CCSA Flashcards
When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?
1. Security Gateway
2. Check Point user center
3. Security Management Server
4. SmartConsole installed device
Security Management Server
Which software blade does NOT accompany the Threat Prevention policy?
1. Anti-virus
2. IPS
3. Threat Emulation
4. Application Control and URL Filtering
Application Control and URL Filtering
Where can you trigger a failover of the cluster members?
1. Log in to Security Gateway CLI and run command clusterXL_admin down.
2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
3. Log into Security Gateway CLI and run command chphaprob down.
Is it:
1. 1,2 and 3
2. 2 and 3
3. 1 and 2
4. 1 and 3
1 and 2
Log in to Security Gateway CLI and run command clusterXL_admin down.
In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
Which of the following is NOT a valid configuration screen of an Access Role Object?
1. Users
2. Networks
3. Time
4. Machine
Time
What is NOT an advantage of Packet Filtering?
1. Low Security and No Screening above Network Layer
2. Application Independence
3. High Performance
4. Scalability
Low Security and No Screening above Network Layer
What is the Transport layer of the TCP/IP model responsible for?
1. It transports packets as datagrams along different routes to reach their destination.
2. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
3. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.
4. It deals with all aspects of the physical components of network connectivity and connects with the different network types.
It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
1. Pentagon
2. Combined
3. Meshed
4. Star
Star
What is the Implicit Clean-up Rule?
1. A setting that is defined in the Global Properties for all policies.
2. A setting that is configured per Policy Layer.
3. Another name for the Clean-up Rule.
4. Automatically created when the Clean-up Rule is defined.
A setting that is defined in the Global Properties for all policies.
A setting that is configured per Policy Layer.
Fill in the blank: (\_\_\_\_\_\_\_\_) information is included in “Full log” tracking option, but is not included in “Log” tracking option?
1. Destination port
2. Data Type
3. File attributes
4. Application
Data Type
What Check Point technologies deny or permit network traffic?
1. Application Control, DLP
2. Packet Filtering, Stateful Inspection, Application Layer Firewall
3. ACL, SandBlast, MPT
4. IPS, Mobile Threat Protection
Packet Filtering, Stateful Inspection, Application Layer Firewall
Fill in the blank: \_\_\_\_ software blade enables Application Security policies to allow, block, or limit website access on user, group, and machine identities.
1. Application Control
2. Data Awareness
3. URL Filtering
4. Threat Emulation
URL Filtering
What are the three conflict resolution rules in the Threat Prevention Policy Layers?
1. Conflict on action, conflict on exception, and conflict on settings
2. Conflict on scope, conflict on settings, and conflict on exception
3. conflict on settings, conflict on address, and conflict on exception
4. Conflict on action, conflict on destination, and conflict on settings
Conflict on action, conflict on exception, and conflict on settings
Packages and licenses are loaded from all of these sources EXCEPT
1. Download Center Web Site
2. UserUpdate
3. User Center
4. Check Point DVD
UserUpdate
The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits even if the Track option is set to “None”?
1. No, it will not work independently. Hit Count will be shown only for rules with Track option set as Log or alert.
2. Yes it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway.
3. No, it will not work independently because hit count requires all rules to be logged.
4. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.
Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.
How is communication between different Check Point components secured in R80? As with all questions, select the BEST answer.
- By using IPSEC.
- By using SIC.
- By using ICA.
- By using 3DES.
By using SIC
Which of the following is NOT a VPN routing option available in a star community?
1. To satellites through center only
2. To center, or through the center to other satellites, to internet and other VPN targets
3. To center and to other satellites through center
4. To center only
To satellites through center only
What is the default shell of Gaia CLI?
1. Monitor
2. CLI.sh
3. Read-only
4. Bash
CLI.sh
Which option would allow you to make a back up copy of the OS and Check Point configuration, without stopping Check Point processes?
1. All options stop Check Point processes.
2. backup
3. migrate export
4. snapshot
backup
Fill in the blank: RADIUS Accounting gets (____) data from requests generated by the accounting client
1. Destination
2. Identity
3. Payload
4. Location
Identity
Which of the following is NOT a type of Endpoint Identity Agent?
1. Terminal
2. Light
3. full
4. Custom
- Terminal
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shaded and cannot be enabled. Why does it not allow him to specify the pre-shared secret?
- IPsec VPN blade should be enabled on both Security Gateway.
- Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security gateway.
- Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
- The Security Gateways are pre-R75.40.
- Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
1. DLP
2. SSL Inspection
3. Application Control
4. URL Filtering
- DLP
Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the (____) algorithm.
1. SHA-256
2. SHA-200
3. MD5
4. SHA-128
1.SHA-256
Fill in the blank: The (____) feature allows administrators to share a policy with other policy packages.
1. Shared policy packages
2. Shared policies
3. Concurrent policy packages
4. Concurrent policies
- Shared policies
You are unabled to login to SmartDashboard. You log into the management server and run cpwd_admin list with the following output:
What reason could possibly BEST explain why you are unable to connect to SmartDashboard?
1. CPD id down
2. SVR is down
3. CPM is down
4. CPSM is down
3.CPM is down
What are the three types of UserCheck messages?
1. Inform, ask, and block
2. Block, action, and warn
3. Action, inform, and ask
4. Ask, block, and notify
- Inform, ask, and block
Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?
1. All Site-to-Site VPN Communities
2. Accept all encrypted traffic
3. All Connections (Clear or Encrypted)
4. Specific VPN Communities
- All Connections (Clear or Encrypted)
What command shows the configuration of the management server?
1. show configuration all
2. show confd configuration
3. show confd configuration all
4. show configuration
show configuration
Which authentication scheme requires a user to posses a token?
1. TACACS
2. SecureID
3. Check Point password
4. RADIUS
- SecureID
Your internal networks 10.1.1.0/24, 10.2.2.0/24 and 192.168.0.0/16 are behind the internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the correction working? Select the BEST answer.
