CCSE Flashcards

Question 1

Q

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

Answer

A

Install policy

Question 2

Q

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

Question 3

Q

Which two Identity Awareness daemons are used to support identity sharing?

Answer

A

Policy Decision Point (PDP) and Policy Enforcement Point (PEP)

Question 4

Q

In which scenario will an administrator need to manually define Proxy ARP?

A. When they configure an “Automatic Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

B. When they configure an “Automatic Hide NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

D. When they configure a “Manual Hide NAT” which translates to an IP address that belongs to one of the firewall’s interfaces.

Answer

A

C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

Question 5

Q

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

A. Centos Linux
B. Gaia embedded.
C. Gaia
D. Red Hat Enterprise Linux version 5

Answer

A

B. Gaia embedded.

Question 6

Q

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

A. Source Port Address Translation (PAT) is enabled by default.
B. Automatic NAT rules are supported for Network objects only.
C. Automatic NAT rules are supported for Host objects only.
D. Source Port Address Translation (PAT) is disabled by default.

Answer

A

A. Source Port Address Translation (PAT) is enabled by default.

Question 7

Q

What technologies are used to deny or permit network traffic?

A. Stateful Inspection, Firewall Blade, and URL/Application Blade
B. Packet Filtering, Stateful Inspection, and Application Layer Firewall
C. Firewall Blade, URL/Application Blade, and IPS
D. Stateful Inspection, URL/Application Blade, and Threat Prevention

Answer

A

B. Packet Filtering, Stateful Inspection, and Application Layer Firewall

Question 8

Q

Identity Awareness allows easy configuration for network access and auditing based on what three items?

A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.

Answer

A

B. Network location, the identity of a user and the identity of a machine.

Question 9

Q

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

A. Windows Management Instrumentation (WMI)
B. Hypertext Transfer Protocol Secure (HTTPS)
C. Lightweight Directory Access Protocol (LDAP)
D. Remote Desktop Protocol (RDP)

Answer

A

Windows Management Instrumentation (WMI)

Question 10

Q

What are the types of Software Containers?

A. Smart Console, Security Management, and Security Gateway
B. Security Management, Security Gateway, and Endpoint Security
C. Security Management, Log & Monitoring, and Security Policy
D. Security Management, Standalone, and Security Gateway

Answer

A

B. Security Management, Security Gateway, and Endpoint Security

Question 11

Q

What are the Threat Prevention software components available on the Check Point Security Gateway?

A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing

Answer

A

C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction

Question 12

Q

When using Automatic Hide NAT, what is enabled by default?

Answer

A

Source Port Address Translation (PAT)

Question 13

Q

In which deployment is the security management server and Security Gateway installed on the same appliance?

Answer

A

Standalone

Question 14

Q

What is the main objective when using Application Control?

A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.

Answer

A

A. To filter out specific content.

Question 15

Q

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

Answer

A

Admin and Monitor

Question 16

Q

When changes are made to a Rule base, It is important to __________ to enforce changes.

Answer

A

Install policy

Question 17

Q

Why is a Central License the preferred and recommended method of licensing?

A. Central Licensing actually not supported with Gaia.
B. Central Licensing is the only option when deploying Gala.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Answer

A

D. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Question 18

Q

What does the “unknown” SIC status shown on SmartConsole mean?

A. SIC activation key requires a reset
B. Administrator input the wrong SIC key
C. The management can contact the Security Gateway but cannot establish Secure Internal Communication
D. There is no connection between the Security Gateway and Security Management Server

Answer

A

D. There is no connection between the Security Gateway and Security Management Server

Question 19

Q

What are valid authentication methods for mutual authenticating the VPN gateways?

A. PKI Certificates and Kerberos Tickets
B. PKI Certificates and DynamicID OTP
C. Pre-Shared Secrets and Kerberos Ticket
D. Pre-shared Secret and PKI Certificates

Answer

A

D. Pre-shared Secret and PKI Certificates

Question 20

Q

What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?

A. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism

B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy

C. 1) In SmartConsole, change the version of the cluster object
2) Upgrade the passive node M2 to R81.10
3) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object

D. 1) Upgrade the passive node M2 to R81.10
2) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.10

Answer

A

C. 1) In SmartConsole, change the version of the cluster object
2) Upgrade the passive node M2 to R81.10
3) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object

Question 21

Q

Which Operating Systems are supported for the Endpoint Security VPN?

A. Windows and x86 Solaris
B. Windows and macOS computers
C. Windows and SPARC Solaris
D. Windows and Red Hat Linux

Answer

A

B. Windows and macOS computers

Question 22

Q

What are the three SecureXL Templates available in R81.10?

A. PEP Templates, QoS Templates, VPN Templates
B. Accept Templates, Drop Templates, NAT Templates
C. Accept Templates, Drop Templates, Reject Templates
D. Accept Templates, PDP Templates, PEP Templates

Answer

A

B. Accept Templates, Drop Templates, NAT Templates

Question 23

Q

Which Queue in the Priority Queue has the maximum priority?

A. High Priority
B. Control
C. Routing
D. Heavy Data Queue

Answer

A

C. Routing

Question 24

Q

Which upgrade method you should use upgrading from R80.40 to R81.10 to avoid any downtime?

A. Zero Downtime Upgrade (ZDU)
B. Connectivity Upgrade (CU)
C. Minimal Effort Upgrade (ME)
D. Multi-Version Cluster Upgrade (MVC)

Answer

A

Multi-Version Cluster Upgrade (MVC)

Question 25

Q

The Check Point installation history feature in provides the following:
A. View install changes and install specific version
B. Policy Installation Date only
C. Policy Installation Date, view install changes and install specific version
D. View install changes

Answer

A

C. Policy Installation Date, view install changes and install specific version

Question 26

Q

What is the SOLR database for?
A. Writes data to the database and full text search
B. Enables powerful matching capabilities and writes data to the database
C. Serves GUI responsible to transfer request to the DLEserver
D. Used for full text search and enables powerful matching capabilities

Answer

A

D. Used for full text search and enables powerful matching capabilities

Question 27

Q

Which command lists firewall chain?

Answer

A

fw ctl chain

Question 28

Q

Sand Blast appliances can be deployed in the following modes:

A. as a Mail Transfer Agent and as part of the we traffic flow only
B. using a SPAN port to receive a copy of the traffic only
C. detect only
D. inline/prevent or detect

Answer

A

D. inline/prevent or detect

Question 29

Q

Which SmartEvent component is responsible to collect the logs from different Log Servers?

Answer

A

SmartEvent Correlation Unit

Question 30

Q

How can you switch the active log file?

A. Run fw logswitch on the gateway
B. Run fwm logswitch on the Management Server
C. Run fwm logswitch on the gateway
D. Run fw logswitch on the Management Server

Answer

A

Run fw logswitch on the Management Server

Question 31

Q

What is the purpose of the command “ps aux | grep fwd”?

A. You can check the Process ID and the processing time of the fwd process.
B. You can convert the log file into Post Script format.
C. You can list all Process IDs for all running services.
D. You can check whether the IPS default setting is set to Detect or Prevent mode.

Answer

A

You can check the Process ID and the processing time of the fwd process.

Question 32

Q

What is the command switch to specify the Gaia API context?

A. You have to specify it in the YAML file api.yml which is located underneath the /etc directory of the security management server
B. You have to change to the zsh-Shell which defaults to the Gaia API context.
C. No need to specify a context, since it defaults to the Gaia API context.
D. mgmt_cli –context gaia_api <command></command>

Answer

A

D. mgmt_cli –context gaia_api <command></command>

Question 33

Q

What are the two types of tests when using the Compliance blade?

A. Policy-based tests and Global properties
B. Global tests and Object-based tests
C. Access Control policy analysis and Threat Prevention policy analysis
D. Tests conducted based on the IoC XML file and analysis of SOLR documents

Answer

A

Global tests and Object-based tests

Question 34

Q

Besides fw monitor, what is another command that can be used to capture packets?

Question 35

Q

When performing a minimal effort upgrade, what will happen to the network traffic?

