How many policy layers do Access Control policy support? 2 4 1 3.
What is the SandBlast Agent designed to do? Performs OS-level sandboxing for SandBlast Cloud architecture Ensure the Check Point SandBlast services is running on the end user’s system If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network Clean up email sent with malicious attachments.
Check Point security components are divided into the following components: GUI Client, Security Gateway, WebUI Interface GUI Client, Security Management, Security Gateway Security Gateway, WebUI Interface, Consolidated Security Logs Security Management, Security Gateway, Consolidate Security Logs.
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are: Dropped without sending a negative acknowledgment Dropped without logs and without sending a negative acknowledgment Dropped with negative acknowledgment Dropped with logs and without sending a negative acknowledgment.
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config.
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________. AV issues VPN errors Network traffic issues Authentication issues.
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway? Threat Cloud Intelligence Threat Prevention Software Blade Package Endpoint Total Protection Traffic on port 25.
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud? ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary.
Please choose the path to monitor the compliance status of the Check Point R81.10 based management. Gateways & Servers --> Compliance View Compliance blade not available under R81.10 Logs & Monitor --> New Tab --> Open compliance View Security & Policies --> New Tab --> Compliance View.
What is true of the API server on R81.10? By default the API-server is activated and does not have hardware requirements. By default the API-server is not active and should be activated from the WebUI. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more). By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to fill in System Restore window before she can click OK button and test the backup? Server, SCP, Username, Password, Path, Comment, Member Server, TFTP, Username, Password, Path, Comment, All Members Server, Protocol, Username, Password, Path, Comment, All Members Server, Protocol, username Password, Path, Comment, Member.
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present. Which phase of the VPN negotiations has failed? IKE Phase 1 IPSEC Phase 2 IPSEC Phase 1 IKE Phase 2.
Which NAT rules are prioritized first? Post-Automatic/Manual NAT rules Manual/Pre-Automatic NAT Automatic Hide NAT Automatic Static NAT.
What is the valid range for VRID value in VRRP configuration? 1 - 254 1 - 255 0 - 254 0 - 255.
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ . Sent to the Internal Certificate Authority. Sent to the Security Administrator. Stored on the Security Management Server. Stored on the Certificate Revocation List.
Which is NOT a SmartEvent component? SmartEvent Server Correlation Unit Log Consolidator Log Server.
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster. ccp cphaconf cphad cphastart.
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution? Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure. Security Gateway failover as well as Security Management Server failover is a manual procedure. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
Which command would you use to set the network interfaces’ affinity in Manual mode? sim affinity -m sim affinity -l sim affinity -a sim affinity -s.
In ClusterXL Load Sharing Multicast Mode: only the primary member received packets sent to the cluster IP address only the secondary member receives packets sent to the cluster IP address packets sent to the cluster IP address are distributed equally between all members of the cluster every member of the cluster received all of the packets sent to the cluster IP address.
Which of the following is NOT an option to calculate the traffic direction? Incoming Internal External Outgoing.
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware. Next Generation Threat Prevention Next Generation Threat Emulation Next Generation Threat Extraction Next Generation Firewall.
What is the minimum amount of RAM needed for a Threat Prevention Appliance? 6 GB 8GB with Gaia in 64-bit mode 4 GB It depends on the number of software blades enabled.
You want to verify if your management server is ready to upgrade to R81.10. What tool could you use in this process? migrate export upgrade_tools verify pre_upgrade_verifier migrate import.
Which file gives you a list of all security servers in use, including port number? $FWDIR/conf/conf.conf $FWDIR/conf/servers.conf $FWDIR/conf/fwauthd.conf $FWDIR/conf/serversd.conf.
What command would show the API server status? cpm status api restart api status show api status.
What is the command to show SecureXL status? fwaccel status fwaccel stats -m fwaccel -s fwaccel stat.
What must you do first if “fwm sic_reset” could not be completed? Cpstop then find keyword “certificate” in objects_5_0.C and delete the section Reinitialize SIC on the security gateway then run “fw unloadlocal” Reset SIC from Smart Dashboard Change internal CA via cpconfig.
Which path below is available only when CoreXL is enabled? Slow path Firewall path Medium path Accelerated path.
Office mode means that: SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client. Users authenticate with an Internet browser and use secure HTTPS connection. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use? sim erdos –e 1 sim erdos – m 1 sim erdos –v 1 sim erdos –x 1.
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ User Directory Captive Portal and Transparent Kerberos Authentication Captive Portal UserCheck.
Fill in the blanks. There are ________ types of software containers: ___________. Three; security management, Security Gateway, and endpoint security Three; Security Gateway, endpoint security, and gateway management Two; security management and endpoint security Two; endpoint security and Security Gateway.
