Check Point Certified Security Expert Topic 1
Question #: 58
Topic #: 1
You need to see which hotfixes are installed on your Check Point server, which command would you use?
A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –y all
D. cpinfo –I hotfix
Selected Answer: B
Question #: 4
Topic #: 1
What API command below creates a new host object with the name “My Host” and IP address of “192.168.0.10”?
A. set host name “My Host” ip-address “192.168.0.10”
B. create host name “My Host” ip-address “192.168.0.10”
C. new host name “My Host” ip-address “192.168.0.10”
D. mgmt_cli –m <mgmt ip> add host name “My Host” ip-address “192.168.0.10”
Selected Answer: D
Question #: 60
Topic #: 1
Which process is used mainly for backward compatibility of gateways in R80.x and newer? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.
A. cpm
B. fwd
C. cpd
D. fwm
Selected Answer: C
Question #: 48
Topic #: 1
What is the correct description for the Dynamic Balancing / Spit feature?
A. Dynamic Balancing / Split dynamically change the number of SND’s and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
B. Dynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND’s. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
C. Dynamic Balancing / Split dynamically change the number of SND’s and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
D. Dynamic Balancing / Spit dynamically distribute the traffic from one network interface to multiple SND’s. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
Selected Answer: A
Question #: 2
Topic #: 1
Which method below is NOT one of the ways to communicate using the Management API’s?
A. Typing API commands using Gaia’s secure shell (clish)
B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Sending API commands over an http connection using web-services
D. Typing API commands using the “mgmt._cli” command
Selected Answer: C
Question #: 63
Topic #: 1
What is the difference between Updatable Objects and Dynamic Objects
A. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
B. Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there is no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.
C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. For Dynamic Objects there is no need to install policy for the changes to take effect.
D. Dynamic Objects are maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
Selected Answer: A
Question #: 42
Topic #: 1
Which of the following statements about SecureXL NAT Templates is true?
A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled.
B. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.
C. ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
D. DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
Selected Answer: A
Question #: 14
Topic #: 1
Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
A. Multi-Version Cluster Upgrade (MVC)
B. Zero Downtime Upgrade (ZDU)
C. Connectivity Upgrade (CU)
D. Minimal Effort Upgrade (ME)
Selected Answer: A
Question #: 20
Topic #: 1
Where can you see and search records of action done by R80 SmartConsole administrators?
A. In SmartAudit Log View
B. In Smartlog, all logs
C. In the Logs & Monitor, logs, select “Audit Log View”
D. In SmartView Tracker, open active log
Selected Answer: C
Question #: 1
Topic #: 1
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
A. mgmt._cli add host name “emailserver1” ip-address 10.50.23.90
B. mgmt._cli add host “emailserver1” address 10.50.23.90
C. mgmt._cli add host name “myHost12 ip” address 10.50.23.90
D. mgmt._cli add host name ip-address 10.50.23.90
Selected Answer: A
Question #: 30
Topic #: 1
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:
A. sysinfo
B. cpsizeme
C. cpinfo
D. cpexport
Selected Answer: C
Question #: 29
Topic #: 1
By default, what type of rules in the Access Control rulebase allow the control connections?
A. Implicit Rules
B. Explicitly Implied Rules
C. Implied Rules
D. Explicit Rules
Selected Answer: C
Question #: 28
Topic #: 1
Which command collects diagnostic data for analyzing a customer setup remotely?
A. cpv
B. cpinfo
C. migrate export
D. sysinfo
Selected Answer: B
Question #: 27
Topic #: 1
What command can you use to have cpinfo display all installed hotfixes?
A. cpinfo-hf
B. cpinfo installed_jumbo
C. cpinfo –get hf
D. cpinfo –y all
Selected Answer: D
Question #: 26
Topic #: 1
By default, what information is NOT collected from a Security Gateway in a CPINFO?
A. OS and Network Statistics
B. Configuration and database files
C. Firewall logs
D. System message logs
Selected Answer: C
Question #: 24
Topic #: 1
Identity Awareness lets an administrator easily configure network access and auditing based on three times. Choose the correct statement.
A. Network location, the identity of a user and the identity of a machine.
B. Geographical location, the identity of a user and the identity of a machine.
C. Network location, the identity of a user and the active directory membership.
D. Network location, the telephone number of a user and the UID of a machine.
Selected Answer: A
Question #: 21
Topic #: 1
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
A. Name of the application, identity of the user, and identity of the machine
B. Identity of the machine, username, and certificate
C. Browser-Based Authentication, identity of a user, and network location
D. Network location, identity of a user, and identity of a machine
Selected Answer: D
Question #: 18
Topic #: 1
Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (ELA) services.
