CCSA

Question 1

What are the three main components in Check Point Security Architecture?

Answer 1

• SmartConsole - GUI for connection to the mgmt section of the security mgmt servers
• Security Management Server - Manages Security Gateways with defined security policies and monitors security events on the network.
• Security Gateways - Which serve as entry points and cyber barriers to traffic.

Question 2

What can the SmartConsole interface provide for necessarey monitoring and and configurations?

4 main areas

Answer 2

• Security Policy Management
• Log Analysis
• System Health Monitoring
• Multi-Domain Security Management

Question 3

What are the 7 layers of the OSI model?

Answer 3

Application - 7
Presentation - 6
Session - 5
Transportation - 4
Network - 3
Data Link - 2
Physical - 1

Question 4

What are the 4 layers of the TCP/IP model?

Answer 4

Application - 4
Transport - 3
Internet - 2
Network interface - 1

Question 5

Which three technologies are used to deny or permit network traffic?

Answer 5

• Packet Filtering
• Stateful Inspection
• Application Layer Firewall

Question 6

Which of the following is NOT an integral part of VPN communication within a network?

A. VPN key
B. VPN community
C. VPN trust entities
D. VPN domain

Answer 6

A

Question 7

Why are “State Tables” a key component in the Stateful Inspeciton?

Answer 7

They maintain the information needed to correctly inspect packetss.

Question 8

What is the purpose of security gateways?

Answer 8

It prevents unathourized traffic from entering the companys network

Question 9

Name 5 Check Point appliances

Answer 9

• Small business and branch office appliances
• Enterprise network security appliances
• Data center security systems
• Chassis systems
• Rugged Appliances

Question 10

True or False
Licensing can be transferred between old and new hardware.

Answer 10

True

Hardware must be supported by Check Point

Question 11

What are the three deployment options?

Answer 11

• Standalone
• Distributed
• Bridge mode

Question 12

Explain “Standalone Deployment”

Answer 12

In a standalone deployment, the Security Management Server and Security Gateway are installed on the same computer or appliance.

Question 13

Explain “Distributed Deployment”

Answer 13

In a distributed deployment, the Security Gateway and Security Management Server are installed on different computers or appliances.

Question 14

Explain “Bridge Mode Deployment”

Answer 14

A bridge mode deployment adds a Security Gateway to an existing enviroment without changing IP routing.

Question 15

What is Gaia?

Answer 15

Check Point’s operating system

Question 16

Name the two main shells for Check Point’s CLI

Answer 16

Clish and Expert

Question 17

What are the two default users in Gaia?

Answer 17

admin and monitor

Question 18

What are two main hardware options for deploying Check Point technology?

Answer 18

Check Point Appliance and Open Server

Question 19

What is a private package?

Answer 19

It’s a Hotfix, which is located on the Check Point Support Center, and is only available to limited audiences.

Question 20

What is Secure Internal Communication (SIC)

Answer 20

SIC is a certificate-based channel for communications between modules (CP components).

Question 21

What are the three status that SIC can display?

Answer 21

• Communicating - Secure communication is established
• Unknown - Gateway and Management Server have no connection
• Not Communicating - Management Server can contact the Gateway but cannot establish SIC

Question 22

What is SmartConsole used for?

Answer 22

It’s a GUI that manage:
* Network Elements
* Servers
* Security Gateways

Question 23

What does SmartEvent do?

Answer 23

Correlates logs and detects real security threats

Question 24

What is the SmartConsole application called that displays a complete picture of network and security performance, letting you monitor changes to Gateways (FW), tunnels, remote users, and security activities?

Answer 24

SmartView Monitor

Question 25

When is a session created in SmartConsole?

Answer 25

Each time an administrator logs in

Changes are saved automatically

Question 26

What is a required action that an administrator have to do for making changes available to all administrators and user?

Answer 26

The administrator have to publish the session.

Question 27

Name one task that takes place on the Gateway & Servers tab.

Answer 27

• Manage Security Gateways
• Configure Gateway Blade Activation
• View Gateway Status

One of these^

Question 28

Name the 2 components that the Check Point License consists of

Answer 28

• Software Blade
• Software Container

Question 29

What does the Software Blade enable?

Answer 29

Specific features or functionalities

Each software blad must be attached to a Software Container

Question 30

What does the Software container do?

Answer 30

It houses the Software Blades

Question 31

Name the three types of Software Containers

Answer 31

• Security Management
• Security Gateway
• Endpoint Security

Question 32

How long is a Plug-and-Play license valid?

Answer 32

15 days

Question 33

What’s the difference between the two different license forms Central and Local?

Answer 33

• Central ties the package license to the IP address och the Management Server and has no dependency on Gateway IP
• Local license is tied to the IP address of a specific Security Gateway, it cannot be transferred to a Gateway with a different IP

Question 34

What are the three features of automatic licensing?

Answer 34

• Checks periodically to verify licenses
• Activates new licenses added to the repository
• Automatically adds new blades to SmartConsole

Question 35

What two tabs are within the SmartUpdate tab?

Answer 35

• Package Management tab
• License & Contracts tab

Question 36

In what ways can you add a license to “License & Contract Repository”?

Through SmartUpdate

Answer 36

• From the User Center
• From a file
• Manually

Question 37

Name the three types of Software Containers

Answer 37

• Security Management
• Security Gateway
• Endpoint Security

Question 38

What are Subscription Blades?

Answer 38

Licenses for different services such as IPS, URL filtering and Application Control. These licenses can expire. Often renewd after a specified period of time.

Question 39

Name one reason for generating and installing a new license

Answer 39

• Existing license expires
• License is upgraded
• IP address of the Security Management or Security Gateway has changed.

Question 40

How many zones can an interface be assigned to?

Answer 40

Only one

Question 41

A policy package can have which different policy type?

Answer 41

• Acces control
• QoS
• Desktop Security
• Threat Prevention
• HTTPS Inspection

Question 42

What is a policy package?

Answer 42

It’s a group of different types of policies that are installed together on the same installation targets

Question 43

What’s the difference between a perpetual and a subscription based license?

Answer 43

• A perpetual license doesn’t have an expiration date
• A subscription license can have an expiration date

Question 45

Explain a “Stealth rule”

Answer 45

A Stealth rule is a rule that should be located as early in your policy as possible, typically immediately after any Management rules so as to drop any traffic destined for the Firewall that is not otherwise explicitly allowed.

Question 46

Name one thing that a basic rule consists of

Answer 46

• Rule number
• Name of the rule
• Source
• Destination
• Whether or not VPN will be used
• Services & Applications
• Action to take if the session criteria matches
• If and how the rule activity should be tracked
• Which Firewall object(s) will enforce the rule
• The time period for the rule

Question 47

What are the building blocks of Security Policy rules?

Answer 47

Objects are the building blocks of Security Policy rules and are stored in the Objects database on the management server.

Question 48

What is the purpose of a UserCheck?

Answer 48

UserCheck is a communication tool used by the Security Gateway to inform a user about a website or application they are trying to access.

It communicates messages about the company’s Security Policy or a change in the company’s Security Policy to the person trying to access the application or Internet site. This tool provides users the ability to create, edit, or delete UserCheck interaction objects in the Access Control and Threat Prevention policy.

Question 49

What Blades can a Policy Layer contain?

Answer 49

• Firewall (Network Access Control)
• Application & URL Filtering
• Content Awareness
• Mobile Access

Question 50

Name the two types of Policy Layer

Answer 50

• Ordered Layer
• Inline Layer

Question 51

What is the prupose of Policy Layers?

Answer 51

They are a set of rules or a rulebase that let you divide a policy into smaller more manageable sections to serve a certain purpose.

Question 52

What type of Policy Layer is independet of the rest of the rulebase?

Answer 52

Inline

Question 53

What type of Policy Layer is NOT independant of the rest of the rulebase?

Answer 53

Ordered

Question 54

Describe a main purpose Application Control & URL filtering

Answer 54

They make it possible for IT administrators to protect corporate resources by creating policies the detect or block thousands of applications and internet sites.

Question 55

True or False
When URL filtering is set, employee data is kept private when attempting to determine site category. Only the host part of the URL is sent to the Check Point Online Web Service.

Answer 55

True

Question 56

Which are the private IPs ?

Answer 56

• 10.0.0.0-10.255.255.255/8
• 172.16.0.0-172.31.255.255/12
• 192.168.0.0-192.168.255.255/16

Question 57

What is the difference between STATIC NAT and HIDE NAT?

Answer 57

HIDE NAT is a translation solution that only allows outgoing traffic. I translates many private adresses to one public address. They are seperated by unique port numbers along with sharing the sam public IP. Used for internal users accessing external resources.
STATIC NAT allows both incoming and outgoing traffic. The translation is one to one meaning one private address translates into one public address. Often used for internet web servers and configured to any application that need inbound and outbound connectivity.

Question 58

What are the three types of Endpoint Identity Agents?

Answer 58

• Full Endpoint Identity Agent
• Light Endpoint Identity Agent
• Custom Endpoint Identity Agent

Question 59

What are the four elements a Distinguished Name (DN) include?

Answer 59

• Common Name (CN)
• Organizational Unit (ON)
• Organization Name
• Domain Controller (DC)

Question 60

What purpose does the user directory serve?

Answer 60

• Users can be managed externally by a User Director (LDAP) server
• The management server can use the LDAP data to authenticate users
• User data from other applications gathered in the LDAP users database can be shared by different applications

Question 61

Name one of the itemsa the Identity Awareness feature lets you configure network access and auditing based on.

Answer 61

• Network location
• The identity of a user
• The identity of a machine

Question 62

Name one authentication scheme that Check Point supports.

