Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cygate > CCSE > Flashcards

CCSE Flashcards

1
Q

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from CLI?
* mgmt_cli add-host “Server_1” ip_adress “10.15.123.10” –format txt
* mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object “Server_1” ip-address “10.15.123.10” –format json

A

mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to store GAiA configuration in a file for later reference. What command should you use?

  • write mem <filename>
  • show config -f <filename>
  • save config -o <filename>
  • save configuration <filename>
A

save configuration <filename>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the command to check the status of the SmartEvent Server?
* fw ctl get int cpsemd_stat
* cp_conf get_stat cpsead
* fw ctl stat cpsead
* cpstat cpsemd

A

cpstat cpsemd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SandBlast appliances can be deployed in the following modes:
* using a SPAN port to receive a copy of the traffic only
* detect only
* inline/prevent or detect
* as a Mail Transfer Agent and as part of the we traffic flow only

A

inline/prevent or detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In order to optimize performance of a Security Gateway you plan to use SecureXL technology. Your company uses different types of applications. Identify application traffic that will NOT be accelerated.
* Corporate relational database TCP traffic
* Custom application multicast traffic
* Transactions to the external application server using UDP
* TCP connections to the corporate Web-server

A

Custom application multicast traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a ClusterXL high-availability environment, what MAC address will answer for Virtual IP in the default configuration?
* MAC address of Active Member
* Virtual MAC Address
* MAC Address of Standby Member
* MAC Address of Management Server

A

MAC address of Active Member

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the minimum amount of RAM needed for a Threat Prevention Appliance?
* 6 GB
* 8 GB with Gaia in 64-bit mode
* 4 GB
* It depends on the number of software blades enabled

A

4 GB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
* Any size
* Less than 20 GB
* More than 10 GB and less than 20 GB
* At least 20 GB

A

At least 20 GB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of a SmartEvent Correlation Unit?
* The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
* The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events
* The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
* The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server

A

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
* 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
* 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization
* 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization
* 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization

A

3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
* Detects and blocks malware by correlating multiple detection engines before users are affected
* Configure rules to limit the available network bandwidth for specified users or groups
* Use UserCheck to help users understand that certain websites are against the company’s security policy
* Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels

A

Detects and blocks malware by correlating multiple detection engines before users are affected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which is the suitable command to check whether Drop Templates are activated or not?
* fw ctl get int activate_drop_templates
* fwaccel stat
* fwaccel stats
* fw ctl templates -d

A 
fwaccel stat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first to run management API commands on GAIA’s shell?
* mgmt admin admin@teabag > id.txt
* mgmt login
* login user admin password teabag
* mgmt_cli login user "admin" password "teabag" > id.txt

A

mgmt_cli login user "admin" password "teabag" > id.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster
* Symmetric routing
* Failovers
* Asymmetric routing
* Anti-Spoofing

A

Asymmetric routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can SmartView Web application accessed?
* https://<Security Management IP Address>/smartview
* https://<Security Management IP Address>:4434/smartview/
* https://<Sercurity Management IP Address>/smartview/
* https://<Security Management IP host name>:4434/smartview/

A

https://<Sercurity Management IP Address>/smartview/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which command can you use to enable or disable multi-queue per interface?
* cpmq set
* cpmqueue set
* cpmq config
* set cpmq enable

A 
cpmq set
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the most recommended way to install patches and hotfixes?
* CPUSE Check Point Update Service Engine
* rpm -Uv
* Software Update Service
* UnixInstallScript

A

CPUSE Check Point Update Service Engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Advanced Security Checkups can be easily conducted within:
* Reports
* Advanced
* Checkups
* Views

A

Reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following authentication methods ARE NOT used for Mobile Access?
* RADIUS server
* Username and password (internal, LDAP)
* SecureID
* TACACS+

