Fill in the blanks: Gaia can be configured using _______ the ________.
- A . Command line interface; WebUI
- B . Gaia Interface; GaiaUI
- C . WebUI; Gaia Interface
- D . GaiaUI; command line interface
A
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/Configuring-Gaia-for-the-First-Time.htm?tocpath=Configuring%20Gaia%20for%20the%20First%20Time%7C_____0
Which of the following is NOT a component of a Distinguished Name?
- A . Common Name
- B . Country
- C . User container
- D . Organizational Unit
In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?
- A . Logging & Monitoring
- B . None – the data is available by default
- C . Monitoring Blade
- D . SNMP
C
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_NextGenSecur ityGateway_Guide/Topics-FWG/Monitoring-Blade.htm
When an encrypted packet is decrypted, where does this happen?
- A . Security policy
- B . Inbound chain
- C . Outbound chain
- D . Decryption is not supported
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
- A . Application Control
- B . Data Awareness
- C . Identity Awareness
- D . Threat Emulation
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log.
Which of the following options can you add to each Log, Detailed Log and Extended Log?
- A . Accounting
- B . Suppression
- C . Accounting/Suppression
- D . Accounting/Extended
What is the difference between SSL VPN and IPSec VPN?
- A . IPSec VPN does not require installation of a resident VPN client
- B . SSL VPN requires installation of a resident VPN client
- C . SSL VPN and IPSec VPN are the same
- D . IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser
What is the RFC number that act as a best practice guide for NAT?
- A . RFC 1939
- B . RFC 1950
- C . RFC 1918
- D . RFC 793
C
Explanation:
https://datatracker.ietf.org/doc/html/rfc1918
From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?
- A . Verify a Security Policy
- B . Open a terminal shell
- C . Add a static route
- D . View Security Management GUI Clients
Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?
- A . AD Query
- B . Terminal Servers Endpoint Identity Agent
- C . Endpoint Identity Agent and Browser-Based Authentication
- D . RADIUS and Account Logon
C
Explanation:
Endpoint Identity Agents and Browser-Based Authentication – When a high level of security is necessary. The Captive Portal is used for distributing the Endpoint Identity Agent. IP Spoofing protection can be set to prevent packets from being IP spoofed.
What is the Transport layer of the TCP/IP model responsible for?
- A . It transports packets as datagrams along different routes to reach their destination.
- B . It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
- C . It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
- D . It deals with all aspects of the physical components of network connectivity and connects with different network types.
Is it possible to have more than one administrator connected to a Security Management Server at once?
- A . Yes, but only if all connected administrators connect with read-only permissions.
- B . Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
- C . No, only one administrator at a time can connect to a Security Management Server
- D . Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?
- A . IPS blade
- B . IPSEC VPN Blade
- C . Identity Awareness Blade
- D . Firewall Blade
The ______ software blade package uses CPU-level and OS-level sandboxing in order to
detect and block malware.
- A . Next Generation Threat Prevention
- B . Next Generation Threat Emulation
- C . Next Generation Threat Extraction
- D . Next Generation Firewall
What are the types of Software Containers?
- A . Smart Console, Security Management, and Security Gateway
- B . Security Management, Security Gateway, and Endpoint Security
- C . Security Management, Log & Monitoring, and Security Policy
- D . Security Management, Standalone, and Security Gateway
Please choose correct command syntax to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
- A . host name myHost12 ip-address 10.50.23.90
- B . mgmt add host name ip-address 10.50.23.90
- C . add host name emailserver1 ip-address 10.50.23.90
- D . mgmt add host name emailserver1 ip-address 10.50.23.90
CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings.
The following Threat Prevention Profile has been created.
How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.
- A . Set High Confidence to Low and Low Confidence to Inactive.
- B . Set the Performance Impact to Medium or lower.
- C . The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.
- D . Set the Performance Impact to Very Low Confidence to Prevent.
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:
- A . Rename the hostname of the Standby member to match exactly the hostname of the Active member.