1. Define an accept rule in Security Policy. Define Security Gateway to hide all internal networks behind the gateway’s external IP. Publish and install the policy.
2. Define an accept rule in Security Policy. Configure automatic NAT for each network to NAT the networks behind a public IP. Publish the policy.
3. Define an accept rule in Security Policy. Configure automatic NAT for each network to NAT the networks behind a public IP.
4. Define an accept rule in Security Policy. Define Security Gateway to hide all internal networks behind the gateway’s external IP. Publish the policy.
- Define an accept rule in Security Policy. Define Security Gateway to hide all internal networks behind the gateway’s external IP. Publish and install the policy.
Which of the following blades is NOT a subscription-based and therefore does not have to be renewed on a regular basis?
1. Application Control
2. Threat Emulation
3. Anti-Virus
4. Advanced Networking Blade
- Advanced Networking Blade
Fill in the blank: There are (\_\_\_\_\_\_\_\_\_) types of software containers: (\_\_\_\_\_\_\_\_).
1. Three, security management, Security Gateway, and endpoint security
2. Three, Security Gateway, endpoint security, and gateway management
3. Two, security management and endpoint security
4. Two, endpoint security and Security Gateway
- Three, security management, Security Gateway, and endpoint security
Fill in the blanks: Default port numbers for an LDAP server is (\_\_\_\_\_\_\_\_) for standard connections and (\_\_\_\_\_\_\_\_\_\_) SSL connections.
1. 675; 389
2. 389; 636
3. 636; 290
4. 290; 675
- 389; 636
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address?
1. High Availability
2. Load Sharing Multicast
3. Load Sharing Pivot
4. Master/Backup
- Load Sharing Multicast
Fill in the blanks: A Security Policy is created in (\_\_\_\_\_\_\_), stored in the (\_\_\_\_\_\_\_\_\_), and Distributed to the various (\_\_\_\_\_\_\_\_\_\_\_).
1. Rule base, Security Management Server, Security Gateways
2. SmartConsole, Security Gateway, Security Management Servers
3. SmartConsole, Security Management Server, Security Gateways
4. The Check Point database, SmartConsole, Security Gateways
3.SmartConsole, Security Management Server, Security Gateways
Where can administrator edit a list of trusted SmartConsole clients in R80?
1. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
2. Only in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients
3. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole. Manage and Settings > Permissions and Administrators > Trusted Clients.
4. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
- In
cpconfigon a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole. Manage and Settings > Permissions and Administrators > Trusted Clients.
What will be the effect of running the following command on the Security Management Server?
~~~
fw unloadlocal
~~~
1. Remove the installed Security Management Server
2. Remove the local ACL lists
3. No effect
4. Reset SIC on all gateways
- No effect
Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
1. Anti-Virus
2. IPS
3. Anti-Spam
4. Anti-bot
- IPS
Which Check Point feature enables application scanning and the detection?
1. Application Dictionary
2. AppWiki
3. Application Library
4. CPApp
- AppWiki
Which tool is used to enable ClusterXL?
1. SmartUpdate
2. cpconfig
3. SmartConsole
4. sysconfig
- cpconfig
Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) Server?
- SecurID
- NT domain
- SMTP
- LDAP
- LDAP
Fill in the blank: The command provides the most complete restoration of a R80 configuration.
cpconfigupgrade_exportfwm dbimport -p <export file>cpinfo-recover
upgrade_export
Explanation
(Should be “migrate import”)
“migrate import” Restores backed up configuration for R80 version, in previous versions the command was “ upgrade_export “.
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when.
1. The IP address of the Security Management or Security Gateway has changed
2. The license is upgraded
3. The license is attached to the wrong Security Gateway
4. The existing license expires
The license is attached to the wrong Security Gateway
Explanation
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.
Which of the following are types of VPN communicates?
1. Combined and star
2. Pentagon, star, and combination
3. Meshed, star, and combination
4. Star, octagon, and combination
Meshed, star, and combination
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
1. IPS, anti-virus and e-mail security
2. Sand Blast
3. IPS and Application Control
4. IPS, anti-virus and anti-bot
Explanation
Sand Blast Zero-Day Protection
Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.
Sand Blast
Explanation
Sand Blast Zero-Day Protection
Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users.
Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade statistics of VPN, Identity Awareness and DLP?
1. fw ctl pstat
2. cp view
3. fw ctl multik stat
4. cpconfig
cp view
Explanation
CPView Utility is a text based built-in utility that can be run (‘cpview’ command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views.
Which of the following is TRUE regarding Gaia command line?
1. Configuration changes should be done in mgmt-cli and use expert-mode for OS-level tasks.
2. All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks.
3. Configuration changes should be done in expert-mode and CLISH is used for monitoring.
4. Configuration changes should be done in mgmt_cli and use CLISH for monitoring, Expert mode is used only for OS level tasks.
Configuration changes should be done in mgmt_cli and use CLISH for monitoring, Expert mode is used only for OS level tasks.
Explanation
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published.
The security Gateway is installed on GAiA R80 The default port for the WEB User Interface is.
1. TCP 18211
2. TCP 443
3. TCP 4433
4. TCP 257
TCP 443
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
~~~
1. https://<Device_IP_Address>:10000
2. https://<Device_IP_Address>:443
3. https://<Device_IP_Address>
4. https://<Device_IP_Address>:4434
~~~</Device_IP_Address></Device_IP_Address></Device_IP_Address></Device_IP_Address>
https://<Device_IP_Address>
Explanation
Logging in to the WebUI
Logging in
To log in to the WebUI:
- Enter this URL in your browser: https://<Gaia></Gaia>
- Enter your user name and password.
Which of the following is NOT a back up method?
