Which of the following is NOT a type of Endpoint Identity Agent? Terminal Light Full Custom.
According to out of the box SmartEvent policy, which blade will automatically be correlated into events? Firewall VPN IPS HTTPS.
What does the Log "Views" tab show when SmartEvent is Correlating events? A list of common reports Reports for customization Top events with charts and graphs Details of a selected logs.
SmartEvent Security Checkups can be run from the following Logs and Monitor activity: Reports Advanced Checkups Views.
Which command shows only the table names of all kernel tables? fwtab-t fw tab -s fw tab -n fw tab -k.
In the R81 SmartConsole, on which tab are Permissions and Administrators defined? Security Policies Logs and Monitor Manage and Settings Gateways and Servers.
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81? 2 CPU cores, 4GB of RAM and 15GB of disk space 8 CPU cores, 16GB of RAM and 500 GB of disk space 4 CPU cores, 8GB of RAM and 500GB of disk space 8 CPU cores, 32GB of RAM and 1 TB of disk space.
While using the Gaia CLI. what is the correct command to publish changes to the management server? json publish mgmt publish mgmt_cli commit commit.
Fill in the blank: Authentication rules are defined for ________ User groups Users using UserCheck Individual users All users in the database.
What solution is Multi-queue intended to provide? Improve the efficiency of traffic handling by SecureXL SNDs Reduce the confusion for traffic capturing in FW Monitor Improve the efficiency of CoreXL Kernel Instances Reduce the performance of network interfaces.
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire mode configuration, chain modules marked with _______ will not apply. ffffffff 00000001 00000002 00000003.
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days? Use Multi-Domain Management Server. Choose different setting for log storage and SmartEvent db Install Management and SmartEvent on different machines. it is not possible.
John detected high load on sync interface. Which is most recommended solution? For FTP connections – do not sync Add a second interface to handle sync traffic For short connections like http service – do not sync For short connections like icmp service – delay sync for 2 seconds.
What is required for a certificate-based VPN tunnel between two gateways with separate management systems? Mutually Trusted Certificate Authorities Shared User Certificates Shared Secret Passwords Unique Passwords.
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis? Application Control Threat Emulation Anti-Virus Advanced Networking Blade.
What is the command to check the status of Check Point processes? top cptop cphaprob list cpwd_admin list.
What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI? set config-lock on override Click the Lock icon in the WebUI "set rbac rw = 1'' lock database override.
To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax? blada: application control AND action:drop blade."application control AND action;drop (blade: application control AND action;drop) blade;"application control AND action:drop.
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build? In WebUI Status and Actions page or by running the following command in CLISH: show installer status build In WebUI Status and Actions page or by running the following command in CLISH: show installer status version In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent.
What a valid SecureXL paths in R81.10? F2F (Slow path). Templated Path. PQX and F2V F2F (Slow path). PXL, QXL and F2V F2F (Slow path), Accelerated Path, PQX and F2V F2F (Slow path), Accelerated Path, Medium Path and F2V.
How would you enable VMAC Mode in ClusterXL? Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC fw ctl set int vmac_mode 1 cphaconf vmac_mode set 1 Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC.
What command is used to manually failover a Multi-Version Cluster during the upgrade? clusterXL_admin down in Expert Mode clusterXL_admin down in Clish set cluster member state down in Clish set cluster down in Expert Mode.
The “MAC magic” value must be modified under the following condition: There is more than one cluster connected to the same VLAN A firewall cluster is configured to use Multicast for CCP traffic There are more than two members in a firewall cluster A firewall cluster is configured to use Broadcast for CCP traffic.
What is the command used to activated Multi-Version Cluster mode? set cluster member mvc on in Clish set mvc on on Clish set cluster MVC on in Expert Mode set cluster mvc on in Expert Mode.
What is Dynamic Balancing? It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces.
In R81, where do you manage your Mobile Access Policy? Access Control Policy Through the Mobile Console Shared Gateways Policy From the Dedicated Mobility Tab.
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? Run cprestart from clish After upgrading the hardware, increase the number of kernel instances using cpconfig Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores Hyperthreading must be enabled in the bios to use CoreXL.
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions Syslog SNMPTrap Block Source Mail.
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed: Rename the hostname of the Standby member to match exactly the hostname of the Active member. Change the Standby Security Management Server to Active. Change the Active Security Management Server to Standby. Manually synchronize the Active and Standby Security Management Servers.
Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services. DASSERVICE FWD CPVIEWD CPD.
SandBlast agent extends 0 day prevention to what part of the network? Web Browsers and user devices DMZ server Cloud Email servers.
What level of CPU load on a Secure Network Distributor would indicate that another may be necessary? Idle <20% USR <20% SYS <20% Wait <20%.
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true? $FWDIR/conf/client.scv $CPDIR/conf/local.scv $CPDIR/conf/client.svc $FWDIR/conf/local.scv.