What kind of information would you expect to see using the sim affinity command? The VMACs used in a Security Gateway cluster The involved firewall kernel modules in inbound and outbound packet chain Overview over SecureXL templated connections Network interfaces and core distribution used for CoreXL.
How many layers make up the TCP/IP model? 2 7 6 4.
Which blades and or features are not supported in R81? SmartEvent Maps SmartEvent Identity Awareness SmartConsole Toolbars.
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy? A lock icon shows that a rule or an object is locked and will be available. AdminA and AdminB are editing the same rule at the same time. A lock icon next to a rule informs that any Administrator is working on this particular rule. AdminA, AdminB and AdminC are editing three different rules at the same time.
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are: ping, traceroute, netstat, and route ping, nslookup, Telnet, and route ping, whois, nslookup, and Telnet ping, traceroute, netstat, and nslookup.
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log? Accounting Suppression Accounting/Suppression Accounting/Extended.
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members? fw ctl set int fwha vmac global param enabled fw ctl get int vmac global param enabled; result of command should return value 1 cphaprob-a if fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1.
What statement best describes the Proxy ARP feature for Manual NAT in R81.10? Automatic proxy ARP configuration can be enabled Translate Destination on Client Side should be configured fw ctl proxy should be configured local.arp file must always be configured.
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities? Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support. Workspace can support any application, whereas Connect has a limited number of application types which it will support.
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal? edit fwaffinity.conf; reboot required cpconfig; reboot required edit fwaffinity.conf; reboot not required cpconfig; reboot not required.
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment? Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81? Missing an installed R77.20 Add-on on Security Management Server Unsupported firmware on UTM-1 Edge-W appliance Unsupported version on UTM-1 570 series appliance Unsupported appliances on remote locations.
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.) SmartCenter Server cannot reach this Security Gateway. There is a blade reporting a problem. VPN software blade is reporting a malfunction. Security Gateway’s MGNT NIC card is disconnected.
The SmartEvent R81 Web application for real-time event monitoring is called: SmartView Monitor SmartEventWeb There is no Web application for SmartEvent SmartView.
Which Check Point software blade provides Application Security and identity control? Identity Awareness Data Loss Prevention URL Filtering Application Control.
What is the order of NAT priorities? Static NAT, IP pool NAT, hide NAT IP pool NAT, static NAT, hide NAT Static NAT, automatic NAT, hide NAT Static NAT, hide NAT, IP pool NAT.
What is the Implicit Clean-up Rule? A setting is defined in the Global Properties for all policies. A setting that is configured per Policy Layer. Another name for the Clean-up Rule. Automatically created when the Clean-up Rule is defined.
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request? /opt/CPshrd-R81/conf/local.arp /var/opt/CPshrd-R81/conf/local.arp $CPDIR/conf/local.arp $FWDIR/conf/local.arp.
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic? Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
What is the responsibility of SOLR process on R81.10 management server? Validating all data before it’s written into the database It generates indexes of data written to the database Communication between SmartConsole applications and the Security Management Server Writing all information into the database.
Which process handles connection from SmartConsole R81? fwm cpmd cpm cpd.
Which Check Point feature enables application scanning and the detection? Application Dictionary AppWiki Application Library CPApp.
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”? S W C Space bar.
Which application should you use to install a contract file? SmartView Monitor WebUI SmartUpdate SmartProvisioning.
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work? Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this. Create a rule at the top in the Sydney firewall to allow control traffic from your network Nothing - Check Point control connections function regardless of Geo-Protection policy Create a rule at the top in your Check Point firewall to bypass the Geo-Protection.
What will be the effect of running the following command on the Security Management Server? Remove the installed Security Policy. Remove the local ACL lists. No effect. Reset SIC on all gateways.
Which is NOT an example of a Check Point API? Gateway API Management API OPSEC SDK Threat Prevention API.
What cloud-based SandBlast Mobile application is used to register new devices and users? Check Point Protect Application Management Dashboard Behavior Risk Engine Check Point Gateway.
SandBlast agent extends 0 day prevention to what part of the network? Web Browsers and user devices DMZ server Cloud Email servers.
What is the most ideal Synchronization Status for Security Management Server High Availability deployment? Lagging Synchronized Never been synchronized Collision.
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply. ffff 1 3 2.
Which of the following is NOT a VPN routing option available in a star community? To satellites through center only. To center, or through the center to other satellites, to Internet and other VPN targets. To center and to other satellites through center. To center only.
You can access the ThreatCloud Repository from: R81.10 SmartConsole and Application Wiki Threat Prevention and Threat Tools Threat Wiki and Check Point Website R81.10 SmartConsole and Threat Prevention.
