CCSE Flashcards
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from CLI?
* mgmt_cli add-host “Server_1” ip_adress “10.15.123.10” –format txt
* mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” –format json
* mgmt_cli add object “Server_1” ip-address “10.15.123.10” –format json
mgmt_cli add host name “Server_1” ip-address “10.15.123.10” –format json
You want to store GAiA configuration in a file for later reference. What command should you use?
write mem <filename>show config -f <filename>save config -o <filename>save configuration <filename>
save configuration <filename>
What is the command to check the status of the SmartEvent Server?
* fw ctl get int cpsemd_stat
* cp_conf get_stat cpsead
* fw ctl stat cpsead
* cpstat cpsemd
cpstat cpsemd
SandBlast appliances can be deployed in the following modes:
* using a SPAN port to receive a copy of the traffic only
* detect only
* inline/prevent or detect
* as a Mail Transfer Agent and as part of the we traffic flow only
inline/prevent or detect
In order to optimize performance of a Security Gateway you plan to use SecureXL technology. Your company uses different types of applications. Identify application traffic that will NOT be accelerated.
* Corporate relational database TCP traffic
* Custom application multicast traffic
* Transactions to the external application server using UDP
* TCP connections to the corporate Web-server
Custom application multicast traffic
In a ClusterXL high-availability environment, what MAC address will answer for Virtual IP in the default configuration?
* MAC address of Active Member
* Virtual MAC Address
* MAC Address of Standby Member
* MAC Address of Management Server
MAC address of Active Member
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
* 6 GB
* 8 GB with Gaia in 64-bit mode
* 4 GB
* It depends on the number of software blades enabled
4 GB
When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?
* Any size
* Less than 20 GB
* More than 10 GB and less than 20 GB
* At least 20 GB
At least 20 GB
What is the purpose of a SmartEvent Correlation Unit?
* The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server
* The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events
* The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
* The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server
The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
* 4 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
* 3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization
* 1 Interface - an interface leading to the organization and the Internet, and configure for synchronization
* 2 Interfaces - a data interface leading to the organization and the Internet, a second interface for synchronization
3 Interfaces - an interface leading to the organization, a second interface leading to the internet, a third interface for the synchronization
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
* Detects and blocks malware by correlating multiple detection engines before users are affected
* Configure rules to limit the available network bandwidth for specified users or groups
* Use UserCheck to help users understand that certain websites are against the company’s security policy
* Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels
Detects and blocks malware by correlating multiple detection engines before users are affected
Which is the suitable command to check whether Drop Templates are activated or not?
* fw ctl get int activate_drop_templates
* fwaccel stat
* fwaccel stats
* fw ctl templates -d
fwaccel stat
You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first to run management API commands on GAIA’s shell?
* mgmt admin admin@teabag > id.txt
* mgmt login
* login user admin password teabag
* mgmt_cli login user "admin" password "teabag" > id.txt
mgmt_cli login user "admin" password "teabag" > id.txt
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster
* Symmetric routing
* Failovers
* Asymmetric routing
* Anti-Spoofing
Asymmetric routing
How can SmartView Web application accessed?
* https://<Security Management IP Address>/smartview
* https://<Security Management IP Address>:4434/smartview/
* https://<Sercurity Management IP Address>/smartview/
* https://<Security Management IP host name>:4434/smartview/
https://<Sercurity Management IP Address>/smartview/
Which command can you use to enable or disable multi-queue per interface?
* cpmq set
* cpmqueue set
* cpmq config
* set cpmq enable
cpmq set
What is the most recommended way to install patches and hotfixes?
* CPUSE Check Point Update Service Engine
* rpm -Uv
* Software Update Service
* UnixInstallScript
CPUSE Check Point Update Service Engine
Advanced Security Checkups can be easily conducted within:
* Reports
* Advanced
* Checkups
* Views
Reports
Which of the following authentication methods ARE NOT used for Mobile Access?
* RADIUS server
* Username and password (internal, LDAP)
* SecureID
* TACACS+
TACACS+
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput
* This statement is true because SecureXL does improve all traffic
* This statement is false because SecureXL does not improve this traffic but CoreXL does
* This statement is true because SecureXL does improve this traffic
* This statement is false because encrypted traffic cannot be inspected
This statement is true because SecureXL does improve this traffic
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
* 20 minutes
* 15 minutes
* Admin account cannot be unlocked automatically
* 30 minutes at least
30 minutes at least
What is the command to see cluster status in cli expert mode?
* fw ctl stat
* clusterXL stat
* clusterXL status
* cphaprob stat
cphaprob stat
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
* test_connectivity_ad -d <domain>
* test_ldap_connectivity -d <domain>
* test_ad_connectivity -d <domain>
* ad_connectivity_test -d <domain>
test_ad_connectivity -d <domain>
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using:
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, the need to install the SSL Network Extender
* HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additinal software is required
* HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender
What is the limitation of employing Sticky Decision Function?
