Special Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

156-215.81 Questions and Answers

Question # 6

When an encrypted packet is decrypted, where does this happen?

A.

Security policy

B.

Inbound chain

C.

Outbound chain

D.

Decryption is not supported

Full Access
Question # 7

A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?

A.

In the system SMEM memory pool.

B.

In State tables.

C.

In the Sessions table.

D.

In a CSV file on the firewall hard drive located in $FWDIR/conf/.

Full Access
Question # 8

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?

A.

The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

B.

Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.

C.

The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.

D.

Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Full Access
Question # 9

The SIC Status “Unknown” means

A.

There is connection between the gateway and Security Management Server but it is not trusted.

B.

The secure communication is established.

C.

There is no connection between the gateway and Security Management Server.

D.

The Security Management Server can contact the gateway, but cannot establish SIC.

Full Access
Question # 10

The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?

A.

Cannot reach the Security Gateway.

B.

The gateway and all its Software Blades are working properly.

C.

At least one Software Blade has a minor issue, but the gateway works.

D.

Cannot make SIC between the Security Management Server and the Security Gateway

Full Access
Question # 11

If an administrator wants to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network what is the best way to accomplish this?

A.

Create an inline layer where the destination is the target network resource Define sub-rules allowing only specific sources to access the target resource

B.

Use a "New Legacy User at Location", specifying the LDAP user group that the users belong to, at the desired location

C.

Create a rule allowing only specific source IP addresses access to the target network resource.

D.

Create an Access Role object, with specific users or user groups specified, and specific networks defined Use this access role as the "Source" of an Access Control rule

Full Access
Question # 12

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?

A.

SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.

B.

The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.

C.

The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters.

D.

The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.

Full Access
Question # 13

Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A.

Gateway and Servers

B.

Logs and Monitor

C.

Manage Seeting

D.

Security Policies

Full Access
Question # 14

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?

A.

The URL and server certificate are sent to the Check Point Online Web Service

B.

The full URL, including page data, is sent to the Check Point Online Web Service

C.

The host part of the URL is sent to the Check Point Online Web Service

D.

The URL and IP address are sent to the Check Point Online Web Service

Full Access
Question # 15

Which of the following commands is used to monitor cluster members in CLI?

A.

show cluster state

B.

show active cluster

C.

show clusters

D.

show running cluster

Full Access
Question # 16

What is the main difference between Static NAT and Hide NAT?

A.

Static NAT only allows incoming connections to protect your network.

B.

Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.

C.

Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections.

D.

Hide NAT only allows incoming connections to protect your network.

Full Access
Question # 17

Core Protections are installed as part of what Policy?

A.

Access Control Policy.

B.

Desktop Firewall Policy

C.

Mobile Access Policy.

D.

Threat Prevention Policy.

Full Access
Question # 18

Which statement is NOT TRUE about Delta synchronization?

A.

Using UDP Multicast or Broadcast on port 8161

B.

Using UDP Multicast or Broadcast on port 8116

C.

Quicker than Full sync

D.

Transfers changes in the Kernel tables between cluster members

Full Access
Question # 19

John is the administrator of a R80 Security Management server managing r R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators, and to save the database before installing a policy, what must John do?

A.

Logout of the session

B.

File > Save

C.

Install database

D.

Publish the session

Full Access
Question # 20

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

A.

The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.

B.

Licensed Check Point products for the Gala operating system and the Gaia operating system itself.

C.

The CPUSE engine and the Gaia operating system.

D.

The Gaia operating system only.

Full Access
Question # 21

Fill in the blank RADIUS Accounting gets_____data from requests generated by the accounting client

A.

Location

B.

Payload

C.

Destination

D.

Identity

Full Access
Question # 22

What kind of NAT enables Source Port Address Translation by default?

A.

Automatic Static NAT

B.

Manual Hide NAT

C.

Automatic Hide NAT

D.

Manual Static NAT

Full Access
Question # 23

Which of the following cannot be configured in an Access Role Object?

A.

Networks

B.

Users

C.

Time

D.

Machines

Full Access
Question # 24

Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security Management Server?

A.

Save Policy

B.

Install Database

C.

Save session

D.

Install Policy

Full Access
Question # 25

What is the purpose of a Stealth Rule?

A.

A rule used to hide a server's IP address from the outside world.

B.