Answer 62

• Active Directory Query
• Browser-Based Authentication
• Identity Agents
• Terminal Servers Agent
• RADIUS
• Remote Access

Question 63

What is the purpose for collecting logs?

Answer 63

To research alerts, rejected connections and failed authentication attempts. Collecting logs helps with analysing network traffic patterns and meeting compliance requirements.

Question 64

Name at least one search filter when creating log queries.

Answer 64

• Action
• Blade
• Confidence Level
• Destination
• Origin
• Protection
• Protection Type
• Risk
• Severity
• Source
• User

Question 65

What are Boolean Operators?

Answer 65

They are used to refine search results. The operators AND, OR, and NOT are used to create queries with multiple filter criteria in order to refine search results.

Question 66

The monitoring views of SmartConsole and SmartView Monitor show real-time and historical graphical views of:

Answer 66

• Gateway Status
• Remote Users (SmartView Monitor only)
• System counters
• VPN tunnel monitoring (SmartView Monitor only)
• Cooperative Enforcment for Endpoint Security Servers
• Traffic

Question 67

What does SAM stand for and what does it monitor?

Answer 67

Suspicious Activity Monitoring is a utility that is inegrated in SmartView Monitor. It can be used to block activities that are displayed in the monitor results and appear to be suspicious.

Question 67

Where can alerts be seen?

Answer 67

Alerts are sent by the gateways to the management server. They can be seen in SmartView Monitor.

Question 68

Name the Threat Prevention software components available.

Answer 68

• IPS
• Anti-Bot
• Anti-Virus
• Threat Emulation
• Threat Extraction

Question 69

What is the default Threat Prevention Profile?

Answer 69

Perimiter

Question 70

Which Threat Prevention feature protects from unknow threats by simulation the behavior of the potential threat before it enters the network?

Answer 70

Threat Emulation

Question 71

Which Threat Prevention feature protects the network from threats attempting to infiltrate the systems?

Answer 71

Anti-Virus

Question 72

Which Threat Prevention feature removes potential threats from inbound communications that would otherwise be innocent?

Answer 72

Threat Excursion

Question 73

When enabling tracking on a rule, what is the default option?
A. Accounting Log
B. Extended Log
C. Log
D. Detailed Log

Answer 73

C

Question 74

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?
A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.
B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.
C. The CPUSE engine and the Gaia operating system.
D. The Gaia operating system only.

Answer 74

B

Question 75

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
A. Both License (.lic) and Contract (.xml) files
B. cp.macro
C. Contract file (.xml)
D. license File (.lie)

Answer 75

B

Question 76

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as ….
A. User Center
B. User Administration
C. User Directory
D. UserCheck

Answer 76

C

Question 77

Can you use the same layer in multiple policies or rulebases?
A. Yes - a layer can be shared with multiple policies and rules.
B. No - each layer must be unique.
C. No - layers cannot be shared or reused, but an identical one can be created.
D. Yes - but it must be copied and pasted with a different name.

Answer 77

A

Question 78

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?
A. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Answer 78

D

Question 79

Security Gateway software blades must be attached to what?
A. Security Gateway
B. Security Gateway container
C. Management server
D. Management container

Answer 79

B

Question 80

Which tool allows you to monitor the top bandwidth on smart console?
A. Logs & Monitoring
B. Smart Event
C. Gateways & Severs Tab
D. SmartView Monitor

Answer 80

D

Question 81

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?
A. The zone is based on the network topology and determined according to where the interface leads to.
B. Security Zones are not supported by Check Point firewalls.
C. The firewall rule can be configured to include one or more subnets in a zone.
D. The local directly connected subnet defined by the subnet IP and subnet mask.

Answer 81

A

Question 82

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?
A. Stateful Inspection offers unlimited connections because of virtual memory usage.
B. Stateful Inspection offers no benefits over Packet Filtering.
C. Stateful Inspection does not use memory to record the protocol used by the connection.
D. Only one rule is required for each connection.

Answer 82

D

Question 83

Which type of Endpoint Identity Agent includes packet tagging and computer authentication?
A. Full
B. Custom
C. Complete
D. Light

Answer 83

A

Question 84

Fill in the blanks: Gaia can be configured using —– or ——.
A. Command line interface; WebUI
B. Gaia Interface; GaiaUI
C. WebUI; Gaia Interface
D. GaiaUI; command line interface

Answer 84

A

Question 85

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?
A. Section titles are not sent to the gateway side.
B. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.
C. A Sectional Title can be used to disable multiple rules by disabling only the sectional title.
D. Sectional Titles do not need to be created in the SmartConsole.

Answer 85

C

Question 86

In which scenario is it a valid option to transfer a license from one hardware device to another?
A. From a 4400 Appliance to a 2200 Appliance
B. From a 4400 Appliance to an HP Open Server
C. From an IBM Open Server to an HP Open Server
D. From an IBM Open Server to a 2200 Appliance

Answer 86

C

Question 87

What are the three types of UserCheck messages?
A. action, inform, and ask
B. ask, block, and notify
C. block, action, and warn
D. inform, ask, and block

Answer 87

D

Question 88

A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?
A. In the system SMEM memory pool.
B. In State tables.
C. In the Sessions table.
D. In a CSV file on the firewall hard drive located in $FWDIR/conf/.

