Professional Documents
Culture Documents
Correct Answer: C
Question #2Topic 1
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-
based algorithms and has four dedicated components that constantly work together to protect
mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Question #3Topic 1
What are the different command sources that allow you to communicate with the API server?
Question #5Topic 1
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Question #6Topic 1
Which method below is NOT one of the ways to communicate using the Management API's?
Question #7Topic 1
Your manager asked you to check the status of SecureXL, and its enable templates and features,
what command will you use to provide such information to manager?
Question #8Topic 1
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote
user's machine via the web browser. What are the two modes of
SNX?
Question #9Topic 1
Which command would disable a Cluster Member permanently?
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
D. set clusterXL down-p
Correct Answer: C
Question #10Topic 1
Which two of these Check Point Protocols are used by SmartEvent Processes?
Correct Answer: D
Question #11Topic 1
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Correct Answer: C
Question #12Topic 1
Which of these statements describes the Check Point ThreatCloud?
Question #13Topic 1
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically
reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Question #14Topic 1
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob -I interface
C. cphaprob -a if
D. cphaprob stat
Question #15Topic 1
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Question #16Topic 1
To help SmartEvent determine whether events originated internally you must define using the
Initial Settings under General Settings in the Policy Tab. How many options are available to
calculate the traffic direction?
Question #17Topic 1
There are 4 ways to use the Management API for creating host object with R80 Management API.
Which one is NOT correct?
Question #18Topic 1
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Question #19Topic 1
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets
were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize
drops you decide to use Priorities Queues and fully enable Dynamic Dispatcher. How can you
enable them?
Question #20Topic 1
Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidates management console. CPM allows the
GUI client and management server to communicate via web services using ___________.
Question #21Topic 1
Which command is used to set the CCP protocol to Multicast?
Question #22Topic 1
Which packet info is ignored with Session Rate Acceleration?
Question #23Topic 1
Which is the least ideal Synchronization Status for Security Management Server High Availability
deployment?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
Question #24Topic 1
During inspection of your Threat Prevention logs you find four different computers having one
event each with a Critical Severity. Which of those hosts should you try to remediate first?
Correct Answer: D
Question #25Topic 1
In R80 spoofing is defined as a method of:
Question #26Topic 1
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Hide Solution Discussion
Correct Answer: A
Question #27Topic 1
Which command lists all tables in Gaia?
A. fw tab -t
B. fw tab -list
C. fw-tab -s
D. fw tab -1
To see the names and IDs of the available kernel tables, run: fw tab -s
Question #28Topic 1
What is true about the IPS-Blade?
Correct Answer: A
Question #29Topic 1
Which one of these features is NOT associated with the Check Point URL Filtering and Application
Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are
affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the
company's security policy.
D. Make rules to allow or block applications and Internet sites for individual applications,
categories, and risk levels.
Question #30Topic 1
What is a feature that enables VPN connections to successfully maintain a private and secure
VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Question #31Topic 1
What Factor preclude Secure XL Templating?
Correct Answer: A
Question #32Topic 1
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most
accurate CLI command?
Correct Answer: B
Degenhardt
7 months ago
should be fw ctl affinity -l -a -v -r.
Question #33
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster
Members over Check Point SIC _____________ .
Correct Answer: B
Question #34Topic 1
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Question #35Topic 1
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Correct Answer: B
Question #36Topic 1
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used
for this?
Question #37Topic 1
Fill in the blank: The command ___________ provides the most complete restoration of a R80
configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo -recover
Correct Answer: A
Question #38Topic 1
Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidated management console. It empowers the migration from legacy
Client-side logic to Server-side logic. The cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and
compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as
policy code generation.
Correct Answer: C
Question #39Topic 1
Which of the following type of authentication on Mobile Access can NOT be used as the first
authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate
Question #40Topic 1
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Correct Answer: A
Question #41Topic 1
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
Question #42Topic 1
What is true about VRRP implementations?
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Correct Answer: D
Question #44Topic 1
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific time
period.