A rule that allows administrators to access SmartDashboard from any device.

C.

To drop any traffic destined for the firewall that is not otherwise explicitly allowed.

D.

A rule at the end of your policy to drop any traffic that is not explicitly allowed.

Full Access
Question # 26

What is NOT an advantage of Stateful Inspection?

A.

High Performance

B.

Good Security

C.

No Screening above Network layer

D.

Transparency

Full Access
Question # 27

In the Check Point Security Management Architecture, which component(s) can store logs?

A.

SmartConsole

B.

Security Management Server and Security Gateway

C.

Security Management Server

D.

SmartConsole and Security Management Server

Full Access
Question # 28

What two ordered layers make up the Access Control Policy Layer?

A.

URL Filtering and Network

B.

Network and Threat Prevention

C.

Application Control and URL Filtering

D.

Network and Application Control

Full Access
Question # 29

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

    Route-based— The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTls. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

A.

Domain-based— VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

B.

Domain-based— VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

C.

Domain-based— VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

Full Access
Question # 30

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?

A.

Manual NAT can offer more flexibility than Automatic NAT.

B.

Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.

C.

Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.

D.

Automatic NAT can offer more flexibility than Manual NAT.

Full Access
Question # 31

You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

A.

Identity Awareness is not enabled.

B.

Log Trimming is enabled.

C.

Logging has disk space issues

D.

Content Awareness is not enabled.

Full Access
Question # 32

Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login into Gaia is also correct.

What is the most likely reason?

A.

Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.

B.

Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.

C.

SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.

D.

Authentication failed because Vanessa’s username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.

Full Access
Question # 33

Which default Gaia user has full read/write access?

A.

admin

B.

superuser

C.

monitor

D.

altuser

Full Access
Question # 34

How do you manage Gaia?

A.

Through CLI and WebUI

B.

Through CLI only

C.

Through SmartDashboard only

D.

Through CLI, WebUI, and SmartDashboard

Full Access
Question # 35

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is _____.

A.

Stored on the Security Management Server.

B.

Stored on the Certificate Revocation List.

C.

Sent to the Internal Certificate Authority.

D.

Sent to the Security Administrator.

Full Access
Question # 36

What are valid authentication methods for mutual authenticating the VPN gateways?

A.

Pre-shared Secret and PKI Certificates

B.

PKI Certificates and Kerberos Tickets

C.

Pre-Shared Secrets and Kerberos Ticket

D.

PKI Certificates and DynamiciD OTP

Full Access
Question # 37

Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

A.

On all satellite gateway to satellite gateway tunnels

B.

On specific tunnels for specific gateways

C.

On specific tunnels in the community

D.

On specific satellite gateway to central gateway tunnels

Full Access
Question # 38

Which of the following is NOT a valid configuration screen of an Access Role Object?

A.

Users

B.

Networks

C.

Time

D.

Machines

Full Access
Question # 39

Fill in the blanks: Gaia can be configured using _______ the ________.

A.

Command line interface; WebUI

B.

Gaia Interface; GaiaUI

C.

WebUI; Gaia Interface

D.

GaiaUI; command line interface

Full Access
Question # 40

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

A.

Firewall

B.

Application Control

C.

Anti-spam and Email Security

D.

Anti-Virus

Full Access
Question # 41

What are the three deployment options available for a security gateway?

A.

Standalone, Distributed, and Bridge Mode

B.

Bridge Mode, Remote, and Standalone

C.

Remote, Standalone, and Distributed

D.

Distributed, Bridge Mode, and Remote

Full Access
Question # 42

Fill in the blank: It is Best Practice to have a _____ rule at the end of each policy layer.

A.

Explicit Drop

B.

Implied Drop

C.

Explicit Cleanup

D.

Implicit Drop

Full Access
Question # 43

Is it possible to have more than one administrator connected to a Security Management Server at once?

A.

Yes, but only if all connected administrators connect with read-only permissions.

B.

Yes, but objects edited by one administrator will be locked for editing by others until the session is published.

C.

No, only one administrator at a time can connect to a Security Management Server

D.

Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.

Full Access
Question # 44

What is the default shell for the command line interface?

A.

Clish

B.

Admin

C.

Normal

D.

Expert

Full Access
Question # 45

Which information is included in the “Extended Log” tracking option, but is not included in the “Log” tracking option?

