Professional Documents
Culture Documents
104q
Number: 156-315.80
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
https://www.gratisexam.com/
Exam A
QUESTION 1
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly
work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://community.checkpoint.com/docs/DOC-3072-sandblast-mobile-architecture-overview
QUESTION 2
What are the different command sources that allow you to communicate with the API server?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 3
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
https://www.gratisexam.com/
https://www.gratisexam.com/
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 4
Which method below is NOT one of the ways to communicate using the Management API’s?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 5
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of
https://www.gratisexam.com/
SNX?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk67820
QUESTION 6
Which two of these Check Point Protocols are used by SmartEvent Processes?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 9
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm
QUESTION 10
https://www.gratisexam.com/
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI
client and management server to communicate via web services using ___________.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Which packet info is ignored with Session Rate Acceleration?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 12
Which command lists all tables in Gaia?
A. fw tab –t
B. fw tab –list
C. fw-tab –s
D. fw tab -1
https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/c7/c76b823d81bab77e1e40ac086fa81411/CP_R77_versions_CLI_ReferenceGuide.pdf?
HashKey=1538418170_96def40f213f24a8b273cc77b408dd3f&xtn=.pdf
QUESTION 13
What is true about the IPS-Blade?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm
https://www.gratisexam.com/
QUESTION 15
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance
and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification
in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30974
QUESTION 16
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _____________ .
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
https://www.gratisexam.com/
A. Secure Internal Communication (SIC)
B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
QUESTION 18
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo –recover
Correct Answer: A
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 20
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the
migration from legacy Client-side logic to Server-side logic. The cpm process:
https://www.gratisexam.com/
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as policy code generation.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific time period.
Correct Answer: C
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for
example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system
administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an
expiration date), can be applied immediately without the need to perform an Install Policy operation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm
QUESTION 22
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.insight.com/content/dam/insight-web/en_US/pdfs/check-point/mobile-threat-prevention-behavioral-risk-analysis.pdf
QUESTION 23
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
QUESTION 24
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over
the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it
rather than in the next rule.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/1f/1f850d1640792cf885336cc6ae8b2743/CP_R80_ReleaseNotes.pdf?
HashKey=1517092603_dd917544d92dccc060e5b25d28a46f79&xtn=.pdf
QUESTION 25
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?topic=documents/R80/
CP_R80_MultiDomainSecurity/15420
QUESTION 26
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
https://www.gratisexam.com/
A. fwd via cpm
B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Correct Answer: B
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 29
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to
reconsider your design.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
What is the difference between an event and a log?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
https://www.gratisexam.com/
B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
The Event List within the Event tab contains:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915
QUESTION 33
Which statement is true regarding redundancy?
A. System Administrators know their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Reference: https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf
QUESTION 34
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103496
QUESTION 35
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 36
Where you can see and search records of action done by R80 SmartConsole administrators?
https://www.gratisexam.com/
A. In SmartView Tracker, open active log
B. In the Logs & Monitor view, select “Open Audit Log View”
C. In SmartAuditLog View
D. In Smartlog, all logs
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/188029
QUESTION 37
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple
capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583
QUESTION 38
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or
configure?
A. Severity
B. Automatic reactions
C. Policy
https://www.gratisexam.com/
D. Threshold
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 39
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105762
QUESTION 40
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41723.htm
QUESTION 41
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
Which command shows actual allowed connections in state table?
A. fw tab –t StateTable
B. fw tab –t connections
C. fw tab –t connection
D. fw tab connections
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
https://www.gratisexam.com/
D. SmartEvent GUI
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 44
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces
the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while
viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739
QUESTION 45
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this
architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent
Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
https://www.gratisexam.com/
D. Connects with the SmartEvent Client when generating threat reports.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
Which command gives us a perspective of the number of kernel tables?
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command
allows you remove the problematic state?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation/Reference:
https://www.gratisexam.com/
Explanation:
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run;
# cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference: https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/
QUESTION 48
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Using ClusterXL, what statement is true about the Sticky Decision Function?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
QUESTION 50
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 52
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.
B. Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/82201.htm
QUESTION 53
You want to store the GAIA configuration in a file for later reference. What command should you use?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54
Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92708.htm
QUESTION 55
What is the command to see cluster status in cli expert mode?
https://www.gratisexam.com/
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 56
Which command is used to display status information for various components?
https://www.gratisexam.com/
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/120709
QUESTION 57
What are the blades of Threat Prevention?
https://www.gratisexam.com/
A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
B. DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
C. IPS, AntiVirus, AntiBot
D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.checkpoint.com/products/next-generation-threat-prevention/
QUESTION 58
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13132
QUESTION 59
Can multiple administrators connect to a Security Management Server at the same time?
Correct Answer: C
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/html_frameset.htm?
topic=documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/16727
QUESTION 60
Under which file is the proxy arp configuration stored?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 61
SandBlast appliances can be deployed in the following modes:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 62
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is
https://www.gratisexam.com/
enabled which path is handling the traffic?