1. snapshot
2. Migrate
3. System backup
4. Save backup
Save backup
Explanation
The built-in Gaia backup procedures:
Snapshot Management
System Backup (and System Restore)
Save/Show Configuration (and Load Configuration)
Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances.
Snapshot (Revert)
Backup (Restore)
upgrade_export (Migrate)
What are the two high availability modes?
1. Load Sharing and Legacy
2. New and Legacy
3. Active and Standby
4. Traditional and New
New and Legacy
Explanation
ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
Load Sharing Multicast Mode Load Sharing Unicast Mode
New High Availability Mode
High Availability Legacy Mode
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from Threat Cloud?
1. Antivirus
2. Anti-spam and Email Security
3. Firewall
4. Application Control
Antivirus
Explanation
The enhanced Check Point Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from Threat Cloud, the first collaborative network to fight cybercrime, to detect and block malware at the gateway before users are affected.
Fill in the blank: The R80 feature permits blocking specific IP addresses for a specified time period.
1. Adaptive Threat Prevention
2. Suspicious Activity Monitoring
3. Block Port Overflow
4. Local Interface Spoofing
Suspicious Activity Monitoring
Explanation
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation
Which feature is NOT provided by all Check Point Mobile Access solutions?
1. Support for IPv6
2. Strong user authentication
3. Secure connectivity
4. Granular access control
Support for IPv6
Explanation
Types of Solutions
All of Check Point’s Remote Access solutions provide:
Enterprise-grade, secure connectivity to corporate resources. Strong user authentication.
Granular access control
Fill in the blank: Each cluster has interfaces.
1. Four
2. Two
3. Five
4. Three
Three
Explanation
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.
What is the default method for destination NAT?
1. Source side
2. Destination side
3. Client side
4. Server side
Client side
Explanation
Client Side NAT - destination is NAT`d by the inbound kernel
What is the default shell for the command line interface?
1. Normal
2. Clish
3. Expert
4. Admin
Clish
Explanation
The default shell of the CLI is called clish
In R80, Unified Policy is a combination of
1. Firewall policy, address Translation and application and URL filtering, QoS Policy, Desktop Security Policy and Threat Prevention Policy.
2. Access control policy, QoS Policy, Desktop Security Policy and VPN policy.
3. Access control policy, QoS Policy, Desktop Security Policy and Threat Prevention Policy.
4. Access control policy, QoS Policy, Desktop Security Policy and endpoint policy.
Access control policy, QoS Policy, Desktop Security Policy and VPN policy.
Explanation
D is the best answer given the choices. Unified Policy
In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades:
Firewall and VPN
Application Control and URL Filtering Identity Awareness
Data Awareness Mobile Access Security Zones
Fill in the blank: The R80 utility fw monitor is used to troubleshoot \_\_\_\_
1. Traffic issues
2. User data base corruption
3. LDAP conflicts
4. Phase two key negotiation
Traffic issues
Explanation
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
1. Local
2. Corporate
3. Formal
4. Central
Local
Administrator wishes to update IPS from Smart Console by clicking on the option “update now” under the IPS tab. Which device requires internet access for the update to work?
1. Security Gateway
2. Device where Smart Console is installed
3. Smart Event
4. SMS
Device where Smart Console is installed
Explanation
Updating IPS Manually
You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website. You can only manually update IPS if a proxy is defined in Internet Explorer settings.
To obtain updates of all the latest protections from the IPS website:
- Configure the settings for the proxy server in Internet Explorer.
- In Microsoft Internet Explorer, open Tools > Internet Options > Connections tab > LAN Settings. The LAN Settings window opens.
- Select Use a proxy server for your LAN.
- Configure the IP address and port number for the proxy server.
- Click OK.
The settings for the Internet Explorer proxy server are configured.
In the IPS tab, select Download Updates and click Update Now.
If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections
Office mode means that:
1. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
2. Users authenticate with an Internet browser and use secure HTTPS connection.
3. Secure ID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
4. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
Explanation
Office Mode enables a Security Gateway to assign internal IP addresses to SecureClient users. This IP address will not be exposed to the public network, but is encapsulated inside the VPN tunnel between the client and the Gateway. The IP to be used externally should be assigned to the client in the usual way by the Internet Service provider used for the Internet connection. This mode allows a Security Administrator to control which addresses are used by remote clients inside the local network and makes them part of the local network. The mechanism is based on an IKE protocol extension through which the Security Gateway can send an internal IP address to the client.
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a Smart Console machine in his calculations?
1. One machine, but it needs to be installed using Secure Platform for compatibility purposes.
2. Three machines
3. One machine
4. Two machines
Two machines
Explanation
One for Security Management Server and the other one for the Security Gateway.
Which options are given on features, when editing a Role on Gaia Platform?
1. Read/Write, Read Only
2. Read Only, None
3. Read/Write, None
4. Read/Write, Read only, None
Read/Write, Read only, None
Explanation
Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.
You can also specify which access mechanisms (WebUI or the CLI) are available to the user.
Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.
Gaia includes these predefined roles:
adminRole - Gives the user read/write access to all features.
monitorRole- Gives the user read-only access to all features. You cannot delete or change the predefined roles.
Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system.
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
1. AD Query
2. RADIUS
3. Remote Access and RADIUS
4. AD Query and Browser-based Authentication
AD Query and Browser-based Authentication
Explanation
Explanation:
Identity Awareness gets identities from these acquisition sources:
AD Query
Browser-Based Authentication Endpoint Identity Agent Terminal Servers Identity Agent
Which policy type has its own Exceptions section?
1. Threat Emulation
2. Access Control
3. Desktop Security
4. Threat Prevention
Threat Prevention
Explanation
The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.
When you upload a package or license to the appropriate repository in Smart Update, where is the package or license stored.
1. Check Point user center
2. Security Gateway
3. Smart Console installed device
4. Security Management Server
Security Management Server
Explanation
Smart Update installs two repositories on the Security Management server:
License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf.
