3 Months Free Update
3 Months Free Update
3 Months Free Update
What kind of information would you expect to see using the sim affinity command?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
Which command shows the current connections distributed by CoreXL FW instances?
You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
Which of the following is NOT an option to calculate the traffic direction?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
: 131
Which command is used to display status information for various components?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
Which of the following links will take you to the SmartView web application?
What is the command to check the status of the SmartEvent Correlation Unit?
What is the name of the secure application for Mail/Calendar for mobile devices?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
SmartEvent does NOT use which of the following procedures to identify events:
What is the main difference between Threat Extraction and Threat Emulation?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
Using ClusterXL, what statement is true about the Sticky Decision Function?
Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
What is the port used for SmartConsole to connect to the Security Management Server?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
John detected high load on sync interface. Which is most recommended solution?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
Can multiple administrators connect to a Security Management Server at the same time?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
NO: 219
What cloud-based SandBlast Mobile application is used to register new devices and users?
Check Point security components are divided into the following components:
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
Which Check Point software blade provides Application Security and identity control?
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
Which of the following is NOT a VPN routing option available in a star community?
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
Please choose the path to monitor the compliance status of the Check Point R81.20 based management.
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
How many images are included with Check Point TE appliance in Recommended Mode?
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
Which command can you use to verify the number of active concurrent connections?
On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
R81.20 management server can manage gateways with which versions installed?
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
If you needed the Multicast MAC address of a cluster, what command would you run?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
What is the correct command to observe the Sync traffic in a VRRP environment?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?
After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
The customer has about 150 remote access user with a Windows laptops. Not more than 50 Clients will be connected at the same time. The customer want to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?
Gaia has two default user accounts that cannot be deleted. What are those user accounts?
What is the recommended way to have a redundant Sync connection between the cluster nodes?
Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:
When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true?
Packet acceleration (SecureXL) identities connections by several attributes. Which of the attributes is NOT used for identifying connection?
John detected high load on sync interface. Which is most recommended solution?
Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
What are valid authentication methods for mutual authenticating the VPN gateways?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
What should the admin do in case the Primary Management Server is temporary down?
In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?
After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don't want to lose the changes from the last weeks. What is the best way to do it?
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
Is it possible to establish a VPN before the user login to the Endpoint Client?
What does Backward Compatibility mean upgrading the Management Server and how can you check it?
When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?
What is required for a site-to-site VPN tunnel that does not use certificates?
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement.
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________
Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?