CCSA 156-215.81 Flashcards
When enabling tracking on a rule, what is the default option?
A. Accounting Log
B. Extended Log
C. Log
D. Detailed Log
Correct Answer: C
Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?
A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.
B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.
C. The CPUSE engine and the Gaia operating system.
D. The Gaia operating system only.
Correct Answer: B
Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
A. Both License (.lic) and Contract (.xml) +les
B. cp.macro
C. Contract file (.xml)
D. license File (.lie)
Correct Answer: B
A $CPDIR/conf/cp.macro file is an electronically signed file used by the Check Point software to translate the features included within the installed license(s) file into code, or primitives.
Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______.
A. User Center
B. User Administration
C. User Directory
D. UserCheck
Correct Answer: C
Can you use the same layer in multiple policies or rulebases?
A. Yes - a layer can be shared with multiple policies and rules.
B. No - each layer must be unique.
C. No - layers cannot be shared or reused, but an identical one can be created.
D. Yes - but it must be copied and pasted with a different name.
Correct Answer: A
Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?
A. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
Correct Answer: D
Security Gateway software blades must be attached to what?
A. Security Gateway
B. Security Gateway container
C. Management server
D. Management container
The answer is Security Gateway container
Licenses in Check Point are composed by a Software Container (which is the product, GW, SMS, ecc ) and a Software Blade (which is the feature). A software blade must always be attached to a software container (product).
Which tool allows you to monitor the top bandwidth on smart console?
A. Logs & Monitoring
B. Smart Event
C. Gateways & Severs Tab
D. SmartView Monitor
Correct Answer: D
A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?
A. The zone is based on the network topology and determined according to where the interface leads to.
B. Security Zones are not supported by Check Point firewalls.
C. The firewall rule can be configured to include one or more subnets in a zone.
D. The local directly connected subnet defined by the subnet IP and subnet mask.
Correct Answer: A
When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packet Filtering?
A. Stateful Inspection offers unlimited connections because of virtual memory usage.
B. Stateful Inspection offers no benefits over Packet Filtering.
C. Stateful Inspection does not use memory to record the protocol used by the connection.
D. Only one rule is required for each connection.
Correct Answer: D
Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. Full
B. Custom
C. Complete
D. Light
Correct Answer: A
Full:
Default Identity AgentClosed that includes packet tagging and computer authentication.
It applies to all users on the computer on which it is installed.
Administrator permissions are required to use the Full Identity Agent type. For the Full Identity Agent, you can enforce IP spoofing protection. In addition, you can leverage computer authentication if you specify computers in Access Roles.
Fill in the blanks: Gaia can be configured using _______ the ________.
A. Command line interface; WebUI
B. Gaia Interface; GaiaUI
C. WebUI; Gaia Interface
D. GaiaUI; command line interface
Correct Answer: A
An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?
A. Section titles are not sent to the gateway side.
B. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.
C. A Sectional Title can be used to disable multiple rules by disabling only the sectional title.
D. Sectional Titles do not need to be created in the SmartConsole.
Correct Answer: C
In which scenario is it a valid option to transfer a license from one hardware device to another?
A. From a 4400 Appliance to a 2200 Appliance
B. From a 4400 Appliance to an HP Open Server
C. From an IBM Open Server to an HP Open Server
D. From an IBM Open Server to a 2200 Appliance
Correct Answer: C
“You cannot transfer a license from one Check Point appliance to another as these licenses are not transferable.”
https://community.checkpoint.com/t5/General-Topics/licensing-for-replaced-cluster-member/td- p/10102#:~:text=You%20cannot%20transfer%20a%20license,these%20licenses%20are%20not%20transferable
What are the three types of UserCheck messages?
A. action, inform, and ask
B. ask, block, and notify
C. block, action, and warn
D. inform, ask, and block
Correct Answer: D
A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?
A. In the system SMEM memory pool.
B. In State tables.
C. In the Sessions table.
D. In a CSV file on the firewall hard drive located in $FWDIR/conf/.
Correct Answer: B
What is the RFC number that act as a best practice guide for NAT?
A. RFC 1939
B. RFC 1950
C. RFC 1918
D. RFC 793
Correct Answer: C
URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?
A. WebCheck
B. UserCheck
C. Harmony Endpoint
D. URL categorization
Correct Answer: B
One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
A. AdminA, AdminB and AdminC are editing three different rules at the same time.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
D. AdminB sees a pencil icon next the rule that AdminB is currently editing.
Correct Answer: B
What is a role of Publishing?
A. The Security Management Server Installs the updated policy and the entire database on Security Gateways.
B. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.
C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.
Correct Answer: B
Name one limitation of using Security Zones in the network?
A. Security zones will not work in Automatic NAT rules
B. Security zone will not work in Manual NAT rules
C. Security zones will not work in firewall policy layer
D. Security zones cannot be used in network topology
Correct Answer: B
According to the CCSA-R81.10 guide, page 229, “Security zones will not work in Manual NAT rules.”
When configuring LDAP with User Directory integration, changes applied to a User Directory template are:
A. Not reflected for any users unless the local user template is changed.
B. Not reflected for any users who are using that template.
C. Reflected for ail users who are using that template and if the local user template is changed as well.
D. Reflected immediately for all users who are using that template.
Correct Answer: D
According to the CCSA-R81.10 guide, page 519, “Changes that are applied to a User Directory template are reflected immediately for all users who are using that template.”
True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.
A. True, every administrator works on a different database that Is independent of the other administrators
B. False, this feature has to be enabled in the Global Properties.
C. True, every administrator works in a session that is independent of the other administrators
D. False, only one administrator can login with write permission
Correct Answer: C
According to the CCSA-R81.10 guide, page 127, “More than one administrator can connect to the Security Management Server at the same time. Administrators each have their own name and work in a session that is indipendent to other administratiors.
When an administrator logs in to the Security Management Server through Smart Console, a new editing session begins. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on the object and rules that are being edited “
What are the three deployment options available for a security gateway?
A. Standalone, Distributed, and Bridge Mode
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Distributed, Bridge Mode, and Remote
Correct Answer: A
Remote is not an option
Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?
A. Data Loss Prevention
B. Antivirus
C. Application Control
D.NAT
Correct Answer: D
Bridging is done at Layer 2, therefore NATing is not possible.
Choose what BEST describes users on Gaia Platform.
A. There are two default users and neither can be deleted.
B. There are two default users and one cannot be deleted.
C. There is one default user that can be deleted.
D. There is one default user that cannot be deleted.
Correct Answer: A
The “admin” & “monitor” profiles are default and cannot be deleted
Which type of Check Point license ties the package license to the IP address of the Security Management Server?
A. Central
B. Corporate
C. Local
D. Formal
Correct Answer: A
An administrator wishes to use Application objects in a rule in their policy, but there are no Application objects listed as options to add when clicking the “+” to add new items to the “Services & Applications” column of a rule. What should be done to fix this?
A. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule.
B. The “Application Control” blade should be enabled on a gateway.
C. “Applications & URL Filtering” should first be enabled on the policy layer where the rule is being created.
D. The administrator should first create some applications to add to the rule.
Correct Answer: C
Services, Applications, Categories, and Sites.
If Application & URL Filtering is not enabled, only Services show.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/The-Columns- of-the-Access-Control-Rule-Base.htm#Services
Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?
A. Threat Emulation
B. Monitoring
C. Logging and Status
D. Application Control
Correct Answer: B
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. Formal
B. Central
C. Corporate
D. Local
Correct Answer: D
Local licensing is associated with the IP address of the Security Gateway, to which the license will be applied. Each time the IP address of the Security Gateway changes, a new license must be generated and installed.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62685
What is the purpose of Captive Portal?
A. It manages user permission in SmartConsole
B. It provides remote access to SmartConsole
C. It authenticates users, allowing them access to the Internet and corporate resources
D. It authenticates users, allowing them access to the Gaia OS
Correct Answer: C
According to the CCSA-R81.10 guide, page 529, “Captive Portal (Browser-Based Authentication) is a simple method that authenticates users through a web interface before granting tem access to Internet and other corporate resources”
Which of these is NOT a feature or benefit of Application Control?
A. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk.
B. Identify and control which applications are in your IT environment and which to add to the IT environment.
C. Scans the content of +les being downloaded by users in order to make policy decisions.
D. Automatically identify trusted software that has authorization to run
Correct Answer: C
Identity Awareness allows easy configuration for network access and auditing based on what three items?
A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.
Correct Answer: B
Identity Awareness
Check Point Software Blade that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer.
Page 16:
https://dl3.checkpoint.com/paid/3f/3f771245354ce0c9670fd4abc9626bfd /CP_R80.40_IdentityAwareness_AdminGuide.pdf?HashKey=1680472180_8f0d5e40c0648e7dfd69cb9c826a54f2&xtn=.pdf
How do logs change when the “Accounting” tracking option is enabled on a traffic rule?
A. Involved traffic logs will be forwarded to a log server.
B. Provides log details view email to the Administrator.
C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
D. Provides additional information to the connected user.
Correct Answer: C
Accounting - Select this to update the log at 10 minutes intervals, to show how much data has passed in the connection: Upload bytes, Download bytes, and browse time.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Tracking- Options.htm
Fill in the blank: The position of an Implied rule is manipulated in the _______ window.
A.NAT
B. Global Properties
C. Object Explorer
D. Firewall
Correct Answer: B
“Note - In addition, users can access the Implied Rules configurations through Global Properties and use the implied policy view below Configuration.”
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk115600
You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
A. Identity Awareness is not enabled.
B. Log Trimming is enabled.
C. Logging has disk space issues
D. Content Awareness is not enabled.
Correct Answer: D
How many layers make up the TCP/IP model?
A.2
B.4
C.6
D.7
Correct Answer: B
The TCP/IP model breaks the network stack into four layers while the OSI model is broken up into seven layers.
https://www.checkpoint.com/cyber-hub/network-security/what-is-the-osi-model-understanding-the-7-layers/
Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.
A. Concurrent policy packages
B. Concurrent policies
C. Global Policies
D. Shared policies
Correct Answer: D
“The Shared Policies section in the Security Policies shows the policies that are not in a Policy package. They are shared between all Policy packages.”
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/SmartConsole- Toolbars-Shared-Policies.htm
Access roles allow the firewall administrator to configure network access according to:
A. remote access clients.
B. a combination of computer or computer groups and networks.
C. users and user groups.
D. All of the above.
Correct Answer: D
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Access- Roles.htm
In SmartEvent, a correlation unit (CU) is used to do what?
A. Collect security gateway logs, Index the logs and then compress the logs.
B. Receive firewall and other software blade logs in a region and forward them to the primary log server.
C. Analyze log entries and identify events.
D. Send SAM block rules to the firewalls during a DOS attack.
Correct Answer: C
“SmartEvent is capable of managing millions of logs per day per correlation unit in large networks. A correlation unit is used to analyze log entry and identify events.”
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGuide/Topics- LMG/SmartEvent-Correlation-Unit.htm
The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?
A. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities.
B. When it comes to performance, proxies were significantly faster than stateful inspection firewalls.
C. Proxies offer far more security because of being able to give visibility of the payload (the data).
D. When it comes to performance, stateful inspection was significantly faster than proxies.
Correct Answer: D
What are the Threat Prevention software components available on the Check Point Security Gateway?
A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing
Correct Answer: C
Check Point licenses come in two forms. What are those forms?
A. Central and Local.
B. Access Control and Threat Prevention.
C. On-premise and Public Cloud.
D. Security Gateway and Security Management.
Correct Answer: A
Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?
A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.
C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
D. Automatic NAT can offer more flexibility than Manual NAT.
Correct Answer: A
“An Auto-NAT rule only uses the source address and port when matching and translating. Manual NAT can match and translate source and destination addresses and ports.”
https://networkdirection.net/articles/firewalls/firepowermanagementcentre/fmcnatpolicies/
What is the default tracking option of a rule?
A. Tracking
B. Log
C. None
D. Alert
Correct Answer: C
A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?
A. Anti-Bot protection
B. Anti-Malware protection
C. Policy-based routing
D. Suspicious Activity Monitoring (SAM) rules
Correct Answer: D
The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?
A. Execute the command ‘enable’ in the cli.sh shell
B. Execute the ‘conf t’ command in the cli.sh shell
C. Execute the command ‘expert’ in the cli.sh shell
D. Execute the ‘exit’ command in the cli.sh shell
Correct Answer: C
Where can administrator edit a list of trusted SmartConsole clients?
A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
B. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
D. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
Correct Answer: D
In which deployment is the security management server and Security Gateway installed on the same appliance?
A. Standalone
B. Remote
C. Distributed
D. Bridge Mode
Correct Answer: A
When dealing with rule base layers, what two layer types can be utilized?
A. Ordered Layers and Inline Layers
B. Inbound Layers and Outbound Layers
C. R81.10 does not support Layers
D. Structured Layers and Overlap Layers
Correct Answer: A
How can the changes made by an administrator before publishing the session be seen by a Super User administrator?
A. By impersonating the administrator with the ‘Login as…’ option.
B. They cannot be seen.
C. From the SmartView Tracker audit log.
D. From Manage and Settings > Sessions, right click on the session and click ‘View Changes…’.
Correct Answer: D
What are the three main components of Check Point security management architecture?
A. SmartConsole, Security Management, and Security Gateway
B. Smart Console, Standalone, and Security Management
C. SmartConsole, Security policy, and Logs & Monitoring
D. GUI-Client, Security Management, and Security Gateway
Correct Answer: A
What is the main objective when using Application Control?
A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.
Correct Answer: A
What command from the CLI would be used to view current licensing?
A. license view
B. fw ctl tab -t license -s
C. show license -s
D. cplic print
Correct Answer: D
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
A. Publish changes
B. Save changes
C. Install policy
D. Install database
Correct Answer: C
The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?
A. Cannot reach the Security Gateway.
B. The gateway and all its Software Blades are working properly.
C. At least one Software Blade has a minor issue, but the gateway works.
D. Cannot make SIC between the Security Management Server and the Security Gateway
Correct Answer: C
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
A. RADIUS
B. Check Point password
C. Security questions
D. SecurID
Correct Answer: C
Which of the following is NOT a component of a Distinguished Name?
A. Common Name
B. Country
C. User container
D. Organizational Unit
Correct Answer: C
In SmartConsole, on which tab are Permissions and Administrators defined?
A. Manage and Settings
B. Logs and Monitor
C. Security Policies
D. Gateways and Servers
Correct Answer: A
Which of the following is used to initially create trust between a Gateway and Security Management Server?
A. Certificate
B. Internal Certificate Authority
C. Token
D. One-time Password
Correct Answer: D
How many users can have read/write access in Gaia Operating System at one time?
A. One
B. Three
C. Two
D. Infinite
Correct Answer: A
What is the default shell of Gaia CLI?
A. clish
B. Monitor
C. Read-only
D. Bash
Correct Answer: A
The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?
A. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.
B. No action is required if the firewall has internet access and a DNS server to resolve domain names.
C. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.
D. The cpinfo command must be run on the firewall with the switch -online-license-activation.
Correct Answer: C
In which scenario will an administrator need to manually define Proxy ARP?
A. When they configure an “Automatic Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
B. When they configure an “Automatic Hide NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
D. When they configure a “Manual Hide NAT” which translates to an IP address that belongs to one of the firewall’s interfaces.
Correct Answer: C
Which Threat Prevention profile uses sanitization technology?
A. Cloud/data Center
B. perimeter
C. Sandbox
D. Guest Network
Correct Answer: B
Which two Identity Awareness daemons are used to support identity sharing?
A. Policy Activation Point (PAP) and Policy Decision Point (PDP)
B. Policy Manipulation Point (PMP) and Policy Activation Point (PAP)
C. Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP)
D. Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
Correct Answer: D
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
A. SmartDashboard
B. SmartEvent
C. SmartView Monitor
D. SmartUpdate
Correct Answer: B
To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?
A. Cache the data to speed up its own function.
B. Share the data to the ThreatCloud for use by other Threat Prevention blades.
C. Log the traffic for Administrator viewing.
D. Delete the data to ensure an analysis of the data is done each time.
Correct Answer: B
Which policy type is used to enforce bandwidth and traffic control rules?
A. Access Control
B. Threat Emulation
C. Threat Prevention
D. QoS
Correct Answer: D
When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?
A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command ‘sam block’ must be used with the right parameters.
D. The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
Correct Answer: A
A Security GatewayClosed with SAM enabled has Firewall rules to block suspicious connections that are not restricted by the security policyClosed. These rules are applied immediately (policy installation is not required).
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Monitoring- Suspicious-Activity-Rules.htm
Fill in the blank: An Endpoint identity agent uses a _____ for user authentication.
A. Token
B. Username/password or Kerberos Ticket
C. Shared secret
D. Certificate
Correct Answer: B
Fill in the blanks: The _______ collects logs and sends them to the _______.
A. Log server; Security Gateway
B. Log server; security management server
C. Security management server; Security Gateway
D. Security Gateways; log server
Correct Answer: D
Which of the following is NOT an advantage to using multiple LDAP servers?
A. You achieve a faster access time by placing LDAP servers containing the database at remote sites
B. You achieve compartmentalization by allowing a large number of users to be distributed across several servers
C. Information on a user is hidden, yet distributed across several servers.
D. You gain High Availability by replicating the same information on several servers
Correct Answer: C
Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer.
A. Upper; Application
B. First two; Internet
C. Lower; Application
D. First two; Transport
Correct Answer: C
When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?
A. The gateway is not powered on.
B. Incorrect routing to reach the gateway.
C. The Admin would need to login to Read-Only mode
D. Another Admin has made an edit to that object and has yet to publish the change.
Correct Answer: D
DLP and Geo Policy are examples of what type of Policy?
A. Inspection Policies
B. Shared Policies
C. Unified Policies
D. Standard Policies
Correct Answer: B
Fill in the blanks: In _____ NAT, Only the ________ is translated.
A. Static; source
B. Simple; source
C. Hide; destination
D. Hide; source
Correct Answer: D
Which of the following is considered a “Subscription Blade”, requiring renewal every 1-3 years?
A. IPS blade
B. IPSEC VPN Blade
C. Identity Awareness Blade
D. Firewall Blade
Correct Answer: A
In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs it is recommended to Install the Log Server on a dedicated computer. Which statement is FALSE?
A. The dedicated Log Server must be the same version as the Security Management Server.
B. More than one Log Server can be installed.
C. A Log Server has a SIC certificate which allows secure communication with the SMS and Security Gateways.
D. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.
Correct Answer: D
In order to modify Security Policies the administrator can use which of the following tools? (Choose the best answer.)
A. SmartConsole and WebUI on the Security Management Server.
B. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed.
C. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
D. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
Correct Answer: B
A SAM rule Is implemented to provide what function or benefit?
A. Allow security audits.
B. Handle traffic as defined in the policy.
C. Monitor sequence activity.
D. Block suspicious activity.
Correct Answer: D
Is it possible to have more than one administrator connected to a Security Management Server at once?
A. Yes, but only if all connected administrators connect with read-only permissions.
B. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
C. No, only one administrator at a time can connect to a Security Management Server
D. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
Correct Answer: B
Which default Gaia user has full read/write access?
A. admin
B. superuser
C. monitor
D. altuser
Correct Answer: A
Which is a main component of the Check Point security management architecture?
A. Identity Collector
B. Endpoint VPN client
C. SmartConsole
D. Proxy Server
Correct Answer: C
When using Automatic Hide NAT, what is enabled by default?
A. Source Port Address Translation (PAT)
B. Static NAT
C. Static Route
D. HTTPS Inspection
Correct Answer: A
Which of the following cannot be configured in an Access Role Object?
A. Networks
B. Users
C. Time
D. Machines
Correct Answer: C
What are the two types of NAT supported by the Security Gateway?
A. Source and Destination
B. Static and Source
C. Hide and Static
D. Destination and Hide
Correct Answer: C
In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?
A. Logging & Monitoring
B. None - the data is available by default
C. Monitoring Blade
D. SNMP
Correct Answer: C