Answer 88

B

Question 89

What is the RFC number that act as a best practice guide for NAT?
A. RFC 1939
B. RFC 1950
C. RFC 1918
D. RFC 793

Answer 89

C

Question 90

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?
A. WebCheck
B. UserCheck
C. Harmony Endpoint
D. URL categorization

Answer 90

B

Question 91

One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
A. AdminA, AdminB and AdminC are editing three different rules at the same time.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
D. AdminB sees a pencil icon next the rule that AdminB is currently editing.

Answer 91

B

Question 92

What is a role of Publishing?
A. The Security Management Server Installs the updated policy and the entire database on Security Gateways.
B. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.
C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

Answer 92

B

Question 93

Name one limitation of using Security Zones in the network?
A. Security zones will not work in Automatic NAT rules
B. Security zone will not work in Manual NAT rules
C. Security zones will not work in firewall policy layer
D. Security zones cannot be used in network topology

Answer 93

B

Question 94

When configuring LDAP with User Directory integration, changes applied to a User Directory template are:
A. Not reflected for any users unless the local user template is changed.
B. Not reflected for any users who are using that template.
C. Reflected for ail users who are using that template and if the local user template is changed as well.
D. Reflected immediately for all users who are using that template.

Answer 94

D

Question 95

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.
A. True, every administrator works on a different database that Is independent of the other administrators
B. False, this feature has to be enabled in the Global Properties.
C. True, every administrator works in a session that is independent of the other administrators
D. False, only one administrator can login with write permission

Answer 95

C

Question 96

What are the three deployment options available for a security gateway?
A. Standalone, Distributed, and Bridge Mode
B. Bridge Mode, Remote, and Standalone
C. Remote, Standalone, and Distributed
D. Distributed, Bridge Mode, and Remote

Answer 96

A

Question 97

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?
A. Data Loss Prevention
B. Antivirus
C. Application Control
D. NAT

Answer 97

D

Question 98

Choose what BEST describes users on Gaia Platform.
A. There are two default users and neither can be deleted.
B. There are two default users and one cannot be deleted.
C. There is one default user that can be deleted.
D. There is one default user that cannot be deleted.

Answer 98

A

Admin & Monitor

Question 99

Which type of Check Point license ties the package license to the IP address of the Security Management Server?
A. Central
B. Corporate
C. Local
D. Formal

Answer 99

A

Question 99

An administrator wishes to use Application objects in a rule in their policy, but there are no Application objects listed as options to add when clicking the “+” to add new items to the “Services & Applications” column of a rule. What should be done to fix this?
A. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule.
B. The “Application Control” blade should be enabled on a gateway.
C. “Applications & URL Filtering” should first be enabled on the policy layer where the rule is being created.
D. The administrator should first create some applications to add to the rule.

Answer 99

C

Question 100

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?
A. Threat Emulation
B. Monitoring
C. Logging and Status
D. Application Control

Answer 100

B

Question 101

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. Formal
B. Central
C. Corporate
D. Local

Answer 101

D

Question 102

What is the purpose of Captive Portal?
A. It manages user permission in SmartConsole
B. It provides remote access to SmartConsole
C. It authenticates users, allowing them access to the Internet and corporate resources
D. It authenticates users, allowing them access to the Gaia OS

Answer 102

C

Question 103

Which of these is NOT a feature or benefit of Application Control?
A. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk.
B. Identify and control which applications are in your IT environment and which to add to the IT environment.
C. Scans the content of files being downloaded by users in order to make policy decisions.
D. Automatically identify trusted software that has authorization to run

Answer 103

C

Question 104

Identity Awareness allows easy configuration for network access and auditing based on what three items?
A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.

Answer 104

B

Question 105

How do logs change when the “Accounting” tracking option is enabled on a traffic rule?
A. Involved traffic logs will be forwarded to a log server.
B. Provides log details view email to the Administrator.
C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
D. Provides additional information to the connected user.

Answer 105

C

Question 106

Fill in the blank: The position of an Implied rule is manipulated in the —— window.
A. NAT
B. Global Properties
C. Object Explorer
D. Firewall

Answer 106

B

Question 107

You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
A. Identity Awareness is not enabled.
B. Log Trimming is enabled.
C. Logging has disk space issues
D. Content Awareness is not enabled.

Answer 107

D

Question 108

How many layers make up the TCP/IP model?
A. 2
B. 4
C. 6
D. 7

Answer 108

B

Question 109

Fill in the blank: The ——– feature allows administrators to share a policy with other policy packages.
A. Concurrent policy packages
B. Concurrent policies
C. Global Policies
D. Shared policies

Answer 109

D

Question 110

Access roles allow the firewall administrator to configure network access according to:
A. remote access clients.
B. a combination of computer or computer groups and networks.
C. users and user groups.
D. All of the above.