A. DASSERVICE
B. FWD
C. CPVIEWD
D. CPD
Selected Answer: B
Question #: 16
Topic #: 1
What are valid Policy Types in R81.X?
A. Access Control, Threat Prevention, QoS, Desktop Security
B. Access Control, IPS, Threat Emulation, NAT
C. Access Control, IPS, QoS, DLP
D. Access Control, RemoteAccess VPN, NAT, IPS
Selected Answer: A
Question #: 44
Topic #: 1
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher’?
A. The CoreXL FW instances assignment mechanism is based on IP Protocol type.
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
D. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type.
Selected Answer: B
Question #: 12
Topic #: 1
What is the command used to activate Multi-Version Cluster mode?
A. set mvc on in Clish
B. set cluster member mvc on in Clish
C. set cluster mvc on in Expert Mode
D. set cluster MVC on in Expert Mode
Selected Answer: B
Question #: 23
Topic #: 1
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
A. Remote Access
B. Active Directory Query
C. Cloud IdP (Identity Provider)
D. RADIUS
Selected Answer: C
Question #: 96
Topic #: 1
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to ______ via ______.
A. cpm, cpd
B. cpwd, fwssd
C. fwm, cpd
D. cpd, fwm
Selected Answer: A
Question #: 101
Topic #: 1
Which User-mode process is responsible for the FW CLI commands?
A. cpm
B. cpd
C. fwm
D. fwd
Selected Answer: D
Question #: 100
Topic #: 1
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using _______.
A. UserCheck
B. User Directory
C. Captive Portal and Transparent Kerberos Authentication
D. Captive Portal
Selected Answer: C
Question #: 98
Topic #: 1
What command is used to manually failover a cluster during a zero-downtime upgrade?
A. clusterXL_admin down
B. set cluster member down
C. cpstop
D. set clusterXL down
Selected Answer: A
Question #: 97
Topic #: 1
Which TCP port does the CPM process listen on?
A. 19009
B. 18191
C. 8983
D. 18190
Selected Answer: A
Question #: 95
Topic #: 1
While using the Gaia CLI, what is the correct command to publish changes to the management server?
A. json publish
B. mgmt publish
C. mgmt._cli commit
D. commit
Selected Answer: D
Question #: 94
Topic #: 1
Which command would disable a Cluster Member permanently?
A. clusterXL_admin_down
B. cphaprob_admin down
C. clusterXL_admin down –p
D. set clusterXL down –p
Selected Answer: C
Question #: 88
Topic #: 1
How can you switch the active log file?
A. Run fw logswitch on the Management Server
B. Run fwm logswitch on the Management Server
C. Run fw logswitch on the gateway
D. Run fwm logswitch on the gateway
Selected Answer: A
Question #: 87
Topic #: 1
What does Backward Compatibility mean upgrading the Management Server and how can you check it?
A. The Management Server is able to manage older Gateways. The lowest supported version in the Installation and Upgrade Guide
B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes
C. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Release Notes
D. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide
Selected Answer: B
Question #: 86
Topic #: 1
What is the minimum number of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
Selected Answer: A
Question #: 85
Topic #: 1
Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?
A. ip show int eth0
B. show interface eth0 mq
C. ifconfig –i eth0 verbose
D. ethtool –i eth0
Selected Answer: D
Question #: 84
Topic #: 1
What is Dynamic Balancing?
A. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load
B. It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput.
C. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces
D. It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate.
Selected Answer: A
Question #: 83
Topic #: 1
Which command can you use to enable or disable multi-queue per interface?
A. Cpmqueue set
B. Set cpmq enable
C. Cpmq config
D. cpmq set
Selected Answer: D
Question #: 82
Topic #: 1
What are possible Automatic Reactions in SmartEvent?
A. Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script
B. Web Mail, Block Service, SNMP Trap, SmartTask, Geo Protection
C. Web Mail, Block Destination, SNMP Trap, SmartTask
D. Mail, SNMP Trap, Block Source, Block Event Activity, External Script
Selected Answer: D
Question #: 81
Topic #: 1
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:
A. Syslog
B. SNMP Trap
C. Mail
D. Block Source
Selected Answer: A
Question #: 79
Topic #: 1
In SmartConsole, where do you manage your Mobile Access Policy?
A. Through the Mobile Console
B. Shared Gateways Policy
C. From the Dedicated Mobility Tab
D. Smart Dashboard
Selected Answer: D
Question #: 78
Topic #: 1
Native Applications require a thin client under which circumstances?
