Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Full Access
Question # 5

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:

A.

Allow GUI Client and management server to communicate via TCP Port 19001

B.

Allow GUI Client and management server to communicate via TCP Port 18191

C.

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Full Access
Question # 6

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

A.

1, 2, 3, 4

B.

1, 4, 2, 3

C.

3, 1, 2, 4

D.

4, 3, 1, 2

Full Access
Question # 7

What is the name of the secure application for Mail/Calendar for mobile devices?

A.

Capsule Workspace

B.

Capsule Mail

C.

Capsule VPN

D.

Secure Workspace

Full Access
Question # 8

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Full Access
Question # 9

What is the most recommended way to install patches and hotfixes?

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Full Access
Question # 10

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

A.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

B.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

C.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.

D.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

Full Access
Question # 11

Which Remote Access Client does not provide an Office-Mode Address?

A.

SecuRemote

B.

Endpoint Security Suite

C.

Endpoint Security VPN

D.

Check Point Mobile

Full Access
Question # 12

Where do you create and modify the Mobile Access policy in R81?

A.

SmartConsole

B.

SmartMonitor

C.

SmartEndpoint

D.

SmartDashboard

Full Access
Question # 13

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

A.

ffff

B.

1

C.

2

D.

3

Full Access
Question # 14

Which of the following will NOT affect acceleration?

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Full Access
Question # 15

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

A.

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

B.

Correlates all the identified threats with the consolidation policy.

C.

Collects syslog data from third party devices and saves them to the database.

D.

Connects with the SmartEvent Client when generating threat reports.

Full Access
Question # 16

: 131

Which command is used to display status information for various components?

A.

show all systems

B.

show system messages

C.

sysmess all

D.

show sysenv all

Full Access
Question # 17

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

A.

cphaprob –f register

B.

cphaprob –d –s report

C.

cpstat –f all

D.

cphaprob –a list

Full Access
Question # 18

Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

A.

enable DLP and select.exe and .bat file type

B.

enable .exe & .bat protection in IPS Policy

C.

create FW rule for particular protocol

D.

tecli advanced attributes set prohibited_file_types exe.bat

Full Access
Question # 19

John is using Management HA. Which Smartcenter should be connected to for making changes?

A.

secondary Smartcenter

B.

active Smartenter

C.

connect virtual IP of Smartcenter HA

D.

primary Smartcenter

Full Access
Question # 20

Which command can you use to verify the number of active concurrent connections?

A.

fw conn all

B.

fw ctl pstat

C.

show all connections

D.

show connections

Full Access
Question # 21

Advanced Security Checkups can be easily conducted within:

A.

Reports

B.

Advanced

C.

Checkups

D.

Views

E.

Summary

Full Access
Question # 22

What SmartEvent component creates events?

A.

Consolidation Policy

B.

Correlation Unit

C.

SmartEvent Policy

D.

SmartEvent GUI

Full Access
Question # 23

How do Capsule Connect and Capsule Workspace differ?

A.

Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

B.

Capsule Workspace can provide access to any application.

C.

Capsule Connect provides Business data isolation.

D.

Capsule Connect does not require an installed application at client.

Full Access
Question # 24

SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

A.

Threat Emulation

B.

Mobile Access

C.

Mail Transfer Agent

D.

Threat Cloud

Full Access
Question # 25

Security Checkup Summary can be easily conducted within:

A.

Summary

B.

Views

C.

Reports

D.

Checkups

Full Access
Question # 26

John detected high load on sync interface. Which is most recommended solution?

A.

For short connections like http service – delay sync for 2 seconds

B.

Add a second interface to handle sync traffic

C.

For short connections like http service – do not sync

D.

For short connections like icmp service – delay sync for 2 seconds

Full Access
Question # 27

Which one of the following is true about Threat Extraction?

A.

Always delivers a file to user

B.

Works on all MS Office, Executables, and PDF files

C.

Can take up to 3 minutes to complete

D.

