Check Point Certified Security Expert Topic 2
Question #: 128
Topic #: 1
CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is:
A. SOLR
B. MariaDB
C. PostgreSQL
D. MySQL
Selected Answer: C
Question #: 126
Topic #: 1
Which TCP port does the CPM process listen on?
A. 18191
B. 19009
C. 8983
D. 18190
Selected Answer: B
Question #: 125
Topic #: 1
What is the command used to activate Multi-Version Cluster mode?
A. set cluster member mvc on in Clish
B. set cluster mvc on in Expert Mode
C. set cluster MVC on in Expert Mode
D. set mvc on in Clish
Selected Answer: A
Question #: 124
Topic #: 1
What is NOT a Cluster Mode?
A. Load Sharing Unicast
B. Load Sharing Multicast
C. Active-Active
D. High Availability Multicast
Selected Answer: D
Question #: 123
Topic #: 1
In SmartConsole, where do you manage your Mobile Access Policy?
A. Through the Mobile Console
B. Smart Dashboard
C. Shared Gateways Policy
D. From the Dedicated Mobility Tab
Selected Answer: B
Question #: 121
Topic #: 1
How would you enable VMAC Mode in ClusterXL?
A. Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
B. fw ctl set int vmac_mode 1
C. cphaconf vmac_mode set 1
D. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
Selected Answer: D
Question #: 120
Topic #: 1
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. It will not block malicious traffic
B. Automatically uploads debugging logs to Check Point Support Center
C. It will generate Geo-Protection traffic
D. Bypass licenses requirement for Geo-Protection control
Selected Answer: A
Question #: 56
Topic #: 1
Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server providing Log Export API (LEA) & Event Logging API (ELA) services?
A. DASSERVICE
B. FWD
C. CPVIEWD
D. CPD
Selected Answer: B
Question #: 51
Topic #: 1
Which two Cluster Solutions are available under R81.10?
A. ClusterXL and NSRP
B. VRRP and HSRP
C. VRRP and IP Clustering
D. ClusterXL and VRRP
Selected Answer: D
Question #: 163
Topic #: 1
Alice & Bob are concurrently logged in via SSH on the same Check Point Security Gateway as user “admin” however Bob was first logged in and acquired the lock. Alice is not aware that Bob is also logged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes – which of the following GAIA clish command is true for overriding Bobs configuration database lock:
A. lock database override
B. unlock override database
C. unlock database override
D. database unlock override
Selected Answer: A
Question #: 168
Topic #: 1
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Lagging
B. Collision
C. Never been synchronized
D. Down
Selected Answer: D
Question #: 331
Topic #: 1
What CLI command will reset the IPS pattern matcher statistics?
A. ips reset pmstat
B. ips pmstats reset
C. ips pstats reset
D. ips pmstats refresh
Selected Answer: B
Question #: 285
Topic #: 1
Which one is not a valid upgrade method to R81.10?
A. RPM Upgrade
B. Upgrade with Migration
C. Advanced Upgrade
D. CPUSE Upgrade
Selected Answer: A
Question #: 69
Topic #: 1
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
A. fw acces stats
B. fw accel stat
C. fwaccel stats
D. fwaccel stat
Selected Answer: D
Question #: 197
Topic #: 1
John is using Management HA. Which Security Management Server should he use for making changes?
A. active SmartConsole
B. Primary Log Server
C. secondary Smartcenter
D. connect virtual IP of Smartcenter HA
Selected Answer: A
Question #: 139
Topic #: 1
Which User-mode process is responsible for the FW CLI commands?
A. cpm
B. fwm
C. cpd
D. fwd
Selected Answer: D
Question #: 328
Topic #: 1
Which command lists all tables in Gaia?
A. fw tab -I
B. fw tab -list
C. fw tab -t
D. fw tab -s
Selected Answer: D
Question #: 231
Topic #: 1
SandBlast offers businesses flexibility in implementation based on their individual business needs. Which of these is an option for deployment of Check Point SandBlast Zero-Day Protection?