Package Repository, which is stored:
- on Windows machines in C:\SUroot.
- on UNIX machines in /var/SUroot.
The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository.
Which of the following is NOT an advantage to using multiple LDAP servers?
1. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
2. Information on a user is hidden, yet distributed across several servers
3. You gain High Availability by replicating the same information on several servers
4. You achieve a faster access time by placing LDAP servers containing the database at remote sites
Information on a user is hidden, yet distributed across several servers
With which command can you view the running configuration of Gaia-based system?
1. show configuration active
2. show running-configuration
3. show configuration
4. show conf-active
show configuration
By default, which port does the Web UI listen on?
1. 80
2. 8080
3. 443
4. 4434
443
Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
1. Anti-bot
2. Anti-Virus
3. Anti-Spam
4. IPS
IPS
Explanation
The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
Malware attacks
Dos and DDoS attacks
Application and server vulnerabilities Insider threats
Unwanted application traffic, including IM and P2P
The Gaia operating system supports which routing protocols?
1. BGP, OSPF, EIGRP, PIM, IGMP
2. BGP, OSPF, RIP, PIM, IGMP
3. BGP, OSPF, RIP, EIGRP
4. BGP, OSPF, RIP
BGP, OSPF, RIP
Explanation
The Advanced Routing Suite CLI is available as part of the For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each.
Which one of the following is the preferred licensing model? Select the Best answer.
1. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
2. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway.
3. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway.
Explanation
Central License
A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License
are:
Only one IP address is needed for all licenses.
A license can be taken from one gateway and given to another.
The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
1. Data Awareness is not enabled.
2. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
3. Logs are arriving from Pre-R80 gateways.
4. Identity Awareness is not enabled.
Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.
Explanation
The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
1. Active Directory Query.
2. User Directory Query.
3. Account Unit Query.
4. User Check.
Active Directory Query.
Explanation
AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive.
Fill in the blank: To build an effective Security Policy, use a and _ rule?
1. Implicit; explicit
2. Stealth; implicit
3. Cleanup; default
4. Cleanup; stealth
Cleanup; stealth
Which of the following is NOT a license activation method?
1. Offline Activation
2. Smart Console Wizard
3. Online Activation
4. License Activation Wizard
Smart Console Wizard
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
1. Identity Awareness is not enabled on Global properties
2. Smart Console machine is not part of the domain
3. SMS is not part of the domain
4. Security Gateways is not part of the Domain
Smart Console machine is not part of the domain
Explanation
To enable Identity Awareness:
- Log in to Smart Dashboard.
- From the Network Objects tree, expand the Check Point branch.
- Double-click the Security Gateway on which to enable Identity Awareness.
- In the Software Blades section, select Identity Awareness on the Network Security tab. The Identity Awareness Configuration wizard opens.
- Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets.
AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers.
Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently.
Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address). See Choosing Identity Sources.
Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80.
- Click Next.
The Integration With Active Directory window opens.
When Smart Dashboard is part of the domain, Smart Dashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization’s Active Directory.
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
1. Secure Client
2. Smart Console
3. Security Gateway
4. None, Security Management Server would be installed by itself.
Security Gateway
Explanation
There are different deployment scenarios for Check Point software products.
What are the three authentication methods for SIC?
1. Certificates, Passwords, and Tokens
2. Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
3. Packet Filtering, certificates, and 3DES or AES128 for encryption
4. Passwords, Users, and standards-based SSL for the creation of security channels
Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption
Explanation
Secure Internal Communication (SIC) Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers.
These security measures make sure of the safety of SIC: Certificates for authentication Standards-based SSL for the creation of the secure channel 3DES for encryption
What is the purpose of Captive Portal?
1. It authenticates users, allowing them access to the Internet and corporate resources
2.It authenticates users, allowing them access to the Gaia OS
3.It provides remote access to Smart Console
4.It manages user permission in Smart Console
It authenticates users, allowing them access to the Internet and corporate resources
Explanation
Captive Portal – a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue.
What is the order of NAT priorities?
1. Static NAT, hide NAT, IP pool NAT
2. IP pool NAT, static NAT, hide NAT
3. Static NAT, automatic NAT, hide NAT
4. Static NAT, IP pool NAT, hide NAT
Static NAT, IP pool NAT, hide NAT
Explanation
The order of NAT priorities is:
- Static NAT
- IP Pool NAT
- Hide NAT
Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.
Which of the following is NOT a component of a Distinguished Name?
1. Common name
2. Organization Unit
3. User container
4. Country
User container
Explanation
Distinguished Name Components
CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name
Which command is used to add users to or from existing roles?
1. Add rba user <User Name>
2. Add user <User Name>
3. Add rba user <User Name> roles <List>
4. Add user <User Name> roles <List>
Add rba user <User Name> roles <List>
When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
1. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
2. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
3. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.
4. If the Action is Accept, the gateway allows the packet to pass through the gateway.
If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
1. Load Sharing Pivot
2. Load Sharing Multicast
3. High Availability
4. Master/Backup
Load Sharing Multicast
Explanation
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluste
What is the default time length that Hit Count Data is kept?
1. 4 weeks
2. 12 months
3. 3 month
4. 6 months
6 months
Explanation
Keep Hit Count data up to - Select one of the time range options. The default is 6 months. Data is kept in the Security Management Server database for this period and is shown in the Hits column.
Which type of the Check Point license ties the package license to the IP address of the Security Management Server?
1. Formal
2. Local
3. Corporate
4. Central
Central
When attempting to start a VPN tunnel, in the logs the error ‘no proposal chosen’ is seen numerous times. No other VPN-related log entries are present. Which phase of the VPN negotiations has failed?
1. IKE Phase 2
2. IKE Phase 1
3. IPSEC Phase 2
4. IPSEC Phase 1
IKE Phase 1
What are the two types of address translation rules?
