What state is the Management HA in when both members have different policies/databases?
- A . Synchronized
- B . Never been synchronized
- C . Lagging
- D . Collision
D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/
html_frameset.htm?topic=documents/R77/CP_R77_SecurityManagement_WebAdminGuide/98838
Which of the following is NOT a component of Check Point Capsule?
- A . Capsule Docs
- B . Capsule Cloud
- C . Capsule Enterprise
- D . Capsule Workspace
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
- A . Pentagon
- B . Combined
- C . Meshed
- D . Star
How many interfaces can you configure to use the Multi-Queue feature?
- A . 10 interfaces
- B . 3 interfaces
- C . 4 interfaces
- D . 5 interfaces
Which firewall daemon is responsible for the FW CLI commands?
- A . fwd
- B . fwm
- C . cpm
- D . cpd
According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
- A . Firewall
- B . VPN
- C . IPS
- D . HTTPS
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
- A . All Connections (Clear or Encrypted)
- B . Accept all encrypted traffic
- C . Specific VPN Communities
- D . All Site-to-Site VPN Communities
Which is the correct order of a log flow processed by SmartEvent components?
- A . Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
- B . Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
- C . Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
- D . Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
What is the base level encryption key used by Capsule Docs?
- A . RSA 2048
- B . RSA 1024
- C . SHA-256
- D . AES
Which SmartConsole tab is used to monitor network and security performance?
- A . Manage Setting
- B . Security Policies
- C . Gateway and Servers
- D . Logs and Monitor
What traffic does the Anti-bot feature block?
- A . Command and Control traffic from hosts that have been identified as infected
- B . Command and Control traffic to servers with reputation for hosting malware
- C . Network traffic that is directed to unknown or malicious servers
- D . Network traffic to hosts that have been identified as infected
Matt wants to upgrade his old Security Management server to R80.x using the Advanced Upgrade with Database Migration .
What is one of the requirements for a successful upgrade?
- A . Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
- B . Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
- C . Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine
- D . Size of the /var/log folder of the target machine must be at least 25GB or more
B
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/
html_frameset.htm?topic=documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/90083
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
- A . Kerberos SSO which will be working for Active Directory integration
- B . Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user.
- C . Obligatory usage of Captive Portal.
- D . The ports 443 or 80 what will be used by Browser-Based and configured Authentication.
Which of the following is NOT a valid type of SecureXL template?
- A . Accept Template
- B . Deny template
- C . Drop Template
- D . NAT Template
CoreXL is NOT supported when one of the following features is enabled: (Choose three)
- A . Route-based VPN
- B . IPS
- C . IPv6
- D . Overlapping NAT
A,C,D
Explanation:
CoreXL does not support Check Point Suite with these features:
✑ Check Point QoS (Quality of Service) ✑ Route-based VPN
✑ IPv6 on IPSO ✑ Overlapping NAT
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731 .htm
Which of the following is NOT an alert option?
- A . SNMP
- B . High alert
- C . Mail
- D . User defined alert
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
- A . SmartCenter Server cannot reach this Security Gateway.
- B . There is a blade reporting a problem.
- C . VPN software blade is reporting a malfunction.
- D . Security Gateway’s MGNT NIC card is disconnected.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
- A . TCP port 19009
- B . TCP Port 18190
- C . TCP Port 18191
- D . TCP Port 18209
How can SmartView application accessed?
- A . http://<Security Management IP Address>/smartview
- B . http://<Security Management IP Address>:4434/smartview/
- C . https://<Security Management IP Address>/smartview/
- D . https://<Security Management host name>:4434/smartview/
What is the SandBlast Agent designed to do?
- A . Performs OS-level sandboxing for SandBlast Cloud architecture
- B . Ensure the Check Point SandBlast services is running on the end user’s system
- C . If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
- D . Clean up email sent with malicious attachments
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a
response before the peer host is declared ‘down’, you would set the_________?
- A . life sign polling interval
- B . life sign timeout
- C . life_sign_polling_interval
- D . life_sign_timeout
D
Explanation:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm ?topic=documents/R77/CP_R77_VPN_AdminGuide/14018
How many images are included with Check Point TE appliance in Recommended Mode?
- A . 2(OS) images
- B . images are chosen by administrator during installation
- C . as many as licensed for
- D . the most new image
The Firewall kernel is replicated multiple times, therefore:
- A . The Firewall kernel only touches the packet if the connection is accelerated
- B . The Firewall can run different policies per core
- C . The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
- D . The Firewall can run the same policy on all cores.
D
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process
traffic through the same interfaces and apply the same security policy.
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log .
Which of the following options can you add to each Log, Detailed Log and Extended Log?