A.

file attributes

B.

application information

C.

destination port

D.

data type information

Full Access
Question # 46

When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

A.

Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.

B.

The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.

C.

The entire Management Database and all sessions and other administrators can connect only as Read-only.

D.

Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Full Access
Question # 47

Why is a Central License the preferred and recommended method of licensing?

A.

Central Licensing is actually not supported with Gaia.

B.

Central Licensing is the only option when deploying Gaia

C.

Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.

D.

Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Full Access
Question # 48

A SAM rule Is implemented to provide what function or benefit?

A.

Allow security audits.

B.

Handle traffic as defined in the policy.

C.

Monitor sequence activity.

D.

Block suspicious activity.

Full Access
Question # 49

Which statement describes what Identity Sharing is in Identity Awareness?

A.

Management servers can acquire and share identities with Security Gateways

B.

Users can share identities with other users

C.

Security Gateways can acquire and share identities with other Security Gateways

D.

Administrators can share identifies with other administrators

Full Access
Question # 50

Where can administrator edit a list of trusted SmartConsole clients?

A.

cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.

B.

In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

C.

WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.

D.

Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

Full Access
Question # 51

What are the software components used by Autonomous Threat Prevention Profiles in R8I.20 and higher?

A.

Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, JPS, File and URL Reputation

B.

IPS, Threat Emulation and Threat Extraction

C.

Sandbox, ThreatCloud, Sanitization, C&C Protection, IPS

D.

IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction

Full Access
Question # 52

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

A.

Anti-Bot protection

B.

Anti-Malware protection

C.

Policy-based routing

D.

Suspicious Activity Monitoring (SAM) rules

Full Access
Question # 53

Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.

A.

SHA-256

B.

SHA-200

C.

MD5

D.

SHA-128

Full Access
Question # 54

Fill in the blank: A(n)_____rule is created by an administrator and configured to allow or block traffic based on specified criteria.

A.

Inline

B.

Explicit

C.

Implicit drop

D.

Implicit accept

Full Access
Question # 55

Which of the following is NOT an option to calculate the traffic direction?

A.

Incoming

B.

Internal

C.

External

D.

Outgoing

Full Access
Question # 56

What is the best sync method in the ClusterXL deployment?

A.

Use 1 cluster + 1st sync

B.

Use 1 dedicated sync interface

C.

Use 3 clusters + 1st sync + 2nd sync + 3rd sync

D.

Use 2 clusters + 1st sync + 2nd sync

Full Access
Question # 57

When dealing with policy layers, what two layer types can be utilized?

A.

Inbound Layers and Outbound Layers

B.

Ordered Layers and Inline Layers

C.

Structured Layers and Overlap Layers

D.

R81.X does not support Layers.

Full Access
Question # 58

What command from the CLI would be used to view current licensing?

A.

license view

B.

fw ctl tab -t license -s

C.

show license -s

D.

cplic print

Full Access
Question # 59

What key is used to save the current CPView page in a filename format cpview_“cpview process ID”. cap”number of captures”?

A.

S

B.

W

C.

C

D.

Space bar

Full Access
Question # 60

Security Zones do no work with what type of defined rule?

A.

Application Control rule

B.

Manual NAT rule

C.

IPS bypass rule

D.

Firewall rule

Full Access
Question # 61

Which two of these Check Point Protocols are used by ?

A.

ELA and CPD

B.

FWD and LEA

C.

FWD and CPLOG

D.

ELA and CPLOG

Full Access
Question # 62

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

A.

Formal

B.

Central

C.

Corporate

D.

Local

Full Access
Question # 63

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

A.

True, every administrator works on a different database that Is independent of the other administrators

B.

False, this feature has to be enabled in the Global Properties.

C.

True, every administrator works in a session that is independent of the other administrators

D.

False, only one administrator can login with write permission

Full Access
Question # 64

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________.

A.

Captive Portal and Transparent Kerberos Authentication

B.

UserCheck

C.

User Directory

D.

Captive Portal

Full Access
Question # 65

Choose what BEST describes the reason why querying logs now are very fast.

A.

The amount of logs being stored is less than previous versions.

B.

New Smart-1 appliances double the physical memory install.

C.

Indexing Engine indexes logs for faster search results.

D.

SmartConsole now queries results directly from the Security Gateway.

