Checkpoint - Examanswers.156 315.80.v2020!02!27.by - Chloe.195q

156-315.
80
Number: 156-315.80
Passing Score: 800
Time Limit: 120 min
File Version: 1
156-315.80
Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
https://vceplus.com/
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Exam A
QUESTION 1
Identify the API that is not supported by Check Point currently.
A. R80 Management API-

B. Identity Awareness Web Services API
C. Open REST API
D. OPSEC SDK
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
What are the different command sources that allow you to communicate with the API server?
A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D. API_cli Tool, Gaia CLI, Web Services
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 3
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to
manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Correct Answer: B
Section: (none)
Explanation
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
QUESTION 4
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. ELA and CPD

B. FWD and LEA
C. FWD and CPLOG
D. ELA and CPLOG
Correct Answer: D
Section: (none)
Explanation
QUESTION 5
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
Section: (none)
Explanation
QUESTION 6
Which of these statements describes the Check Point ThreatCloud?
A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category
C. Prevents Cloud vulnerability exploits
D. A worldwide collaborative security network
Correct Answer: D
Section: (none)
Explanation
QUESTION 7
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 8
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm
QUESTION 9
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy
Tab. How many options are available to calculate the traffic direction?
A. 5 Network; Host; Objects; Services; API

B. 3 Incoming; Outgoing; Network
C. 2 Internal; External
D. 4 Incoming; Outgoing; Internal; Other
Correct Answer: D
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/21/CP_R76_SmartEventIntro_AdminGuide.pdf?HashKey=1538417023_7cb74dfe0e109c21f130f556d419faaf&xtn=.pdf
QUESTION 10
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services

B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
E. Events are collected with SmartWorkflow from Trouble Ticket systems
Correct Answer: E
Section: (none)
Explanation
QUESTION 11
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI
client and management server to communicate via web services using ___________.
A. TCP port 19009

B. TCP Port 18190
C. TCP Port 18191
D. TCP Port 18209
Correct Answer: A
Section: (none)
Explanation
QUESTION 12
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges

B. source ip
C. source port
D. same info from Packet Acceleration is used
Correct Answer: C
Section: (none)
Explanation
Reference: http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 13
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you
try to remediate first?
A. Host having a Critical event found by Threat Emulation

B. Host having a Critical event found by IPS
C. Host having a Critical event found by Antivirus
D. Host having a Critical event found by Anti-Bot
Correct Answer: D
Section: (none)
Explanation
QUESTION 14
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware
and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityManagement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 15
What is true about the IPS-Blade?
A. In R80, IPS is managed by the Threat Prevention Policy

B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. In R80, IPS Exceptions cannot be attached to “all rules”
D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Correct Answer: A
Section: (none)
Explanation
QUESTION 16
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company’s security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm
QUESTION 17
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Correct Answer: C
Section: (none)
Explanation
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance
and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure
VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state
verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus
the meaning of "Wire Mode".
QUESTION 18
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fw ctl sdstat
B. fw ctl affinity –l –a –r –v
C. fw ctl multik stat
D. cpinfo
Correct Answer: B
Section: (none)
Explanation
QUESTION 19
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)

B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Correct Answer: D
Section: (none)
Explanation
QUESTION 20
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Correct Answer: B
Section: (none)
Explanation
QUESTION 21
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo –recover
Correct Answer: A
Section: (none)
Explanation
QUESTION 22
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Correct Answer: D
Section: (none)
Explanation
QUESTION 23
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Correct Answer: C
Section: (none)
Explanation
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to
Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm
QUESTION 24
What is true about VRRP implementations?
A. VRRP membership is enabled in cpconfig

B. VRRP can be used together with ClusterXL, but with degraded performance
C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 25
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
Section: (none)
Explanation
QUESTION 26
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
Correct Answer: D
Section: (none)
Explanation
QUESTION 27
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which
makes this solution very fast.
Correct Answer: D
Section: (none)
Explanation
QUESTION 28
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDPD. VPN
Correct Answer: C
Section: (none)
Explanation
QUESTION 29
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?topic=documents/R80/
CP_R80_MultiDomainSecurity/15420
QUESTION 30
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
Correct Answer: A
Section: (none)
Explanation
QUESTION 31
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products-solutions/mobile-security/check-point-capsule/
QUESTION 32
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Correct Answer: B
Section: (none)
Explanation
QUESTION 33
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
A. fwd via cpm

B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
Correct Answer: A
Section: (none)
Explanation
QUESTION 34
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Correct Answer: D
Section: (none)
Explanation
QUESTION 35
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the
requirement?
A. add host name <New HostName> ip-address <ip address>

B. add hostname <New HostName> ip-address <ip address>
C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#intro_gui_cli%20
QUESTION 36
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he
does NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Correct Answer: C
Section: (none)
Explanation
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 37
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.