- B . Change the Standby Security Management Server to Active.
- C . Change the Active Security Management Server to Standby.
- D . Manually synchronize the Active and Standby Security Management Servers.
Name the authentication method that requires token authenticator.
- A . SecureID
- B . Radius
- C . DynamicID
- D . TACACS
A
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManag ement_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm
What is the BEST method to deploy Identity Awareness for roaming users?
- A . Use Office Mode
- B . Use identity agents
- C . Share user identities between gateways
- D . Use captive portal
B
Explanation:
Using Endpoint Identity Agents give you:
What licensing feature is used to verify licenses and activate new licenses added to the License and Contracts repository?
- A . Verification tool
- B . Verification licensing
- C . Automatic licensing
- D . Automatic licensing and Verification tool
A security zone is a group of one or more network interfaces from different centrally managed gateways.
What is considered part of the zone?
- A . The zone is based on the network topology and determined according to where the interface leads to.
- B . Security Zones are not supported by Check Point firewalls.
- C . The firewall rule can be configured to include one or more subnets in a zone.
- D . The local directly connected subnet defined by the subnet IP and subnet mask.
A
Explanation:
The Interface window opens. The Topology area of the General pane shows the Security Zone to which the interface is already bound. By default, the Security Zone is calculated according to where the interface Leads To. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManag ement_AdminGuide/Topics-SECMG/Security-Zones.htm
Which of the following commands is used to monitor cluster members?
- A . cphaprob state
- B . cphaprob status
- C . cphaprob
- D . cluster state
Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?
- A . Windows Management Instrumentation (WMI)
- B . Hypertext Transfer Protocol Secure (HTTPS)
- C . Lightweight Directory Access Protocol (LDAP)
- D . Remote Desktop Protocol (RDP)
C
Explanation:
AD Query (ADQ) is a clientless identity acquisition method that extracts user and computer identity information from the Active Directory Security Event Logs12. It is based on Active Directory integration and allows the Security Gateway to correlate Active Directory Users and machines to IP addresses in a method that is completely transparent to the user1. The Active Directory protocols provide directory services for the centralized storage of identity and account information, as well as storage for other forms of data such as group policies and printer location information3. The Active Directory protocols are specified in [LDAP], [MS-ADTS], [MS-SRPL], [MS-DRSR], [MS-SNTP], [MS-LSAD], [MS-LSAT], [MS-DSSP], [MS-SAMR], [MS-SAMS], [MS-WSDS], [WFXR], [WSENUM], [MS-WSTIM], [MS-ADDM], [MS-WSPELD], and [MS-ADCAP]3.
A network administrator has informed you that they have identified a malicious host on the
network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time.
What tool can you use to block this traffic?
- A . Anti-Bot protection
- B . Anti-Malware protection
- C . Policy-based routing
- D . Suspicious Activity Monitoring (SAM) rules
C
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMo nitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm
What is the main difference between Threat Extraction and Threat Emulation?
- A . Threat Emulation never delivers a file and takes more than 3 minutes to complete
- B . Threat Extraction always delivers a file and takes less than a second to complete
- C . Threat Emulation never delivers a file that takes less than a second to complete
- D . Threat Extraction never delivers a file and takes more than 3 minutes to complete
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
- A . Upgrade the software version
- B . Open WebUI
- C . Open SSH
- D . Open service request with Check Point Technical Support
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
- A . Name of the application, identity of the user, and identity of the machine
- B . Identity of the machine, username, and certificate
- C . Network location, identity of a user, and identity of a machine
- D . Browser-Based Authentication, identity of a user, and network location
What is NOT an advantage of Packet Filtering?
- A . Application Independence
- B . High Performance
- C . Scalability
- D . Low Security and No Screening above Network Layer
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops.
Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?
- A . AD Query
- B . Browser-Based Authentication
- C . Identity Agents
- D . Terminal Servers Agent
B
Explanation:
References:
Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays _____________ for the given VPN tunnel.