1. Translated packet and untranslated packet
2. Untranslated packet and manipulated packet
3. Manipulated packet and original packet
4. Original packet and translated packet
Original packet and translated packet
Explanation
NAT Rule Base
The NAT Rule Base has two sections that specify how the IP addresses are translated:
Original Packet Translated Packet
Which authentication scheme requires a user to possess a token?
1. RADIUS
2. SecurID
3. TACACS
4. Check Point password
SecurID
Explanation
SecurID
SecurID requires users to both possess a token authenticator and to supply a PIN or password
In order to modify Security Policies, the administrator can use which of the following tools? Select the BEST answer.
1. Smart Console or mgmt_cli on any computer where Smart Console is installed.
2. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
3. Smart Console and Web UI on the Security Management Server.
4. mgmt_cli or Web UI on Security Gateway and Smart Console on the Security Management Server.
Smart Console or mgmt_cli on any computer where Smart Console is installed.
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
1. add users to your Gaia system.
2. edit the home directory of the user.
3. assign privileges to users.
4. assign user rights to their home directory in the Security Management Server
assign user rights to their home directory in the Security Management Server
Explanation
Users
Use the WebUI and CLI to manage user accounts. You can:
Add users to your Gaia system. Edit the home directory of the user. Edit the default shell for a user.
Give a password to a user. Give privileges to users.
Fill in the blank: The feature allows administrators to share a policy with other policy packages.
1. Concurrent policy packages
2. Shared policies
3. Concurrent policies
4. Shared policy packages
Shared policy packages
Which of the following is TRUE about the Check Point Host object?
1. When you upgrade to R80 from R77.30 or earlier versions, Check Point Host objects are converted to gateway objects.
2. Check Point Host is capable of having an IP forwarding mechanism.
3. Check Point Host can act as a firewall.
4. Check Point Host has no routing ability even if it has more than one interface installed.
Check Point Host has no routing ability even if it has more than one interface installed.
Explanation
A Check Point host is a host with only one interface, on which Check Point software has been installed, and which is managed by the Security Management server. It is not a routing mechanism and is not capable of IP forwarding.
NAT can NOT be configured on which of the following objects?
1. Gateway
2. Host
3. Address Range
4. HTTP Logical Server
HTTP Logical Server
Where do we need to reset the SIC on a gateway object?
1. Smart Update > Edit Security Management Server Object > SIC
2. Smart Dashboard > Edit Gateway Object > General Properties > Communication
3. Smart Update > Edit Gateway Object > Communication
4. Smart Dashboard > Edit Security Management Server Object > SIC
Smart Dashboard > Edit Gateway Object > General Properties > Communication
Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as
1. User Check
2. User Directory
3. User Administration
4. User Center
User Directory
Explanation
Check Point User Directory integrates LDAP, and other external user management technologies, with the Check Point solution. If you have a large user count, we recommend that you use an external user management database such as LDAP for enhanced Security Management Server performance.
Fill in the blanks: A High Availability deployment is referred to as a cluster and a Load Sharing deployment is referred to as a cluster.
1. Active/standby; active/active
2. Standby/standby; active/active
3. Active/active; active/standby;
4. Active/active; standby/standby
Active/standby; active/active
Explanation
In a High Availability cluster, only one member is active (Active/Standby operation).
ClusterXL Load Sharing distributes traffic within a cluster so that the total throughput of multiple members is increased. In Load Sharing configurations, all functioning members in the cluster are active, and handle network traffic (Active/Active operation).
Message digests use which of the following?
1. SSL and MD4
2. DES and RC4
3. IDEA and RC4
4. SHA-1 and MD5
SHA-1 and MD5
You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base. Which of the following is the most likely cause?
1. The POP3 rule is hidden.
2. The POP3 rule is disabled.
3. POP3 is accepted in Global Properties.
4. POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.
The POP3 rule is hidden.
What is the default shell of Gaia CLI?
1. Monitor
2. Bash
3. CLI.sh
4. Read-only
CLI.sh
Explanation
This chapter gives an introduction to the Gaia command line interface (CLI). The default shell of the CLI is called clish.
What action can be performed from Smart Update R77?
1.fw stat -1
2. cpinfo
3. upgrade_export
4. remote_uninstall_verifier
cpinfo
Fill in the blank: Once a license is activated, a should be installed.
1. License Contract file
2. License Management file
3. Service Contract file
4. Security Gateway Contract file
Service Contract file
Explanation
Service Contract File
Following the activation of the license, a Service Contract File should be installed. This file contains important information about all subscriptions purchased for a specific device and is installed via Smart Update. A detailed explanation of the Service Contract File can be found in sk33089.
Which of these components does NOT require a Security Gateway R77 license?
1. Check Point Gateway
2. Smart Console
3. Smart Update upgrading/patching
4. Security Management Server
Smart Console
Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:
1. If Joe tries to make changes, he won’t, database will be locked.
2. Bob will be prompt that Joe logged in.
3. When Joe logs in, Bob will be log out automatically.
4. Since they both are log in on different interfaces, they both will be able to make changes.
If Joe tries to make changes, he won’t, database will be locked.
You are going to upgrade from R77 to R80. Before the upgrade, you want to back up the system so that, if there are any problems, you can easily restore to the old version with all configuration and management files intact. What is the BEST backup method in this scenario?
1. Database Revision
2. backup
3. snapshot
4. migrate export
snapshot
Explanation
Snapshot Management
The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system. Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported.
The log partition is not included in the snapshot. Therefore, any locally stored Firewall logs will not be saved.
Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?
1. Configuration checkbox “Accept all encrypted traffic”
2. “Encrypt” action in the Rule Base
3. “VPN” column in the Rule Base
4. Permanent Tunnels
“Encrypt” action in the Rule Base
Explanation
Migrating from Traditional Mode to Simplified Mode
To migrate from Traditional Mode VPN to Simplified Mode:
- On the Global Properties > VPN page, select one of these options:
- Simplified mode to all new Firewall Policies *
Traditional or Simplified per new Firewall Policy
- Click OK.
