Check Point Certified Security Expert Topic 1
Question #: 174
Topic #: 1
What is a possible command to delete all of the SSH connections of a gateway?
A. fw sam -l dport 22
B. fw ctl conntab -x -dport=22
C. fw tab -t connections -x -e 00000016
D. fwaccel dos config set dport ssh
Selected Answer: C
Question #: 304
Topic #: 1
Hit Count is a feature to track the number of connections that each rule matches, which one is not a benefit of Hit Count.
A. Better understand the behavior of the Access Control Policy
B. Improve Firewall performance – You can move a rule that has a high hit count to a higher position in the Rule Base
C. Automatically rearrange Access Control Policy based on Hit Count Analysis.
D. Analyze a Rule Base – You can delete rules that have no matching connections
Selected Answer: C
Question #: 70
Topic #: 1
What command lists all interfaces using Multi-Queue?
A. show multiqueue all
B. cpmq set
C. mq_mng –show
D. show interface all
Selected Answer: C
Question #: 332
Topic #: 1
What is the difference between Updatable Objects and Dynamic Objects?
A. Dynamic Objects are maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
B. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. For Dynamic Objects there is no need to install policy for the changes to take effect.
C. Updatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
D. Dynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there is no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.
Selected Answer: C
Question #: 330
Topic #: 1
After some changes in the firewall policy you run into some issues. You want to test if the policy from two weeks ago have the same issue. You don’t want to lose the changes from the last weeks. What is the best way to do it?
A. Use the Gaia WebUI to take a backup of the Gateway. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button.
B. Use the Gaia WebUI to take a snapshot of management. In the In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action ‘Revert to this revision…’ Restore the management snapshot.
C. In SmartConsole under Manage & Settings go to Sessions -> Revisions and select the revision from two weeks ago. Run the action ‘Revert to this revision…’.
D. In SmartConsole under Security Policies go to the Installation History view of the Gateway, select the policy version from two weeks ago and press the ‘Install specific version’ button.
Selected Answer: C
Question #: 157
Topic #: 1
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
A. Source address, Destination address, Source port, Destination port
B. Source address, Destination address, Destination port
C. Source address, Destination address, Destination port, Protocol
D. Source address, Destination address, Source port, Destination port, Protocol
Selected Answer: C
Question #: 23
Topic #: 1
Which Queue in the Priority Queue has the maximum priority?
A. High Priority
B. Control
C. Routing
D. Heavy Data Queue
Selected Answer: C
Question #: 297
Topic #: 1
You had setup the VPN Community ‘VPN-Stores’ with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.
A. action:”Key Install” AND 1.1.1.1 AND Main Mode
B. action:”Key Install” AND 1.1.1.1 AND Quick Mode
C. Blade:”VPN” AND VPN-Stores AND Main Mode
D. Blade:”VPN” AND VPN-Stores AND Quick Mode
Selected Answer: B
Question #: 87
Topic #: 1
Which process is used mainly for backward compatibility of gateways in R80.x? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.
A. fwm
B. cpd
C. fwd
D. cpm
Selected Answer: A
Question #: 1
Topic #: 1
In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?
A. Publish changes
B. Save changes
C. Install policy
D. Install database
Selected Answer: C
Question #: 131
Topic #: 1
Please choose the path to monitor the compliance status of the Check Point Security Management.
A. Logs Monitor -> New Tab -> Open compliance View
B. Gateways Servers -> Compliance View
C. Security Policies -> New Tab -> Compliance View
D. Compliance blade not available under R80.10
Selected Answer: A
Question #: 271
Topic #: 1
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. CPM allows the GUI client and management server to communicate via web services using __________.
A. TCP Port 18191
B. TCP Port 18190
C. TCP Port 18209
D. TCP port 19009
Selected Answer: D
Question #: 11
Topic #: 1
What are the Threat Prevention software components available on the Check Point Security Gateway?
A. IPS, Threat Emulation and Threat Extraction
B. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction
D. IDS, Forensics, Anti-Virus, Sandboxing
Selected Answer: C
Question #: 2
Topic #: 1
Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
A. Both License (.lic) and Contract (.xml) files
B. cp.macro
C. Contract file (.xml)
D. license File (.lic)
Selected Answer: B
Question #: 317
Topic #: 1
Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
A. Domain-based- VPN domains are pre-defined for all VPN Gateways.
When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.
B. Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.
C. Domain-based- VPN domains are pre-defined for all VPN Gateways.
A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.
D. Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.
Selected Answer: C
Question #: 263
Topic #: 1
Which of the following statements about SecureXL NAT Templates is true?
A. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.
B. DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
C. NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled.
D. ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.
Selected Answer: A
Question #: 292
Topic #: 1
What command is used to manually failover a cluster during a zero downtime upgrade?
A. set cluster member down
B. cpstop
C. clusterXL_admin down
D. set clusterXL down
Selected Answer: C
Question #: 34
Topic #: 1
Besides fw monitor, what is another command that can be used to capture packets?
A. arp
B. traceroute
C. tcpdump
D. ping
Selected Answer: C
Question #: 215
Topic #: 1
What solution is Multi-queue intended to provide?
A. Reduce the performance of network interfaces
B. Improve the efficiency of traffic handling by SecureXL SNDs
C. Improve the efficiency of CoreXL Kernel Instances
D. Reduce the confusion for traffic capturing in FW Monitor
Selected Answer: B
Question #: 256
Topic #: 1
Which one of the following is true about Threat Extraction?
A. Takes minutes to complete (less than 3 minutes)
B. Takes less than a second to complete
C. Works on MS Office and PDF files only
D. Always delivers a file
Selected Answer: C
Question #: 20
Topic #: 1
What are the correct steps upgrading a HA cluster (M1 is active, M2 is passive) using Multi-Version Cluster(MVC)Upgrade?
A. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism
B. 1) Enable the MVC mechanism on both cluster members #cphaprob mvc on
2) Upgrade the passive node M2 to R81.10
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy
C. 1) In SmartConsole, change the version of the cluster object
2) Upgrade the passive node M2 to R81.10
3) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy SmartConsole, change the version of the cluster object
D. 1) Upgrade the passive node M2 to R81.10
2) Enable the MVC mechanism on the upgraded R81.10 Cluster Member M2 #cphaconf mvc on
3) In SmartConsole, change the version of the cluster object
4) Install the Access Control Policy
5) After examine the cluster states upgrade node M1 to R81.10
6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81.10
Selected Answer: D
Question #: 319
Topic #: 1
Alice & Bob are concurrently logged in via SSH on the same Check Point Security Gateway as user “admin” however Bob was first logged in and acquired the lock. Alice tells Bob that she also needs to perform some important configuration changes. Therefore, Bob is releasing his read/write lock from the GAIA configuration database – which of the following GAIA clish command is true:
A. unlock clish database
B. lock database override
C. unlock database
D. override lock database
Selected Answer: C
Question #: 247
Topic #: 1
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
A. False, because SecureXL does not improve this traffic but CoreXL does
B. True, because SecureXL does improve all traffic
C. False because encrypted traffic cannot be inspected
D. True, because SecureXL does improve this traffic
Selected Answer: D
Question #: 67
Topic #: 1
Can multiple administrators connect to a Security Management Server at the same time?
A. Yes, all administrators can modify a network object at the same time.
B. No, only one can be connected.
C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.
D. Yes, but only one has the right to write.
Selected Answer: C
Question #: 299
Topic #: 1
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Selected Answer: B
Question #: 154
Topic #: 1
CoreXL is NOT supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Selected Answer: D
Question #: 47
Topic #: 1
The admin is connected via ssh to the management server. He wants to run a mgmt_cli command but got an Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?
[Expert@SMS:0]# mgmt_cli show service-tcp name FTP
Username: admin –
Password:
message: “Error 404. The Management API service is not available. Please check that the Management API server is up and running.” code: “generic_error”
[Expert@SMS:0]# netstat -anp | grep http
tcp00 0.0.0.0:800.0.0.0:*LISTEN18114/httpd
tcp00127.0.0.1:810.0.0.0:*LISTEN18114/httpd
tcp00 0.0.0.0:44340.0.0.0:*LISTEN9019/httpd2
tcp00 0.0.0.0:4430.0.0.0:*LISTEN 18114/httpd
A. Wrong Management API Access settings for the client IP. To correct it go to SmartConsole / Management & Settings / Blades / Management API and press ‘Advanced Settings…’ and choose GUI clients or ALL IP’s.
B. The API didn’t run on the default port check it with ‘api status’ and add ‘–port 4434’ to the mgmt_cli command.
C. The management permission in the user profile is missing. Go to SmartConsole / Management & Settings / Permissions & Administrators / Permission Profiles. Select the profile of the user and enable ‘Management API Login’ under Management Permissions.
D. The API is not running, the services shown by netstat are the Gaia services. To start the API run ‘api start’.
Selected Answer: C
Question #: 193
Topic #: 1
Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161
B. Quicker than Full sync
C. Transfers changes in the Kernel tables between cluster members
D. Using UDP Multicast or Broadcast on port 8116
Selected Answer: A
Question #: 326
Topic #: 1
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to ______ via ______.
A. cpd, fwm
B. cpm, cpd
C. fwm, cpd
D. cpwd, fwssd
Selected Answer: C
Question #: 268
Topic #: 1
You have pushed policy to GW-3 and now cannot pass traffic through the gateway. As a last resort, to restore traffic flow, what command would you run to remove the latest policy from GW-3?
A. fw unloadlocal
B. fwm unload policy
C. fw unloadpolicy
D. fwm unload local
Selected Answer: A
Question #: 114
Topic #: 1
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Selected Answer: A
Question #: 5
Topic #: 1
Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?
A. Centos Linux
B. Gaia embedded.
C. Gaia
D. Red Hat Enterprise Linux version 5
Selected Answer: B
Question #: 266
Topic #: 1
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services. Which of the following is NOT a possible use case?
A. Create products that use and enhance 3rd party solutions.
B. Create new dashboards to manage 3rd party task.
C. Create products that use and enhance the Check Point Solution.
D. Execute automated scripts to perform common tasks.
Selected Answer: A
Question #: 61
Topic #: 1
What could NOT be a reason for synchronization issues in a Management HA environment?
A. Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
B. There is a network connectivity failure between the servers
C. Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.
D. The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.
Selected Answer: A
Question #: 222
Topic #: 1
How can you see historical data with cpview?
A. cpview -f
B. cpview -e
C. cpview -t
D. cpview -d
Selected Answer: C
Question #: 30
Topic #: 1
How can you switch the active log file?
A. Run fw logswitch on the gateway
B. Run fwm logswitch on the Management Server
C. Run fwm logswitch on the gateway
D. Run fw logswitch on the Management Server
Selected Answer: D
Question #: 280
Topic #: 1
What is “Accelerated Policy Installation”?
A. Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly
B. Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly
C. Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly
D. Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly
Selected Answer: C
Question #: 130
Topic #: 1
You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application ‘File Share’ to your Access Control Policy in the SmartConsole didn’t work. You will be only allowed to select Services for the ‘Service & Application’ column. How to fix it?
A. A Quantum Spark Appliance is selected as Installation Target for the policy.
B. The Mobile Access Blade is not enabled for the Access Control Layer of the policy.
C. The Mobile Access Policy Source under Gateway properties is set to Legacy Policy and not to Unified Access Policy.
D. The Mobile Access Blade is not enabled under Gateway properties.
Selected Answer: B
Question #: 151
Topic #: 1
What destination versions are supported for a Multi-Version Cluster Upgrade?
A. R80.10 and Later
B. R77.30 and Later
C. R76 and Later
D. R70 and Later
Selected Answer: A
Question #: 305
Topic #: 1
Which Correction mechanisms are available with ClusterXL under R81.10?
A. Correction Mechanisms are only available of Maestro Hyperscale Orchestrators
B. Pre-Correction and SDF (Sticky Decision Function)
C. SDF (Sticky Decision Function) and Flush and ACK
D. Dispatcher (Early Correction) and Firewall (Late Correction)
Selected Answer: D
Question #: 322
Topic #: 1
After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again. He detected that the expert password is no longer valid. What is the most probable reason for this behavior?
A. changes are only possible via SmartConsole
B. “save config” was not issued in expert mode
C. “write memory” was not issued on clish
D. “save config” was not issued on clish
Selected Answer: B
Question #: 16
Topic #: 1
When changes are made to a Rule base, It is important to __________ to enforce changes.
A. Publish database
B. Activate policy
C. Install policy
D. Save changes
Selected Answer: D
Question #: 228
Topic #: 1
An established connection is going to www.google.com. The Application Control Blade is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?
A. Slow Path
B. Fast Path
C. Medium Path
D. Accelerated Path
Selected Answer: C
Question #: 224
Topic #: 1
The installation of a package via SmartConsole CANNOT be applied on:
A. A single Security Gateway
B. Multiple Security Gateways and/or Clusters
C. A full Security Cluster (All Cluster Members included)
D. R81.10 Security Management Server
Selected Answer: D
Question #: 72
Topic #: 1
Which 3 types of tracking are available for Threat Prevention Policy?
A. Syslog, None, User-defined scripts
B. Alert, SNMP trap, Mail
C. None, Log, Syslog
D. SMS Alert, Log, SNMP alert
Selected Answer: B
Question #: 57
Topic #: 1
What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?