- A . Down
- B . No Response
- C . Inactive
- D . Failed
Which part of SmartConsole allows administrators to add, edit delete, and clone objects?
- A . Object Browser
- B . Object Editor
- C . Object Navigator
- D . Object Explorer
Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? (Choose the best answer.)
- A . IPS
- B . Anti-Virus
- C . Anti-Malware
- D . Content Awareness
B
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPreventi on_AdminGuide/Topics-TPG/The_Check_Point_Threat_Prevention_Solution.htm
"Check Point Antivirus Software Blade prevents and stops threats such as malware, viruses, and Trojans from entering and infecting a network"
Also here -https://www.checkpoint.com/downloads/products/antivirus-datasheet.pdf
Fill in the blank: The _____ feature allows administrators to share a policy with other policy
packages.
- A . Concurrent policy packages
- B . Concurrent policies
- C . Global Policies
- D . Shared policies
D
Explanation:
"The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages." https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManag ement_AdminGuide/Topics-SECMG/SmartConsole-Toolbars-Shared-Policies.htm
R80.10 management server can manage gateways with which versions installed?
- A . Versions R77 and higher
- B . Versions R76 and higher
- C . Versions R75.20 and higher
- D . Version R75 and higher
Which of the following are types of VPN communities?
- A . Pentagon, star, and combination
- B . Star, octagon, and combination
- C . Combined and star
- D . Meshed, star, and combination
Session unique identifiers are passed to the web api using which http header option?
- A . X-chkp-sid
- B . Accept-Charset
- C . Proxy-Authorization
- D . Application
How would you determine the software version from the CLI?
- A . fw ver
- B . fw stat
- C . fw monitor
- D . cpinfo
In order to modify Security Policies the administrator can use which of the following tools? (Choose the best answer.)
- A . SmartConsole and WebUI on the Security Management Server.
- B . SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed.
- C . Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
- D . mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet.
How can you fix this?
- A . Right click Accept in the rule, select “More”, and then check “Enable Identity Captive Portal”
- B . On the firewall object, Legacy Authentication screen, check “Enable Identity Captive Portal”
- C . In the Captive Portal screen of Global Properties, check “Enable Identity Captive Portal”
- D . On the Security Management Server object, check the box “Identity Logging”
Fill in the blank: ____________ is the Gaia command that turns the server off.
- A . sysdown
- B . exit
- C . halt
- D . shut-down
Name one limitation of using Security Zones in the network?
- A . Security zones will not work in Automatic NAT rules
- B . Security zone will not work in Manual NAT rules
- C . Security zones will not work in firewall policy layer
- D . Security zones cannot be used in network topology
B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=&solutionid=sk128572
The “Hit count” feature allows tracking the number of connections that each rule matches.
Will the Hit count feature work independently from logging and Track the hits even if the Track option is set to “None”?
- A . No, it will not work independently. Hit Count will be shown only for rules with Track options set as Log or alert
- B . Yes, it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway
- C . No, it will not work independently because hit count requires all rules to be logged
- D . Yes, it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways
Which of the following is an authentication method used for Identity Awareness?
- A . SSL
- B . Captive Portal
- C . PKI
- D . RSA
Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.
- A . Formal; corporate
- B . Local; formal
- C . Local; central
- D . Central; local
Which of the following is NOT a valid application navigation tab in the R80 SmartConsole?
- A . Manage and Command Line
- B . Logs and Monitor
- C . Security Policies
- D . Gateway and Servers
A
Explanation:
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway
- A . True, CLI is the prefer method for Licensing
- B . False, Central License are handled via Security Management Server
- C . False, Central License are installed via Gaia on Security Gateways
- D . True, Central License can be installed with CPLIC command on a Security Gateway
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
- A . Security Gateway IP-address cannot be changed without re-establishing the trust
- B . The Security Gateway name cannot be changed in command line without re-establishing trust
- C . The Security Management Server name cannot be changed in SmartConsole without re-establishing trust
- D . The Security Management Server IP-address cannot be changed without re-establishing the trust
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
- A . Publish changes
- B . Save changes
- C . Install policy
- D . Install database
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:
- A . Security Management Server’s /home/.fgpt file and is available for future SmartConsole authentications.
- B . Windows registry is available for future Security Management Server authentications.
- C . There is no memory used for saving a fingerprint anyway.
- D . SmartConsole cache is available for future Security Management Server authentications.
Where can administrator edit a list of trusted SmartConsole clients?
- A . cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
- B . In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
- C . WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
- D . Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
A SAM rule Is implemented to provide what function or benefit?
- A . Allow security audits.
- B . Handle traffic as defined in the policy.
- C . Monitor sequence activity.
- D . Block suspicious activity.
D
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMo nitoring_AdminGuide/Topics-LMG/Monitoring-Suspicious-Activity-Rules.htm
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
- A . Full
- B . Custom
- C . Complete
- D . Light
Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?
- A . Microsoft Publisher
- B . JSON
- C . Microsoft Word
- D . RC4 Encryption
Which software blade does NOT accompany the Threat Prevention policy?
- A . IPS
- B . Application Control and URL Filtering
- C . Threat Emulation
- D . Anti-virus
Fill in the blank Once a license is activated, a___________should be installed.
- A . Security Gateway Contract file
- B . Service Contract file
- C . License Management file
- D . License Contract file
How do you manage Gaia?
- A . Through CLI and WebUI
- B . Through CLI only
- C . Through SmartDashboard only
- D . Through CLI, WebUI, and SmartDashboard
Log query results can be exported to what file format?
- A . Word Document (docx)
- B . Comma Separated Value (csv)
- C . Portable Document Format (pdf)
- D . Text (txt)
What are the three deployment considerations for a secure network?
- A . Distributed, Bridge Mode, and Remote
- B . Bridge Mode, Remote, and Standalone
- C . Remote, Standalone, and Distributed
- D . Standalone, Distributed, and Bridge Mode
Which of the following is NOT an advantage to using multiple LDAP servers?
- A . You achieve a faster access time by placing LDAP servers containing the database at remote sites
- B . You achieve compartmentalization by allowing a large number of users to be distributed across several servers
- C . Information on a user is hidden, yet distributed across several servers.
- D . You gain High Availability by replicating the same information on several servers
When you upload a package or license to the appropriate repository in SmartUpdate. where is the package or license stored?
- A . SmartConsole installed device
- B . Check Point user center
- C . Security Management Server
- D . Security Gateway
Examine the sample Rule Base.
What will be the result of a verification of the policy from SmartConsole?
- A . No errors or Warnings
- B . Verification Error. Empty Source-List in Rule 5 (Mail Inbound)
- C . Verification Error. Rule 4 (Web Inbound) hides Rule 6 (Webmaster access)
- D . Verification Error. Rule 7 (Clean-Up Rule) hides Implicit Clean-up Rule
SmartEvent does NOT use which of the following procedures to identity events:
- A . Matching a log against each event definition
- B . Create an event candidate
- C . Matching a log against local exclusions
- D . Matching a log against global exclusions
Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
- A . IPS
- B . Anti-Virus
- C . Anti-Spam
- D . Anti-bot
What is the best sync method in the ClusterXL deployment?
- A . Use 1 cluster + 1st sync
- B . Use 1 dedicated sync interface
- C . Use 3 clusters + 1st sync + 2nd sync + 3rd sync
- D . Use 2 clusters + 1st sync + 2nd sync
Customer’s R80 management server needs to be upgraded to R80.10.
What is the best upgrade method when the management server is not connected to the Internet?
- A . Export R80 configuration, clean install R80.10 and import the configuration
- B . CPUSE online upgrade
- C . CPUSE offline upgrade
- D . SmartUpdate upgrade
The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways.
Which statement best describes this Secure Internal Communication (SIC)?
- A . After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.
- B . Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed.
- C . A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA.
- D . New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.
