Check Point Certified Security Administrator – R81.20 (CCSA) v1.0

Question 1

Which of the following is a valid deployment option?

A. CloudSec deployment
B. Disliked deployment
C. Router only deployment
D. Standalone deployment

Answer 1

D. Standalone deployment

Question 2

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

A. Read Only All
B. Full Access
C. Editor
D. Super User

Answer 2

A. Read Only All

Question 3

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

A. Logging and Status
B. Monitoring
C. Threat Emulation
D. Application Control

Answer 3

B. Monitoring

Question 4

Which type of Check Point license ties the package license to the IP address of the Security Management Server?

A. Formal
B. Corporate
C. Central
D. Local

Answer 4

D. Local

Question 5

Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? Choose the BEST answer.

A. Anti-Malware
B. Content Awareness
C. Anti-Virus
D. IPS

Answer 5

C. Anti-Virus

Question 6

URL Filtering cannot be used to:

A. Control Data Security
B. Decrease legal liability
C. Improve organizational security
D. Control Bandwidth issues

Answer 6

A. Control Data Security

Question 7

Which one of the following is TRUE?

A. One policy can be either inline or ordered, but not both.
B. Inline layer can be defined as a rule action.
C. Ordered policy is a sub-policy within another policy.
D. Pre-R80 Gateways do not support ordered layers.

Answer 7

B. Inline layer can be defined as a rule action.

Question 8

Fill in the blanks: A Check Point software license consists of a _____ and _____.

A. Software container; software package
B. Software package; signature
C. Signature; software blade
D. Software blade; software container

Answer 8

A. Software container; software package

Question 9

Which of the following is used to initially create trust between a Gateway and Security Management Server?

A. One-time Password
B. Token
C. Certificate
D. Internal Certificate Authority

Answer 9

A. One-time Password

Question 10

What are the two elements of address translation rules?

A. Original packet and translated packet
B. Manipulated packet and original packet
C. Untranslated packet and manipulated packet
D. Translated packet and untranslated packet

Answer 10

A. Original packet and translated packet

Question 11

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?

A. 192.168.1.1 AND 172.26.1.1 AND drop
B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop
C. 192.168.1.1 OR 172.26.1.1 AND action:Drop
D. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop

Answer 11

B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop

Question 12

Fill in the blanks: The _____ collects logs and sends them to the _____.

A. Log server; Security Gateway
B. Security Gateways; log server
C. Log server; security management server
D. Security management server; Security Gateway

Answer 12

B. Security Gateways; log server

Question 13

Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

A. RADIUS
B. SecurID
C. Check Point password
D. Security questions

Answer 13

D. Security questions

Question 14

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

A. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
B. Domain-based- VPN domains are pre-defined for all VPN Gateways.
A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
C. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
D. Domain-based- VPN domains are pre-defined for all VPN Gateways.
When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

Answer 14

A. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

Question 15

What is the main objective when using Application Control?

A. To see what users are doing.
B. Ensure security and privacy of information.
C. To filter out specific content.
D. To assist the firewall blade with handling traffic.

Answer 15

B. Ensure security and privacy of information.

Question 16

Which default Gaia user has full read/write access?

A. superuser
B. monitor
C. altuser
D. admin

Answer 16

D. admin

Question 17

Which icon in the WebUI indicates that read/write access is enabled?

A. Eyeglasses
B. Pencil
C. Padlock
D. Book

Answer 17

B. Pencil

Question 18

Which SmartConsole tab is used to monitor network and security performance?

A. Logs Monitor
B. Manage Settings
C. Security Policies
D. Gateway Servers

Answer 18

A. Logs Monitor

Question 19

Check Point Update Service Engine (CPUSE), also known as Deployment Agent [DA], is an advanced and intuitive mechanism for software deployment on Gaia OS. What software packages are supported for deployment?

A. It supports deployments of single HotFixes (HF), and of Major Versions. Blink Packages and HotFix Accumulators (Jumbo) are not supported.
B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions.
C. It supports deployments of Major Versions and Blink packages only.
D. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), but not of Major Versions.

Answer 19

B. It supports deployments of single HotFixes (HF), of HotFix Accumulators (Jumbo), and of Major Versions

Question 20

In SmartConsole, on which tab are Permissions and Administrators defined?

A. MANAGE & SETTINGS
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR

Answer 20

A. MANAGE & SETTINGS

Question 21

Which tool allows automatic update of Gaia OS and Check Point products installed on Gaia OS?

A. CPDAS - Check Point Deployment Agent Service
B. CPUSE - Check Point Upgrade Service Engine
C. CPASE - Check Point Automatic Service Engine
D. CPAUE - Check Point Automatic Update Engine

Answer 21

B. CPUSE - Check Point Upgrade Service Engine

Question 22

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?

A. Verify and compile Security Policies.
B. Display policies and logs on the administrator’s workstation.
C. Store firewall logs to hard drive storage.
D. Manage the object database.

Answer 22

B. Display policies and logs on the administrator’s workstation.

Question 23

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

A. True, every administrator works on a different database that is independent of the other administrators
B. False, only one administrator can login with write permission
C. True, every administrator works in a session that is independent of the other administrators
D. False, this feature has to be enabled in the Global Properties

Answer 23

C. True, every administrator works in a session that is independent of the other administrators

Question 24

What Check Point tool is used to automatically update Check Point products for the Gaia OS?

A. Check Point Update Engine
B. Check Point Upgrade Installation Service
C. Check Point Upgrade Service Engine (CPUSE)
D. Check Point INSPECT Engine

Answer 24

C. Check Point Upgrade Service Engine (CPUSE)

Question 25

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? Choose the BEST answer.

A. Delete older versions of database.
B. Publish or discard the session.
C. Revert the session.
D. Save and install the Policy.

Answer 25

B. Publish or discard the session.

Question 26

What are the two deployment options available for a security gateway?

A. Bridge and Switch
B. Local and Remote
C. Cloud and Router
D. Standalone and Distributed

Answer 26

D. Standalone and Distributed

Question 27

One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

A. AdminB sees a pencil icon next the rule that AdminB is currently editing.
B. AdminA, AdminB and AdminC are editing three different rules at the same time.
C. AdminA and AdminB are editing the same rule at the same time.
D. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.

Answer 27

C. AdminA and AdminB are editing the same rule at the same time.

Question 28

Which one of the following is the preferred licensing model? Select the BEST answer.

A. Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server.
B. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.
C. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.
D. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway.

Answer 28

C. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway.

Question 29

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are _____ types of Software Containers: _____.

A. Two; Security Management and Endpoint Security
B. Three; Security Management, Security Gateway, and Endpoint Security
C. Three; Security Gateway, Endpoint Security, and Gateway Management
D. Two; Endpoint Security and Security Gateway

Answer 29

B. Three; Security Management, Security Gateway, and Endpoint Security

Question 30

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

A. Formal
B. Central
C. Local
D. Corporate

Answer 30

C. Local

Question 31

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?

A. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
B. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
C. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
D. Tom’s changes will be lost since he lost connectivity and he will have to start again.

Answer 31

C. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Question 32

In which deployment is the security management server and Security Gateway installed on the same appliance?

A. Switch
B. Standalone
C. Distributed
D. Remote

Answer 32

B. Standalone

Question 33

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?

A. Data Awareness
B. Threat Emulation
C. Application Control
D. Identity Awareness

Answer 33

D. Identity Awareness

Question 34

DLP and Mobile Access Policy are examples of what type of Policy?

A. Shared Policies
B. Unified Policies
C. Inspection Policies
D. Standard Policies

Answer 34

A. Shared Policies

Question 35

What is the default shell of Gaia CLI?

A. Read-only
B. Expert
C. Clish
D. Bash

Answer 35

C. Clish

Question 36

Which of the following is NOT a valid application navigation tab in SmartConsole?

A. WEBUI & COMMAND LINE
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. LOGS & MONITOR

Answer 36

A. WEBUI & COMMAND LINE

Question 37

What are two basic rules Check Point recommends for building an effective security policy?

A. Accept Rule and Drop Rule
B. Explicit Rule and Implied Rule
C. Cleanup Rule and Stealth Rule
D. NAT Rule and Reject Rule

Answer 37

C. Cleanup Rule and Stealth Rule

Question 38

When dealing with policy layers, what two layer types can be utilized?

A. Inbound Layers and Outbound Layers
B. Ordered Layers and Inline Layers
C. Structured Layers and Overlap Layers
D. R81.X does not support Layers

Answer 38

B. Ordered Layers and Inline Layers

Question 39

What are the three main components of Check Point security management architecture?

A. Smart Console, Standalone, Security Management Server
B. Policy-Client, Security Management Server, Security Gateway
C. SmartConsole, Security Policy Server, Logs & Monitoring
D. SmartConsole, Security Management Server, Security Gateway

Answer 39

D. SmartConsole, Security Management Server, Security Gateway

Question 40

Which Check Point software blade provides protection from zero-day and undiscovered threats?

A. Threat Extraction
B. Threat Emulation
C. Firewall
D. Application Control

Answer 40

B. Threat Emulation

Question 41

What are the three types of UserCheck messages?

A. ask, block, and notify
B. block, action, and warn
C. action, inform, and ask
D. inform, ask, and drop

Answer 41

A. ask, block, and notify

Question 42

By default, which port is used to connect to the GAiA Portal?

A. 4434
B. 80
C. 8080
D. 443

Answer 42

D. 443

Question 43

Choose what BEST describes a Session.

A. Sessions ends when policy is pushed to the Security Gateway.
B. Sessions locks the policy package for editing.
C. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.
D. Starts when an Administrator publishes all the changes made on SmartConsole.

Answer 43

C. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out.

Question 44

Which command shows detailed information about VPN tunnels?

A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview

Answer 44

C. vpn tu

Question 45

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?

A. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server.
B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.
C. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server.
D. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers.

Answer 45

B. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Question 46

Fill in the blank: Backup and restores can be accomplished through _____.

A. CLI, SmartUpdate, or SmartBackup
B. SmartUpdate, SmartBackup, or SmartConsole
C. SmartConsole, WebUI, or CLI
D. WebUI, CLI, or SmartUpdate

Answer 46

C. SmartConsole, WebUI, or CLI

Question 47

What kind of NAT enables Source Port Address Translation by default?

A. Automatic Hide NAT
B. Automatic Static NAT
C. Manual Static NAT
D. Manual Hide NAT

Answer 47

A. Automatic Hide NAT

Question 48

Fill in the blanks: In _____ NAT, Only the _____ is translated.

A. Hide; source
B. Simple; source
C. Static; source
D. Hide; destination

Answer 48

A. Hide; source

Question 49

Application Control/URL filtering database library is known as:

A. AppWiki
B. Application-Forensic Database
C. Application Library
D. Application database

Answer 49

A. AppWiki

Question 50

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

A. Security Management Server
B. Security Gateway
C. SmartConsole
D. SmartManager

Answer 50

A. Security Management Server

Question 51

Which of the following technologies extracts detailed information from packets and stores that information in different tables?

A. Application Layer Firewall
B. Packet Filtering
C. Next-Generation Firewall
D. Stateful Inspection

Answer 51

D. Stateful Inspection

Question 52

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?

A. Open SmartEvent to see why they are being blocked.
B. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet.
C. Open SmartMonitor and connect remotely to the wireless controller.
D. Open SmartUpdate and review the logs tab.

Answer 52

B. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet.

Question 53

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

A. Gaia iOS
B. Red Hat Enterprise Linux version 4
C. Centos Unix
D. Gaia embedded

Answer 53

A. Gaia iOS

Question 54

What command from the CLI would be used to view current licensing?

A. cplic print
B. show license -s
C. fw ctl tab -t license -s
D. license view

Answer 54

A. cplic print

Question 55

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?

A. Security Zones are not supported by Check Point firewalls.
B. The firewall rule can be configured to include one or more subnets in a zone.
C. The zone is based on the network topology and determined according to where the interface leads to.
D. The local directly connected subnet defined by the subnet IP and subnet mask.

Answer 55

D. The local directly connected subnet defined by the subnet IP and subnet mask.

Question 56

Which of the completed statements is NOT true? The GAiA Portal (WebUI) can be used to manage Operating System user accounts and:

A. assign privileges to users.
B. assign user rights to the directory structure on the Security Management Server.
C. add more users to the Gaia operating system.
D. change the home directory of the user.

Answer 56

B. assign user rights to the directory structure on the Security Management Server.

Question 57

Which encryption algorithm is the least secured?

A. 3DES
B. AES-128
C. DES
D. AES-256

Answer 57

C. DES

Question 58

Fill in the blank: SmartConsole, SmartEvent GUI client, and _____ allow viewing of billions of consolidated logs and shows them as prioritized security events.

A. SmartMonitor
B. SmartReporter
C. SmartTracker
D. SmartView Web Application

Answer 58

D. SmartView Web Application

Question 59

What is the default tracking option of a rule?

A. None
B. Alert
C. Log
D. Tracking

Answer 59

C. Log

Question 60

Fill in the blank: Once a license is activated, a _____ should be installed.

A. License Management file
B. License Contract file
C. Security Gateway Contract file
D. Service Contract file

Answer 60

D. Service Contract file

Question 61

When should you generate new licenses?

A. Only when the license is upgraded.
B. After a device upgrade.
C. When the existing license expires, the license is upgraded, or the IP address associated with the license changes.
D. Before installing contract files.

Answer 61

C. When the existing license expires, the license is upgraded, or the IP address associated with the license changes.

Question 62

Fill in the blank: The position of an Implied rule is manipulated in the _____ window.

A. Firewall
B. Object Explorer
C. Global Properties
D. NAT

Answer 62

C. Global Properties

Question 63

Which of the following situations would not require a new license to be generated and installed?

A. The existing license expires.
B. The Security Gateway is upgraded.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.

Answer 63

B. The Security Gateway is upgraded.

Question 64

You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

A. Log Trimming is enabled.
B. Content Awareness is not enabled.
C. Logging has disk space issues.
D. Identity Awareness is not enabled.

Answer 64

B. Content Awareness is not enabled.

Question 65

Fill in the blank: In order to install a license, it must first be added to the _____.

A. Package repository
B. Download Center Web site
C. License and Contract repository
D. User Center

Answer 65

C. License and Contract repository

Question 66

What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

A. Shared Secret Passwords
B. Unique Passwords
C. Shared User Certificates
D. Mutually Trusted Certificate Authorities

Answer 66

D. Mutually Trusted Certificate Authorities

Question 67

Main Mode in iKEv1 uses how many packages for negotiation?

A. 3
B. depends on the make of the peer gateway
C. 6
D. 4

Answer 67

C. 6

Question 68

Which is a main component of the Check Point security management architecture?

A. Proxy Server
B. Endpoint VPN client
C. Identity Collector
D. SmartConsole

Answer 68

D. SmartConsole

Question 69

What are the two types of NAT supported by the Security Gateway?

A. Destination and Hide
B. Source and Destination
C. Static and Source
D. Hide and Static

Answer 69

D. Hide and Static

Question 70

Fill in the blank: A(n) _____ rule is created by an administrator and configured to allow or block traffic based on specified criteria.

A. Explicit
B. Implicit drop
C. Implicit accept
D. Inline

Answer 70

A. Explicit

Question 71

Where is the “Hit Count” feature enabled or disabled in SmartConsole?

A. In Global Properties.
B. On each Security Gateway.
C. On the Policy layer.
D. On the Policy Package.

Answer 71

C. On the Policy layer.

Question 72

Log query results can be exported to what file format?

A. Comma Separated Value (csv).
B. Word Document (docx).
C. Text (txt).
D. Portable Document Format (pdf).

Answer 72

A. Comma Separated Value (csv).

Question 73

In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.

A. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.
B. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed.
C. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
D. SmartConsole and WebUI on the Security Management Server.

Answer 73

B. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed.

Question 74

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

A. Anti-spam and Email Security
B. Anti-Virus
C. Firewall
D. Application Control

Answer 74

B. Anti-Virus

Question 75

When a Security Gateway communicates about its status to an IP address other than its own, which deployment option was chosen?

A. Targeted
B. Bridge Mode
C. Distributed
D. Standalone

Answer 75

C. Distributed

Question 76

In HTTPS Inspection policy, what actions are available in the “Actions” column of a rule?

A. “Inspect”, “Bypass”, “Block”
B. “Inspect”, “Bypass”, “Categorize”
C. “Inspect”, “Bypass”
D. “Detect”, “Bypass”

Answer 76

A. “Inspect”, “Bypass”, “Block”

Question 77

Why is a Central License the preferred and recommended method of licensing?

A. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.
B. Central Licensing actually not supported with Gaia.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing is the only option when deploying Gaia.

Answer 77

A. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Question 78

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

A. Install policy
B. Publish changes
C. Install database
D. Save changes

Answer 78

A. Install policy

Question 79

Which of the following is NOT an alert option?

A. SNMP
B. User defined alert
C. High alert
D. Mail

Answer 79

C. High alert

Question 80

The VPN Link Selection will perform the following if the primary VPN link goes down?

A. The Firewall will send out the packet on all interfaces
B. The Firewall will inform the client that the tunnel is down
C. The Firewall can update the Link Selection entries to start using a different link for the same tunnel
D. The Firewall will drop the packets

Answer 80

C. The Firewall can update the Link Selection entries to start using a different link for the same tunnel

Question 81

A layer can support different combinations of blades. What are the supported blades:

A. Firewall, NAT, Content Awareness and Mobile Access
B. Firewall, URLF, Content Awareness and Mobile Access
C. Firewall (Network Access Control), Application & URL Filtering and Content Awareness
D. Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access

Answer 81

D. Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access

Question 82

Fill in the blanks: The Application Layer Firewalls inspect traffic through the _____ layer(s) of the TCP/IP model and up to and including the _____ layer.

A. Upper; Application
B. Lower; Application
C. First two; Internet
D. First two; Transport

Answer 82

B. Lower; Application

Question 83

When configuring Anti-Spoofing, which tracking options can an Administrator select?

A. Log, Alert, None
B. Drop Packet, Alert, None
C. Log, Allow Packets, Email
D. Log, Send SNMP Trap, Email

Answer 83

A. Log, Alert, None

Question 84

What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?

A. Automatic Licensing and Verification tool
B. Verification licensing
C. Verification tool
D. Automatic licensing

Answer 84

D. Automatic licensing

Question 85

What are valid authentication methods for mutual authenticating the VPN gateways?

A. Pre-shared Secret and PKI Certificates
B. PKI Certificates and Kerberos Tickets
C. Pre-Shared Secrets and Kerberos Ticket
D. PKI Certificates and DynamicID OTP

Answer 85

A. Pre-shared Secret and PKI Certificates

Question 86

Which option in tracking allows you to see the amount of data passed in the connection?

A. Advanced
B. Accounting
C. Data
D. Logs

Answer 86

B. Accounting

Question 87

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?

A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
C. Automatic NAT can offer more flexibility than Manual NAT.
D. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.

Answer 87

A. Manual NAT can offer more flexibility than Automatic NAT

Question 88

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is _____.

A. Stored on the Security Management Server.
B. Stored on the Certificate Revocation List.
C. Sent to the Internal Certificate Authority.
D. Sent to the Security Administrator.

Answer 88

B. Stored on the Certificate Revocation List.

Question 89

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

A. Threat Emulation
B. Anti-Virus
C. Advanced Networking Blade
D. Application Control

Answer 89

C. Advanced Networking Blade

Question 90

In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

A. Monitoring Blade
B. SNMP
C. None - the data is available by default
D. Logging & Monitoring

Answer 90

A. Monitoring Blade

Question 91

How do logs change when the “Accounting” tracking option is enabled on a traffic rule?

A. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
B. Involved traffic logs will be forwarded to a log server.
C. Provides additional information to the connected user.
D. Provides log details view email to the Administrator.

Answer 91

A. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

Question 92

What are the software components used by Autonomous Threat Prevention Profiles in R81.20 and higher?

A. Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, IPS, File and URL Reputation
B. IPS, Threat Emulation and Threat Extraction
C. Sandbox, ThreatCloud, Sanitization, C&C Protection, IPS
D. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction

Answer 92

A. Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, IPS, File and URL Reputation

Question 93

In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs it is recommended to install the Log Server on a dedicated computer. Which statement is FALSE?

A. The dedicated Log Server must be the same version as the Security Management Server.
B. A Log Server has a SIC certificate which allows secure communication with the SMS and Security Gateways.
C. More than one Log Server can be installed.
D. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

Answer 93

D. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

Question 94

What is required for a site-to-site VPN tunnel that does not use certificates?

A. Unique Passwords
B. Pre-Shared Secret
C. SecureID
D. RSA Token

Answer 94

B. Pre-Shared Secret

Question 95

Fill in the blanks: A _____ license requires an administrator to designate a gateway for attachment whereas a license is automatically attached to a Security Gateway.

A. Local; formal
B. Central; local
C. Formal; corporate
D. Local; central

Answer 95

B. Central; local

Question 96

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?

A. The full URL, including page data, is sent to the Check Point Online Web Service.
B. The URL and IP address are sent to the Check Point Online Web Service.
C. The host part of the URL is sent to the Check Point Online Web Service.
D. The URL and server certificate are sent to the Check Point Online Web Service.

Answer 96

C. The host part of the URL is sent to the Check Point Online Web Service.

Question 97

What is the main difference between Static NAT and Hide NAT?

A. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections.
B. Hide NAT only allows incoming connections to protect your network.
C. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.
D. Static NAT only allows incoming connections to protect your network.

Answer 97

C. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.

Question 98

What default layers are included when creating a new policy layer?

A. Application Control, URL Filtering and Threat Prevention
B. Firewall, Application Control and IPSec VPN
C. Firewall, Application Control and IPS
D. Access Control, Threat Prevention and HTTPS Inspection

Answer 98

D. Access Control, Threat Prevention and HTTPS Inspection

Question 99

If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

A. Track log column is set to Log instead of Full Log.
B. Log Implied Rule was not selected on Global Properties.
C. Track log column is set to none.
D. Log Implied Rule was not set correctly on the track column on the rules base.

Answer 99

B. Log Implied Rule was not selected on Global Properties.

Question 100

What are the types of Software Containers?

A. Smart Console, Security Management, and Security Gateway
B. Security Management, Security Gateway, and Endpoint Security
C. Security Management, Standalone, and Security Gateway
D. Security Management, Log & Monitoring, and Security Policy

Answer 100

B. Security Management, Security Gateway, and Endpoint Security

Question 101

At what point is the Internal Certificate Authority (ICA) created?

A. When an administrator initially logs into SmartConsole.
B. During the primary Security Management Server deployment process.
C. Upon creation of a certificate.
D. When an administrator decides to create one.

Answer 101

B. During the primary Security Management Server deployment process.

Question 102

The purpose of the Communication Initialization process is to establish a trust between the Security Management Server (SMS) to other Check Point Gateways and Servers. Which statement best describes this Secure Internal Communication (SIC)?

A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.
B. New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.
C. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA.
D. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed.

Answer 102

A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.

Question 103

Which SmartConsole tab shows logs and detected security threats, providing a centralized display of potential attack patterns from all network devices?

A. LOGS & MONITOR
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. MANAGE & SETTINGS

Answer 103

A. LOGS & MONITOR

Question 104

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

A. The installation can be done on virtual machines only, but not on appliances and not in mixed environments.
B. The installation is done on different computers or appliances.
C. The installation is done on the same computer or appliance.
D. The installation is allowed in Azure only but not in AWS cloud environments.

Answer 104

B. The installation is done on different computers or appliances.

Question 105

What is the default shell for the Gaia command line interface?

A. Admin
B. Clish
C. Expert
D. Bash

Answer 105

B. Clish

Question 106

Fill in the blanks: Gaia can be configured using the ______ or ______.

A. GaiaUI; command line interface (serial console only)
B. Gaia Interface; Gaia Ultimate Shell
C. Command line interface; GAiA Portal
D. Web Ultimate Interface; Gaia Interface (SSH)

Answer 106

C. Command line interface; GAiA Portal

Question 107

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?

A. Execute the command ‘enable’ in the cli.sh shell
B. Execute the ‘conf t’ command in the cli.sh shell
C. Execute the command ‘expert’ in the cli.sh shell
D. Execute the ‘exit’ command in the cli.sh shell

Answer 107

C. Execute the command ‘expert’ in the cli.sh shell

Question 108

How many users can have read/write access in Gaia Operating System at one time?

A. One
B. Two
C. Three
D. Infinite

Answer 108

D. Infinite

Question 109

Which part of SmartConsole allows administrators to add, edit, delete, and clone objects?

A. Object Explorer
B. Object Navigator
C. Object Editor
D. Object Browser

Answer 109

C. Object Editor

Question 110

Is it possible to have more than one administrator connected to a Security Management Server at once?

A. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
B. Yes, but only if all connected administrators connect with read-only permissions.
C. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
D. No, only one administrator at a time can connect to a Security Management Server.

Answer 110

A. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.

Question 111

When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?

A. Incorrect routing to reach the gateway.
B. The Admin would need to login to Read-Only mode.
C. The gateway is not powered on.
D. Another Admin has made an edit to that object and has yet to publish the change.

Answer 111

D. Another Admin has made an edit to that object and has yet to publish the change.

Question 112

Which of the following is considered a “Subscription Blade”, requiring renewal every 1-3 years?

A. IPS blade
B. IPSEC VPN Blade
C. Firewall Blade
D. Identity Awareness Blade

Answer 112

A. IPS blade

Question 113

The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?

A. The cpinfo command must be run on the firewall with the switch -online-license-activation.
B. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.
C. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.
D. No action is required if the firewall has internet access and a DNS server to resolve domain names.

Answer 113

B. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.

Question 114

Check Point licenses come in two forms. What are those forms?

A. Security Gateway and Security Management.
B. On-premise and Public Cloud.
C. Central and Local.
D. Access Control and Threat Prevention.

Answer 114

C. Central and Local.

Question 115

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.

A. True, Central Licenses can be installed with CPLIC command on a Security Gateway
B. True, CLI is the preferred method for Licensing
C. False, Central Licenses are installed via Gaia on Security Gateways
D. False, Central Licenses are handled via Security Management Server

Answer 115

D. False, Central Licenses are handled via Security Management Server

Question 116

Which application is used for the central management and deployment of licenses and packages?

A. Deployment Agent
B. SmartLicense
C. SmartProvisioning
D. SmartUpdate

Answer 116

D. SmartUpdate

Question 117

Which command shows the installed licenses in Expert mode?

A. show licenses
B. fwlic print
C. cplic print
D. print cplic

Answer 117

C. cplic print

Question 118

In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?

A. Network Object
B. IP Address
C. Limit
D. Custom Application / Site

Answer 118

B. IP Address

Question 119

What is the purpose of the Stealth Rule?

A. To reduce the amount of logs for performance issues.
B. To reduce the number of rules in the database.
C. To prevent users from directly connecting to a Security Gateway.
D. To make the gateway visible to the Internet.

Answer 119

C. To prevent users from directly connecting to a Security Gateway.

Question 120

What are the advantages of a “shared policy”?

A. Allows the administrator to share a policy between all the users identified by the Security Gateway.
B. Allows the administrator to share a policy between all the administrators managing the Security Management Server.
C. Allows the administrator to share a policy so that it is available to use in another Policy Package.
D. Allows the administrator to install a policy on one Security Gateway and it gets installed on another managed Security Gateway.

Answer 120

C. Allows the administrator to share a policy so that it is available to use in another Policy Package.

Question 121

Which policy type is used to enforce bandwidth and traffic control rules?

A. Threat Prevention
B. QoS
C. Threat Emulation
D. Access Control

Answer 121

B. QoS

Question 122

Which Check Point Application Control feature enables application scanning and detection?

A. Application Dictionary
B. Application Library
C. CPApp
D. AppWiki

Answer 122

D. AppWiki

Question 123

What type of NAT is a one-to-one relationship where each host is translated to a unique address?

A. Source
B. Destination
C. Hide
D. Static

Answer 123

D. Static

Question 124

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

A. Source Port Address Translation (PAT) is enabled by default.
B. Source Port Address Translation (PAT) is disabled by default.
C. Automatic NAT rules are supported for Network objects only.
D. Automatic NAT rules are supported for Host objects only.

Answer 124

A. Source Port Address Translation (PAT) is enabled by default.

Question 125

In which scenario will an administrator need to manually define Proxy ARP?

A. When they configure an “Automatic Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
B. When they configure an “Automatic Hide NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.
D. When they configure a “Manual Hide NAT” which translates to an IP address that belongs to one of the firewall’s interfaces.

Answer 125

C. When they configure a “Manual Static NAT” which translates to an IP address that does not belong to one of the firewall’s interfaces.

Question 126

What is UserCheck?

A. Messaging tool used to verify a user’s credentials.
B. Communication tool used to inform a user about a website or application they are trying to access.
C. Communication tool used to notify an administrator when a new user is created.
D. Administrator tool used to monitor users on their network.

Answer 126

B. Communication tool used to inform a user about a website or application they are trying to access.

Question 127

Which Autonomous Threat Prevention profile uses sanitization technology?

A. Cloud/data Center
B. Guest Network
C. Sandbox
D. Perimeter

Answer 127

D. Perimeter

Question 128

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?

A. WebCheck
B. URL categorization
C. UserCheck
D. Harmony Endpoint

Answer 128

C. UserCheck

Question 129

You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.
C. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

Answer 129

B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.

Question 130

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

A. No, Certificate based VPNs are only possible between Check Point devices
B. No, they cannot share certificate authorities
C. Yes, but they have to have a pre-shared secret key
D. Yes, but they need to have a mutually trusted certificate authority

Answer 130

D. Yes, but they need to have a mutually trusted certificate authority

Question 131

Which tool allows you to monitor the top bandwidth on smart console?

A. Smart Event
B. Gateways & Servers Tab
C. SmartView Monitor
D. Logs & Monitoring

Answer 131

C. SmartView Monitor

Question 132

Where can alerts be viewed?

A. Alerts can be seen in SmartView Monitor.
B. Alerts can be seen in SmartUpdate.
C. Alerts can be seen in the Threat Prevention policy.
D. Alerts can be seen from the CLI of the gateway.

Answer 132

A. Alerts can be seen in SmartView Monitor.

Question 133

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A. SmartView Monitor
B. SmartEvent
C. SmartDashboard
D. SmartUpdate

Answer 133

B. SmartEvent

Question 134

In the Check Point Security Management Architecture, which component(s) can store logs?

A. Security Management Server and Security Gateway
B. SmartConsole
C. SmartConsole and Security Management Server
D. Security Management Server

Answer 134

A. Security Management Server and Security Gateway

Question 135

Which of the following is NOT a tracking log option in R81.x?

A. Full Log
B. Log
C. Detailed Log
D. Extended Log

Answer 135

A. Full Log

Question 136

What makes log queries faster?

A. Size of physical memory on the log server.
B. Logs are stored in the management server instead of a separate log server.
C. Indexing Engine indexes logs for faster search results.
D. Optimized log query where SmartConsole queries logs directly from the Security Gateway.

Answer 136

C. Indexing Engine indexes logs for faster search results.

Question 137

Which information is included in the “Extended Log” tracking option, but is not included in the “Log” tracking option?

A. data type information
B. application information
C. file attributes
D. destination port

Answer 137

C. file attributes

Question 138

How many layers make up the TCP/IP model?

A. 6
B. 4
C. 7
D. 2

Answer 138

B. 4

Question 139

What is the user ID of a user that have all the privileges of a root user?

A. User ID 99
B. User ID 1
C. User ID 2
D. User ID 0

Answer 139

D. User ID 0

Question 140

In SmartEvent, a correlation unit (CU) is used to do what?

A. Receive firewall and other software blade logs in a region and forward them to the primary log server.
B. Collect security gateway logs, index the logs and then compress the logs.
C. Send SAM block rules to the firewalls during a DOS attack.
D. Analyze log entries and identify events.

Answer 140

D. Analyze log entries and identify events.

Question 141

Choose what BEST describes users on Gaia Platform.

A. There is one default user that can be deleted.
B. There are two default users and neither can be deleted.
C. There is only one default user that cannot be deleted.
D. There are two default users and one cannot be deleted.

Answer 141

B. There are two default users and neither can be deleted.

Question 142

What is the purpose of a Stealth Rule?

A. A rule that allows administrators to access SmartConsole from any device.
B. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
C. A rule at the end of your policy to drop any traffic that is not explicitly allowed.
D. A rule used to hide a server’s IP address from the outside world.

Answer 142

B. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.

Question 143

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

A. Expert and Clish
B. Control and Monitor
C. Admin and Monitor
D. Admin and Default

Answer 143

C. Admin and Monitor

Question 144

Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

A. IPS
B. Anti-Spam
C. Anti-bot
D. Anti-Virus

Answer 144

A. IPS

Question 145

You had setup the VPN Community ‘VPN-Stores’ with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

A. action:”Key Install” AND 1.1.1.1 AND Quick Mode
B. Blade:”VPN” AND VPN-Stores AND Main Mode
C. action:”Key Install” AND 1.1.1.1 AND Main Mode
D. Blade:”VPN” AND VPN-Stores AND Quick Mode

Answer 145

D. Blade:”VPN” AND VPN-Stores AND Quick Mode

Question 146

Which Security Blade needs to be enabled in order to sanitize and remove potentially malicious content from files, before those files enter the network?

A. Anti-Virus
B. Anti-Malware
C. Threat Extraction
D. Threat Emulation

Answer 146

C. Threat Extraction

Question 147

John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators before installing a policy, what should John do?

A. File > Save
B. Publish the session.
C. Install database.
D. Logout of the session.

Answer 147

B. Publish the session.

Question 148

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

A. Share the data to the ThreatCloud for use by other Threat Prevention blades.
B. Log the traffic for Administrator viewing.
C. Cache the data to speed up its own function.
D. Delete the data to ensure an analysis of the data is done each time.

Answer 148

A. Share the data to the ThreatCloud for use by other Threat Prevention blades.

Question 149

Which of the following is TRUE regarding Gaia command line?

A. Configuration changes should be done in mgmt_cli and use clish for monitoring. Expert mode is used only for OS level tasks.
B. Configuration changes should be done in mgmt_cli and use expert mode for OS-level tasks.
C. Configuration changes should be done in expert mode and clish is used for monitoring.
D. All configurations should be done through clish and expert mode should be used for Linux commands or remaining tasks.

Answer 149

B. Configuration changes should be done in mgmt_cli and use expert mode for OS-level tasks.

Question 150

When connected to the Check Point Management Server using the SmartConsole, the first administrator to connect has a lock on:

A. only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.
B. the entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.
C. the entire Management Database and all sessions and other administrators can connect only as Read-only.
D. only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Answer 150

C. the entire Management Database and all sessions and other administrators can connect only as Read-only.

Question 151

When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?

A. Check Point user center
B. Security Management Server
C. Security Gateway
D. SmartConsole installed device

Answer 151

B. Security Management Server

Question 152

Security Gateway software blades must be attached to what?

A. Security Gateway
B. Security Gateway container
C. Management server
D. Management container

Answer 152

A. Security Gateway

Question 153

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?

A. Antivirus
B. Data Loss Prevention
C. Application Control
D. NAT

Answer 153

D. NAT

Question 154

Secure Internal Communication (SIC) is handled by what process?

A. HTTPS
B. CPD
C. CPM
D. FWD

Answer 154

A. HTTPS

Question 155

Which of the following licenses are considered temporary?

A. Plug-and-play (Trial) and Evaluation
B. Subscription and Perpetual
C. Perpetual and Trial
D. Evaluation and Subscription

Answer 155

A. Plug-and-play (Trial) and Evaluation

Question 156

What technologies are used to deny or permit network traffic?

A. Stateful Inspection, URL/Application Blade, and Threat Prevention
B. Stateful Inspection, Firewall Blade, and URL/Application Blade
C. Firewall Blade, URL/Application Blade, and IPS
D. Packet Filtering, Stateful Inspection, and Application Layer Firewall

Answer 156

B. Stateful Inspection, Firewall Blade, and URL/Application Blade

Question 157

When using Automatic Hide NAT, what is enabled by default?

A. Source Port Address Translation (PAT)
B. Static Route
C. HTTPS Inspection
D. Static NAT

Answer 157

A. Source Port Address Translation (PAT)

Question 158

Fill in the blank: The _____________ feature allows administrators to share a policy with other policy packages.

A. Concurrent policy packages
B. Shared policies
C. Global Policies
D. Concurrent policies

Answer 158

B. Shared policies

Question 159

Name the utility that is used to block activities that appear to be suspicious?

A. Suspicious Activity Monitoring (SAM)
B. Penalty Box
C. Drop Rule in the rulebase
D. Stealth rule

Answer 159

C. Drop Rule in the rulebase

Question 160

What is a role of Publishing?

A. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.
B. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.
C. The Security Management Server installs the updated policy and the entire database on Security Gateways.
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

Answer 160

A. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.

Question 161

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

A. Anti-Bot protection
B. Suspicious Activity Monitoring (SAM) rules
C. Anti-Malware protection
D. Policy-based routing

Answer 161

B. Suspicious Activity Monitoring (SAM) rules

Question 162

What is NOT an advantage of Stateful Inspection?

A. High Performance
B. No Screening above Network Layer
C. Good Security
D. Transparency

Answer 162

B. No Screening above Network Layer

Question 163

From the GAiA Portal, which of the following operations CANNOT be performed on a Security Management Server?

A. Add a static route
B. View Security Management GUI Clients
C. Verify a Security Policy
D. Open a terminal shell

Answer 163

C. Verify a Security Policy

Question 164

AdminA and AdminB are both logged into SmartConsole. What does it mean if AdminB sees a lock icon on a rule? (Choose the best answer.)

A. Rule is locked by AdminA and will be made available if the session is published.
B. Rule is locked by AdminA and if the session is saved, the rule will be made available.
C. Rule is locked by AdminB because the save button has not been pressed.
D. Rule is locked by AdminB because the rule is currently being edited.

Answer 164

A. Rule is locked by AdminA and will be made available if the session is published.

Question 165

Which of the following is true about Stateful Inspection?

A. Stateful Inspection looks at both the headers of packets, as well as examining their content.
B. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.
C. Stateful Inspection requires that a server reply to a request, in order to track a connection’s state.
D. Stateful Inspection tracks state using two tables, one for incoming traffic and one for outgoing traffic.

Answer 165

C. Stateful Inspection requires that a server reply to a request, in order to track a connection’s state.

Question 166

Aggressive Mode in iKEv1 uses how many packages for negotiation?

A. 3
B. depends on the make of the peer gateway
C. 6
D. 5

Answer 166

A. 3

Question 167

Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:

A. Since they both are logged in on different interfaces, they will both be able to make changes.
B. The database will be locked by Bob and Joe will not be able to make any changes.
C. Bob will receive a prompt that Joe has logged in.
D. When Joe logs in. Bob will be logged out automatically.

Answer 167

B. The database will be locked by Bob and Joe will not be able to make any changes.

Question 168

What does the ‘unknown’ SIC status shown on SmartConsole mean?

A. The management can contact the Security Gateway but cannot establish Secure Internal Communication
B. Administrator input the wrong SIC key
C. SIC activation key requires a reset
D. There is no connection between the Security Gateway and Security Management Server

Answer 168

A. The management can contact the Security Gateway but cannot establish Secure Internal Communication

Question 169

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

A. Stateful Inspection offers unlimited connections because of virtual memory usage
B. Stateful Inspection does not use memory to record the protocol used by the connection
C. Only one rule is required for each connection.
D. Stateful Inspection offers no benefits over Packet Filtering.

Answer 169

C. Only one rule is required for each connection.

Question 170

A stateful inspection firewall works by registering connection data and compares traffic to this information. Where is the information stored?

A. It is stored in the OS sessions table.
B. It is stored using state tables.
C. It is stored in the system SMEM memory pool.
D. It is stored in a CSV file on the security gateway hard drive located in “$FWDIR/conf/…”.

Answer 170

B. It is stored using state tables.

Question 171

You have discovered suspicious activity in your network. What is the BEST immediate action to take?

A. Wait until traffic has been identified before making any changes.
B. Contact your ISP to request them to block the traffic.
C. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.
D. Create a new policy rule to block the traffic.

Answer 171

C. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.

Question 172

Where can the administrator edit a list of trusted SmartConsole clients?

A. Using cpconfig on any Gateway or Server, in the GAiA Portal logged into a Security Management Server.
B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. In the GAiA Portal logged into a Security Management Server, using SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
D. Using cpconfig on a Security Management Server, in the GAiA Portal logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators >Trusted Clients.

Answer 172

D. Using cpconfig on a Security Management Server, in the GAiA Portal logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators >Trusted Clients.