Answer 110

D

Question 111

In SmartEvent, a correlation unit (CU) is used to do what?
A. Collect security gateway logs, Index the logs and then compress the logs.
B. Receive firewall and other software blade logs in a region and forward them to the primary log server.
C. Analyze log entries and identify events.
D. Send SAM block rules to the firewalls during a DOS attack.

Answer 111

C

Question 112

The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?
A. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities.
B. When it comes to performance, proxies were significantly faster than stateful inspection firewalls.
C. Proxies offer far more security because of being able to give visibility of the payload (the data).
D. When it comes to performance, stateful inspection was significantly faster than proxies.

Answer 112

D

Question 113

What are the Threat Prevention software components available on the Check Point Security Gateway?
A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing

Answer 113

C

Question 114

Check Point licenses come in two forms. What are those forms?
A. Central and Local.
B. Access Control and Threat Prevention.
C. On-premise and Public Cloud.
D. Security Gateway and Security Management.

Answer 114

A

Question 115

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?
A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.
C. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
D. Automatic NAT can offer more flexibility than Manual NAT.

Answer 115

A

Question 116

What is the default tracking option of a rule?
A. Tracking
B. Log
C. None
D. Alert

Answer 116

C

Question 117

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?
A. Anti-Bot protection
B. Anti-Malware protection
C. Policy-based routing
D. Suspicious Activity Monitoring (SAM) rules

Answer 117

D

Question 118

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?
A. Execute the command ‘enable’ in the cli.sh shell
B. Execute the ‘conf t’ command in the cli.sh shell
C. Execute the command ‘expert’ in the cli.sh shell
D. Execute the ‘exit’ command in the cli.sh shell

Answer 118

C

Question 119

Where can administrator edit a list of trusted SmartConsole clients?
A. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.
B. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
D. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

Answer 119

D

Question 120

In which deployment is the security management server and Security Gateway installed on the same appliance?
A. Standalone
B. Remote
C. Distributed
D. Bridge Mode

Answer 120

A

Question 121

When dealing with rule base layers, what two layer types can be utilized?
A. Ordered Layers and Inline Layers
B. Inbound Layers and Outbound Layers
C. R81.10 does not support Layers
D. Structured Layers and Overlap Layers

Answer 121

A

Question 122

How can the changes made by an administrator before publishing the session be seen by a Super User administrator?
A. By impersonating the administrator with the ‘Login as…’ option.
B. They cannot be seen.
C. From the SmartView Tracker audit log.
D. From Manage and Settings > Sessions, right click on the session and click ‘View Changes…’.

Answer 122

D

Question 123

What are the three main components of Check Point security management architecture?
A. SmartConsole, Security Management, and Security Gateway
B. Smart Console, Standalone, and Security Management
C. SmartConsole, Security policy, and Logs & Monitoring
D. GUI-Client, Security Management, and Security Gateway

Answer 123

A

Question 124

What is the main objective when using Application Control?
A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.

Answer 124

A

Question 125

What command from the CLI would be used to view current licensing?
A. license view
B. fw ctl tab -t license -s
C. show license -s
D. cplic print

Answer 125

D

Question 126

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
A. Publish changes
B. Save changes
C. Install policy
D. Install database

Answer 126

C

Question 127

Which default Gaia user has full read/write access?
A. superuser
B. monitor
C. altuser
D. admin

Answer 127

D

Question 128

Which icon in the WebUI indicates that read/write access is enabled?
A. Eyeglasses
B. Pencil
C. Padlock
D. Book

Answer 128

B

Question 129

Which SmartConsole tab is used to monitor network and security performance?
A. Logs Monitor
B. Manage Settings
C. Security Policies
D. Gateway Servers

Answer 129

A

Question 130

Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS. What software packages are supported for deployment?
A. It supports deployments of single HotFixes (HF), and of Major Versions. Blink Packages and HotFix Accumulators (Jumbo) are not supported.
B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.
C. It supports deployments of Major Versions and Blink packages only.
D. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), but not of Major Versions.

Answer 130

B

Question 131

In SmartConsole, on which tab are Permissions and Administrators defined?
A. MANAGE & SETTINGS
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR

Answer 131

A

Question 132

Which tool allows automatic update of Gaia OS and Check Point products installed on Gaia OS?
A. CPDAS - Check Point Deployment Agent Service
B. CPUSE - Check Point Upgrade Service Engine
C. CPASE - Check Point Automatic Service Engine
D. CPAUE - Check Point Automatic Update Engine

Answer 132

B

Question 133

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
A. Verify and compile Security Policies.
B. Display policies and logs on the administrator’s workstation.
C. Store firewall logs to hard drive storage.
D. Manage the object database.