A

TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput
* This statement is true because SecureXL does improve all traffic
* This statement is false because SecureXL does not improve this traffic but CoreXL does
* This statement is true because SecureXL does improve this traffic
* This statement is false because encrypted traffic cannot be inspected

A

This statement is true because SecureXL does improve this traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
* 20 minutes
* 15 minutes
* Admin account cannot be unlocked automatically
* 30 minutes at least

A

30 minutes at least

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the command to see cluster status in cli expert mode?
* fw ctl stat
* clusterXL stat
* clusterXL status
* cphaprob stat

A 
cphaprob stat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
* test_connectivity_ad -d <domain>
* test_ldap_connectivity -d <domain>
* test_ad_connectivity -d <domain>
* ad_connectivity_test -d <domain>

A

test_ad_connectivity -d <domain>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using:
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, the need to install the SSL Network Extender
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additinal software is required
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

A

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the limitation of employing Sticky Decision Function?
* With SDF enabled, the involved VPN Gateways only supports IKEv1
* Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
* With SDF enabled, only ClusterXL in legacy mode is supported
* With SDF enabled, you can only have three Sync interfaces at most

A

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When defining Qos global properties, which option below is not valid?
* Weight
* Authenticated timeout
* Schedule
* Rate

A

Schedule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

There are 4 ways to use the Management API for creating hos object with R80 Management API. Which one is NOT correct?
* Using Web Services
* Using Mgmt_cli tool
* Using CLISH
* Using SmartConsole GUI console

A

Using CLISH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the SOLR database for?
* Used for full text search and enables powerful matching capabilities
* Writes data to the database and full text search
* Serves GUI responsible to transfer request to the DLEserver
* Enables powerful matching capabilities and writes data to the database

A

Used for full text search and enables powerful matching capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the best sync method in the ClusterXL deployment?
* Use 1 cluster + 1st sync
* Use 1 dedicated sync interface
* Use 3 clusters + 1st sync + 2nd sync + 3rd sync
* Use 2 clusters + 1st sync + 2nd sync

A

Use 1 dedicated sync interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.
* fw ctl set int fwha vmac global param enabled
* fw ctl get int fwha vmac global param enabled; result of command should return value 1
* cphaprob -a if
* fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1

A

fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What must you do first if “fwm sic_reset” could not be completed?
* cpstop then find keyword “certificate” in objects_5_0.C and delete the section
* Reinitialize SIC on the security gateway then Run “fw unloadlocal”
* Reset SIC from Smart Dashboard
* Change internal CA via cpconfig

A

cpstop then find keyword “certificate” in objects_5_0.C and delete the section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The SmartEvent R80 Web application for real-time event monitoring is called:
* SmartView Monitor
* SmartEventWeb
* There is no Web application for SmartEvent
* SmartView

A

SmartView

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
* Anti-Bot is the only countermeasure against unknown malware
* Anti-Bot is the only protection mechanisms which starts a counter-attack against known Command & Control Centers
* Anti-Bot is the only signature-based method of malware protection
* Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

A

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the command to show SecureXL status?
* fwaccel status
* fwaccel stats -m
* fwaccel -s
* fwaccel stat

A 
fwaccel stat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How often does Threat Emulation download packages by default?
* Once a week
* Once an hour
* Twice per day
* Once per day

A

Once per day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Several users report that the Mobile Access portal is not responding. Where would you check core dump files?
* /var/log/dump/MAB
* /var/log/modules/MAB
* /var/log/dump/usermode/
* $FWDIR/log/MAB

A 
/var/log/dump/usermode/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
* Secure Internal Communication (SIC)
* Restart Daemons if they fail
* Transfers messages between Firewall processes
* Pulls application monitoring status

A

Restart Daemons if they fail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
* Smart Cloud Services
* Load Sharing Mode Services
* Threat Agent Solution
* Public Cloud Services