- A . Accounting
- B . Suppression
- C . Accounting/Suppression
- D . Accounting/Extended
Which blades and or features are not supported in R80?
- A . SmartEvent Maps
- B . SmartEvent
- C . Identity Awareness
- D . SmartConsole Toolbars
View the rule below .
What does the lock-symbol in the left column mean? (Choose the BEST answer.)
- A . The current administrator has read-only permissions to Threat Prevention Policy.
- B . Another user has locked the rule for editing.
- C . Configuration lock is present. Click the lock symbol to gain read-write access.
- D . The current administrator is logged in as read-only because someone else is editing the policy.
B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users .
Which action is not supported in UserCheck objects?
- A . Ask
- B . Drop
- C . Inform
- D . Reject
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
- A . Detects and blocks malware by correlating multiple detection engines before users are affected.
- B . Configure rules to limit the available network bandwidth for specified users or groups.
- C . Use UserCheck to help users understand that certain websites are against the company’s security policy.
- D . Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
In R80 spoofing is defined as a method of:
- A . Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
- B . Hiding your firewall from unauthorized users.
- C . Detecting people using false or wrong authentication logins
- D . Making packets appear as if they come from an authorized IP address.
D
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Which Check Point software blade provides Application Security and identity control?
- A . Identity Awareness
- B . Data Loss Prevention
- C . URL Filtering
- D . Application Control
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
- A . ffff
- B . 1
- C . 3
- D . 2
How many policy layers do Access Control policy support?
- A . 2
- B . 4
- C . 1
- D . 3
A
Explanation:
Two policy layers:
– Network Policy Layer
– Application Control Policy Layer
By default, the R80 web API uses which content-type in its response?
- A . Java Script
- B . XML
- C . Text
- D . JSON
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
- A . assign privileges to users.
- B . edit the home directory of the user.
- C . add users to your Gaia system.
- D . assign user rights to their home directory in the Security Management Server.
You need to change the MAC-address on eth2 interface of the gateway .
What is the correct way to change MAC-address in Check Point Gaia?
- A . In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11
- B . In expert-mode run ifconfig eth1 hw 11:11:11:11 11 11
- C . In CLISH run set interface eth2 hw-addr 11 11 11:11:11 11
- D . In expert-mode run: ethtool -4 eth2 mac 11 11:11:11:11:11
What is the command used to activated Multi-Version Cluster mode?
- A . set cluster member mvc on in Clish
- B . set mvc on on Clish
- C . set cluster MVC on in Expert Mode
- D . set cluster mvc on in Expert Mode
You want to store the GAIA configuration in a file for later reference .
What command should you use?
- A . write mem <filename>
- B . show config Cf <filename>
- C . save config Co <filename>
- D . save configuration <filename>
Fill in the blank: __________ information is included in “Full Log” tracking option, but is not included in “Log” tracking option?
- A . Destination port
- B . Data type
- C . File attributes
- D . Application
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
- A . Includes the registry
- B . Gets information about the specified Virtual System
- C . Does not resolve network addresses
- D . Output excludes connection table
What information is NOT collected from a Security Gateway in a Cpinfo?
- A . Firewall logs
- B . Configuration and database files
- C . System message logs
- D . OS and network statistics
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
- A . 15 sec
- B . 60 sec
- C . 5 sec
- D . 30 sec
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
- A . Stateful Mode
- B . VPN Routing Mode
- C . Wire Mode
- D . Stateless Mode
C
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".
The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?
- A . field_name:string
- B . name field:string
- C . name_field:string
- D . field name:string
Which 3 types of tracking are available for Threat Prevention Policy?
- A . SMS Alert, Log, SNMP alert
- B . Syslog, None, User-defined scripts
- C . None, Log, Syslog
- D . Alert, SNMP trap, Mail
Which TCP-port does CPM process listen to?
- A . 18191
- B . 18190
- C . 8983
- D . 19009
Which is NOT an example of a Check Point API?
- A . Gateway API
- B . Management API
- C . OPSEC SDK
- D . Threat Prevention API
Joey want to configure NTP on R80 Security Management Server. He decided to do this via WebUI .
What is the correct address to access the Web UI for Gaia platform via browser?
- A . https://<Device_IP_Adress>
- B . http://<Device IP_Address>:443
- C . https://<Device_IP_Address>:10000
- D . https://<Device_IP_Address>:4434
What solution is Multi-queue intended to provide?