Delivers file only if no threats found

Full Access
Question # 28

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

A.

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.

You can make sure that documents are sent to the intended recipients only.

Full Access
Question # 29

Which directory below contains log files?

A.

/opt/CPSmartlog-R81/log

B.

/opt/CPshrd-R81/log

C.

/opt/CPsuite-R81/fw1/log

D.

/opt/CPsuite-R81/log

Full Access
Question # 30

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

A.

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B.

Mail, Block Source, Block Destination, Block Services, SNMP Trap

C.

Mail, Block Source, Block Destination, External Script, SNMP Trap

D.

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Full Access
Question # 31

What is the purpose of extended master key extension/session hash?

A.

UDP VOIP protocol extension

B.

In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication

C.

Special TCP handshaking extension

D.

Supplement DLP data watermark

Full Access
Question # 32

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20GB

D.

At least 20GB

Full Access
Question # 33

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Full Access
Question # 34

For Management High Availability, which of the following is NOT a valid synchronization status?

A.

Collision

B.

Down

C.

Lagging

D.

Never been synchronized

Full Access
Question # 35

What is the benefit of “tw monitor” over “tcpdump”?

A.

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.

“fw monitor” is also available for 64-Bit operating systems.

C.

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Full Access
Question # 36

Which command shows the current connections distributed by CoreXL FW instances?

A.

fw ctl multik stat

B.

fw ctl affinity -l

C.

fw ctl instances -v

D.

fw ctl iflist

Full Access
Question # 37

Using ClusterXL, what statement is true about the Sticky Decision Function?

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Full Access
Question # 38

Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

A.

host name myHost12 ip-address 10.50.23.90

B.

mgmt: add host name ip-address 10.50.23.90

C.

add host name emailserver1 ip-address 10.50.23.90

D.

mgmt: add host name emailserver1 ip-address 10.50.23.90

Full Access
Question # 39

Which command gives us a perspective of the number of kernel tables?

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Full Access
Question # 40

What scenario indicates that SecureXL is enabled?

A.

Dynamic objects are available in the Object Explorer

B.

SecureXL can be disabled in cpconfig

C.

fwaccel commands can be used in clish

D.

Only one packet in a stream is seen in a fw monitor packet capture

Full Access
Question # 41

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

A.

Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B.

Install appliance TE250X in standalone mode and setup MTA.

C.

You can utilize only Check Point Cloud Services for this scenario.

D.

It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Full Access
Question # 42

Which encryption algorithm is the least secured?

A.

AES-128

B.

AES-256

C.

DES

D.

3DES

Full Access
Question # 43

What is the main difference between Threat Extraction and Threat Emulation?

A.

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.

Threat Extraction always delivers a file and takes less than a second to complete.

C.

Threat Emulation never delivers a file that takes less than a second to complete.

D.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Full Access
Question # 44

Automation and Orchestration differ in that:

A.

Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B.

Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.

C.

Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.

D.

Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Full Access
Question # 45

Which of these is an implicit MEP option?

A.

Primary-backup

B.

Source address based

C.

Round robin

D.

Load Sharing

Full Access
Question # 46

How often does Threat Emulation download packages by default?

A.

Once a week

B.

Once an hour

C.

Twice per day

D.

Once per day

Full Access
Question # 47

Which of the following links will take you to the SmartView web application?

A.

https:// /smartviewweb/

B.

https:// /smartview/

C.

https:// smartviewweb

D.

https:// /smartview

Full Access
Question # 48

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Full Access
Question # 49

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

A.

fw ctl sdstat

B.

fw ctl affinity –l –a –r –v

C.

fw ctl multik stat

D.

cpinfo

Full Access
Question # 50

Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?

A.

fw accel stat

B.

fwaccel stat

C.

fw acces stats

D.

fwaccel stats

Full Access
Question # 51

What are the three components for Check Point Capsule?

A.

Capsule Docs, Capsule Cloud, Capsule Connect

B.