A. If you want to have assigned a particular Office Mode IP address
B. If you are about to use a client (FTP, RDP, …) that is installed on the endpoint.
C. If you want to use a VPN Client that is not officially supported by the underlying operating system
D. If you want to use a legacy 32-Bit Windows OS
Selected Answer: B
Question #: 77
Topic #: 1
What are the two modes for SNX (SSL Network Extender)?
A. Network Mode and Hub Mode
B. Network Mode and Application Mode
C. Visitor Mode and Office Mode
D. Office Mode and Hub Moe
Selected Answer: B
Question #: 76
Topic #: 1
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product’s capabilities?
A. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.
B. Workspace can support any application, whereas Connect has a limited number of application types which it will support
C. Workspace supports iOS, Android, and WP8, whereas Connect supports iOS and Android only
D. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications.
Selected Answer: D
Question #: 75
Topic #: 1
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
A. ReverseProxy
B. ReverseCLIProxy
C. ReverseProxyCLI
D. ProxyReverseCLI
Selected Answer: C
Question #: 74
Topic #: 1
Is it possible to establish a VPN before the user login to the Endpoint Client.
A. Yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway
B. Yes, you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway
C. No, the user must login first.
D. Yes, you have to enable Machine Authentication in the Gateway object of the Smart Console
Selected Answer: D
Question #: 71
Topic #: 1
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg –a 0
B. fw ctl debug set 0
C. fw ctl debug 0
D. fw ctl dbg resetall
Selected Answer: C
Question #: 69
Topic #: 1
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. Enable .exe bat protection in IPS Policy
B. tecli advanced attributes set prohibited_file_types exe, bat
C. create FW rule for particular protocol
D. enable DLP and select .exe and .bat file type
Selected Answer: B
Question #: 68
Topic #: 1
Which of the following is NOT a component of a Distinguished Name?
A. Common Name
B. Country
C. User container
D. Organizational Unit
Selected Answer: C
Question #: 59
Topic #: 1
What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?
A. There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing.
B. The corresponding feature is new to R81.10 and is called “Management Data Plane Separation”
C. The corresponding feature is called “Dynamic Split”
D. The corresponding feature is called “Dynamic Dispatching”
Selected Answer: A
Question #: 57
Topic #: 1
What order should be used when upgrading a Management High Availability Cluster?
A. Secondary Management, then Primary Management
B. Active Management, then Standby Management
C. Standby Management, then Active Management
D. Primary Management, then Secondary Management
Selected Answer: D
Question #: 56
Topic #: 1
What could NOT be a reason for synchronization issues in a Management HA environment?
A. Hardware clocks do not match even with adjustments for different time zones
B. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
C. There is a network connectivity failure between the servers
D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.
Selected Answer: B
Question #: 54
Topic #: 1
Using Web Services to access the API, which Header Name/Value had to be in the HTTP Post request after the login?
A. uuid Universally Unique Identifier
B. API-Key
C. user-uid
D. X-chkp-sid Session Unique Identifier
Selected Answer: D
Question #: 52
Topic #: 1
What is the purpose of the command “ps aux | grep fwd”?
A. You can check whether the IPS default setting is set to Detect or Prevent mode
B. You can check the Process ID and the processing time of the fwd process.
C. You can convert the log file into Post Script format.
D. You can list all Process IDs for all running services.
Selected Answer: B
Question #: 51
Topic #: 1
The installation of a package via SmartConsole CANNOT be applied on
A. A single Security Gateway
B. A full Security Cluster (All Cluster Members included)
C. Multiple Security Gateways and/or Clusters
D. R81.20 Security Management Server
Selected Answer: D
Question #: 50
Topic #: 1
What is false regarding prerequisites for the Central Deployment usage?
A. The Security Gateway must have a policy installed
B. The administrator must have write permission on SmartUpdate
C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically
D. Security Gateway must have the latest CPUSE Deployment Agent
Selected Answer: C
Question #: 49
Topic #: 1
Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?
A. Only Hotfixes can be installed with the Central Deployment in SmartConsole
B. You can install Hotfixes with the Central Deployment in SmartConsole
C. You can upgrade your cluster without user intervention with the Central Deployment in SmartConsole from R80.40 to R81.20.
D. You can install Jumbo Hotfix accumulators with the Central Deployment in SmartConsole.
Selected Answer: A
Question #: 47
Topic #: 1
What are the three SecureXL Templates available in R81.10?
A. Accept Templates, Drop Templates, NAT Templates
B. PEP Templates, QoS Templates, VPN Templates
C. Accept Templates, PDP Templates, PEP Templates
D. Accept Templates, Drop Templates, Reject Templates
Selected Answer: A
Question #: 46
Topic #: 1
CoreXL is NOT supported when one of the following features is enabled:
A. Overlapping NAT
B. Route-based VPN
C. IPv6
D. IPS
Selected Answer: A
Question #: 45
Topic #: 1
What kind of information would you expect to see when using the “sim affinity –I” command?