A. Smart Cloud Service
B. Any Cloud Service
C. Threat Agent Service
D. Public Cloud Service
Selected Answer: D
Question #: 214
Topic #: 1
You have a Gateway that is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores. How many cores can be used in a Cluster for Firewall-kernel on the new device?
A. 4
B. 1
C. 2
D. 3
Selected Answer: C
Question #: 338
Topic #: 1
When Configuring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application?
A. Basic Approach
B. Very Advanced Approach
C. Medium Approach
D. Strong Approach
Selected Answer: B
Question #: 337
Topic #: 1
Which command is used to set the CCP protocol to Multicast?
A. cphaconf set_ccp no broadcast
B. cphaprob set_ccp multicast
C. cphaconf set_ccp multicast
D. cphaprob set_ccp no_broadcast
Selected Answer: C
Question #: 272
Topic #: 1
What are valid Policy Types in R81.10?
A. Access Control, IPS, Threat Emulation, NAT
B. Access Control, RemoteAccess VPN, NAT, IPS
C. Access Control, IPS, QoS, DLP
D. Access Control, Threat Prevention, QoS, Desktop Security
Selected Answer: D
Question #: 179
Topic #: 1
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system Which of the following statement is false and NOT part of possible automatic reactions:
A. Syslog
B. SNMP Trap
C. Block Source
D. Mail
Selected Answer: A
Question #: 158
Topic #: 1
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
A. create FW rule for particular protocol
B. tecli advanced attributes set prohibited_file_types.exe.bat
C. Enable .exe bat protection in IPS Policy
D. enable DLP and select .exe and .bat file type
Selected Answer: B
Question #: 196
Topic #: 1
While using the Gaia CLI, what is the correct command to publish changes to the management server?
A. commit
B. mgmt publish
C. mgmt cli commit
D. json publish
Selected Answer: A
Question #: 159
Topic #: 1
In which formats can Threat Emulation forensics reports be viewed in?
A. PDF and HTML
B. PDF and TXT
C. TXT, XML and CSV
D. PDF, HTML, and XML
Selected Answer: A
Question #: 199
Topic #: 1
What order should be used when upgrading a Management High Availability Cluster?
A. Standby Management, then Active Management
B. Secondary Management, then Primary Management
C. Active Management, then Standby Management
D. Primary Management, then Secondary Management
Selected Answer: D
Question #: 135
Topic #: 1
What is the command to check the status of Check Point processes?
A. cpwd_admin list
B. cptop
C. cphaprob list
D. top
Selected Answer: A
Question #: 310
Topic #: 1
Which method below is NOT one of the ways to communicate using the Management API’s?
A. Sending API commands over an http connection using web-services
B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Typing API commands using Gaia’s secure shell (clish)
D. Typing API commands using the “mgmt_cli” command
Selected Answer: A
Question #: 110
Topic #: 1
What command can you use to have cpinfo display all installed hotfixes?
A. cpinfo -get hf
B. cpinfo -hf
C. cpinfo installed_jumbo
D. cpinfo -y all
Selected Answer: D
Question #: 82
Topic #: 1
How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
A. 4
B. 3
C. 1
D. 2
Selected Answer: C
Question #: 76
Topic #: 1
In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:
A. The Firewall can run different policies per core
B. The Firewall can run the same policy on all cores
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall kernel only touches the packet if the connection is accelerated
Selected Answer: B
Question #: 64
Topic #: 1
What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?
A. Network Access VPN Domain
B. Remote Access VPN Switch
C. Community Specific VPN Domain
D. Mobile Access VPN Domain
Selected Answer: C
Question #: 46
Topic #: 1
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
A. Application and Client Service
B. Network and Layers
C. Virtual Adapter and Mobile App
D. Network and Application
Selected Answer: D
Question #: 169
Topic #: 1
In what way are SSL VPN and IPSec VPN different?
A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless.
B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not.
C. IPSec VPN does not support authentication, SSL VPN does support this.
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
Selected Answer: D
Question #: 33
Topic #: 1
What are the two types of tests when using the Compliance blade?
