration (SecureXL) identifies connections by serveral attributes. Which of the attributes is NOT used for identify connection? Source Address Destination Address TCP Acknowledment number Source Port.
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using: HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL. Network Extender. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL. Network Extender. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
What is mandatory for ClusterXL to work properly? The number of cores must be the same on every participating cluster node Tha Magic MAC number must be unique per cluster node The Sync interface must no have an IP address configured If you have "non-monitred private" interfaces, the number of those interfaces must be the same on all cluster members.
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway? SND is a feature to accelerate multiple SSL VPN Connections SND is an alternative to IPSec Main mode, using only 3 packets SND is used to distribute packets among Firewall instances SND is a feature of fw monitor to capture accelerated packets.
When setting up an externally managed log server, what is the one item that will not be configured on the R80 Security Managment Server IP SIC NAT FQDN.
What is the command to show SecureXL status? fwaccel stat fwaccel stats -m fwaccel -s fwaccel status.
In R80.10, how do you manage your Mobile Access Policy? Through the Unified Policy Through the Mobile Console From SmartDashboard From the Dedicated Mobility Tab.
What Scenario indicates that SecureXL is enabled? Dynamic objects are available in the object Explorer SecureXL can be disabled in cpconfig fwaccel commands can be used in clish Only one packet in a stream is seen in a fw monitor packet capture.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic.
The cpm process: Allow GUI Client and management server to communicate via TCP Port 19001 Allow GUI Client and management server to communicate via TCP Port 18191 Performs database tasks such as creating, deleting, and modifying objects and compiling policy. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.
What must you do firts if "fwm sic_reset" could not be completed? CPstop the find keyword "certificate" in objects_5_0.C and delete the section Reinitialize SIC on the Security gateway the run "fw unloadlocal" Reset SIC from Smart Dashboard Chage internal CA via cpconfig.
You manager asjed you to check the status of SecureXL, and its enable templates and features. What command will you use to provide such information to your manager? fw accel stat fwaccel stat fw acces stats fwaccel stats.
If you need the Multicast MAC address of a cluster, what command would you run? cphaprob -a if cphaconf ccp multicast cphaconf debug data cphaprob igmp.
What cli command will reset the IPS pattern matcher statistics? ips reset pmstat ips pstat reset ips pmstats refresh ips pstats reset.
Which path below is available only when coreXL is enabled? slow path Firewall Path Medium Path Accelerated Path.
What is the command to check the status of the SmartEvent Correlation Unit? fw ctl get int cpsead_stat cpstat cpsead fw ctl stat cpsemd cp_conf get_stat cpsemd.
What cloud-based SandBlast Mobile application is used to register new devices and users? Checkpoint Protect Application Management Dashboard Behavior Risk Engine Checkpoint Gateway.
What CLI Utility runs connectivity test from a Security Gateway to an AD domain Controller? test_connectivity_ad -d <domain> test_ldap_connectivity -d <domain> test_ad_connectivity -d <domain> ad_connectivity_test -d <domain>.
Which is not a blade option when configuring SmartEvent? Correlation Unit SmartEvent Unit SmartEvent Server Log Server.
Which files below ARE NOT core dump files when debbuggin the Security Acceleration Module Card? /var/log/messages* /var/log/crash/<date>/vmcore/* /var/log/sam_log/* /var/crash/<date>/vmcore/*.
What is SOLR database for? Used for full text search and enables powerful matching capabilities Writes data to the database and full text search Serves GUI responsible to transfer request ti the DLE server Enable powerful matching capabilities and writes data to the database.
What packet info is ignored with Session Rate Acceleration? Source port range source ip source port same info from Packet Acceleration is used.
The SmartEvent R80 Web application for real-time monitoring is called? SmartView Monitor SmartEvenetWeb There is no Web Application for SmartEvent SmartView.
Which method below is NOT one of the ways to communicate using the Management API's? Typing API Commands using the "mgmt_cli" command Typing API commands from a dialog box inside the SmartConsole GUI Application Typing API Command using Gaia's secure shell (clish)19+ Sending API Commands over http connectiong using http-services.
Sticky Decicion Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster Symetric routing Failovers Asymmetic routing Anti-Spoofing.
Sand Blast appliances can be deployed in the following modes: Using a SPAN port to receive a copy of the traffic only detect only inline/prevent or detect as a Mail Transfer Agent and as part of the we traffic flow only.
What is the valid range for VRID value in VRRP configuration? 1-254 1-255 0-254 0-255.
What are the main stages of a policy installation? Verification & Compilation, transfer and commit Verification & Compilation, transfer and Instalation Verification, commit, installation Verification, Compilation & Transfer, installation.
In smartEvent, what are the diffrerent types of automatic reaction that the administrator can configure? Mail,Block source,Block Event Activity,External Script, SNMP Trap Mail,Block source,Block destination,Block services, SNMP Trap Mail,Block source,Block destination, External Script, SNMP Trap Mail,Block source,Block Event Activity,Packet Capture SNMP Trap.
How long may verification of one file take for SandBlast Threat Emulation? up to 1 minute within seconds cleaned file will be provided up to 5 minutes up to 3 minutes.
|