- A . Improve the efficiency of traffic handling by SecureXL SNDs
- B . Reduce the confusion for traffic capturing in FW Monitor
- C . Improve the efficiency of CoreXL Kernel Instances
- D . Reduce the performance of network interfaces
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
- A . fw ctl Dyn_Dispatch on
- B . fw ctl Dyn_Dispatch enable
- C . fw ctl multik set_mode 4
- D . fw ctl multik set_mode 1
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
- A . By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
- B . By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
- C . By allowing traffic from websites that are known to run Antivirus Software on servers regularly
- D . By matching logs against ThreatCloud information about the reputation of the website
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
- A . Dynamic ID
- B . RADIUS
- C . Username and Password
- D . Certificate
Packet acceleration (SecureXL) identifies connections by several attributes- Which of the attributes is NOT used for identifying connection?
- A . Source Address
- B . Destination Address
- C . TCP Acknowledgment Number
- D . Source Port
C
Explanation:
https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information .
What is the MOST likely reason?
- A . Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
- B . Data Awareness is not enabled.
- C . Identity Awareness is not enabled.
- D . Logs are arriving from Pre-R80 gateways.
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
- A . ping, traceroute, netstat, and route
- B . ping, nslookup, Telnet, and route
- C . ping, whois, nslookup, and Telnet
- D . ping, traceroute, netstat, and nslookup
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
- A . cvpnd_restart
- B . cvpnd_restart
- C . cvpnd restart
- D . cvpnrestart
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
- A . That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.
- B . Fill Layer4 VPN CSSL VPN that gives users network access to all mobile applications.
- C . Full Layer3 VPN CIPSec VPN that gives users network access to all mobile applications.
- D . You can make sure that documents are sent to the intended recipients only.
Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R80.X The Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server Aaron wants to confirm API services are working properly .
What should he do first?
- A . Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".
- B . Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"
- C . Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"
- D . Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
- A . Secure Internal Communication (SIC)
- B . Restart Daemons if they fail
- C . Transfers messages between Firewall processes
- D . Pulls application monitoring status
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.
- A . Accept; redirect
- B . Accept; drop
- C . Redirect; drop
- D . Drop; accept
Post-Automatic/Manual NAT rules
- A . 1, 2, 3, 4
- B . 1, 4, 2, 3
- C . 3, 1, 2, 4
- D . 4, 3, 1, 2
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
- A . fw ctl sdstat
- B . fw ctl affinity Cl Ca Cr Cv
- C . fw ctl multik stat
- D . cpinfo
What is not a purpose of the deployment of Check Point API?
- A . Execute an automated script to perform common tasks
- B . Create a customized GUI Client for manipulating the objects database
- C . Create products that use and enhance the Check Point solution
- D . Integrate Check Point products with 3rd party solution
What is the default size of NAT table fwx_alloc?
- A . 20000
- B . 35000
- C . 25000
- D . 10000
How would you enable VMAC Mode in ClusterXL?
- A . Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
- B . fw ctl set int vmac_mode 1
- C . cphaconf vmac_mode set 1
- D . Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
A
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk50840
In what way are SSL VPN and IPSec VPN different?
- A . SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
- B . SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
- C . IPSec VPN does not support two factor authentication, SSL VPN does support this
- D . IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
Which statement is correct about the Sticky Decision Function?
- A . It is not supported with either the Performance pack of a hardware based accelerator card
- B . Does not support SPI’s when configured for Load Sharing
- C . It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
- D . It is not required L2TP traffic
What is true about the IPS-Blade?
- A . In R80, IPS is managed by the Threat Prevention Policy
- B . In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
- C . In R80, IPS Exceptions cannot be attached to “all rules”
- D . In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Session unique identifiers are passed to the web api using which http header option?
- A . X-chkp-sid
- B . Accept-Charset
- C . Proxy-Authorization
- D . Application
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
- A . Application Control
- B . Threat Emulation
- C . Anti-Virus
- D . Advanced Networking Blade
Which of these is an implicit MEP option?
- A . Primary-backup
- B . Source address based
- C . Round robin
- D . Load Sharing
What SmartEvent component creates events?
- A . Consolidation Policy
- B . Correlation Unit
- C . SmartEvent Policy
- D . SmartEvent GUI
Which one of the following is true about Threat Emulation?
- A . Takes less than a second to complete
- B . Works on MS Office and PDF files only
- C . Always delivers a file
- D . Takes minutes to complete (less than 3 minutes)
SandBlast agent extends 0 day prevention to what part of the network?
- A . Web Browsers and user devices
- B . DMZ server
- C . Cloud
- D . Email servers
After verifying that API Server is not running, how can you start the API Server?
- A . Run command "set api start" in CLISH mode
- B . Run command "mgmt__cli set api start" in Expert mode
- C . Run command "mgmt api start" in CLISH mode
- D . Run command "api start" in Expert mode
While using the Gaia CLI. what is the correct command to publish changes to the management server?
- A . json publish
- B . mgmt publish
- C . mgmt_cli commit
- D . commit
Which Remote Access Client does not provide an Office-Mode Address?
