option
Cuestiones
ayuda
daypo
CREAR TEST
buscar.php

CCSECHKP

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
CCSECHKP

Descripción:
CHECKPOINT CHECKPOINT CHECKPOINT

Fecha de Creación: 2024/11/18

Categoría: Informática

Número Preguntas: 302

Valoración:(0)
COMPARTE EL TEST
Nuevo ComentarioNuevo Comentario
Comentarios
NO HAY REGISTROS
Temario:

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?. Publish changes. Save changes. Install policy. Install database.

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?. Both License (.lic) and Contract (.xml) files. cp.macro. Contract file (.xml). license File (.lic).

Which two Identity Awareness daemons are used to support identity sharing?. Policy Activation Point (PAP) and Policy Decision Point (PDP). Policy Manipulation Point (PMP) and Policy Activation Point (PAP). Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP). Policy Decision Point (PDP) and Policy Enforcement Point (PEP).

In which scenario will an administrator need to manually define Proxy ARP?. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall’s interfaces.

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?. Centos Linux. Gaia embedded. Gaia. Red Hat Enterprise Linux version 5.

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?. Source Port Address Translation (PAT) is enabled by default. Automatic NAT rules are supported for Network objects only. Automatic NAT rules are supported for Host objects only. Source Port Address Translation (PAT) is disabled by default.

What technologies are used to deny or permit network traffic?. Stateful Inspection, Firewall Blade, and URL/Application Blade. Packet Filtering, Stateful Inspection, and Application Layer Firewall. Firewall Blade, URL/Application Blade, and IPS. Stateful Inspection, URL/Application Blade, and Threat Prevention.

Identity Awareness allows easy configuration for network access and auditing based on what three items?. Client machine IP address. Network location, the identity of a user and the identity of a machine. Log server IP address. Gateway proxy IP address.

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?. Windows Management Instrumentation (WMI). Hypertext Transfer Protocol Secure (HTTPS). Lightweight Directory Access Protocol (LDAP). Remote Desktop Protocol (RDP).

What are the types of Software Containers?. Smart Console, Security Management, and Security Gateway. Security Management, Security Gateway, and Endpoint Security. Security Management, Log & Monitoring, and Security Policy. Security Management, Standalone, and Security Gateway.

What are the Threat Prevention software components available on the Check Point Security Gateway?. A. IPS, Threat Emulation and Threat Extraction. B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction. C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. D. IDS, Forensics, Anti-Virus, Sandboxing.

12- When using Automatic Hide NAT, what is enabled by default?. Source Port Address Translation (PAT). Static NAT. Static Route. HTTPS Inspection.

In which deployment is the security management server and Security Gateway installed on the same appliance?. Standalone. Remote. Distributed. Bridge Mode.

What is the main objective when using Application Control?. To filter out specific content. To assist the firewall blade with handling traffic. To see what users are doing. Ensure security and privacy of information.

Gaia has two default user accounts that cannot be deleted. What are those user accounts?. Admin and Default. Expert and Clish. Control and Monitor. Admin and Monitor.

When changes are made to a Rule base, It is important to __________ to enforce changes. Publish database. Activate policy. Install policy. Save changes.

Why is a Central License the preferred and recommended method of licensing?. Central Licensing actually not supported with Gaia. Central Licensing is the only option when deploying Gala. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

What does the "unknown" SIC status shown on SmartConsole mean?. SIC activation key requires a reset. Administrator input the wrong SIC key. The management can contact the Security Gateway but cannot establish Secure Internal Communication. There is no connection between the Security Gateway and Security Management.

What are valid authentication methods for mutual authenticating the VPN gateways. PKI Certificates and Kerberos Tickets. PKI Certificates and DynamicID OTP. Pre-Shared Secrets and Kerberos Ticket. Pre-shared Secret and PKI Certificates.

What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.10 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.10 6) On each Cluster Member, disable the MVC mechanism. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on 2) Upgrade the passive node M2 to R81.10 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.10 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy. 1) In SmartConsole, change the version of the cluster object 2) Upgrade the passive node M2 to R81.10 3) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on 4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails 5) After examine the cluster states upgrade node M1 to R81.10 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object. 1) Upgrade the passive node M2 to R81.10 2) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on 3) In SmartConsole, change the version of the cluster object 4) Install the Access Control Policy 5) After examine the cluster states upgrade node M1 to R81.10 6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.10.

Which Operating Systems are supported for the Endpoint Security VPN?. Windows and x86 Solaris. Windows and macOS computers. Windows and SPARC Solaris. Windows and Red Hat Linux.

What are the three SecureXL Templates available in R81.10?. PEP Templates, QoS Templates, VPN Templates. Accept Templates, Drop Templates, NAT Templates. Accept Templates, Drop Templates, Reject Templates. Accept Templates, PDP Templates, PEP Templates.

Which Queue in the Priority Queue has the maximum priority?. High Priority. Control. Routing. Heavy Data Queue.

Which upgrade method you should use upgrading from R80.40 to R81.10 to avoid any downtime?. Zero Downtime Upgrade (ZDU). Connectivity Upgrade (CU). Minimal Effort Upgrade (ME). Multi-Version Cluster Upgrade (MVC).

The Check Point installation history feature in provides the following: View install changes and install specific version. Policy Installation Date only. Policy Installation Date, view install changes and install specific version. View install changes.

What is the SOLR database for?. Writes data to the database and full text search. Enables powerful matching capabilities and writes data to the database. Serves GUI responsible to transfer request to the DLEserver. Used for full text search and enables powerful matching capabilities.

Which command lists firewall chain?. fw ctl chain. fw list chain. fw chain module. fw tab -t chainmod.

Sand Blast appliances can be deployed in the following modes: as a Mail Transfer Agent and as part of the we traffic flow only. using a SPAN port to receive a copy of the traffic only. detect only. inline/prevent or detect.

Which SmartEvent component is responsible to collect the logs from different Log Servers?. SmartEvent Server. SmartEvent Database. SmartEvent Collector. SmartEvent Correlation Unit.

How can you switch the active log file?. Run fw logswitch on the gateway. Run fwm logswitch on the Management Server. Run fwm logswitch on the gateway. Run fw logswitch on the Management Server.

What is the purpose of the command "ps aux | grep fwd"?. You can check the Process ID and the processing time of the fwd process. You can convert the log file into Post Script format. You can list all Process IDs for all running services. You can check whether the IPS default setting is set to Detect or Prevent mode.

What is the command switch to specify the Gaia API context?. You have to specify it in the YAML file api.yml which is located underneath the /etc directory of the security management server. You have to change to the zsh-Shell which defaults to the Gaia API context. No need to specify a context, since it defaults to the Gaia API context. mgmt_cli --context gaia_api <Command>.

What are the two types of tests when using the Compliance blade?. Policy-based tests and Global properties. Global tests and Object-based tests. Access Control policy analysis and Threat Prevention policy analysis. Tests conducted based on the IoC XML file and analysis of SOLR documents.

Besides fw monitor, what is another command that can be used to capture packets?. arp. traceroute. tcpdump. ping.

When performing a minimal effort upgrade, what will happen to the network traffic?. All connections that were initiated before the upgrade will be dropped, causing network downtime. All connections that were initiated before the upgrade will be handled by the active gateway. All connections that were initiated before the upgrade will be handled normally. All connections that were initiated before the upgrade will be handled by the standby gateway.

Using fw monitor you see the following inspection point notion E and i what does that mean?. E shows the packet before the VPN encryption, i after the inbound firewall VM. E shows the packet reaching the external interface, i leaving the internal interface. E shows the packet after the VPN encryption, i before the inbound firewall VM. E shows the packet leaving the external interface, i reaching the internal interface.