Capsule Workspace, Capsule Cloud, Capsule Connect

C.

Capsule Workspace, Capsule Docs, Capsule Connect

D.

Capsule Workspace, Capsule Docs, Capsule Cloud

Full Access
Question # 52

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Full Access
Question # 53

Where you can see and search records of action done by R81 SmartConsole administrators?

A.

In SmartView Tracker, open active log

B.

In the Logs & Monitor view, select “Open Audit Log View”

C.

In SmartAuditLog View

D.

In Smartlog, all logs

Full Access
Question # 54

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

A.

50%

B.

75%

C.

80%

D.

15%

Full Access
Question # 55

Which of the following authentication methods ARE NOT used for Mobile Access?

A.

RADIUS server

B.

Username and password (internal, LDAP)

C.

SecurID

D.

TACACS+

Full Access
Question # 56

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Full Access
Question # 57

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

A.

SecureID

B.

SecurID

C.

Complexity

D.

TacAcs

Full Access
Question # 58

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

A.

Application and Client Service

B.

Network and Application

C.

Network and Layers

D.

Virtual Adapter and Mobile App

Full Access
Question # 59

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

A.

15 sec

B.

60 sec

C.

5 sec

D.

30 sec

Full Access
Question # 60

Which command lists all tables in Gaia?

A.

fw tab –t

B.

fw tab –list

C.

fw-tab –s

D.

fw tab -1

Full Access
Question # 61

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

A.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

B.

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to

forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

C.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

D.

Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

Full Access
Question # 62

Identity Awareness allows easy configuration for network access and auditing based on what three items?

A.

Client machine IP address.

B.

Network location, the identity of a user and the identity of a machine

C.

Log server IP address.

D.

Gateway proxy IP address.

Full Access
Question # 63

At what point is the Internal Certificate Authority (ICA) created?

A.

Upon creation of a certificate.

B.

During the primary Security Management Server installation process.

C.

When an administrator decides to create one.

D.

When an administrator initially logs into SmartConsole.

Full Access
Question # 64

Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:

A.

api mgmt status

B.

api status

C.

status api

D.

status mgmt apt

Full Access
Question # 65

Which firewall daemon is responsible for the FW CLI commands?

A.

fwd

B.

fwm

C.

cpm

D.

cpd

Full Access
Question # 66

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?

A.

Security Gateway is not part of the Domain

B.

SmartConsole machine is not part of the domain

C.

Identity Awareness is not enabled on Global properties

D.

Security Management Server is not part of the domain

Full Access
Question # 67

What are the two ClusterXL Deployment options?

A.

Distributed and Full High Availability

B.

Broadcast and Multicast Mode

C.

Distributed and Standalone

D.

Unicast and Multicast Mode

Full Access
Question # 68

What ports are used for SmartConsole to connect to the Security Management Server?

A.

CPMI (18190)

B.

ICA_Pull (18210), CPMI (18190) https (443)

C.

CPM (19009), CPMI (18190) https (443)

D.

CPM (19009), CPMI (18190) CPD (18191)

Full Access
Question # 69

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

A.

show interface eth0 mq

B.

ethtool A eth0

C.

ifconfig -i eth0 verbose

D.

ip show Int eth0

Full Access
Question # 70

How can you switch the active log file?

A.

Run fw logswitch on the gateway

B.

Run fwm logswitch on the Management Server

C.

Run fwm logswitch on the gateway

D.

Run fw logswitch on the Management Server

Full Access
Question # 71

What is the main objective when using Application Control?

A.

To filter out specific content.

B.

To assist the firewall blade with handling traffic.

C.

To see what users are doing.

D.

Ensure security and privacy of information.

Full Access
Question # 72

SandBlast agent extends 0-day prevention to what part of the network?

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Full Access
Question # 73

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

A.

Better understand the behavior of the Access Control Policy

B.

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

C.