- From the R80 Smart Console Menu, select Manage policies.
The Manage Policies window opens.
- Click New.
The New Policy window opens.
- Give a name to the new policy and select Access Control.
In the Security Policy Rule Base, a new column marked VPN shows and the Encrypt option is no longer available in the Action column. You are now working in Simplified Mode.
Which of the following is NOT a set of Regulatory Requirements related to Information Security?
1. HIPPA
2. Sarbanes Oxley (SOX)
3. ISO 37001
4. PCI
ISO 37001
Explanation
ISO 37001 - Anti-bribery management systems
Which Check Point software blade provides protection from zero-day and undiscovered threats?
1. Firewall
2. Threat Emulation
3. Application Control
4. Threat Extraction
Threat Emulation
Which of the following licenses are considered temporary?
1. Plug-and-play and Evaluation
2. Subscription and Perpetual
3. Evaluation and Subscription
4. Perpetual and Trial
Plug-and-play and Evaluation
Explanation
Should be Trial or Evaluation, even Plug-and-play (all are synonyms ). Answer B is the best choice.
Choose the Smart Log property that is TRUE.
1. Smart Log is a client of Smart Console that enables enterprises to centrally track log records and security activity with Google-like search.
2. Smart Log has been an option since release R71.10.
3. Smart Log and SmartView Tracker are mutually exclusive.
4. Smart Log is not a Check Point product.
Smart Log is a client of Smart Console that enables enterprises to centrally track log records and security activity with Google-like search.
Choose what BEST describes users on Gaia Platform.
1. There are two default users that cannot be deleted and one Smart Console Administrator.
2. There is one default user that cannot be deleted.
3. There are two default users and one cannot be deleted.
4. There is one default user that can be deleted.
There are two default users and one cannot be deleted.
Explanation
These users are created by default and cannot be deleted:
admin — Has full read/write capabilities for all Gaia features, from the WebUI and the CLI. This user has a User ID of 0, and therefore has all of the privileges of a root user.
monitor — Has read-only capabilities for all features in the WebUI and the CLI, and can change its own password. You must give a password for this user before the account can be used.
To install a brand-new Check Point Cluster, the Mega Corp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?
1. Full HA Cluster
2. Standalone
3. High Availability
4. Distributed
High Availability
What happens if the identity of a user is known?
1. If the user credentials do not match an Access Role, the system displays a sandbox.
2. If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
3. If the user credentials do not match an Access Role, the system displays the Captive Portal.
4. If the user credentials do not match an Access Role, the traffic is automatically dropped.
If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.
Which of the following is NOT a VPN routing option available in a star community?
1. To satellites through center only
2. To center, or through the center to other satellites, to Internet and other VPN targets
3. To center and to other satellites through center
4. To center only
1 and 4
Explanation
Smart Console
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 Smart Console:
- On the Star Community window, in the:
a. Center Gateways section, select the Security Gateway that functions as the “Hub”.
b. Satellite Gateways section, select Security Gateways as the “spokes”, or satellites.
- On the VPN Routing page, Enable VPN routing for satellites section, select one of these options:
a. To center and to other Satellites through center - This allows connectivity between the Security Gateways, for example if the spoke Security Gateways are DAIP Security Gateways, and the Hub is a Security Gateway with a static IP address.
b. To center, or through the center to other satellites, to internet and other VPN targets - This allows connectivity between the Security Gateways as well as the ability to inspect all communication passing through the Hub to the Internet.
- Create an appropriate Access Control Policy rule.
- NAT the satellite Security Gateways on the Hub if the Hub is used to route connections from Satellites to the Internet.
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Which of the following statements accurately describes the command snapshot?
1. snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.
2. snapshot creates a Security Management Server full system-level backup on any OS
3. snapshot stores only the system-configuration settings on the Gateway
4. A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server
snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.
Which policy type is used to enforce bandwidth and traffic control rules?
1. Threat Prevention
2. Access Control
3. QoS
4. Threat Emulation
QoS
Explanation
Check Point’s QoS Solution
QoS is a policy-based QoS management solution from Check Point Software Technologies Ltd., satisfies your needs for a bandwidth management solution. QoS is a unique, software-only based application that manages traffic end-to-end across networks, by distributing enforcement throughout network hardware and software.
R80 Security Management Server can be installed on which of the following operating systems?
1. Gaia, SPLAT, Windows Server only
2. Gaia, SPLAT, Windows Server and IPSO only
3. Gaia and SPLAT only
4. Gaia only
Gaia only
Explanation
R80 can be installed only on GAIA OS.
Supported Check Point Installations All R80 servers are supported on the Gaia Operating System:
- Security Management Server
- Multi-Domain Security Management Server
- Log Server
- Multi-Domain Log Server
- Smart Event Server
Admin A and Admin B are both logged in on Smart Console. What does it mean if Admin B sees a locked icon on a rule? Choose the BEST answer.
1. Rule is locked by Admin A and will make it available if session is published.
2. Rule is locked by Admin A because an object on that rule is been edited.
3. Rule is locked by Admin A, and if the session is saved, rule will be available
4. Rule is locked by Admin A, because the save bottom has not been press.
Rule is locked by Admin A and will make it available if session is published.
Anti-Spoofing is typically set up on which object type?
1. Network
2. Host
3. Security Gateway
4. Security Management object
Security Gateway
The most important part of a site-to-site VPN deployment is the .
1. VPN gateways
2. Encrypted VPN tunnel
3. Internet
4. Remote users
Encrypted VPN tunnel
Explanation
Site to Site VPN
The basis of Site to Site VPN is the encrypted VPN tunnel. Two Security Gateways negotiate a link and create a VPN tunnel and each tunnel can contain more than one VPN connection. One Security Gateway can maintain more than one VPN tunnel at the same time. Reference:
What CLI utility allows an administrator to capture traffic along the firewall inspection chain?
1. fw monitor
2. tcpdump
3. tcpdump /snoop
4. show interface (interface) –chain
fw monitor
Mesh and Star are two types of VPN topologies. Which statement below is TRUE about these types of communities?
1. In a star community, satellite gateways cannot communicate with each other.
2. In a mesh community, member gateways cannot communicate directly with each other.
3. In a mesh community, all members can create a tunnel with any other member.
4. A star community requires Check Point gateways, as it is a Check Point proprietary technology.
In a mesh community, all members can create a tunnel with any other member.
Fill in the blank: A is used by a VPN gateway to send traffic as if it were a physical interface.
1. VPN router
2. VPN Tunnel Interface
3. VPN interface
4. VPN community
VPN Tunnel Interface
Explanation
Route Based VPN
VPN traffic is routed according to the routing settings (static or dynamic) of the Security Gateway operating system. The Security Gateway uses a VTI (VPN Tunnel Interface) to send the VPN traffic as if it were a physical interface. The VTIs of Security Gateways in a VPN community connect and can support dynamic routing protocols.
Fill in the blanks: A Check Point software license consists of a\_\_\_\_\_\_\_\_\_\_\_\_\_ and\_\_\_\_\_\_\_\_\_\_\_\_ .
1. Software container; software package
2. Software package; signature
3. Software blade; software container
4. Signature; software blade
Software blade; software container
Explanation
Check Point’s licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages as well as the ability to custom build a solution tailored to the needs of the Network Administrator. This is accomplished by the use of the following license components:
Software Blades
Container
Look at the following screenshot and select the BEST answer.
1. Internal clients can upload and download any-files to FTP_Ext-server using FTP.
2. Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.
3. Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
4. Internal clients can upload and download archive-files to FTP_Ext server using FTP.
Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.
Choose what BEST describes a Session?
1. Sessions locks the policy package for editing.
2. Starts when an Administrator logs in to the Security Management Server through Smart Console and ends when it is published.
3. Starts when an Administrator publishes all the changes made on Smart Console.
4. Sessions ends when policy is pushed to the Security Gateway.
Starts when an Administrator logs in to the Security Management Server through Smart Console and ends when it is published.
Explanation
Administrator Collaboration
More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators.
When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited.
To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session.
What statement is true regarding Visitor Mode?
1. All VPN traffic is tunneled through UDP port 4500.
2. VPN authentication and encrypted traffic are tunneled through port TCP 443.
3. Only Main mode and Quick mode traffic are tunneled on TCP port 443.
4. Only ESP traffic is tunneled through port TCP 443.
VPN authentication and encrypted traffic are tunneled through port TCP 443.
Which of the following is NOT an alert option?
1. SNMP
2. User defined alert
3. Mail
4. High alert
High alert
Explanation
In Action, select: none - No alert. log
- Sends a log entry to the database.
alert - Opens a pop-up window to your desktop. mail - Sends a mail alert to your Inbox. snmptrap - Sends an SNMP alert. useralert - Runs a script. Make sure a user-defined action is available. Go to SmartDashboard > Global Properties > Log and Alert > Alert Commands.
When using LDAP as an authentication method for Identity Awareness, the query:
1. Requires client and server-side software.
2. Is transparent, requiring no client or server-side software, or client intervention.
3. Prompts the user to enter credentials.
4. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
Is transparent, requiring no client or server-side software, or client intervention.
Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2. Why is this a problematic setup?
1. All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.
2. Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1 .
3. All is fine and can be used as is.
4. The two algorithms do not have the same key length and so don’t work together. You will get the error … No proposal chosen…
Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.
The organization’s security manager wishes to back up just the Gaia operating system parameters. Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?
1. backup
2. up grade export
3. show configuration
4. migrate export
backup
Explanation
System Backup (and System Restore)
System Backup can be used to backup current system configuration. A backup creates a compressed file that contains the Check Point configuration including the networking and operating system parameters, such as routing and interface configuration etc., but unlike a snapshot, it does not include the operating system, product binaries, and hotfixes.
If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?
1. Log Implied Rule was not selected on Global Properties.
2. Log Implied Rule was not set correctly on the track column on the rules base.
3. Track log column is set to none.
4. Track log column is set to Log instead of Full Log
Log Implied Rule was not selected on Global Properties.
Explanation
Implied Rules are configured only on Global Properties.
You installed Security Management Server on a computer using GAiA in the MegaCorp home office. You use IP address 10.1.1.1. You also installed the Security Gateway on a second GAiA computer, which you plan to ship to another Administrator at a MegaCorp hub office. What is the correct order for pushing SIC certificates to the Gateway before shipping it?
1. Run cpconfig on the Gateway, select Secure Internal Communication, enter the activation key, and reconfirm.
2. Initialize Internal Certificate Authority (ICA) on the Security Management Server.
3. Configure the Gateway object with the host name and IP addresses for the remote site.
4. Click the Communication button in the Gateway object’s General screen, enter the activation key, and click Initialize and OK.
5. Install the Security Policy.
* 2, 1, 3, 4, 5
* 2, 3, 4, 1, 5
* 2, 3, 4, 5,1
* 1, 3, 2, 4, 5
2, 1, 3, 4, 5
Which directory holds the Smart Log index files by default?
1. $FWDIR/smart log
2. $SMARTLOGDIR/data
3. $FWDIR/log
4. $SMARTLOG/dir
$SMARTLOGDIR/data
Your bank’s distributed R77 installation has Security Gateways up for renewal. Which Smart Console application will tell you which Security Gateways have licenses that will expire within the next 30 days?