A
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManag ement_AdminGuide/Topics-SECMG/Secure-Internal-Communication.htm
Which of the following is NOT a component of Check Point Capsule?
- A . Capsule Docs
- B . Capsule Cloud
- C . Capsule Enterprise
- D . Capsule Workspace
Which tool is used to enable cluster membership on a Gateway?
- A . SmartUpdate
- B . cpconfig
- C . SmartConsole
- D . sysconfig
What is the default shell for the command line interface?
- A . Clish
- B . Admin
- C . Normal
- D . Expert
A
Explanation:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminG uide/Topics-GAG/Gaia-Clish-Commands.htm
What is the most recommended installation method for Check Point appliances?
- A . SmartUpdate installation
- B . DVD media created with Check Point ISOMorphic
- C . USB media created with Check Point ISOMorphic
- D . Cloud based installation
Check Point licenses come in two forms.
What are those forms?
- A . Central and Local.
- B . Access Control and Threat Prevention.
- C . On-premise and Public Cloud.
- D . Security Gateway and Security Management.
In SmartEvent, a correlation unit (CU) is used to do what?
- A . Collect security gateway logs, Index the logs and then compress the logs.
- B . Receive firewall and other software blade logs in a region and forward them to the primary log server.
- C . Analyze log entries and identify events.
- D . Send SAM block rules to the firewalls during a DOS attack.
C
Explanation:
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Logging AndMonitoring_AdminGuide/Topics-LMG/SmartEvent-Correlation-Unit.htm
You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information.
What is the MOST likely reason?
- A . Identity Awareness is not enabled.
- B . Log Trimming is enabled.
- C . Logging has disk space issues
- D . Content Awareness is not enabled.
Which type of Check Point license ties the package license to the IP address of the Security Management Server?
- A . Central
- B . Corporate
- C . Local
- D . Formal
A
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=&solutionid=sk62685
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
- A . SND is a feature to accelerate multiple SSL VPN connections
- B . SND is an alternative to IPSec Main Mode, using only 3 packets
- C . SND is used to distribute packets among Firewall instances
- D . SND is a feature of fw monitor to capture accelerated packets
What is true about the IPS-Blade?
- A . in R80, IPS is managed by the Threat Prevention Policy
- B . in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
- C . in R80, IPS Exceptions cannot be attached to “all rules”
- D . in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?
- A . Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities.
- B . When it comes to performance, proxies were significantly faster than stateful inspection firewalls.
- C . Proxies offer far more security because of being able to give visibility of the payload (the data).
- D . When it comes to performance, stateful inspection was significantly faster than proxies.
What Check Point technologies deny or permit network traffic?
- A . Application Control, DLP
- B . Packet Filtering, Stateful Inspection, Application Layer Firewall.
- C . ACL, SandBlast, MPT
- D . IPS, Mobile Threat Protection
In SmartConsole, on which tab are Permissions and Administrators defined?
- A . Manage and Settings
- B . Logs and Monitor
- C . Security Policies
- D . Gateways and Servers
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher.
How can you enable them?
- A . fw ctl multik dynamic_dispatching on
- B . fw ctl multik dynamic_dispatching set_mode 9
- C . fw ctl multik set_mode 9
- D . fw ctl miltik pq enable
When should you generate new licenses?
- A . Before installing contract files.
- B . After an RMA procedure when the MAC address or serial number of the appliance changes.
- C . When the existing license expires, license is upgraded or the IP-address where the license is tied changes.
- D . Only when the license is upgraded.
Which GUI tool can be used to view and apply Check Point licenses?
- A . cpconfig
- B . Management Command Line
- C . SmartConsole
- D . SmartUpdate
D
Explanation:
SmartUpdate GUI is the recommended way of managing licenses.
Which tool is used to enable ClusterXL?
- A . SmartUpdate
- B . cpconfig
- C . SmartConsole
- D . sysconfig
How many users can have read/write access in Gaia Operating System at one time?
