Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
105q
Number: 156-915.80
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
156-915.80
https://www.gratisexam.com/
Exam A
QUESTION 1
What is the port used for SmartConsole to connect to the Security Management Server:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which is the correct order of a log flow processed by SmartEvents components:
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
https://www.gratisexam.com/
https://www.gratisexam.com/
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
These are the types of Automatic Reactions:
Mail - tell an administrator by email that the event occurred. See Create a Mail Reaction.
Block Source - instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a
period of time from one minute to more than three weeks. See Create a Block Source Reaction
Block Event activity - instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a
configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction.
External Script - run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.
SNMP Trap - generate an SNMP Trap. See Create an SNMP Trap Reaction.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915
QUESTION 4
In R80.10, how do you manage your Mobile Access Policy?
Correct Answer: C
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/f7/f78b067c6838c747e1568f139b6e6e8d/CP_R80.10_MobileAccess_AdminGuide.pdf?
HashKey=1522170407_805ae0a295fd6664fa23700cc1482686&xtn=.pdf
QUESTION 5
Which one of the following is true about Threat Emulation?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
The “MAC magic” value must be modified under the following condition:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
QUESTION 7
Which statement is true regarding redundancy?
https://www.gratisexam.com/
A. System Administrator know when their cluster has failed over and can also see why it failed over by using the cphaprob f it command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a Cluster XL High Availability configuration must be synchronized.
D. Both Cluster XL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf page 5
QUESTION 8
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was
delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing
some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities
B. Writes data to the database and full text search
C. Serves GUI responsible to transfer request to the DLEserver
D. Enables powerful matching capabilities and writes data to the database
Correct Answer: A
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance
and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification
in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30974
QUESTION 11
On R80.10 the IPS Blade is managed by:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf very top of last page.
QUESTION 12
Which packet info is ignored with Session Rate Acceleration?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 13
The CDT utility supports which of the following?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Central Deployment Tool (CDT) is a utility that runs on an R77 / R77.X / R80 / R80.10 Security Management Server / Multi-Domain Security Management
Server (running Gaia OS).
It allows the administrator to automatically install CPUSE Offline packages (Hotfixes, Jumbo Hotfix Accumulators (Bundles), Upgrade to a Minor Version, Upgrade
to a Major Version) on multiple managed Security Gateways and Cluster Members at the same time.
Reference: https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands
QUESTION 14
The Firewall kernel is replicated multiple times, therefore:
https://www.gratisexam.com/
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These
instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the
Security Gateway process traffic through the same interfaces and apply the same security policy.
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_PerformanceTuning_WebAdmin/6731.htm
QUESTION 15
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
On the Management tab, enable these Software Blades:
Logging & Status
SmartEvent Server
SmartEvent Correlation Unit
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829
QUESTION 17
What command would show the API server status?
https://www.gratisexam.com/
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 18
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
https://www.gratisexam.com/
C. mgmt_ cli add object-host “Server_ 1” ip-address “10.15.123.10” – format json
D. mgmt_cli add object “Server_ 1” ip-address “10.15.123.10” – format json
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Example:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json
• "--format json" is optional. By default the output is presented in plain text.
Reference: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20
QUESTION 19
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the
following except?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
Use an automated script to perform common tasks
Integrate Check Point products with 3rd party solutions
Create products that use and enhance the Check Point solution
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1522190468_125d63ea5296b7dadd3e4fd81c708cc5&xtn=.pdf
QUESTION 20
Which command shows the current connections distributed by CoreXL FW instances?
https://www.gratisexam.com/
B. fw ctl affinity –l
C. fw ctl instances –v
D. fw ctl iflist
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The fw ctl multik stat and fw6ctl multik stat (multi-kernel statistics) commands show information for each kernel instance. The state and processing core number of
each instance is displayed, along with:
The number of connections currently being handled.
The peak number of concurrent connections the instance has handled since its inception.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 21
What is the valid range for VRID value in VRRP configuration?
A. 1 – 254
B. 1 – 255
C. 0 – 254
D. 0 – 255
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 22
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
https://www.gratisexam.com/
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Use the URL Filtering and Application Control Software Blades to:
Create a Granular Policy - Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels. You can also
create an HTTPS policy that enables Security Gateways to inspect HTTPS traffic and prevent security risks related to the SSL protocol.
Manage Bandwidth Consumption - Configure rules to limit the available network bandwidth for specified users or groups. You can define separate limits for
uploading and downloading.
Keep Your Policies Updated - The Application Database is updated regularly, which helps you makes sure that your Internet security policy has the newest
applications and website categories. Security Gateways connect to the Check Point Online Web Service to identify new social networking widgets and website
categories.
Communicate with Users - UserCheck objects add flexibility to URL Filtering and Application Control and let the Security Gateways communicate with users.
UserCheck helps users understand that certain websites are against the company's security policy. It also tells users about the changes in Internet policy related
to websites and applications.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 23
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg –a 0
B. fw ctl dbg resetall
C. fw ctl debug 0
D. fw ctl debug set 0
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reset the debugs to the default.
In case someone changed the setting in the past and since then the firewall was not rebooted we should set all back to the defaults.
https://www.gratisexam.com/
Reference: https://itsecworks.com/2011/08/09/checkpoint-firewall-debugging-basics/
QUESTION 24
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm#o94530
QUESTION 25
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. that is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
B. Full Layer4 VPN –SSL VPN that gives users network access to all mobile applications
C. Full layer3 VPN –IPSec VPN that gives users network access to all mobile applications
D. You can make sure that documents are sent to the intended recipients only
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm
https://www.gratisexam.com/
QUESTION 26
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet
Assigned Numbers Authority (IANA) for VRRP is:
A. 224.0.0.18
B. 224.0.0.5
C. 224.0.0.102
D. 224.0.0.22
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
QUESTION 27
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
What is the responsibility of SOLR process on R80.10 management server?
https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
You want to store the GAiA configuration in a file for later reference. What command should you use?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102234
QUESTION 30
What can you do to see the current number of kernel instances in a system with CoreXL enabled?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 31
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of
https://www.gratisexam.com/
A. Threat Emulation
B. HTTPS
C. QOS
D. VolP
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic will always be handled by the same CoreXL FW instance):
VoIP
VPN encrypted packets
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261
QUESTION 32
Why would you not see a CoreXL configuration option in cpconfig?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
In SPLAT the command to set the timeout was idle. In order to achieve this and increase the timeout for Gaia, what command do you use?
https://www.gratisexam.com/
D. set inactivity <value>
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk95447
QUESTION 34
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 35
In Gaia, if one is unsure about a possible command, what command lists all possible commands.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm
https://www.gratisexam.com/
QUESTION 36
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
Fill in the blank: The R80 utility fw monitor is used to troubleshoot __________.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restrict all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each security Gateway directly.
https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport –p <export file>
D. cpinfo –recover
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
In R80 spoofing is defined as a method of:
https://www.gratisexam.com/
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware
and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Reference: http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 42
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s
Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security
Management Server as root cause. The ticket has been created and issue is at Aaron’s desk for an investigation. What do you recommend as the best suggestion
for Aaron to make sure API testing works as expected?
A. Aaron should check API Server status from expert CLI by “fwm api status” and if it’s stopped he should start using command “fwm api start” on Security
https://www.gratisexam.com/
Management Server.
B. Aaron should check API Server5 status from expert CLI by “cpapi status” and if it’s stopped he should start using command “cpapi start” on Security
Management Server.
C. Aaron should check API Server status from expert CLI by “api status” and if it’s stopped he should start using command “api start” on Security Management
Server.
D. Aaron should check API Server status from expert CLI by “cpm api status” and if it’s stopped he should start using command “cpm api start” on Security
Management Server.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 44
What utility would you use to configure route-based VPNs?
A. vpn shell
B. vpn tu
C. vpn sw_topology
D. vpn set_slim_server
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_VPN_AdminGuide/13824.htm
QUESTION 45
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
CPD is a core Check Point process that does all of the following EXCEPT:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/11880/FILE/How-To-Troubleshoot-SIC-related-Issues.pdf
QUESTION 47
What processes does CPM control?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
Where you can see and search records of action done by R80 SmartConsole administrators?
https://www.gratisexam.com/
A. In SmartView Tracker, open active log
B. In the Logs & Monitor view, select “Open Audit Log View”
C. In SmartAudit Log View
D. In SmartLog, all logs
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/188029
QUESTION 49
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm
QUESTION 50
Mobile Access supports all of the following methods of Link Translation EXCEPT:
Correct Answer: D
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/84202.htm
QUESTION 51
What is true of the API server on R80.10?
A. By default the API-server is activated and does not have hardware requirements
B. By default the API-server is not active and should be activated from the WebUI
C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more)
D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8 GB of RAM (more)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 52
Which deployment methods can an administrator choose when deploying the Sandblast agent?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
https://www.gratisexam.com/
https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/138383
QUESTION 54
What’s true about Troubleshooting option in the IPS profile properties?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/52512.htm
QUESTION 55
What is the least ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
https://www.gratisexam.com/
B. Synchronized
C. Never been synchronized
D. Collision
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The possible synchronization statuses are:
Never been synchronized - immediately after the Secondary Security Management server has been installed, it has not yet undergone the first manual
synchronization that brings it up to date with the Primary Security Management server.
Synchronized - the peer is properly synchronized and has the same database information and installed Security Policy.
Lagging - the peer SMS has not been synchronized properly.
For instance, on account of the fact that the Active SMS has undergone changes since the previous synchronization (objects have been edited, or the Security
Policy has been newly installed), the information on the Standby SMS is lagging.
Advanced - the peer SMS is more up-to-date.
For instance, in the above figure, if a system administrators logs into Security Management server B before it has been synchronized with the Security Management
server A, the status of the Security Management server A is Advanced, since it contains more up-to-date information which the former does not have.
In this case, manual synchronization must be initiated by the system administrator by changing the Active SMS to a Standby SMS. Perform a synch me operation
from the more advanced server to the Standby SMS. Change the Standby SMS to the Active SMS.
Collision - the Active SMS and its peer have different installed policies and databases. The administrator must perform manual synchronization and decide
which of the SMSs to overwrite.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13132
QUESTION 56
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss.
Providing the Active Security Management Server is responsive, which of these steps should NOT be performed:
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Change the Standby Security Management Server to Active.
C. Change the Active Security Management Server to Standby.
D. Manually synchronize the Active and Standby Security Management Servers.
Correct Answer: A
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 57
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you
try to remediate first?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
After successfully exporting a policy package, how would you import that package into another SMS database in R80.10?
A. import_package.py
B. upgrade_import
C. migrate
D. cp_merge
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 59
Choose the ClusterXL process that is defined by default as a critical device?
A. cpp
https://www.gratisexam.com/
B. fwm
C. assld
D. fwd
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 60
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 61
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
QUESTION 62
What are the methods of SandBlast Threat Emulation deployment?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 63
NAT rules are prioritized in which order?
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
QUESTION 64
Events can be categorized and assigned to System Administrators to track their path through the workflow. Which of the following is NOT an option?
https://www.gratisexam.com/
A. Under Investigation
B. Pending Investigation
C. False Positive
D. Open
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 65
How is the processing order for overall inspection and routing of packets?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 66
When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure
individual policies for each application?
A. Basic Approach
B. Strong Approach
C. Advanced Approach
D. Medium Approach
Correct Answer: C
Section: (none)
https://www.gratisexam.com/
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/23030.htm
QUESTION 67
When using Monitored circuit VRRP, what is a priority delta?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 68
Daisy need to review how the Security Gateway Cluster, Jonas, behaves when a cluster member comes back on line. Where would she review the behavior of
cluster member recovery in the Dashboard?
A. Open SmartDashboard, select and open the Cluster Object Jonas, Select ClusterXL and review the High Availability recovery options.
B. Open SmartDashboard, select and open the Cluster Object Jonas, Select Cluster Members and review the High Availability recovery options.
C. Open SmartDashboard, select and open the Cluster Object Jonas, Select Topology – Advanced Options and review the High Availability recovery options.
D. Open SmartDashboard, select and open the Cluster Object Jonas, Select ClusterXL – Advanced Options and review the High Availability recovery options.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 69
Jack is using SmartEvent and does not see the identities of the users on the events. As an administrator with full access, what does he need to do to fix his issue?
https://www.gratisexam.com/
A. Open SmartDashboard and toggle the Show or Hide Identities Icon, then re-open SmartEvent
B. Open SmartEvent, Click on Query Properties and select the User column
C. Open SmartEvent, go to the Policy Tab, select General Settings from the left column > User Identities and check the box Show Identities
D. Open SmartEvent and toggle the Show or Hide Identities icon
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 70
What is true about the IPS-Blade?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 71
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. api_get_status
Correct Answer: B
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Reference: https://community.checkpoint.com/thread/6524-can-anybody-let-me-know-how-can-we-import-policyrules-via-csv-file
QUESTION 72
What does the command vpn crl_zap do?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/12467.htm#o12618
QUESTION 73
The concept of layers was introduced in R80. What is the biggest benefit of layers?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 74
What Factors preclude Secure XL Templating?
https://www.gratisexam.com/
C. ClusterXL in load sharing Mode
D. CoreXL
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 75
If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, what else is necessary to be completed for it to function
properly?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
The Regulatory Compliance pane shows compliance statistics for selected regulatory standards, based on the Security Best Practice scan. Which of the following
does NOT show in this pane?
Correct Answer: C
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Compliance_WebAdminGuide/96026.htm
QUESTION 77
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/
CP_R80BC_ThreatPrevention/136486
QUESTION 78
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the
requirement?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 79
Return oriented programming (ROP) exploits are detected by which security blade?
https://www.gratisexam.com/
B. Intrusion Prevention Software
C. Application control
D. Data Loss Prevention
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 80
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/index.html
QUESTION 81
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
A. Nothing
B. TCP FIN
C. TCP RST
D. ICMP unreachable
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
QUESTION 82
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers.
B. SmartConsole must be closed prior to synchronize changes in the objects database.
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to
reconsider your design.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 83
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
QUESTION 84
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
https://www.gratisexam.com/
D. Decryption is not supported
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 85
What are the main stages of a policy installation?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 86
Jack has finished building his new SMS server, Red, on new hardware. He used SCP to move over the Red-old.tgz export of his old SMS server. What is the
command he will use to import this into the new server?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/16535.htm
https://www.gratisexam.com/
QUESTION 87
What are the methods of SandBlast Threat Emulation deployment?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 88
SandBlast agent extends 0 day prevention to what part of the network?
https://www.gratisexam.com/
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 89
When using Monitored circuit VRRP, what is a priority delta?
https://www.gratisexam.com/
A. When an interface fails the priority changes to the priority delta
B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 90
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 91
What command lists all interfaces using Multi-Queue?
A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all
Correct Answer: A
Section: (none)
https://www.gratisexam.com/
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm
QUESTION 92
From SecureXL perspective, what are the tree paths of traffic flow:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 93
Security Checkup Summary can be easily conducted within:
A. Summary
B. Views
C. Reports
D. Checkups
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 94
Select the right answer to export IPS profiles to copy to another management server?
https://www.gratisexam.com/
B. fwm dbexport –p <profile-name>
C. SmartDashboard – IPS tab – Profiles – select profile + right click and select “export profile”
D. ips_export_import export <profile-name>
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 95
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode
configuration, chain modules marked with ___________ will not apply.
A. ffff
B. 1
C. 3
D. 2
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 96
CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Correct Answer: B
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 97
In what way in Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 98
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 99
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Configuration and database files
C. System message logs
https://www.gratisexam.com/
D. OS and network statistics
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739
QUESTION 100
Which statement is most correct regarding about “CorrectXL Dynamic Dispatcher”?
A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses.
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores.
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type.
D. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261
QUESTION 101
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client
communications, database manipulation, policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
QUESTION 102
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck
objects?
A. Ask
B. Drop
C. Inform
D. Reject
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 103
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090, 22
B. 19190, 22
C. 18190, 80
D. 19009, 443
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 104
Which command would you use to determine the current Cluster Global ID?
https://www.gratisexam.com/
D. Cish -> cphaconf cluster_id get
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
QUESTION 105
Check Point security components are divided into the following components:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
https://www.gratisexam.com/