Automatically rearrange Access Control Policy based on Hit Count Analysis

D.

Analyze a Rule Base - You can delete rules that have no matching connections

Full Access
Question # 74

The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to “None”?

A.

No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.

B.

Yes it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway.

C.

No, it will not work independently because hit count requires all rules to be logged.

D.

Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

Full Access
Question # 75

Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary" Which configuration option does she need to look for:

A.

Certificate's Fingerprint

B.

Random Pool

C.

CA Authority

D.

Certificate Authority

Full Access
Question # 76

Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?

B.

http:// :443

C.

https:// :10000

D.

https:// :4434

Full Access
Question # 77

How many interfaces can you configure to use the Multi-Queue feature?

A.

10 interfaces

B.

3 interfaces

C.

4 interfaces

D.

5 interfaces

Full Access
Question # 78

What does the "unknown" SIC status shown on SmartConsole mean?

A.

SIC activation key requires a reset

B.

Administrator input the wrong SIC key

C.

The management can contact the Security Gateway but cannot establish Secure Internal Communication

D.

There is no connection between the Security Gateway and Security Management Server

Full Access
Question # 79

Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:

A.

gala_dlish status

B.

status gaiaapi

C.

api_gala status

D.

gala_api status

Full Access
Question # 80

In which deployment is the security management server and Security Gateway installed on the same appliance?

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Full Access
Question # 81

After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?

A.

The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup.

B.

The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine.

C.

The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing.

D.

The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Full Access
Question # 82

Fill in the blank: Authentication rules are defined for ________ .

A.

User groups

B.

Users using UserCheck

C.

Individual users

D.

All users in the database

Full Access
Question # 83

In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

A.

Basic, Optimized, Strict

B.

Basic, Optimized, Severe

C.

General, Escalation, Severe

D.

General, purposed, Strict

Full Access
Question # 84

Which TCP port does the CPM process listen on?

A.

18191

B.

18190

C.

8983

D.

19009

Full Access
Question # 85

Matt wants to upgrade his old Security Management server to R81.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Full Access
Question # 86

Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?

A.

Check Point Security Management HA (Secondary): set cluster member mvc on

B.

Check Point Security Gateway Only: set cluster member mvc on

C.

Check Point Security Management HA (Primary): set cluster member mvc on

D.

Check Point Security Gateway Cluster Member: set cluster member mvc on

Full Access
Question # 87

What are possible Automatic Reactions in SmartEvent?

A.

Mail. SNMP Trap, Block Source. Block Event Activity, External Script

B.

Web Mail. Block Destination, SNMP Trap. SmartTask

C.

Web Mail, Block Service. SNMP Trap. SmartTask, Geo Protection

D.

Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script

Full Access
Question # 88

What object type would you use to grant network access to an LDAP user group?

A.

Access Role

B.

Group Template

C.

SmartDirectory Group

D.

User Group

Full Access
Question # 89

What is the minimum number of CPU cores required to enable CoreXL?

A.

1

B.

6

C.

2

D.

4

Full Access
Question # 90

GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:

A.

Check Point Update Service Engine

B.

Check Point Software Update Agent

C.

Check Point Remote Installation Daemon (CPRID)

D.

Check Point Software Update Daemon

Full Access
Question # 91

John detected high load on sync interface. Which is most recommended solution?

A.

For FTP connections – do not sync

B.

Add a second interface to handle sync traffic

C.

For short connections like http service – do not sync

D.

For short connections like icmp service – delay sync for 2 seconds

Full Access
Question # 92

Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

A.

Run cprestart from clish

B.

After upgrading the hardware, increase the number of kernel instances using cpconfig

C.

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

D.

Hyperthreading must be enabled in the bios to use CoreXL

Full Access
Question # 93

Which features are only supported with R81.20 Gateways but not R77.x?

A.

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

B.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

D.

Time object to a rule to make the rule active only during specified times.

Full Access
Question # 94

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

A.

TCP port 19009

B.