A

Public Cloud Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the available options for downloading Check Point hotfixes in Gaia WebUI (CPUSE)?
* Manually, Scheduled, Automatic
* Update Now, Schedule Update, Offline Update
* Update Automatically, Update Now, Disable Update
* Manual Update, Disable Update, Automatic Update

A

Manually, Scheduled, Automatic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What scenario indicates that SecureXL is enabled?
* Dynamic objects are available in the object Explorer
* SecureXL can be disaabled in cpconfig
* fwaccel commands can be used in clish
* Only one packet in a stream is seen in a fw monitor packet capture

A

Only one packet in a stream is seen in a fw monitor packet capture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security
Management Server, the certificate information is \_\_\_\_\_\_\_\_ .
* Sent to the Internal Certificate Authority.
* Sent to the Security Administrator.
* Stored on the Security Management Server.
* Stored on the Certificate Revocation List.

A

Stored on the Certificate Revocation List.

33
Q

To fully enable Dynamic Dispatcher on a Security Gateway:
* run fw ctl multik set_mode 9 in Expert mode and then Reboot.
* Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
* Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
* run fw multik set_mode 1 in Expert mode and then reboot.

A

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

34
Q

True or False: In a Distributed Environment, a Central License can be installed via CLI on a
Security Gateway.
* True, CLI is the prefer method for Licensing
* False, Central License are handled via Security Management Server
* False, Central Licenses are installed via Gaia on Security Gateways
* True, Central License can be installed with CPLIC command on a Security Gateway

A

True, Central License can be installed with CPLIC command on a Security Gateway

35
Q

You work as a security administrator for a large company. CSO of your company has attended a
security conference where he has learnt how hackers constantly modify their strategies and
techniques to evade detection and reach corporate resources. He wants to make sure that his
company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick
delivery of safe content to your users?
* IPS AND Application Control
* IPS, anti-virus and anti-bot
* IPS, anti-virus and e-mail security
* SandBlast

A

SandBlast

36
Q

Which of the following is NOT an attribute of packet acceleration?
* Source address
* Protocol
* Destination port
* VLAN Tag

A

VLAN Tag

37
Q

Which pre-defined Permission Profile should be assigned to an administrator that requires full
access to audit all configurations without modifying them?
* Auditor
* Read Only All
* Super User
* Full Access

A

Read Only All

38
Q

Which configuration file contains the structure of the Security Server showing the port
numbers, corresponding protocol name, and status?
* $FWDIR/database/fwauthd.conf
* $FWDIR/conf/fwauth.conf
* $FWDIR/conf/fwauthd.conf
* $FWDIR/state/fwauthd.conf

A

$FWDIR/conf/fwauthd.conf

39
Q

When using the Mail Transfer Agent, where are the debug logs stored?
* $FWDIR/bin/emaild.mta. elg
* $FWDIR/log/mtad elg
* /var/log/mail.mta elg
* $CPDIR/log/emaild elg

A

$FWDIR/bin/emaild.mta. elg

40
Q

What has to be taken into consideration when configuring Management HA?
* The Database revisions will not be synchronized between the management servers
* SmartConsole must be closed prior to synchronized changes in the objects database
* If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow
FW1_cpredundant to pass before the Firewall Control Connections.
* For Management Server synchronization, only External Virtual Switches are supported. So, if you
wanted to employ Virtual Routers instead, you have to reconsider your design.

A

The Database revisions will not be synchronized between the management servers

41
Q

Which command can you use to verify the number of active concurrent connections?
* fw conn all
* fw ctl pstat
* show all connections
* show connections

A 
fw ctl pstat
42
Q

What needs to be configured if the NAT property ‘Translate destination or client side’ is not
enabled in Global Properties?
* A host route to route to the destination IP.
* Use the file local.arp to add the ARP entries for NAT to work.
* Nothing, the Gateway takes care of all details necessary.
* Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

A

Nothing, the Gateway takes care of all details necessary.

