What is the purpose of Priority Delta in VRRP? When a box up, Effective Priority = Priority + Priority Delta When an Interface is up, Effective Priority = Priority + Priority Delta When an Interface fail, Effective Priority = Priority – Priority Delta When a box fail, Effective Priority = Priority – Priority Delta.
Which command is used to display status information for various components? show all systems show system messages sysmess all show sysenv all.
To add a file to the Threat Prevention Whitelist, what two items are needed? File name and Gateway Object Name and MD5 signature MD5 signature and Gateway IP address of Management Server and Gateway.
Using ClusterXL, what statement is true about the Sticky Decision Function? Can only be changed for Load Sharing implementations All connections are processed and synchronized by the pivot Is configured using cpconfig Is only relevant when using SecureXL.
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon? cvpnd_restart cvpnd_restart cvpnd restart cvpnrestart.
Which GUI client is supported in R81? SmartProvisioning SmartView Tracker SmartView Monitor SmartLog.
Which one of the following is true about Threat Extraction? Always delivers a file to user Works on all MS Office, Executables, and PDF files Can take up to 3 minutes to complete Delivers file only if no threats found.
What processes does CPM control? Object-Store, Database changes, CPM Process and web-services web-services, CPMI process, DLEserver, CPM process DLEServer, Object-Store, CP Process and database changes web_services, dle_server and object_Store.
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause? cphaprob –f register cphaprob –d –s report cpstat –f all cphaprob –a list.
How do Capsule Connect and Capsule Workspace differ? Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications. Capsule Workspace can provide access to any application. Capsule Connect provides Business data isolation. Capsule Connect does not require an installed application at client.
What are the blades of Threat Prevention? IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction IPS, AntiVirus, AntiBot IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction.
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of: Threat Emulation HTTPS QOS VoIP.
What command can you use to have cpinfo display all installed hotfixes? cpinfo -hf cpinfo –y all cpinfo –get hf cpinfo installed_jumbo.
Which of the following will NOT affect acceleration? Connections destined to or originated from the Security gateway A 5-tuple match Multicast packets Connections that have a Handler (ICMP, FTP, H.323, etc.).
VPN Link Selection will perform the following when the primary VPN link goes down? The Firewall will drop the packets. The Firewall can update the Link Selection entries to start using a different link for the same tunnel. The Firewall will send out the packet on all interfaces. The Firewall will inform the client that the tunnel is down.
From SecureXL perspective, what are the tree paths of traffic flow: Initial Path; Medium Path; Accelerated Path Layer Path; Blade Path; Rule Path Firewall Path; Accept Path; Drop Path Firewall Path; Accelerated Path; Medium Path.
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using: HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
For Management High Availability, which of the following is NOT a valid synchronization status? Collision Down Lagging Never been synchronized.
How do you enable virtual mac (VMAC) on-the-fly on a cluster member? cphaprob set int fwha_vmac_global_param_enabled 1 clusterXL set int fwha_vmac_global_param_enabled 1 fw ctl set int fwha_vmac_global_param_enabled 1 cphaconf set int fwha_vmac_global_param_enabled 1.
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. This statement is true because SecureXL does improve all traffic. This statement is false because SecureXL does not improve this traffic but CoreXL does. This statement is true because SecureXL does improve this traffic. This statement is false because encrypted traffic cannot be inspected.
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic? Slow Path Medium Path Fast Path Accelerated Path.
What is the difference between SSL VPN and IPSec VPN? IPSec VPN does not require installation of a resilient VPN client. SSL VPN requires installation of a resident VPN client. SSL VPN and IPSec VPN are the same. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed.
What are the main stages of a policy installations? Verification & Compilation, Transfer and Commit Verification & Compilation, Transfer and Installation Verification, Commit, Installation Verification, Compilation & Transfer, Installation.
What are the steps to configure the HTTPS Inspection Policy? Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard Go to Application&url filtering blade > Advanced > Https Inspection > Policy Go to Manage&Settings > Blades > HTTPS Inspection > Policy Go to Application&url filtering blade > Https Inspection > Policy.
Which statement is true about ClusterXL? Supports Dynamic Routing (Unicast and Multicast) Supports Dynamic Routing (Unicast Only) Supports Dynamic Routing (Multicast Only) Does not support Dynamic Routing.
The Correlation Unit performs all but the following actions: Marks logs that individually are not events, but may be part of a larger pattern to be identified later. Generates an event based on the Event policy. Assigns a severity level to the event. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
Which one of the following is true about Capsule Connect? It is a full layer 3 VPN client It offers full enterprise mobility management It is supported only on iOS phones and Windows PCs It does not support all VPN authentication methods.
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection? Smart Cloud Services Load Sharing Mode Services Threat Agent Solution Public Cloud Services.
What is the command to check the status of the SmartEvent Correlation Unit? fw ctl get int cpsead_stat cpstat cpsead fw ctl stat cpsemd cp_conf get_stat cpsemd.
What is the port used for SmartConsole to connect to the Security Management Server? CPMI port 18191/TCP CPM port/TCP port 19009 SIC port 18191/TCP https port 4434/TCP.