* With SDF enabled, the involved VPN Gateways only supports IKEv1
* Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
* With SDF enabled, only ClusterXL in legacy mode is supported
* With SDF enabled, you can only have three Sync interfaces at most
Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
When defining Qos global properties, which option below is not valid?
* Weight
* Authenticated timeout
* Schedule
* Rate
Schedule
There are 4 ways to use the Management API for creating hos object with R80 Management API. Which one is NOT correct?
* Using Web Services
* Using Mgmt_cli tool
* Using CLISH
* Using SmartConsole GUI console
Using CLISH
What is the SOLR database for?
* Used for full text search and enables powerful matching capabilities
* Writes data to the database and full text search
* Serves GUI responsible to transfer request to the DLEserver
* Enables powerful matching capabilities and writes data to the database
Used for full text search and enables powerful matching capabilities
What is the best sync method in the ClusterXL deployment?
* Use 1 cluster + 1st sync
* Use 1 dedicated sync interface
* Use 3 clusters + 1st sync + 2nd sync + 3rd sync
* Use 2 clusters + 1st sync + 2nd sync
Use 1 dedicated sync interface
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.
* fw ctl set int fwha vmac global param enabled
* fw ctl get int fwha vmac global param enabled; result of command should return value 1
* cphaprob -a if
* fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1
fw ctl get int fwha_vmac_global_param_enabled; results of command should return value 1
cpstop then find keyword “certificate” in objects_5_0.C and delete the section
The SmartEvent R80 Web application for real-time event monitoring is called:
* SmartView Monitor
* SmartEventWeb
* There is no Web application for SmartEvent
* SmartView
SmartView
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
* Anti-Bot is the only countermeasure against unknown malware
* Anti-Bot is the only protection mechanisms which starts a counter-attack against known Command & Control Centers
* Anti-Bot is the only signature-based method of malware protection
* Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center
What is the command to show SecureXL status?
* fwaccel status
* fwaccel stats -m
* fwaccel -s
* fwaccel stat
fwaccel stat
How often does Threat Emulation download packages by default?
* Once a week
* Once an hour
* Twice per day
* Once per day
Once per day
Several users report that the Mobile Access portal is not responding. Where would you check core dump files?
* /var/log/dump/MAB
* /var/log/modules/MAB
* /var/log/dump/usermode/
* $FWDIR/log/MAB
/var/log/dump/usermode/
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
* Secure Internal Communication (SIC)
* Restart Daemons if they fail
* Transfers messages between Firewall processes
* Pulls application monitoring status
Restart Daemons if they fail
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
* Smart Cloud Services
* Load Sharing Mode Services
* Threat Agent Solution
* Public Cloud Services
Public Cloud Services
What are the available options for downloading Check Point hotfixes in Gaia WebUI (CPUSE)?
* Manually, Scheduled, Automatic
* Update Now, Schedule Update, Offline Update
* Update Automatically, Update Now, Disable Update
* Manual Update, Disable Update, Automatic Update
Manually, Scheduled, Automatic
What scenario indicates that SecureXL is enabled?
* Dynamic objects are available in the object Explorer
* SecureXL can be disaabled in cpconfig
* fwaccel commands can be used in clish
* Only one packet in a stream is seen in a fw monitor packet capture
Only one packet in a stream is seen in a fw monitor packet capture
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security
Management Server, the certificate information is \_\_\_\_\_\_\_\_ .
* Sent to the Internal Certificate Authority.
* Sent to the Security Administrator.
* Stored on the Security Management Server.
* Stored on the Certificate Revocation List.
Stored on the Certificate Revocation List.
To fully enable Dynamic Dispatcher on a Security Gateway:
* run fw ctl multik set_mode 9 in Expert mode and then Reboot.
* Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
* Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
* run fw multik set_mode 1 in Expert mode and then reboot.
run fw ctl multik set_mode 9 in Expert mode and then Reboot.
True or False: In a Distributed Environment, a Central License can be installed via CLI on a
Security Gateway.
* True, CLI is the prefer method for Licensing
* False, Central License are handled via Security Management Server
* False, Central Licenses are installed via Gaia on Security Gateways
* True, Central License can be installed with CPLIC command on a Security Gateway
True, Central License can be installed with CPLIC command on a Security Gateway
You work as a security administrator for a large company. CSO of your company has attended a
security conference where he has learnt how hackers constantly modify their strategies and
techniques to evade detection and reach corporate resources. He wants to make sure that his
company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick
delivery of safe content to your users?