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated? The connection is destined for a server within the network The connection required a Security server The packet is the second in an established TCP connection The packets are not multicast.
Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser? https://<Device_IP_Adress> http://<Device IP_Address>:443 https://<Device_IP_Address>:10000 https://<Device_IP_Address>:4434.
When defining QoS global properties, which option below is not valid? Weight Authenticated timeout Schedule Rate.
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them? Auditor Read Only All Super User Full Access.
Which Check Point software blade provides protection from zero-day and undiscovered threats? Firewall Threat Emulation Application Control Threat Extraction.
You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways action:"Key Install" AND 1.1.1.1 AND Main Mode action:"Key Install- AND 1.1.1.1 ANDQuick Mode Blade:"VPN" AND VPN-Stores AND Main Mode Blade:"VPN" AND VPN-Stores AND Quick Mode.
Fill in the blank: An identity server uses a __________ for user authentication. Shared secret Certificate One-time password Token.
When performing a minimal effort upgrade, what will happen to the network traffic? All connections that were initiated before the upgrade will be dropped, causing network downtime All connections that were initiated before the upgrade will be handled normally All connections that were initiated before the upgrade will be handled by the standby gateway All connections that were initiated before the upgrade will be handled by the active gateway.
Which command is used to add users to or from existing roles? Add rba user <User Name> roles <List> Add rba user <User Name> Add user <User Name> roles <List> Add user <User Name>.
You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal? set interface eth2 mac-addr 11:11:11:11:11:11; CLISH ifconfig eth1 hw 11:11:11:11:11:11; expert set interface eth2 hw-addr 11:11:11:11:11:11; CLISH ethtool -i eth2 mac 11:11:11:11:11:11; expert.
When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use? Toni? AND 10.0.4.210 NOT 10.0.4.76 To** AND 10.0.4.210 NOT 10.0.4.76 Ton* AND 10.0.4.210 NOT 10.0.4.75 "Toni" AND 10.0.4.210 NOT 10.0.4.76.
What can we infer about the recent changes made to the Rule Base? Rule 7 was created by the ‘admin’ administrator in the current session 8 changes have been made by administrators since the last policy installation The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator Rule 1 and object webserver are locked by another administrator.
Which of the following processes pulls the application monitoring status from gateways? cpd cpwd cpm fwm.
Which component is NOT required to communicate with the Web Services API? API key session ID token content-type Request payload.
What is the default size of NAT table fwx_alloc? 20000 35000 25000 10000.
Which of the following is NOT supported by CPUSE? Automatic download of full installation and upgrade packages Automatic download of hotfixes Installation of private hotfixes Offline installations.
After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior? “write memory” was not issued on clish changes are only possible via SmartConsole “save config” was not issued in expert mode “save config” was not issued on clish.
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and: assign privileges to users. edit the home directory of the user. add users to your Gaia system. assign user rights to their home directory in the Security Management Server.
What is the correct order of the default “fw monitor” inspection points? i, I, o, O 1, 2, 3, 4 i, o, I, O I, i, O, o.
What is the best method to upgrade a Security Management Server to R81.x when it is not connected to the Internet? CPUSE offline upgrade only Advanced upgrade or CPUSE offline upgrade Advanced Upgrade only SmartUpdate offline upgrade.
When using the Mail Transfer Agent, where are the debug logs stored? $FWDIR/bin/emaild.mta. elg $FWDIR/log/mtad elg /var/log/mail.mta elg $CPDIR/log/emaild elg.
What is false regarding prerequisites for the Central Deployment usage? The administrator must have write permission on SmartUpdate Security Gateway must have the latest CPUSE Deployment Agent No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically. The Security Gateway must have a policy installed.
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? After upgrading the hardware, increase the number of kernel instances using cpconfig Hyperthreading must be enabled in the bios to use CoreXL Run cprestart from dish Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller? test_connectivity_ad –d <domain> test_ldap_connectivity –d <domain> test_ad_connectivity –d <domain> ad_connectivity_test –d <domain>.
The Check Point history feature in R81 provides the following: View install changes and install specific version View install changes Policy Installation Date, view install changes and install specific version Policy Installation Date only.
Which command will reset the kernel debug options to default settings? fw ctl dbg -a 0 fw ctl dbg resetall fw ctl debug 0 fw ctl debug set 0.
After verifying that API Server is not running, how can you start the API Server? Run command "set api start" in CLISH mode Run command "mgmt__cli set api start" in Expert mode Run command "mgmt api start" in CLISH mode Run command "api start" in Expert mode.
If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly? Nothing - the proxy ARP is automatically handled in the R81 version Add the proxy ARP configurations in a file called /etc/conf/local.arp Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp.
How many users can have read/write access in Gaia at one time? Infinite One Three Two.
Check Point ClusterXL Active/Active deployment is used when: Only when there is Multicast solution set up. There is Load Sharing solution set up. Only when there is Unicast solution set up. There is High Availability solution set up.
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control? RADIUS Remote Access and RADIUS AD Query AD Query and Browser-based Authentication.
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade? 1 3 2 4.
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by: Kerberos SSO which will be working for Active Directory integration Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user. Obligatory usage of Captive Portal. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.
What is the default shell for the command line interface? Expert Clish Admin Normal.
Which of the following is NOT a valid type of SecureXL template? Accept Template Deny template Drop Template NAT Template.
Which of the following is NOT an attribute of packet acceleration? Source address Protocol Destination port VLAN Tag.
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.) The current administrator has read-only permissions to Threat Prevention Policy. Another user has locked the rule for editing. Configuration lock is present. Click the lock symbol to gain read-write access. The current administrator is logged in as read-only because someone else is editing the policy.
What is the purpose of the command "ps aux | grep twd"? You can check the Process ID and the processing time of the twd process. You can convert the log file into Post Script format. You can list all Process IDs for all running services. You can check whether the IPS default setting is set to Detect or Prevent mode.
What is the best sync method in the ClusterXL deployment? Use 1 cluster + 1st sync Use 1 dedicated sync interface Use 3 clusters + 1st sync + 2nd sync + 3rd sync Use 2 clusters +1st sync + 2nd sync.
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks? Go to clash-Run cpstop | Run cpstart Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy.
The WebUI offers several methods for downloading hotfixes via CPUSE except: Automatic Force override Manually Scheduled.
What is the amount of Priority Queues by default? There are 8 priority queues and this number cannot be changed. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements. There are 7 priority queues by default and this number cannot be changed. There are 8 priority queues by default, and up to 8 additional queues can be manually configured.
Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true: fwaccel suspend fwaccel standby fwaccel off fwaccel templates.
True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time. False, this feature has to be enabled in the Global Properties. True, every administrator works in a session that is independent of the other administrators. True, every administrator works on a different database that is independent of the other administrators. False, only one administrator can login with write permission.
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
What does this mean? This rule No. 6 has been marked for deletion in your Management session. This rule No. 6 has been marked for deletion in another Management session. This rule No. 6 has been marked for editing in your Management session. This rule No. 6 has been marked for editing in another Management session.
What is the benefit of Manual NAT over Automatic NAT? If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT You have the full control about the priority of the NAT rules On IPSO and GAIA Gateways, it is handled in a stateful manner.
Main Mode in IKEv1 uses how many packages for negotiation? 4 depends on the make of the peer gateway 3 6.
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers? UserCheck Active Directory Query Account Unit Query User Directory Query.
Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade? The Standby Member The Active Member The Primary Member The Secondary Member.
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason? Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database. Data Awareness is not enabled. Identity Awareness is not enabled. Logs are arriving from Pre-R81 gateways.
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users? IPS AND Application Control IPS, anti-virus and anti-bot IPS, anti-virus and e-mail security SandBlast.
Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first? Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start". Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start" Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start" Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".
Which options are given on features, when editing a Role on Gaia Platform? Read/Write, Read Only Read/Write, Read Only, None Read/Write, None Read Only, None.
Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization. cpm fwd cpd fwm.
What are types of Check Point APIs available currently as part of R81.10 code? Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API.
Fill in the blanks: Gaia can be configured using the ______ or _____ . GaiaUI; command line interface WebUI; Gaia Interface Command line interface; WebUI Gaia Interface; GaiaUI.
By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic? Six times per day Seven times per day Every two hours Every three hours.
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared ‘down’, you would set the_________? life sign polling interval life sign timeout life_sign_polling_interval life_sign_timeout.
IF the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is sent back through the kernel? Nothing TCP FIN TCP RST ICMP unreachable.
What is the recommended way to have a redundant Sync connection between the cluster nodes? In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces without using a switch. Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync interface. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to connect both Sync interfaces. Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.
How long may verification of one file take for Sandblast Threat Emulation? up to 1 minutes within seconds cleaned file will be provided up to 5 minutes up to 3 minutes.
SmartEvent uses it's event policy to identify events. How can this be customized? By modifying the firewall rulebase By creating event candidates By matching logs against exclusions By matching logs against event rules.
What traffic does the Anti-bot feature block? Command and Control traffic from hosts that have been identified as infected Command and Control traffic to servers with reputation for hosting malware Network traffic that is directed to unknown or malicious servers Network traffic to hosts that have been identified as infected.
The log server sends what to the Correlation Unit? Authentication requests CPMI dbsync Logs Event Policy.
Which is the correct order of a log flow processed by SmartEvent components? Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client.
What state is the Management HA in when both members have different policies/databases? Synchronized Never been synchronized Lagging Collision.
Which one of the following is NOT a configurable Compliance Regulation? GLBA CJIS SOCI NCIPA.
|