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 63
What is the difference between SSL VPN and IPSec VPN?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 64
Which of the following will NOT affect acceleration?
Correct Answer: B
https://www.gratisexam.com/
Section: (none)
Explanation
Explanation/Reference:
QUESTION 65
The following command is used to verify the CPUSE version:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 66
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk50840
QUESTION 67
John is using Management HA. Which Smartcenter should be connected to for making changes?
https://www.gratisexam.com/
A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 68
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on
a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 69
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –l hotfix
D. cpinfo –y all
Correct Answer: D
Section: (none)
https://www.gratisexam.com/
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk72800
QUESTION 70
From SecureXL perspective, what are the tree paths of traffic flow:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 71
What is the purpose of extended master key extension/session hash?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 72
Which one of the following is true about Capsule Connect?
https://www.gratisexam.com/
B. It offers full enterprise mobility management
C. It is supported only on iOS phones and Windows PCs
D. It does not support all VPN authentication methods
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 73
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the PWO
daemon to do a Full Synchronization?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 74
Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview
Correct Answer: B
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/html_frameset.htm?topic=documents/
R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/209239
QUESTION 75
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast
component?
A. Threat Emulation
B. Mobile Access
C. Mail Transfer Agent
D. Threat Cloud
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
What is the port used for SmartConsole to connect to the Security Management Server?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 77
What is considered Hybrid Emulation Mode?
https://www.gratisexam.com/
B. Load sharing of emulation between an on premise appliance and the cloud.
C. Load sharing between OS behavior and CPU Level emulation.
D. High availability between the local SandBlast appliance and the cloud.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 78
When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?
A. IP
B. SIC
C. NAT
D. FQDN
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 79
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE offline upgrade
C. CPUSE online upgrade
D. SmartUpdate upgrade
Correct Answer: C
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 80
Which one of the following is true about Threat Extraction?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 81
Which one of the following is true about Threat Emulation?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 82
What are the main stages of a policy installations?
https://www.gratisexam.com/
D. Verification, Compilation & Transfer, Installation
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 83
SmartEvent does NOT use which of the following procedures to identify events:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these
procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 84
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
https://www.gratisexam.com/
D. mgmt: add host name emailserver1 ip-address 10.50.23.90
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 85
Which process handles connection from SmartConsole R80?
A. fwm
B. cpmd
C. cpm
D. cpd
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 86
What is the command to show SecureXL status?
A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
https://www.gratisexam.com/
To check overall SecureXL status:
[Expert@HostName]# fwaccel stat
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
QUESTION 87
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 88
What will SmartEvent automatically define as events?
A. Firewall
B. VPN
C. IPS
D. HTTPS
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915
QUESTION 89
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in
order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
https://www.gratisexam.com/
A. Threat Cloud Intelligence
B. Threat Prevention Software Blade Package
C. Endpoint Total Protection
D. Traffic on port 25
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 90
What is not a purpose of the deployment of Check Point API?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1553448816_5e9549c0106f3111f72548e036dd8ef7&xtn=.pdf
QUESTION 91
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Correct Answer: A
Section: (none)
https://www.gratisexam.com/
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/e0/e01d7daa665096a4941f930f2567d29e/CP_R80.10_IdentityAwareness_AdminGuide.pdf?
HashKey=1553448919_104b8593c2a2087ec2ffe8e86b314d66&xtn=.pdf page 17
QUESTION 92
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261
QUESTION 93
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/7e/CheckPoint_R65_CLI_AdminGuide.pdf?HashKey=1540653105_b07751355cf424cd738b8409d23ad59c&xtn=.pdf
QUESTION 94
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
https://www.gratisexam.com/
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 95
What cloud-based SandBlast Mobile application is used to register new devices and users?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 96
What is the responsibility of SOLR process on R80.10 management server?
Correct Answer: B
Section: (none)
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 97
In the Firewall chain mode FFF refers to:
A. Stateful Packets
B. No Match
C. All Packets
D. Stateless Packets
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
QUESTION 98
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 99
On what port does the CPM process run?
A. TCP 857
B. TCP 18192
https://www.gratisexam.com/
C. TCP 900
D. TCP 19009
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?topic=documents/R80/
CP_R80_MultiDomainSecurity/15420
QUESTION 100
Fill in the blank. The R80 feature ___________________ permits blocking specific IP addresses for a specified time period.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 101
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Reference: https://community.checkpoint.com/thread/6524-can-anybody-let-me-know-how-can-we-import-policyrules-via-csv-file
QUESTION 102
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 103
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud
environments
C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances
as virtual machines in the EMC Cloud
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can
benefit from as it makes emulation of known files unnecessary
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 104
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally
by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570
series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R80.
https://www.gratisexam.com/
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
https://www.gratisexam.com/
https://www.gratisexam.com/