You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?. Open SmartView Monitor and select the SmartEvent Window from the main menu. In the SmartConsole / Logs & Monitor --> open the Logs View and use type:Correlated as query filter. In the SmartConsole / Logs & Monitor -> open a new Tab and select External Apps / SmartEvent. Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.

What is the biggest benefit of policy layers?. To break one policy into several virtual policies. Policy Layers and Sub-Policies enable flexible control over the security policy. They improve the performance on OS kernel version 3.0. To include Threat Prevention as a sub policy for the firewall policy.

Which packet info is masked with Session Rate Acceleration?. same info from Packet Acceleration is used. source port ranges. source port. source ip.

What does Backward Compatibility mean upgrading the Management Server and how can you check it?. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Installation and Upgrade Guide. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Release Notes.

Bob is going to prepare the import of the exported R81.10 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.10 release. Which of the following Check Point command is true?. $FWDIR/scripts/migrate_server print_installed_tools -v R77.30. $CPDIR/scripts/migrate_server print_installed_tools -v R81.10. $FWDIR/scripts/migrate_server print_installed_tools -v R81.10. $FWDIR/scripts/migrate_server print_uninstalled_tools -v R81.10.

What a valid SecureXL paths in R81.10?. F2F (Slow path), Templated Path, PQX and F2V. F2F (Slow path), PXL, QXL and F2V. F2F (Slow path), Accelerated Path, PQX and F2V. F2F (Slow path), Accelerated Path, Medium Path and F2V.

Alice was asked by Bob to implement the Check Point Mobile Access VPN blade – therefore are some basic configuration steps required – which statement about the configuration steps is true?. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard 2. Configure Mobile Access parameters in Security Gateway object 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal. 1. Configure Mobile Access parameters in Security Gateway object 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Add a rule in the Access Control Policy and install policy 4. Connect to the Mobile Access Portal. 1. Connect to the Mobile Access Portal 2. Enable Mobile Access blade on the Security Gateway object and complete the wizard 3. Configure Mobile Access parameters in Security Gateway object 4. Add a rule in the Access Control Policy and install policy. 1. Add a rule in the Access Control Policy and install policy 2. Configure Mobile Access parameters in Security Gateway object 3. Enable Mobile Access blade on the Security Gateway object and complete the wizard 4. Connect to the Mobile Access Portal.

What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?. set config-lock on override. Click the Lock icon in the WebUI. "set rbac rw = 1". lock database override.

The customer has about 150 remote access user with a Windows laptop. Not more than 50 Clients will be connected at the same time. The customer wants to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?. He will need Capsule Connect using MEP (multiple entry points). Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed. He will need Harmony Endpoint because of the personal firewall. Mobile Access license because he needs only a 50 user license, license count is per concurrent user.

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX?. Application and Client Service. Network and Layers. Virtual Adapter and Mobile App. Network and Application.

The admin is connected via ssh to the management server. He wants to run a mgmt_cli command but got an Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue? [Expert@SMS:0]# mgmt_cli show service-tcp name FTP Username: admin - Password: message: "Error 404. The Management API service is not available. Please check that the Management API server is up and running." code: "generic_error" [Expert@SMS:0]# netstat -anp | grep http tcp00 0.0.0.0:800.0.0.0:*LISTEN18114/httpd tcp00127.0.0.1:810.0.0.0:*LISTEN18114/httpd tcp00 0.0.0.0:44340.0.0.0:*LISTEN9019/httpd2 tcp00 0.0.0.0:4430.0.0.0:*LISTEN 18114/httpd. Wrong Management API Access settings for the client IP. To correct it go to SmartConsole / Management & Settings / Blades / Management API and press 'Advanced Settings...' and choose GUI clients or ALL IP's. The API didn't run on the default port check it with 'api status' and add '--port 4434' to the mgmt_cli command. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable 'Management API Login' under Management Permissions. The API is not running, the services shown by netstat are the Gaia services. To start the API run 'api start'.

From SecureXL perspective, what are the three paths of traffic flow: Initial Path; Medium Path; Accelerated Path. Layer Path; Blade Path; Rule Path. Firewall Path; Accelerated Path; Medium Path. Firewall Path; Accept Path; Drop Path.

What are the services used for Cluster Synchronization?. 256/TCP for Full Sync and 8116/UDP for Delta Sync. 8116/UDP for Full Sync and Delta Sync. TCP/256 for Full Sync and Delta Sync. No service needed when using Broadcast Mode.

Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?. X-chkp-sid Session Unique Identifier. API-Key. user-uid. uuid Universally Unique Identifier.

Which two Cluster Solutions are available under R81.10?. ClusterXL and NSRP. VRRP and HSRP. VRRP and IP Clustering. ClusterXL and VRRP.

Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?. Each network environment is dependent and includes interfaces, routes, sockets, and processes. Management Plane – To access, provision and monitor the Security Gateway. Data Plane – To access, provision and monitor the Security Gateway. Data Plane – To access, provision and monitor the Security Gateway.

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web. The URL and server certificate are sent to the Check Point Online Web Service. The full URL, including page data, is sent to the Check Point Online Web Service. The host part of the URL is sent to the Check Point Online Web Service. The URL and IP address are sent to the Check Point Online Web Service.

How do logs change when the "Accounting" tracking option is enabled on a traffic rule?. Involved traffic logs will be forwarded to a log server. Provides log details view email to the Administrator. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection. Provides additional information to the connected user.

To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to 'High' Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?. The Access Control and Threat Prevention Policies. The Access Control Policy. The Access Control & HTTPS Inspection Policy. The Threat Prevention Policy.

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server providing Log Export API (LEA) & Event Logging API (ELA) services?. A. DASSERVICE. B. FWD. C. CPVIEWD. D. CPD.

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?. The corresponding feature is new to R81.10 and is called "Management Data Plane Separation". The corresponding feature is called "Dynamic Dispatching". There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing. The corresponding feature is called "Dynamic Split".

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side, a process receives them and first stores them into a temporary directory. Which process is true for receiving these files: FWD. CPD. FWM. RAD.

What is the amount of Priority Queues by default?. There are 8 priority queues and this number cannot be changed. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements. There are 7 priority queues by default and this number cannot be changed. There are 8 priority queues by default, and up to 8 additional queues can be manually configured.

In R81.10 a new feature dynamic log distribution was added. What is this for?. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy. In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log. Synchronize the log between the primary and secondary management server in case of a Management High Availability. To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

What could NOT be a reason for synchronization issues in a Management HA environment?. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate. There is a network connectivity failure between the servers. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.

What is the correct Syntax for adding an access-rule via R80 API?. add access-rule layer "Network" action "Allow". add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "http". add access-rule and follow the wizard. add rule position 1 name "Rule 1" policy-package "Standard" add service "http".

Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory are true?. $FWDIR/conf/client.scv. $CPDIR/conf/local.scv. $CPDIR/conf/client.scv. $FWDIR/conf/local.scv.

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?. Network Access VPN Domain. Remote Access VPN Switch. Community Specific VPN Domain. Mobile Access VPN Domain.

Main Mode in IKEv1 uses how many packages for negotiation?. 4. depends on the make of the peer gateway. 3. 6.

To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?. fw ctl set int fwha vmac global param enabled. cphaprob -a if. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1. fw ctl get int fwha vmac global param enabled; result of command should return value 1.

Can multiple administrators connect to a Security Management Server at the same time?. Yes, all administrators can modify a network object at the same time. No, only one can be connected. Yes, every administrator has their own username, and works in a session that is independent of other administrators. Yes, but only one has the right to write.