You have existing dbedit scripts from R77. Can you use them with R81.10? dbedit is not supported in R81.10 dbedit is fully supported in R81.10 You can use dbedit to modify threat prevention or access policies, but not create or modify layers dbedit scripts are being replaced by mgmt_cli in R81.10.
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API? SOAP REST XLANG XML-RPC.
Which command shows detailed information about VPN tunnels? cat $FWDIR/conf/vpn.conf vpn tu tlist vpn tu cpview.
You need to see which hotfixes are installed on your gateway, which command would you use? cpinfo –h all cpinfo –o hotfix cpinfo –l hotfix cpinfo –y all.
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status? $FWDIR/database/fwauthd.conf $FWDIR/conf/fwauth.conf $FWDIR/conf/fwauthd.conf $FWDIR/state/fwauthd.conf.
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application? IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation. Firewall, IPS, Threat Emulation, Application Control. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server? fwd fwm cpd cpwd.
You want to store the GAIA configuration in a file for later reference. What command should you use? write mem <filename> show config –f <filename> save config –o <filename> save configuration <filename>.
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard? You can assign only one profile per gateway and a profile can be assigned to one rule Only. You can assign multiple profiles per gateway and a profile can be assigned to one rule only. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
What is the protocol and port used for Health Check and State Synchronization in ClusterXL? CCP and 18190 CCP and 257 CCP and 8116 CPC and 8116.
Both ClusterXL and VRRP are fully supported by Gaia R81.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions? cphaprob stat cphaprob –a if cphaprob –l list cphaprob all show stat.
In SmartEvent, what are the different types of automatic reactions that the administrator can configure? Mail, Block Source, Block Event Activity, External Script, SNMP Trap Mail, Block Source, Block Destination, Block Services, SNMP Trap Mail, Block Source, Block Destination, External Script, SNMP Trap Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap.
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server? IP SIC NAT FQDN.
What is the name of the secure application for Mail/Calendar for mobile devices? Capsule Workspace Capsule Mail Capsule VPN Secure Workspace.
What component of R81 Management is used for indexing? DBSync API Server fwm SOLR.
What is the benefit of “tw monitor” over “tcpdump”? “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3. “fw monitor” is also available for 64-Bit operating systems. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump” “fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
What is the command to see cluster status in cli expert mode? fw ctl stat clusterXL stat clusterXL status cphaprob stat.
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server? SFWDIR/smartevent/conf $RTDIR/smartevent/conf $RTDIR/smartview/conf $FWDIR/smartview/conf.
Under which file is the proxy arp configuration stored? $FWDIR/state/proxy_arp.conf on the management server $FWDIR/conf/local.arp on the management server $FWDIR/state/_tmp/proxy.arp on the security gateway $FWDIR/conf/local.arp on the gateway.
Which command shows the current connections distributed by CoreXL FW instances? fw ctl multik stat fw ctl affinity -l fw ctl instances -v fw ctl iflist.
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition? Any size Less than 20GB More than 10GB and less than 20GB At least 20GB.
Which of the following describes how Threat Extraction functions? Detect threats and provides a detailed report of discovered threats. Proactively detects threats. Delivers file with original content. Delivers PDF versions of original files with active content removed.
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”? new host name “New Host” ip-address “192.168.0.10” set host name “New Host” ip-address “192.168.0.10” create host name “New Host” ip-address “192.168.0.10” add host name “New Host” ip-address “192.168.0.10”.
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types? enable DLP and select.exe and .bat file type enable .exe & .bat protection in IPS Policy create FW rule for particular protocol tecli advanced attributes set prohibited_file_types exe.bat.
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter? Includes the registry Gets information about the specified Virtual System Does not resolve network addresses Output excludes connection table.
Which Remote Access Client does not provide an Office-Mode Address? SecuRemote Endpoint Security Suite Endpoint Security VPN Check Point Mobile.
SandBlast appliances can be deployed in the following modes: using a SPAN port to receive a copy of the traffic only detect only inline/prevent or detect as a Mail Transfer Agent and as part of the traffic flow only.
Automation and Orchestration differ in that: Automation relates to codifying tasks, whereas orchestration relates to codifying processes. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled? He can use the fw accel stat command on the gateway. He can use the fw accel statistics command on the gateway. He can use the fwaccel stat command on the Security Management Server. He can use the fwaccel stat command on the gateway.
Which of the following links will take you to the SmartView web application? https://<Security Management Server host name>/smartviewweb/ https://<Security Management Server IP Address>/smartview/ https://<Security Management Server host name>smartviewweb https://<Security Management Server IP Address>/smartview.
Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet? Export R81 configuration, clean install R81.10 and import the configuration CPUSE offline upgrade CPUSE online upgrade SmartUpdate upgrade.
What is mandatory for ClusterXL to work properly? The number of cores must be the same on every participating cluster node The Magic MAC number must be unique per cluster node The Sync interface must not have an IP address configured If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members.
What scenario indicates that SecureXL is enabled? Dynamic objects are available in the Object Explorer SecureXL can be disabled in cpconfig fwaccel commands can be used in clish Only one packet in a stream is seen in a fw monitor packet capture.