Question #45Topic 1
In a Client to Server scenario, which represents that the packet has already checked against the
tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
Question #46Topic 1
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious files from a document to use it as a
counter-attack against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file
types to destroy it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and
put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be
removed from the document and forwarded to the intended recipient, which makes this solution
very fast.
Correct Answer: D
Question #47Topic 1
You want to gather and analyze threats to your mobile device. It has to be a lightweight app.
Which application would you use?
Question #48Topic 1
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Correct Answer: C
https://dl3.checkpoint.com/paid/fa/fa3f0ac5078c30eda84a14275768ae79/CP_CPView_R77.20_Guide.pdf?
HashKey=1576490725_9147e96e31031f27d02d277542a64c8a&xtn=.pdf
Question #49Topic 1
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and
older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers
are inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1
Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the
rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
Question #50Topic 1
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Question #51Topic 1
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up
an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: C
Question #52Topic 1
CPM process stores objects, policies, users, administrators, licenses and management data in a
database. The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Question #53Topic 1
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob -a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp
Correct Answer: D
Question #54Topic 1
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
Question #55Topic 1
What are the three components for Check Point Capsule?
Question #56Topic 1
Which of the following Check Point processes within the Security Management Server is
responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Question #57Topic 1
The fwd process on the Security Gateway sends logs to the fwd process on the Management
Server via which 2 processes?
Correct Answer: D
I believe the right answer should be D.
Question #58Topic 1
You have successfully backed up Check Point configurations without the OS information. What
command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Correct Answer: D
Question #59Topic 1
The Firewall Administrator is required to create 100 new host objects with different IP addresses.
What API command can he use in the script to achieve the requirement?
Question #60Topic 1
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs
the systems this way, how many machines will he need if he does NOT include a SmartConsole
machine in his calculations?
Question #61Topic 1
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each
profile defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Question #63Topic 1
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API)
the default Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Question #64Topic 1
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
Question #65Topic 1
What is the least amount of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
Question #66Topic 1
You are working with multiple Security Gateways enforcing an extensive number of rules. To
simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway
directly.
Correct Answer: B
Question #67Topic 1
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+
Question #68Topic 1
What is the correct command to observe the Sync traffic in a VRRP environment?
Correct Answer: D
Question #69Topic 1
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to
allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported.
So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.
Correct Answer: A
Question #70Topic 1
What is the difference between an event and a log?
Correct Answer: B
Question #71Topic 1
What are the attributes that SecureXL will check after the connection is allowed by Security
Policy?
Correct Answer: A
Question #72Topic 1
Which statement is NOT TRUE about Delta synchronization?
Question #73Topic 1
The Event List within the Event tab contains:
Question #74Topic 1
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator
card
B. Does not support SPI's when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic
Question #75Topic 1
Which statement is true regarding redundancy?
A. System Administrators know their cluster has failed over and can also see why it failed
over by using the cphaprob -f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and
Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point
appliances, open servers, and virtualized environments.
Question #76Topic 1
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Hide Solution Discussion 3
Correct Answer: C
Question #77Topic 1
In R80.10, how do you manage your Mobile Access Policy?
Correct Answer: C
Question #78Topic 1
R80.10 management server can manage gateways with which versions installed?
Question #79Topic 1
Which command can you use to verify the number of active concurrent connections?
Correct Answer: C
Question #81Topic 1
How can SmartView application accessed?
Correct Answer: C
Question #82Topic 1
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Question #83Topic 1
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In SmartView Tracker, open active log
B. In the Logs & Monitor view, select "Open Audit Log View"
C. In SmartAuditLog View
D. In Smartlog, all logs
Question #84Topic 1
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
Question #85Topic 1
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the
connection times out
D. The Firewall can run the same policy on all cores.
Question #86Topic 1
Selecting an event displays its configurable properties in the Detail pane and a description of the
event in the Description pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Question #87Topic 1
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the
following command in Expert mode then reboot:
Question #88Topic 1
Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
Correct Answer: A
Question #89Topic 1
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating
SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Question #90Topic 1
Which Mobile Access Application allows a secure container on Mobile devices to give users
access to internal website, file share and emails?