You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?. The idle timeout for the web session is specified with the “set web session-timeout" command. The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command "set inactivity-timeout 600" instead. Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database. The number of minutes is correct. Probably, you have forgotten to save this setting with the "save config" command.

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?. fw acces stats. fw accel stat. fwaccel stats. fwaccel stat.

What command lists all interfaces using Multi-Queue?. show multiqueue all. cpmq set. mq_mng --show. show interface all.

There are 4 ways to use the Management API for creating host object with the Management API. Which one is NOT correct?. Using SmartConsole GUI console. Using CLISH. Using Web Services. Using cpconfig.

Which 3 types of tracking are available for Threat Prevention Policy?. Syslog, None, User-defined scripts. Alert, SNMP trap, Mail. None, Log, Syslog. SMS Alert, Log, SNMP alert.

Bob is asked by Alice to disable the SecureXL mechanism temporary for further diagnostic by their Check Point partner. Which of the following Check Point Command is true?. fwaccel suspend. fwaccel standby. fwaccel off. fwaccel templates.

What are the attributes that SecureXL will check after the connection is allowed by Security Policy?. Source address, Destination address, Destination port, Protocol. Source MAC address, Destination MAC address, Source port, Destination port, Protocol. Source address, Destination address, Source port, Destination port, Protocol. Source address, Destination address, Source port, Destination port.

The VPN Link Selection will perform the following if the primary VPN link goes down?. The Firewall will drop the packets. The Firewall will inform the client that the tunnel is down. The Firewall will send out the packet on all interfaces. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following: A. The Firewall can run different policies per core. B. The Firewall can run the same policy on all cores. C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out. D. The Firewall kernel only touches the packet if the connection is accelerated.

77- What is false regarding a Management HA environment?. A. Only one Management Server should be active, while any others be in standby mode. B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior. C. SmartConsole can connect to any management server in ReadOnly mode. D. Synchronization will occur automatically with each Publish event if the Standby servers are available.

78- Which command will allow you to see the interface status?. A. cphaprob interface. B. cphaprob stat. C. cphaprob -a if. D. cphaprob -l interface.

79- Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. A. Asymmetric routing. B. Anti-Spoofing. C. Failovers. D. Symmetric routing.

80- Matt wants to upgrade his old Security Management Server to R80.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?. A. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine. B. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine. C. Size of the /var/log folder of the target machine must be 25GB or more. D. Size of the $FWDIR/log folder of the target machine must be at least 25% of the size of the $FWDIR/log directory on the source machine.

81- Which of the following is NOT a type of Check Point API available in R80.x?. A. Management. B. OPSEC SDK. C. Identity Awareness Web Services. D. Mobile Access.

82- How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?. 4. 3. 1. 2.

83- What are the blades of Threat Prevention?. A. DLP, AntiVirus, QoS, AntiBot, Threat Emulation, Threat Extraction. B. IPS, QoS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction. C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction. D. IPS, AntiVirus, AntiBot.

84- How long may verification of one file take for Sandblast Threat Emulation?. A. up to 3 minutes. B. within seconds cleaned file will be provided. C. up to 5 minutes. D. up to 1 minute.

85- How do you enable virtual mac (VMAC) on-the-fly on a cluster member?. A. fw ctl set int fwha_vmac_global_param_enabled 1. B. clusterXL set int fwha_vmac_global_param_enabled 1. C. cphaprob set int fwha_vmac_global_param_enabled 1. D. cphaconf set int fwha_vmac_global_param_enabled 1.

86- What component of Management is used for indexing?. A. DBSync. B. API Server. C. fwm. D. SOLR.

Which process is used mainly for backward compatibility of gateways in R80.x? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization. fwm. cpd. fwd. cpm.

88- Which command shows actual allowed connections in state table?. A. fw tab -t connection. B. fw tab connections. C. fw tab -t connections. D. fw tab -t StateTable.

Which one is not a valid Package Option in the Web GUI for CPUSE?. A. Clean Install. B. Export Package. C. Upgrade. D. Database Conversion to R81.10 only.

90- What is the minimum number of CPU cores required to enable CoreXL?. 1. 6. 2. 4.

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?. A. The connection is destined for a server within the network. B. The packets are not multicast. C. The packet is the second in an established TCP connection. D. The connection required a Security server.

92- Which command shows only the table names of all kernel tables?. A. fw tab -t. B. fw tab -k. C. fw tab -n. D. fw tab -s.

If a "ping"-packet is dropped by FW1 Policy – on how many inspection Points do you see this packet in "fw monitor"?. A. "i" only. B. "i", "l" and "o". C. "i" and "l". D. I don't see it in fw monitor.

94- Which of the following is NOT an attribute of packet acceleration?. A. Protocol. B. Destination port. C. Source address. D. VLAN tag.

95- Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?. A. UDP port 256. B. TCP port 256. C. UDP port 265. D. TCP port 265.

96- Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?. A. You can install Hotfixes with the Central Deployment in SmartConsole. B. You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole. C. Only Hotfixes can be installed with the Central Deployment in SmartConsole. D. You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.10.

97- Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?. A. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. B. Configure rules to limit the available network bandwidth for specified users or groups. C. Detects and blocks malware by correlating multiple detection engines before users are affected. D. Use UserCheck to help users understand that certain websites are against the company's security policy.

98- Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R80.X. The Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server. Aaron wants to confirm API services are working properly. What should he do first?. A. Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start". B. Aaron should check API Server status with "api status" from Expert mode. If services are stopped, he should start them with "api start". C. Aaron should check API Server status with "fwm api status" from Expert mode. If services are stopped, he should start them with "fwm api start". D. Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start".

99- What is required for a site-to-site VPN tunnel that does not use certificates?. A. Pre-Shared Secret. B. RSA Token. C. Unique Passwords. D. SecureID.

The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?. name_field:string. field_name:string. field name:string. name field:string.

101- What is the correct order of the default "fw monitor" inspection points?. A. i, o, l, O. B. i, l, o, O. C. 1, 2, 3, 4. D. l, i, O, o.

102- Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day, he wants to use for scripting daily tasks the API services from Check Point for the GAIA API. Firstly, he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true: A. gaia_clish status. B. status gaia_api. C. api_gaia status. D. gaia_api status.

103- What is the recommended way to have a redundant Sync connection between the cluster nodes?. A. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces without using a switch. B. Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync interface. C. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to connect both Sync interfaces. D. Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

104- To fully enable Dynamic Dispatcher on a Security Gateway: A. Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot. B. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu. C. Run fw ctl multik set_mode 1 in Expert mode and then reboot. D. Run "fw ctl multik dynamic_dispatching on" and then reboot.

105- Which Remote Access Client does not provide an Office-Mode Address?. A. Check Point Mobile. B. SecuRemote. C. Endpoint Security Suite. D. Endpoint Security VPN.

106- What command verifies that the API server is responding?. A. api stat. B. api_get_status. C. api status. D. show api_status.

107- Which command shows the current Security Gateway Firewall chain?. A. show current chain. B. show firewall chain. C. fw ctl chain. D. fw ctl firewall-chain.

108- By default, the web API uses which content-type in its response?. A. Java Script. B. XML. C. JSON. D. Text.

110- What command can you use to have cpinfo display all installed hotfixes?. A. cpinfo -get hf. B. cpinfo -hf. C. cpinfo installed_jumbo. D. cpinfo -y all.

110- What command can you use to have cpinfo display all installed hotfixes?.... A. cpinfo -get hf. B. cpinfo -hf. C. cpinfo installed_jumbo. D. cpinfo -y all.

