Question # 1
Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?
A. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine.
B. Licensed Check Point products for the Gala operating system and the Gaia operating system itself.
C. The CPUSE engine and the Gaia operating system.
D. The Gaia operating system only.
Correct Answer: B
Question # 2
Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?
A. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
Correct Answer: D
Question # 3
When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?
A. Stateful Inspection offers unlimited connections because of virtual memory usage.
B. Stateful Inspection offers no benefits over Packet Filtering.
C. Stateful Inspection does not use memory to record the protocol used by the connection.
D. Only one rule is required for each connection.
Correct Answer: D
Question # 4
What is the RFC number that act as a best practice guide for NAT?
A. RFC 1939
B. RFC 1950
C. RFC 1918
D. RFC 793
Correct Answer: C
Question # 5
What is a role of Publishing?
A. The Security Management Server Installs the updated policy and the entire database on Security Gateways.
B. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.
C. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.
Correct Answer: B
Question # 6
Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?
A. Data Loss Prevention
B. Antivirus
C. Application Control
D. NAT
Correct Answer: D
Question # 8
Identity Awareness allows easy configuration for network access and auditing based on what three items?
A. Client machine IP address.
B. Network location, the identity of a user and the identity of a machine.
C. Log server IP address.
D. Gateway proxy IP address.
Correct Answer: B
Question # 9
A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?
A. Anti-Bot protection
B. Anti-Malware protection
C. Policy-based routing
D. Suspicious Activity Monitoring (SAM) rules
Correct Answer: D
Question # 10
The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?
A. Cannot reach the Security Gateway.
B. The gateway and all its Software Blades are working properly.
C. At least one Software Blade has a minor issue, but the gateway works.
D. Cannot make SIC between the Security Management Server and the Security Gateway
Correct Answer: C
Question # 11
Which of the following is used to initially create trust between a Gateway and Security Management Server?
A. Certificate
B. Internal Certificate Authority
C. Token
D. One-time Password
Correct Answer: D
Question # 12
The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?
A. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.
B. No action is required if the firewall has internet access and a DNS server to resolve domain names.
C. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.
D. The cpinfo command must be run on the firewall with the switch -online-license-activation.
Correct Answer: C
Question # 13
When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?
A. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.
B. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall.
C. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command ‘sam block’ must be used with the right parameters.
D. The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.
Correct Answer: A
Question # 14
DLP and Geo Policy are examples of what type of Policy?
A. Inspection Policies
B. Shared Policies
C. Unified Policies
D. Standard Policies
Correct Answer: B
Question # 15
Is it possible to have more than one administrator connected to a Security Management Server at once?
A. Yes, but only if all connected administrators connect with read-only permissions.
B. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
C. No, only one administrator at a time can connect to a Security Management Server
D. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
Correct Answer: B
Question # 16
Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?
A. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop
B. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop
C. 192.168.1.1 AND 172.26.1.1 AND drop
D. 192.168.1.1 OR 172.26.1.1 AND action:Drop
Correct Answer: B
Question # 17
In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?
A. Different computers or appliances.
B. The same computer or appliance.
C. Both on virtual machines or both on appliances but not mixed.
D. In Azure and AWS cloud environments.
Correct Answer: A
Question # 18
What is the default shell for the command line interface?
A. Clish
B. Admin
C. Normal
D. Expert
Correct Answer: A
Question # 19
What is UserCheck?
A. Administrator tool used to monitor users on their network.
B. Communication tool used to notify an administrator when a new user is created.
C. Messaging tool used to verify a user s credentials.
D. Communication tool used to inform a user about a website or application they are trying to access.
Correct Answer: D
Question # 20
What are the two types of NAT supported by the Security Gateway?
A. Source and Destination
B. Static and Source
C. Hide and Static
D. Destination and Hide
Correct Answer: C
Question #21
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?
A. Firewall
B. Application Control
C. Anti-spam and Email Security
D. Anti-Virus
Correct Answer: D
Question # 22
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. Next-Generation Firewall
B. Application Layer Firewall
C. INSPECT Engine
D. Packet Filtering
Correct Answer: C
Question # 23
To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?
