After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
What is not a purpose of the deployment of Check Point API?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
• Use an automated script to perform common tasks
• Integrate Check Point products with 3rd party solutions
• Create products that use and enhance the Check Point solution
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
Check Point security components are divided into the following components:
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
Which Check Point feature enables application scanning and the detection?
On what port does the CPM process run?
How many layers make up the TCP/IP model?
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
Which of the following commands shows the status of processes?
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
Which process handles connection from SmartConsole R81?
What statement best describes the Proxy ARP feature for Manual NAT in R81.10?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
What must you do first if “fwm sic_reset” could not be completed?
Which encryption algorithm is the least secured?
Can multiple administrators connect to a Security Management Server at the same time?
What scenario indicates that SecureXL is enabled?
Which command gives us a perspective of the number of kernel tables?
From SecureXL perspective, what are the tree paths of traffic flow:
Which of these is an implicit MEP option?
Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet?
What is the purpose of a SmartEvent Correlation Unit?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
SmartEvent does NOT use which of the following procedures to identify events:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
John is using Management HA. Which Smartcenter should be connected to for making changes?
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run;
# cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Which command shows the current connections distributed by CoreXL FW instances?
Using ClusterXL, what statement is true about the Sticky Decision Function?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
Automation and Orchestration differ in that:
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
Which command is used to display status information for various components?
The log server sends what to the Correlation Unit?
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a
response before the peer host is declared ‘down’, you would set the_________?
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
When synchronizing clusters, which of the following statements is FALSE?
If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
When performing a minimal effort upgrade, what will happen to the network traffic?
How can you see historical data with cpview?
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
What can we infer about the recent changes made to the Rule Base?
Which firewall daemon is responsible for the FW CLI commands?
By default, which port does the WebUI listen on?
According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
In the Check Point Security Management Architecture, which component(s) can store logs?
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .
Which command will reset the kernel debug options to default settings?
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Which TCP-port does CPM process listen to?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
Identify the API that is not supported by Check Point currently.
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
If you needed the Multicast MAC address of a cluster, what command would you run?
Which of the following process pulls application monitoring status?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".
The Event List within the Event tab contains:
In R81, how do you manage your Mobile Access Policy?
Which statement is correct about the Sticky Decision Function?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
In R81 spoofing is defined as a method of:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Which features are only supported with R81.10 Gateways but not R77.x?
What are the different command sources that allow you to communicate with the API server?