A. Policy-based tests and Global properties
B. Global tests and Object-based tests
C. Access Control policy analysis and Threat Prevention policy analysis
D. Tests conducted based on the IoC XML file and analysis of SOLR documents
Selected Answer: B
Question #: 77
Topic #: 1
What is false regarding a Management HA environment?
A. Only one Management Server should be active, while any others be in standby mode.
B. It is not necessary to establish SIC between the primary and secondary management server, since the latter gets the exact same copy of the management database from the prior.
C. SmartConsole can connect to any management server in ReadOnly mode.
D. Synchronization will occur automatically with each Publish event if the Standby servers are available.
Selected Answer: B
Question #: 6
Topic #: 1
For Automatic Hide NAT rules created by the administrator what is a TRUE statement?
A. Source Port Address Translation (PAT) is enabled by default.
B. Automatic NAT rules are supported for Network objects only.
C. Automatic NAT rules are supported for Host objects only.
D. Source Port Address Translation (PAT) is disabled by default.
Selected Answer: A
Question #: 162
Topic #: 1
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Cloud
B. Capsule Docs
C. Capsule Enterprise
D. Capsule Workspace
Selected Answer: C
Question #: 290
Topic #: 1
What Factors preclude Secure XL Templating?
A. Source Port Ranges/Encrypted Connections
B. CoreXL
C. Simple Groups
D. ClusterXL in load sharing Mode
Selected Answer: A
Question #: 273
Topic #: 1
What is true about the IPS-Blade?
A. IPS Exceptions cannot be attached to “all rules”
B. In the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. The GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
D. IPS is managed by the Threat Prevention Policy
Selected Answer: D
Question #: 264
Topic #: 1
Which NAT rules are prioritized first?
A. Manual Post-Automatic NAT Rules
B. Automatic Hide NAT Rules
C. Manual Pre-Automatic NAT Rules
D. Automatic Static NAT Rules
Selected Answer: C
Question #: 137
Topic #: 1
What command would show the API server status?
A. show api status
B. api restart
C. api status
D. cpm status
Selected Answer: C
Question #: 68
Topic #: 1
You have used the “set inactivity-timeout 120″ command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
A. The idle timeout for the web session is specified with the “set web session-timeout” command.
B. The number specified is the amount of the idle timeout in seconds rather than in minutes. So you have to use the command “set inactivity-timeout 600” instead.
C. Probably, you have forgotten to make sure that nobody is accessing the management server via the SmartConsole which locks the management database.
D. The number of minutes is correct. Probably, you have forgotten to save this setting with the “save config” command.
Selected Answer: A
Question #: 219
Topic #: 1
What is the command to check the status of the SmartEvent Correlation Unit?
A. cpstat cpsead
B. cp_conf get_stat cpsemd
C. fw ctl stat cpsemd
D. fw ctl get int cpsead_sta
Selected Answer: A
Question #: 258
Topic #: 1
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
A. /var/opt/CPshrd-R80/conf/local.arp
B. /opt/CPshrd-R80/conf/local.arp
C. $CPDIR/conf/local.arp
D. $FWDIR/conf/local.arp
Selected Answer: D
Question #: 167
Topic #: 1
Bob has finished to setup provisioning a secondary security management server. Now he wants to check if the provisioning has been correct. Which of the following Check Point command can be used to check if the security management server has been installed as a primary or a secondary security management server?
A. cpprod_util MgmtIsPrimary
B. cpprod_util FwIsSecondary
C. cpprod_util MgmtIsSecondary
D. cpprod_util FwIsPrimary
Selected Answer: D
Question #: 78
Topic #: 1
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob stat
C. cphaprob -a if
D. cphaprob -l interface
Selected Answer: C
Question #: 84
Topic #: 1
How long may verification of one file take for Sandblast Threat Emulation?
A. up to 3 minutes
B. within seconds cleaned file will be provided
C. up to 5 minutes
D. up to 1 minute
Selected Answer: A
Question #: 325
Topic #: 1
Which command would disable a Cluster Member permanently?