B. SmartConsole
C. SecureClient
D. Security Gateway
E. SmartEvent
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/89230.htm
QUESTION 38
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor –e “accept[12:4,b]=224.0.0.18;”
B. fw monitor –e “accept port(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”
Correct Answer: D
Section: (none)
Explanation
QUESTION 39
What is the difference between an event and a log?
A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy
C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Source address, Destination address, Source port, Destination port, Protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Correct Answer: A
Section: (none)
Explanation
QUESTION 41
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI’s when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm
QUESTION 42
Which statement is true regarding redundancy?
A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Correct Answer: D
Section: (none)
Explanation
QUESTION 43
R80.10 management server can manage gateways with which versions installed?
A. Versions R77 and higher

B. Versions R76 and higher
C. Versions R75.20 and higher
D. Versions R75 and higher
Correct Answer: C
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/88/88e25b652f62aa6f59dc955e34f98d5c/CP_R80.10_ReleaseNotes.pdf?
HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf
QUESTION 44
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Correct Answer: B
Section: (none)
Explanation
QUESTION 45
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.
Correct Answer: C
Section: (none)
Explanation
QUESTION 46
How can SmartView application accessed?
A. http://<Security Management IP Address>/smartview

B. http://<Security Management IP Address>:4434/smartview/
C. https://<Security Management IP Address>/smartview/
D. https://<Security Management host name>:4434/smartview/
Correct Answer: C
Section: (none)
Explanation
QUESTION 47
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust
or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 48
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
A. fw ctl multik set_mode 1

B. fw ctl Dynamic_Priority_Queue on
C. fw ctl Dynamic_Priority_Queue enable
D. fw ctl multik set_mode 9
Correct Answer: D
Section: (none)
Explanation
QUESTION 49
Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
Correct Answer: A
Section: (none)
Explanation
QUESTION 50
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Correct Answer: B
Section: (none)
Explanation
QUESTION 51
Which command shows actual allowed connections in state table?
A. fw tab –t StateTable
B. fw tab –t connections
C. fw tab –t connection
D. fw tab connections
Correct Answer: B
Section: (none)
Explanation
QUESTION 52
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control
over the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Correct Answer: C
Section: (none)
Explanation
Reference: http://slideplayer.com/slide/12183998/
QUESTION 53
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Correct Answer: D
Section: (none)
Explanation
QUESTION 54
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this
architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the
SmartEvent Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Correct Answer: A
Section: (none)
Explanation
QUESTION 55
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. This statement is true because SecureXL does improve all traffic.

B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
C. This statement is true because SecureXL does improve this traffic.
D. This statement is false because encrypted traffic cannot be inspected.
Correct Answer: C
Section: (none)
Explanation
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets
flowing in long duration connections.
Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Nokia_IPSO_White_Paper_20080401.pdf
QUESTION 56
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command
allows you remove the problematic state?
A. cphaprob –d STOP unregister

B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP
Correct Answer: A
Section: (none)
Explanation
Explanation: esting a failover in a controlled manner using
following command; # cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run;
# cphaprob list this will show an
entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference: https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/
QUESTION 57
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Correct Answer: B
Section: (none)
Explanation
QUESTION 58
What is the purpose of Priority Delta in VRRP?
A. When a box up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority – Priority Delta
D. When a box fail, Effective Priority = Priority – Priority Delta
Correct Answer: C
Section: (none)
Explanation
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP
HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.
QUESTION 59
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Correct Answer: C
Section: (none)
Explanation
QUESTION 60
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. Can only be changed for Load Sharing implementations

B. All connections are processed and synchronized by the pivot
C. Is configured using cpconfig
D. Is only relevant when using SecureXL
Correct Answer: A
Section: (none)
Explanation
QUESTION 61
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail C. Capsule VPN
D. Secure Workspace
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products/mobile-secure-workspace/
QUESTION 62
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Correct Answer: A
Section: (none)
Explanation
QUESTION 63
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Correct Answer: C
Section: (none)
Explanation
QUESTION 64
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 65
What are the steps to configure the HTTPS Inspection Policy?
A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
D. Go to Application&url filtering blade > Https Inspection > Policy
Correct Answer: A
Section: (none)
Explanation
QUESTION 66
You want to store the GAIA configuration in a file for later reference. What command should you use?
A. write mem <filename>

B. show config –f <filename>
C. save config –o <filename>
D. save configuration <filename>
Correct Answer: D
Section: (none)
Explanation
QUESTION 67
How do Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
B. Capsule Workspace can provide access to any application.
C. Capsule Connect provides Business data isolation.
D. Capsule Connect does not require an installed application at client.
Correct Answer: A
Section: (none)
Explanation
QUESTION 68
Which of these is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13812.htm
QUESTION 69
You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10

B. dbedit is fully supported in R80.10
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D. dbedit scripts are being replaced by mgmt_cli in R80.10
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf
QUESTION 70
Which command is used to display status information for various components?
A. show all systems

