New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Checkpoint 156-315.81 Check Point Certified Security Expert R81.20 Exam Practice Test

Page: 1 / 63
Total 628 questions

Check Point Certified Security Expert R81.20 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Options:

A.

cphaprob –f register

B.

cphaprob –d –s report

C.

cpstat –f all

D.

cphaprob –a list

Question 2

Which of the following describes how Threat Extraction functions?

Options:

A.

Detect threats and provides a detailed report of discovered threats.

B.

Proactively detects threats.

C.

Delivers file with original content.

D.

Delivers PDF versions of original files with active content removed.

Question 3

Which one of the following is true about Threat Extraction?

Options:

A.

Always delivers a file to user

B.

Works on all MS Office, Executables, and PDF files

C.

Can take up to 3 minutes to complete

D.

Delivers file only if no threats found

Question 4

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Question 5

What is the most recommended way to install patches and hotfixes?

Options:

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Question 6

What is a best practice before starting to troubleshoot using the “fw monitor” tool?

Options:

A.

Run the command: fw monitor debug on

B.

Clear the connections table

C.

Disable CoreXL

D.

Disable SecureXL

Question 7

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.

Options:

A.

ffff

B.

1

C.

2

D.

3

Question 8

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Question 9

Where do you create and modify the Mobile Access policy in R81?

Options:

A.

SmartConsole

B.

SmartMonitor

C.

SmartEndpoint

D.

SmartDashboard

Question 10

Security Checkup Summary can be easily conducted within:

Options:

A.

Summary

B.

Views

C.

Reports

D.

Checkups

Question 11

When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?

Options:

A.

IP

B.

SIC

C.

NAT

D.

FQDN

Question 12

What is the port used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI port 18191/TCP

B.

CPM port/TCP port 19009

C.

SIC port 18191/TCP

D.

https port 4434/TCP

Question 13

What is the name of the secure application for Mail/Calendar for mobile devices?

Options:

A.

Capsule Workspace

B.

Capsule Mail

C.

Capsule VPN

D.

Secure Workspace

Question 14

Traffic from source 192.168.1.1 is going to The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

Options:

A.

Slow Path

B.

Medium Path

C.

Fast Path

D.

Accelerated Path

Question 15

To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Options:

A.

Accept Template

B.

Deny Template

C.

Drop Template

D.

NAT Template

Question 16

What is considered Hybrid Emulation Mode?

Options:

A.

Manual configuration of file types on emulation location.

B.

Load sharing of emulation between an on premise appliance and the cloud.

C.

Load sharing between OS behavior and CPU Level emulation.

D.

High availability between the local SandBlast appliance and the cloud.

Question 17

What is mandatory for ClusterXL to work properly?

Options:

A.

The number of cores must be the same on every participating cluster node

B.

The Magic MAC number must be unique per cluster node

C.

The Sync interface must not have an IP address configured

D.

If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members

Question 18

Which of these is an implicit MEP option?

Options:

A.

Primary-backup

B.

Source address based

C.

Round robin

D.

Load Sharing

Question 19

When an encrypted packet is decrypted, where does this happen?

Options:

A.

Security policy

B.

Inbound chain

C.

Outbound chain

D.

Decryption is not supported

Question 20

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Question 21

What is the main difference between Threat Extraction and Threat Emulation?

Options:

A.

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.

Threat Extraction always delivers a file and takes less than a second to complete.

C.

Threat Emulation never delivers a file that takes less than a second to complete.

D.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Question 22

What are the blades of Threat Prevention?

Options:

A.

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.

IPS, AntiVirus, AntiBot

D.

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Question 23

Which GUI client is supported in R81?

Options:

A.

SmartProvisioning

B.

SmartView Tracker

C.

SmartView Monitor

D.

SmartLog

Question 24

Which command shows detailed information about VPN tunnels?

Options:

A.

cat $FWDIR/conf/vpn.conf

B.

vpn tu tlist

C.

vpn tu

D.

cpview

Question 25

What component of R81 Management is used for indexing?

Options:

A.

DBSync

B.

API Server

C.

fwm

D.

SOLR

Question 26

Which of the following links will take you to the SmartView web application?

Options:

A.

https:// /smartviewweb/

B.

https:// /smartview/

C.

https:// smartviewweb

D.

https:// /smartview

Question 27

SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Options:

A.

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

B.

Correlates all the identified threats with the consolidation policy.

C.

Collects syslog data from third party devices and saves them to the database.

D.

Connects with the SmartEvent Client when generating threat reports.

Question 28

Which Check Point daemon monitors the other daemons?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

fwssd

Question 29

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Question 30

How often does Threat Emulation download packages by default?

Options:

A.

Once a week

B.

Once an hour

C.

Twice per day

D.

Once per day

Question 31

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

Options:

A.

Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B.

Install appliance TE250X in standalone mode and setup MTA.

C.

You can utilize only Check Point Cloud Services for this scenario.

D.

It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Question 32

NO: 180

What command can you use to have cpinfo display all installed hotfixes?

Options:

A.

cpinfo -hf

B.

cpinfo –y all

C.

cpinfo –get hf

D.

cpinfo installed_jumbo

Question 33

The Correlation Unit performs all but the following actions:

Options:

A.

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

B.

Generates an event based on the Event policy.

C.

Assigns a severity level to the event.

D.

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Question 34

What information is NOT collected from a Security Gateway in a Cpinfo?

Options:

A.

Firewall logs

B.

Configuration and database files

C.

System message logs

D.

OS and network statistics

Question 35

Which of the following is NOT a type of Check Point API available in R81.x?

Options:

A.

Identity Awareness Web Services

B.

OPSEC SDK

C.

Mobile Access

D.

Management

Question 36

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Options:

A.

cvpnd_restart

B.

cvpnd_restart

C.

cvpnd restart

D.

cvpnrestart

Question 37

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

Options:

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Question 38

What is the command to see cluster status in cli expert mode?

Options:

A.

fw ctl stat

B.

clusterXL stat

C.

clusterXL status

D.

cphaprob stat

Question 39

What is the purpose of a SmartEvent Correlation Unit?

Options:

A.

The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

B.

The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C.

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

D.

The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Question 40

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Question 41

The following command is used to verify the CPUSE version:

Options:

A.

HostName:0>show installer status build

B.

[Expert@HostName:0]#show installer status

C.

[Expert@HostName:0]#show installer status build

D.

HostName:0>show installer build

Question 42

You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

Options:

A.

TCP port 443

B.

TCP port 257

C.

TCP port 256

D.

UDP port 8116

Question 43

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Question 44

When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

Options:

A.

Any size

B.

Less than 20GB

C.

More than 10GB and less than 20GB

D.

At least 20GB

Question 45

Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.20 SmartConsole application?

Options:

A.

IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

B.

Firewall, IPS, Threat Emulation, Application Control.

C.

IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.

D.

Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

Question 46

Which command gives us a perspective of the number of kernel tables?

Options:

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Question 47

Which directory below contains log files?

Options:

A.

/opt/CPSmartlog-R81/log

B.

/opt/CPshrd-R81/log

C.

/opt/CPsuite-R81/fw1/log

D.

/opt/CPsuite-R81/log

Question 48

What are the two ClusterXL Deployment options?

Options:

A.

Distributed and Full High Availability

B.

Broadcast and Multicast Mode

C.

Distributed and Standalone

D.

Unicast and Multicast Mode

Question 49

SmartEvent uses it's event policy to identify events. How can this be customized?

Options:

A.

By modifying the firewall rulebase

B.

By creating event candidates

C.

By matching logs against exclusions

D.

By matching logs against event rules

Question 50

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services.

Options:

A.

DASSERVICE

B.

FWD

C.

CPVIEWD

D.

CPD

Question 51

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?

Options:

A.

test_connectivity_ad –d

B.

test_ldap_connectivity –d

C.

test_ad_connectivity –d

D.

ad_connectivity_test –d

Question 52

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Question 53

How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?

Options:

A.

By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

B.

By dropping traffic that is not proven to be from clean websites in the URL Filtering blade

C.

By allowing traffic from websites that are known to run Antivirus Software on servers regularly

D.

By matching logs against ThreatCloud information about the reputation of the website

Question 54

What is false regarding prerequisites for the Central Deployment usage?

Options:

A.

The administrator must have write permission on SmartUpdate

B.

Security Gateway must have the latest CPUSE Deployment Agent

C.

No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

D.

The Security Gateway must have a policy installed

Question 55

When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application?

Options:

A.

Basic Approach

B.