43
Q

What component of R81 Management is used for indexing?
* DBSync
* API Server
* fwm
* SOLR

A

fwm

44
Q

Which 3 types of tracking are available for Threat Prevention Policy?
* SMS Alert, Log, SNMP alert
* Syslog, None, User-defined scripts
* None, Log, Syslog
* Alert, SNMP trap, Mail

A

Syslog, None, User-defined scripts

45
Q

You had setup the VPN Community VPN-Stores’with 3 gateways. There are some issues with
one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only
the IKE Phase 2 agreed networks for both gateways
* action:”Key Install” AND 1.1.1.1 AND Main Mode
* action:”Key Install- AND 1.1.1.1 ANDQuick Mode
* Blade:”VPN” AND VPN-Stores AND Main Mode
* Blade:”VPN” AND VPN-Stores AND Quick Mode

A

Blade:”VPN” AND VPN-Stores AND Main Mode

46
Q

By default, which port does the WebUI listen on?
* 80
* 4434
* 443
* 8080

A

443

47
Q

How many policy layers do Access Control policy support?
* 2
* 4
* 1
* 3

A

2

Two policy layers:
- Network Policy Layer
- Application Control Policy Layer

48
Q

Which member of a high-availability cluster should be upgraded first in a Zero downtime
upgrade?
* The Standby Member
* The Active Member
* The Primary Member
* The Secondary Member

A

The Standby Member

49
Q

Which command would disable a Cluster Member permanently?
* clusterXL_admin down
* cphaprob_admin down
* clusterXL_admin down-p
* set clusterXL down-p

A

clusterXL_admin down-p

50
Q

What are the blades of Threat Prevention?
* IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
* DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
* IPS, AntiVirus, AntiBot
* IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

A

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

51
Q

What is UserCheck?
* Messaging tool used to verify a user’s credentials
* Communication tool used to inform a user about a website or application they are trying to access.
* Administrator tool used to monitor users on their network
* Communication tool used to notify an administrator when a new user is created

A

Communication tool used to inform a user about a website or application they are trying to access.

52
Q

Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN
communities?
* All Connections (Clear or Encrypted)
* Accept all encrypted traffic
* Specific VPN Communities
* All Site-to-Site VPN Communities

A

Accept all encrypted traffic

53
Q

True or False: In R81, more than one administrator can login to the Security Management
Server with write permission at the same time.
* False, this feature has to be enabled in the Global Properties.
* True, every administrator works in a session that is independent of the other administrators.
* True, every administrator works on a different database that is independent of the other
administrators.
* False, only one administrator can login with write permission.

A

True, every administrator works in a session that is independent of the other administrators.

54
Q

Which command is used to display status information for various components?
* show all systems
* show system messages
* sysmess all
* show sysenv all

A 
show sysenv all
55
Q

Automatic affinity means that if SecureXL is running, the affinity for each interface is
automatically reset every
* 15 sec
* 60 sec
* 5 sec
* 30 sec

A

60 sec

56
Q

When deploying SandBlast, how would a Threat Emulation appliance benefit from the
integration of ThreatCloud?
* ThreatCloud is a database-related application which is located on-premise to preserve privacy of
company-related data
* ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud
consisting of a combination of all on-premise private cloud environments
* ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi
infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
* ThreatCloud is a collaboration platform for all the Check Point customers to share information
about malicious and benign files that all of the customers can benefit from as it makes emulation of
known files unnecessary

A

ThreatCloud is a collaboration platform for all the Check Point customers to share information
about malicious and benign files that all of the customers can benefit from as it makes emulation of
known files unnecessary

57
Q

What is the valid range for VRID value in VRRP configuration?
* 1 - 254
* 1 - 255
* 0 - 254
* 0 - 255

A

1 - 255

Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to
255.

