Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
How can SmartView application accessed?
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
Which of the SecureXL templates are enabled by default on Security Gateway?
Which statement is true regarding redundancy?
Which command shows actual allowed connections in state table?
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
What are the different command sources that allow you to communicate with the API server?
Which command can you use to verify the number of active concurrent connections?
R81.20 management server can manage gateways with which versions installed?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
How many images are included with Check Point TE appliance in Recommended Mode?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Which CLI command will reset the IPS pattern matcher statistics?
What is the least amount of CPU cores required to enable CoreXL?
Which command is used to set the CCP protocol to Multicast?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
In R81 spoofing is defined as a method of:
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
fwssd is a child process of which of the following Check Point daemons?
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Which command can you use to enable or disable multi-queue per interface?
What SmartEvent component creates events?
Which features are only supported with R81.20 Gateways but not R77.x?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
Which command collects diagnostic data for analyzing customer setup remotely?
What has to be taken into consideration when configuring Management HA?
Which command lists all tables in Gaia?
Session unique identifiers are passed to the web api using which http header option?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
Where you can see and search records of action done by R81 SmartConsole administrators?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which directory below contains log files?
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
Which one of the following is true about Threat Extraction?
Can multiple administrators connect to a Security Management Server at the same time?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
What is the purpose of extended master key extension/session hash?
SandBlast appliances can be deployed in the following modes:
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
How often does Threat Emulation download packages by default?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
Which of the following is NOT a type of Check Point API available in R81.x?
From SecureXL perspective, what are the tree paths of traffic flow:
What is mandatory for ClusterXL to work properly?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
Which of the following describes how Threat Extraction functions?
Which encryption algorithm is the least secured?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
What are the blades of Threat Prevention?
John detected high load on sync interface. Which is most recommended solution?
How do Capsule Connect and Capsule Workspace differ?
What is the most recommended way to install patches and hotfixes?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
When an encrypted packet is decrypted, where does this happen?
What is the purpose of a SmartEvent Correlation Unit?
Security Checkup Summary can be easily conducted within:
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
Which Remote Access Client does not provide an Office-Mode Address?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
What is the purpose of Priority Delta in VRRP?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
John is using Management HA. Which Smartcenter should be connected to for making changes?
Which of the following is NOT a component of Check Point Capsule?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?
What is the port used for SmartConsole to connect to the Security Management Server?
What component of R81 Management is used for indexing?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?
Under which file is the proxy arp configuration stored?
What scenario indicates that SecureXL is enabled?
What information is NOT collected from a Security Gateway in a Cpinfo?
: 131
Which command is used to display status information for various components?
SmartEvent does NOT use which of the following procedures to identify events:
Which statement is true about ClusterXL?
What kind of information would you expect to see using the sim affinity command?
What are the types of Software Containers?
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
Which Check Point software blade provides Application Security and identity control?
Which tool is used to enable ClusterXL?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
What will be the effect of running the following command on the Security Management Server?
In the Firewall chain mode FFF refers to:
Which application should you use to install a contract file?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
In what way are SSL VPN and IPSec VPN different?
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
In which formats can Threat Emulation forensics reports be viewed in?
Which process handles connection from SmartConsole R81?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
SandBlast agent extends 0 day prevention to what part of the network?
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
Which file gives you a list of all security servers in use, including port number?
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
Which of the following is NOT a VPN routing option available in a star community?
What statement best describes the Proxy ARP feature for Manual NAT in R81.20?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
What is UserCheck?
Please choose the path to monitor the compliance status of the Check Point R81.20 based management.
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Which of the following is NOT an option to calculate the traffic direction?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
NO: 219
What cloud-based SandBlast Mobile application is used to register new devices and users?
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
What will SmartEvent automatically define as events?
Check Point security components are divided into the following components:
Which blades and or features are not supported in R81?
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
Which SmartConsole tab is used to monitor network and security performance?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
Which of the following commands shows the status of processes?
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
Which of the following Central Deployment is NOT a limitation in R81.20 SmartConsole?
Identity Awareness allows easy configuration for network access and auditing based on what three items?
What API command below creates a new host object with the name "My Host" and IP address of "192 168 0 10"?
The back-end database for Check Point R81 Management uses:
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
Which two Identity Awareness daemons are used to support identity sharing?
There are multiple types of licenses for the various VPN components and types. License type related to management and functioning of Remote Access VPNs are - which of the following license requirement statement is NOT true:
What does Backward Compatibility mean upgrading the Management Server and how can you check it?
Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
Which command will reset the kernel debug options to default settings?
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the
inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire
mode configuration, chain modules marked with _______ will not apply.
What state is the Management HA in when both members have different policies/databases?
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.
Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n)_____________ Server.
When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
Native Applications require a thin client under which circumstances?
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
On R81.20 the IPS Blade is managed by:
Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
John is using Management HA. Which Security Management Server should he use for making changes?
Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:
What order should be used when upgrading a Management High Availability Cluster?
What a valid SecureXL paths in R81.20?
What is "Accelerated Policy Installation"?
What are the two types of tests when using the Compliance blade?
Which SmartEvent component is responsible to collect the logs from different Log Servers?
What destination versions are supported for a Multi-Version Cluster Upgrade?
What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?
Where is the license for Check Point Mobile users installed?
Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?
After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?
Which of the following is true regarding the Proxy ARP feature for Manual NAT?
Which of the following is NOT a type of Endpoint Identity Agent?
What is the command switch to specify the Gaia API context?
The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
What are the two ClusterXL Deployment options?
Name the authentication method that requires token authenticator.
What is the minimum number of CPU cores required to enable CoreXL?
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
How many interfaces can you configure to use the Multi-Queue feature?
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
What is the command to check the status of Check Point processes?