B. show system messages
C. sysmess all
D. show sysenv all
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_AdminWebAdminGuide/120709
QUESTION 71
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13132
QUESTION 72
Can multiple administrators connect to a Security Management Server at the same time?
A. No, only one can be connected

B. Yes, all administrators can modify a network object at the same time
C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.
D. Yes, but only one has the right to write.
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/html_frameset.htm?
topic=documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/16727
QUESTION 73
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. File name and Gateway

B. Object Name and MD5 signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/
CP_R80BC_ThreatPrevention/101703
QUESTION 74
Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp.conf on the management server

B. $FWDIR/conf/local.arp on the management server
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
Correct Answer: D
Section: (none)
Explanation
QUESTION 75
SandBlast appliances can be deployed in the following modes:
A. using a SPAN port to receive a copy of the traffic only

B. detect only
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the traffic flow only
Correct Answer: C
Section: (none)
Explanation
QUESTION 76
What is the difference between SSL VPN and IPSec VPN?
A. IPSec VPN does not require installation of a resilient VPN client.

B. SSL VPN requires installation of a resident VPN client.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
Correct Answer: D
Section: (none)
Explanation
QUESTION 77
The following command is used to verify the CPUSE version:
A. HostName:0>show installer status build

B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build
Correct Answer: A
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 78
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
A. cphaprob set int fwha_vmac_global_param_enabled 1

B. clusterXL set int fwha_vmac_global_param_enabled 1
C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1
Correct Answer: C
Section: (none)
Explanation
QUESTION 79
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the
source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same
service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Correct Answer: B
Section: (none)
Explanation
Reference: https://community.checkpoint.com/thread/7894-nat-templates-securexl
QUESTION 80
Which of the following is NOT a type of Check Point API available in R80.10?
A. Identity Awareness Web Services

B. OPSEC SDK
C. Mobile Access
D. Management
Correct Answer: C
Section: (none)
Explanation
QUESTION 81
Which encryption algorithm is the least secured?
A. AES-128
B. AES-256
C. DES
D. 3DES
Correct Answer: C
Section: (none)
Explanation
QUESTION 82
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –l hotfix
D. cpinfo –y all
Correct Answer: D
Section: (none)
Explanation
QUESTION 83
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Correct Answer: C
Section: (none)
Explanation
QUESTION 84
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCP and 18190

B. CCP and 257
C. CCP and 8116
D. CPC and 8116
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/index.html
QUESTION 85
Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl multik stat

B. fw ctl affinity -l
C. fw ctl instances -v
D. fw ctl iflist
Correct Answer: A
Section: (none)
Explanation
QUESTION 86
How often does Threat Emulation download packages by default?
A. Once a week B.
Once an hour
C. Twice per day
D. Once per day
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm
QUESTION 87
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD
daemon to do a Full Synchronization?
A. TCP port 443

B. TCP port 257
C. TCP port 256
D. UDP port 8116
Correct Answer: C
Section: (none)
Explanation
QUESTION 88
Which statement is true about ClusterXL?
A. Supports Dynamic Routing (Unicast and Multicast)

B. Supports Dynamic Routing (Unicast Only)
C. Supports Dynamic Routing (Multicast Only)
D. Does not support Dynamic Routing
Correct Answer: A
Section: (none)
Explanation
QUESTION 89
Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/html_frameset.htm?topic=documents/
R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/209239
QUESTION 90
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

B. Firewall, IPS, Threat Emulation, Application Control.
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
Correct Answer: C
Section: (none)
Explanation
QUESTION 91
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
A. Includes the registry
B. Gets information about the specified Virtual System
C. Does not resolve network addresses
D. Output excludes connection table
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.networksecurityplus.net/2015/02/check-point-how-to-collect-cpinfo-cli.html
QUESTION 92
What component of R80 Management is used for indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
Correct Answer: D
Section: (none)
Explanation
QUESTION 93
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users
can perform the applications. Mobile Access encrypts all traffic using:
A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the
SSL Network Extender.
B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the
SSL Network Extender.
C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software
is required.
D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is
required.
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/23024.htm
QUESTION 94
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats.
B. Proactively detects threats.
C. Delivers file with original content.
D. Delivers PDF versions of original files with active content removed.
Correct Answer: B
Section: (none)
Explanation
QUESTION 95
What command can you use to have cpinfo display all installed hotfixes?
A. cpinfo -hf
B. cpinfo –y all
C. cpinfo –get hf
D. cpinfo installed_jumbo
Correct Answer: B
Section: (none)
Explanation
QUESTION 96
What is the port used for SmartConsole to connect to the Security Management Server?
A. CPMI port 18191/TCP

B. CPM port/TCP port 19009
C. SIC port 18191/TCP
D. https port 4434/TCP
Correct Answer: A
Section: (none)
Explanation
QUESTION 97
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
A. Run the command: fw monitor debug on

B. Clear the connections table
C. Disable CoreXL
D. Disable SecureXL
Correct Answer: D
Section: (none)
Explanation
QUESTION 98
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
A. He can use the fw accel stat command on the gateway.