In what way are SSL VPN and IPSec VPN different? SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless SSL VPN adds an extra VPN header to the packet, IPSec VPN does not IPSec VPN does not support two factor authentication, SSL VPN does support this IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
GAiA Software update packages can be imported and installed offline in situation where: Security Gateway with GAiA does NOT have SFTP access to Internet Security Gateway with GAiA does NOT have access to Internet. Security Gateway with GAiA does NOT have SSH access to Internet. The desired CPUSE package is ONLY available in the Check Point CLOUD.
What will SmartEvent automatically define as events? Firewall VPN IPS HTTPS.
With SecureXL enabled, accelerated packets will pass through the following: Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device Network Interface Card and the Acceleration Device Network Interface Card, OSI Network Layer, and the Acceleration Device.
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”? The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores The CoreXL FW instances assignment mechanism is based on IP Protocol type The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type.
What is not a purpose of the deployment of Check Point API? Execute an automated script to perform common tasks Create a customized GUI Client for manipulating the objects database Create products that use and enhance the Check Point solution Integrate Check Point products with 3rd party solution.
Which of the following is NOT an alert option? SNMP High alert Mail User defined alert.
For best practices, what is the recommended time for automatic unlocking of locked admin accounts? 20 minutes 15 minutes Admin account cannot be unlocked automatically 30 minutes at least.
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness? Kerberos Ticket Renewed Kerberos Ticket Requested Account Logon Kerberos Ticket Timed Out.
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD. WMI Eventvwr XML Services.msc.
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except: Create new dashboards to manage 3rd party task Create products that use and enhance 3rd party solutions Execute automated scripts to perform common tasks Create products that use and enhance the Check Point Solution.
Which tool is used to enable ClusterXL? SmartUpdate cpconfig SmartConsole sysconfig.
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated? There is a virus found. Traffic is still allowed but not accelerated. The connection required a Security server. Acceleration is not enabled. The traffic is originating from the gateway itself.
What CLI command compiles and installs a Security Policy on the target’s Security Gateways? fwm compile fwm load fwm fetch fwm install.
Which of the following commands shows the status of processes? cpwd_admin -l cpwd -l cpwd admin_list cpwd_admin list.
Which is not a blade option when configuring SmartEvent? Correlation Unit SmartEvent Unit SmartEvent Server Log Server.
Which of the following technologies extracts detailed information from packets and stores that information in state tables? INSPECT Engine Stateful Inspection Packet Filtering Application Layer Firewall.
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes? Security Gateway IP-address cannot be changed without re-establishing the trust. The Security Gateway name cannot be changed in command line without re-establishing trust. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust. The Security Management Server IP-address cannot be changed without re-establishing the trust.
What command lists all interfaces using Multi-Queue? cpmq get show interface all cpmq set show multiqueue all.
What are the methods of SandBlast Threat Emulation deployment? Cloud, Appliance and Private Cloud, Appliance and Hybrid Cloud, Smart-1 and Hybrid Cloud, OpenServer and Vmware.
In the Firewall chain mode FFF refers to: Stateful Packets No Match All Packets Stateless Packets.
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a 3device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device? 3 2 1 4.
Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.) remove database lock The database feature has one command lock database override. override database lock The database feature has two commands lock database override and unlock database. Both will work.
What is UserCheck? Messaging tool used to verify a user’s credentials. Communication tool used to inform a user about a website or application they are trying to access. Administrator tool used to monitor users on their network. Communication tool used to notify an administrator when a new user is created.
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success? Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine Size of the /var/log folder of the target machine must be at least 25GB or more.
When using CPSTAT, what is the default port used by the AMON server? 18191 18192 18194 18190.
In which formats can Threat Emulation forensics reports be viewed in? TXT, XML and CSV PDF and TXT PDF, HTML, and XML PDF and HTML.
On what port does the CPM process run? TCP 857 TCP 18192 TCP 900 TCP 19009.
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions: All UDP packets All IPv6 Traffic All packets that match a rule whose source or destination is the Outside Corporate Network CIFS packets.
Which SmartConsole tab is used to monitor network and security performance? Manage Setting Security Policies Gateway and Servers Logs and Monitor.
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway? SND is a feature to accelerate multiple SSL VPN connections SND is an alternative to IPSec Main Mode, using only 3 packets SND is used to distribute packets among Firewall instances SND is a feature of fw monitor to capture accelerated packets.
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events. SmartMonitor SmartView Web Application SmartReporter SmartTracker.
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed? ThreatWiki Whitelist Files AppWiki IPS Protections.
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made? Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. Tom’s changes will be lost since he lost connectivity and he will have to start again. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
|