TCP Port 18190

C.

TCP Port 18191

D.

TCP Port 18209

Full Access
Question # 95

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

A.

Dynamic ID

B.

RADIUS

C.

Username and Password

D.

Certificate

Full Access
Question # 96

Which two of these Check Point Protocols are used by SmartEvent Processes?

A.

ELA and CPD

B.

FWD and LEA

C.

FWD and CPLOG

D.

ELA and CPLOG

Full Access
Question # 97

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

A.

Management Dashboard

B.

Gateway

C.

Personal User Storage

D.

Behavior Risk Engine

Full Access
Question # 98

What is true about the IPS-Blade?

A.

In R81, IPS is managed by the Threat Prevention Policy

B.

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C.

In R81, IPS Exceptions cannot be attached to “all rules”

D.

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Full Access
Question # 99

The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

A.

TCP 18211

B.

TCP 257

C.

TCP 4433

D.

TCP 443

Full Access
Question # 100

What is the least amount of CPU cores required to enable CoreXL?

A.

2

B.

1

C.

4

D.

6

Full Access
Question # 101

Which command is used to set the CCP protocol to Multicast?

A.

cphaprob set_ccp multicast

B.

cphaconf set_ccp multicast

C.

cphaconf set_ccp no_broadcast

D.

cphaprob set_ccp no_broadcast

Full Access
Question # 102

What is the limitation of employing Sticky Decision Function?

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Full Access
Question # 103

Which command collects diagnostic data for analyzing customer setup remotely?

A.

cpinfo

B.

migrate export

C.

sysinfo

D.

cpview

Full Access
Question # 104

What is the mechanism behind Threat Extraction?

A.

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

B.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

C.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

D.

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Full Access
Question # 105

Which NAT rules are prioritized first?

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Full Access
Question # 106

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Full Access
Question # 107

You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

A.

fw ctl multik dynamic_dispatching on

B.

fw ctl multik dynamic_dispatching set_mode 9

C.

fw ctl multik set_mode 9

D.

fw ctl multik pq enable

Full Access
Question # 108

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Full Access
Question # 109

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

A.

Dropped without sending a negative acknowledgment

B.

Dropped without logs and without sending a negative acknowledgment

C.

Dropped with negative acknowledgment

D.

Dropped with logs and without sending a negative acknowledgment

Full Access
Question # 110

What is the command to show SecureXL status?

A.

fwaccel status

B.

fwaccel stats -m

C.

fwaccel -s

D.

fwaccel stat

Full Access
Question # 111

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

A.

INSPECT Engine

B.

Stateful Inspection

C.

Packet Filtering

D.

Application Layer Firewall

Full Access
Question # 112

Which of the following is NOT a VPN routing option available in a star community?

A.

To satellites through center only.

B.

To center, or through the center to other satellites, to Internet and other VPN targets.

C.

To center and to other satellites through center.

D.

To center only.

Full Access
Question # 113

What are the methods of SandBlast Threat Emulation deployment?

A.

Cloud, Appliance and Private

B.

Cloud, Appliance and Hybrid

C.

Cloud, Smart-1 and Hybrid

D.

Cloud, OpenServer and Vmware

Full Access
Question # 114

Which Check Point software blade provides Application Security and identity control?

A.

Identity Awareness

B.

Data Loss Prevention

C.

URL Filtering

D.

Application Control

Full Access
Question # 115

How many layers make up the TCP/IP model?

A.

2

B.

7

C.

6

D.

4

Full Access
Question # 116

The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

A.

ccp

B.

cphaconf

C.

cphad

D.

cphastart

Full Access
Question # 117

Which of the following is NOT an option to calculate the traffic direction?

A.

Incoming

B.

Internal

C.

External

D.

Outgoing

Full Access
Question # 118

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Full Access
Question # 119

SandBlast agent extends 0 day prevention to what part of the network?