A. All connections that were initiated before the upgrade will be dropped, causing network downtime.
B. All connections that were initiated before the upgrade will be handled by the active gateway
C. All connections that were initiated before the upgrade will be handled normally
D. All connections that were initiated before the upgrade will be handled by the standby gateway

Answer

A

A. All connections that were initiated before the upgrade will be dropped, causing network downtime.

Question 36

Q

Using fw monitor you see the following inspection point notion E and i what does that mean?

A. E shows the packet before the VPN encryption, i after the inbound firewall VM
B. E shows the packet reaching the external interface, i leaving the internal interface
C. E shows the packet after the VPN encryption, i before the inbound firewall VM
D. E shows the packet leaving the external interface, i reaching the internal interface

Answer

A

C. E shows the packet after the VPN encryption, i before the inbound firewall VM

Question 37

Q

You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?

A. Open SmartView Monitor and select the SmartEvent Window from the main menu.
B. In the SmartConsole / Logs & Monitor –> open the Logs View and use type:Correlated as query filter.
C. In the SmartConsole / Logs & Monitor -> open a new Tab and select External Apps / SmartEvent.
D. Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.

Answer

A

B. In the SmartConsole / Logs & Monitor –> open the Logs View and use type:Correlated as query filter.

Question 38

Q

What is the biggest benefit of policy layers?

A. To break one policy into several virtual policies
B. Policy Layers and Sub-Policies enable flexible control over the security policy
C. They improve the performance on OS kernel version 3.0
D. To include Threat Prevention as a sub policy for the firewall policy

Answer

A

B. Policy Layers and Sub-Policies enable flexible control over the security policy

Question 39

Q

Which packet info is masked with Session Rate Acceleration?

A. same info from Packet Acceleration is used
B. source port ranges
C. source port
D. source ip

Answer

A

source port

Question 40

Q

What does Backward Compatibility mean when upgrading the Management Server and how can you check it?

A. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Installation and Upgrade Guide

B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes

C. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide

D. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Release Notes

Answer

A

B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes

Question 41

Q

Bob is going to prepare the import of the exported R81.10 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.10 release. Which of the following Check Point command is true?

A. $FWDIR/scripts/migrate_server print_installed_tools -v R77.30
B. $CPDIR/scripts/migrate_server print_installed_tools -v R81.10
C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.10
D. $FWDIR/scripts/migrate_server print_uninstalled_tools -v R81.10

Answer

A

C. $FWDIR/scripts/migrate_server print_installed_tools -v R81.10

Question 42

Q

What a valid SecureXL paths in R81.10?

A. F2F (Slow path), Templated Path, PQX and F2V
B. F2F (Slow path), PXL, QXL and F2V
C. F2F (Slow path), Accelerated Path, PQX and F2V
D. F2F (Slow path), Accelerated Path, Medium Path and F2V

Answer

A

D. F2F (Slow path), Accelerated Path, Medium Path and F2V

Question 43

Q

Alice was asked by Bob to implement the Check Point Mobile Access VPN blade – therefore are some basic configuration steps required – which statement about the configuration steps is true?

A. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard
2. Configure Mobile Access parameters in Security Gateway object
3. Add a rule in the Access Control Policy and install policy
4. Connect to the Mobile Access Portal

B. 1. Configure Mobile Access parameters in Security Gateway object
2. Enable Mobile Access blade on the Security Gateway object and complete the wizard
3. Add a rule in the Access Control Policy and install policy
4. Connect to the Mobile Access Portal

C. 1. Connect to the Mobile Access Portal
2. Enable Mobile Access blade on the Security Gateway object and complete the wizard
3. Configure Mobile Access parameters in Security Gateway object
4. Add a rule in the Access Control Policy and install policy

D. 1. Add a rule in the Access Control Policy and install policy
2. Configure Mobile Access parameters in Security Gateway object
3. Enable Mobile Access blade on the Security Gateway object and complete the wizard
4. Connect to the Mobile Access Portal

Answer

A

A. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard
2. Configure Mobile Access parameters in Security Gateway object
3. Add a rule in the Access Control Policy and install policy
4. Connect to the Mobile Access Portal

Question 44

Q

What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?

A. set config-lock on override
B. Click the Lock icon in the WebUI
C. “set rbac rw = 1”
D. lock database override

Answer

A

C. “set rbac rw = 1”

Question 45

Q

The customer has about 150 remote access user with a Windows laptop. Not more than 50 Clients will be connected at the same time. The customer wants to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?

A. He will need Capsule Connect using MEP (multiple entry points).
B. Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed.
C. He will need Harmony Endpoint because of the personal firewall.
D. Mobile Access license because he needs only a 50 user license, license count is per concurrent user.

Answer

A

C. He will need Harmony Endpoint because of the personal firewall.

Question 46

Q

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

A. Application and Client Service
B. Network and Layers
C. Virtual Adapter and Mobile App
D. Network and Application

Answer

A

Network and Application

Question 47

Q

The admin is connected via ssh to the management server. He wants to run a mgmt_cli command but got an Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?
[Expert@SMS:0]# mgmt_cli show service-tcp name FTP

Username: admin -
Password:
message: “Error 404. The Management API service is not available. Please check that the Management API server is up and running.” code: “generic_error”
[Expert@SMS:0]# netstat -anp | grep http
tcp00 0.0.0.0:800.0.0.0:LISTEN18114/httpd
tcp00127.0.0.1:810.0.0.0:LISTEN18114/httpd
tcp00 0.0.0.0:44340.0.0.0:LISTEN9019/httpd2
tcp00 0.0.0.0:4430.0.0.0:LISTEN 18114/httpd

A. Wrong Management API Access settings for the client IP. To correct it go to SmartConsole / Management & Settings / Blades / Management API and press ‘Advanced Settings…’ and choose GUI clients or ALL IP’s.
B. The API didn’t run on the default port check it with ‘api status’ and add ‘–port 4434’ to the mgmt_cli command.
C. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable ‘Management API Login’ under Management Permissions.
D. The API is not running, the services shown by netstat are the Gaia services. To start the API run ‘api start’.

Answer

A

C. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable ‘Management API Login’ under Management Permissions.

Question 48

Q

From SecureXL perspective, what are the three paths of traffic flow:

A. Initial Path; Medium Path; Accelerated Path
B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accelerated Path; Medium Path
D. Firewall Path; Accept Path; Drop Path

Answer

A

Firewall Path; Accelerated Path; Medium Path

Question 49

Q

What are the services used for Cluster Synchronization?

A. 256/TCP for Full Sync and 8116/UDP for Delta Sync
B. 8116/UDP for Full Sync and Delta Sync
C. TCP/256 for Full Sync and Delta Sync
D. No service needed when using Broadcast Mode

Answer

A

A. 256/TCP for Full Sync and 8116/UDP for Delta Sync

Question 50

Q

Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?

A. X-chkp-sid Session Unique Identifier
B. API-Key
C. user-uid
D. uuid Universally Unique Identifier

Answer

A

A. X-chkp-sid Session Unique Identifier

Question 51

Q

Which two Cluster Solutions are available under R81.10?
A. ClusterXL and NSRP
B. VRRP and HSRP
C. VRRP and IP Clustering
D. ClusterXL and VRRP

Answer

A

ClusterXL and VRRP

Question 52

Q

Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?

A. Each network environment is dependent and includes interfaces, routes, sockets, and processes
B. Management Plane – To access, provision and monitor the Security Gateway
C. Data Plane – To access, provision and monitor the Security Gateway
D. Management Plane – for all other network traffic and processing

Answer

A

B. Management Plane – To access, provision and monitor the Security Gateway

Question 53

Q

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?

A. The URL and server certificate are sent to the Check Point Online Web Service.
B. The full URL, including page data, is sent to the Check Point Online Web Service.
C. The host part of the URL is sent to the Check Point Online Web Service.
D. The URL and IP address are sent to the Check Point Online Web Service.

Answer

A

C. The host part of the URL is sent to the Check Point Online Web Service.

Question 54

Q

How do logs change when the “Accounting” tracking option is enabled on a traffic rule?

A. Involved traffic logs will be forwarded to a log server.
B. Provides log details view email to the Administrator.
C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
D. Provides additional information to the connected user.

Answer

A

C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

Question 55

Q

To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?

A. The Access Control and Threat Prevention Policies.
B. The Access Control Policy.
C. The Access Control & HTTPS Inspection Policy.
D. The Threat Prevention Policy.

Answer

A

The Access Control Policy.

Question 56

Q

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server providing Log Export API (LEA) & Event Logging API (ELA) services?

A. DASSERVICE
B. FWD
C. CPVIEWD
D. CPD

Question 57

Q

What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?

A. The corresponding feature is new to R81.10 and is called “Management Data Plane Separation”
B. The corresponding feature is called “Dynamic Dispatching”
C. There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing
D. The corresponding feature is called “Dynamic Split”

Answer

A

A. The corresponding feature is new to R81.10 and is called “Management Data Plane Separation”

Question 58

Q

According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side, a process receives them and first stores them into a temporary directory. Which process is true for receiving these files:

A. FWD
B. CPD
C. FWM
D. RAD

Question 59

Q

What is the amount of Priority Queues by default?

A. There are 8 priority queues and this number cannot be changed.
B. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements.
C. There are 7 priority queues by default and this number cannot be changed.
D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

Answer

A

D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured

Question 60

Q

In R81.10 a new feature dynamic log distribution was added. What is this for?

A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy
B. In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log
C. Synchronize the log between the primary and secondary management server in case of a Management High Availability
D. To save disk space in case of a firewall cluster local logs are distributed between the cluster members

Answer

A

A. Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

Question 61

Q

What could NOT be a reason for synchronization issues in a Management HA environment?

A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
B. There is a network connectivity failure between the servers
C. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.
D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.

Answer

A

A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate

Question 62

Q

What is the correct Syntax for adding an access-rule via R80 API?

A. add access-rule layer “Network” action “Allow”
B. add access-rule layer “Network” position 1 name “Rule 1” service.1 “SMTP” service.2 “http”
C. add access-rule and follow the wizard
D. add rule position 1 name “Rule 1” policy-package “Standard” add service “http”

Answer

A

B. add access-rule layer “Network” position 1 name “Rule 1” service.1 “SMTP” service.2 “http”

Question 63

Q

Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory are true?

A. $FWDIR/conf/client.scv
B. $CPDIR/conf/local.scv
C. $CPDIR/conf/client.scv
D. $FWDIR/conf/local.scv

Answer

A

D. $FWDIR/conf/local.scv

Question 64

Q

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?

A. Network Access VPN Domain
B. Remote Access VPN Switch
C. Community Specific VPN Domain
D. Mobile Access VPN Domain

Answer

A

Community Specific VPN Domain

Answer 61

A

C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Answer 62

A

C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.

Answer 63

A

A. The idle timeout for the web session is specified with the “set web session-timeout” command.

Answer 64

A

D. fwaccel stat

Answer 65

A

C. mq_mng –show

Answer 66

A

Using cpconfig

Answer 67

A

Alert, SNMP trap, Mail

Answer 68

A

C. fwaccel off

Answer 69

A

A. Source address, Destination address, Destination port, Protocol

Answer 70

A

D. The Firewall can update the Link Selection entries to start using a different link for the same tunnel

Answer 71

A

B. The Firewall can run the same policy on all cores

Answer 72

A

B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.

Answer 73

A

C. cphaprob -a if

Answer 74

A

Asymmetric routing

Answer 75

A

A. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

Answer 76

A

Mobile Access

Answer 77

A

C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction

Answer 78

A

up to 3 minutes

Answer 79

A

A. fw ctl set int fwha_vmac_global_param_enabled 1

Answer 80

A

C. fw tab -t connections

Answer 81

A

D. Database Conversion to R81.10 only

Answer 82

A

The connection required a Security server

Answer 83

A

D. fw tab -s

Answer 84

A

A. “i” only

Answer 85

A

TCP port 256

Answer 86

A

C. Only Hotfixes can be installed with the Central Deployment in SmartConsole.

Answer 87

A

C. Detects and blocks malware by correlating multiple detection engines before users are affected.

Answer 88

A

B. Aaron should check API Server status with “api status” from Expert mode. If services are stopped, he should start them with “api start”.

