Which is not a blade option when configuring SmartEvent?
Which of the following is NOT an alert option?
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
What is the Implicit Clean-up Rule?
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
What will SmartEvent automatically define as events?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
When using CPSTAT, what is the default port used by the AMON server?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
What command would show the API server status?
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
What is the SandBlast Agent designed to do?
What will be the effect of running the following command on the Security Management Server?
Which process handles connection from SmartConsole R81?
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Office mode means that:
Which NAT rules are prioritized first?
What is the command to show SecureXL status?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
Which blades and or features are not supported in R81?
Which path below is available only when CoreXL is enabled?
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
In which formats can Threat Emulation forensics reports be viewed in?
In what way are SSL VPN and IPSec VPN different?
Which of the following is NOT a VPN routing option available in a star community?
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
Which of the following is NOT an option to calculate the traffic direction?
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
What is UserCheck?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
What is not a purpose of the deployment of Check Point API?
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
What is the valid range for VRID value in VRRP configuration?
Which tool is used to enable ClusterXL?
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
What command lists all interfaces using Multi-Queue?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
What statement best describes the Proxy ARP feature for Manual NAT in R81.20?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
Which of the following links will take you to the SmartView web application?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Using ClusterXL, what statement is true about the Sticky Decision Function?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
What is the difference between SSL VPN and IPSec VPN?
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
Which of these is an implicit MEP option?
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
Under which file is the proxy arp configuration stored?
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
Which of the following is NOT a component of Check Point Capsule?
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
Which of the following is NOT a type of Check Point API available in R81.x?
: 156
VPN Link Selection will perform the following when the primary VPN link goes down?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
What is the command to see cluster status in cli expert mode?
The Correlation Unit performs all but the following actions:
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
What scenario indicates that SecureXL is enabled?
What is the purpose of a SmartEvent Correlation Unit?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
What are the blades of Threat Prevention?
Which one of the following is true about Threat Emulation?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
SandBlast appliances can be deployed in the following modes:
Automation and Orchestration differ in that:
Which command shows detailed information about VPN tunnels?
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
What is considered Hybrid Emulation Mode?
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
Which command gives us a perspective of the number of kernel tables?
Traffic from source 192.168.1.1 is going to The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
Which of the following will NOT affect acceleration?
Which of the following describes how Threat Extraction functions?
For Management High Availability, which of the following is NOT a valid synchronization status?
You need to see which hotfixes are installed on your gateway, which command would you use?
When an encrypted packet is decrypted, where does this happen?
What is the name of the secure application for Mail/Calendar for mobile devices?
SmartEvent does NOT use which of the following procedures to identify events:
What is the benefit of “tw monitor” over “tcpdump”?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
What is the purpose of Priority Delta in VRRP?
John is using Management HA. Which Smartcenter should be connected to for making changes?
Which command shows the current connections distributed by CoreXL FW instances?
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
What is the mechanism behind Threat Extraction?
What has to be taken into consideration when configuring Management HA?
Advanced Security Checkups can be easily conducted within:
Which of the following authentication methods ARE NOT used for Mobile Access?
How many images are included with Check Point TE appliance in Recommended Mode?
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
Which of the following statements is TRUE about R81 management plug-ins?
Which CLI command will reset the IPS pattern matcher statistics?
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
Where you can see and search records of action done by R81 SmartConsole administrators?
What is the correct command to observe the Sync traffic in a VRRP environment?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
Which of the following process pulls application monitoring status?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
What are the three components for Check Point Capsule?
How can SmartView application accessed?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
CoreXL is supported when one of the following features is enabled:
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
Which command can you use to enable or disable multi-queue per interface?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which command would disable a Cluster Member permanently?
Which of these statements describes the Check Point ThreatCloud?
R81.20 management server can manage gateways with which versions installed?
fwssd is a child process of which of the following Check Point daemons?
What Factor preclude Secure XL Templating?
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
Which of the SecureXL templates are enabled by default on Security Gateway?
Which is NOT an example of a Check Point API?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Which statement is true regarding redundancy?
Which command will allow you to see the interface status?
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
What are the different command sources that allow you to communicate with the API server?
What is true about the IPS-Blade?
Which Queue in the Priority Queue has the maximum priority?
How can you grant GAiAAPI Permissions for a newly created user?
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
Why is a Central License the preferred and recommended method of licensing?
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?
Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement.
John is using Management HA. Which Security Management Server should he use for making changes?
Which of the following processes pulls the application monitoring status from gateways?
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a
response before the peer host is declared ‘down’, you would set the_________?
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true?
Which Operating Systems are supported for the Endpoint Security VPN?
Which of the following is NOT a type of Endpoint Identity Agent?
Bob is going to prepare the import of the exported R81.20 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.20 release. Which of the following Check Point command is true?
Besides fw monitor, what is another command that can be used to capture packets?
What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?
Which of the following is NOT a valid type of SecureXL template?
What are possible Automatic Reactions in SmartEvent?
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?
A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?
The back-end database for Check Point Management uses:
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
What is the purpose of the command "ps aux | grep twd"?
By default, how often does Threat Emulation update the engine on the Security Gateway?
DLP and Geo Policy are examples of what type of Policy?
Alice & Bob are concurrently logged In via SSH on the same Check Point Security Gateway as user "admin* however Bob was first logged in and acquired the lock Alice Is not aware that Bob is also togged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAlAclish command is true for overriding Bobs configuration database lock:
Fill in the blank: Authentication rules are defined for ________ .
What is the correct description for the Dynamic Balancing / Split feature?
Which of the following is an authentication method used for Identity Awareness?
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?
Fill in the blank: An identity server uses a _________________ to trust a Terminal Server Identity Agent.
Which Correction mechanisms are available with ClusterXL under R81.20?
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
Using fw monitor you see the following inspection point notion E and i what does that mean?
SmartEvent uses it's event policy to identify events. How can this be customized?
Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?