A. cphaprob_admin down
B. clusterXL_admin down -p
C. set clusterXL down -p
D. clusterXL_admin_down
Selected Answer: B
Question #: 329
Topic #: 1
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
A. Threat Emulation
B. Threat Cloud
C. Mail Transfer Agent
D. Mobile Access
Selected Answer: D
Question #: 327
Topic #: 1
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Manually synchronize the Active and Standby Security Management Servers.
C. Change the Active Security Management Server to Standby.
D. Change the Standby Security Management Server to Active.
Selected Answer: A
Question #: 324
Topic #: 1
Packet acceleration (SecureXL) identifies connections by several attributes. Which of the attributes is NOT used for identifying connection?
A. Source Port
B. TCP Acknowledgment Number
C. Source Address
D. Destination Address
Selected Answer: B
Question #: 320
Topic #: 1
SandBlast agent extends Zero-day prevention to what part of the network?
A. Email servers
B. Web Browsers and user devices
C. DMZ server
D. Cloud
Selected Answer: B
Question #: 316
Topic #: 1
Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?
A. Yes, but they need to have a mutually trusted certificate authority
B. Yes, but they have to have a pre-shared secret key
C. No, they cannot share certificate authorities
D. No, Certificate based VPNs are only possible between Check Point devices
Selected Answer: A
Question #: 313
Topic #: 1
Which command will reset the kernel debug options to default settings?
A. fw ctl dbg -a 0
B. fw ctl dbg resetall
C. fw ctl debug set 0
D. fw ctl debug 0
Selected Answer: D
Question #: 311
Topic #: 1
What is false regarding prerequisites for the Central Deployment usage?
A. The administrator must have write permission on SmartUpdate
B. Security Gateway must have the latest CPUSE Deployment Agent
C. No need to establish SIC between gateways and the management server, since the CDT tool will take care about SIC automatically.
D. The Security Gateway must have a policy installed
Selected Answer: C
Question #: 146
Topic #: 1
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?
A. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores.
B. The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP-addresses, and the IP ‘Protocol’ type.
C. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses.
D. The CoreXL FW instances assignment mechanism is based on IP Protocol type.
Selected Answer: A
Question #: 90
Topic #: 1
What is the minimum number of CPU cores required to enable CoreXL?
A. 1
B. 6
C. 2
D. 4
Selected Answer: C
Question #: 284
Topic #: 1
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?
A. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent version
B. In WebUI Status and Actions page or by running the following command in CLISH: show installer agent version
C. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
Selected Answer: C
Question #: 282
Topic #: 1
What are the minimum open server hardware requirements for a Security Management Server/Standalone Security Gateway?
A. 2 CPU cores, 4GB of RAM and 15GB of disk space
B. 4 CPU cores, 8GB of RAM and 500GB of disk space
C. 8 CPU cores, 16GB of RAM and 500 GB of disk space
D. 8 CPU cores, 32GB of RAM and 1 TB of disk space
Selected Answer: B
Question #: 75
Topic #: 1
The VPN Link Selection will perform the following if the primary VPN link goes down?
A. The Firewall will drop the packets
B. The Firewall will inform the client that the tunnel is down
C. The Firewall will send out the packet on all interfaces
D. The Firewall can update the Link Selection entries to start using a different link for the same tunnel
Selected Answer: C
Question #: 29
Topic #: 1
Which SmartEvent component is responsible to collect the logs from different Log Servers?
A. SmartEvent Server
B. SmartEvent Database
C. SmartEvent Collector
D. SmartEvent Correlation Unit
Selected Answer: A
Question #: 8
Topic #: 1
Identity Awareness allows easy configuration for network access and auditing based on what three items?
A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.
Selected Answer: B
Question #: 44
Topic #: 1
What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?