1. Smart Dashboard
2. Smart Update
3. SmartView Tracker
4. Smart Portal
Smart Update
Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
1. Yes.
2. Yes, but only when using Manual NAT.
3. No.
4. Yes, but only when using Automatic NAT.
Yes.
Which of the following is NOT defined by an Access Role object?
1. Source Server
2. Source Machine
3. Source User
4. Source Network
Source Server
What port is used for delivering logs from the gateway to the management server?
1. Port 18209
2. Port 258
3. Port 981
4. Port 257
Port 257
Which utility allows you to configure the DHCP service on Gaia from the command line?
1. ifconfig
2. dhcp_cfg
3. sysconfig
4. cpconfig
sysconfig
Packages and licenses are loaded from all of these sources EXCEPT
1. Download Center Web site
2. UserUpdate
3. User Center
4. Check Point DVD
UserUpdate
Which message indicates IKE Phase 2 has completed successfully?
1. Quick Mode Complete
2. Aggressive Mode Complete
3. Main Mode Complete
4. IKE Mode Complete
Quick Mode Complete
Which back up method uses the command line to create an image of the OS?
1. System backup
2. Save Configuration
3. Migrate
4. snapshot
snapshot
Which of the following is NOT a valid application tab in the R80 SmartConsole?
1. Manage and Command Line
2. Logs and Monitor
3. Security Policies
4. Gateway and Servers
Manage and Command Line
Choose the BEST place to find a Security Management Server backup file named bachup_fw on a Check Point Appliance.
1. /var/log/CPbackup/backup_fw.tgz
2. /var/log/CPbackup/backups/backup_fw.tar
3. /var/CPbackup/backups/backup_fw.tar
4. /var/CPbackup/backups/backup_fw.tgz
/var/log/CPbackup/backup_fw.tgz
What is the most complete definition of the difference between the Install Policy…. button on the SmartConsole’s tab, and the Install Policy…. button within a specific policy?
1. The Global one also saves and publishes the session before the installation.
2. The Global one can install multipleselected policies at the same time.
3. The local one does not install the Anti-Malware policy along with the Network policy.
4. The second one pre-selects the installation for only the current policy and for the applicable gateways.
The second one pre-selects the installation for only the current policy and for the applicable gateways.
Your internal networks 10.1.1.0/24. 10.2.2.0/24 and 192.168.0.0/16 are behind the internet Security Gateway. Considering that Layer 2 and Layer 3 setup is correct, what are the steps you will need to do in SmartConsole in order to get the connection working? Select the BEST answer.
A)
2. Define an accept rule in Security Policy.
2. Define Security Gateway to hide all internal networks behind the gateway’s external IP.
3. Publish and install the policy.
B)
1. Define an accept rule in Security Policy.
2. Configure automatic NAT for each network to NAT the networks behind a public IP.
3.Publish the policy.
C)
1. Define an accept rule in Security Policy.
2. Configure automatic NAT for each network to NAT the networks behind a public IP.
3. Publish and install policy.
D)
1. Define an accept rule in Security Policy.
2. Define Security Gateway to hide all internal networks behind the gateway’s external IP.
3. Publish the policy.
A)
1. Define an accept rule in Security Policy.
2. Define Security Gateway to hide all internal networks behind the gateway’s external IP.
3. Publish and install policy.
You have enabled “Full log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
1. Logging has disk space issues, Change logging storage options on the logging server or Security Management Server properties and install database.
2. Data Awareness is not enabled.
3. Identity Awareness is not enabled.
4. Logs are arriving from Pre-R80 gateways.
Data Awarenes is not enabled
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
1. Pentagon
2. Combined
3. Meshed
4. Star
Star
In which scenario is it a valid option to transfer a license from one hardware device to another?
1. From a 4400 Appliance to an HP Open Server.
2. From an IBM Open Server to an HP Open Server.
3. From a 4400 Appliance to a 2200 Appliance.
4. From an IBM Open Server to a 2200 Appliance.
From an IBM Open Server to an HP Open Server.
Fill in the blank: Service blades must be attached to a \_\_\_\_\_\_\_\_\_
1. Security Gateway
2. Management container
3. Management server
4. Security Gateway container
Security Gateway container
Fill in the blank: In Security Gateways R75 and above, SIC uses \_\_\_\_\_\_\_\_ for encryption.
1. AES-128
2. AES-256
3. DES
4. 3DES
AES-128
Fill in the blank: The \_\_\_\_\_\_\_ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.
1. Application Control
2. Data Awareness
3. URL Filtering
4. Threat Emulation
URL Filtering
Which of the following licenses are considered temporary?
1. Perpetual and Trial
2. Plug-and-play and Evaluation
3. Subscription and Perpetual
4. Evaluation and Subscription
Plug-and-play and Evaluation
You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have recieved a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?
1. Open SmartLog and connected remotely to the IP of the wireless controller.
2. Open SmartView Tracker and filter the logs for the IP address of the tablet.
3. Open SmartView Tracker and check all the IP logs for the tablet.
4. Open SmartLog and query for the IP address of the Manager’s tablet.
Open SmartLog and query for the IP address of the Manager’s tablet.
Which of the following is NOT a set of Regulatory Requirements related to Information Security?
1. ISO 37001
2. Sarbanes Oxley (SOX)
3. HIPAA
4. PCI
ISO 37001
What is the most recommended installation method for Check Point appliances?
1. SmartUpdate installation
2. DVD media created with Check Point ISOMorphic.
3. USB media created with Check Point ISOMorphic.
4. Cloud based installation.
USB media created with Check Point ISOMorphic.
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
1. SmartView Monitor
2. SmartEvent
3. SmartUpdate
4. SmartDashboard
SmartEvent
How do you manage Gaia?
1. Through CLI and WebUI
2. Through CLI only
3. Through SmartDashboard only
4. Through CLI, WebUI, and SmartDashboard
Through CLI and WebUI