Answer 89

A

A. Pre-Shared Secret

Answer 90

A

B. field_name:string

Answer 91

A

B. i, l, o, O

Answer 92

A

D. gaia_api status

Answer 93

A

D. Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management.

Answer 94

A

D. Run “fw ctl multik dynamic_dispatching on” and then reboot.

Answer 95

A

B. SecuRemote

Answer 96

A

C. api status

Answer 97

A

C. fw ctl chain

Answer 98

A

B. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load.

Answer 99

A

cpinfo -y all

Answer 100

A

B. Manually, Scheduled, Automatic

Answer 101

A

Synchronized

Answer 102

A

D. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

Answer 103

A

B. fw ctl multik stat

Answer 104

A

A. You will find it in the home directory of your user account (e.g. /home/admin/).

Answer 105

A

D. Collision

Answer 106

A

D. Inspect/Bypass

Answer 107

A

C. “Toni” AND 10.0.4.210 NOT 10.0.4.76

Answer 108

A

A. It will not block malicious traffic

Answer 109

A

D. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

Answer 110

A

B. Smart Dashboard

Answer 111

A

D. High Availability Multicast

Answer 112

A

A. set cluster member mvc on in Clish

Answer 113

A

A. cphaprob -a if

Answer 114

A

C. PostgreSQL

Answer 115

A

D. Dynamic Balancing / Split dynamically change the number of SND’s and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)

Answer 116

A

C. The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy.

Answer 117

A

A. Logs Monitor -> New Tab -> Open compliance View

Answer 118

A

A. Schedule

Answer 119

A

C. set mdps mgmt plane on

Answer 120

A

A. cpwd_admin list

Answer 121

A

D. mgmt_cli -m add host name “My Host” ip-address “192.168.0.10”

Answer 122

A

C. api status

Answer 123

A

D. cphaprob list

Answer 124

A

D. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

Answer 125

A

A. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser

Answer 126

A

D. cphaprob stat

Answer 127

A

A. Automatic download of full installation and upgrade packages

Answer 128

A

D. mgmt_cli add host name “emailserver1” ip-address 10.50.23.90

Answer 129

A

D. Always delivers a file to user

Answer 130

A

A. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores.

Answer 131

A

A. In the Logs & Monitor, logs, select “Audit Log View”

Answer 132

A

B. migrate_server import

Answer 133

A

C. Deny Template

Answer 134

A

B. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications.

Answer 135

A

A. R80.10 and Later

Answer 136

A

A. fw ctl pstat

Answer 137

A

D. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

Answer 138

A

D. Overlapping NAT

Answer 139

A

B. SandBlast Threat Extraction

Answer 140

A

D. If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.

Answer 141

A

C. Source address, Destination address, Destination port, Protocol

Answer 142

A

B. tecli advanced attributes set prohibited_file_types.exe.bat

Answer 143

A

A. PDF and HTML

Answer 144

A

A. every member of the cluster received all of the packets sent to the cluster IP address.

Answer 145

A

C. Capsule Enterprise

Answer 146

A

A. lock database override

Answer 147

A

A. Threat Simulator

Answer 148

A

B. “fw unloadlocal”

Answer 149

A

D. Use the migrate_server tool with the option ‘-l’ for the logs and ‘-x’ for the index

Answer 150

A

D. cpprod_util FwIsPrimary

Answer 151

A

D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Answer 152

A

B. As far as you use version R80.40, no upgrade is needed due to compatibility mode.

Answer 153

A

B. api status

Answer 154

A

C. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

Answer 155

A

B. fw ctl conntab -x -dport=22

Answer 156

A

B. The Primary Gateway

Answer 157

A

A. The number of cores must be the same on every participating cluster node.

Answer 158

A

D. TACACS+

Answer 159

A

D. show installer status

Answer 160

A

A. Syslog

Answer 161

A

A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode

Answer 162

A

A. Run command “api start” in any mode

Answer 163

A

B. R77.30

Answer 164

A

D. It is a full layer 3 VPN client

Answer 165

A

B. Sandblast Mobile Protect

Answer 166

A

D. show sysenv all

Answer 167

A

C. You have the full control about the priority of the NAT rules.

Answer 168

A

B. fw ctl multik prioq 2

Answer 169

A

D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console.

Answer 170

A

A. Mutually Trusted Certificate Authorities

Answer 171

A

C. Wire Mode

Answer 172

A

A. Using UDP Multicast or Broadcast on port 8161

Answer 173

A

D. Check Point Capsule Workspace

Answer 174

A

A. mgmt_cli -m add host name ip-address

Answer 175

A

A. commit

Answer 176

A

B. Primary Log Server

Answer 177

A

C. Security Gateway with GAiA does NOT have access to Internet.

Answer 178

A

D. Primary Management, then Secondary Management

Answer 179

A

A. Once per day

Answer 180

A

C. fw tab -t connections -f

Answer 181

A

B. /opt/CPsuite-R80/fw1/log

Answer 182

A

C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

Answer 183

A

A. CPUSE Check Point Update Service Engine

Answer 184

A

B. vpn tu tlist

Answer 185

A

C. Up to 10 gateways

Answer 186

A

D. TCP Port 18209

Answer 187

A

D. PostgreSQL

Answer 188

A

D. cpconfig; reboot required

Answer 189

A

D. cpinfo -y all

Answer 190

A

D. cpinfo

Answer 191

A

C. EndpointContainerLicense - The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base

Answer 192

A

C. Improve the efficiency of CoreXL Kernel Instances

Answer 193

A

B. cpmq set

Answer 194

A

D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.

Answer 195

A

A. cpstat cpsead

Answer 196

A

B. Accept

Answer 197

A

B. ethtool -i eth0

Answer 198

A

C. cpview -t

Answer 199

A

C. Load sharing of emulation between an on premise appliance and the cloud

Answer 200

A

D. R81.10 Security Management Server

Answer 201

A

A. 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization

Answer 202

A

C. Create a customized GUI Client for manipulating the objects database

Answer 203

A

D. Logon with SmartConsole to the Secondary Management Server and choose ‘Make Active’ under Actions in the HA Management Menu

Answer 204

A

C. Medium Path

Answer 205

A

D. TCP port 256

Answer 206

A

D. Public Cloud Service

Answer 207

A

A. Basic, Optimized, Strict

Answer 208

A

C. mgmt login

Answer 209

A

D. cpinfo

Answer 210

A

C. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.

Answer 211

A

A. After upgrading the hardware, increase the number of kernel instances using cpconfig

Answer 212

A

A. Idle <20%

Answer 213

A

B. Threat Prevention Software Blade Package

Answer 214

A

D. If you are about to use a client (FTP, RDP, …) that is installed on the endpoint.

Answer 215

A

B. Dynamic ID

Answer 216

A

D. Certificate Authority

Answer 217

A

A. Distributed and Full High Availability

Answer 218

A

A. Command and Control traffic from hosts that have been identified as infected

Answer 219

A

A. CCP and 8116

Answer 220

A

D. For short connections like http service - do not sync

Answer 221

A

A. fwaccel stat

Answer 222

A

D. True, because SecureXL does improve this traffic

Answer 223

A

D. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”.

Answer 224

A

A. blade:”application control” AND action:drop

Answer 225

A

A. Inbound chain

Answer 226

A

C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

Answer 227

A

D. The Threat Prevention Policy can’t be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Answer 228

A

D. Always delivers a file

Answer 229

A

C. life_sign_timeout

Answer 230

A

D. $FWDIR/conf/local.arp

Answer 231

A

C. Choose different setting for log storage and SmartEvent db

Answer 232

A

C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.

Answer 233

A

C. $FWDIR/log/mtad.elg

Answer 234

A

C. Network InterfaceCard and the Acceleration Device

Answer 235

A

A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

Answer 236

A

C. Manual Pre-Automatic NAT Rules

Answer 237

A

B. Advanced upgrade or CPUSE offline upgrade

Answer 238

A

B. Create new dashboards to manage 3rd party task.

Answer 239

A

C. Supports Dynamic Routing (Unicast and Multicast)

Answer 240

A

A. fw unloadlocal

Answer 241

A

B. Firewall path

Answer 242

A

A. Affinity Distribution

Answer 243

A

D. TCP port 19009

Answer 244

A

D. Access Control, Threat Prevention, QoS, Desktop Security

Answer 245

A

D. IPS is managed by the Threat Prevention Policy

Answer 246

A

B. Check Point Anti-Virus / Threat Emulation

Answer 247

A

B. ReverseProxyCLI

Answer 248

A

D. All Packets

Answer 249

A

D. pre_upgrade_verifier

Answer 250

A

A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

Answer 251

A

B. $FWDIR/conf/local.arp on the gateway

Answer 252

A

C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

Answer 253

A

A. fw ctl affinity -l -a -r -v

Answer 254

A

B. 4 CPU cores, 8GB of RAM and 500 GB of disk space

Answer 255

A

A. Network traffic issues

Answer 256

A

C. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build

Answer 257

A

A. RPM Upgrade

Answer 258

A

C. Personal User Storage

Answer 259

A

C. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command Control Center

Answer 260

A

C. SND is used to distribute packets among Firewall instances

Answer 261

A

D. Automatic proxy ARP configuration can be enabled

Answer 262

A

A. Source Port Ranges/Encrypted Connections

Answer 263

A

C. Threat Extraction always delivers a file and takes less than a second to complete

Answer 264

A

C. clusterXL_admin down

Answer 265

A

C. Capsule Workspace

Answer 266

A

A. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary.

Answer 267

A

B. It generates indexes of data written to the database

Answer 268

A

B. Transfers messages between Firewall processes

Answer 269

A

C. Blade:”VPN” AND VPN-Stores AND Main Mode

Answer 270

A

A. Network Mode and Application Mode

Answer 271

A

A. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Answer 272

A

D. A worldwide collaborative security network

Answer 273

A

A. Mail, SNMP Trap, Block Source, Block Event Activity, External Script

Answer 274

A

D. Check Point Security Gateway Cluster Member:
set cluster member mvc on

Answer 275

A

C. Automatically rearrange Access Control Policy based on Hit Count Analysis.

Answer 276

A

D. Dispatcher (Early Correction) and Firewall (Late Correction)

Answer 277

A

B. Cloud, Appliance and Hybrid

Answer 278

A

D. Firewall logs

Answer 279

A

C. Object Name and MDS signature

Answer 280

A

D. Delivers PDF versions of original files with active content removed.

Answer 281

A

A. Sending API commands over an http connection using web-services

Answer 282

A

C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.

Answer 283

A

D. test_ad_connectivity -d

Answer 284

A

D. fw ctl debug 0

Answer 285

A

A. cphaprob –d STOP unregister

Answer 286

A

D. In bash, use the following command: “gaia_api access –user Tom –enable true”

Answer 287

A

A. Yes, but they need to have a mutually trusted certificate authority

Answer 288

A

C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

Answer 289

A

D. Use 1 dedicated sync interface

Answer 290

A

C. unlock database

Answer 291

A

B. Web Browsers and user devices

Answer 292

A

A. Full layer3 VPN -IPSec VPN that gives users network access to all mobile applications

Answer 293

A

D. “save config” was not issued on clish

Answer 294

A

C. Mobile Access Portal

Answer 295

A

B. TCP Acknowledgment Number

Answer 296

A

B. clusterXL_admin down -p

Answer 297

A

C. fwm, cpd

Answer 298

A

A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.

Answer 299

A

D. fw tab -s

Answer 300

A

D. Mobile Access

Answer 301

A

D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button.

Answer 302

A

B. ips pmstats reset

Answer 303

A

C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.

Answer 304

A

D. Security Gateways/Clusters in ClusterXL HA new mode

Answer 305

A

C. The Standby Member

Answer 306

A

A. In the Logs & Monitor, logs, select “Audit Log View”

Answer 307

A

C. cphaconf set_ccp multicast

Answer 308

A

B. Very Advanced Approach

Answer 309

A

B. Threat Prevention policy

Answer 310

A

D. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

Answer 311

A

C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction

Answer 312

A

A. Access Role

Answer 313

A

A. run “fw ctl zdebug drop” on the relevant gateway

Brainscape's Knowledge GenomeTM

CCSE Flashcards

Brainscape's Knowledge Genome^TM