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management: 19090,22 19190,22 18190,80 19009,443.
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI? host name myHost12 ip-address 10.50.23.90 mgmt: add host name ip-address 10.50.23.90 add host name emailserver1 ip-address 10.50.23.90 mgmt: add host name emailserver1 ip-address 10.50.23.90.
Which of the following is NOT a type of Check Point API available in R81.x? Identity Awareness Web Services OPSEC SDK Mobile Access Management.
Which command gives us a perspective of the number of kernel tables? fw tab -t fw tab -s fw tab -n fw tab -k.
Which of these is an implicit MEP option? Primary-backup Source address based Round robin Load Sharing.
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template? Accept Template Deny Template Drop Template NAT Template.
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization? TCP port 443 TCP port 257 TCP port 256 UDP port 8116.
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot: fw ctl Dyn_Dispatch on fw ctl Dyn_Dispatch enable fw ctl multik set_mode 4 fw ctl multik set_mode 1.
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI? mgmt_cli add-host “Server_1” ip_address “10.15.123.10” --format txt mgmt_cli add host name “Server_1” ip-address “10.15.123.10” --format json mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” --format json mgmt._cli add object “Server-1” ip-address “10.15.123.10” --format json.
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture? Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server. Correlates all the identified threats with the consolidation policy. Collects syslog data from third party devices and saves them to the database. Connects with the SmartEvent Client when generating threat reports.
What is the purpose of extended master key extension/session hash? UDP VOIP protocol extension In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication Special TCP handshaking extension Supplement DLP data watermark.
Security Checkup Summary can be easily conducted within: Summary Views Reports Checkups.
Which of the following is NOT a component of Check Point Capsule? Capsule Docs Capsule Cloud Capsule Enterprise Capsule Workspace.
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway? Install appliance TE250X on SpanPort on LAN switch in MTA mode. Install appliance TE250X in standalone mode and setup MTA. You can utilize only Check Point Cloud Services for this scenario. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
What is a best practice before starting to troubleshoot using the “fw monitor” tool? Run the command: fw monitor debug on Clear the connections table Disable CoreXL Disable SecureXL.
Which encryption algorithm is the least secured? AES-128 AES-256 DES 3DES.
What is the main difference between Threat Extraction and Threat Emulation? Threat Emulation never delivers a file and takes more than 3 minutes to complete. Threat Extraction always delivers a file and takes less than a second to complete. Threat Emulation never delivers a file that takes less than a second to complete. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
When an encrypted packet is decrypted, where does this happen? Security policy Inbound chain Outbound chain Decryption is not supported.
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN? That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager. Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications. Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications. You can make sure that documents are sent to the intended recipients only.
How often does Threat Emulation download packages by default? Once a week Once an hour Twice per day Once per day.
What is considered Hybrid Emulation Mode? Manual configuration of file types on emulation location. Load sharing of emulation between an on premise appliance and the cloud. Load sharing between OS behavior and CPU Level emulation. High availability between the local SandBlast appliance and the cloud.
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component? Threat Emulation Mobile Access Mail Transfer Agent Threat Cloud.
Which one of the following is true about Threat Emulation? Takes less than a second to complete Works on MS Office and PDF files only Always delivers a file Takes minutes to complete (less than 3 minutes).
Which Check Point daemon monitors the other daemons? fwm cpd cpwd fwssd.
John is using Management HA. Which Smartcenter should be connected to for making changes? secondary Smartcenter active Smartenter connect virtual IP of Smartcenter HA primary Smartcenter.
The following command is used to verify the CPUSE version: HostName:0>show installer status build [Expert@HostName:0]#show installer status [Expert@HostName:0]#show installer status build HostName:0>show installer build.
John detected high load on sync interface. Which is most recommended solution? For short connections like http service – delay sync for 2 seconds Add a second interface to handle sync traffic For short connections like http service – do not sync For short connections like icmp service – delay sync for 2 seconds.
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization? cpwd fwd cpd fwm.
Which directory below contains log files? /opt/CPSmartlog-R81/log /opt/CPshrd-R81/log /opt/CPsuite-R81/fw1/log /opt/CPsuite-R81/log.
What is the most recommended way to install patches and hotfixes? CPUSE Check Point Update Service Engine rpm -Uv Software Update Service UnixinstallScript.
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state? cphaprob –d STOP unregister cphaprob STOP unregister cphaprob unregister STOP cphaprob –d unregister STOP.
Can multiple administrators connect to a Security Management Server at the same time? No, only one can be connected Yes, all administrators can modify a network object at the same time Yes, every administrator has their own username, and works in a session that is independent of other administrators. Yes, but only one has the right to write.
What information is NOT collected from a Security Gateway in a Cpinfo? Firewall logs Configuration and database files System message logs OS and network statistics.
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply. ffff 1 2 3.
SmartEvent does NOT use which of the following procedures to identify events: Matching a log against each event definition Create an event candidate Matching a log against local exclusions Matching a log against global exclusions.
What is the purpose of a SmartEvent Correlation Unit? The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.
Where do you create and modify the Mobile Access policy in R81? SmartConsole SmartMonitor SmartEndpoint SmartDashboard.
|