B. He can use the fw accel statistics command on the gateway.
C. He can use the fwaccel stat command on the Security Management Server.
D. He can use the fwaccel stat command on the gateway
Correct Answer: D
Section: (none)
Explanation
QUESTION 99
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. SOAP
B. REST
C. XLANG
D. XML-RPC
Correct Answer: B
Section: (none)
Explanation
Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/148699
QUESTION 100
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
A. host name myHost12 ip-address 10.50.23.90

B. mgmt: add host name ip-address 10.50.23.90
C. add host name emailserver1 ip-address 10.50.23.90
D. mgmt: add host name emailserver1 ip-address 10.50.23.90
Correct Answer: D
Section: (none)
Explanation
QUESTION 101
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. enable DLP and select.exe and .bat file type

B. enable .exe & .bat protection in IPS Policy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_file_types exe.bat
Correct Answer: A
Section: (none)
Explanation
QUESTION 102
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading
to the Security Management Server.
B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41723.htm
QUESTION 103
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required
C. edit fwaffinity.conf; reboot not required
D. cpconfig; reboot not required
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm#o94530
QUESTION 104
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Correct Answer: A
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/e0/e01d7daa665096a4941f930f2567d29e/CP_R80.10_IdentityAwareness_AdminGuide.pdf?
HashKey=1553448919_104b8593c2a2087ec2ffe8e86b314d66&xtn=.pdf page 17
QUESTION 105
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for
clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf
C. cphad
D. cphastart
Correct Answer: A
Section: (none)
Explanation
Reference: https://etherealmind.com/checkpoint-nokia-firewall-cluster-xl/?doing_wp_cron=1553442264.8447830677032470703125
QUESTION 106
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_SecurityManagement_WebAdminGuide/13141
QUESTION 107
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10.
Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ
Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet
Analyzer Toolfw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid
misleading traffic captures.
B. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid
misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
Correct Answer: A
Section: (none)
Explanation
QUESTION 108
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues
Correct Answer: C
Section: (none)
Explanation
QUESTION 109
In which formats can Threat Emulation forensics reports be viewed in?
A. TXT, XML and CSV

B. PDF and TXT
C. PDF, HTML, and XML
D. PDF and HTML
Correct Answer: C
Section: (none)
Explanation
QUESTION 110
In ClusterXL Load Sharing Multicast Mode:
A. only the primary member received packets sent to the cluster IP address
B. only the secondary member receives packets sent to the cluster IP address
C. packets sent to the cluster IP address are distributed equally between all members of the cluster
D. every member of the cluster received all of the packets sent to the cluster IP address
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/html_frameset.htm
QUESTION 111
What is the responsibility of SOLR process on R80.10 management server?
A. Validating all data before it’s written into the database

B. It generates indexes of data written to the database
C. Communication between SmartConsole applications and the Security Management Server
D. Writing all information into the database
Correct Answer: B
Section: (none)
Explanation
QUESTION 112
In the Firewall chain mode FFF refers to:
A. Stateful Packets
B. No Match
C. All Packets
D. Stateless Packets
Correct Answer: C
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
QUESTION 113
What is the valid range for VRID value in VRRP configuration?
A. 1 - 254
B. 1 - 255
C. 0 - 254
D. 0 - 255
Correct Answer: B
Section: (none)
Explanation
Explanation:
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
QUESTION 114
What is true of the API server on R80.10?
A. By default the API-server is activated and does not have hardware requirements.
B. By default the API-server is not active and should be activated from the WebUI.
C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).
D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).
Correct Answer: D
Section: (none)
Explanation
QUESTION 115
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the
following except:
A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions
C. Execute automated scripts to perform common tasks
D. Create products that use and enhance the Check Point Solution
Correct Answer: A
Section: (none)
Explanation
Explanation:
Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
• Use an automated script to perform common tasks
• Integrate Check Point products with 3rd party solutions
• Create products that use and enhance the Check Point solution
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1522190468_125d63ea5296b7dadd3e4fd81c708cc5&xtn=.pdf
QUESTION 116
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven
solution?
A. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
C. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
Correct Answer: A
Section: (none)
Explanation
QUESTION 117
SandBlast agent extends 0 day prevention to what part of the network?
A. Web Browsers and user devices

B. DMZ server
C. Cloud
D. Email servers
Correct Answer: A
Section: (none)
Explanation
QUESTION 118
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Correct Answer: C
Section: (none)
Explanation
Reference: https://community.checkpoint.com/thread/6524-can-anybody-let-me-know-how-can-we-import-policyrules-via-csv-file
QUESTION 119
Which command would you use to set the network interfaces’ affinity in Manual mode?
A. sim affinity -m
B. sim affinity -l
C. sim affinity -a
D. sim affinity -s
Correct Answer: D
Section: (none)
Explanation
QUESTION 120
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
A. sim erdos –e 1
B. sim erdos – m 1
C. sim erdos –v 1 D. sim erdos –x 1
Correct Answer: A
Section: (none)
Explanation
QUESTION 121
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: D
Section: (none)
Explanation
QUESTION 122
What command lists all interfaces using Multi-Queue?
A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm QUESTION 123
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Dropped without sending a negative acknowledgment