Question #91Topic 1
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
Correct Answer: D
Yes! TCP Port 18192 (CPD_amon) is used by the CPD process FireWall Application Monitoring.
Question #92Topic 1
To fully enable Dynamic Dispatcher on a Security Gateway:
Question #93Topic 1
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Correct Answer: A
Question #94Topic 1
Which command shows actual allowed connections in state table?
Correct Answer: B
Question #95Topic 1
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Question #96Topic 1
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Question #97Topic 1
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data
Awareness, and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1
Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers
are inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
I can't make friends with C, because A is absolute precisely correct and C is more ambiguous. "In R80 the
Access Control policy unifies the policies of these pre-R80 Software Blades: Firewall and VPN Application
Control and URL Filtering Identity Awareness Data Awareness Mobile Access Security Zones" I refer to:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?
topic=documents/R80/CP_R80_SecMGMT/126197
upvoted 3 times
Question #98Topic 1
Which CLI command will reset the IPS pattern matcher statistics?
Question #99Topic 1
When requiring certificates for mobile devices, make sure the authentication method is set to one
of the following, Username and Password, RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_MobileAccess_AdminGuid
e/html_frameset.htm?
topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_MobileAccess_AdminGuide/41587
Question #100Topic 1
Check Point recommends configuring Disk Space Management parameters to delete old log
entries when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Correct Answer: D
https://sc1.checkpoint.com/documents/R80/CP_R80_Gaia_IUG/html_frameset.htm?
topic=documents/R80/CP_R80_Gaia_IUG/130169
Question #101Topic 1
SmartEvent has several components that function together to track security threats. What is the
function of the Correlation Unit as a component of this architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy.
When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Correct Answer: A
Question #102Topic 1
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
Question #103Topic 1
Which command gives us a perspective of the number of kernel tables?
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
Correct Answer: B
Question #104Topic 1
When simulating a problem on ClusterXL cluster with cphaprob -d STOP -s problem -t 0 register,
to initiate a failover on an active cluster member, what command allows you remove the
problematic state?
The answer is correct but clusterXL_admin down/up is a better way to do this then registering a pnote.
Question #105Topic 1
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode
without a Check Point Security Gateway?
Correct Answer: C?
No. It's A: "Inline: This is a stand-alone option that deploys a SandBlast Appliance inline as MTA or as an
ICAP server or on a SPAN port, utilizing all NGTX Software Blades including IPS, Antivirus, Anti-Bot, Threat
Emulation, Threat Extraction, URL Filtering and Application Control"
https://www.checkpoint.com/downloads/products/sandblast-appliances-datasheet.pdf
Question #106Topic 1
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Question #107Topic 1
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception
of:
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
Correct Answer: D
Right! "The following types of traffic are not load-balanced by the CoreXL Dynamic Dispatcher (this traffic
will always be handled by the same CoreXL FW instance): VoIP VPN encrypted packets"
https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261#Limitations
Question #108Topic 1
SandBlast offers flexibility in implementation based on their individual business needs. What is an
option for deployment of Check Point SandBlast Zero-Day Protection?
Correct Answer: A
Shouldn't this be D?
upvoted 2 times
FedoLFS
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Correct Answer: C
Question #110Topic 1
What is the purpose of Priority Delta in VRRP?
Question #111Topic 1
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule
Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule
only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or
more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or
more rules.
Correct Answer: C
Question #112Topic 1
Using ClusterXL, what statement is true about the Sticky Decision Function?
Correct Answer: A
Question #113Topic 1
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
D. Secure Workspace
Question #114Topic 1
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Hide Solution Discussion 4
Correct Answer: A
Question #115Topic 1
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443
Correct Answer: D
Question #116Topic 1
Which configuration file contains the structure of the Security Server showing the port numbers,
corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Correct Answer: C
Question #117Topic 1
What API command below creates a new host with the name "New Host" and IP address of
"192.168.0.10"?
Correct Answer: D
Question #118Topic 1
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. That is used to deploy the mobile device as a generator of one-time passwords for
authenticating to an RSA Authentication Manager.
B. Fill Layer4 VPN -SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN -IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
Question #119Topic 1
You find one of your cluster gateways showing "Down" when you run the "cphaprob stat"
command. You then run the "clusterXL_admin up" on the down member but unfortunately the
member continues to show down. What command do you run to determine the cause?
A. cphaprob -f register
B. cphaprob -d -s report
C. cpstat -f all
D. cphaprob -a list
Correct Answer: D
Question #120Topic 1
In SmartEvent, what are different types of automatic reactions that the administrator can
configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Question #121Topic 1
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Question #122Topic 1
What are the steps to configure the HTTPS Inspection Policy?
A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
D. Go to Application&url filtering blade > Https Inspection > Policy
Correct Answer: A
Question #123Topic 1
You want to store the GAIA configuration in a file for later reference. What command should you
use?
Correct Answer: D
Question #124Topic 1
How do Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with
usable applications.
B. Capsule Workspace can provide access to any application.
C. Capsule Connect provides Business data isolation.
D. Capsule Connect does not require an installed application at client.
Correct Answer: A
Question #125Topic 1
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service - delay sync for 2 seconds
B. Add a second interface to handle sync traffic
C. For short connections like http service - do not sync
D. For short connections like icmp service - delay sync for 2 seconds
Correct Answer: A
It's not clearly stated in the documentation. But I would say C -> don't sync short connections. "Some TCP
services (for example, HTTP) are characterized by connections with a very short duration. There is no point
to synchronize these connections, because every synchronized connection consumes resources on Cluster
Members, and the connection is likely to have finished by the time a cluster failover occurs." And "You may
choose not to synchronize a service if these conditions are true: [...] The service typically opens short
connections, whose loss may not be noticed. DNS (over UDP) and HTTP are typically responsible for most
connections, frequently have short life, and inherent recoverability in the application level. Services that
open long connections, such as FTP, should always be synchronized."
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/ht
ml_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288 ... Further I can't
find a recommendation for any service to set the delay to specificaly two seconds...
upvoted 1 times
wongex23
6 months, 3 weeks ago
For short-lived services, you can use the Delayed Notifications feature to delay telling the Cluster Member
about a connection, so that the connection is only synchronized, if it still exists X seconds after the
connection was initiated. Well, X might be the 2. But.... ON YOUR GUESS.
Question #126Topic 1
Which of these is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Correct. All options according to R80 docs: - Implicit First-To-Respond - Implicit Primary-Backup - Load
Distribution
Question #127Topic 1
You have existing dbedit scripts from R77. Can you use them with R80.10?
Question #128Topic 1
Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
Question #129Topic 1
What is the command to see cluster status in cli expert mode?
Correct Answer: D
Question #130Topic 1
Which Check Point daemon monitors the other daemons?
A. fwm
B. cpd
C. cpwd
D. fwssd
Question #131Topic 1
Which command is used to display status information for various components?
Question #132Topic 1
What are the blades of Threat Prevention?
Question #133Topic 1
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Question #134Topic 1
Can multiple administrators connect to a Security Management Server at the same time?
Question #135Topic 1
Which process is available on any management product and on products that require direct GUI
access, such as SmartEvent and provides GUI client communications, database manipulation,
policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
Question #136Topic 1
To add a file to the Threat Prevention Whitelist, what two items are needed?
Correct Answer: D
Question #138Topic 1
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Configuration and database files
C. System message logs
D. OS and network statistics
Question #139Topic 1
SandBlast appliances can be deployed in the following modes:
Correct Answer: C
Question #140Topic 1
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the
gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the
traffic?
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
Correct Answer: A
Question #141Topic 1
The Correlation Unit performs all but the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be
identified later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event,
and adds it to an ongoing event.
Correct Answer: B
Question #142Topic 1
What is the difference between SSL VPN and IPSec VPN?
Correct Answer: D
Question #143Topic 1
Which of the following will NOT affect acceleration?
Correct Answer: B
Question #144Topic 1
The following command is used to verify the CPUSE version:
Question #145Topic 1
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
Question #146Topic 1
To accelerate the rate of connection establishment, SecureXL groups all connection that match a
particular service and whose sole differentiating element is the source port. The type of grouping
enables even the very first packets of a TCP handshake to be accelerated. The first packets of the
first connection on the same service will be forwarded to the Firewall kernel which will then create
a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Question #147Topic 1
Which of the following is NOT a type of Check Point API available in R80.10?
Correct Answer: C
Question #148Topic 1
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
Correct Answer: B
This is done in Inbound Chain. B is correct
Question #149Topic 1
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
Correct Answer: B
Question #150Topic 1
You are asked to check the status of several user-mode processes on the management server
and gateway. Which of the following processes can only be seen on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Correct Answer: B
Question #151Topic 1
What scenario indicates that SecureXL is enabled?
Correct Answer: C
Question #152Topic 1
What processes does CPM control?
Question #153Topic 1
Which encryption algorithm is the least secured?
A. AES-128
B. AES-256
C. DES
D. 3DES
Correct Answer: C
Question #154Topic 1
What is the command to check the status of the SmartEvent Correlation Unit?
Question #155Topic 1
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo -h all
B. cpinfo -o hotfix
C. cpinfo -l hotfix
D. cpinfo -y all
Question #156Topic 1
VPN Link Selection will perform the following when the primary VPN link goes down?
Correct Answer: B
Question #157Topic 1
Which of the following links will take you to the SmartView web application?
Question #158Topic 1
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Correct Answer: C
Question #159Topic 1
Which GUI client is supported in R80?
A. SmartProvisioning
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog
Correct Answer: C
Question #160Topic 1
From SecureXL perspective, what are the tree paths of traffic flow:
Correct Answer: D
https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92711.htm
Question #161Topic 1
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the
following command in Expert mode and reboot:
Question #162Topic 1
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Question #163Topic 1
Which command shows the current connections distributed by CoreXL FW instances?
Correct Answer: A
Question #164Topic 1
What is the purpose of extended master key extension/session hash?
Question #165Topic 1
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies
the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules
marked with __________________ will not apply.
A. ffff
B. 1
C. 2
D. 3
Correct Answer: B
https://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
Question #166Topic 1
Which one of the following is true about Capsule Connect?
Correct Answer: A
Question #167Topic 1
How often does Threat Emulation download packages by default?
A. Once a week
B. Once an hour
C. Twice per day
D. Once per day
Correct Answer: C
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/
html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288
Question #169Topic 1
Which statement is true about ClusterXL?
Question #170Topic 1
Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview
Question #171Topic 1
Which Check Point software blades could be enforced under Threat Prevention profile using
Check Point R80.10 SmartConsole application?
Correct Answer: C
Question #172Topic 1
When gathering information about a gateway using CPINFO, what information is included or
excluded when using the "-x" parameter?
Question #173Topic 1
What component of R80 Management is used for indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
Question #174Topic 1
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the
daemon?
A. cvpnd_restart
B. cvpnd_restart
C. cvpnd restart
D. cvpnrestart
Question #175Topic 1
SandBlast has several functional components that work together to ensure that attacks are
prevented in real-time. Which the following is NOT part of the SandBlast component?
A. Threat Emulation
B. Mobile Access
C. Mail Transfer Agent
D. Threat Cloud
Correct Answer: B
Correct Answer is B
upvoted 3 times
wongex23
7 months ago
Agree, "C" should be wrong as this support case mentioned: Enhanced control over MTA actions in cases of
failures: MTA is often configured to block emails in case SandBlast fails to scan them. Administrators can
now configure MTA so that in the event of specific failure types, the emails will bypass SandBlast and not be
blocked. https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk123174
Question #176Topic 1
With Mobile Access enabled, administrators select the web-based and native applications that can
be accessed by remote users and define the actions that users can perform the applications.
Mobile Access encrypts all traffic using:
A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications.
For end users to access the native applications, they need to install the SSL. Network Extender.
B. HTTPS for web-based applications and AES or RSA algorithm for native applications.
For end users to access the native application, they need to install the SSL. Network Extender.
C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications.
For end users to access the native applications, no additional software is required.
D. HTTPS for web-based applications and AES or RSA algorithm for native applications.
For end users to access the native application, no additional software is required.
Question #177Topic 1
What is the benefit of "tw monitor" over "tcpdump"?
Correct Answer: C
Question #178Topic 1
Which of the following describes how Threat Extraction functions?
Correct Answer: D
Correct answer is B
upvoted 1 times
Ang7
4 months ago
D should be the answer.
Question #179Topic 1
Security Checkup Summary can be easily conducted within:
A. Summary
B. Views
C. Reports
D. Checkups
Correct Answer: C
C is the answer
Question #180Topic 1
What command can you use to have cpinfo display all installed hotfixes?
A. cpinfo -hf
B. cpinfo -y all
C. cpinfo -get hf
D. cpinfo installed_jumbo
Correct Answer: B
Question #181Topic 1
What is the port used for SmartConsole to connect to the Security Management Server?
Correct Answer: B
Correct answer is B
upvoted 3 times
wongex23
MHU
6 months ago
Correct is B, CPMI use 18190 and not 18191
Question #182Topic 1
What is considered Hybrid Emulation Mode?
Correct Answer: B
Question #183Topic 1
When setting up an externally managed log server, what is one item that will not be configured on
the R80 Security Management Server?
A. IP
B. SIC
C. NAT
D. FQDN
Correct Answer: C
Question #184Topic 1
Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade
method when the management server is not connected to the
Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE offline upgrade
C. CPUSE online upgrade
D. SmartUpdate upgrade
Correct Answer: B
Question #185Topic 1
When installing a dedicated R80 SmartEvent server. What is the recommended size of the root
partition?
A. Any size
B. Less than 20GB
C. More than 10GB and less than 20GB
D. At least 20GB
Question #186Topic 1
As an administrator, you may be required to add the company logo to reports. To do this, you
would save the logo as a PNG file with the name "˜cover-company-
[1]
A. SFWDIR/smartevent/conf
B. $RTDIR/smartevent/conf
C. $RTDIR/smartview/conf
D. $FWDIR/smartview/conf
Question #187Topic 1
Which one of the following is true about Threat Extraction?
Correct Answer: A
Question #188Topic 1
Which one of the following is true about Threat Emulation?
Correct Answer: D
Question #189Topic 1
Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point
appliances. Which the following command is NOT related to redundancy and functions?
A. cphaprob stat
B. cphaprob -a if
C. cphaprob -l list
D. cphaprob all show stat
Correct Answer: D
Question #190Topic 1
What is the purpose of a SmartEvent Correlation Unit?
A. The SmartEvent Correlation Unit is designed to check the connection reliability from
SmartConsole to the SmartEvent Server.
B. The SmartEvent Correlation Unit's task it to assign severity levels to the identified
events.
C. The Correlation unit role is to evaluate logs from the log server component to identify
patterns/threats and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the
SmartReporter Server.
Correct Answer: C
Question #191Topic 1
What are the main stages of a policy installations?
Correct Answer: A
Question #192Topic 1
What is a best practice before starting to troubleshoot using the "fw monitor" tool?
Correct Answer: D
Question #193Topic 1
SmartEvent does NOT use which of the following procedures to identify events:
Question #194Topic 1
What is the most recommended way to install patches and hotfixes?
Correct Answer: A
Question #195Topic 1
Automation and Orchestration differ in that:
Correct Answer: A
Question #196Topic 1
An administrator would like to troubleshoot why templating is not working for some traffic. How can
he determine at which rule templating is disabled?
Correct Answer: D
Question #197Topic 1
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness
Web API?
A. SOAP
B. REST
C. XLANG
D. XML-RPC
Question #198Topic 1
What is mandatory for ClusterXL to work properly?
A. The number of cores must be the same on every participating cluster node
B. The Magic MAC number must be unique per cluster node
C. The Sync interface must not have an IP address configured
D. If you have "Non-monitored Private" interfaces, the number of those interfaces must be
the same on all cluster members
Correct Answer: A
Question #199Topic 1
Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using
GAiA management CLI?
Correct Answer: D
Question #200Topic 1
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Correct Answer: D
Correct answer should be "D"
https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/taiwan/422/1/Check%20Point
%20Sandblast%20PoC%20Guide%20v91.pdf
upvoted 2 times
pfunkylol
eliteone11
Question #201Topic 1
What is the recommended number of physical network interfaces in a Mobile Access cluster
deployment?
A. 4 Interfaces - an interface leading to the organization, a second interface leading to the
internet, a third interface for synchronization, a fourth interface leading to the Security
Management Server.
B. 3 Interfaces - an interface leading to the organization, a second interface leading to the
Internet, a third interface for synchronization.
C. 1 Interface - an interface leading to the organization and the Internet, and configure for
synchronization.
D. 2 Interfaces - a data interface leading to the organization and the Internet, a second
interface for synchronization.
Question #202Topic 1
Which process handles connection from SmartConsole R80?
A. fwm
B. cpmd
C. cpm
D. cpd
Correct Answer: C
Question #203Topic 1
What is the command to show SecureXL status?
A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat
Question #204Topic 1
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
Correct Answer: D
D. SmartView
upvoted 4 times
secadmin44
Question #205Topic 1
What will SmartEvent automatically define as events?
A. Firewall
B. VPN
C. IPS
D. HTTPS
Question #206Topic 1
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external
email with potentially malicious attachments. What is required in order to enable MTA (Mail
Transfer Agent) functionality in the Security Gateway?
Correct Answer: B
Question #207Topic 1
What is not a purpose of the deployment of Check Point API?
Question #208Topic 1
You need to change the number of firewall Instances used by CoreXL. How can you achieve this
goal?
Question #209Topic 1
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to
learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Question #210Topic 1
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Question #211Topic 1
The essential means by which state synchronization works to provide failover in the event an
active member goes down, ____________ is used specifically for clustered environments to allow
gateways to report their own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf
C. cphad
D. cphastart
Question #212Topic 1
Which statement is most correct regarding about "CoreXL Dynamic Dispatcher"?
Question #213Topic 1
What CLI command compiles and installs a Security Policy on the target's Security Gateways?
A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install
uestion #214Topic 1
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment
of Check Point Enterprise Appliances using GAiA/R80.10.
Company's Developer Team is having random access issue to newly deployed Application Server
in DMZ's Application Server Farm Tier and blames DMZ
Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an
investigation. Pamela decides to use Check Point's Packet
Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window. What do you
recommend as the best suggestion for Pamela to make sure she successfully captures entire
traffic in context of Firewall and problematic traffic?
A. Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON.
She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
B. Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF.
She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and
captures entire traffic.
D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and
captures entire traffic.
Correct Answer: A
Question #215Topic 1
Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues
Hide Solution Discussion
Correct Answer: C
Question #216Topic 1
In which formats can Threat Emulation forensics reports be viewed in?
Correct Answer: D
Should be D
upvoted 1 times
secadmin44
Question #217Topic 1
In ClusterXL Load Sharing Multicast Mode:
A. only the primary member received packets sent to the cluster IP address
B. only the secondary member receives packets sent to the cluster IP address
C. packets sent to the cluster IP address are distributed equally between all members of the
cluster
D. every member of the cluster received all of the packets sent to the cluster IP address
Question #218Topic 1
What kind of information would you expect to see using the sim affinity command?
Correct Answer: D
Question #219Topic 1
What cloud-based SandBlast Mobile application is used to register new devices and users?
Correct Answer: D
https://community.checkpoint.com/t5/SandBlast-Mobile/SandBlast-Mobile-Architecture-Overview/td-
p/40322
Question #220Topic 1
What is the responsibility of SOLR process on R80.10 management server?
Correct Answer: B
Question #221Topic 1
In the Firewall chain mode FFF refers to:
A. Stateful Packets
B. No Match
C. All Packets
D. Stateless Packets
Hide Solution Discussion
Correct Answer: C
Reference:
http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html
Question #222Topic 1
Which file gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Correct Answer: C
Question #223Topic 1
Which of the following commands shows the status of processes?
A. cpwd_admin -l
B. cpwd -l
C. cpwd admin_list
D. cpwd_admin list
Question #224
Question #224Topic 1
What is the valid range for VRID value in VRRP configuration?
A. 1-254
B. 1-255
C. 0-254
D. 0-255
Question #225Topic 1
What is true of the API server on R80.10?
A. By default the API-server is activated and does not have hardware requirements.
B. By default the API-server is not active and should be activated from the WebUI.
C. By default the API server is active on management and stand-alone servers with 16GB
of RAM (or more).
D. By default, the API server is active on management servers with 4 GB of RAM (or more)
and on stand-alone servers with 8GB of RAM (or more).
Question #226Topic 1
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster
members?
Question #227Topic 1
For best practices, what is the recommended time for automatic unlocking of locked admin
accounts?
A. 20 minutes
B. 15 minutes
C. Admin account cannot be unlocked automatically
D. 30 minutes at least
Correct Answer: D
Question #228Topic 1
Which is NOT a SmartEvent component?
A. SmartEvent Server
B. Correlation Unit
C. Log Consolidator
D. Log Server
Correct Answer: C
Question #229Topic 1
Check Point APIs allow system engineers and developers to make changes to their organization's
security policy with CLI tools and Web Services for all the following except: rd
Correct Answer: D
Question #231Topic 1
On what port does the CPM process run?
A. TCP 857
B. TCP 18192
C. TCP 900
D. TCP 19009
Question #232Topic 1
What is the SandBlast Agent designed to do?
Correct Answer: A
Question #234Topic 1
Fill in the blank. The R80 feature ___________________ permits blocking specific IP addresses
for a specified time period.
Correct Answer: C
Question #235Topic 1
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
Question #236Topic 1
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of
the following options can you add to each Log, Detailed Log and Extended Log?
A. Accounting
B. Suppression
C. Accounting/Suppression
D. Accounting/Extended
Question #237Topic 1
Which file contains the host address to be published, the MAC address that needs to be
associated with the IP Address, and the unique IP of the interface that responds to ARP request?
A. /opt/CPshrd-R80/conf/local.arp
B. /var/opt/CPshrd-R80/conf/local.arp
C. $CPDIR/conf/local.arp
D. $FWDIR/conf/local.arp
Correct Answer: D
Question #238Topic 1
With SecureXL enabled, accelerated packets will pass through the following:
A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
C. Network Interface Card and the Acceleration Device
D. Network Interface Card, OSI Network Layer, and the Acceleration Device
Correct Answer: C
Question #239Topic 1
Which command would you use to set the network interfaces' affinity in Manual mode?
A. sim affinity -m
B. sim affinity -l
C. sim affinity -a
D. sim affinity -s
Correct Answer: D
Question #240Topic 1
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box
feature, which command you use?
A. sim erdos -e 1
B. sim erdos - m 1
C. sim erdos -v 1
D. sim erdos -x 1
Correct Answer: A
Question #241Topic 1
Which of the following is NOT an option to calculate the traffic direction?
A. Incoming
B. Internal
C. External
D. Outgoing
Correct Answer: C
Should be C?
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?
topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
upvoted 1 times
MHU
6 months ago
If we refer to question 16, must be C
Question #242Topic 1
What command lists all interfaces using Multi-Queue?
A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all
Question #243Topic 1
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration
of ThreatCloud?
Correct Answer: D
Question #244Topic 1
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel
Inspection and are rejected by the rule definition, packets are:
Correct Answer: C
Question #245Topic 1
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a
central and several remote locations which are managed centrally by R77.30 Security
Management Server. On central location is installed R77.30 Gateway on Open server. Remote
locations are using Check Point UTM-1 570 series appliances with R75.30 and some of them are
using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to
R80.What can cause Vanessa unnecessary problems, if she didn't check all requirements for
migration to R80?
Correct Answer: A
Question #246Topic 1
Please choose the path to monitor the compliance status of the Check Point R80.10 based
management.
Correct Answer: C