111- What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?. A. Manually, Scheduled, Enabled. B. Manually, Scheduled, Automatic. C. Manually, Scheduled, Disabled. D. Manually, Automatic, Disabled.

112- What is the most Ideal Synchronization Status for Security Management Server High Availability deployment?. A. Never been synchronized. B. Synchronized. C. Lagging. D. Collision.

113- Which statements below are CORRECT regarding Threat Prevention profiles in SmartConsole?. A. You can assign only one profile per gateway and a profile can be assigned to one or more rules. B. You can assign only one profile per gateway and a profile can be assigned to one rule Only. C. You can assign multiple profiles per gateway and a profile can be assigned to one rule only. D. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

114- fwssd is a child process of which of the following Check Point daemons?. A. fwd. B. cpwd. C. fwm. D. cpd.

115- Which command shows the current connections distributed by CoreXL FW instances?. A. fw ctl instances -v. B. fw ctl multik stat. C. fw ctl affinity -l. D. fw ctl iflist.

116- After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file?. A. You will find it in the home directory of your user account (e.g. /home/admin/). B. You can locate the file via SmartConsole > Command Line. C. You have to launch the WebUI and go to "Config" -> "Export Config File" and specify the destination directory of your local file system. D. You cannot locate the file in the file system since Clish does not have any access to the bash file system.

117- What state is the Management HA in when both members have different policies/databases?. A. Never been synchronized. B. Synchronized. C. Lagging. D. Collision.

118- You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _______ or _______ action for the file types. A. Detect/Bypass. B. Prevent/Bypass. C. Inspect/Prevent. D. Inspect/Bypass.

119- When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?. A. To** AND 10.0.4.210 NOT 10.0.4.76. B. Toni? AND 10.0.4.210 NOT 10.0.4.76. C. "Toni" AND 10.0.4.210 NOT 10.0.4.76. D. Ton* AND 10.0.4.210 NOT 10.0.4.75.

121- How would you enable VMAC Mode in ClusterXL?. A. Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC. B. fw ctl set int vmac_mode 1. C. cphaconf vmac_mode set 1. D. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC.

120- What happen when IPS profile is set in Detect Only Mode for troubleshooting?. A. It will not block malicious traffic. B. Automatically uploads debugging logs to Check Point Support Center. C. It will generate Geo-Protection traffic. D. Bypass licenses requirement for Geo-Protection control.

122- The Log server sends what to the Correlation Unit?. A. Event Policy. B. Authentication requests. C. CPMI dbsync. D. Logs.

123- In SmartConsole, where do you manage your Mobile Access Policy?. A. Through the Mobile Console. B. Smart Dashboard. C. Shared Gateways Policy. D. From the Dedicated Mobility Tab.

124- What is NOT a Cluster Mode?. A. Load Sharing Unicast. B. Load Sharing Multicast. C. Active-Active. D. High Availability Multicast.

125- What is the command used to activate Multi-Version Cluster mode?. A. set cluster member mvc on in Clish. B. set cluster mvc on in Expert Mode. C. set cluster MVC on in Expert Mode. D. set mvc on in Clish.

126- Which TCP port does the CPM process listen on?. A. 18191. B. 19009. C. 8983. D. 18190.

127- Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true?. A. cphaprob -a if. B. cphaprob state. C. cphaprob list. D. probcpha -a if.

128- CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is: A. SOLR. B. MariaDB. C. PostgreSQL. D. MySQL.

129- What is the correct description for the Dynamic Balancing / Split feature?. A. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark). B. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark). C. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server). D. Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server).

130- You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application ‘File Share’ to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the ‘Service & Application’ column. How to fix it?. A. A Quantum Spark Appliance is selected as Installation Target for the policy. B. The Mobile Access Blade is not enabled for the Access Control Layer of the policy. C. The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy. D. The Mobile Access Blade is not enabled under Gateway properties.

131- Please choose the path to monitor the compliance status of the Check Point Security Management. A. Logs Monitor -> New Tab -> Open compliance View. B. Gateways Servers -> Compliance View. C. Security Policies -> New Tab -> Compliance View. D. Compliance blade not available under R80.10.

132- In a client to server scenario, which inspection point is the first point immediatelyfollowing the tables and rule base check of a packet coming from outside of the network?. A. Big I. B Big O. C. Little i. D. Little o.

133- When defining QoS global properties, which option below is not valid?. A. Schedule. B. Weight. C. Rate. D. Authenticated timeout.

134- Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS): A. set mdps split brain on. B. set mdps split plane on. C. set mdps mgmt plane on. D. set mdps data plane off.

135- What is the command to check the status of Check Point processes?. A. cpwd_admin list. B. cptop. C. cphaprob list. D. top.

136- What API command below creates a new host object with the name "My Host" and IP address of "192.168.0.10"?. A. set host name "My Host" ip-address "192.168.0.10". B. new host name "My Host" ip-address "192.168.0.10". C. create host name "My Host" ip-address "192.168.0.10". D. mgmt_cli -m add host name "My Host" ip-address "192.168.0.10".

137- What command would show the API server status?. A. show api status. B. api restart. C. api status. D. cpm status.

138- You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?. A. cpstat -f all. B. cphaprob -d -s report. C. cphaprob -f register. D. cphaprob list.

139- Which User-mode process is responsible for the FW CLI commands?. A. cpm. B. fwm. C. cpd. D. fwd.

140- What are the different command sources that allow you to communicate with the API server?. A. API_cli Tool, Gaia CLI, Web Services. B. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services. C. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services. D. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services.

141- What is the difference between SSL VPN and IPSec VPN?. A. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser. B. SSL VPN and IPSec VPN are the same. C. SSL VPN requires installation of a resident VPN client. D. IPSec VPN does not require installation of a resident VPN client.

142- What is the command to see cluster status in cli expert mode?. A. fw ctl stat. B. clusterXL stat. C. clusterXL status. D. cphaprob stat.

143- Which of the following is NOT supported by CPUSE?. A. Automatic download of full installation and upgrade packages. B. Offline installations. C. Automatic download of hotfixes. D. Installation of private hotfixes.

144- Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAIA Management CLI?. A. mgmt_cli add host "emailserver1" address 10.50.23.90. B. mgmt_cli add host name "myHost12 ip" address 10.50.23.90. C. mgmt_cli add host name ip-address 10.50.23.90. D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90.

145- Which one of the following is true about Threat Extraction?. A. Delivers file only if no threats found. B. Can take up to 3 minutes to complete. C. Works on all MS Office, Executables, and PDF files. D. Always delivers a file to user.

146- Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?. A. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores. B. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP-addresses, and the IP ‘Protocol’ type. C. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses. D. The CoreXL FW instances assignment mechanism is based on IP Protocol type.

147- Where can you see and search records of action done by R80 SmartConsole administrators?. A. In the Logs & Monitor, logs, select “Audit Log View”. B. In Smartlog, all logs. C. In SmartView Tracker, open active log. D. In SmartAudit Log View.

148- You have successfully backed up your Management Server database without the OS information. What command would you use to restore this backup?. A. restore_backup. B. migrate_server import. C. import backup. D. cp_merge.

149- Which of the following is NOT a valid type of SecureXL template?. A. Drop Template. B. NAT Template. C. Deny Template. D. Accept Template.

150- Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product's capabilities?. A. Workspace can support any application, whereas Connect has a limited number of application types which it will support. B. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications. C. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement. D. Workspace supports iOS, Android, and WP8, whereas Connect supports iOS and Android only.