Full Access
Question # 66

Which of the following is NOT a tracking log option in R80.x?

A.

Log

B.

Full Log

C.

Detailed Log

D.

Extended Log

Full Access
Question # 67

You had setup the VPN Community NPN-Stores' with 3 gateways. There are some issues with one remote gateway(l .1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

A.

action:”Key Install" AND 1.1.1.1 AND Quick Mode

B.

Blade:”VPN”AND VPN-Stores AND Main Mode

C.

action:”Key Install” AND 1.1.1.1 AND Main Mode

D.

Blade:”VPN”AND VPN-Stores AND Quick Mode

Full Access
Question # 68

Which tool allows you to monitor the top bandwidth on smart console?

A.

Logs & Monitoring

B.

Smart Event

C.

Gateways & Severs Tab

D.

SmartView Monitor

Full Access
Question # 69

What are the types of Software Containers?

A.

Smart Console, Security Management, and Security Gateway

B.

Security Management, Security Gateway, and Endpoint Security

C.

Security Management, Log & Monitoring, and Security Policy

D.

Security Management, Standalone, and Security Gateway

Full Access
Question # 70

The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits even if the Track option is set to “None”?

A.

No, it will not work independently. Hit Count will be shown only for rules with Track options set as Log or alert

B.

Yes, it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway

C.

No, it will not work independently because hit count requires all rules to be logged

D.

Yes, it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways

Full Access
Question # 71

With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis?

A.

The complete communication is sent for inspection.

B.

The IP address of the source machine.

C.

The end user credentials.

D.

The host portion of the URL.

Full Access
Question # 72

When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?

A.

Log, send snmp trap, email

B.

Drop packet, alert, none

C.

Log, alert, none

D.

Log, allow packets, email

Full Access
Question # 73

Which policy type is used to enforce bandwidth and traffic control rules?

A.

Access Control

B.

Threat Emulation

C.

Threat Prevention

D.

QoS

Full Access
Question # 74

Identity Awareness lets an administrator easily configure network access and auditing based on three items Choose the correct statement.

A.

Network location, the identity of a user and the active directory membership.

B.

Network location, the identity of a user and the identity of a machine.

C.

Network location, the telephone number of a user and the UID of a machine

D.

Geographical location, the identity of a user and the identity of a machine

Full Access
Question # 75

The SmartEvent R80 Web application for real-time event monitoring is called:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Full Access
Question # 76

Which of the following is NOT a component of a Distinguished Name?

A.

Common Name

B.

Country

C.

User container

D.

Organizational Unit

Full Access
Question # 77

Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?

A.

IPS blade

B.

IPSEC VPN Blade

C.

Identity Awareness Blade

D.

Firewall Blade

Full Access
Question # 78

Which part of SmartConsole allows administrators to add, edit delete, and clone objects?

A.

Object Browser

B.

Object Editor

C.

Object Navigator

D.

Object Explorer

Full Access
Question # 79

Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

A.

Formal; corporate

B.

Local; formal

C.

Local; central

D.

Central; local

Full Access
Question # 80

Name the authentication method that requires token authenticator.

A.

SecureID

B.

Radius

C.

DynamicID

D.

TACACS

Full Access
Question # 81

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

A.

Stateful Inspection offers unlimited connections because of virtual memory usage.

B.

Stateful Inspection offers no benefits over Packet Filtering.

C.

Stateful Inspection does not use memory to record the protocol used by the connection.

D.

Only one rule is required for each connection.

Full Access
Question # 82

When defining group-based access in an LDAP environment with Identity Awareness, what is the BEST object type to represent an LDAP group in a Security Policy?

A.

Access Role

B.

User Group

C.

SmartDirectory Group

D.

Group Template

Full Access
Question # 83

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?

A.

"Inspect", "Bypass"

B.

"Inspect", "Bypass", "Categorize"

C.

"Inspect", "Bypass", "Block"

D.

"Detect", "Bypass"

Full Access
Question # 84

The ______ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

A.

Next Generation Threat Prevention

B.

Next Generation Threat Emulation

C.

Next Generation Threat Extraction

D.

Next Generation Firewall

Full Access
Question # 85

Fill in the blank: Authentication rules are defined for ____________.

A.

User groups

B.

Users using UserCheck

C.

Individual users

D.

All users in the database

Full Access
Question # 86

Fill in the blanks: Gaia can be configured using the ____ or ____

A.

GaiaUI; command line interface (serial console only)

B.

Gaia Interface; Gaia Ultimate Shell

C.

Command line interface; GAiA Portal

D.

Web Ultimate Interface; Gaia Interface (SSH)

Full Access
Question # 87

Can you use the same layer in multiple policies or rulebases?

A.

Yes - a layer can be shared with multiple policies and rules.

B.

No - each layer must be unique.

C.

No - layers cannot be shared or reused, but an identical one can be created.

D.

Yes - but it must be copied and pasted with a different name.

Full Access
Question # 88

Fill in the blanks: A Security Policy is created in_____, stored in the_____ and Distributed to the various

A.

Rule base. Security Management Server Security Gateways

B.

The Check Point database. SmartConsole, Security Gateways

C.

SmartConsole, Security Gateway, Security Management Servers

D.

SmartConsole, Security Management Server, Security Gateways

Full Access
Question # 89

Which two Identity Awareness commands are used to support identity sharing?

A.

Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

B.

Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)

C.

Policy Manipulation Point (PMP) and Policy Activation Point (PAP)

D.

Policy Activation Point (PAP) and Policy Decision Point (PDP)

Full Access
Question # 90

Which encryption algorithm is the least secured?

A.

3DES

B.

AES-128

C.

DES

D.

AES-256

Full Access
Question # 91

Which application is used for the central management and deployment of licenses and packages?

A.

SmartProvisioning

B.

SmartLicense

C.

SmartUpdate

D.

Deployment Agent

Full Access
Question # 92

Which of the following is NOT a method used by Identity Awareness for acquiring identity?

A.

Remote Access

B.

Cloud IdP (Identity Provider)

C.

Active Directory Query

D.

RADIUS

Full Access
Question # 93

Which type of Check Point license ties the package license to the IP address of the Security Management Server?

A.

Central

B.

Corporate

C.

Local

D.

Formal

Full Access
Question # 94

When using Automatic Hide NAT, what is enabled by default?

A.

Source Port Address Translation (PAT)

B.

Static NAT

C.

Static Route

D.

HTTPS Inspection

Full Access
Question # 95

The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

A.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with any UID and assign role to the user.

B.

Add tcpdump to CLISH using add command.Create a new access role.Add tcpdump to the role.Create new user with UID 0 and assign role to the user.

C.

Create a new access role.Add expert-mode access to the role.Create new user with UID 0 and assign role to the user.

D.

Create a new access role.Add expert-mode access to the role.Create new user with any UID and assign role to the user.

Full Access
Question # 96

What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?

A.

Automatic Licensing and Verification tool

B.

Verification licensing

C.

Verification tool

D.

Automatic licensing

Full Access
Question # 97

Which of the following licenses are considered temporary?

A.

Plug-and-play (Trial) and Evaluation

B.

Perpetual and Trial

C.

Evaluation and Subscription

D.

Subscription and Perpetual

Full Access
Question # 98

Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

What is the possible explanation for this?

A.

DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.

B.

Another administrator is logged into the Management and currently editing the DNS Rule.

C.

DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.

D.

This is normal behavior in R80 when there are duplicate rules in the Rule Base.

Full Access
Question # 99

Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

A.

All options stop Check Point processes

B.

backup

C.

migrate export

D.

snapshot

Full Access
Question # 100

Which command shows detailed information about VPN tunnels?

A.

cat $FWDlR/conf/vpn.conf

B.

vpn tu tlist

C.

vpn tu

D.

cpview

Full Access
Question # 101

Check Point licenses come in two forms. What are those forms?

A.

Central and Local.

B.

Access Control and Threat Prevention.

C.

On-premise and Public Cloud.

D.

Security Gateway and Security Management.

Full Access
Question # 102

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?

A.

src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop

B.

src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop

C.

192.168.1.1 AND 172.26.1.1 AND drop

D.

192.168.1.1 OR 172.26.1.1 AND action:Drop

Full Access
Question # 103

CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings.

The following Threat Prevention Profile has been created.

How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

A.

Set High Confidence to Low and Low Confidence to Inactive.

B.

Set the Performance Impact to Medium or lower.

C.

The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.

D.

Set the Performance Impact to Very Low Confidence to Prevent.

Full Access
Question # 104

Which back up method uses the command line to create an image of the OS?

A.

System backup

B.

Save Configuration

C.

Migrate

D.

snapshot

Full Access
Question # 105

When enabling tracking on a rule, what is the default option?

A.

Accounting Log

B.

Extended Log

C.

Log

D.

Detailed Log

Full Access
Question # 106

Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.

A.

SecurID

B.

LDAP

C.

NT domain

D.

SMTP

Full Access
Question # 107

Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

A.

AD Query

B.

Terminal Servers Endpoint Identity Agent

C.

Endpoint Identity Agent and Browser-Based Authentication

D.

RADIUS and Account Logon

Full Access
Question # 108

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

A.

True, CLI is the prefer method for Licensing

B.

False, Central License are handled via Security Management Server

C.

False, Central License are installed via Gaia on Security Gateways

D.

True, Central License can be installed with CPLIC command on a Security Gateway

Full Access
Question # 109

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?

A.

Display policies and logs on the administrator's workstation.

B.

Processing and sending alerts such as SNMP traps and email notifications.

C.

Verify and compile Security Policies.

D.

Store firewall logs to hard drive storage.

Full Access
Question # 110

What default layers are included when creating a new policy layer?

A.

Application Control, URL Filtering and Threat Prevention

B.

Access Control, Threat Prevention and HTTPS Inspection

C.

Firewall, Application Control and IPSec VPN

D.

Firewall, Application Control and IPS

Full Access
Question # 111

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A.

SmartDashboard

B.

SmartEvent

C.

SmartView Monitor

D.

SmartUpdate

Full Access
Question # 112

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?

A.

Section titles are not sent to the gateway side.

B.

These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.

C.

A Sectional Title can be used to disable multiple rules by disabling only the sectional title.

D.

Sectional Titles do not need to be created in the SmartConsole.

Full Access
Question # 113

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

A.

Different computers or appliances.

B.

The same computer or appliance.

C.

Both on virtual machines or both on appliances but not mixed.

D.

In Azure and AWS cloud environments.

Full Access
Question # 114

Which of the following is used to enforce changes made to a Rule Base?

A.

Publish database

B.

Save changes

C.

Install policy

D.

Activate policy

Full Access
Question # 115

Identity Awareness allows easy configuration for network access and auditing based on what three items?

A.

Client machine IP address.

B.

Network location, the identity of a user and the identity of a machine.

C.

Log server IP address.

D.

Gateway proxy IP address.

Full Access
Question # 116

Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

A.

The firewall topologies

B.

NAT Rules

C.

The Rule Base

D.

The VPN Domains

Full Access
Question # 117

Fill in the blank: To create policy for traffic to or from a particular location, use the _____________.

A.

DLP shared policy

B.

Geo policy shared policy

C.

Mobile Access software blade

D.

HTTPS inspection

Full Access
Question # 118

Which Check Point supported authentication scheme typically requires a user to possess a token?

A.

RADIUS

B.

Check Point password

C.

TACACS

D.

SecurlD

Full Access
Question # 119

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

A.

SmartManager

B.

SmartConsole

C.

Security Gateway

D.

Security Management Server

Full Access
Question # 120

Please choose correct command syntax to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

A.

hostname myHost12 ip-address 10.50.23.90

B.

mgmt add host name ip-address 10.50.23.90

C.

add host name emailserver1 ip-address 10.50.23.90

D.

mgmt add host name emailserver1 ip-address 10.50.23.90

Full Access
Question # 121

Using R80 Smart Console, what does a “pencil icon” in a rule mean?

A.

I have changed this rule

B.

Someone else has changed this rule

C.

This rule is managed by check point’s SOC

D.

This rule can’t be changed as it’s an implied rule

Full Access
Question # 122

Which one of the following is the preferred licensing model? Select the BEST answer

A.

Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.

B.

Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.

C.

Central licensing because it ties the package license to the MAC-address of the Security Management Server's Mgmt-interface and has no dependency

on the gateway.

D.

Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server

dependency.

Full Access
Question # 123

Which statement is TRUE of anti-spoofing?

A.

Anti-spoofing is not needed when IPS software blade is enabled

B.

It is more secure to create anti-spoofing groups manually

C.

It is BEST Practice to have anti-spoofing groups in sync with the routing table

D.

With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change

Full Access