58
Q

What is the default shell of Gaia CLI?
* Monitor
* CLI.sh
* Read-only
* Bash

A

CLI.sh

59
Q

Connections to the Check Point R81 Web API use what protocol?
* HTTPS
* RPC
* VPN
* SIC

A

HTTPS

60
Q

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster
members?
* fw ctl set int fwha vmac global param enabled
* fw ctl get int vmac global param enabled; result of command should return value 1
* cphaprob-a if
* fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

A 
fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
61
Q

When SecureXL is enabled, all packets should be accelerated, except packets that match the
following conditions:
* All UDP packets
* All IPv6 Traffic
* All packets that match a rule whose source or destination is the Outside Corporate Network
* CIFS packets

A

CIFS packets

62
Q

After trust has been established between the Check Point components, what is TRUE about
name and IP-address changes?
* Security Gateway IP-address cannot be changed without re-establishing the trust.
* The Security Gateway name cannot be changed in command line without re-establishing trust.
* The Security Management Server name cannot be changed in SmartConsole without reestablishing
trust.
* The Security Management Server IP-address cannot be changed without re-establishing the trust.

A

Security Gateway IP-address cannot be changed without re-establishing the trust.

62
Q

Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90
using GAiA management CLI?
* host name myHost12 ip-address 10.50.23.90
* mgmt: add host name ip-address 10.50.23.90
* add host name emailserver1 ip-address 10.50.23.90
* mgmt: add host name emailserver1 ip-address 10.50.23.90

A

mgmt: add host name emailserver1 ip-address 10.50.23.90

63
Q

You have successfully backed up Check Point configurations without the OS information.
What command would you use to restore this backup?
* restore_backup
* import backup
* cp_merge
* migrate import

A

migrate import

64
Q

What are the methods of SandBlast Threat Emulation deployment?
* Cloud, Appliance and Private
* Cloud, Appliance and Hybrid
* Cloud, Smart-1 and Hybrid
* Cloud, OpenServer and Vmware

A

Cloud, Appliance and Private

65
Q

What are the main stages of a policy installations?
* Verification & Compilation, Transfer and Commit
* Verification & Compilation, Transfer and Installation
* Verification, Commit, Installation
* Verification, Compilation & Transfer, Installation

A

Verification & Compilation, Transfer and Commit

66
Q

What are the attributes that SecureXL will check after the connection is allowed by Security
Policy?
* Source address, Destination address, Source port, Destination port, Protocol
* Source MAC address, Destination MAC address, Source port, Destination port, Protocol
* Source address, Destination address, Source port, Destination port
* Source address, Destination address, Destination port, Protocol

A

Source address, Destination address, Source port, Destination port, Protocol

66
Q

When doing a Stand-Alone Installation, you would install the Security Management Server
with which other Check Point architecture component?
* None, Security Management Server would be installed by itself.
* SmartConsole
* SecureClient
* Security Gateway
* SmartEvent

A

Security Gateway

67
Q

Joey want to configure NTP on R81 Security Management Server. He decided to do this via
WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
* Error! Hyperlink reference not valid.
* Error! Hyperlink reference not valid. IP_Address>:443
* Error! Hyperlink reference not valid.
* Error! Hyperlink reference not valid.

A

Error! Hyperlink reference not valid.

67
Q

The system administrator of a company is trying to find out why acceleration is not working for the
traffic. The traffic is allowed according to the rule based and checked for viruses. But it is not
accelerated. What is the most likely reason that the traffic is not accelerated?
* The connection is destined for a server within the network
* The connection required a Security server
* The packet is the second in an established TCP connection
* The packets are not multicast

A

The connection required a Security server

67
Q

You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box
feature, which command you use?
* sim erdos -e 1
* sim erdos - m 1
* sim erdos -v 1
* sim erdos -x 1

A

sim erdos -e 1

68
Q

Identify the API that is not supported by Check Point currently.
* R81 Management API-
* Identity Awareness Web Services API
* Open REST API
* OPSEC SDK

A

Open REST API

69
Q

What is the base level encryption key used by Capsule Docs?
* RSA 2048
* RSA 1024
* SHA-256
* AES