A. Overview over SecureXL templated connections
B. The VMACs used in a Security Gateway cluster
C. Affinity Distribution
D. The involved firewall kernel modules in inbound and outbound packet chain
Selected Answer: C
Question #: 43
Topic #: 1
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SND is used to distribute packets among Firewall instances
B. SND is a feature to accelerate multiple SSL VPN connections
C. SND is a feature of fw monitor to capture accelerated packets
D. SND is an alternative to IPSec Main Mode, using only 3 packets.
Selected Answer: A
Question #: 40
Topic #: 1
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
A. Choose different setting for log storage and SmartEvent db
B. It is not possible
C. Install Management and SmartEvent on different machines
D. Use Multi-Domain Management Server
Selected Answer: A
Question #: 41
Topic #: 1
What are the two types of tests when using the Compliance blade?
A. Tests conducted based on the IoC XML file and analysis of SOLR documents
B. Access Control policy analysis and Threat Prevention policy analysis
C. Policy-based tests and Global properties
D. Global tests and Object-based tests
Selected Answer: D
Question #: 38
Topic #: 1
Which Mobile Access Solution is clientless?
A. Mobile Access Portal
B. Checkpoint Mobile
C. Endpoint Security Suite
D. SecuRemote
Selected Answer: A
Question #: 37
Topic #: 1
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
A. Check Point Capsule Workspace
B. Check Point Capsule Remote
C. Check Point Mobile Web Portal
D. Check Point Remote User
Selected Answer: A
Question #: 36
Topic #: 1
Which one of the following is true about Capsule Connect?
A. It is a full layer 3 VPN client
B. It is supported only on iOS phones and Windows PCs
C. It offers full enterprise mobility management
D. It does not support all VPN authentication methods
Selected Answer: A
Question #: 35
Topic #: 1
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
A. Network and Layers
B. Application and Client Service
C. Network and Application
D. Virtual Adapter and Mobile App
Selected Answer: C
Question #: 33
Topic #: 1
Which Remote Access Client does not provide an Office-Mode Address?
A. Endpoint Security Suite
B. Check Point Mobile
C. SecuRemote
D. Endpoint Security VPN
Selected Answer: C
Question #: 22
Topic #: 1
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
A. Security Gateway is not part of the Domain
B. SmartConsole machine is not part of the domain
C. Identity Awareness is not enabled on Global properties
D. Security Management Server is not part of the domain
Selected Answer: B
Question #: 13
Topic #: 1
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
A. 4
B. 3
C. 2
D. 1
Selected Answer: D
Question #: 11
Topic #: 1
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
A. cpd
B. fwd
C. cpwd
D. fwm
Selected Answer: D
Question #: 9
Topic #: 1
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Never been synchronized
B. Collision
C. Synchronized
D. Lagging
Selected Answer: C
Question #: 10
Topic #: 1
What state is the Management HA in when both members have different policies/databases?
A. Lagging
B. Never been synchronized
C. Collision
D. Synchronized
Selected Answer: C
Question #: 8
Topic #: 1
What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solutions?
A. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
B. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
C. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
D. Security Gateway failover as well as Security Management Server failover is a manual procedure.
Selected Answer: B
Question #: 7
Topic #: 1
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily tasks the API services from Check Point for the Management API. Firstly, she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
A. status mgmt api
B. api mgmt status.
C. status api
D. api status
Selected Answer: D
Question #: 6
Topic #: 1
What are the different command sources that allow you to communicate with the API server?
A. API_cli Tool, Gaia CLI, Web Services
B. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
C. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
D. SmartConsole GUI Console, mgmt._cli Tool, Gaia CLI, Web Services
Selected Answer: D
Question #: 5
Topic #: 1
What command verifies that the API server is responding?
A. api stat
B. show api_status
C. api_get_status
D. api status
Selected Answer: D
Question #: 25
Topic #: 1
Fill in the blanks. Default port numbers for an LDAP server is _______ for standard connections and _______ SSL connections.
A. 443; 389
B. 636; 8080
C. 290; 3389
D. 389; 636
Selected Answer: D
Question #: 80
Topic #: 1
You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?
A. In the SmartConsole / Logs & Monitor –> open the Logs View and use type:Correlated as query filter.
B. Select the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.
C. Open SmartView Monitor and select the SmartEvent Window from the main menu.
D. In the SmartConsole / Logs & Monitor –> open a new Tab and select External Apps / SmartEvent.
Selected Answer: C