151- What destination versions are supported for a Multi-Version Cluster Upgrade?. A. R80.10 and Later. B. R77.30 and Later. C. R76 and Later. D. R70 and Later.

152- Which command can you use to verify the number of active concurrent connections?. A. fw ctl pstat. B. show connections. C. show all connections. D. fw conn all.

153- Automation and Orchestration differ in that: A. Orchestration relates to codifying tasks, whereas automation relates to codifying processes. B. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. C. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes. D. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

154- CoreXL is NOT supported when one of the following features is enabled: A. Route-based VPN. B. IPS. C. IPv6. D. Overlapping NAT.

155- In terms of “Order of Rule Enforcement”. When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom. Which Statement is correct?. A. If the rule does not match in the Network policy it will continue to other enabled polices. B. If the Action of the matching rule is Drop, the gateway continues to check rules in the. C. If the Action of the matching rule is Accept, the gateway will drop the packet. D. If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.

156- SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?. A. Source address, Destination address, Source port, Destination port. B. Source address, Destination address, Destination port. C. Source address, Destination address, Destination port, Protocol. D. Source address, Destination address, Source port, Destination port, Protocol.

157- Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?. A. create FW rule for particular protocol. B. tecli advanced attributes set prohibited_file_types.exe.bat. C. Enable .exe bat protection in IPS Policy. D. enable DLP and select .exe and .bat file type.

158- In which formats can Threat Emulation forensics reports be viewed in?. A. PDF and HTML. B. PDF and TXT. C. TXT, XML and CSV. D. PDF, HTML, and XML.

159- In ClusterXL Load Sharing Multicast Mode: A. every member of the cluster received all of the packets sent to the cluster IP address. B. only the secondary member receives packets sent to the cluster IP address. C. packets sent to the cluster IP address are distributed equally between all members of the cluster. D. only the primary member received packets sent to the cluster IP address.

160 - Which process handles connections from SmartConsole R80?. A. cpmd. B. fwd. C. cpm. D. cpd.

161- Which of the following is NOT a component of Check Point Capsule?. A. Capsule Cloud. B. Capsule Docs. C. Capsule Enterprise. D. Capsule Workspace.

162- Alice & Bob are concurrently logged in via SSH on the same Check Point Security Gateway as user "admin" however Bob was first logged in and acquired the lock. Alice is not aware that Bob is also logged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAIA clish command is true for overriding Bobs configuration database lock: A. lock database override. B. unlock override database. C. unlock database override. D. database unlock override.

163- What is not a component of Check Point SandBlast?. A. Threat Simulator. B. Threat Extraction. C. Threat Emulation. D. Threat Cloud.

164- You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?. A. "fw cpstop". B. "fw unloadlocal". C. "fw undo". D. "fw unloadpolicy".

165- How to can you make sure that the old logs will be available after updating the Management to version R81.10 using the Advanced Upgrade Method?. A. Use the WebUI -> Maintenance > System Backup and store the backup on a remote FTP server. B. The logs will be included running $FWDIR/scripts/migrate_server export -v R81.10. C. Use the WebUI to save a snapshot before updating the Management -> Maintenance >. D. Use the migrate_server tool with the option '-l' for the logs and '-x' for the index.

166- Bob has finished to setup provisioning a secondary security management server. Now he wants to check if the provisioning has been correct. Which of the following Check Point command can be used to check if the security manhttps://www.daypo.com/images/diskette.pngagement server has been installed as a primary or a secondary security management server?. A. cpprod_util MgmtIsPrimary. B. cpprod_util FwIsSecondary. C. cpprod_util MgmtIsSecondary. D. cpprod_util FwIsPrimary.

167- For Management High Availability, which of the following is NOT a valid synchronization status?. A. Lagging. B. Collision. C. Never been synchronized. D. Down.

168- In what way are SSL VPN and IPSec VPN different?. A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless. B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not. C. IPSec VPN does not support authentication, SSL VPN does support this. D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

169- Which statement is false in respect of the SmartConsole after upgrading the management server to R81.10?. A. Yes. You can download the SmartConsole directly from the Download Center. B. As far as you use version R80.40, no upgrade is needed due to compatibility mode. C. Yes, using CPUSE you can make the installer available in the Web Portal of the Management Server. D. Yes, the SmartConsole Upgrade package can be installed using CPUSE.

170- Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily tasks the API services from Check Point for the Management API. Firstly, she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true: A. api mgmt status. B. api status. C. status api. D. status mgmt api.

171- Aggressive Mode in IKEv1 uses how many packages for negotiation?. 6. 5. C. depends on the make of the peer gateway. 3.

172- What is a possible command to delete all of the SSH connections of a gateway?. A. fw sam -l dport 22. B. fw ctl conntab -x -dport=22. C. fw tab -t connections -x -e 00000016. D. fwaccel dos config set dport ssh.

173- Alice wants to upgrade the current security management machine from R80.40 to R81.10 and she wants to check the Deployment Agent status over the GAIA CUSH. Which of the following GAIA CUSH command is true?. A. show agent status. B. show uninstaller status. C. show installer packages. D. show installer status.

174- When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system Which of the following statement is false and NOT part of possible automatic reactions: A. Syslog. B. SNMP Trap. C. Block Source. D. Mail.

175 What are scenarios supported by the Central Deployment in SmartConsole?. A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode. B. Upgrading a Standalone environment. C. Upgrading a Dedicated SmartEvent Server. D. Upgrading a Dedicated Log Server to R81.10.

176- Which view is NOT a valid CPVIEW view?. A. IDA. B. DLP. C. VPN. D. PDP.

177- After verifying that API Server is not running, how can you start the API Server?. A. Run command "api start" in any mode. B. Run command "mgmt api start" in any mode. C. Run command "mgmt_cli set api start" in Expert mode. D. Run command "set api start" in CLISH mode.

178- Which is the lowest version supported in R81.10?. A. R77. B. R77.30. C. R65. D. R80.20.

179 Which one of the following is true about Capsule Connect?. A. It does not support all VPN authentication methods. B. It offers full enterprise mobility management. C. It is supported only on iOS phones and Windows PCs. D. It is a full layer 3 VPN client.

180 You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?. A. Check Point Capsule Cloud. B. Sandblast Mobile Protect. C. SecuRemote. D. SmartEvent Client Info.

181- To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot: A. fw ctl multik set_mode 1. B. fw ctl multik prioq 2. C. fw ctl Dyn_Dispatch on. D. fw ctl Dyn_Dispatch enable.

182- What is required for a certificate-based VPN tunnel between two gateways with separate management systems?. A. Mutually Trusted Certificate Authorities. B. Shared User Certificates. C. Shared Secret Passwords. D. Unique Passwords.

183- What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?. A. VPN Routing Mode. B. Stateless Mode. C. Wire Mode. D. Stateful Mode.

184- Which statement is NOT TRUE about Delta synchronization?. A. Using UDP Multicast or Broadcast on port 8161. B. Quicker than Full sync. C. Transfers changes in the Kernel tables between cluster members. D. Using UDP Multicast or Broadcast on port 8116.

185- Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?. A. Check Point Mobile Web Portal. B. Check Point Capsule Remote. C. Check Point Remote User. D. Check Point Capsule Workspace.

186- The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?. A. mgmt_cli -m add host name ip-address. B. set host name ip-address. C. add hostname ip-address. D. set hostname ip-address.

187- While using the Gaia CLI, what is the correct command to publish changes to the management server?. A. commit. B. mgmt publish. C. mgmt cli commit. D. json publish.

188- Which Check Point Application Control feature enables application scanning and detection?. A. CPApp. B. AppWiki. C. Application Library. D. Application Dictionary.