Answer 133

B

Question 134

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.
A. True, every administrator works on a different database that is independent of the other administrators
B. False, only one administrator can login with write permission
C. True, every administrator works in a session that is independent of the other administrators
D. False, this feature has to be enabled in the Global Properties

Answer 134

C

Question 135

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.
A. Delete older versions of database.
B. Publish or discard the session.
C. Revert the session.
D. Save and install the Policy.

Answer 135

B

Question 136

What are the two deployment options available for a security gateway?
A. Bridge and Switch
B. Local and Remote
C. Cloud and Router
D. Standalone and Distributed

Answer 136

D

Question 137

Which one of the following is the preferred licensing model? Select the BEST answer.
A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
B. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
C. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway.

Answer 137

C

Question 138

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are —— types of Software Containers: ——-.
A. Two; Security Management and Endpoint Security
B. Three; Security Management, Security Gateway, and Endpoint Security
C. Three; Security Gateway, Endpoint Security, and Gateway Management
D. Two; Endpoint Security and Security Gateway

Answer 138

B

Question 139

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
A. Formal
B. Central
C. Local
D. Corporate

Answer 139

C

Question 140

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?
A. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
B. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
C. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
D. Tom’s changes will be lost since he lost connectivity and he will have to start again.

Answer 140

C

Question 141

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
A. Data Awareness
B. Threat Emulation
C. Application Control
D. Identity Awareness

Answer 141

D

Question 142

What is the default shell of Gaia CLI?
A. Read-only
B. Expert
C. Clish
D. Bash

Answer 142

C

Question 142

DLP and Mobile Access Policy are examples of what type of Policy?
A. Shared Policies
B. Unified Policies
C. Inspection Policies
D. Standard Policies

Answer 142

A

Question 143

Which of the following is NOT a valid application navigation tab in SmartConsole?
A. WEBUI & COMMAND LINE
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR

Answer 143

A

Question 144

What are two basic rules Check Point recommends for building an effective security policy?
A. Accept Rule and Drop Rule
B. Explicit Rule and Implied Rule
C. Cleanup Rule and Stealth Rule
D. NAT Rule and Reject Rule

Answer 144

C

Question 145

When dealing with policy layers, what two layer types can be utilized?
A. Inbound Layers and Outbound Layers
B. Ordered Layers and Inline Layers
C. Structured Layers and Overlap Layers
D. R81.X does not support Layers

Answer 145

B

Question 146

What are the three main components of Check Point security management architecture?
A. Smart Console, Standalone, Security Management Server
B. Policy-Client, Security Management Server, Security Gateway
C. SmartConsole, Security Policy Server, Logs & Monitoring
D. SmartConsole, Security Management Server, Security Gateway

Answer 146

D

Question 147

Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Threat Extraction
B. Threat Emulation
C. Firewall
D. Application Control

Answer 147

B

Question 148

What are the three types of UserCheck messages?
A. ask, block, and notify
B. block, action, and warn
C. action, inform, and ask
D. inform, ask, and drop

Answer 148

D

Question 149

By default, which port is used to connect to the GAiA Portal?
A. 4434
B. 80
C. 8080
D. 443

Answer 149

D

Question 150

Choose what BEST describes a Session.
A. Sessions ends when policy is pushed to the Security Gateway.
B. Sessions locks the policy package for editing.
C. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.
D. Starts when an Administrator publishes all the changes made on SmartConsole.

Answer 150

C

Question 151

Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview

Answer 151

B

Question 152

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?
A. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.
B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.
C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.
D. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

Answer 152

B

Question 153

In HTTPS Inspection policy, what actions are available in the “Actions” column of a rule?
A. “Inspect”, “Bypass”
B. “Inspect”, “Bypass”, “Categorize”
C. “Inspect”, “Bypass”, “Block”
D. “Detect”, “Bypass”

Answer 153

A

Question 154

What is the main difference between Static NAT and Hide NAT?
A. Hide NAT only allows incoming connections to protect your network.
B. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections.
C. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.
D. Static NAT only allows incoming connections to protect your network.

Answer 154

C

Question 155

There are four policy types available for each policy package. What are those policy types?
A. Access Control, Threat Prevention, Mobile Access and HTTPS Inspection
B. Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection
C. There are only three policy types: Access Control, Threat Prevention and NAT.
D. Access Control, Threat Prevention, NAT and HTTPS Inspection

Answer 155

B

Question 156

Where can alerts be viewed?
A. Alert can be seen from the CLI of the gateway
B. Alerts can be seen in SmartUpdate
C. Alerts can be seen in the Threat Prevention policy
D. Alerts can be seen in SmartView Monitor

Answer 156

D

Question 157

In SmartConsole, on which tab are Permissions and Administrators defined?
A. GATEWAYS & SERVERS
B. SECURITY POLICIES
C. MANAGE & SETTINGS
D. LOGS & MONITOR

Answer 157

C

Question 158

Which of the following is a valid deployment option?
A. CloudSec deployment
B. Disliked deployment
C. Router only deployment
D. Standalone deployment