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Full Access
Question # 120

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

A.

sim erdos –e 1

B.

sim erdos – m 1

C.

sim erdos –v 1

D.

sim erdos –x 1

Full Access
Question # 121

Which is not a blade option when configuring SmartEvent?

A.

Correlation Unit

B.

SmartEvent Unit

C.

SmartEvent Server

D.

Log Server

Full Access
Question # 122

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

A.

There is a virus found. Traffic is still allowed but not accelerated.

B.

The connection required a Security server.

C.

Acceleration is not enabled.

D.

The traffic is originating from the gateway itself.

Full Access
Question # 123

Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.

Which details she need to fill in System Restore window before she can click OK button and test the backup?

A.

Server, SCP, Username, Password, Path, Comment, Member

B.

Server, TFTP, Username, Password, Path, Comment, All Members

C.

Server, Protocol, Username, Password, Path, Comment, All Members

D.

Server, Protocol, username Password, Path, Comment, Member

Full Access
Question # 124

What is the Implicit Clean-up Rule?

A.

A setting is defined in the Global Properties for all policies.

B.

A setting that is configured per Policy Layer.

C.

Another name for the Clean-up Rule.

D.

Automatically created when the Clean-up Rule is defined.

Full Access
Question # 125

The SmartEvent R81 Web application for real-time event monitoring is called:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Full Access
Question # 126

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Full Access
Question # 127

Please choose the path to monitor the compliance status of the Check Point R81.20 based management.

A.

Gateways & Servers --> Compliance View

B.

Compliance blade not available under R81.20

C.

Logs & Monitor --> New Tab --> Open compliance View

D.

Security & Policies --> New Tab --> Compliance View

Full Access
Question # 128

Which blades and or features are not supported in R81?

A.

SmartEvent Maps

B.

SmartEvent

C.

Identity Awareness

D.

SmartConsole Toolbars

Full Access
Question # 129

You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

A.

3

B.

2

C.

1

D.

4

Full Access
Question # 130

What command would show the API server status?

A.

cpm status

B.

api restart

C.

api status

D.

show api status

Full Access
Question # 131

When using CPSTAT, what is the default port used by the AMON server?

A.

18191

B.

18192

C.

18194

D.

18190

Full Access
Question # 132

What will be the effect of running the following command on the Security Management Server?

A.

Remove the installed Security Policy.

B.

Remove the local ACL lists.

C.

No effect.

D.

Reset SIC on all gateways.

Full Access
Question # 133

Which path below is available only when CoreXL is enabled?

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Full Access
Question # 134

Which is NOT a SmartEvent component?

A.

SmartEvent Server

B.

Correlation Unit

C.

Log Consolidator

D.

Log Server

Full Access
Question # 135

What is the order of NAT priorities?

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Full Access
Question # 136

Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?

A.

X-chkp-sid Session Unique Identifier

B.

API-Key

C.

user-uid

D.

uuid Universally Unique Identifier

Full Access
Question # 137

What is the correct description for the Dynamic Balancing / Split feature?

A.

Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

B.

Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)

C.

Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND's. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

D.

Dynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

Full Access
Question # 138

Fill in the blank: An identity server uses a _________________ to trust a Terminal Server Identity Agent.

A.

Shared secret

B.

One-time password

C.

Certificate

D.

Token

Full Access
Question # 139

UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

A.

Ask

B.

Drop

C.

Inform

D.

Reject

Full Access
Question # 140

In R81.20 a new feature dynamic log distribution was added. What is this for?

  • Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  • In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log

  • Synchronize the log between the primary and secondary management server in case of a Management High Availability

A.

To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

Full Access
Question # 141

How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?

A.

1

B.

3

C.

2

D.

4

Full Access
Question # 142

What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?

A.

A host route to route to the destination IP.

B.

Use the file local.arp to add the ARP entries for NAT to work.

C.

Nothing, the Gateway takes care of all details necessary.

D.

Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

Full Access
Question # 143

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

A.

logd

B.

fwd

C.

fwm

D.

cpd

Full Access
Question # 144

Which packet info is ignored with Session Rate Acceleration?

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Full Access
Question # 145

Which method below is NOT one of the ways to communicate using the Management API’s?

A.

Typing API commands using the “mgmt_cli” command

B.

Typing API commands from a dialog box inside the SmartConsole GUI application

C.

Typing API commands using Gaia’s secure shell(clish)19+

D.

Sending API commands over an http connection using web-services

Full Access
Question # 146

Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

A.

Check Point Remote User

B.

Check Point Capsule Workspace

C.

Check Point Mobile Web Portal

D.

Check Point Capsule Remote

Full Access
Question # 147

Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

A.

User data base corruption

B.

LDAP conflicts

C.

Traffic issues

D.

Phase two key negotiations

Full Access
Question # 148

The Event List within the Event tab contains:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Full Access
Question # 149

R81.20 management server can manage gateways with which versions installed?

A.

Versions R77 and higher

B.

Versions R76 and higher

C.

Versions R75.20 and higher

D.

Versions R75 and higher

Full Access
Question # 150

Which of the following process pulls application monitoring status?

A.

fwd

B.

fwm

C.

cpwd

D.

cpd

Full Access
Question # 151

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Full Access
Question # 152

Which statement is true regarding redundancy?

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Full Access
Question # 153

Session unique identifiers are passed to the web api using which http header option?

A.

X-chkp-sid

B.

Accept-Charset

C.

Proxy-Authorization

D.

Application

Full Access
Question # 154

Which of the SecureXL templates are enabled by default on Security Gateway?

A.

Accept

B.

Drop

C.

NAT

D.

None

Full Access
Question # 155

In the Check Point Security Management Architecture, which component(s) can store logs?

A.

SmartConsole

B.

Security Management Server and Security Gateway

C.

Security Management Server

D.

SmartConsole and Security Management Server

Full Access
Question # 156

An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?

A.

Slow Path

B.

Fast Path

C.

Medium Path

D.

Accelerated Path

Full Access
Question # 157

You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?

A.

"fw cpstop"

B.

"fw unloadlocal"

C.

"fwundo"

D.

"fw unloadpolicy''

Full Access
Question # 158

Name the authentication method that requires token authenticator.

A.

SecurelD

B.

DynamiclD

C.

Radius

D.

TACACS

Full Access
Question # 159

By default, what type of rules in the Access Control rulebase allow the control connections?

A.

Implicit Rules

B.

Explicitly Implied Rules

C.

Implied Rules

D.

Explicit Rules

Full Access
Question # 160

Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?

A.

show agent status

B.

show uninstaller status

C.

show installer packages

D.

show installer status

Full Access
Question # 161

What technologies are used to deny or permit network traffic?

A.

Stateful Inspection, Firewall Blade, and URL/Application Blade

B.

Packet Filtering, Stateful Inspection, and Application Layer Firewall

C.

Firewall Blade, URL/Application Blade, and IPS

D.

Stateful Inspection, URL/Application Blade, and Threat Prevention

Full Access
Question # 162

Which of the following is an authentication method used for Identity Awareness?

A.

RSA

B.

SSL

C.

Captive Portal

D.

PKI

Full Access
Question # 163

What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?

A.

new host name “New Host” ip-address “192.168.0.10”

B.

set host name “New Host” ip-address “192.168.0.10”

C.

create host name “New Host” ip-address “192.168.0.10”

D.

add host name “New Host” ip-address “192.168.0.10”

Full Access
Question # 164

Which of the following is NOT a type of Check Point API available in R81.x?

A.

Identity Awareness Web Services

B.

OPSEC SDK

C.

Mobile Access

D.

Management

Full Access
Question # 165

You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

A.

TCP port 443

B.

TCP port 257

C.

TCP port 256

D.

UDP port 8116

Full Access
Question # 166

Which one of the following is true about Threat Emulation?