A. set config-lock on override
B. Click the Lock icon in the WebUI
C. “set rbac rw = 1”
D. lock database override
Selected Answer: C
Question #: 43
Topic #: 1
Alice was asked by Bob to implement the Check Point Mobile Access VPN blade – therefore are some basic configuration steps required – which statement about the configuration steps is true?
A. 1. Enable Mobile Access blade on the Security Gateway object and complete the wizard
2. Configure Mobile Access parameters in Security Gateway object
3. Add a rule in the Access Control Policy and install policy
4. Connect to the Mobile Access Portal
B. 1. Configure Mobile Access parameters in Security Gateway object
2. Enable Mobile Access blade on the Security Gateway object and complete the wizard
3. Add a rule in the Access Control Policy and install policy
4. Connect to the Mobile Access Portal
C. 1. Connect to the Mobile Access Portal
2. Enable Mobile Access blade on the Security Gateway object and complete the wizard
3. Configure Mobile Access parameters in Security Gateway object
4. Add a rule in the Access Control Policy and install policy
D. 1. Add a rule in the Access Control Policy and install policy
2. Configure Mobile Access parameters in Security Gateway object
3. Enable Mobile Access blade on the Security Gateway object and complete the wizard
4. Connect to the Mobile Access Portal
Selected Answer: A
Question #: 102
Topic #: 1
Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day, he wants to use for scripting daily tasks the API services from Check Point for the GAIA API. Firstly, he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:
A. gaia_clish status
B. status gaia_api
C. api_gaia status
D. gaia_api status
Selected Answer: D
Question #: 233
Topic #: 1
You plan to automate creating new objects using the Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA’s shell?
A. mgmt admin@teabag > id.txt
B. login user admin password teabag
C. mgmt login
D. mgmt_cli login user “admin” password “teabag” > id.txt
Selected Answer: C
Question #: 116
Topic #: 1
After having saved the Clish Configuration with the “save configuration config.txt” command, where can you find the config.txt file?
A. You will find it in the home directory of your user account (e.g. /home/admin/).
B. You can locate the file via SmartConsole > Command Line.
C. You have to launch the WebUI and go to “Config” -> “Export Config File” and specify the destination directory of your local file system.
D. You cannot locate the file in the file system since Clish does not have any access to the bash file system.
Selected Answer: A
Question #: 59
Topic #: 1
What is the amount of Priority Queues by default?
A. There are 8 priority queues and this number cannot be changed.
B. There is no distinct number of queues since it will be changed in a regular basis based on its system requirements.
C. There are 7 priority queues by default and this number cannot be changed.
D. There are 8 priority queues by default, and up to 8 additional queues can be manually configured
Selected Answer: D
Question #: 54
Topic #: 1
How do logs change when the “Accounting” tracking option is enabled on a traffic rule?
A. Involved traffic logs will be forwarded to a log server.
B. Provides log details view email to the Administrator.
C. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
D. Provides additional information to the connected user.
Selected Answer: C
Question #: 53
Topic #: 1
When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?
A. The URL and server certificate are sent to the Check Point Online Web Service.
B. The full URL, including page data, is sent to the Check Point Online Web Service.
C. The host part of the URL is sent to the Check Point Online Web Service.
D. The URL and IP address are sent to the Check Point Online Web Service.
Selected Answer: C
Question #: 204
Topic #: 1
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client side logic to Server-side logic. The cpm process:
A. Performs database tasks such as creating, deleting, and modifying objects and indexing logs
B. Allows SmartConsole to communicate over TCP Port 19001
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Allows SmartConsole to communicate over TCP Port 18190
Selected Answer: C
Question #: 189
Topic #: 1
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
A. fw ctl multik set_mode 1
B. fw ctl multik prioq 2
C. fw ctl Dyn_Dispatch on
D. fw ctl Dyn_Dispatch enable
Selected Answer: B
Question #: 261
Topic #: 1
When using the Mail Transfer Agent, where are the debug logs stored?
A. $FWDIR/bin/emaild.mta.elg
B. /var/log/mail.mta.elg
C. $FWDIR/log/mtad.elg
D. $CPDIR/log/emaild.elg
Selected Answer: C
Question #: 143
Topic #: 1
Which of the following is NOT supported by CPUSE?