B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
Correct Answer: D
Section: (none)
Explanation
QUESTION 124
When using CPSTAT, what is the default port used by the AMON server?
A. 18191
B. 18192
C. 18194
D. 18190
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/html_frameset.htm?topic=documents/
R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/162534
QUESTION 125
Check Point security components are divided into the following components:
A. GUI Client, Security Gateway, WebUI Interface

B. GUI Client, Security Management, Security Gateway
C. Security Gateway, WebUI Interface, Consolidated Security Logs
D. Security Management, Security Gateway, Consolidate Security Logs
Correct Answer: B
Section: (none)
Explanation
QUESTION 126
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney,
Australia.
What must you do to get SIC to work?
A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92707.htm
QUESTION 127
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful
Mode configuration, chain modules marked with __________________ will not apply.
A. ffff
B. 1
C. 3
D. 2
Correct Answer: D
Section: (none)
Explanation
Reference: http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
QUESTION 128
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SND is a feature to accelerate multiple SSL VPN connections

B. SND is an alternative to IPSec Main Mode, using only 3 packets
C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets
Correct Answer: C
Section: (none)
Explanation
QUESTION 129
Which NAT rules are prioritized first?
A. Post-Automatic/Manual NAT rules

B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT
Correct Answer: B
Section: (none)
Explanation
QUESTION 130
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized
D. Collision
Correct Answer: B
Section: (none)
Explanation
QUESTION 131
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine
D. Size of the /var/log folder of the target machine must be at least 25GB or more
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_Installation_and_Upgrade_Guide/90083
QUESTION 132
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud, Appliance and Private

B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
Correct Answer: A
Section: (none)
Explanation
QUESTION 133
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or
destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the
active cell is used as the destination of the command when run. The default commands are:
A. ping, traceroute, netstat, and route
B. ping, nslookup, Telnet, and route
C. ping, whois, nslookup, and Telnet
D. ping, traceroute, netstat, and nslookup
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEventIntro_AdminGuide/17468.htm
QUESTION 134
You can access the ThreatCloud Repository from:
A. R80.10 SmartConsole and Application Wiki

B. Threat Prevention and Threat Tools
C. Threat Wiki and Check Point Website
D. R80.10 SmartConsole and Threat Prevention
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/131285
QUESTION 135
Which path below is available only when CoreXL is enabled?
A. Slow path
B. Firewall path
C. Medium path
D. Accelerated path
Correct Answer: C
Section: (none)
Explanation
QUESTION 136
GAiA Software update packages can be imported and installed offline in situation where:
A. Security Gateway with GAiA does NOT have SFTP access to Internet
B. Security Gateway with GAiA does NOT have access to Internet.
C. Security Gateway with GAiA does NOT have SSH access to Internet.
D. The desired CPUSE package is ONLY available in the Check Point CLOUD.
Correct Answer: B
Section: (none)
Explanation
QUESTION 137
Which blades and or features are not supported in R80?
A. SmartEvent Maps
B. SmartEvent
C. Identity Awareness
D. SmartConsole Toolbars
Correct Answer: A
Section: (none)
Explanation
QUESTION 138
Which application should you use to install a contract file?
A. SmartView Monitor
B. WebUI
C. SmartUpdate
D. SmartProvisioning
Correct Answer: C
Section: (none)
Explanation
QUESTION 139
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Stateful Inspection
C. Packet Filtering
D. Application Layer Firewall
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.checkpoint.com/training/ccsa/chapter1/
QUESTION 140
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or
analyzed?
A. ThreatWiki
B. Whitelist Files
C. AppWiki
D. IPS Protections
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm
QUESTION 141
What is UserCheck?
A. Messaging tool used to verify a user’s credentials.

B. Communication tool used to inform a user about a website or application they are trying to access.
C. Administrator tool used to monitor users on their network.
D. Communication tool used to notify an administrator when a new user is created.
Correct Answer: B
Section: (none)
Explanation
QUESTION 142
Which of the following is NOT an alert option?
A. SNMP
B. High alert
C. Mail
D. User defined alert
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SmartViewMonitor_AdminGuide/101104.htm
QUESTION 143
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
A. SmartCenter Server cannot reach this Security Gateway.
B. There is a blade reporting a problem.
C. VPN software blade is reporting a malfunction.
D. Security Gateway’s MGNT NIC card is disconnected.
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/sc/SolutionsStatics/NEW_SK_NOID1493612962436/active1704302237.fw.png
QUESTION 144
How many layers make up the TCP/IP model?
A. 2
B. 7
C. 6
D. 4
Correct Answer: D
Section: (none)
Explanation
QUESTION 145
Which of the following is NOT a VPN routing option available in a star community?
A. To satellites through center only.

B. To center, or through the center to other satellites, to Internet and other VPN targets.
C. To center and to other satellites through center.
D. To center only.
Correct Answer: AD
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm
QUESTION 146
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .
A. Sent to the Internal Certificate Authority.
B. Sent to the Security Administrator.
C. Stored on the Security Management Server.
D. Stored on the Certificate Revocation List.
Correct Answer: D
Section: (none)
Explanation
QUESTION 147
What is the order of NAT priorities?
A. Static NAT, IP pool NAT, hide NAT

B. IP pool NAT, static NAT, hide NAT
C. Static NAT, automatic NAT, hide NAT
D. Static NAT, hide NAT, IP pool NAT
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919
QUESTION 148
Which Check Point feature enables application scanning and the detection?
A. Application Dictionary
B. AppWiki
C. Application Library
D. CPApp
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products/application-control-software-blade/
QUESTION 149
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
A. User Directory
B. Captive Portal and Transparent Kerberos Authentication
C. Captive Portal
D. UserCheck
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
QUESTION 150
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
A. Next Generation Threat Prevention

B. Next Generation Threat Emulation
C. Next Generation Threat Extraction
D. Next Generation Firewall
Correct Answer: B
Section: (none)
Explanation
QUESTION 151
Which tool is used to enable ClusterXL?
A. SmartUpdate
B. cpconfig
C. SmartConsole
D. sysconfig
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ClusterXL_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_ClusterXL_WebAdminGuide/161105
QUESTION 152
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly
loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
Correct Answer: A
Section: (none)
Explanation
QUESTION 153
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
A. S
B. W
C. C
D. Space bar
Correct Answer: C
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_SecurityManagement_AdminGuide/html_frameset.htm?
topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_SecurityManagement_AdminGuide/204685
QUESTION 154
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
A. The current administrator has read-only permissions to Threat Prevention Policy.

B. Another user has locked the rule for editing.
C. Configuration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.
Correct Answer: B
Section: (none)
Explanation
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
QUESTION 155
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. To satellites through center only

B. To center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets
Correct Answer: D
Section: (none)
Explanation
QUESTION 156
Joey want to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia
platform via browser?
A. https://<Device_IP_Adress>
B. http://<Device IP_Address>:443
C. https://<Device_IP_Address>:10000
D. https://<Device_IP_Address>:4434
Correct Answer: A
Section: (none)
Explanation
QUESTION 157
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or ______ .
A. On all satellite gateway to satellite gateway tunnels

B. On specific tunnels for specific gateways
C. On specific tunnels in the community
D. On specific satellite gateway to central gateway tunnels
Correct Answer: C
Section: (none)
Explanation
Reference:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14018
QUESTION 158
When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule
that matches a packet. Which of the following statements about the order of rule enforcement is true?
A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.
Correct Answer: C
Section: (none)
Explanation
QUESTION 159
Why would an administrator see the message below?
A. A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.
B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can
be restored from a periodic backup on the Gateway.
Correct Answer: B
Section: (none)
Explanation
QUESTION 160
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade
Correct Answer: B
Section: (none)
Explanation
QUESTION 161
Fill in the blank: __________ information is included in “Full Log” tracking option, but is not included in “Log” tracking option?
A. Destination port
B. Data type
C. File attributes
D. Application
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131914
QUESTION 162
Which options are given on features, when editing a Role on Gaia Platform?
A. Read/Write, Read Only

B. Read/Write, Read Only, None
C. Read/Write, None
D. Read Only, None
Correct Answer: B
Section: (none)
Explanation
QUESTION 163
What is the purpose of the CPCA process?
A. Monitoring the status of processes.

B. Sending and receiving logs.
C. Communication between GUI clients and the SmartCenter server.
D. Generating and modifying certificates.
Correct Answer: D
Section: (none)
Explanation
QUESTION 164
What is the default shell of Gaia CLI?
A. Monitor
B. CLI.sh
C. Read-only
D. Bash
Correct Answer: B
Section: (none)
Explanation
QUESTION 165
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet,
they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?
A. Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.
B. On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.
C. In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.
D. On the Security Management Server object, check the box ‘Identity Logging’.
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_NextGenSecurityGateway_Guide/html_frameset.htm?
topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_NextGenSecurityGateway_Guide/136978
QUESTION 166
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
A. The license is attached to the wrong Security Gateway.
B. The existing license expires.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.
Correct Answer: A
Section: (none)
Explanation
QUESTION 167
If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available
or other administrators? (Choose the BEST answer.)
A. Publish or discard the session.

B. Revert the session.
C. Save and install the Policy.
D. Delete older versions of database.
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
QUESTION 168
Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically attached to a
Security Gateway.
A. Formal; corporate
B. Local; formal
C. Local; central
D. Central; local
Correct Answer: D
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm
QUESTION 169
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway
managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check
box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
A. IPsec VPN blade should be enabled on both Security Gateway.

B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
C. Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.40.
Correct Answer: C
Section: (none)
Explanation
QUESTION 170
Fill in the blank: Authentication rules are defined for ________ .
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SGW_WebAdmin/6721.htm
QUESTION 171
How is communication between different Check Point components secured in R80? As with all questions, select the BEST answer.
A. By using IPSEC
B. By using SIC
C. By using ICA
D. By using 3DES
Correct Answer: B
Section: (none)
Explanation
QUESTION 172
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly
modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in
place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
A. IPS AND Application Control

B. IPS, anti-virus and anti-bot
C. IPS, anti-virus and e-mail security
D. SandBlast
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.checkpoint.com/products-solutions/zero-day-protection/
QUESTION 173
What are the two high availability modes?
A. Load Sharing and Legacy
B. Traditional and New
C. Active and Standby
D. New and Legacy
Correct Answer: D
Section: (none)
Explanation
Explanation:
ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages.
Load Sharing Multicast Mode
Load Sharing Unicast Mode
New High Availability Mode
High Availability Legacy Mode
QUESTION 174
Which feature is NOT provided by all Check Point Mobile Access solutions?
A. Support for IPv6

B. Granular access control
C. Strong user authentication
D. Secure connectivity
Correct Answer: A
Section: (none)
Explanation
Explanation:
Types of Solutions
All of Check Point's Remote Access solutions provide:
Enterprise-grade, secure connectivity to corporate resources.
Strong user authentication.
Granular access control.
QUESTION 175
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateways and Servers
Correct Answer: C
Section: (none)
Explanation
QUESTION 176
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user
through an internet browser.
A. Clientless remote access

B. Clientless direct access
C. Client-based remote access
D. Direct access
Correct Answer: A
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm?topic=documents/R80/CP_R80BC_Firewall/92704
QUESTION 177
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
A. A host route to route to the destination IP.

B. Use the file local.arp to add the ARP entries for NAT to work.
C. Nothing, the Gateway takes care of all details necessary.
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.
Correct Answer: C
Section: (none)
Explanation
QUESTION 178
At what point is the Internal Certificate Authority (ICA) created?
A. Upon creation of a certificate.

B. During the primary Security Management Server installation process.
C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.
Correct Answer: B
Section: (none)
Explanation
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13118
QUESTION 179
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. RADIUS
B. Remote Access and RADIUS
C. AD Query
D. AD Query and Browser-based Authentication
Correct Answer: D
Section: (none)
Explanation
Explanation:
Identity Awareness gets identities from these acquisition sources:
AD Query
Browser-Based Authentication
Endpoint Identity Agent
Terminal Servers Identity Agent
Remote Access
QUESTION 180
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with
default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was
standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it
became operational.
When it re-joins the cluster, will it become active automatically?
A. No, since ‘maintain’ current active cluster member’ option on the cluster object properties is enabled by default.
B. No, since ‘maintain’ current active cluster member’ option is enabled by default on the Global Properties.
C. Yes, since ‘Switch to higher priority cluster member’ option on the cluster object properties is enabled by default.
D. Yes, since ‘Switch to higher priority cluster member’ option is enabled by default on the Global Properties.
Correct Answer: A
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?
HashKey=1479822138_31410b1f8360074be87fd8f1ab682464&xtn=.pdf
QUESTION 181
DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Unified Policies
Correct Answer: B
Section: (none)
Explanation
QUESTION 182
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
A. Firewall policy install

B. Threat Prevention policy install
C. Anti-bot policy install
D. Access Control policy install
Correct Answer: C
Section: (none)
Explanation
Explanation: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/
CP_R80BC_ThreatPrevention/136486
QUESTION 183
How many users can have read/write access in Gaia at one time?
A. Infinite
B. One
C. Three
D. Two
Correct Answer: B
Section: (none)
Explanation
QUESTION 184
To optimize Rule Base efficiency, the most hit rules should be where?
A. Removed from the Rule Base.
B. Towards the middle of the Rule Base.
C. Towards the top of the Rule Base.
D. Towards the bottom of the Rule Base.
Correct Answer: C
Section: (none)
Explanation
QUESTION 185
Which command is used to obtain the configuration lock in Gaia?
A. Lock database override

B. Unlock database override
C. Unlock database lock
D. Lock database user
Correct Answer: A
Section: (none)
Explanation
Explanation:
Obtaining a Configuration Lock
lock database override
unlock database
QUESTION 186
What is the default shell for the command line interface?
A. Expert
B. Clish
C. Admin
D. Normal
Correct Answer: B
Section: (none)
Explanation
Explanation:
The default shell of the CLI is called clish
QUESTION 187
You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task.
What is the first step to run management API commands on GAIA’s shell?
A. mgmt_admin@teabag > id.txt

B. mgmt_login
C. login user admin password teabag
D. mgmt_cli login user “admin” password “teabag” > id.txt
Correct Answer: B
Section: (none)
Explanation
QUESTION 188
On R80.10 the IPS Blade is managed by:
A. Threat Protection policy

B. Anti-Bot Blade
C. Threat Prevention policy
D. Layers on Firewall policy
Correct Answer: C
Section: (none)
Explanation
QUESTION 189
When users connect to the Mobile Access portal they are unable to open File Shares.
Which log file would you want to examine?

