Can multiple administrators connect to a Security Management Server at the same time?
What is the port used for SmartConsole to connect to the Security Management Server?
You need to see which hotfixes are installed on your gateway, which command would you use?
John is using Management HA. Which Smartcenter should be connected to for making changes?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
Gaia has two default user accounts that cannot be deleted. What are those user accounts?
What command is used to manually failover a Multi-Version Cluster during the upgrade?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
You want to store the GAIA configuration in a file for later reference. What command should you use?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Which of the following authentication methods ARE NOT used for Mobile Access?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Which of the SecureXL templates are enabled by default on Security Gateway?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
How many images are included with Check Point TE appliance in Recommended Mode?
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
Session unique identifiers are passed to the web api using which http header option?
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
What should the admin do in case the Primary Management Server is temporary down?
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
Which SmartEvent component is responsible to collect the logs from different Log Servers?
While using the Gaia CLI. what is the correct command to publish changes to the management server?
How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer.
Which upgrade method you should use upgrading from R80.40 to R81.10 to avoid any downtime?
Bob is going to prepare the import of the exported R81.10 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.10 release. Which of the following Check Point command is true?
What could NOT be a reason for synchronization issues in a Management HA environment?
Return oriented programming (ROP) exploits are detected by which security blade?
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
Which of the following is NOT an option to calculate the traffic direction?
Which Check Point software blade provides Application Security and identity control?
What will be the effect of running the following command on the Security Management Server?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
With SecureXL enabled, accelerated packets will pass through the following:
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to fill in System Restore window before she can click OK button and test the backup?
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Which file gives you a list of all security servers in use, including port number?
The SmartEvent R81 Web application for real-time event monitoring is called:
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
Which Check Point feature enables application scanning and the detection?
One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
If you needed the Multicast MAC address of a cluster, what command would you run?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which command collects diagnostic data for analyzing customer setup remotely?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
What are the different command sources that allow you to communicate with the API server?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?
SmartConsole R81 x requires the following ports to be open for SmartEvent.
What is the correct order of the default “fw monitor†inspection points?
What API command below creates a new host object with the name "My Host" and IP address of "192 168 0 10"?
What is the recommended way to have a redundant Sync connection between the cluster nodes?
The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?
You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?
When performing a minimal effort upgrade, what will happen to the network traffic?
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
What are types of Check Point APIs available currently as part of R81.10 code?
Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
John is using Management HA. Which Security Management Server should he use for making changes?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
GAiA Software update packages can be imported and installed offline in situation where:
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
Which command shows the current connections distributed by CoreXL FW instances?
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application?
Using ClusterXL, what statement is true about the Sticky Decision Function?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
What is a best practice before starting to troubleshoot using the “fw monitor†tool?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
: 131
Which command is used to display status information for various components?
Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?