- A . One
- B . Three
- C . Two
- D . Infinite
A
Explanation:
if another user has r/w access, you need to use "lock database override" or "unlock database" to claim r/w access.
Ref: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_Gaia_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_Gaia_AdminGuide/162435
Secure Internal Communication (SIC) is handled by what process?
- A . CPM
- B . HTTPS
- C . FWD
- D . CPD
D
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=&solutionid=sk97638
Using ClusterXL, what statement is true about the Sticky Decision Function?
- A . Can only be changed for Load Sharing implementations
- B . All connections are processed and synchronized by the pivot
- C . Is configured using cpconfig
- D . Is only relevant when using SecureXL
Fill in the blank Backup and restores can be accomplished through
- A . SmartUpdate, SmartBackup. or SmartConsole
- B . WebUI. CLI. or SmartUpdate
- C . CLI. SmartUpdate, or SmartBackup
- D . SmartConsole, WebUI. or CLI
In which scenario is it a valid option to transfer a license from one hardware device to another?
- A . From a 4400 Appliance to a 2200 Appliance
- B . From a 4400 Appliance to an HP Open Server
- C . From an IBM Open Server to an HP Open Server
- D . From an IBM Open Server to a 2200 Appliance
A
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolution details=&solutionid=sk56300
Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware?
- A . Anti-Bot
- B . None – both Anti-Virus and Anti-Bot are required for this
- C . Anti-Virus
- D . None – both URL Filtering and Anti-Virus are required for this.
C
Explanation:
Prevent Access to Malicious Websites –
The Antivirus Software Blade scans outbound URL requests and ensures users do not visit websites that are known to distribute malware.
Stop Incoming Malicious Files
Check Point Antivirus Software Blade prevents and stops threats such as malware, viruses, and Trojans from entering and infecting a network.
https://www.checkpoint.com/downloads/products/antivirus-datasheet.pdf
SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following
- A . Security Policy Management and Log Analysis
- B . Security Policy Management. Log Analysis. System Health Monitoring. Multi-Domain Security Management.
- C . Security Policy Management Log Analysis and System Health Monitoring
- D . Security Policy Management. Threat Prevention rules. System Health Monitoring and Multi-Domain Security Management.
To quickly review when Threat Prevention signatures were last updated, which Threat Tool would an administrator use?
- A . Protections
- B . IPS Protections
- C . Profiles
- D . ThreatWiki
DLP and Geo Policy are examples of what type of Policy?
- A . Inspection Policies
- B . Shared Policies
- C . Unified Policies
- D . Standard Policies
B
Explanation:
https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGen SecurityGateway_Guide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide/137006
Security Zones do no work with what type of defined rule?
- A . Application Control rule
- B . Manual NAT rule
- C . IPS bypass rule
- D . Firewall rule
B
Explanation:
https://community.checkpoint.com/t5/Management/Workaround-for-manual-NAT-when-security-zones-are-used/td-p/9915
In the Check Point Security Management Architecture, which component(s) can store logs?
- A . SmartConsole
- B . Security Management Server and Security Gateway
- C . Security Management Server
- D . SmartConsole and Security Management Server
Which command shows the installed licenses?
- A . cplic print
- B . print cplic
- C . fwlic print
- D . show licenses
Which of the following is considered to be the more secure and preferred VPN authentication method?
- A . Password
- B . Certificate
- C . MD5
- D . Pre-shared secret
Which of the following is used to enforce changes made to a Rule Base?
- A . Publish database
- B . Save changes
- C . Install policy
- D . Activate policy
For Automatic Hide NAT rules created by the administrator what is a TRUE statement?
- A . Source Port Address Translation (PAT) is enabled by default
- B . Automate NAT rules are supported for Network objects only.
- C . Automatic NAT rules are supported for Host objects only.
- D . Source Port Address Translation (PAT) is disabled by default
Which path below is available only when CoreXL is enabled?
- A . Slow path
- B . Firewall path
- C . Medium path
- D . Accelerated path