Strong Approach

C.

Very Advanced Approach

D.

Medium Approach

Question 56

Which of the following is NOT a component of a Distinguished Name?

Options:

A.

Common Name

B.

Country

C.

User container

D.

Organizational Unit

Question 57

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

Options:

A.

show interface eth0 mq

B.

ethtool A eth0

C.

ifconfig -i eth0 verbose

D.

ip show Int eth0

Question 58

When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?

Options:

A.

Network, and defining your Class A space

B.

Topology, and you are defining the Internal network

C.

Internal addresses you are defining the gateways

D.

Internal network(s) you are defining your networks

Question 59

View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

Options:

A.

The current administrator has read-only permissions to Threat Prevention Policy.

B.

Another user has locked the rule for editing.

C.

Configuration lock is present. Click the lock symbol to gain read-write access.

D.

The current administrator is logged in as read-only because someone else is editing the policy.

Question 60

Which command is used to add users to or from existing roles?

Options:

A.

Add rba user roles

B.

Add rba user

C.

Add user roles

D.

Add user

Question 61

What are valid authentication methods for mutual authenticating the VPN gateways?

Options:

A.

PKI Certificates and Kerberos Tickets

B.

PKI Certificates and DynamicID OTP

C.

Pre-Shared Secrets and Kerberos Ticket

D.

Pre-shared Secret and PKI Certificates

Question 62

What kind of information would you expect to see when using the "sim affinity -I" command?

Options:

A.

Overview over SecureXL templated connections

B.

The VMACs used in a Security Gateway cluster

C.

Affinity Distribution

D.

The involved firewall kernel modules in inbound and outbound packet chain

Question 63

SandBlast agent extends 0-day prevention to what part of the network?

Options:

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Question 64

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;

Options:

A.

FWD

B.

CPD

C.

FWM

D.

RAD

Question 65

Which of the following is NOT an attribute of packet acceleration?

Options:

A.

Source address

B.

Protocol

C.

Destination port

D.

VLAN Tag

Question 66

An established connection is going to The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?

Options:

A.

Slow Path

B.

Fast Path

C.

Medium Path

D.

Accelerated Path

Question 67

The “MAC magic” value must be modified under the following condition:

Options:

A.

There is more than one cluster connected to the same VLAN

B.

A firewall cluster is configured to use Multicast for CCP traffic

C.

There are more than two members in a firewall cluster

D.

A firewall cluster is configured to use Broadcast for CCP traffic

Question 68

Which command collects diagnostic data for analyzing a customer setup remotely?

Options:

A.

cpv

B.

cpinfo

C.

migrate export

D.

sysinfo

Question 69

What ports are used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI (18190)

B.

ICA_Pull (18210), CPMI (18190) https (443)

C.

CPM (19009), CPMI (18190) https (443)

D.

CPM (19009), CPMI (18190) CPD (18191)

Question 70

Which software blade does NOT accompany the Threat Prevention policy?

Options:

A.

Anti-virus

B.

IPS

C.

Threat Emulation

D.

Application Control and URL Filtering

Question 71

At what point is the Internal Certificate Authority (ICA) created?

Options:

A.

Upon creation of a certificate.

B.

During the primary Security Management Server installation process.

C.

When an administrator decides to create one.

D.

When an administrator initially logs into SmartConsole.

Question 72

You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?

Options:

A.

set interface eth2 mac-addr 11:11:11:11:11:11; CLISH

B.

ifconfig eth1 hw 11:11:11:11:11:11; expert

C.

set interface eth2 hw-addr 11:11:11:11:11:11; CLISH

D.

ethtool -i eth2 mac 11:11:11:11:11:11; expert

Question 73

What are the two modes for SNX (SSL Network Extender)?

Options:

A.

Network Mode and Application Mode

B.

Visitor Mode and Office Mode

C.

Network Mode and Hub Mode

D.

Office Mode and Hub Mode

Question 74

You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?

Options:

A.

fw unloadlocal

B.

fw unloadpolicy

C.

fwm unload local

D.

fwm unload policy

Question 75

Which command is used to obtain the configuration lock in Gaia?

Options:

A.

Lock database override

B.

Unlock database override

C.

Unlock database lock

D.

Lock database user

Question 76

What two ordered layers make up the Access Control Policy Layer?

Options:

A.