A. The corresponding feature is new to R81.10 and is called “Management Data Plane Separation”
B. The corresponding feature is called “Dynamic Dispatching”
C. There is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing
D. The corresponding feature is called “Dynamic Split”
Selected Answer: C
Question #: 55
Topic #: 1
To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?
A. The Access Control and Threat Prevention Policies.
B. The Access Control Policy.
C. The Access Control & HTTPS Inspection Policy.
D. The Threat Prevention Policy.
Selected Answer: D
Question #: 52
Topic #: 1
Alice & Bob are going to deploy Management Data Plane Separation (MDPS) for all their Check Point Security Gateway(s)/Cluster(s). Which of the following statement is true?
A. Each network environment is dependent and includes interfaces, routes, sockets, and processes
B. Management Plane – To access, provision and monitor the Security Gateway
C. Data Plane – To access, provision and monitor the Security Gateway
D. Management Plane – for all other network traffic and processing
Selected Answer: B
Question #: 340
Topic #: 1
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
A. By matching logs against ThreatCloud information about the reputation of the website.
B. By dropping traffic that is not proven to be from clean websites in the URL Filtering blade
C. By allowing traffic from websites that are known to run Antivirus Software on servers regularly
D. By dropping traffic from websites identified through ThreatCloud Verification and URL Caching
Selected Answer: D
Question #: 336
Topic #: 1
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In the Logs & Monitor, logs, select “Audit Log View”
B. In Smartlog, all logs
C. In SmartView Tracker, open active log
D. In SmartAudit Log View
Selected Answer: A
Question #: 335
Topic #: 1
Which member of a high-availability cluster should be upgraded first in a Zero downtime upgrade?
A. The Active Member
B. The Primary Member
C. The Standby Member
D. The Secondary Member
Selected Answer: C
Question #: 314
Topic #: 1
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
A. cphaprob –d STOP unregister
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP
Selected Answer: A
Question #: 312
Topic #: 1
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
A. ad_connectivity_test -d
B. test_ldap_connectivity -d
C. test_connectivity_ad -d
D. test_ad_connectivity -d
Selected Answer: D
Question #: 307
Topic #: 1
By default, what information is NOT collected from a Security Gateway in a CPINFO?
A. OS and Network Statistics
B. System message logs
C. Configuration and database files
D. Firewall logs
Selected Answer: D
Question #: 306
Topic #: 1
What are the methods of SandBlast Threat Emulation deployment?
A. Cloud, Appliance and Private
B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
Selected Answer: B
Question #: 321
Topic #: 1
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. Full layer3 VPN -IPSec VPN that gives users network access to all mobile applications
B. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager
C. Full Layer4 VPN -SSL VPN that gives users network access to all mobile applications
D. You can make sure that documents are sent to the intended recipients only
Selected Answer: A
Question #: 315
Topic #: 1
How can you grant GAiA API Permissions for a newly created user?
A. Assign the user a permission profile in SmartConsole
B. Assign the user the admin RBAC role in clish
C. No need to grant access since every user has access by default.
D. In bash, use the following command: “gaia_api access –user Tom –enable true”
Selected Answer: D
Question #: 323
Topic #: 1
Which Mobile Access Solution is clientless?
A. SecuRemote
B. Checkpoint Mobile
C. Mobile Access Portal
D. Endpoint Security Suite
Selected Answer: C
Question #: 318
Topic #: 1
What is the best sync method in the ClusterXL deployment?
A. Use 3 clusters + 1st sync + 2nd sync + 3rd sync
B. Use 2 clusters + 1st sync + 2nd sync
C. Use 1 cluster + 1st sync
D. Use 1 dedicated sync interface
Selected Answer: D
Question #: 309
Topic #: 1
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats.
B. Proactively detects threats.
C. Delivers file with original content.
D. Delivers PDF versions of original files with active content removed.
Selected Answer: D
Question #: 308
Topic #: 1
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. File name and Gateway
B. IP address of Management Server and Gateway
C. Object Name and MDS signature
D. MD5 signature and Gateway
Selected Answer: C
Question #: 301
Topic #: 1
Which of these statements describes the Check Point ThreatCloud?
A. Blocks or limits usage of web applications
B. Prevents or controls access to web sites based on category
C. Prevents Cloud vulnerability exploits
D. A worldwide collaborative security network
Selected Answer: D
Question #: 255
Topic #: 1
After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?
A. The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup.
B. The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS ‘Update Now’ to update the engine.
C. The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing.
D. The Threat Prevention Policy can’t be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.
Selected Answer: D
Question #: 302
Topic #: 1
What are possible Automatic Reactions in SmartEvent?
A. Mail, SNMP Trap, Block Source, Block Event Activity, External Script
B. Web Mail, Block Destination, SNMP Trap, SmartTask
C. Web Mail, Block Service, SNMP Trap, SmartTask, Geo Protection
D. Web Mail, Forward to SandBlast Appliance, SNMP Trap, External Script
Selected Answer: A
Question #: 288
Topic #: 1
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SND is a feature of fw monitor to capture accelerated packets
B. SND is an alternative to IPSec Main Mode, using only 3 packets
C. SND is used to distribute packets among Firewall instances
D. SND is a feature to accelerate multiple SSL VPN connections
Selected Answer: C
Question #: 281
Topic #: 1
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fw ctl affinity -l -a -r -v
B. fw ctl multik stat
C. fw ctl sdstat
D. cpinfo
Selected Answer: A
Question #: 242
Topic #: 1
What are the two ClusterXL Deployment options?
A. Distributed and Full High Availability
B. Broadcast and Multicast Mode
C. Distributed and Standalone
D. Unicast and Multicast Mode
Selected Answer: A
Question #: 333
Topic #: 1
Which of the following Central Deployment is NOT a limitation in R81.10 SmartConsole?
A. Security Gateway Clusters in Load Sharing mode
B. Dedicated Log Server
C. Dedicated SmartEvent Server
D. Security Gateways/Clusters in ClusterXL HA new mode
Selected Answer: D
Question #: 298
Topic #: 1
What are the two modes for SNX (SSL Network Extender)?
A. Network Mode and Application Mode
B. Visitor Mode and Office Mode
C. Network Mode and Hub Mode
D. Office Mode and Hub Mode
Selected Answer: A
Question #: 275
Topic #: 1
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
A. ReverseCLIProxy
B. ReverseProxyCLI
C. ReverseProxy
D. ProxyReverseCLI
Selected Answer: B
Question #: 260
Topic #: 1
You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.
A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
B. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies /Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.
C. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.
D. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnet_for_range_and_peer = { };
Selected Answer: C
Question #: 239
Topic #: 1
Native Applications require a thin client under which circumstances?
A. If you want to use a legacy 32-Bit Windows OS
B. If you want to use a VPN Client that is not officially supported by the underlying operating system
C. If you want to have assigned a particular Office Mode IP address
D. If you are about to use a client (FTP, RDP, …) that is installed on the endpoint.
Selected Answer: D
Question #: 227
Topic #: 1
What should the admin do in case the Primary Management Server is temporary down?
A. Use the VIP in SmartConsole you always reach the active Management Server.
B. The Secondary will take over automatically. Change the IP in SmartConsole to logon to the private IP of the Secondary Management Server.
C. Run the ‘promote_util’ to activate the Secondary Management server.
D. Logon with SmartConsole to the Secondary Management Server and choose ‘Make Active’ under Actions in the HA Management Menu
Selected Answer: D
Question #: 217
Topic #: 1
The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?
A. In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.
B. In clish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up
C. In clish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up
D. In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In clish run >show web daemon-enable to see if the web daemon is enabled.
Selected Answer: D
Question #: 190
Topic #: 1
Is it possible to establish a VPN before the user login to the Endpoint Client.
A. yes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway.
B. no, the user must login first.
C. yes, you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway.
D. yes, you had to enable Machine Authentication in the Gateway object of the Smart Console.
Selected Answer: D
Question #: 180
Topic #: 1
What are scenarios supported by the Central Deployment in SmartConsole?
A. Installation of Jumbo Hotfix on a ClusterXL environment in High Availability Mode
B. Upgrading a Standalone environment
C. Upgrading a Dedicated SmartEvent Server
D. Upgrading a Dedicated Log Server to R81.10
Selected Answer: A
Question #: 182
Topic #: 1
After verifying that API Server is not running, how can you start the API Server?
A. Run command “api start” in any mode
B. Run command “mgmt api start” in any mode
C. Run command “mgmt_cli set api start” in Expert mode
D. Run command “set api start” in CLISH mode
Selected Answer: A
Question #: 177
Topic #: 1
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. SecurID
C. Username and password (internal, LDAP)
D. TACACS+
Selected Answer: D
Question #: 175
Topic #: 1
Where is the license for Check Point Mobile users installed?
A. The Security Management Server
B. The Primary Gateway
C. The Standby Gateway
D. The Endpoint Server
Selected Answer: B
Question #: 134
Topic #: 1
Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):
A. set mdps split brain on
B. set mdps split plane on
C. set mdps mgmt plane on
D. set mdps data plane off
Selected Answer: C