- A . SecuRemote
- B . Endpoint Security Suite
- C . Endpoint Security VPN
- D . Check Point Mobile
Check Point security components are divided into the following components:
- A . GUI Client, Security Gateway, WebUI Interface
- B . GUI Client, Security Management, Security Gateway
- C . Security Gateway, WebUI Interface, Consolidated Security Logs
- D . Security Management, Security Gateway, Consolidate Security Logs
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
- A . The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
- B . Limits the upload and download throughput for streaming media in the company to 1 Gbps.
- C . Time object to a rule to make the rule active only during specified times.
- D . Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
What processes does CPM control?
- A . Object-Store, Database changes, CPM Process and web-services
- B . web-services, CPMI process, DLEserver, CPM process
- C . DLEServer, Object-Store, CP Process and database changes
- D . web_services, dle_server and object_Store
Which of the following is NOT a VPN routing option available in a star community?
- A . To satellites through center only.
- B . To center, or through the center to other satellites, to Internet and other VPN targets.
- C . To center and to other satellites through center.
- D . To center only.
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
- A . host name myHost12 ip-address 10.50.23.90
- B . mgmt: add host name ip-address 10.50.23.90
- C . add host name emailserver1 ip-address 10.50.23.90
- D . mgmt: add host name emailserver1 ip-address 10.50.23.90
Which is NOT a SmartEvent component?
- A . SmartEvent Server
- B . Correlation Unit
- C . Log Consolidator
- D . Log Server
Where do you create and modify the Mobile Access policy in R80?
- A . SmartConsole
- B . SmartMonitor
- C . SmartEndpoint
- D . SmartDashboard
What will be the effect of running the following command on the Security Management Server?
- A . Remove the installed Security Policy.
- B . Remove the local ACL lists.
- C . No effect.
- D . Reset SIC on all gateways.
When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events .
What is this setting called and what are you defining?
- A . Network, and defining your Class A space
- B . Topology, and you are defining the Internal network
- C . Internal addresses you are defining the gateways
- D . Internal network(s) you are defining your networks
You have existing dbedit scripts from R77. Can you use them with R80.10?
- A . dbedit is not supported in R80.10
- B . dbedit is fully supported in R80.10
- C . You can use dbedit to modify threat prevention or access policies, but not create or modify layers
- D . dbedit scripts are being replaced by mgmt_cli in R80.10
To optimize Rule Base efficiency, the most hit rules should be where?
- A . Removed from the Rule Base.
- B . Towards the middle of the Rule Base.
- C . Towards the top of the Rule Base.
- D . Towards the bottom of the Rule Base.
In which formats can Threat Emulation forensics reports be viewed in?
- A . TXT, XML and CSV
- B . PDF and TXT
- C . PDF, HTML, and XML
- D . PDF and HTML
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
- A . 6 GB
- B . 8GB with Gaia in 64-bit mode
- C . 4 GB
- D . It depends on the number of software blades enabled
Which software blade does NOT accompany the Threat Prevention policy?
- A . Anti-virus
- B . IPS
- C . Threat Emulation
- D . Application Control and URL Filtering
Which of the following is NOT a type of Endpoint Identity Agent?
- A . Terminal
- B . Light
- C . Full
- D . Custom
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
- A . Inspect/Bypass
- B . Inspect/Prevent
- C . Prevent/Bypass
- D . Detect/Bypass
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire mode configuration, chain modules marked with _______ will not apply.
- A . ffffffff
- B . 00000001
- C . 00000002
- D . 00000003
What command can you use to have cpinfo display all installed hotfixes?
- A . cpinfo -hf
- B . cpinfo Cy all
- C . cpinfo Cget hf
- D . cpinfo installed_jumbo
Which NAT rules are prioritized first?
- A . Post-Automatic/Manual NAT rules
- B . Manual/Pre-Automatic NAT
- C . Automatic Hide NAT
- D . Automatic Static NAT
What is not a component of Check Point SandBlast?
- A . Threat Emulation
- B . Threat Simulator
- C . Threat Extraction
- D . Threat Cloud
What destination versions are supported for a Multi-Version Cluster Upgrade?
- A . R80.40 and later
- B . R76 and later
- C . R70 and Later
- D . R80.10 and Later
There are 4 ways to use the Management API for creating host object with R80 Management API .
Which one is NOT correct?
- A . Using Web Services
- B . Using Mgmt_cli tool
- C . Using CLISH
- D . Using SmartConsole GUI console
- E . Events are collected with SmartWorkflow from Trouble Ticket systems
You have pushed policy to GW-3 and now cannot pass traffic through the gateway.
As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?
- A . fw unloadlocal
- B . fw unloadpolicy
- C . fwm unload local
- D . fwm unload policy