URL Filtering and Network

B.

Network and Threat Prevention

C.

Application Control and URL Filtering

D.

Network and Application Control

Question 77

In which scenario will an administrator need to manually define Proxy ARP?

Options:

A.

When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

B.

When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

C.

When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

D.

When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall’s interfaces.

Question 78

What is the correct Syntax for adding an access-rule via R80 API?

Options:

A.

add access-rule layer "Network" action "Allow"

B.

add access-rule layer "Network" position 1 name "Rule 1" service. 1 "SMTP" service.2 "hup"

C.

add access-rule and follow the wizard

D.

add rule position 1 name "Rule 1" policy-package "Standard" add service "http"

Question 79

Why would an administrator see the message below?

Options:

A.

A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.

B.

A new Policy Package created on the Management is going to be installed to the existing Gateway.

C.

A new Policy Package created on the Gateway is going to be installed on the existing Management.

D.

A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Question 80

Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?

Options:

A.

Aaron should check API Server status with "fwm api status" from Expert mode If services are stopped, he should start them with "fwm api start".

B.

Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi start"

C.

Aaron should check API Server status with "api status" from Expert mode If services are stopped, he should start them with "api start"

D.

Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api start".

Question 81

In which deployment is the security management server and Security Gateway installed on the same appliance?

Options:

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Question 82

How can you switch the active log file?

Options:

A.

Run fw logswitch on the gateway

B.

Run fwm logswitch on the Management Server

C.

Run fwm logswitch on the gateway

D.

Run fw logswitch on the Management Server

Question 83

An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

Options:

A.

AD Query

B.

Terminal Servers Agent

C.

Identity Agents

D.

Browser-Based Authentication

Question 84

What are the two high availability modes?

Options:

A.

Load Sharing and Legacy

B.

Traditional and New

C.

Active and Standby

D.

New and Legacy

Question 85

You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it?

Options:

A.

A Quantum Spark Appliance is selected as Installation Target for the policy packet.

B.

The Mobile Access Blade is not enabled for the Access Control Layer of the policy.

C.

The Mobile Access Policy Source under Gateway properties Is set to Legacy Policy and not to Unified Access Policy.

D.

The Mobile Access Blade is not enabled under Gateway properties.

Question 86

Which Mobile Access Solution is clientless?

Options:

A.

Mobile Access Portal

B.

Checkpoint Mobile

C.

Endpoint Security Suite

D.

SecuRemote

Question 87

You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.

Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

Options:

A.

IPS AND Application Control

B.

IPS, anti-virus and anti-bot

C.

IPS, anti-virus and e-mail security

D.

SandBlast

Question 88

What is the recommended way to have a redundant Sync connection between the cluster nodes?

Options:

A.

In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces

without using a switch.

B.

Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync

interface.

C.

In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to

connect both Sync interfaces.

D.

Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways &

Servers -> select Cluster Properties / Network Management.

Question 89

Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.

Options:

A.

Better understand the behavior of the Access Control Policy

B.

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

C.

Automatically rearrange Access Control Policy based on Hit Count Analysis

D.

Analyze a Rule Base - You can delete rules that have no matching connections

Question 90

In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a

response before the peer host is declared ‘down’, you would set the_________?

Options:

A.

life sign polling interval

B.

life sign timeout

C.

life_sign_polling_interval

D.

life_sign_timeout

Question 91

Matt wants to upgrade his old Security Management server to R81.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?

Options:

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Question 92

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

Options:

A.

Application Control

B.

Threat Emulation

C.

Anti-Virus

D.

Advanced Networking Blade

Question 93

After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?

Options:

A.

“write memory” was not issued on clish

B.

changes are only possible via SmartConsole

C.

“save config” was not issued in expert mode

D.

“save config” was not issued on clish

Question 94

Which 3 types of tracking are available for Threat Prevention Policy?

Options:

A.

SMS Alert, Log, SNMP alert

B.

Syslog, None, User-defined scripts

C.

None, Log, Syslog

D.

Alert, SNMP trap, Mail

Question 95

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

Options:

A.

50%

B.

75%

C.

80%

D.

15%

Question 96

Where you can see and search records of action done by R81 SmartConsole administrators?

Options:

A.

In SmartView Tracker, open active log

B.

In the Logs & Monitor view, select “Open Audit Log View”

C.

