Check Point Certified Security Expert R81.20 Questions and Answers
How would you enable VMAC Mode in ClusterXL?
The back-end database for Check Point Management uses:
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?
Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:
What Is the difference between Updatable Objects and Dynamic Objects
What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?
Which Queue in the Priority Queue has the maximum priority?
When synchronizing clusters, which of the following statements is FALSE?
The Check Point history feature in R81 provides the following:
What is the purpose of the CPCA process?
Which command is used to obtain the configuration lock in Gaia?
In the Check Point Security Management Architecture, which component(s) can store logs?
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
Which command lists firewall chain?
What technologies are used to deny or permit network traffic?
Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:
Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?
You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?
What traffic does the Anti-bot feature block?
Alice & Bob are concurrently logged In via SSH on the same Check Point Security Gateway as user "admin* however Bob was first logged in and acquired the lock Alice Is not aware that Bob is also togged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAlAclish command is true for overriding Bobs configuration database lock:
What state is the Management HA in when both members have different policies/databases?
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?
Check Point ClusterXL Active/Active deployment is used when:
What are the three SecureXL Templates available in R81.20?
When defining QoS global properties, which option below is not valid?
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
From SecureXL perspective, what are the three paths of traffic flow:
What are the Threat Prevention software components available on the Check Point Security Gateway?
Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement.
In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
By default, what type of rules in the Access Control rulebase allow the control connections?
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?
Which of the following is NOT a component of a Distinguished Name?
What is the purpose of the command "ps aux | grep twd"?
What destination versions are supported for a Multi-Version Cluster Upgrade?
After upgrading the primary security management server from R80.40 to R81.10 Bob wants to use the central deployment in SmartConsole R81.10 for the first time. How many installations (e.g. Jumbo Hotfix, Hotfixes or Upgrade Packages) can run of such at the same time:
The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?
Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services.
The installation of a package via SmartConsole CANNOT be applied on
Which command will reset the kernel debug options to default settings?
SmartConsole R81 x requires the following ports to be open for SmartEvent.
What is false regarding prerequisites for the Central Deployment usage?
How many interfaces can you configure to use the Multi-Queue feature?
What are the two high availability modes?
Which one of the following is true about Capsule Connect?
For Management High Availability, which of the following is NOT a valid synchronization status?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
What component of R81 Management is used for indexing?
Automation and Orchestration differ in that:
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
Which of the following is NOT a type of Check Point API available in R81.x?
What is the name of the secure application for Mail/Calendar for mobile devices?
Security Checkup Summary can be easily conducted within:
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
The Correlation Unit performs all but the following actions:
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
What are the main stages of a policy installations?
Which of the following links will take you to the SmartView web application?
What is the purpose of Priority Delta in VRRP?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
When an encrypted packet is decrypted, where does this happen?
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Which one of the following is true about Threat Extraction?
What is the benefit of “tw monitor” over “tcpdump”?
Which command gives us a perspective of the number of kernel tables?
Using ClusterXL, what statement is true about the Sticky Decision Function?
What is considered Hybrid Emulation Mode?
: 131
Which command is used to display status information for various components?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
You want to store the GAIA configuration in a file for later reference. What command should you use?
Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?
Which of the following is NOT a component of Check Point Capsule?
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
SmartEvent does NOT use which of the following procedures to identify events:
Which command shows detailed information about VPN tunnels?
Which of the following will NOT affect acceleration?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
Which encryption algorithm is the least secured?
Which Remote Access Client does not provide an Office-Mode Address?
John is using Management HA. Which Smartcenter should be connected to for making changes?
NO: 180
What command can you use to have cpinfo display all installed hotfixes?
Which one of the following is true about Threat Emulation?
What is the command to check the status of the SmartEvent Correlation Unit?
From SecureXL perspective, what are the tree paths of traffic flow:
What processes does CPM control?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
What is true of the API server on R81.20?
What kind of information would you expect to see using the sim affinity command?
SandBlast agent extends 0 day prevention to what part of the network?
What is the Implicit Clean-up Rule?
What will SmartEvent automatically define as events?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
What must you do first if “fwm sic_reset” could not be completed?
How many layers make up the TCP/IP model?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
What is the responsibility of SOLR process on R81.20 management server?
Which application should you use to install a contract file?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
In what way are SSL VPN and IPSec VPN different?
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
Check Point security components are divided into the following components:
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
What is the valid range for VRID value in VRRP configuration?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
Which is NOT an example of a Check Point API?
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
The SmartEvent R81 Web application for real-time event monitoring is called:
What is not a purpose of the deployment of Check Point API?
In the Firewall chain mode FFF refers to:
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
What is the SandBlast Agent designed to do?
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
GAiA Software update packages can be imported and installed offline in situation where:
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
How many policy layers do Access Control policy support?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
What statement best describes the Proxy ARP feature for Manual NAT in R81.20?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
Which is NOT a SmartEvent component?
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
Which process handles connection from SmartConsole R81?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
Which command would you use to set the network interfaces’ affinity in Manual mode?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
Which of the following is NOT an option to calculate the traffic direction?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
Which of the SecureXL templates are enabled by default on Security Gateway?
Which command shows actual allowed connections in state table?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Which two of these Check Point Protocols are used by SmartEvent Processes?
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
Which statement is correct about the Sticky Decision Function?
The Firewall kernel is replicated multiple times, therefore:
Which command collects diagnostic data for analyzing customer setup remotely?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
CoreXL is supported when one of the following features is enabled:
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
What command verifies that the API server is responding?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Which of the following statements is TRUE about R81 management plug-ins?
What is the limitation of employing Sticky Decision Function?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
Which command lists all tables in Gaia?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
What is the correct command to observe the Sync traffic in a VRRP environment?
Session unique identifiers are passed to the web api using which http header option?
In R81 spoofing is defined as a method of:
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
What is the mechanism behind Threat Extraction?
What is the difference between an event and a log?
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
What is the least amount of CPU cores required to enable CoreXL?
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Which command would disable a Cluster Member permanently?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Which of the following process pulls application monitoring status?
Identify the API that is not supported by Check Point currently.
In R81, how do you manage your Mobile Access Policy?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot: