CCSA Flashcards by pontus ekberg

What are the three main components in Check Point Security Architecture?

SmartConsole - GUI for connection to the mgmt section of the security mgmt servers
Security Management Server - Manages Security Gateways with defined security policies and monitors security events on the network.
Security Gateways - Which serve as entry points and cyber barriers to traffic.

How well did you know this?

Not at all

Perfectly

What can the SmartConsole interface provide for necessarey monitoring and and configurations?

4 main areas

Security Policy Management
Log Analysis
System Health Monitoring
Multi-Domain Security Management

How well did you know this?

Not at all

Perfectly

What are the 7 layers of the OSI model?

Application - 7
Presentation - 6
Session - 5
Transportation - 4
Network - 3
Data Link - 2
Physical - 1

How well did you know this?

Not at all

Perfectly

What are the 4 layers of the TCP/IP model?

Application - 4
Transport - 3
Internet - 2
Network interface - 1

How well did you know this?

Not at all

Perfectly

Which three technologies are used to deny or permit network traffic?

Packet Filtering
Stateful Inspection
Application Layer Firewall

How well did you know this?

Not at all

Perfectly

Which of the following is NOT an integral part of VPN communication within a network?

A. VPN key
B. VPN community
C. VPN trust entities
D. VPN domain

How well did you know this?

Not at all

Perfectly

Why are “State Tables” a key component in the Stateful Inspeciton?

They maintain the information needed to correctly inspect packets.

How well did you know this?

Not at all

Perfectly

What is the purpose of security gateways?

It prevents unathourized traffic from entering the companys network

How well did you know this?

Not at all

Perfectly

Name 5 Check Point appliances

Small business and branch office appliances
Enterprise network security appliances
Data center security systems
Chassis systems
Rugged Appliances

How well did you know this?

Not at all

Perfectly

True or False
Licensing can be transferred between old and new hardware.

True

Hardware must be supported by Check Point

How well did you know this?

Not at all

Perfectly

What are the three deployment options?

Standalone
Distributed
Bridge mode

How well did you know this?

Not at all

Perfectly

Explain “Standalone Deployment”

In a standalone deployment, the Security Management Server and Security Gateway are installed on the same computer or appliance.

How well did you know this?

Not at all

Perfectly

Explain “Distributed Deployment”

In a distributed deployment, the Security Gateway and Security Management Server are installed on different computers or appliances.

How well did you know this?

Not at all

Perfectly

Explain “Bridge Mode Deployment”

A bridge mode deployment adds a Security Gateway to an existing enviroment without changing IP routing.

How well did you know this?

Not at all

Perfectly

What is Gaia?

Check Point’s operating system

How well did you know this?

Not at all

Perfectly

Name the two main shells for Check Point’s CLI

Clish and Expert

How well did you know this?

Not at all

Perfectly

What are the two default users in Gaia?

admin and monitor

How well did you know this?

Not at all

Perfectly

What are two main hardware options for deploying Check Point technology?

Check Point Appliance and Open Server

How well did you know this?

Not at all

Perfectly

What is a private package?

It’s a Hotfix, which is located on the Check Point Support Center, and is only available to limited audiences.

How well did you know this?

Not at all

Perfectly

What is Secure Internal Communication (SIC)

SIC is a certificate-based channel for communications between modules (CP components).

How well did you know this?

Not at all

Perfectly

What are the three status that SIC can display?

Communicating - Secure communication is established
Unknown - Gateway and Management Server have no connection
Not Communicating - Management Server can contact the Gateway but cannot establish SIC

How well did you know this?

Not at all

Perfectly

What is SmartConsole used for?

It’s a GUI that manage:
* Network Elements
* Servers
* Security Gateways

How well did you know this?

Not at all

Perfectly

What does SmartEvent do?

Correlates logs and detects real security threats

How well did you know this?

Not at all

Perfectly

What is the SmartConsole application called that displays a complete picture of network and security performance, letting you monitor changes to Gateways (FW), tunnels, remote users, and security activities?

SmartView Monitor

How well did you know this?

Not at all

Perfectly

When is a session created in SmartConsole?

Each time an administrator logs in | Changes are saved automatically

What is a required action that an administrator have to do for making changes available to all administrators and user?

The administrator have to publish the session.

Name one task that takes place on the Gateway & Servers tab.

* Manage Security Gateways * Configure Gateway Blade Activation * View Gateway Status | One of these^

Name the 2 components that the Check Point License consists of

* Software Blade * Software Container

What does the Software Blade enable?

Specific features or functionalities | Each software blade must be attached to a Software Container

What does the Software container do?

It houses the Software Blades

Name the three types of Software Containers

* Security Management * Security Gateway * Endpoint Security

How long is a Plug-and-Play license valid?

15 days

What's the difference between the two different license forms Central and Local?

* Central ties the package license to the IP address on the Management Server and has no dependency on Gateway IP * Local license is tied to the IP address of a specific Security Gateway, it cannot be transferred to a Gateway with a different IP

What are the three features of automatic licensing?

* Checks periodically to verify licenses * Activates new licenses added to the repository * Automatically adds new blades to SmartConsole

What two tabs are within the SmartUpdate tab?

* Package Management tab * License & Contracts tab

In what ways can you add a license to "License & Contract Repository"? | Through SmartUpdate

* From the User Center * From a file * Manually

Name the three types of Software Containers

* Security Management * Security Gateway * Endpoint Security

What are Subscription Blades?

Licenses for different services such as IPS, URL filtering and Application Control. These licenses can expire. Often renewd after a specified period of time.

Name one reason for generating and installing a new license

* Existing license expires * License is upgraded * IP address of the Security Management or Security Gateway has changed.

How many zones can an interface be assigned to?

Only one

A policy package can have which different policy type?

- Acces control - QoS - Desktop Security - Threat Prevention - HTTPS Inspection

What is a policy package?

It's a group of different types of policies that are installed together on the same installation targets

What's the difference between a perpetual and a subscription based license?

* A perpetual license doesn't have an expiration date * A subscription license can have an expiration date

Explain a "Stealth rule"

A Stealth rule is a rule that should be located as early in your policy as possible, typically immediately after any Management rules so as to drop any traffic destined for the Firewall that is not otherwise explicitly allowed.

Name one thing that a basic rule consists of

* Rule number * Name of the rule * Source * Destination * Whether or not VPN will be used * Services & Applications * Action to take if the session criteria matches * If and how the rule activity should be tracked * Which Firewall object(s) will enforce the rule * The time period for the rule

What are the building blocks of Security Policy rules?

Objects are the building blocks of Security Policy rules and are stored in the Objects database on the management server.

What is the purpose of a UserCheck?

UserCheck is a communication tool used by the Security Gateway to inform a user about a website or application they are trying to access. *It communicates messages about the company’s Security Policy or a change in the company’s Security Policy to the person trying to access the application or Internet site. This tool provides users the ability to create, edit, or delete UserCheck interaction objects in the Access Control and Threat Prevention policy.*

What Blades can a Policy Layer contain?

* Firewall (Network Access Control) * Application & URL Filtering * Content Awareness * Mobile Access

Name the two types of Policy Layer

* Ordered Layer * Inline Layer

What is the purpose of Policy Layers?

They are a set of rules or a rulebase that let you divide a policy into smaller more manageable sections to serve a certain purpose.

What type of Policy Layer is independet of the rest of the rulebase?

Inline

What type of Policy Layer is NOT independant of the rest of the rulebase?

Ordered

Describe a main purpose Application Control & URL filtering

They make it possible for IT administrators to protect corporate resources by creating policies the detect or block thousands of applications and internet sites.

True or False When URL filtering is set, employee data is kept private when attempting to determine site category. Only the host part of the URL is sent to the Check Point Online Web Service.

True

Which are the private IPs ?

* 10.0.0.0-10.255.255.255/8 * 172.16.0.0-172.31.255.255/12 * 192.168.0.0-192.168.255.255/16

What is the difference between STATIC NAT and HIDE NAT?

HIDE NAT is a translation solution that only allows outgoing traffic. I translates many private adresses to one public address. They are seperated by unique port numbers along with sharing the sam public IP. Used for internal users accessing external resources. STATIC NAT allows both incoming and outgoing traffic. The translation is one to one meaning one private address translates into one public address. Often used for internet web servers and configured to any application that need inbound and outbound connectivity.

What are the three types of Endpoint Identity Agents?

* Full Endpoint Identity Agent * Light Endpoint Identity Agent * Custom Endpoint Identity Agent

What are the four elements a Distinguished Name (DN) include?

* Common Name (CN) * Organizational Unit (ON) * Organization Name * Domain Controller (DC)

What purpose does the user directory serve?

* Users can be managed externally by a User Director (LDAP) server * The management server can use the LDAP data to authenticate users * User data from other applications gathered in the LDAP users database can be shared by different applications

Name one of the items the Identity Awareness feature lets you configure network access and auditing based on.

* Network location * The identity of a user * The identity of a machine

Name one authentication scheme that Check Point supports.

* Active Directory Query * Browser-Based Authentication * Identity Agents * Terminal Servers Agent * RADIUS * Remote Access

What is the purpose for collecting logs?

To research alerts, rejected connections and failed authentication attempts. Collecting logs helps with analysing network traffic patterns and meeting compliance requirements.

Name at least one search filter when creating log queries.

* Action * Blade * Confidence Level * Destination * Origin * Protection * Protection Type * Risk * Severity * Source * User

What are Boolean Operators?

They are used to refine search results. The operators AND, OR, and NOT are used to create queries with multiple filter criteria in order to refine search results.

The monitoring views of SmartConsole and SmartView Monitor show real-time and historical graphical views of:

* Gateway Status * Remote Users (SmartView Monitor only) * System counters * VPN tunnel monitoring (SmartView Monitor only) * Cooperative Enforcment for Endpoint Security Servers * Traffic

What does SAM stand for and what does it monitor?

Suspicious Activity Monitoring is a utility that is inegrated in SmartView Monitor. It can be used to block activities that are displayed in the monitor results and appear to be suspicious.

Where can alerts be seen?

Alerts are sent by the gateways to the management server. They can be seen in SmartView Monitor.

Name the Threat Prevention software components available.

* IPS * Anti-Bot * Anti-Virus * Threat Emulation * Threat Extraction

What is the default Threat Prevention Profile?

Perimiter

Which Threat Prevention feature protects from unknow threats by simulation the behavior of the potential threat before it enters the network?

Threat Emulation

Which Threat Prevention feature protects the network from threats attempting to infiltrate the systems?

Anti-Virus

Which Threat Prevention feature removes potential threats from inbound communications that would otherwise be innocent?

Threat Excursion

When enabling tracking on a rule, what is the default option? **A**. Accounting Log **B**. Extended Log **C**. Log **D**. Detailed Log

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components? **A**. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine. **B**. Licensed Check Point products for the Gala operating system and the Gaia operating system itself. **C**. The CPUSE engine and the Gaia operating system. **D**. The Gaia operating system only.

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code? **A**. Both License (.lic) and Contract (.xml) files **B**. cp.macro **C**. Contract file (.xml) **D**. license File (.lie)

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as .... **A**. User Center **B**. User Administration **C**. User Directory **D**. UserCheck

Can you use the same layer in multiple policies or rulebases? **A**. Yes - a layer can be shared with multiple policies and rules. **B**. No - each layer must be unique. **C**. No - layers cannot be shared or reused, but an identical one can be created. **D**. Yes - but it must be copied and pasted with a different name.

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made? **A**. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes. **B**. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. **C**. Tom's changes will be lost since he lost connectivity and he will have to start again. **D**. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Security Gateway software blades must be attached to what? **A**. Security Gateway **B**. Security Gateway container **C**. Management server **D**. Management container

Which tool allows you to monitor the top bandwidth on smart console? **A**. Logs & Monitoring **B**. Smart Event **C**. Gateways & Severs Tab **D**. SmartView Monitor

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone? **A**. The zone is based on the network topology and determined according to where the interface leads to. **B**. Security Zones are not supported by Check Point firewalls. **C**. The firewall rule can be configured to include one or more subnets in a zone. **D**. The local directly connected subnet defined by the subnet IP and subnet mask.

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering? **A**. Stateful Inspection offers unlimited connections because of virtual memory usage. **B**. Stateful Inspection offers no benefits over Packet Filtering. **C**. Stateful Inspection does not use memory to record the protocol used by the connection. **D**. Only one rule is required for each connection.

Which type of Endpoint Identity Agent includes packet tagging and computer authentication? **A**. Full **B**. Custom **C**. Complete **D**. Light

Fill in the blanks: Gaia can be configured using ----- or ------. **A**. CLI (Expert mode); WebUI **B**. Gaia Interface; GaiaUI **C**. WebUI; Gaia Interface **D**. GaiaUI; CLI (Expert mode)

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE? **A**. Section titles are not sent to the gateway side. **B**. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement. **C**. A Sectional Title can be used to disable multiple rules by disabling only the sectional title. **D**. Sectional Titles do not need to be created in the SmartConsole.

In which scenario is it a valid option to transfer a license from one hardware device to another? **A**. From a 4400 Appliance to a 2200 Appliance **B**. From a 4400 Appliance to an HP Open Server **C**. From an IBM Open Server to an HP Open Server **D**. From an IBM Open Server to a 2200 Appliance

C ## Footnote Check Point typically allows license transfers between open servers (i.e., non-Check Point branded hardware) as long as they meet the required specifications and licensing policies.

What are the three types of UserCheck messages? **A**. action, inform, and ask **B**. ask, block, and notify **C**. block, action, and warn **D**. inform, ask, and block

A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored? **A**. In the system SMEM memory pool. **B**. In State tables. **C**. In the Sessions table. **D**. In a CSV file on the firewall hard drive located in $FWDIR/conf/.

What is the RFC number that act as a best practice guide for NAT? **A**. RFC 1939 **B**. RFC 1950 **C**. RFC 1918 **D**. RFC 793

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology? **A**. WebCheck **B**. UserCheck **C**. Harmony Endpoint **D**. URL categorization

One of major features in SmartConsole is concurrent administration. Which of the following is **NOT** possible considering that AdminA, AdminB and AdminC are editing the same Security Policy? **A**. AdminA, AdminB and AdminC are editing three different rules at the same time. **B**. AdminA and AdminB are editing the same rule at the same time. **C**. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator. **D**. AdminB sees a pencil icon next the rule that AdminB is currently editing.

What is a role of Publishing? **A**. The Security Management Server Installs the updated policy and the entire database on Security Gateways. **B**. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public. **C**. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways. **D**. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

What was one limitation of using Security Zones in the network for R80 appliances? **A**. Security zones will not work in Automatic NAT rules **B**. Security zone will not work in Manual NAT rules **C**. Security zones will not work in firewall policy layer **D**. Security zones cannot be used in network topology

When configuring LDAP with User Directory integration, changes applied to a User Directory template are: **A**. Not reflected for any users unless the local user template is changed. **B**. Not reflected for any users who are using that template. **C**. Reflected for all users who are using that template and if the local user template is changed as well. **D**. Reflected immediately for all users who are using that template.

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time. **A**. True, every administrator works on a different database that Is independent of the other administrators **B**. False, this feature has to be enabled in the Global Properties. **C**. True, every administrator works in a session that is independent of the other administrators **D**. False, only one administrator can login with write permission

What are the three deployment options available for a security gateway? **A**. Standalone, Distributed, and Bridge Mode **B**. Bridge Mode, Remote, and Standalone **C**. Remote, Standalone, and Distributed **D**. Distributed, Bridge Mode, and Remote

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway? **A**. Data Loss Prevention **B**. Antivirus **C**. Application Control **D**. NAT

Choose what BEST describes users on Gaia Platform. **A**. There are two default users and neither can be deleted. **B**. There are two default users and one cannot be deleted. **C**. There is one default user that can be deleted. **D**. There is one default user that cannot be deleted.

A | Admin & Monitor

Which type of Check Point license ties the package license to the IP address of the Security Management Server? **A**. Central **B**. Corporate **C**. Local **D**. Formal

An administrator wishes to use Application objects in a rule in their policy, but there are no Application objects listed as options to add when clicking the "+" to add new items to the "Services & Applications" column of a rule. What should be done to fix this? **A**. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule. **B**. The "Application Control" blade should be enabled on a gateway. **C**. "Applications & URL Filtering" should first be enabled on the policy layer where the rule is being created. **D**. The administrator should first create some applications to add to the rule.

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance? **A**. Threat Emulation **B**. Monitoring **C**. Logging and Status **D**. Application Control

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address? **A**. Formal **B**. Central **C**. Corporate **D**. Local

What is the purpose of Captive Portal? **A**. It manages user permission in SmartConsole **B**. It provides remote access to SmartConsole **C**. It authenticates users, allowing them access to the Internet and corporate resources **D**. It authenticates users, allowing them access to the Gaia OS

Which of these is **NOT** a feature or benefit of Application Control? **A**. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk. **B**. Identify and control which applications are in your IT environment and which to add to the IT environment. **C**. Scans the content of files being downloaded by users in order to make policy decisions. **D**. Automatically identify trusted software that has authorization to run

Identity Awareness allows easy configuration for network access and auditing based on what three items? **A**. Client machine IP address. **B**. Network location, the identity of a user and the identity of a machine. **C**. Log server IP address. **D**. Gateway proxy IP address.

How do logs change when the "Accounting" tracking option is enabled on a traffic rule? **A**. Involved traffic logs will be forwarded to a log server. **B**. Provides log details view email to the Administrator. **C**. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection. **D**. Provides additional information to the connected user.

Fill in the blank: The position of an Implied rule is manipulated in the ------ window. **A**. NAT **B**. Global Properties **C**. Object Explorer **D**. Firewall

You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason? **A**. Identity Awareness is not enabled. **B**. Log Trimming is enabled. **C**. Logging has disk space issues **D**. Content Awareness is not enabled.

How many layers make up the TCP/IP model? **A**. 2 **B**. 4 **C**. 6 **D**. 7

Fill in the blank: The -------- feature allows administrators to share a policy with other policy packages. **A**. Concurrent policy packages **B**. Concurrent policies **C**. Global Policies **D**. Shared policies

Access roles allow the firewall administrator to configure network access according to: **A**. remote access clients. **B**. a combination of computer or computer groups and networks. **C**. users and user groups. **D**. All of the above.

In SmartEvent, a correlation unit (CU) is used to do what? **A**. Collect security gateway logs, Index the logs and then compress the logs. **B**. Receive firewall and other software blade logs in a region and forward them to the primary log server. **C**. Analyze log entries and identify events. **D**. Send SAM block rules to the firewalls during a DOS attack.

The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct? **A**. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities. **B**. When it comes to performance, proxies were significantly faster than stateful inspection firewalls. **C**. Proxies offer far more security because of being able to give visibility of the payload (the data). **D**. When it comes to performance, stateful inspection was significantly faster than proxies.

What are the Threat Prevention software components available on the Check Point Security Gateway? **A**. IPS, Threat Emulation and Threat Extraction **B**. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction **C**. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction **D**. IDS, Forensics, Anti-Virus, Sandboxing

Check Point licenses come in two forms. What are those forms? **A**. Central and Local. **B**. Access Control and Threat Prevention. **C**. On-premise and Public Cloud. **D**. Security Gateway and Security Management.

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true? **A**. Manual NAT can offer more flexibility than Automatic NAT. **B**. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation. **C**. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading. **D**. Automatic NAT can offer more flexibility than Manual NAT.

What is the default tracking option of a rule? **A**. Tracking **B**. Log **C**. None **D**. Alert

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic? **A**. Anti-Bot protection **B**. Anti-Malware protection **C**. Policy-based routing **D**. Suspicious Activity Monitoring (SAM) rules

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands? **A**. Execute the command 'enable' in the cli.sh shell **B**. Execute the 'conf t' command in the cli.sh shell **C**. Execute the command 'expert' in the cli.sh shell **D**. Execute the 'exit' command in the cli.sh shell

Where can administrator edit a list of trusted SmartConsole clients? **A**. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server. **B**. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients. **C**. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway. **D**. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

In which deployment is the security management server and Security Gateway installed on the same appliance? **A**. Standalone **B**. Remote **C**. Distributed **D**. Bridge Mode

When dealing with rule base layers, what two layer types can be utilized? **A**. Ordered Layers and Inline Layers **B**. Inbound Layers and Outbound Layers **C**. R81.10 does not support Layers **D**. Structured Layers and Overlap Layers

How can the changes made by an administrator before publishing the session be seen by a Super User administrator? **A**. By impersonating the administrator with the 'Login as...' option. **B**. They cannot be seen. **C**. From the SmartView Tracker audit log. **D**. From Manage and Settings > Sessions, right click on the session and click 'View Changes...'.

What are the three main components of Check Point security management architecture? **A**. SmartConsole, Security Management, and Security Gateway **B**. Smart Console, Standalone, and Security Management **C**. SmartConsole, Security policy, and Logs & Monitoring **D**. GUI-Client, Security Management, and Security Gateway

What is the main objective when using Application Control? **A**. To filter out specific content. **B**. To assist the firewall blade with handling traffic. **C**. To see what users are doing. **D**. Ensure security and privacy of information.

What command from the CLI would be used to view current licensing? **A**. license view **B**. fw ctl tab -t license -s **C**. show license -s **D**. cplic print

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform? **A**. Publish changes **B**. Save changes **C**. Install policy **D**. Install database

Which default Gaia user has full read/write access? **A**. superuser **B**. monitor **C**. altuser **D**. admin

Which icon in the WebUI indicates that read/write access is enabled? **A**. Eyeglasses **B**. Pencil **C**. Padlock **D**. Book

Which SmartConsole tab is used to monitor network and security performance? **A**. Logs Monitor **B**. Manage Settings **C**. Security Policies **D**. Gateway Servers

Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS. What software packages are supported for deployment? **A**. It supports deployments of single HotFixes (HF), and of Major Versions. Blink Packages and HotFix Accumulators (Jumbo) are not supported. **B**. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions. **C**. It supports deployments of Major Versions and Blink packages only. **D**. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), but not of Major Versions.

In SmartConsole, on which tab are Permissions and Administrators defined? **A**. MANAGE & SETTINGS **B**. SECURITY POLICIES **C**. GATEWAYS & SERVERS **D**. LOGS & MONITOR

Which tool allows automatic update of Gaia OS and Check Point products installed on Gaia OS? **A**. CPDAS - Check Point Deployment Agent Service **B**. CPUSE - Check Point Upgrade Service Engine **C**. CPASE - Check Point Automatic Service Engine **D**. CPAUE - Check Point Automatic Update Engine

In the Check Point three-tiered architecture, which of the following is **NOT** a function of the Security Management Server? **A**. Verify and compile Security Policies. **B**. Display policies and logs on the administrator's workstation. **C**. Store firewall logs to hard drive storage. **D**. Manage the object database.

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time. **A**. True, every administrator works on a different database that is independent of the other administrators **B**. False, only one administrator can login with write permission **C**. True, every administrator works in a session that is independent of the other administrators **D**. False, this feature has to be enabled in the Global Properties

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer. **A**. Delete older versions of database. **B**. Publish or discard the session. **C**. Revert the session. **D**. Save and install the Policy.

What are the two deployment options available for a security gateway? **A**. Bridge and Switch **B**. Local and Remote **C**. Cloud and Router **D**. Standalone and Distributed

Which one of the following is the preferred licensing model? Select the BEST answer. **A**. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server. **B**. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency. **C**. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway. **D**. Central licensing because it ties the package license to the MAC-address of the Security Management Server's Mgmt-interface and has no dependency on the gateway.

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ------ types of Software Containers: -------. **A**. Two; Security Management and Endpoint Security **B**. Three; Security Management, Security Gateway, and Endpoint Security **C**. Three; Security Gateway, Endpoint Security, and Gateway Management **D**. Two; Endpoint Security and Security Gateway

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made? **A**. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. **B**. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes. **C**. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work. **D**. Tom’s changes will be lost since he lost connectivity and he will have to start again.

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine? **A**. Data Awareness **B**. Threat Emulation **C**. Application Control **D**. Identity Awareness

What is the default shell of Gaia CLI? **A**. Read-only **B**. Expert **C**. Clish **D**. Bash

DLP and Mobile Access Policy are examples of what type of Policy? **A**. Shared Policies **B**. Unified Policies **C**. Inspection Policies **D**. Standard Policies

Which of the following is NOT a valid application navigation tab in SmartConsole? **A**. WEBUI & COMMAND LINE **B**. SECURITY POLICIES **C**. GATEWAYS & SERVERS **D**. LOGS & MONITOR

What are two basic rules Check Point recommends for building an effective security policy? **A**. Accept Rule and Drop Rule **B**. Explicit Rule and Implied Rule **C**. Cleanup Rule and Stealth Rule **D**. NAT Rule and Reject Rule

When dealing with policy layers, what two layer types can be utilized? **A**. Inbound Layers and Outbound Layers **B**. Ordered Layers and Inline Layers **C**. Structured Layers and Overlap Layers **D**. R81.X does not support Layers

What are the three main components of Check Point security management architecture? **A**. Smart Console, Standalone, Security Management Server **B**. Policy-Client, Security Management Server, Security Gateway **C**. SmartConsole, Security Policy Server, Logs & Monitoring **D**. SmartConsole, Security Management Server, Security Gateway

Which Check Point software blade provides protection from zero-day and undiscovered threats? **A**. Threat Extraction **B**. Threat Emulation **C**. Firewall **D**. Application Control

What are the three types of UserCheck messages? **A**. ask, block, and notify **B**. block, action, and warn **C**. action, inform, and ask **D**. inform, ask, and drop

By default, which port is used to connect to the GAiA Portal? **A**. 4434 **B**. 80 **C**. 8080 **D**. 443

Choose what BEST describes a Session. **A**. Sessions ends when policy is pushed to the Security Gateway. **B**. Sessions locks the policy package for editing. **C**. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out. **D**. Starts when an Administrator publishes all the changes made on SmartConsole.

Which command shows detailed information about VPN tunnels? **A**. cat $FWDIR/conf/vpn.conf **B**. vpn tu tlist **C**. vpn tu **D**. cpview

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do? **A**. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server. **B**. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server. **C**. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server. **D**. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule? **A**. "Inspect", "Bypass" **B**. "Inspect", "Bypass", "Categorize" **C**. "Inspect", "Bypass", "Block" **D**. "Detect", "Bypass"

What is the main difference between Static NAT and Hide NAT? **A**. Hide NAT only allows incoming connections to protect your network. **B**. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections. **C.** Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections. **D.** Static NAT only allows incoming connections to protect your network.

There are four policy types available for each policy package. What are those policy types? **A.** Access Control, Threat Prevention, Mobile Access and HTTPS Inspection **B.** Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection **C.** There are only three policy types: Access Control, Threat Prevention and NAT. **D.** Access Control, Threat Prevention, NAT and HTTPS Inspection

Where can alerts be viewed? **A.** Alert can be seen from the CLI of the gateway **B.** Alerts can be seen in SmartUpdate **C.** Alerts can be seen in the Threat Prevention policy **D.** Alerts can be seen in SmartView Monitor

In SmartConsole, on which tab are Permissions and Administrators defined? **A.** GATEWAYS & SERVERS **B.** SECURITY POLICIES **C.** MANAGE & SETTINGS **D.** LOGS & MONITOR

Which of the following is a valid deployment option? **A**. CloudSec deployment **B**. Disliked deployment **C**. Router only deployment **D**. Standalone deployment

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them? **A**. Read Only All **B**. Full Access **C**. Editor **D**. Super User

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance? **A**. Logging and Status **B**. Monitoring **C**. Threat Emulation **D**. Application Control

Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? Choose the BEST answer. **A**. Anti-Malware **B**. Content Awareness **C**. Anti-Virus **D**. IPS

URL Filtering cannot be used to: **A**. Control Data Security **B**. Decrease legal liability **C**. Improve organizational security **D**. Control Bandwidth issues

Which one of the following is TRUE? **A**. One policy can be either inline or ordered, but not both. **B**. Inline layer can be defined as a rule action. **C**. Ordered policy is a sub-policy within another policy. **D**. Pre-R80 Gateways do not support ordered layers.

Fill in the blanks: A Check Point software license consists of a ---- and -----. **A**. Software container; software package **B**. Software package; signature **C**. Signature; software blade **D**. Software blade; software container

Which of the following is used to initially create trust between a Gateway and Security Management Server? **A**. One-time Password **B**. Token **C**. Certificate **D**. Internal Certificate Authority

What are the two elements of address translation rules? **A**. Original packet and translated packet **B**. Manipulated packet and original packet **C**. Untranslated packet and manipulated packet **D**. Translated packet and untranslated packet

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1? **A**. 192.168.1.1 AND 172.26.1.1 AND drop **B**. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop **C**. 192.168.1.1 OR 172.26.1.1 AND action:Drop **D**. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop

Fill in the blanks: The ----- collects logs and sends them to the -----. **A**. Log server; Security Gateway **B**. Security Gateways; log server **C**. Log server; security management server **D**. Security management server; Security Gateway

Which of the following is **NOT** an authentication scheme used for accounts created through SmartConsole? **A**. RADIUS **B**. SecurID **C**. Check Point password **D**. Security questions

Which of the following statements about Site-to-Site VPN Domain-based is **NOT** true? **A**. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI. **B**. Domain-based- VPN domains are pre-defined for all VPN Gateways. VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway. **C**. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway. **D**. Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

What is the main objective when using Application Control? **A**. To see what users are doing. **B**. Ensure security and privacy of information. **C**. To filter out specific content. **D**. To assist the firewall blade with handling traffic.

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ------ types of Software Containers: -----. **A**. Two; Security Management and Endpoint Security **B**. Three; Security Management, Security Gateway, and Endpoint Security **C**. Three; Security Gateway, Endpoint Security, and Gateway Management **D**. Two; Endpoint Security and Security Gateway

DLP and Mobile Access Policy are examples of what type of Policy? **A**. Shared Policies **B**. Unified Policies **C**. Inspection Policies **D**. Standard Policies

What are the three types of UserCheck messages? **A**. ask, block, and notify **B**. block, action, and warn **C**. action, inform, and ask **D**. ask, inform and block

Which command shows detailed information about VPN tunnels? **A**. cat $FWDIR/conf/vpn.conf **B**. vpn tu tlist **C**. vpn tu **D**. cpview

Fill in the blank: Backup and restores can be accomplished through ----. **A**. CLI, SmartUpdate, or SmartBackup **B**. SmartUpdate, SmartBackup, or SmartConsole **C**. SmartConsole, WebUI, or CLI **D**. WebUI, CLI, or SmartUpdate

What kind of NAT enables Source Port Address Translation by default? **A**. Automatic Hide NAT **B**. Automatic Static NAT **C**. Manual Static NAT **D**. Manual Hide NAT

Fill in the blanks: In ---- NAT, Only the ----- is translated. **A**. Hide; source **B**. Simple; source **C**. Static; source **D**. Hide; destination

Application Control/URL filtering database library is known as: **A**. AppWiki **B**. Application-Forensic Database **C**. Application Library **D**. Application database

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently? **A**. Security Management Server **B**. Security Gateway **C**. SmartConsole **D**. SmartManager

Which of the following technologies extracts detailed information from packets and stores that information in different tables? **A**. Application Layer Firewall **B**. Packet Filtering **C**. Next-Generation Firewall **D**. Stateful Inspection

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic? **A**. Open SmartEvent to see why they are being blocked. **B**. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet. **C**. Open SmartMonitor and connect remotely to the wireless controller. **D**. Open SmartUpdate and review the logs tab

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system? **A**. Gaia iOS **B**. Red Hat Enterprise Linux version 4 **C**. Centos Unix **D**. Gaia embedded

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone? **A**. Security Zones are not supported by Check Point firewalls. **B**. The firewall rule can be configured to include one or more subnets in a zone. **C**. The zone is based on the network topology and determined according to where the interface leads to. **D**. The local directly connected subnet defined by the subnet IP and subnet mask.