A.

Takes less than a second to complete

B.

Works on MS Office and PDF files only

C.

Always delivers a file

D.

Takes minutes to complete (less than 3 minutes)

Full Access
Question # 167

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Full Access
Question # 168

From SecureXL perspective, what are the tree paths of traffic flow:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Full Access
Question # 169

What is mandatory for ClusterXL to work properly?

A.

The number of cores must be the same on every participating cluster node

B.

The Magic MAC number must be unique per cluster node

C.

The Sync interface must not have an IP address configured

D.

If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members

Full Access
Question # 170

SmartEvent does NOT use which of the following procedures to identify events:

A.

Matching a log against each event definition

B.

Create an event candidate

C.

Matching a log against local exclusions

D.

Matching a log against global exclusions

Full Access
Question # 171

Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

A.

Kerberos Ticket Renewed

B.

Kerberos Ticket Requested

C.

Account Logon

D.

Kerberos Ticket Timed Out

Full Access
Question # 172

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

A.

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Full Access
Question # 173

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Full Access
Question # 174

In what way are SSL VPN and IPSec VPN different?

A.

SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

B.

SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

C.

IPSec VPN does not support two factor authentication, SSL VPN does support this

D.

IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Full Access
Question # 175

In ClusterXL Load Sharing Multicast Mode:

A.

only the primary member received packets sent to the cluster IP address

B.

only the secondary member receives packets sent to the cluster IP address

C.

packets sent to the cluster IP address are distributed equally between all members of the cluster

D.

every member of the cluster received all of the packets sent to the cluster IP address

Full Access
Question # 176

Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

A.

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

B.

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C.

The CoreXL FW instances assignment mechanism is based on IP Protocol type

D.

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Full Access
Question # 177

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Full Access
Question # 178

Office mode means that:

A.

SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

B.

Users authenticate with an Internet browser and use secure HTTPS connection.

C.

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

D.

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Full Access
Question # 179

When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

A.

All UDP packets

B.

All IPv6 Traffic

C.

All packets that match a rule whose source or destination is the Outside Corporate Network

D.

CIFS packets

Full Access
Question # 180

GAiA Software update packages can be imported and installed offline in situation where:

A.

Security Gateway with GAiA does NOT have SFTP access to Internet

B.

Security Gateway with GAiA does NOT have access to Internet.

C.

Security Gateway with GAiA does NOT have SSH access to Internet.

D.

The desired CPUSE package is ONLY available in the Check Point CLOUD.

Full Access
Question # 181

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

A.

User Directory

B.

Captive Portal and Transparent Kerberos Authentication

C.

Captive Portal

D.

UserCheck

Full Access
Question # 182

The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

A.

Next Generation Threat Prevention

B.

Next Generation Threat Emulation

C.

Next Generation Threat Extraction

D.

Next Generation Firewall

Full Access
Question # 183

Which tool is used to enable ClusterXL?

A.

SmartUpdate

B.

cpconfig

C.

SmartConsole

D.

sysconfig

Full Access
Question # 184

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

A.

A lock icon shows that a rule or an object is locked and will be available.

B.

AdminA and AdminB are editing the same rule at the same time.

C.

A lock icon next to a rule informs that any Administrator is working on this particular rule.

D.

AdminA, AdminB and AdminC are editing three different rules at the same time.

Full Access
Question # 185

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Full Access
Question # 186

Which command would you use to set the network interfaces’ affinity in Manual mode?

A.

sim affinity -m

B.

sim affinity -l

C.

sim affinity -a

D.

sim affinity -s

Full Access
Question # 187

Check Point security components are divided into the following components:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Full Access
Question # 188

What is the SandBlast Agent designed to do?

A.

Performs OS-level sandboxing for SandBlast Cloud architecture

B.

Ensure the Check Point SandBlast services is running on the end user’s system

C.

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.

Clean up email sent with malicious attachments

Full Access