Answer 158

D

Question 159

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
A. Read Only All
B. Full Access
C. Editor
D. Super User

Answer 159

A

Question 160

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?
A. Logging and Status
B. Monitoring
C. Threat Emulation
D. Application Control

Answer 160

B

Question 161

Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? Choose the BEST answer.
A. Anti-Malware
B. Content Awareness
C. Anti-Virus
D. IPS

Answer 161

C

Question 162

URL Filtering cannot be used to:
A. Control Data Security
B. Decrease legal liability
C. Improve organizational security
D. Control Bandwidth issues

Answer 162

A

Question 163

Which one of the following is TRUE?
A. One policy can be either inline or ordered, but not both.
B. Inline layer can be defined as a rule action.
C. Ordered policy is a sub-policy within another policy.
D. Pre-R80 Gateways do not support ordered layers.

Answer 163

B

Question 164

Fill in the blanks: A Check Point software license consists of a —- and —–.
A. Software container; software package
B. Software package; signature
C. Signature; software blade
D. Software blade; software container

Answer 164

D

Question 165

Which of the following is used to initially create trust between a Gateway and Security Management Server?
A. One-time Password
B. Token
C. Certificate
D. Internal Certificate Authority

Answer 165

A

Question 166

What are the two elements of address translation rules?
A. Original packet and translated packet
B. Manipulated packet and original packet
C. Untranslated packet and manipulated packet
D. Translated packet and untranslated packet

Answer 166

A

Question 167

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?
A. 192.168.1.1 AND 172.26.1.1 AND drop
B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop
C. 192.168.1.1 OR 172.26.1.1 AND action:Drop
D. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop

Answer 167

B

Question 168

Fill in the blanks: The —– collects logs and sends them to the —–.
A. Log server; Security Gateway
B. Security Gateways; log server
C. Log server; security management server
D. Security management server; Security Gateway

Answer 168

B

Question 169

Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
A. RADIUS
B. SecurID
C. Check Point password
D. Security questions

Answer 169

D

Question 170

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
A. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
B. Domain-based- VPN domains are pre-defined for all VPN Gateways. VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
D. Domain-based- VPN domains are pre-defined for all VPN Gateways. When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

Answer 170

B

Question 171

What is the main objective when using Application Control?
A. To see what users are doing.
B. Ensure security and privacy of information.
C. To filter out specific content.
D. To assist the firewall blade with handling traffic.

Answer 171

C

Question 172

Which one of the following is the preferred licensing model? Select the BEST answer.
A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
B. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
C. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway.

Answer 172

C

Question 173

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are —— types of Software Containers: —–.
A. Two; Security Management and Endpoint Security
B. Three; Security Management, Security Gateway, and Endpoint Security
C. Three; Security Gateway, Endpoint Security, and Gateway Management
D. Two; Endpoint Security and Security Gateway

Answer 173

B

Question 174

DLP and Mobile Access Policy are examples of what type of Policy?
A. Shared Policies
B. Unified Policies
C. Inspection Policies
D. Standard Policies

Answer 174

A

Question 175

What are the three types of UserCheck messages?
A. ask, block, and notify
B. block, action, and warn
C. action, inform, and ask
D. ask, inform and block

Answer 175

D

Question 176

Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview

Answer 176

B

Question 177

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?
A. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.
B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.
C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.
D. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

Answer 177

B

Question 178

Which one of the following is TRUE?
A. One policy can be either inline or ordered, but not both.
B. Inline layer can be defined as a rule action.
C. Ordered policy is a sub-policy within another policy.
D. Pre-R80 Gateways do not support ordered layers.

Answer 178

B

Question 179

Fill in the blank: Backup and restores can be accomplished through —-.
A. CLI, SmartUpdate, or SmartBackup
B. SmartUpdate, SmartBackup, or SmartConsole
C. SmartConsole, WebUI, or CLI
D. WebUI, CLI, or SmartUpdate

Answer 179

C

Question 180

What kind of NAT enables Source Port Address Translation by default?
A. Automatic Hide NAT
B. Automatic Static NAT
C. Manual Static NAT
D. Manual Hide NAT

Answer 180

A

Question 181

Fill in the blanks: In —- NAT, Only the —– is translated.
A. Hide; source
B. Simple; source
C. Static; source
D. Hide; destination

Answer 181

A

Question 182

Application Control/URL filtering database library is known as:
A. AppWiki
B. Application-Forensic Database
C. Application Library
D. Application database

Answer 182

A

Question 183

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?
A. Security Management Server
B. Security Gateway
C. SmartConsole
D. SmartManager

Answer 183

A

Question 184

Which of the following technologies extracts detailed information from packets and stores that information in different tables?
A. Application Layer Firewall
B. Packet Filtering
C. Next-Generation Firewall
D. Stateful Inspection

Answer 184

C

Question 185

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?
A. Open SmartEvent to see why they are being blocked.
B. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet.
C. Open SmartMonitor and connect remotely to the wireless controller.
D. Open SmartUpdate and review the logs tab

Answer 185

B

Question 186

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?
A. Gaia iOS
B. Red Hat Enterprise Linux version 4
C. Centos Unix
D. Gaia embedded

Answer 186

D

Question 187

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?
A. Security Zones are not supported by Check Point firewalls.
B. The firewall rule can be configured to include one or more subnets in a zone.
C. The zone is based on the network topology and determined according to where the interface leads to.
D. The local directly connected subnet defined by the subnet IP and subnet mask.