A. cvpnd.elg
B. httpd.elg
C. vpnd.elg
D. fw.elg
Correct Answer: A
Section: (none)
Explanation
QUESTION 190
What is the default size of NAT table fwx_alloc?
A. 20000
B. 35000
C. 25000
D. 10000
Correct Answer: C
Section: (none)
Explanation
Reference:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk32224
QUESTION 191
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Correct Answer: B
Section: (none)
Explanation
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/CP_R80_CheckPoint_API_ReferenceGuide.pdf?
HashKey=1517088487_4c0acda205460a92f44c83d399826a7b&xtn=.pdf
QUESTION 192
How long may verification of one file take for Sandblast Threat Emulation?
A. up to 1 minutes
B. within seconds cleaned file will be provided
C. up to 5 minutes
D. up to 3 minutes
Correct Answer: B
Section: (none)
Explanation
QUESTION 193
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After
installation, is the administrator required to perform any additional tasks?
A. Go to clash-Run cpstop | Run cpstart

B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy
Correct Answer: B
Section: (none)
Explanation
QUESTION 194
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Update Service Engine
B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon
Correct Answer: A
Section: (none)
Explanation
QUESTION 195
You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?
A. set interface eth2 mac-addr 11:11:11:11:11:11; CLISH

B. ifconfig eth1 hw 11:11:11:11:11:11; expert
C. set interface eth2 hw-addr 11:11:11:11:11:11; CLISH
D. ethtool -i eth2 mac 11:11:11:11:11:11; expert
Correct Answer: A
Section: (none)
Explanation

Checkpoint - Examanswers.156 315.80.v2020!02!27.by - Chloe.195q

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Checkpoint - Examanswers.156 315.80.v2020!02!27.by - Chloe.195q

Uploaded by

Copyright:

Available Formats

156-315.

A. R80 Management API-

A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

A. ELA and CPD

A. Blocks or limits usage of web applications

A. 5 Network; Host; Objects; Services; API

A. Using Web Services

A. TCP port 19009

A. source port ranges

A. Host having a Critical event found by Threat Emulation

A. In R80, IPS is managed by the Threat Prevention Policy

A. Secure Internal Communication (SIC)

A. It will generate Geo-Protection traffic

A. VRRP membership is enabled in cpconfig

A. Capsule Docs, Capsule Cloud, Capsule Connect

A. fwd via cpm

A. add host name <New HostName> ip-address <ip address>

A. None, Security Management Server would be installed by itself.

A. Events are generated at gateway according to Event Policy

A. Source address, Destination address, Source port, Destination port, Protocol

A. Versions R77 and higher

A. The plug-in is a package installed on the Security Gateway.

A. http://<Security Management IP Address>/smartview

A. fw ctl multik set_mode 1

A. This statement is true because SecureXL does improve all traffic.

A. cphaprob –d STOP unregister

A. When a box up, Effective Priority = Priority + Priority Delta

A. Can only be changed for Load Sharing implementations

A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

A. write mem <filename>

A. dbedit is not supported in R80.10

A. show all systems

A. No, only one can be connected

A. File name and Gateway

A. $FWDIR/state/proxy_arp.conf on the management server

A. using a SPAN port to receive a copy of the traffic only

A. IPSec VPN does not require installation of a resilient VPN client.

A. HostName:0>show installer status build

A. cphaprob set int fwha_vmac_global_param_enabled 1

A. Identity Awareness Web Services

A. CCP and 18190

A. fw ctl multik stat

A. TCP port 443

A. Supports Dynamic Routing (Unicast and Multicast)

A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

A. Detect threats and provides a detailed report of discovered threats.

A. CPMI port 18191/TCP

A. Run the command: fw monitor debug on

A. He can use the fw accel stat command on the gateway.

A. host name myHost12 ip-address 10.50.23.90

A. enable DLP and select.exe and .bat file type

A. edit fwaffinity.conf; reboot required

A. TXT, XML and CSV

A. Validating all data before it’s written into the database

A. Create new dashboards to manage 3rd party task

A. Web Browsers and user devices

A. Dropped without sending a negative acknowledgment

A. GUI Client, Security Gateway, WebUI Interface

What must you do to get SIC to work?

A. SND is a feature to accelerate multiple SSL VPN connections

A. Post-Automatic/Manual NAT rules

What is one of the requirements for his success?

A. Cloud, Appliance and Private