* IPS AND Application Control
* IPS, anti-virus and anti-bot
* IPS, anti-virus and e-mail security
* SandBlast
SandBlast
Which of the following is NOT an attribute of packet acceleration?
* Source address
* Protocol
* Destination port
* VLAN Tag
VLAN Tag
Which pre-defined Permission Profile should be assigned to an administrator that requires full
access to audit all configurations without modifying them?
* Auditor
* Read Only All
* Super User
* Full Access
Read Only All
Which configuration file contains the structure of the Security Server showing the port
numbers, corresponding protocol name, and status?
* $FWDIR/database/fwauthd.conf
* $FWDIR/conf/fwauth.conf
* $FWDIR/conf/fwauthd.conf
* $FWDIR/state/fwauthd.conf
$FWDIR/conf/fwauthd.conf
When using the Mail Transfer Agent, where are the debug logs stored?
* $FWDIR/bin/emaild.mta. elg
* $FWDIR/log/mtad elg
* /var/log/mail.mta elg
* $CPDIR/log/emaild elg
$FWDIR/bin/emaild.mta. elg
What has to be taken into consideration when configuring Management HA?
* The Database revisions will not be synchronized between the management servers
* SmartConsole must be closed prior to synchronized changes in the objects database
* If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow
FW1_cpredundant to pass before the Firewall Control Connections.
* For Management Server synchronization, only External Virtual Switches are supported. So, if you
wanted to employ Virtual Routers instead, you have to reconsider your design.
The Database revisions will not be synchronized between the management servers
Which command can you use to verify the number of active concurrent connections?
* fw conn all
* fw ctl pstat
* show all connections
* show connections
fw ctl pstat
What needs to be configured if the NAT property ‘Translate destination or client side’ is not
enabled in Global Properties?
* A host route to route to the destination IP.
* Use the file local.arp to add the ARP entries for NAT to work.
* Nothing, the Gateway takes care of all details necessary.
* Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.
Nothing, the Gateway takes care of all details necessary.
What component of R81 Management is used for indexing?
* DBSync
* API Server
* fwm
* SOLR
fwm
Which 3 types of tracking are available for Threat Prevention Policy?
* SMS Alert, Log, SNMP alert
* Syslog, None, User-defined scripts
* None, Log, Syslog
* Alert, SNMP trap, Mail
Syslog, None, User-defined scripts
You had setup the VPN Community VPN-Stores’with 3 gateways. There are some issues with
one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only
the IKE Phase 2 agreed networks for both gateways
* action:”Key Install” AND 1.1.1.1 AND Main Mode
* action:”Key Install- AND 1.1.1.1 ANDQuick Mode
* Blade:”VPN” AND VPN-Stores AND Main Mode
* Blade:”VPN” AND VPN-Stores AND Quick Mode
Blade:”VPN” AND VPN-Stores AND Main Mode
By default, which port does the WebUI listen on?
* 80
* 4434
* 443
* 8080
443
How many policy layers do Access Control policy support?
* 2
* 4
* 1
* 3
2
Two policy layers:
- Network Policy Layer
- Application Control Policy Layer
Which member of a high-availability cluster should be upgraded first in a Zero downtime
upgrade?
* The Standby Member
* The Active Member
* The Primary Member
* The Secondary Member
The Standby Member
Which command would disable a Cluster Member permanently?
* clusterXL_admin down
* cphaprob_admin down
* clusterXL_admin down-p
* set clusterXL down-p
clusterXL_admin down-p
What are the blades of Threat Prevention?
* IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
* DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
* IPS, AntiVirus, AntiBot
* IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
What is UserCheck?
* Messaging tool used to verify a user’s credentials
* Communication tool used to inform a user about a website or application they are trying to access.
* Administrator tool used to monitor users on their network
* Communication tool used to notify an administrator when a new user is created
Communication tool used to inform a user about a website or application they are trying to access.
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN
communities?
* All Connections (Clear or Encrypted)
* Accept all encrypted traffic
* Specific VPN Communities
* All Site-to-Site VPN Communities
Accept all encrypted traffic
True or False: In R81, more than one administrator can login to the Security Management
Server with write permission at the same time.
* False, this feature has to be enabled in the Global Properties.
* True, every administrator works in a session that is independent of the other administrators.
* True, every administrator works on a different database that is independent of the other
administrators.
* False, only one administrator can login with write permission.
True, every administrator works in a session that is independent of the other administrators.
Which command is used to display status information for various components?
* show all systems
* show system messages
* sysmess all
* show sysenv all
show sysenv all
Automatic affinity means that if SecureXL is running, the affinity for each interface is
automatically reset every
* 15 sec
* 60 sec
* 5 sec
* 30 sec
60 sec
