All R77 Security Servers can perform authentication with the exception of one. Which of the Security Servers can NOT perform authentication?
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current software level of each Enterprise class Security Gateway. You plan to take the opportunity to create a proposal outline, listing the most cost-effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
Which of the following is NOT an option for internal network definition of Anti-spoofing?
Match the following commands to their correct function. Each command has one function only listed.
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
Which of the following actions do NOT take place in IKE Phase 1?
Which of these attributes would be critical for a site-to-site VPN?
The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic method. How many times per day will CPUSE agent check for hotfixes and automatically download them?
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R77 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
Where does the security administrator activate Identity Awareness within SmartDashboard?
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
Which of the following is a hash algorithm?
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host. You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A digital signature:
Identify the API that is not supported by Check Point currently.
Review the rules. Assume domain UDP is enabled in the implied rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
Your boss wants you to closely monitor an employee suspected of transferring company secrets to the competition. The IT department discovered the suspect installed a WinSCP client in order to use encrypted communication. Which of the following methods is BEST to accomplish this task?
Which command is used to add users to or from existing roles?
Configuring Roles - CLI (rba)
Choose what BEST describes the Policy Layer Traffic Inspection.
Fill in the blanks: The _________ collects logs and sends them to the _________ .
With which command can you view the running configuration of Gaia-based system.
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
One for Security Management Server and the other one for the Security Gateway.
What does the “unknown” SIC status shown on SmartConsole mean?
The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway and the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established.
Which of the following is NOT a SecureXL traffic flow?
SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows:
Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL.
Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall.
Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path.
Which of the following statements is TRUE about R80 management plug-ins?
Fill in the blank: The __________ is used to obtain identification and security information about network users.
By default, which port does the WebUI listen on?
To configure Security Management Server on Gaia:
Packages and licenses are loaded from all of these sources EXCEPT
Packages and licenses are loaded into these repositories from several sources:
Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case.
In R80 spoofing is defined as a method of:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Which feature is NOT provided by all Check Point Mobile Access solutions?
Types of Solutions
All of Check Point's Remote Access solutions provide:
Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
SmartEvent correlates logs from all Check Point enforcement points, including end-points, to identify suspicious activity from the clutter. Rapid data analysis and custom event logs immediately alert administrators to anomalous behavior such as someone attempting to use the same credential in multiple geographies simultaneously.
In R80, Unified Policy is a combination of
D is the best answer given the choices.
In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades:
What is the default time length that Hit Count Data is kept?
Keep Hit Count data up to - Select one of the time range options. The default is 6 months. Data is kept in the Security Management Server database for this period and is shown in the Hits column.
Which type of the Check Point license ties the package license to the IP address of the Security Management Server?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
There are different deployment scenarios for Check Point software products.
Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?
Which policy type is used to enforce bandwidth and traffic control rules?
Check Point's QoS Solution
QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software.
Study the Rule base and Client Authentication Action properties screen.
After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup?
How many users can have read/write access in Gaia at one time?
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
Identity Awareness gets identities from these acquisition sources:
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?
To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?
Which of the following statements accurately describes the command snapshot?
If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?
Implied Rules are configured only on Global Properties.
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
Endpoint Identity Agents – dedicated client agents installed on users’ computers that acquire and report identities to the Security Gateway.
Fill in the blank: A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.
This is the order that rules are enforced:
Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______
Check Point User Directory integrates LDAP, and other external user management technologies, with the Check Point solution. If you have a large user count, we recommend that you use an external user management database such as LDAP for enhanced Security Management Server performance.
Look at the screenshot below. What CLISH command provides this output?
Choose what BEST describes users on Gaia Platform.
These users are created by default and cannot be deleted:
Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?
The enhanced Check Point Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from ThreatCloud™, the first collaborative network to fight cybercrime, to detect and block malware at the gateway before users are affected.
Where can administrator edit a list of trusted SmartConsole clients in R80?
Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.CheckPoint.com”, which is hosted on Web server with IP address 203.0.113.111. How many rules on Check Point Firewall are required for this connection?
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?
In which scenario is it a valid option to transfer a license from one hardware device to another?
Which Check Point software blade provides Application Security and identity control?
Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes.
Which of the following is an authentication method used for Identity Awareness?
The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
You want to verify if there are unsaved changes in GAiA that will be lost with a reboot. What command can be used?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?
Fill in the blank: An Endpoint identity agent uses a ___________ for user authentication.
What is the best sync method in the ClusterXL deployment?
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway
When using Monitored circuit VRRP, what is a priority delta?
You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?
What data MUST be supplied to the SmartConsole System Restore window to restore a backup?
Which of the following is NOT an identity source used for Identity Awareness?
What is the most recommended installation method for Check Point appliances?
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?