You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
When performing a minimal effort upgrade, what will happen to the network traffic?
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
When performing a minimal effort upgrade, what will happen to the network traffic?
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?
What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi-Version Cluster(MVC) Upgrade?
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
If a “ping”-packet is dropped by FW1 Policy –on how many inspection Points do you see this packet in “fw monitor”?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
When users connect to the Mobile Access portal they are unable to open File Shares.
Which log file would you want to examine?
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
John is using Management HA. Which Security Management Server should he use for making changes?
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
Access roles allow the firewall administrator to configure network access according to:
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Which method below is NOT one of the ways to communicate using the Management API’s?
Where you can see and search records of action done by R81 SmartConsole administrators?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
You need to see which hotfixes are installed on your gateway, which command would you use?
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.20 SmartConsole application?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?
: 131
Which command is used to display status information for various components?
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
For Management High Availability, which of the following is NOT a valid synchronization status?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
What is the port used for SmartConsole to connect to the Security Management Server?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
NO: 219
What cloud-based SandBlast Mobile application is used to register new devices and users?
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Which of the following is an authentication method used for Identity Awareness?
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?
By default, how often does Threat Emulation update the engine on the Security Gateway?
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
What are the Threat Prevention software components available on the Check Point Security Gateway?
Identity Awareness allows easy configuration for network access and auditing based on what three items?
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
In R81.20 a new feature dynamic log distribution was added. What is this for?
CCSE R81 |