Answer 187

D

Question 188

Which of the completed statements is NOT true? The GAiA Portal (WebUI) can be used to manage Operating System user accounts and:
A. assign privileges to users.
B. assign user rights to the directory structure on the Security Management Server.
C. add more users to the Gaia operating system.
D. change the home directory of the user.

Answer 188

B

Question 189

Which encryption algorithm is the least secured?
A. 3DES
B. AES-128
C. DES
D. AES-256

Answer 189

C

Question 190

Fill in the blank: SmartConsole, SmartEvent GUI client, and —— allow viewing of billions of consolidated logs and shows them as prioritized security events.
A. SmartMonitor
B. SmartReporter
C. SmartTracker
D. SmartView Web Application

Answer 190

D

Question 191

What is the default tracking option of a rule?
A. None
B. Alert
C. Log
D. Tracking

Answer 191

C

Question 192

Fill in the blank: Once a license is activated, a —– should be installed.
A. License Management file
B. License Contract file
C. Security Gateway Contract file
D. Service Contract file

Answer 192

D

The Service Contract file is installed after activating the license to ensure that the service contract is linked with the product.

Question 193

When should you generate new licenses?
A. Only when the license is upgraded.
B. After a device upgrade.
C. When the existing license expires, the license is upgraded, or the IP address associated with the license changes.
D. Before installing contract files.

Answer 193

C

Question 194

Fill in the blank: The position of an Implied rule is manipulated in the —- window.
A. Firewall
B. Object Explorer
C. Global Properties
D. NAT

Answer 194

C

Question 195

Which of the following situations would not require a new license to be generated and installed?
A. The existing license expires.
B. The Security Gateway is upgraded.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.

Answer 195

B

Question 196

Fill in the blank: In order to install a license, it must first be added to the —–.
A. Package repository
B. Download Center Web site
C. License and Contract repository
D. User Center

Answer 196

C

Question 197

What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
A. Shared Secret Passwords
B. Unique Passwords
C. Shared User Certificates
D. Mutually Trusted Certificate Authorities

Answer 197

D

Question 198

Main Mode in iKEv1 uses how many packages for negotiation?
A. 3
B. depends on the make of the peer gateway
C. 6
D. 4

Answer 198

6

Question 199

What are the two types of NAT supported by the Security Gateway?
A. Destination and Hide
B. Source and Destination
C. Static and Source
D. Hide and Static

Answer 199

D

Question 200

Fill in the blank: A(n) —– rule is created by an administrator and configured to allow or block traffic based on specified criteria.
A. Explicit
B. Implicit drop
C. Implicit accept
D. Inline

Answer 200

A

Question 201

Where is the “Hit Count” feature enabled or disabled in SmartConsole?
A. In Global Properties.
B. On each Security Gateway.
C. On the Policy layer.
D. On the Policy Package.

Answer 201

A

Question 202

Log query results can be exported to what file format?
A. Comma Separated Value (csv).
B. Word Document (docx).
C. Text (txt).
D. Portable Document Format (pdf).

Answer 202

A

Question 203

In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.
A. Command line of the Security Management Server or mgmt-cli.exe on any Windows computer.
B. SmartConsole or mgmt-cli (API) on any computer where SmartConsole is installed.
C. mgmt-cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
D. SmartConsole and WebUI on the Security Management Server.

Answer 203

B

Question 204

When a Security Gateway communicates about its status to an IP address other than its own, which deployment option was chosen?
A. Targeted
B. Bridge Mode
C. Distributed
D. Standalone

Answer 204

C

Question 205

In HTTPS Inspection policy, what actions are available in the “Actions” column of a rule?
A. “Inspect”, “Bypass”, “Block”
B. “Inspect”, “Bypass”, “Categorize”
C. “Inspect”, “Bypass”
D. “Detect”, “Bypass”

Answer 205

C

Question 206

Why is a Central License the preferred and recommended method of licensing?
A. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.
B. Central Licensing actually not supported with Gaia.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing is the only option when deploying Gaia

Answer 206

A

Question 207

Which of the following is NOT an alert option?
A. SNMP
B. User defined alert
C. High alert
D. Mail

Answer 207

C

Question 208

The VPN Link Selection will perform the following if the primary VPN link goes down?
A. The Firewall will send out the packet on all interfaces
B. The Firewall will inform the client that the tunnel is down
C. The Firewall can update the Link Selection entries to start using a different link for the same tunnel
D. The Firewall will drop the packets

Answer 208

C