In SmartAuditLog View

D.

In Smartlog, all logs

Question 97

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Question 98

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

Options:

A.

Management Dashboard

B.

Gateway

C.

Personal User Storage

D.

Behavior Risk Engine

Question 99

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

Options:

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Question 100

Which TCP-port does CPM process listen to?

Options:

A.

18191

B.

18190

C.

8983

D.

19009

Question 101

Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

Options:

A.

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B.

One machine

C.

Two machines

D.

Three machines

Question 102

What Factor preclude Secure XL Templating?

Options:

A.

Source Port Ranges/Encrypted Connections

B.

IPS

C.

ClusterXL in load sharing Mode

D.

CoreXL

Question 103

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:

Options:

A.

Allow GUI Client and management server to communicate via TCP Port 19001

B.

Allow GUI Client and management server to communicate via TCP Port 18191

C.

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Question 104

Which command can you use to verify the number of active concurrent connections?

Options:

A.

fw conn all

B.

fw ctl pstat

C.

show all connections

D.

show connections

Question 105

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Options:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Question 106

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

Options:

A.

TCP port 19009

B.

TCP Port 18190

C.

TCP Port 18191

D.

TCP Port 18209

Question 107

Which command collects diagnostic data for analyzing customer setup remotely?

Options:

A.

cpinfo

B.

migrate export

C.

sysinfo

D.

cpview

Question 108

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Options:

A.

Big l

B.

Little o

C.

Little i

D.

Big O

Question 109

Session unique identifiers are passed to the web api using which http header option?

Options:

A.

X-chkp-sid

B.

Accept-Charset

C.

Proxy-Authorization

D.

Application

Question 110

Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

Options:

A.

infoCP

B.

infoview

C.

cpinfo

D.

fw cpinfo

Question 111

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Options:

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Question 112

Which command shows actual allowed connections in state table?

Options:

A.

fw tab –t StateTable

B.

fw tab –t connections

C.

fw tab –t connection

D.

fw tab connections

Question 113

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

Options:

A.

Application and Client Service

B.

Network and Application

C.

Network and Layers

D.

Virtual Adapter and Mobile App

Question 114

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Question 115

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Options:

A.

Symmetric routing

B.

Failovers

C.

Asymmetric routing

D.

Anti-Spoofing

Question 116

Which of these statements describes the Check Point ThreatCloud?

Options:

A.

Blocks or limits usage of web applications

B.

Prevents or controls access to web sites based on category

C.

Prevents Cloud vulnerability exploits

D.

A worldwide collaborative security network

Question 117

Which view is NOT a valid CPVIEW view?

Options:

A.

IDA

B.

RAD

C.

PDP

D.

VPN

Question 118

What are the different command sources that allow you to communicate with the API server?

Options:

A.

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.

API_cli Tool, Gaia CLI, Web Services

Question 119

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Question 120

What is the difference between an event and a log?

Options:

A.

Events are generated at gateway according to Event Policy

B.

A log entry becomes an event when it matches any rule defined in Event Policy

C.

Events are collected with SmartWorkflow form Trouble Ticket systems

D.

Log and Events are synonyms

Question 121

fwssd is a child process of which of the following Check Point daemons?

Options:

A.

fwd

B.

cpwd

C.

fwm

D.

cpd

Question 122

What SmartEvent component creates events?

Options:

A.

Consolidation Policy

B.

Correlation Unit

C.

SmartEvent Policy

D.

SmartEvent GUI

Question 123

What is the least amount of CPU cores required to enable CoreXL?

Options:

A.

2

B.

1

C.

4

D.

6

Question 124

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

Options:

A.

UDP port 265

B.

TCP port 265

C.

UDP port 256

D.

TCP port 256

Question 125

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

Options:

A.

fw ctl sdstat

B.

fw ctl affinity –l –a –r –v

C.

fw ctl multik stat

D.

cpinfo

Question 126

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

Options:

A.

logd

B.

fwd

C.

fwm

D.

cpd

Question 127

What is not a component of Check Point SandBlast?

Options:

A.

Threat Emulation

B.

Threat Simulator

C.

Threat Extraction

D.

Threat Cloud

Question 128

The Firewall kernel is replicated multiple times, therefore:

Options:

A.

The Firewall kernel only touches the packet if the connection is accelerated

B.

The Firewall can run different policies per core

C.

