What is true about the IPS-Blade? In R81, IPS is managed by the Threat Prevention Policy In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict In R81, IPS Exceptions cannot be attached to “all rules” In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same.
CoreXL is supported when one of the following features is enabled: Route-based VPN IPS IPv6 Overlapping NAT.
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager? fw accel stat fwaccel stat fw acces stats fwaccel stats.
Which view is NOT a valid CPVIEW view? IDA RAD PDP VPN.
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations? One machine, but it needs to be installed using SecurePlatform for compatibility purposes. One machine Two machines Three machines.
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct? Using Web Services Using Mgmt_cli tool Using CLISH Using SmartConsole GUI console Events are collected with SmartWorkflow from Trouble Ticket systems.
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types. Inspect/Bypass Inspect/Prevent Prevent/Bypass Detect/Bypass.
Which is NOT an example of a Check Point API? Gateway API Management API OPSC SDK Threat Prevention API.
What has to be taken into consideration when configuring Management HA? The Database revisions will not be synchronized between the management servers SmartConsole must be closed prior to synchronized changes in the objects database If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.
What SmartEvent component creates events? Consolidation Policy Correlation Unit SmartEvent Policy SmartEvent GUI.
Which command shows actual allowed connections in state table? fw tab –t StateTable fw tab –t connections fw tab –t connection fw tab connections.
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component? None, Security Management Server would be installed by itself. SmartConsole SecureClient Security Gateway SmartEvent.
Which statement is true regarding redundancy? System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast. Machines in a ClusterXL High Availability configuration must be synchronized. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Where you can see and search records of action done by R81 SmartConsole administrators? In SmartView Tracker, open active log In the Logs & Monitor view, select “Open Audit Log View” In SmartAuditLog View In Smartlog, all logs.
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction? 5 Network; Host; Objects; Services; API 3 Incoming; Outgoing; Network 2 Internal; External 4 Incoming; Outgoing; Internal; Other.
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port: 18210 18184 257 18191.
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first? Host having a Critical event found by Threat Emulation Host having a Critical event found by IPS Host having a Critical event found by Antivirus Host having a Critical event found by Anti-Bot.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________. TCP port 19009 TCP Port 18190 TCP Port 18191 TCP Port 18209.
R81.10 management server can manage gateways with which versions installed? Versions R77 and higher Versions R76 and higher Versions R75.20 and higher Versions R75 and higher.
What Factor preclude Secure XL Templating? Source Port Ranges/Encrypted Connections IPS ClusterXL in load sharing Mode CoreXL.
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following? Secure Internal Communication (SIC) Restart Daemons if they fail Transfers messages between Firewall processes Pulls application monitoring status.
Which of the following process pulls application monitoring status? fwd fwm cpwd cpd.
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection? Stateful Mode VPN Routing Mode Wire Mode Stateless Mode.
Identify the API that is not supported by Check Point currently. R81 Management API- Identity Awareness Web Services API Open REST API OPSEC SDK.
Which command lists all tables in Gaia? fw tab –t fw tab –list fw-tab –s fw tab -1.
What is the limitation of employing Sticky Decision Function? With SDF enabled, the involved VPN Gateways only supports IKEv1 Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF With SDF enabled, only ClusterXL in legacy mode is supported With SDF enabled, you can only have three Sync interfaces at most.
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose? Eliminate all possible contradictory rules such as the Stealth or Cleanup rules. Create a separate Security Policy package for each remote Security Gateway. Create network objects that restricts all applicable rules to only certain networks. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway? logd fwd fwm cpd.
What are the three components for Check Point Capsule? Capsule Docs, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Cloud, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Connect Capsule Workspace, Capsule Docs, Capsule Cloud.
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method? Dynamic ID RADIUS Username and Password Certificate.
In R81 spoofing is defined as a method of: Disguising an illegal IP address behind an authorized IP address through Port Address Translation. Hiding your firewall from unauthorized users. Detecting people using false or wrong authentication logins Making packets appear as if they come from an authorized IP address.
Connections to the Check Point R81 Web API use what protocol? HTTPS RPC VPN SIC.
Which of the following statements is TRUE about R81 management plug-ins? The plug-in is a package installed on the Security Gateway. Installing a management plug-in requires a Snapshot, just like any upgrade process. A management plug-in interacts with a Security Management Server to provide new features and support for new products. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
Which two of these Check Point Protocols are used by SmartEvent Processes? ELA and CPD FWD and LEA FWD and CPLOG ELA and CPLOG.