A. The Access Control and Threat Prevention Policies.
B. The Access Control Policy.
C. The Access Control & HTTPS Inspection Policy.
D. The Threat Prevention Policy.
Correct Answer: B
Question # 24
Which deployment adds a Security Gateway to an existing environment without changing IP routing?
A. Remote
B. Standalone
C. Distributed
D. Bridge Mode
Correct Answer: D
Question #120
Name the authentication method that requires token authenticator.
A. SecureID
B. Radius
C. DynamicID
D. TACACS
Correct Answer: A
Question # 25
Log query results can be exported to what file format?
A. Word Document (docx)
B. Comma Separated Value (csv)
C. Portable Document Format (pdf)
D. Text (txt)
Correct Answer: B
Question # 26
What kind of NAT enables Source Port Address Translation by default?
A. Automatic Static NAT
B. Manual Hide NAT
C. Automatic Hide NAT
D. Manual Static NAT
Correct Answer: C
Question # 27
What Check Point tool is used to automatically update Check Point products for the Gaia OS?
A. Check Point Update Engine
B. Check Point Upgrade Sen/ice Engine (CPUSE)
C. Check Point Upgrade Installation Service
D. Check Point INSPECT Engine
Correct Answer: B
Question # 28
For Automatic Hide NAT rules created by the administrator what is a TRUE statement?
A. Source Port Address Translation (PAT) is enabled by default.
B. Automatic NAT rules are supported for Network objects only.
C. Automatic NAT rules are supported for Host objects only.
D. Source Port Address Translation (PAT) is disabled by default.
Correct Answer A
Question # 29
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
A. Application Control
B. Threat Emulation
C. Data Awareness
D. Identity Awareness
Correct Answer: D
Question # 30
What is the order of NAT priorities?
A. IP pool NAT, static NAT, hide NAT
B. Static NAT, hide NAT, IP pool NAT
C. Static NAT, IP pool NAT, hide NAT
D. Static NAT, automatic NAT, hide NAT
Correct Answer: C
Question # 31
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? (Choose the BEST answer.)
A. Save and install the Policy.
B. Delete older versions of database.
C. Revert the session.
D. Publish or discard the session.
Correct Answer: D
Question # 32
Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?
A. RADIUS and Account Logon
B. AD Query
C. Endpoint Identity Agent and Browser-Based Authentication
D. Terminal Servers Endpoint Identity Agent
Correct Answer: C
Question # 33
What is NOT an advantage of Stateful Inspection?
A. Good Security
B. Transparency
C. No Screening above Network Layer
D. High Performance
Correct Answer: C
Question # 34
Fill in the blank: The ______ is used to obtain identification and security information about network users.
A. User index
B. UserCheck
C. User Directory
D. User server
Correct Answer: C
Question # 35
SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following:
A. Security Policy Management and Log Analysis.
B. Security Policy Management, Log Analysis, System Health Monitoring, Multi-Domain Security Management.
C. Security Policy Management, Log Analysis and System Health Monitoring.
D. Security Policy Management, Threat Prevention rules, System Health Monitoring and Multi-Domain Security Management.
Correct Answer: B
Question # 37
John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators before installing a policy, what should John do?
A. File > Save
B. Install database.
C. Logout of the session.
D. Publish the session.
Correct Answer: D
Question # 38
Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
A. IPS
B. Anti-Virus
C. Anti-Spam
D. Anti-bot
Correct Answer: A
Question # 39
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
A. Identity of the machine, username, and certificate
B. Network location, identity of a user, and identity of a machine
C. Name of the application, identity of the user, and identity of the machine
D. Browser-Based Authentication, identity of a user, and network location
Correct Answer: B
Question # 40
Which software blade does NOT accompany the Threat Prevention policy?
A. IPS
B. Application Control and URL Filtering
C. Threat Emulation
D. Anti-virus
Correct Answer: D