You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways
What are the Threat Prevention software components available on the Check Point Security Gateway?
What is the minimum number of CPU cores required to enable CoreXL?
What is the purpose of the command "ps aux | grep twd"?
What is a possible command to delete all of the SSH connections of a gateway?
What are valid authentication methods for mutual authenticating the VPN gateways?
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
What is the best sync method in the ClusterXL deployment?
Which of the following is NOT an attribute of packet acceleration?
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command "cpconfig'' to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances "Primary & Secondary" Which configuration option does she need to look for:
Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:
Kurt is planning to upgrade his Security Management Server to R81.X. What is the lowest supported version of the Security Management he can upgrade from?
What is the purpose of Captive Portal?
Which command will reset the kernel debug options to default settings?
What does the Log "Views" tab show when SmartEvent is Correlating events?
Which one is not a valid Package Option In the Web GUI for CPUSE?
What are the services used for Cluster Synchronization?
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?
Alice & Bob are concurrently logged In via SSH on the same Check Point Security Gateway as user "admin* however Bob was first logged in and acquired the lock Alice Is not aware that Bob is also togged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAlAclish command is true for overriding Bobs configuration database lock:
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .
What are the two ClusterXL Deployment options?
The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to “None”?
Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?
What are possible Automatic Reactions in SmartEvent?
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
The installation of a package via SmartConsole CANNOT be applied on
What is the recommended way to have a redundant Sync connection between the cluster nodes?
After verifying that API Server is not running, how can you start the API Server?
Fill in the blank: __________ information is included in “Full Log” tracking option, but is not included in “Log” tracking option?
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
Fill in the blank: Authentication rules are defined for ________ .
What is NOT a Cluster Mode?
What ports are used for SmartConsole to connect to the Security Management Server?
How would you enable VMAC Mode in ClusterXL?
SmartEvent uses it's event policy to identify events. How can this be customized?
You are the administrator for ABC Corp. You have logged into your R81 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
What does this mean?
Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?
Which two Cluster Solutions are available under R81.20?
What is the main objective when using Application Control?
To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax?
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily (asks the API services from Check Point fof the Management API. Firstly she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
For Management High Availability, which of the following is NOT a valid synchronization status?
John detected high load on sync interface. Which is most recommended solution?
What is the purpose of extended master key extension/session hash?
Which of the following links will take you to the SmartView web application?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
Using ClusterXL, what statement is true about the Sticky Decision Function?
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
: 131
Which command is used to display status information for various components?
Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?
You need to see which hotfixes are installed on your gateway, which command would you use?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
Which directory below contains log files?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?
Which GUI client is supported in R81?
SandBlast appliances can be deployed in the following modes:
What is the difference between SSL VPN and IPSec VPN?
Which of the following is NOT a type of Check Point API available in R81.x?
What component of R81 Management is used for indexing?
What is the command to check the status of the SmartEvent Correlation Unit?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
Automation and Orchestration differ in that:
What is considered Hybrid Emulation Mode?
What is the purpose of Priority Delta in VRRP?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
The Correlation Unit performs all but the following actions:
How often does Threat Emulation download packages by default?
Which of the following is NOT a component of Check Point Capsule?
Which one of the following is true about Threat Extraction?
What is the most recommended way to install patches and hotfixes?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
Which of the following describes how Threat Extraction functions?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
Which command gives us a perspective of the number of kernel tables?
What is the main difference between Threat Extraction and Threat Emulation?
Under which file is the proxy arp configuration stored?
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
Which Check Point daemon monitors the other daemons?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
You want to store the GAIA configuration in a file for later reference. What command should you use?
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
On what port does the CPM process run?
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
You can access the ThreatCloud Repository from:
SandBlast agent extends 0 day prevention to what part of the network?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
The SmartEvent R81 Web application for real-time event monitoring is called:
Which path below is available only when CoreXL is enabled?
What are the methods of SandBlast Threat Emulation deployment?
Which Check Point feature enables application scanning and the detection?
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
What is the command to show SecureXL status?
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
What is not a purpose of the deployment of Check Point API?
Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)
What is true of the API server on R81.20?
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
What kind of information would you expect to see using the sim affinity command?
Which process handles connection from SmartConsole R81?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Which of the following commands shows the status of processes?
Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
What will SmartEvent automatically define as events?
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
NO: 219
What cloud-based SandBlast Mobile application is used to register new devices and users?
What are the types of Software Containers?
Check Point security components are divided into the following components:
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
What command would show the API server status?
What is the order of NAT priorities?
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
With SecureXL enabled, accelerated packets will pass through the following:
In the Firewall chain mode FFF refers to:
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
Which is NOT a SmartEvent component?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
R81.20 management server can manage gateways with which versions installed?
Which of these statements describes the Check Point ThreatCloud?
Which command would disable a Cluster Member permanently?
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Which command collects diagnostic data for analyzing customer setup remotely?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
Which statement is correct about the Sticky Decision Function?
How many images are included with Check Point TE appliance in Recommended Mode?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
What is the difference between an event and a log?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Which is NOT an example of a Check Point API?
Which statement is NOT TRUE about Delta synchronization?
Session unique identifiers are passed to the web api using which http header option?
If you needed the Multicast MAC address of a cluster, what command would you run?
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
How can SmartView application accessed?
Which packet info is ignored with Session Rate Acceleration?
Which of the SecureXL templates are enabled by default on Security Gateway?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
Which command lists all tables in Gaia?
Advanced Security Checkups can be easily conducted within:
Where you can see and search records of action done by R81 SmartConsole administrators?
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
CoreXL is supported when one of the following features is enabled:
Which command can you use to verify the number of active concurrent connections?
Which statement is true regarding redundancy?
On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
What SmartEvent component creates events?
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
In R81, how do you manage your Mobile Access Policy?
What is not a component of Check Point SandBlast?