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network? Big l Little o Little i Big O.
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes? fwd via cpm fwm via fwd cpm via cpd fwd via cpd.
Advanced Security Checkups can be easily conducted within: Reports Advanced Checkups Views Summary.
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade? Detects and blocks malware by correlating multiple detection engines before users are affected. Configure rules to limit the available network bandwidth for specified users or groups. Use UserCheck to help users understand that certain websites are against the company’s security policy. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
What are the different command sources that allow you to communicate with the API server? SmartView Monitor, API_cli Tool, Gaia CLI, Web Services SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services API_cli Tool, Gaia CLI, Web Services.
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them? fw ctl multik dynamic_dispatching on fw ctl multik dynamic_dispatching set_mode 9 fw ctl multik set_mode 9 fw ctl multik pq enable.
If you needed the Multicast MAC address of a cluster, what command would you run? cphaprob –a if cphaconf ccp multicast cphaconf debug data cphaprob igmp.
Which of the following authentication methods ARE NOT used for Mobile Access? RADIUS server Username and password (internal, LDAP) SecurID TACACS+.
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report. infoCP infoview cpinfo fw cpinfo.
Which of these statements describes the Check Point ThreatCloud? Blocks or limits usage of web applications Prevents or controls access to web sites based on category Prevents Cloud vulnerability exploits A worldwide collaborative security network.
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure? Severity Automatic reactions Policy Threshold.
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use? SmartEvent Client Info SecuRemote Check Point Protect Check Point Capsule Cloud.
Which packet info is ignored with Session Rate Acceleration? source port ranges source ip source port same info from Packet Acceleration is used.
What happen when IPS profile is set in Detect Only Mode for troubleshooting? It will generate Geo-Protection traffic Automatically uploads debugging logs to Check Point Support Center It will not block malicious traffic Bypass licenses requirement for Geo-Protection control.
What is the mechanism behind Threat Extraction? This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring). Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older? The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. Limits the upload and download throughput for streaming media in the company to 1 Gbps. Time object to a rule to make the rule active only during specified times. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
Which of the SecureXL templates are enabled by default on Security Gateway? Accept Drop NAT None.
Session unique identifiers are passed to the web api using which http header option? X-chkp-sid Accept-Charset Proxy-Authorization Application.
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every 15 sec 60 sec 5 sec 30 sec.
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________. User data base corruption LDAP conflicts Traffic issues Phase two key negotiations.
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this? UDP port 265 TCP port 265 UDP port 256 TCP port 256.
What is the correct command to observe the Sync traffic in a VRRP environment? fw monitor –e “accept[12:4,b]=224.0.0.18;” fw monitor –e “accept port(6118;” fw monitor –e “accept proto=mcVRRP;” fw monitor –e “accept dst=224.0.0.18;”.
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ . TCP 18211 TCP 257 TCP 4433 TCP 443.
Which command would disable a Cluster Member permanently? clusterXL_admin down cphaprob_admin down clusterXL_admin down-p set clusterXL down-p.
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration. upgrade_import cpconfig fwm dbimport -p <export file> cpinfo –recover.
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation? Anti-Bot is the only countermeasure against unknown malware Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers Anti-Bot is the only signature-based method of malware protection. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.
How many images are included with Check Point TE appliance in Recommended Mode? 2(OS) images images are chosen by administrator during installation as many as licensed for the most new image.
Which command will allow you to see the interface status? cphaprob interface cphaprob –I interface cphaprob –a if cphaprob stat.
Which method below is NOT one of the ways to communicate using the Management API’s? Typing API commands using the “mgmt_cli” command Typing API commands from a dialog box inside the SmartConsole GUI application Typing API commands using Gaia’s secure shell(clish)19+ Sending API commands over an http connection using web-services.
To fully enable Dynamic Dispatcher on a Security Gateway: run fw ctl multik set_mode 9 in Expert mode and then Reboot. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
run fw multik set_mode 1 in Expert mode and then reboot.
Which command is used to set the CCP protocol to Multicast? cphaprob set_ccp multicast cphaconf set_ccp multicast cphaconf set_ccp no_broadcast cphaprob set_ccp no_broadcast.
What is true about VRRP implementations? VRRP membership is enabled in cpconfig VRRP can be used together with ClusterXL, but with degraded performance You cannot have a standalone deployment You cannot have different VRIDs in the same physical network.