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

D.

The Firewall can run the same policy on all cores.

Question 129

Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

Options:

A.

Dynamic ID

B.

RADIUS

C.

Username and Password

D.

Certificate

Question 130

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Options:

A.

add host name ip-address

B.

add hostname ip-address

C.

set host name ip-address

D.

set hostname ip-address

Question 131

NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

Options:

A.

1, 2, 3, 4

B.

1, 4, 2, 3

C.

3, 1, 2, 4

D.

4, 3, 1, 2

Question 132

Which packet info is ignored with Session Rate Acceleration?

Options:

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Question 133

Connections to the Check Point R81 Web API use what protocol?

Options:

A.

HTTPS

B.

RPC

C.

VPN

D.

SIC

Question 134

What happen when IPS profile is set in Detect Only Mode for troubleshooting?

Options:

A.

It will generate Geo-Protection traffic

B.

Automatically uploads debugging logs to Check Point Support Center

C.

It will not block malicious traffic

D.

Bypass licenses requirement for Geo-Protection control

Question 135

What is the limitation of employing Sticky Decision Function?

Options:

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Question 136

R81.20 management server can manage gateways with which versions installed?

Options:

A.

Versions R77 and higher

B.

Versions R76 and higher

C.

Versions R75.20 and higher

D.

Versions R75 and higher

Question 137

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.

SmartEvent Client Info

B.

SecuRemote

C.

Check Point Protect

D.

Check Point Capsule Cloud

Question 138

Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Options:

A.

Block Port Overflow

B.

Local Interface Spoofing

C.

Suspicious Activity Monitoring

D.

Adaptive Threat Prevention

Question 139

There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?

Options:

A.

Using Web Services

B.

Using Mgmt_cli tool

C.

Using CLISH

D.

Using SmartConsole GUI console

E.

Events are collected with SmartWorkflow from Trouble Ticket systems

Question 140

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Question 141

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

Options:

A.

SecureID

B.

SecurID

C.

Complexity

D.

TacAcs

Question 142

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

Options:

A.

20 minutes

B.

15 minutes

C.

Admin account cannot be unlocked automatically

D.

30 minutes at least

Question 143

What will be the effect of running the following command on the Security Management Server?

Options:

A.

Remove the installed Security Policy.

B.

Remove the local ACL lists.

C.

No effect.

D.

Reset SIC on all gateways.

Question 144

What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)

Options:

A.

SmartCenter Server cannot reach this Security Gateway.

B.

There is a blade reporting a problem.

C.

VPN software blade is reporting a malfunction.

D.

Security Gateway’s MGNT NIC card is disconnected.

Question 145

Which of the following is NOT a VPN routing option available in a star community?

Options:

A.

To satellites through center only.

B.

To center, or through the center to other satellites, to Internet and other VPN targets.

C.

To center and to other satellites through center.

D.

To center only.

Question 146

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

Options:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Question 147

What kind of information would you expect to see using the sim affinity command?

Options:

A.

The VMACs used in a Security Gateway cluster

B.

The involved firewall kernel modules in inbound and outbound packet chain

C.

Overview over SecureXL templated connections

D.

Network interfaces and core distribution used for CoreXL

Question 148

What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?

Options:

A.

Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

B.

Security Gateway failover as well as Security Management Server failover is a manual procedure.

C.

Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.

D.

Security Gateway failover as well as Security Management Server failover is an automatic procedure.

Question 149

What is the order of NAT priorities?

Options:

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Question 150

What command would show the API server status?

Options:

A.

cpm status

B.

api restart

C.

api status

D.

show api status

Question 151

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Question 152

Which NAT rules are prioritized first?

Options:

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Question 153

Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.

What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?

Options:

A.

Missing an installed R77.20 Add-on on Security Management Server

B.

Unsupported firmware on UTM-1 Edge-W appliance

C.

Unsupported version on UTM-1 570 series appliance

D.

Unsupported appliances on remote locations

Question 154

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Question 155

How many layers make up the TCP/IP model?

Options:

A.

2

B.

7

C.

6

D.

4

Question 156

You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

Options:

A.

edit fwaffinity.conf; reboot required

B.

cpconfig; reboot required

C.

edit fwaffinity.conf; reboot not required

D.

cpconfig; reboot not required

Question 157

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Options:

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Question 158

What CLI command compiles and installs a Security Policy on the target’s Security Gateways?

