SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
What are the different command sources that allow you to communicate with the API server?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
Which method below is NOT one of the ways to communicate using the Management API’s?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
Where you can see and search records of action done by R81 SmartConsole administrators?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?
You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?
What kind of information would you expect to see when using the "sim affinity -I" command?
Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
What order should be used when upgrading a Management High Availability Cluster?
What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?
What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?
Packet acceleration (SecureXL) identities connections by several attributes. Which of the attributes is NOT used for identifying connection?
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
Which Check Point software blade provides protection from zero-day and undiscovered threats?
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
In the R81 SmartConsole, on which tab are Permissions and Administrators defined?
Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?
Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .
An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Which command shows the current connections distributed by CoreXL FW instances?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
: 156
VPN Link Selection will perform the following when the primary VPN link goes down?
You want to store the GAIA configuration in a file for later reference. What command should you use?
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Can multiple administrators connect to a Security Management Server at the same time?
For Management High Availability, which of the following is NOT a valid synchronization status?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
John detected high load on sync interface. Which is most recommended solution?
John is using Management HA. Which Smartcenter should be connected to for making changes?
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.20 SmartConsole application?
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Which Check Point software blade provides Application Security and identity control?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
Which file gives you a list of all security servers in use, including port number?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)