A. Automatic download of full installation and upgrade packages
B. Offline installations
C. Automatic download of hotfixes
D. Installation of private hotfixes
Selected Answer: A
Question #: 257
Topic #: 1
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared ‘down’, you would set the_______ ?
A. life sign polling interval
B. life sign timeout
C. life_sign_timeout
D. life_sign_polling_interval
Selected Answer: C
Question #: 229
Topic #: 1
You are investigating issues with two gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
A. UDP port 8116
B. TCP port 257
C. TCP port 443
D. TCP port 256
Selected Answer: D
Question #: 149
Topic #: 1
Which of the following is NOT a valid type of SecureXL template?
A. Drop Template
B. NAT Template
C. Deny Template
D. Accept Template
Selected Answer: C
Question #: 14
Topic #: 1
What is the main objective when using Application Control?
A. To filter out specific content.
B. To assist the firewall blade with handling traffic.
C. To see what users are doing.
D. Ensure security and privacy of information.
Selected Answer: D
Question #: 248
Topic #: 1
Fill in the blank: Identity Awareness AD-Query is using the Microsoft____API to learn users from AD.
A. Services.msc
B. WMI
C. XML
D. Eventvwr
Selected Answer: B
Question #: 243
Topic #: 1
What traffic does the Anti-bot feature block?
A. Command and Control traffic from hosts that have been identified as infected
B. Command and Control traffic to servers with reputation for hosting malware
C. Network traffic to hosts that have been identified as infected
D. Network traffic that is directed to unknown or malicious servers
Selected Answer: A
Question #: 289
Topic #: 1
Which of the following is true regarding the Proxy ARP feature for Manual NAT?
A. Translate Destination on Client Side should be configured
B. fw ctl proxy should be configured
C. The local.arp file must always be configured
D. Automatic proxy ARP configuration can be enabled
Selected Answer: D
Question #: 83
Topic #: 1
What are the blades of Threat Prevention?
A. DLP, AntiVirus, QoS, AntiBot, Threat Emulation, Threat Extraction
B. IPS, QoS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction
C. IPS, AntiVirus, AntiBot, Threat Emulation, Threat Extraction
D. IPS, AntiVirus, AntiBot
Selected Answer: C
Question #: 245
Topic #: 1
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like icmp service – delay sync for 2 seconds
B. For FTP connections – do not sync
C. Add a second interface to handle sync traffic
D. For short connections like http service – do not sync
Selected Answer: D
Question #: 274
Topic #: 1
Return oriented programming (ROP) exploits are detected by which security blade?
A. Data Loss Prevention
B. Check Point Anti-Virus / Threat Emulation
C. Application control
D. Intrusion Prevention Software
Selected Answer: B
Question #: 269
Topic #: 1
If SecureXL is disabled which path is used to process traffic?
A. Passive path
B. Firewall path
C. Accelerated path
D. Medium path
Selected Answer: B
Question #: 230
Topic #: 1
Which encryption algorithm is the least secured?
A. AES-128
B. DES
C. 3DES
D. AES-256
Selected Answer: B
Question #: 236
Topic #: 1
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?
A. After upgrading the hardware, increase the number of kernel instances using cpconfig
B. Hyperthreading must be enabled in the bios to use CoreXL
C. Run cprestart from clish
D. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores.
Selected Answer: A
Question #: 218
Topic #: 1
Connections to the Check Point R80 Web API use what protocol?
A. SOAP
B. HTTP
C. SIC
D. HTTPS
Selected Answer: D
Question #: 192
Topic #: 1
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A. VPN Routing Mode
B. Stateless Mode
C. Wire Mode
D. Stateful Mode
Selected Answer: C
Question #: 201
Topic #: 1
Steve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances. Steve’s manager, Diana, asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
A. fw tab -t connections
B. fw tab -t connections -c
C. fw tab -t connections -f
D. fw tab -t connections -s
Selected Answer: C