Options:

A.

fwm compile

B.

fwm load

C.

fwm fetch

D.

fwm install

Question 159

When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

Options:

A.

ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data

B.

ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments

C.

ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud

D.

ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

Question 160

What is the responsibility of SOLR process on R81.20 management server?

Options:

A.

Validating all data before it’s written into the database

B.

It generates indexes of data written to the database

C.

Communication between SmartConsole applications and the Security Management Server

D.

Writing all information into the database

Question 161

In the Firewall chain mode FFF refers to:

Options:

A.

Stateful Packets

B.

No Match

C.

All Packets

D.

Stateless Packets

Question 162

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Question 163

Which SmartConsole tab is used to monitor network and security performance?

Options:

A.

Manage Setting

B.

Security Policies

C.

Gateway and Servers

D.

Logs and Monitor

Question 164

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Options:

A.

Accounting

B.

Suppression

C.

Accounting/Suppression

D.

Accounting/Extended

Question 165

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Question 166

Which of the following commands shows the status of processes?

Options:

A.

cpwd_admin -l

B.

cpwd -l

C.

cpwd admin_list

D.

cpwd_admin list

Question 167

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

Options:

A.

Dropped without sending a negative acknowledgment

B.

Dropped without logs and without sending a negative acknowledgment

C.

Dropped with negative acknowledgment

D.

Dropped with logs and without sending a negative acknowledgment

Question 168

In ClusterXL Load Sharing Multicast Mode:

Options:

A.

only the primary member received packets sent to the cluster IP address

B.

only the secondary member receives packets sent to the cluster IP address

C.

packets sent to the cluster IP address are distributed equally between all members of the cluster

D.

every member of the cluster received all of the packets sent to the cluster IP address

Question 169

When using CPSTAT, what is the default port used by the AMON server?

Options:

A.

18191

B.

18192

C.

18194

D.

18190

Question 170

What must you do first if “fwm sic_reset” could not be completed?

Options:

A.

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.

Reset SIC from Smart Dashboard

D.

Change internal CA via cpconfig

Question 171

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?

Options:

A.

S

B.

W

C.

C

D.

Space bar

Question 172

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Question 173

Which application should you use to install a contract file?

Options:

A.

SmartView Monitor

B.

WebUI

C.

SmartUpdate

D.

SmartProvisioning

Question 174

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Question 175

The SmartEvent R81 Web application for real-time event monitoring is called:

Options:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Question 176

What are the types of Software Containers?

Options:

A.

Three; security management, Security Gateway, and endpoint security

B.

Three; Security Gateway, endpoint security, and gateway management

C.

Two; security management and endpoint security

D.

Two; endpoint security and Security Gateway

Question 177

Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.

Which of the following statements correctly identify each product's capabilities?

Options:

A.

Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only

B.

For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.

C.

For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.

D.

Workspace can support any application, whereas Connect has a limited number of application types which it will support.

Question 178

What is UserCheck?

Options:

A.

Messaging tool used to verify a user’s credentials.

B.

Communication tool used to inform a user about a website or application they are trying to access.

C.

Administrator tool used to monitor users on their network.

D.

Communication tool used to notify an administrator when a new user is created.

Question 179

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

Options:

A.

sim erdos –e 1

B.

sim erdos – m 1

C.

sim erdos –v 1

D.

sim erdos –x 1

Question 180

With SecureXL enabled, accelerated packets will pass through the following:

Options:

A.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B.

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C.

Network Interface Card and the Acceleration Device

D.

Network Interface Card, OSI Network Layer, and the Acceleration Device

Question 181

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Options:

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Question 182

How many policy layers do Access Control policy support?

Options:

A.

2

B.

4

C.

1

D.

3

Question 183

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Question 184

You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?

Options:

A.

migrate export

B.

upgrade_tools verify

C.

pre_upgrade_verifier

D.

migrate import

Question 185

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

Options:

A.

4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

B.

3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

C.

1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

D.

2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Question 186

Which is NOT a SmartEvent component?

Options:

A.

SmartEvent Server

B.

Correlation Unit

C.

Log Consolidator

D.

Log Server

Question 187

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

Options:

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Question 188

Which path below is available only when CoreXL is enabled?

Options:

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Page: 1 / 63
Total 628 questions