What are the types of Software Containers?
Which NAT rules are prioritized first?
GAiA Software update packages can be imported and installed offline in situation where:
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
What is the valid range for VRID value in VRRP configuration?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
What kind of information would you expect to see using the sim affinity command?
What command lists all interfaces using Multi-Queue?
Which Check Point software blade provides Application Security and identity control?
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
What is the SandBlast Agent designed to do?
How many layers make up the TCP/IP model?
Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
Which command would you use to set the network interfaces’ affinity in Manual mode?
Office mode means that:
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
Please choose the path to monitor the compliance status of the Check Point R81.10 based management.
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
With SecureXL enabled, accelerated packets will pass through the following:
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
How many policy layers do Access Control policy support?
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to fill in System Restore window before she can click OK button and test the backup?
Which is not a blade option when configuring SmartEvent?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Which path below is available only when CoreXL is enabled?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
What is not a purpose of the deployment of Check Point API?
Which SmartConsole tab is used to monitor network and security performance?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
You can access the ThreatCloud Repository from:
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Which file gives you a list of all security servers in use, including port number?
Which blades and or features are not supported in R81?
Which is NOT a SmartEvent component?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
What is UserCheck?
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
Which of the following statements is TRUE about R81 management plug-ins?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
Which command is used to set the CCP protocol to Multicast?
Which CLI command will reset the IPS pattern matcher statistics?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Which of the SecureXL templates are enabled by default on Security Gateway?
Which of the following authentication methods ARE NOT used for Mobile Access?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
Connections to the Check Point R81 Web API use what protocol?
Which command shows actual allowed connections in state table?
If you needed the Multicast MAC address of a cluster, what command would you run?
Which command would disable a Cluster Member permanently?
Which is NOT an example of a Check Point API?
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
Which statement is true regarding redundancy?
What is the correct command to observe the Sync traffic in a VRRP environment?
Which features are only supported with R81.10 Gateways but not R77.x?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
Which statement is correct about the Sticky Decision Function?
Which command can you use to enable or disable multi-queue per interface?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
To fully enable Dynamic Dispatcher on a Security Gateway:
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
What is not a component of Check Point SandBlast?
Which statement is NOT TRUE about Delta synchronization?
Session unique identifiers are passed to the web api using which http header option?
Which command will allow you to see the interface status?
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
Advanced Security Checkups can be easily conducted within:
In R81 spoofing is defined as a method of:
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
The Firewall kernel is replicated multiple times, therefore:
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
Which command lists all tables in Gaia?
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
How many images are included with Check Point TE appliance in Recommended Mode?
What has to be taken into consideration when configuring Management HA?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
What Factor preclude Secure XL Templating?
What is the most recommended way to install patches and hotfixes?
When an encrypted packet is decrypted, where does this happen?
Which directory below contains log files?
What processes does CPM control?
SandBlast appliances can be deployed in the following modes:
The following command is used to verify the CPUSE version:
What is the benefit of “tw monitor” over “tcpdump”?
You need to see which hotfixes are installed on your gateway, which command would you use?
What is the purpose of Priority Delta in VRRP?
Which GUI client is supported in R81?
You have existing dbedit scripts from R77. Can you use them with R81.10?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Which one of the following is true about Threat Emulation?
Which Check Point daemon monitors the other daemons?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
How do Capsule Connect and Capsule Workspace differ?
SmartEvent does NOT use which of the following procedures to identify events:
To add a file to the Threat Prevention Whitelist, what two items are needed?
The Correlation Unit performs all but the following actions:
What component of R81 Management is used for indexing?
What is considered Hybrid Emulation Mode?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
Which of the following is NOT a component of Check Point Capsule?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
: 156
VPN Link Selection will perform the following when the primary VPN link goes down?
Traffic from source 192.168.1.1 is going to The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
For Management High Availability, which of the following is NOT a valid synchronization status?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
Security Checkup Summary can be easily conducted within:
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
Which of the following is NOT a type of Check Point API available in R81.x?
Which one of the following is true about Threat Extraction?
Which command shows detailed information about VPN tunnels?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
What is mandatory for ClusterXL to work properly?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary" Which configuration option does she need to look for:
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the
inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire
mode configuration, chain modules marked with _______ will not apply.
What is the purpose of the CPCA process?
You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?
What solution is multi-queue intended to provide?
The back-end database for Check Point R81 Management uses:
Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:
To optimize Rule Base efficiency, the most hit rules should be where?
What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?
SandBlast agent extends 0-day prevention to what part of the network?
In which deployment is the security management server and Security Gateway installed on the same appliance?
What is the command to check the status of Check Point processes?
Fill in the blanks: Gaia can be configured using the ______ or _____ .
What are the two ClusterXL Deployment options?
How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer.
Which of the following is NOT an attribute of packet acceleration?
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:
How to can you make sure that the old logs will be available after updating the Management to version R81.10 using the Advanced Upgrade Method?
Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):
The “MAC magic” value must be modified under the following condition:
The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to “None”?
While using the Gaia CLI. what is the correct command to publish changes to the management server?
What is the SOLR database for?
What are possible Automatic Reactions in SmartEvent?
Which Check Point software blade provides protection from zero-day and undiscovered threats?
You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?
SmartEvent Security Checkups can be run from the following Logs and Monitor activity:
What is the default size of NAT table fwx_alloc?
What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?
When performing a minimal effort upgrade, what will happen to the network traffic?
A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?
Main Mode in IKEv1 uses how many packages for negotiation?
To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax?
Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;
When using the Mail Transfer Agent, where are the debug logs stored?
You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?
When defining QoS global properties, which option below is not valid?
Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:
If SecureXL is disabled which path is used to process traffic?
Which two Identity Awareness daemons are used to support identity sharing?
After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?
What are the services used for Cluster Synchronization?