A

RSA 2048

70
Q

Which of the following is NOT an alert option?
* SNMP
* High alert
* Mail
* User defined alert

A

High alert

71
Q

```

Which of the following is a new R81 Gateway feature that had not been available in R77.X
and older?
* The rule base can be built of layers, each containing a set of the security rules. Layers are
inspected in the order in which they are defined, allowing control over the rule base flow and which
security functionalities take precedence.
* Limits the upload and download throughput for streaming media in the company to 1 Gbps.
* Time object to a rule to make the rule active only during specified times.
* Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is
matched, inspection will continue in the sub policy attached to it rather than in the next rule.

A

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is
matched, inspection will continue in the sub policy attached to it rather than in the next rule.

72
Q

Which command is used to obtain the configuration lock in Gaia?
* Lock database override
* Unlock database override
* Unlock database lock
* Lock database user

A

Lock database override

73
Q

Which Mobile Access Application allows a secure container on Mobile devices to give users
access to internal website, file share and emails?
* Check Point Remote User
* Check Point Capsule Workspace
* Check Point Mobile Web Portal
* Check Point Capsule Remote

A

Check Point Mobile Web Portal

74
Q

Which of the following is NOT a type of Check Point API available in R81.x?
* Identity Awareness Web Services
* OPSEC SDK
* Mobile Access
* Management

A

Mobile Access

75
Q

Fill in the blank: Authentication rules are defined for \_\_\_\_\_\_\_\_ .
* User groups
* Users using UserCheck
* Individual users
* All users in the database

A

User groups

76
Q

During inspection of your Threat Prevention logs you find four different computers having
one event each with a Critical Severity. Which of those hosts should you try to remediate first?
* Host having a Critical event found by Threat Emulation
* Host having a Critical event found by IPS
* Host having a Critical event found by Antivirus
* Host having a Critical event found by Anti-Bot

A

Host having a Critical event found by Anti-Bot

77
Q

What traffic does the Anti-bot feature block?
* Command and Control traffic from hosts that have been identified as infected
* Command and Control traffic to servers with reputation for hosting malware
* Network traffic that is directed to unknown or malicious servers
* Network traffic to hosts that have been identified as infected

A

Command and Control traffic from hosts that have been identified as infected

78
Q

Fill in the blank: A \_\_\_\_\_\_\_\_ VPN deployment is used to provide remote users with secure
access to internal corporate resources by authenticating the user through an internet browser.
* Clientless remote access
* Clientless direct access
* Client-based remote access
* Direct access

A

Clientless remote access

79
Q

When using CPSTAT, what is the default port used by the AMON server?
* 18191
* 18192
* 18194
* 18190

A

18192

80
Q

You have a Geo-Protection policy blocking Australia and a number of other countries. Your
network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
* Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no
control of this.
* Create a rule at the top in the Sydney firewall to allow control traffic from your network
* Nothing - Check Point control connections function regardless of Geo-Protection policy
* Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

A

Nothing - Check Point control connections function regardless of Geo-Protection policy

80
Q

What is the difference between an event and a log?
* Events are generated at gateway according to Event Policy
* A log entry becomes an event when it matches any rule defined in Event Policy
* Events are collected with SmartWorkflow form Trouble Ticket systems
* Log and Events are synonyms

A

A log entry becomes an event when it matches any rule defined in Event Policy

81
Q

Which one of these features is NOT associated with the Check Point URL Filtering and
Application Control Blade?
* Detects and blocks malware by correlating multiple detection engines before users are affected.
* Configure rules to limit the available network bandwidth for specified users or groups.
* Use UserCheck to help users understand that certain websites are against the company’s security
policy.
* Make rules to allow or block applications and Internet sites for individual applications, categories,
and risk levels.

A

Detects and blocks malware by correlating multiple detection engines before users are affected.

82
Q
A
83
Q
A
84
Q
A
85
Q
A
86
Q
A

Cygate (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions