Check Point Certified Security Expert Topic 3
Question #: 194
Topic #: 1
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
A. Check Point Mobile Web Portal
B. Check Point Capsule Remote
C. Check Point Remote User
D. Check Point Capsule Workspace
Selected Answer: D
Question #: 45
Topic #: 1
The customer has about 150 remote access user with a Windows laptop. Not more than 50 Clients will be connected at the same time. The customer wants to use multiple VPN Gateways as entry point and a personal firewall. What will be the best license for him?
A. He will need Capsule Connect using MEP (multiple entry points).
B. Because the customer uses only Windows clients SecuRemote will be sufficient and no additional license is needed.
C. He will need Harmony Endpoint because of the personal firewall.
D. Mobile Access license because he needs only a 50 user license, license count is per concurrent user.
Selected Answer: A
Question #: 208
Topic #: 1
The Check Point Central Deployment Tool (CDT) communicates with the Security Gateway(s) over Check Point SIC via ________.
A. TCP Port 18190
B. TCP Port 18191
C. TCP Port 19009
D. TCP Port 18209
Selected Answer: D
Question #: 202
Topic #: 1
Which of the following processes pulls the application monitoring status from gateways?
A. cpd
B. cpwd
C. cpm
D. fwm
Selected Answer: A
Question #: 118
Topic #: 1
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _______ or _______ action for the file types.
A. Detect/Bypass
B. Prevent/Bypass
C. Inspect/Prevent
D. Inspect/Bypass
Selected Answer: D
Question #: 12
Topic #: 1
When using Automatic Hide NAT, what is enabled by default?
A. Source Port Address Translation (PAT)
B. Static NAT
C. Static Route
D. HTTPS Inspection
Selected Answer: A
Question #: 296
Topic #: 1
Which of the following is a task of the CPD process?
A. Responsible for processing most traffic on a security gateway
B. Transfers messages between Firewall processes
C. Invoke and monitor critical processes and attempts to restart them if they fail
D. Log forwarding
Selected Answer: B
Question #: 291
Topic #: 1
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file that takes less than a second to complete
B. Threat Emulation never delivers a file and takes more than 3 minutes to complete
C. Threat Extraction always delivers a file and takes less than a second to complete
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete
Selected Answer: C
Question #: 286
Topic #: 1
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Behavior Risk Engine
B. Gateway
C. Personal User Storage
D. Management Dashboard
Selected Answer: C
Question #: 278
Topic #: 1
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform within the applications. Mobile Access encrypts all traffic using:
A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.
Selected Answer: A
Question #: 277
Topic #: 1
You want to verify if your management server is ready to upgrade. What tool could you use in this process?
A. migrate import
B. migrate export
C. upgrade tools verify
D. pre_upgrade_verifier
Selected Answer: D
Question #: 295
Topic #: 1
What is the responsibility of SOLR process on the management server?
A. Writing all information into the database
B. It generates indexes of data written to the database
C. Validating all data before it’s written into the database
D. Communication between SmartConsole applications and the Security Management Server
Selected Answer: B
Question #: 294
Topic #: 1
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
A. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary.
B. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud.
C. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data.
D. ThreatCloud is a collaboration platform for all the Check Point customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments.
Selected Answer: A
Question #: 293
Topic #: 1
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Mail
B. Capsule VPN
C. Capsule Workspace
D. Secure Workspace
Selected Answer: C
Question #: 283
Topic #: 1
The “fw monitor” tool can be best used to troubleshoot_____.
A. Network traffic issues
B. Logging issues
C. Authentication issues
D. FWD issues
Selected Answer: A
Question #: 279
Topic #: 1
Under which file is the proxy arp configuration stored?
A. $FWDIR/conf/local.arp on the management server
B. $FWDIR/conf/local.arp on the gateway
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/state/proxy_arp.conf on the management server
Selected Answer: B
Question #: 254
Topic #: 1
What is the SandBlast Agent designed to do?
A. Ensure the Check Point SandBlast services is running on the end user’s system
B. Clean up email sent with malicious attachments
C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
D. Performs OS-level sandboxing for SandBlast Cloud architecture
Selected Answer: C
Question #: 249
Topic #: 1
The essential means by which state synchronization works to provide failover in the event an active member goes down, ___________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
A. cphaconf
B. ccp
C. cphad
D. cphastart
Selected Answer: B
Question #: 246
Topic #: 1
What is the command to show SecureXL status?
A. fwaccel stat
B. fwaccel status
C. fwaccel stats -m
D. fwaccel -s
Selected Answer: A
Question #: 241
Topic #: 1
Alice knows about the Check Point Management HA installation from Bob and needs to know which Check Point Security Management Server is currently capable of issuing and managing certificate. Alice uses the Check Point command “cpconfig” to run the Check Point Security Management Server configuration tool on both Check Point Management HA instances “Primary & Secondary”. Which configuration option does she need to look for:
A. Certificate’s Fingerprint
B. Random Pool
C. CA Authority
D. Certificate Authority
Selected Answer: D
Question #: 237
Topic #: 1
What level of CPU load on a Secure Network Distributor would indicated that another may be necessary?
A. Idle <20%
B. USR <20%
C. Wati <20%
D. SYS <20%
Selected Answer: A
Question #: 234
Topic #: 1
Which command collects diagnostic data for analyzing a customer setup remotely?
A. sysinfo
B. migrate export
C. cpv
D. cpinfo
Selected Answer: D
Question #: 223
Topic #: 1
What is considered Hybrid Emulation Mode?
A. Load sharing between OS behavior and CPU Level emulation
B. Manual configuration of file types on emulation location
C. Load sharing of emulation between an on premise appliance and the cloud
D. Load Sharing of Threat Emulation Server and Firewall blade
Selected Answer: C
Question #: 221
Topic #: 1
Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?
A. show interface eth0 mq
B. ethtool -i eth0
C. ifconfig -i eth0 verbose
D. ip show int eth0
Selected Answer: B
Question #: 220
Topic #: 1
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Drop
B. Accept
C. None
D. NAT
Selected Answer: B
Question #: 213
Topic #: 1
There are multiple types of licenses for the various VPN components and types. License type related to management and functioning of Remote Access VPNs are – which of the following license requirement statement is NOT true:
A. MobileAccessLicense – This license is required on the Security Gateway for the following Remote Access solutions
B. EndpointPolicyManagementLicense – The Endpoint Security Suite includes blades other than the Remote Access VPN, hence this license is required to manage the suite
C. EndpointContainerLicense – The Endpoint Software Blade Licenses does not require an Endpoint Container License as the base
D. IPSecVPNLicense – This license is installed on the VPN Gateway and is a basic requirement for a Remote Access VPN solution
Selected Answer: C
Question #: 161
Topic #: 1
Which process handles connections from SmartConsole R80?
A. cpmd
B. fwd
C. cpm
D. cpd
Selected Answer: C
Question #: 160
Topic #: 1
In ClusterXL Load Sharing Multicast Mode:
A. every member of the cluster received all of the packets sent to the cluster IP address.
B. only the secondary member receives packets sent to the cluster IP address.
C. packets sent to the cluster IP address are distributed equally between all members of the cluster.
D. only the primary member received packets sent to the cluster IP address.
Selected Answer: A
Question #: 153
Topic #: 1
Automation and Orchestration differ in that:
A. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.
B. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
C. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.
D. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
Selected Answer: D
Question #: 150
Topic #: 1
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two. Which of the following statements correctly identify each product’s capabilities?
A. Workspace can support any application, whereas Connect has a limited number of application types which it will support.
B. For credential protection, Connect uses One-time Password login support, but has no SSO support, whereas Workspace offers both One-Time Password login support as well as SSO for specific applications.
C. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.
D. Workspace supports iOS, Android, and WP8, whereas Connect supports iOS and Android only.
Selected Answer: B
Question #: 140
Topic #: 1
What are the different command sources that allow you to communicate with the API server?
A. API_cli Tool, Gaia CLI, Web Services
B. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
C. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
D. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
Selected Answer: D
Question #: 111
Topic #: 1
What are the available options for downloading Check Point hotfixes in Gala WebUI (CPUSE)?
A. Manually, Scheduled, Enabled
B. Manually, Scheduled, Automatic
C. Manually, Scheduled, Disabled
D. Manually, Automatic, Disabled
Selected Answer: B
Question #: 109
Topic #: 1
What is Dynamic Balancing?
A. It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput.
B. It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load.
C. It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate.
D. It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces.
Selected Answer: B
Question #: 95
Topic #: 1
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 256
B. TCP port 256
C. UDP port 265
D. TCP port 265
Selected Answer: B
Question #: 88
Topic #: 1
Which command shows actual allowed connections in state table?
A. fw tab -t connection
B. fw tab connections
C. fw tab -t connections
D. fw tab -t StateTable
Selected Answer: C
Question #: 81
Topic #: 1
Which of the following is NOT a type of Check Point API available in R80.x?
A. Management
B. OPSEC SDK
C. Identity Awareness Web Services
D. Mobile Access
Selected Answer: D
Question #: 80
Topic #: 1
Matt wants to upgrade his old Security Management Server to R80.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?
A. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
B. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
C. Size of the /var/log folder of the target machine must be 25GB or more
D. Size of the $FWDIR/log folder of the target machine must be at least 25% of the size of the $FWDIR/log directory on the source machine
Selected Answer: A
Question #: 79
Topic #: 1
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Asymmetric routing
B. Anti-Spoofing
C. Failovers
D. Symmetric routing
Selected Answer: A
Question #: 66
Topic #: 1
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?
A. fw ctl set int fwha vmac global param enabled
B. cphaprob -a if
C. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
D. fw ctl get int fwha vmac global param enabled; result of command should return value 1
Selected Answer: C
Question #: 50
Topic #: 1
Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
A. X-chkp-sid Session Unique Identifier
B. API-Key
C. user-uid
D. uuid Universally Unique Identifier
Selected Answer: A
Question #: 49
Topic #: 1
What are the services used for Cluster Synchronization?
A. 256/TCP for Full Sync and 8116/UDP for Delta Sync
B. 8116/UDP for Full Sync and Delta Sync
C. TCP/256 for Full Sync and Delta Sync
D. No service needed when using Broadcast Mode
Selected Answer: A
Question #: 287
Topic #: 1
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
A. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command Control Centers
B. Anti-Bot is the only countermeasure against unknown malware
C. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command Control Center
D. Anti-Bot is the only signature-based method of malware protection
Selected Answer: C
Question #: 265
Topic #: 1
What is the best method to upgrade a Security Management Server to R80.x when it is not connected to the Internet?
A. SmartUpdate offline upgrade
B. Advanced upgrade or CPUSE offline upgrade
C. Advanced upgrade or CPUSE offline upgrade only
D. Advanced Upgrade only
Selected Answer: B
Question #: 115
Topic #: 1
Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl instances -v
B. fw ctl multik stat
C. fw ctl affinity -l
D. fw ctl iflist
Selected Answer: B
Question #: 63
Topic #: 1
Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory are true?
A. $FWDIR/conf/client.scv
B. $CPDIR/conf/local.scv
C. $CPDIR/conf/client.scv
D. $FWDIR/conf/local.scv
Selected Answer: D
Question #: 216
Topic #: 1
Which command can you use to enable or disable multi-queue per interface?
A. Cpmqueue set
B. cpmq set
C. Cpmq config
D. Set cpmq enable
Selected Answer: B
Question #: 270
Topic #: 1
What kind of information would you expect to see when using the “sim affinity -l” command?
A. Affinity Distribution
B. Overview over SecureXL templated connections
C. The involved firewall kernel modules in inbound and outbound packet chain
D. The VMACs used in a Security Gateway cluster
Selected Answer: A
Question #: 186
Topic #: 1
You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
A. Check Point Capsule Cloud
B. Sandblast Mobile Protect
C. SecuRemote
D. SmartEvent Client Info
Selected Answer: B
Question #: 195
Topic #: 1
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
A. mgmt_cli -m add host name ip-address
B. set host name ip-address
C. add hostname ip-address
D. set hostname ip-address
Selected Answer: A
Question #: 187
Topic #: 1
Which command is used to display status information for various components?
A. show system messages
B. sysmess all
C. show all systems
D. show sysenv all
Selected Answer: D
Question #: 225
Topic #: 1
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 3 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization
B. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization
C. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server
D. 1 interface – an interface leading to the organization and the Internet, and configure for synchronization
Selected Answer: A
Question #: 155
Topic #: 1
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Agent
B. SandBlast Threat Extraction
C. Check Point Protect
D. SandBlast Threat Emulation
Selected Answer: B
Question #: 207
Topic #: 1
After upgrading the primary security management server from R80.40 to R81.10 Bob wants to use the central deployment in SmartConsole R81.10 for the first time. How many installations (e.g. Jumbo Hotfix, Hotfixes or Upgrade Packages) can run of such at the same time:
A. Up to 5 gateways
B. only 1 gateway
C. Up to 10 gateways
D. Up to 3 gateways
Selected Answer: C
Question #: 185
Topic #: 1
Which one of the following is true about Capsule Connect?
A. It does not support all VPN authentication methods
B. It offers full enterprise mobility management
C. It is supported only on iOS phones and Windows PCs
D. It is a full layer 3 VPN client
Selected Answer: D
Question #: 173
Topic #: 1
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions?
A. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
C. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
Selected Answer: C
Question #: 65
Topic #: 1
Main Mode in IKEv1 uses how many packages for negotiation?
A. 4
B. depends on the make of the peer gateway
C. 3
D. 6
Selected Answer: D
Question #: 97
Topic #: 1
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Detects and blocks malware by correlating multiple detection engines before users are affected.
D. Use UserCheck to help users understand that certain websites are against the company’s security policy.
Selected Answer: C
Question #: 74
Topic #: 1
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Source address, Destination address, Destination port, Protocol
B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port, Protocol
D. Source address, Destination address, Source port, Destination port
Selected Answer: A
Question #: 42
Topic #: 1
What a valid SecureXL paths in R81.10?
A. F2F (Slow path), Templated Path, PQX and F2V
B. F2F (Slow path), PXL, QXL and F2V
C. F2F (Slow path), Accelerated Path, PQX and F2V
D. F2F (Slow path), Accelerated Path, Medium Path and F2V
Selected Answer: D
Question #: 40
Topic #: 1
What does Backward Compatibility mean upgrading the Management Server and how can you check it?
A. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Installation and Upgrade Guide
B. The Management Server is able to manage older Gateways. The lowest supported version is documented in the Release Notes
C. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Installation and Upgrade Guide
D. You will be able to connect to older Management Server with the SmartConsole. The lowest supported version is documented in the Release Notes
Selected Answer: B
Question #: 36
Topic #: 1
Using fw monitor you see the following inspection point notion E and i what does that mean?
A. E shows the packet before the VPN encryption, i after the inbound firewall VM
B. E shows the packet reaching the external interface, i leaving the internal interface
C. E shows the packet after the VPN encryption, i before the inbound firewall VM
D. E shows the packet leaving the external interface, i reaching the internal interface
Selected Answer: C
Question #: 35
Topic #: 1
When performing a minimal effort upgrade, what will happen to the network traffic?
A. All connections that were initiated before the upgrade will be dropped, causing network downtime.
B. All connections that were initiated before the upgrade will be handled by the active gateway
C. All connections that were initiated before the upgrade will be handled normally
D. All connections that were initiated before the upgrade will be handled by the standby gateway
Selected Answer: A
Question #: 27
Topic #: 1
Which command lists firewall chain?
A. fw ctl chain
B. fw list chain
C. fw chain module
D. fw tab -t chainmod
Selected Answer: A
Question #: 276
Topic #: 1
In the Firewall chain mode FFF refers to:
A. Stateful Packets
B. No Match
C. Stateless Packets
D. All Packets
Selected Answer: D
Question #: 262
Topic #: 1
With SecureXL enabled, accelerated packets will pass through the following:
A. Network Interface Card, OSI Network Layer, and the Acceleration Device
B. Network Interface Card, Check Point Firewall Kernel, and the AccelerationDevice
C. Network InterfaceCard and the Acceleration Device
D. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
Selected Answer: C
Question #: 259
Topic #: 1
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
A. It is not possible
B. Use Multi-Domain Management Server
C. Choose different setting for log storage and SmartEvent db
D. Install Management and SmartEvent on different machines
Selected Answer: C
Question #: 253
Topic #: 1
Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
A. fwm
B. cpd
C. cpm
D. cpwd
Selected Answer: D
Question #: 252
Topic #: 1
When an encrypted packet is decrypted, where does this happen?
A. Inbound chain
B. Outbound chain
C. Security policy
D. Decryption is not supported
Selected Answer: A
Question #: 251
Topic #: 1
To find records in the logs that shows log records from the Application URL Filtering Software Blade where traffic was dropped, what would be the query syntax?
A. blade:”application control” AND action:drop
B. blade;”application control” AND action;drop
C. blade: application control AND action:drop
D. (blade: application control AND action;drop)
Selected Answer: A
Question #: 250
Topic #: 1
What is the benefit of “fw monitor” over “tcpdump”?
A. “fw monitor” is also available for 64-Bit operating systems.
B. “fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
C. “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.
D. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”.
Selected Answer: D
Question #: 244
Topic #: 1
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCP and 8116
B. CCP and 18190
C. CCP and 257
D. CPC and 8116
Selected Answer: A
Question #: 240
Topic #: 1
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?
A. Username and Password
B. Dynamic ID
C. Certificate
D. RADIUS
Selected Answer: B
Question #: 238
Topic #: 1
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. Endpoint Total Protection
B. Threat Prevention Software Blade Package
C. Threat Cloud Intelligence
D. Traffic on port 25
Selected Answer: B
Question #: 235
Topic #: 1
How Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides Business data isolation
B. Capsule Workspace can provide access to any application
C. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
D. Capsule Connect does not require an installed application at client
Selected Answer: C
Question #: 232
Topic #: 1
In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
A. Basic, Optimized, Strict
B. General, purposed, Strict
C. General, Escalation, Severe
D. Basic, Optimized, Severe
Selected Answer: A
Question #: 226
Topic #: 1
What is not a purpose of the deployment of Check Point API?
A. Integrate Check Point products with 3rd party solution
B. Create products that use and enhance the Check Point solution
C. Create a customized GUI Client for manipulating the objects database
D. Execute an automated script to perform common tasks
Selected Answer: C
Question #: 93
Topic #: 1
If a “ping”-packet is dropped by FW1 Policy – on how many inspection Points do you see this packet in “fw monitor”?
A. “i” only
B. “i”, “l” and “o”
C. “i” and “l”
D. I don’t see it in fw monitor
Selected Answer: A
Question #: 212
Topic #: 1
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:
A. cpexport
B. cpsizeme
C. sysinfo
D. cpinfo
Selected Answer: D
Question #: 211
Topic #: 1
You need to see which hotfixes are installed on your Check Point server, which command would you use?
A. cpinfo -h all
B. cpinfo -l hotfix
C. cpinfo -o hotfix
D. cpinfo -y all
Selected Answer: D
Question #: 210
Topic #: 1
You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?
A. cpconfig; reboot not required
B. edit fwaffinity.conf; reboot not required
C. edit fwaffinity.conf; reboot required
D. cpconfig; reboot required
Selected Answer: D
Question #: 209
Topic #: 1
The back end database for Check Point Management uses:
A. MongoDB
B. MySQL
C. DBMS
D. PostgreSQL
Selected Answer: C
Question #: 206
Topic #: 1
Which command shows detailed information about VPN tunnels?
A. vpn tu
B. vpn tu tlist
C. cat $FWDIR/conf/vpn.conf
D. cpview
Selected Answer: B
Question #: 205
Topic #: 1
What is the most recommended way to install patches and hotfixes?
A. CPUSE Check Point Update Service Engine
B. rpm -Uv
C. Software Update Service
D. UnixInstallScript
Selected Answer: A
Question #: 203
Topic #: 1
Which directory below contains log files?
A. /opt/CPshrd-R80/log
B. /opt/CPsuite-R80/fw1/log
C. /opt/CPsuite-R80/log
D. /opt/CPSmartlog-R80/log
Selected Answer: B
Question #: 200
Topic #: 1
By default, how often does Threat Emulation update the engine on the Security Gateway?
A. Once per day
B. Once an hour
C. Once a week
D. Twice per day
Selected Answer: A
Question #: 198
Topic #: 1
GAiA Software update packages can be imported and installed offline in situation where:
A. The desired CPUSE package is ONLY available in the Check Point CLOUD.
B. Security Gateway with GAiA does NOT have SFTP access to Internet.
C. Security Gateway with GAiA does NOT have access to Internet.
D. Security Gateway with GAiA does NOT have SSH access to Internet.
Selected Answer: C
Question #: 191
Topic #: 1
What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
A. Mutually Trusted Certificate Authorities
B. Shared User Certificates
C. Shared Secret Passwords
D. Unique Passwords
Selected Answer: A
Question #: 188
Topic #: 1
What is the benefit of Manual NAT over Automatic NAT?
A. On IPSO and GAIA Gateways, it is handled in a stateful manner.
B. There is no benefit since Automatic NAT has in any case higher priority over Manual NAT.
C. You have the full control about the priority of the NAT rules.
D. If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.
Selected Answer: C
Question #: 184
Topic #: 1
Which is the lowest version supported in R81.10?
A. R77
B. R77.30
C. R65
D. R80.20
Selected Answer: B
Question #: 181
Topic #: 1
Which view is NOT a valid CPVIEW view?
A. IDA
B. DLP
C. VPN
D. PDP
Selected Answer: D
Question #: 183
Topic #: 1
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
A. fwm
B. cpwd
C. cpd
D. fwd
Selected Answer: A
Question #: 176
Topic #: 1
What is mandatory for ClusterXL to work properly?
A. The number of cores must be the same on every participating cluster node.
B. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members.
C. The Sync interface must not have an IP address configured.
D. The Magic MAC number must be unique per cluster node.
Selected Answer: A
Question #: 38
Topic #: 1
What is the biggest benefit of policy layers?
A. To break one policy into several virtual policies
B. Policy Layers and Sub-Policies enable flexible control over the security policy
C. They improve the performance on OS kernel version 3.0
D. To include Threat Prevention as a sub policy for the firewall policy
Selected Answer: B