Which of the completed statements is NOT true? The GAiA Portal (WebUI) can be used to manage Operating System user accounts and: **A**. assign privileges to users. **B**. assign user rights to the directory structure on the Security Management Server. **C**. add more users to the Gaia operating system. **D**. change the home directory of the user.

Which encryption algorithm is the least secured? **A**. 3DES **B**. AES-128 **C**. DES **D**. AES-256

Fill in the blank: SmartConsole, SmartEvent GUI client, and ------ allow viewing of billions of consolidated logs and shows them as prioritized security events. **A**. SmartMonitor **B**. SmartReporter **C**. SmartTracker **D**. SmartView Web Application

What is the **default tracking** option of a rule? **A**. None **B**. Alert **C**. Log **D**. Tracking

Fill in the blank: Once a license is activated, a ----- should be installed. **A**. License Management file **B**. License Contract file **C**. Security Gateway Contract file **D**. Service Contract file

D ## Footnote The Service Contract file is installed after activating the license to ensure that the service contract is linked with the product.

When should you generate new licenses? **A**. Only when the license is upgraded. **B**. After a device upgrade. **C**. When the existing license expires, the license is upgraded, or the IP address associated with the license changes. **D**. Before installing contract files.

Fill in the blank: The position of an Implied rule is manipulated in the ---- window. **A**. Firewall **B**. Object Explorer **C**. Global Properties **D**. NAT

Which of the following situations would not require a new license to be generated and installed? **A**. The existing license expires. **B**. The Security Gateway is upgraded. **C**. The license is upgraded. **D**. The IP address of the Security Management or Security Gateway has changed.

Fill in the blank: In order to install a license, it must first be added to the -----. **A**. Package repository **B**. Download Center Web site **C**. License and Contract repository **D**. User Center

What is required for a certificate-based VPN tunnel between two gateways with separate management systems? **A**. Shared Secret Passwords **B**. Unique Passwords **C**. Shared User Certificates **D**. Mutually Trusted Certificate Authorities

Main Mode in iKEv1 uses how many packages for negotiation? **A**. 3 **B**. depends on the make of the peer gateway **C**. 6 **D**. 4

What are the two types of NAT supported by the Security Gateway? **A**. Destination and Hide **B**. Source and Destination **C**. Static and Source **D**. Hide and Static

Fill in the blank: A(n) ----- rule is created by an administrator and configured to allow or block traffic based on specified criteria. **A**. Explicit **B**. Implicit drop **C**. Implicit accept **D**. Inline

Where is the "Hit Count" feature enabled or disabled in SmartConsole? **A**. In Global Properties. **B**. On each Security Gateway. **C**. On the Policy layer. **D**. On the Policy Package.

Log query results can be exported to what file format? **A**. Comma Separated Value (csv). **B**. Word Document (docx). **C**. Text (txt). **D**. Portable Document Format (pdf).

In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer. **A**. Command line of the Security Management Server or mgmt-cli.exe on any Windows computer. **B**. SmartConsole or mgmt-cli (API) on any computer where SmartConsole is installed. **C**. mgmt-cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server. **D**. SmartConsole and WebUI on the Security Management Server.

When a Security Gateway communicates about its status to an IP address other than its own, which deployment option was chosen? **A**. Targeted **B**. Bridge Mode **C**. Distributed **D**. Standalone

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule? **A**. "Inspect", "Bypass", "Block" **B**. "Inspect", "Bypass", "Categorize" **C**. "Inspect", "Bypass" **D**. "Detect", "Bypass"

Why is a Central License the preferred and recommended method of licensing? **A**. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes. **B**. Central Licensing actually not supported with Gaia. **C**. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed. **D**. Central Licensing is the only option when deploying Gaia

Which of the following is NOT an alert option? **A**. SNMP **B**. User defined alert **C**. High alert **D**. Mail

The VPN Link Selection will perform the following if the primary VPN link goes down? **A**. The Firewall will send out the packet on all interfaces **B**. The Firewall will inform the client that the tunnel is down **C**. The Firewall can update the Link Selection entries to start using a different link for the same tunnel **D**. The Firewall will drop the packets

CCSA Flashcards

Pass the CheckPoint CCSA certification test