189- GAiA Software update packages can be imported and installed offline in situation where: A. The desired CPUSE package is ONLY available in the Check Point CLOUD. B. Security Gateway with GAiA does NOT have SFTP access to Internet. C. Security Gateway with GAiA does NOT have access to Internet. D. Security Gateway with GAiA does NOT have SSH access to Internet.

190- What order should be used when upgrading a Management High Availability Cluster?. A. Standby Management, then Active Management. B. Secondary Management, then Primary Management. C. Active Management, then Standby Management. D. Primary Management, then Secondary Management.

191 - By default, how often does Threat Emulation update the engine on the Security Gateway?. A. Once per day. B. Once an hour. C. Once a week. D. Twice per day.

192- In the Firewall chain mode FFF refers to: A. Stateful Packets. B. No Match. C. Stateless Packets. D. All Packets.

193- What is "Accelerated Policy Installation"?. A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly. B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly. C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly. D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly.

194- What are the minimum open server hardware requirements for a Security Management Server/Standalone Security Gateway?. A. 2 CPU cores, 4GB of RAM and 15GB of disk space. B. 4 CPU cores, 8GB of RAM and 500GB of disk space. C. 8 CPU cores, 16GB of RAM and 500 GB of disk space. D. 8 CPU cores, 32GB of RAM and 1 TB of disk space.

195- Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?. A. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent version. B. In WebUI Status and Actions page or by running the following command in CLISH: show installer agent version. C. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build. D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build.

196- Which one is not a valid upgrade method to R81.10?. A. RPM Upgrade. B. Upgrade with Migration. C. Advanced Upgrade. D. CPUSE Upgrade.

197- Which of the following is true regarding the Proxy ARP feature for Manual NAT?. A. Translate Destination on Client Side should be configured. B. fw ctl proxy should be configured. C. The local.arp file must always be configured. D. Automatic proxy ARP configuration can be enabled.

198- Which of the following is a task of the CPD process?. A. Responsible for processing most traffic on a security gateway. B. Transfers messages between Firewall processes. C. Invoke and monitor critical processes and attempts to restart them if they fail. D. Log forwarding.

199- What are the two modes for SNX (SSL Network Extender)?. A. Network Mode and Application Mode. B. Visitor Mode and Office Mode. C. Network Mode and Hub Mode. D. Office Mode and Hub Mode.

200 When using the Mail Transfer Agent, where are the debug logs stored?. A. $FWDIR/bin/emaild.mta.elg. B. /var/log/mail.mta.elg. C. $FWDIR/log/mtad.elg. D. $CPDIR/log/emaild.elg.

201- Steve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances. Steve's manager, Diana, asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?. A. fw tab -t connections. B. fw tab -t connections -c. C. fw tab -t connections -f. D. fw tab -t connections -s.

202- Which of the following processes pulls the application monitoring status from gateways?. A. cpd. B. cpwd. C. cpm. D. fwm.

203- Which directory below contains log files?. A. /opt/CPshrd-R80/log. B. /opt/CPsuite-R80/fw1/log. C. /opt/CPsuite-R80/log. D. /opt/CPSmartlog-R80/log.

204- What is the most recommended way to install patches and hotfixes?. A. CPUSE Check Point Update Service Engine. B. rpm -Uv. C. Software Update Service. D. UnixInstallScript.

205- Which command shows detailed information about VPN tunnels?. A. vpn tu. B. vpn tu tlist. C. cat $FWDIR/conf/vpn.conf. D. cpview.

208- The Check Point Central Deployment Tool (CDT) communicates with the Security Gateway(s) over Check Point SIC via ________. A. TCP Port 18190. B. TCP Port 18191. C. TCP Port 19009. D. TCP Port 18209.

209- The back end database for Check Point Management uses: A. MongoDB. B. MySQL. C. DBMS. D. PostgreSQL.

210- You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?. A. cpconfig; reboot not required. B. edit fwaffinity.conf; reboot not required. C. edit fwaffinity.conf; reboot required. D. cpconfig; reboot required.

211- You need to see which hotfixes are installed on your Check Point server, which command would you use?. A. cpinfo -h all. B. cpinfo -l hotfix. C. cpinfo -o hotfix. D. cpinfo -y all.

212- Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called: A. cpexport. B. cpsizeme. C. sysinfo. D. cpinfo.

213- You have a Gateway that is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores. How many cores can be used in a Cluster for Firewall-kernel on the new device?. 4. 1. 2. 3.

214- What solution is Multi-queue intended to provide?. A. Reduce the performance of network interfaces. B. Improve the efficiency of traffic handling by SecureXL SNDs. C. Improve the efficiency of CoreXL Kernel Instances. D. Reduce the confusion for traffic capturing in FW Monitor.

215- The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web or tis is enabled, running and which or tis used?. A. In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled. B. In clish run >show web ssl-port to see if the web daemon is enabled and which or tis in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up. C. In clish run >show web ssl-port to see if the web daemon is enabled and which or tis in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up. D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.

216- What is the command to check the status of the SmartEvent Correlation Unit?. A. cpstat cpsead. B. cp_conf get_stat cpsemd. C. fw ctl stat cpsemd. D. fw ctl get int cpsead_sta.

217- Which of the SecureXL templates are enabled by default on Security Gateway?. A. Drop. B. Accept. C. None. D. NAT.

218- Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?. A. show interface eth0 mq. B. ethtool -i eth0. C. ifconfig -i eth0 verbose. D. ip show int eth0.

219- How can you see historical data with cpview?. A. cpview -f. B. cpview -e. C. cpview -t. D. cpview -d.

220- What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?. A. 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization. B. 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization. C. 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server. D. 1 interface - an interface leading to the organization and the Internet, and configure for synchronization.

221- What is not a purpose of the deployment of Check Point API?. A. Integrate Check Point products with 3rd party solution. B. Create products that use and enhance the Check Point solution. C. Create a customized GUI Client for manipulating the objects database. D. Execute an automated script to perform common tasks.

222- What should the admin do in case the Primary Management Server is temporary down?. A. Use the VIP in SmartConsole you always reach the active Management Server. B. The Secondary will take over automatically. Change the IP in SmartConsole to logon to the private IP of the Secondary Management Server. C. Run the ‘promote_util’ to activate the Secondary Management server. D. Logon with SmartConsole to the Secondary Management Server and choose 'Make Active' under Actions in the HA Management Menu.

223- An established connection is going to www.google.com. The Application Control Blade is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?. A. Slow Path. B. Fast Path. C. Medium Path. D. Accelerated Path.

224- You are investigating issues with two gateway cluster members are not able to establishthe first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?. A. UDP port 8116. B. TCP port 257. C. TCP port 443. D. TCP port 256.

225- SandBlast offers businesses flexibility in implementation based on their individual business needs. Which of these is an option for deployment of Check Point SandBlast Zero-Day Protection?. A. Smart Cloud Service. B. Any Cloud Service. C. Threat Agent Service. D. Public Cloud Service.

226- In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of: A. Basic, Optimized, Strict. B. General, purposed, Strict. C. General, Escalation, Severe. D. Basic, Optimized, Severe.

227- You plan to automate creating new objects using the Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA’s shell?. A. mgmt admin@teabag > id.txt. B. login user admin password teabag. C. mgmt login. D. mgmt_cli login user “admin” password “teabag” > id.txt.

228- How Capsule Connect and Capsule Workspace differ?. A. Capsule Connect provides Business data isolation. B. Capsule Workspace can provide access to any application. C. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications. D. Capsule Connect does not require an installed application at client.

229- Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?. A. After upgrading the hardware, increase the number of kernel instances using cpconfig. B. Hyperthreading must be enabled in the bios to use CoreXL. C. Run cprestart from clish. D. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.

230- What level of CPU load on a Secure Network Distributor would indicated that another may be necessary?. A. Idle <20%. B. USR <20%. C. Wati <20%. D. SYS <20%.

231- With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?. A. Endpoint Total Protection. B. Threat Prevention Software Blade Package. C. Threat Cloud Intelligence. D. Traffic on port 25.

232- Native Applications require a thin client under which circumstances?. A. If you want to use a legacy 32-Bit Windows OS. B. If you want to use a VPN Client that is not fficially supported by the underlying operating system. C. If you want to have assigned a particular Office Mode IP address. D. If you are about to use a client (FTP, RDP, ...) that is installed on the endpoint.

233- Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?. A. Username and Password. B. Dynamic ID. C. Certificate. D. RADIUS.

233- Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig" to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary". Which configuration option does she need to look for: A. Certificate's Fingerprint. B. Random Pool. C. CA Authority. D. Certificate Authority.

234- What are the two ClusterXL Deployment options?. A. Distributed and Full High Availability. B. Broadcast and Multicast Mode. C. Distributed and Standalone. D. Unicast and Multicast Mode.

235- What is the protocol and port used for Health Check and State Synchronization in ClusterXL?. A. CCP and 8116. B. CCP and 18190. C. CCP and 257. D. CPC and 8116.

236- What command would show the API server status?. A. show api status. B. api restart. C. api status. D. cpm status.

237- What is the command to show SecureXL status?. A. fwaccel stat. B. fwaccel status. C. fwaccel stats -m. D. fwaccel -s.

238- SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. A. False, because SecureXL does not improve this traffic but CoreXL does. B. True, because SecureXL does improve all traffic. C. False because encrypted traffic cannot be inspected. D. True, because SecureXL does improve this traffic.

239- Fill in the blank: Identity Awareness AD-Query is using the Microsoft____API to learn users from AD. A. Services.msc. B. WMI. C. XML. D. Eventvwr.

240- The essential means by which state synchronization works to provide failover in the event an active member goes down, ___________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster. A. cphaconf. B. ccp. C. cphad. D. cphastart.

241- What is the benefit of "fw monitor" over "tcpdump"?. A. "fw monitor" is also available for 64-Bit operating systems. B. "fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways. C. "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3. D. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump".

242- To find records in the logs that shows log records from the Application URL Filtering Software Blade where traffic was dropped, what would be the query syntax?. A. blade:"application control" AND action:drop. B. blade;"application control" AND action;drop. C. blade: application control AND action:drop. D. (blade: application control AND action;drop).

243- When an encrypted packet is decrypted, where does this happen?. A. Inbound chain. B. Outbound chain. C. Security policy. D. Decryption is not supported.

244- Which Check Point daemon invokes and monitors critical processes and attempts to restart them if hey fail?. A. fwm. B. cpd. C. cpm. D. cpwd.

245- What is the SandBlast Agent designed to do?. A. Ensure the Check Point SandBlast services is running on the end user's system. B. Clean up email sent with malicious attachments. C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network. D. Performs OS-level sandboxing for SandBlast Cloud architecture.

246- Which one of the following is true about Threat Extraction?. A. Takes minutes to complete (less than 3 minutes). B. Takes less than a second to complete. C. Works on MS Office and PDF files only. D. Always delivers a file.

247- In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared 'down', you would set the_______ ?. A. life sign polling interval. B. life sign timeout. C. life_sign_timeout. D. life_sign_polling_interval.

248- Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?. A. /var/opt/CPshrd-R80/conf/local.arp. B. /opt/CPshrd-R80/conf/local.arp. C. $CPDIR/conf/local.arp. D. $FWDIR/conf/local.arp.

249- What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?. A. It is not possible. B. Use Multi-Domain Management Server. C. Choose different setting for log storage and SmartEvent db. D. Install Management and SmartEvent on different machines.

250- You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway. A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };. B. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies /Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column. C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to 'User defined' and put in the local network. D. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };.

251- What is the benefit of Manual NAT over Automatic NAT?. A. On IPSO and GAIA Gateways, it is handled in a stateful manner. B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT. C. You have the full control about the priority of the NAT rules. D. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.

252- With SecureXL enabled, accelerated packets will pass through the following: A. Network Interface Card, OSI Network Layer, and the Acceleration Device. B. Network Interface Card, Check Point Firewall Kernel, and the AccelerationDevice. C. Network InterfaceCard and the Acceleration Device. D. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device.

253- Which NAT rules are prioritized first?. A. Manual Post-Automatic NAT Rules. B. Automatic Hide NAT Rules. C. Manual Pre-Automatic NAT Rules. D. Automatic Static NAT Rules.

254- If SecureXL is disabled which path is used to process traffic?. A. Passive path. B. Firewall path. C. Accelerated path. D. Medium path.

255- What are valid Policy Types in R81.10?. A. Access Control, IPS, Threat Emulation, NAT. B. Access Control, RemoteAccess VPN, NAT, IPS. C. Access Control, IPS, QoS, DLP. D. Access Control, Threat Prevention, QoS, Desktop Security.

256- Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy: A. ReverseCLIProxy. B. ReverseProxyCLI. C. ReverseProxy. D. ProxyReverseCLI.

257- John detected high load on sync interface. Which is most recommended solution?. A. For short connections like icmp service - delay sync for 2 seconds. B. For FTP connections - do not sync. C. Add a second interface to handle sync traffic. D. For short connections like http service - do not sync.

258- What Factors preclude Secure XL Templating?. A. Source Port Ranges/Encrypted Connections. B. CoreXL. C. Simple Groups. D. ClusterXL in load sharing Mode.

259- Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?. A. SandBlast Agent. B. SandBlast Threat Extraction. C. Check Point Protect. D. SandBlast Threat Emulation.

260- What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions?. A. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure. B. Security Gateway failover as well as Security Management Server failover is a manual procedure. C. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.

261- Where is the license for Check Point Mobile users installed?. A. The Security Management Server. B. The Primary Gateway. C. The Standby Gateway. D. The Endpoint Server.

262- What is mandatory for ClusterXL to work properly?. A. The number of cores must be the same on every participating cluster node. B. If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members. C. The Sync interface must not have an IP address configured. D. The Magic MAC number must be unique per cluster node.

263-You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?. A. fwm. B. cpwd. C. cpd. D. fwd.

263-You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?.... A. fwm. B. cpwd. C. cpd. D. fwd.

264- Is it possible to establish a VPN before the user login to the Endpoint Client. A. yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway. B. no, the user must login first. C. yes, you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway. D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console.

265- Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client side logic to Server-side logic. The cpm process: A. Performs database tasks such as creating, deleting, and modifying objects and indexing logs. B. Allows SmartConsole to communicate over TCP Port 19001. C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy. D. Allows SmartConsole to communicate over TCP Port 18190.

266- After upgrading the primary security management server from R80.40 to R81.10 Bob wants to use the central deployment in SmartConsole R81.10 for the first time. How many installations (e.g. Jumbo Hotfix, Hotfixes or Upgrade Packages) can run of such at the same time: A. Up to 5 gateways. B. only 1 gateway. C. Up to 10 gateways. D. Up to 3 gateways.