How can SmartView application accessed? http://<Security Management IP Address>/smartview http://<Security Management IP Address>:4434/smartview/ https://<Security Management IP Address>/smartview/ https://<Security Management host name>:4434/smartview/.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement? add host name <New HostName> ip-address <ip address> add hostname <New HostName> ip-address <ip address> set host name <New HostName> ip-address <ip address> set hostname <New HostName> ip-address <ip address>.
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails? Check Point Remote User Check Point Capsule Workspace Check Point Mobile Web Portal Check Point Capsule Remote.
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ . TCP Port 18190 TCP Port 18209 TCP Port 19009 TCP Port 18191.
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup? restore_backup import backup cp_merge migrate import.
Which command can you use to verify the number of active concurrent connections? fw conn all fw ctl pstat show all connections show connections.
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot: fw ctl multik set_mode 1 fw ctl Dynamic_Priority_Queue on fw ctl Dynamic_Priority_Queue enable fw ctl multik set_mode 9.
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster. Symmetric routing Failovers Asymmetric routing Anti-Spoofing.
Which statement is NOT TRUE about Delta synchronization? Using UDP Multicast or Broadcast on port 8161 Using UDP Multicast or Broadcast on port 8116 Quicker than Full sync Transfers changes in the Kernel tables between cluster members.
Which CLI command will reset the IPS pattern matcher statistics? ips reset pmstat ips pstats reset ips pmstats refresh ips pmstats reset.
The Firewall kernel is replicated multiple times, therefore: The Firewall kernel only touches the packet if the connection is accelerated The Firewall can run different policies per core The Firewall kernel is replicated only with new connections and deletes itself once the connection times out The Firewall can run the same policy on all cores.
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules 1, 2, 3, 4 1, 4, 2, 3 3, 1, 2, 4 4, 3, 1, 2.
Which command can you use to enable or disable multi-queue per interface? cpmq set Cpmqueue set Cpmq config St cpmq enable.
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________. SecureID SecurID Complexity TacAcs.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process: Allow GUI Client and management server to communicate via TCP Port 19001 Allow GUI Client and management server to communicate via TCP Port 18191 Performs database tasks such as creating, deleting, and modifying objects and compiling policy. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.
Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period. Block Port Overflow Local Interface Spoofing Suspicious Activity Monitoring Adaptive Threat Prevention.
What is the least amount of CPU cores required to enable CoreXL? 2 1 4 6.
What command verifies that the API server is responding? api stat api status show api_status app_get_status.
What is the difference between an event and a log? Events are generated at gateway according to Event Policy A log entry becomes an event when it matches any rule defined in Event Policy Events are collected with SmartWorkflow form Trouble Ticket systems Log and Events are synonyms.
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to? 50% 75% 80% 15%.
Which statement is correct about the Sticky Decision Function? It is not supported with either the Performance pack of a hardware based accelerator card Does not support SPI’s when configured for Load Sharing It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster It is not required L2TP traffic.
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is: MySQL Postgres SQL MarisDB SOLR.
In R81, how do you manage your Mobile Access Policy? Through the Unified Policy Through the Mobile Console From SmartDashboard From the Dedicated Mobility Tab.
The Event List within the Event tab contains: a list of options available for running a query. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list. events generated by a query. the details of a selected event.
Which command collects diagnostic data for analyzing customer setup remotely? cpinfo migrate export sysinfo cpview.
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment? Synchronized Never been synchronized Lagging Collision.
What are the attributes that SecureXL will check after the connection is allowed by Security Policy? Source address, Destination address, Source port, Destination port, Protocol Source MAC address, Destination MAC address, Source port, Destination port, Protocol Source address, Destination address, Source port, Destination port Source address, Destination address, Destination port, Protocol.
fwssd is a child process of which of the following Check Point daemons? fwd cpwd fwm cpd.
Which features are only supported with R81.10 Gateways but not R77.x? Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies. Limits the upload and download throughput for streaming media in the company to 1 Gbps. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence. Time object to a rule to make the rule active only during specified times.
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command? fw ctl sdstat fw ctl affinity –l –a –r –v fw ctl multik stat cpinfo.
Which TCP-port does CPM process listen to? 18191 18190 8983 19009.
What is not a component of Check Point SandBlast? Threat Emulation Threat Simulator Threat Extraction Threat Cloud.
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX? Application and Client Service Network and Application Network and Layers Virtual Adapter and Mobile App.
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution? Management Dashboard Gateway Personal User Storage Behavior Risk Engine.
|