267- There are multiple types of licenses for the various VPN components and types. License type related to management and functioning of Remote Access VPNs are - which of the following license requirement statement is NOT true: A. MobileAccessLicense - This license is required on the Security Gateway for the following Remote Access solutions. B. EndpointPolicyManagementLicense - The Endpoint Security Suite includes blades other than the Remote Access VPN, hence this license is required to manage the suite. C. EndpointContainerLicense - The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base. D. IPSecVPNLicense - This license is installed on the VPN Gateway and is a basic requirement for a Remote Access VPN solution.

268- Which command can you use to enable or disable multi-queue per interface?. A. Cpmqueue set. B. cpmq set. C. Cpmq config. D. Set cpmq enable.

269- Connections to the Check Point R80 Web API use what protocol?. A. SOAP. B. HTTP. C. SIC. D. HTTPS.

270- What is considered Hybrid Emulation Mode?. A. Load sharing between OS behavior and CPU Level emulation. B. Manual configuration of file types on emulation location. C. Load sharing of emulation between an on premise appliance and the cloud. D. Load Sharing of Threat Emulation Server and Firewall blade.

271- The installation of a package via SmartConsole CANNOT be applied on: A. A single Security Gateway. B. Multiple Security Gateways and/or Clusters. C. A full Security Cluster (All Cluster Members included). D. R81.10 Security Management Server.

272- Which command collects diagnostic data for analyzing a customer setup remotely?. A. sysinfo. B. migrate export. C. cpv. D. cpinfo.

273- What traffic does the Anti-bot feature block?. A. Command and Control traffic from hosts that have been identified as infected. B. Command and Control traffic to servers with reputation for hosting malware. C. Network traffic to hosts that have been identified as infected. D. Network traffic that is directed to unknown or malicious servers.

274- After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?. A. The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup. B. The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine. C. The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing. D. The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

275-Which of the following statements about SecureXL NAT Templates is true?. A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled. B. DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled. C. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled. D. ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

276- What is the best method to upgrade a Security Management Server to R80.x when it is not connected to the Internet?. A. SmartUpdate offline upgrade. B. Advanced upgrade or CPUSE offline upgrade. C. Advanced upgrade or CPUSE offline upgrade only. D. Advanced Upgrade only.

277- Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services. Which of the following is NOT a possible use case?. A. Create products that use and enhance 3rd party solutions. B. Create new dashboards to manage 3rd party task. C. Create products that use and enhance the Check Point Solution. D. Execute automated scripts to perform common tasks.

278- What are the blades of Threat Prevention?. A. DLP, AntiVirus, QoS, AntiBot, Threat Emulation, Threat Extraction. B. IPS, QoS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction. C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction. D. IPS, AntiVirus, AntiBot.

279- Fill in the blanks. There are ________ types of software containers: ___________. A. Three; security management, Security Gateway, and endpoint security. B. Three; Security Gateway, endpoint security, and gateway management. C. Two; security management and endpoint security. D. Two; endpoint security and Security Gateway.

280- Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?. A. ThreatWiki. B. Whitelist Files. C. AppWiki. D. IPS Protections.

281- Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. CPM allows the GUI client and management server to communicate via web services using __________. A. TCP Port 18191. B. TCP Port 18190. C. TCP Port 18209. D. TCP port 19009.

282- What is true about the IPS-Blade?. A. IPS Exceptions cannot be attached to "all rules". B. In the IPS Layer, the only three possible actions are Basic, Optimized and Strict. C. The GeoPolicy Exceptions and the Threat Prevention Exceptions are the same. D. IPS is managed by the Threat Prevention Policy.

283- Return oriented programming (ROP) exploits are detected by which security blade?. A. Data Loss Prevention. B. Check Point Anti-Virus / Threat Emulation. C. Application control. D. Intrusion Prevention Software.

284- You want to verify if your management server is ready to upgrade. What tool could you use in this process?. A. migrate import. B. migrate export. C. upgrade tools verify. D. pre_upgrade_verifier.

285- With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using: A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender. B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required. C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required. D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

286- Under which file is the proxy arp configuration stored?. A. $FWDIR/conf/local.arp on the management server. B. $FWDIR/conf/local.arp on the gateway. C. $FWDIR/state/_tmp/proxy.arp on the security gateway. D. $FWDIR/state/proxy_arp.conf on the management server.

287- In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?. A. fw ctl affinity -l -a -r -v. B. fw ctl multik stat. C. fw ctl sdstat. D. cpinfo.

288- The “fw monitor” tool can be best used to troubleshoot_____. A. Network traffic issues. B. Logging issues. C. Authentication issues. D. FWD issues.

289- SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?. A. Behavior Risk Engine. B. Gateway. C. Personal User Storage. D. Management Dashboard.

290- What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?. A. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command Control Centers. B. Anti-Bot is the only countermeasure against unknown malware. C. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command Control Center. D. Anti-Bot is the only signature-based method of malware protection.

291- In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?. A. SND is a feature of fw monitor to capture accelerated packets. B. SND is an alternative to IPSec Main Mode, using only 3 packets. C. SND is used to distribute packets among Firewall instances. D. SND is a feature to accelerate multiple SSL VPN connections.

292- What is the main difference between Threat Extraction and Threat Emulation?. A. Threat Emulation never delivers a file that takes less than a second to complete. B. Threat Emulation never delivers a file and takes more than 3 minutes to complete. C. Threat Extraction always delivers a file and takes less than a second to complete. D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.

293- What command is used to manually failover a cluster during a zero downtime upgrade?. A. set cluster member down. B. cpstop. C. clusterXL_admin down. D. set clusterXL down.

294- What is the name of the secure application for Mail/Calendar for mobile devices?. A. Capsule Mail. B. Capsule VPN. C. Capsule Workspace. D. Secure Workspace.

295- What is the responsibility of SOLR process on the management server?. A. Writing all information into the database. B. It generates indexes of data written to the database. C. Validating all data before it’s written into the database. D. Communication between SmartConsole applications and the Security Management Server.

296- You had setup the VPN Community 'VPN-Stores' with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways. A. action:"Key Install" AND 1.1.1.1 AND Main Mode. B. action:"Key Install" AND 1.1.1.1 AND Quick Mode. C. Blade:"VPN" AND VPN-Stores AND Main Mode. D. Blade:"VPN" AND VPN-Stores AND Quick Mode.

297- Which statement is true about ClusterXL?. A. Supports Dynamic Routing (Unicast Only). B. Does not support Dynamic Routing. C. Supports Dynamic Routing (Unicast and Multicast). D. Supports Dynamic Routing (Multicast Only).

298- Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?. A. set web ssl-port <new port number>. B. set Gaia-portal port <new port number>. C. set Gaia-portal https-port <new port number>. D. set web https-port <new port number>.

299- Using ClusterXL, what statement is true about the Sticky Decision Function?. A. Can only be changed for Load Sharing implementations. B. All connections are processed and synchronized by the pivot. C. Is configured using cpconfig. D. Is only relevant when using SecureXL.

300- The `Hit count` feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to `None`?. A. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert. B. Yes it will work independently as long asג€analyze all rulesג€ tick box is enabled on the Security Gateway. C. No, it will not work independently because hit count requires all rules to be logged. D. Yes it will work independently because when you enable Hit Count, the SMS.

301- Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ . A. On all satellite gateway to satellite gateway tunnels. B. On specific tunnels for specific gateways. C. On specific tunnels in the community. D. On specific satellite gateway to central gateway tunnels.

302- True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway. A. True, CLI is the prefer method for Licensing. B. False, Central License are handled via Security Management Server. C. False, Central Licenses are installed via Gaia on Security Gateways. D. True, Central License can be installed with CPLIC command on a Security Gateway.
Denunciar Test