156-215.80 FAQs
Question # 1
Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1 570 series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?
A. On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC.
B. On both firewalls, the same encryption is used for SIC. This is AES-GCM-256.
C. The Firewall Administrator can choose which encryption suite will be used by SIC.
D. On central firewall AES256 encryption is used for SIC, on Remote firewall AES128 encryption is used for SIC.
Correct Answer: A
Question # 2
Review the following screenshot and select the BEST answer.
A. Data Center Layer is an inline layer in the Access Control Policy.
B. By default all layers are shared with all policies.
C. If a connection is dropped in Network Layer, it will not be matched against the rules in Data Center Layer.
D. If a connection is accepted in Network-layer, it will not be matched against the rules in Data Center Layer.
Correct Answer: C
Question # 3
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Correct Answer: D
Question # 4
Which Check Point Application Control feature enables application scanning and detection?
A. Application Dictionary
B. AppWiki
C. Application Library
D. CPApp
Correct Answer: B
Question # 5
A _________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
A. Clientless remote access
B. Clientless direct access
C. Client-based remote access
D. Direct access
Correct Answer: A
Question # 6
Where can you trigger a failover of the cluster members?
1. Log in to Security Gateway CLI and run command clusterXL_admin down.
2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop.
3. Log into Security Gateway CLI and run command cphaprob down.
A. 1, 2, and 3
B. 2 and 3
C. 1 and 2
D. 1 and 3
Correct Answer: C
Question # 7
Which utility allows you to configure the DHCP service on GAIA from the command line?
A. ifconfig
B. dhcp_cfg
C. sysconfig
D. cpconfig
Correct Answer: C
Question # 8
Assuming you have a Distributed Deployment, what will be the effect of running the following command on the Security Management Server?
A. Remove the installed Security Policy.
B. Remove the local ACL lists.
C. No effect.
D. Reset SIC on all gateways.
Correct Answer: A
Question # 9
You are the senior Firewall administrator for Alpha Corp, and have recently returned from a training course on Check Point’s new advanced management platform.
You are presenting an in-house overview of the new features of Check Point Management to the other administrators in Alpha Corp.
How will you describe the new `Publish` button in Management Console?
A. The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point Cloud, and then saves it to the database.
B. The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud but does not save it to the database.
C. The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to all other administrator sessions.
D. The Publish button saves any changes an administrator has made in their management session. After saving to the database, any changes are now visible to any new Unified Policy sessions.
Correct Answer: C
Question # 10
You have enabled `Extended Log` as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
A. Logging has disk space issues.
B. Content Awareness is not enabled.
C. Identity Awareness is not enabled.
D. Log Trimming is enabled.
Correct Answer: A
Question # 11
Examine the following Rule Base.
What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the ‘admin’ administrator in the current session
B. 8 changes have been made by administrators since the last policy installation
C. Te rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator
D. Rule 1 and object webserver are locked by another administrator
Correct Answer: D
Question # 12
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
A. DLP
B. SSL Inspection
C. Application Control
D. URL Filtering
Correct Answer: A
Question # 13
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. SmartConsole
C. SecureClient
D. Security Gateway
Correct Answer: D
Question # 14
Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.
A. /var/log/Cpbackup/backups/backup/backup_fw.tgs
B. /var/log/Cpbackup/backups/backup/backup_fw.tar
C. /var/log/Cpbackup/backups/backups/backup_fw.tar
D. /var/log/Cpbackup/backups/backup_fw.tgz
Correct Answer: D
Question # 15
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Correct Answer: C
Question # 16
Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
A. Editor
B. Read Only All
C. Super User
D. Full Access
Correct Answer: B
Question # 17
Tina is a new administrator who is currently reviewing the new Check Point R80.40 Management console interface. In the Gateways view, she is reviewing the
Summary screen as in the screenshot below. What as an ‘Open Server’?
A. Check Point software deployed on a non-Check Point appliance.
B. The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.
C. A Check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.
D. A Check Point Management Server software using the Open SSL.
Correct Answer: A
Question # 18
Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which
CLISH commands are required to be able to change this TCP port?
A. set web ssl-port <new port number>
B. set Gaia-portal port <new port number>
C. set Gaia-portal https-port <new port number>
D. set web https-port <new port number>
Correct Answer: A
Question # 19
The Gaia operating system supports which routing protocols?
A. BGP, OSPF, RIP
B. BGP, OSPF, EIGRP, PIM, IGMP
C. BGP, OSPF, RIP, IGRP
D. BGP, OSPF, RIP, EIGRP
Correct Answer: A
Question # 20
You are unable to login to SmartConsole. You login to the management server and run #cpwd_admin list with the following output:
What reason could possibly BEST explain why you are unable to connect to SmartConsole?
A. CPD is down
B. SVR is down
C. CPM and FWM are down
D. CPSM is down
Correct Answer: C
Question # 21
In a Network policy with Inline layers, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default action is ________ all traffic.
A. Accept; redirect
B. Accept; drop
C. Redirect; drop
D. Drop; accept
Correct Answer: D
Question # 22
On the following picture an administrator configures Identity Awareness:
After clicking `Next` the above configuration is supported by:
A. Kerberos SSO which will be working for Active Directory integration
B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user
C. Obligatory usage of Captive Portal
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication
Correct Answer: B
Question # 23
Why would an administrator see the message below?
A. A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.
B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the
Gateway but can be restored from a periodic backup on the Gateway.
Correct Answer: B
Question # 24
At what point is the Internal Certificate Authority (ICA) created?
A. Upon creation of a certificate
B. During the primary Security Management Server installation process.
C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.
Correct Answer: B
Question # 25
In SmartConsole, on which tab are Permissions and Administrators defined?
A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateway and Servers
Correct Answer: C
Question # 26
After the initial installation the First Time Configuration Wizard should be run.
A. First Time Configuration Wizard can be run from the Unified SmartConsole.
B. First Time Configuration Wizard can be run from the command line or from the WebUI.
C. First time Configuration Wizard can only be run from the WebUI.
D. Connection to the internet is required before running the First Time Configuration wizard.
Correct Answer: B
Question # 27
Once a license is activated, a ________ should be installed.
A. License Management file
B. Security Gateway Contract file
C. Service Contract file
D. License Contract file
Correct Answer: C
Question # 28
Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and:
A. assign privileges to users.
B. edit the home directory of the user.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server
Correct Answer: D
Question # 29
R80 Security Management Server can be installed on which of the following operating systems?
A. Gaia only
B. Gaia, SPLAT, Windows Server only
C. Gaia, SPLAT, Windows Server and IPSO only
D. Gaia and SPLAT only
Correct Answer: A
Question #30
Provide very wide coverage for all products and protocols, with noticeable performance impact.
How could you tune the profile in order to lower the CPU load still maintaining security at good level?
A. Set High Confidence to Low and Low Confidence to Inactive.
B. Set the Performance Impact to Medium or lower.
C. The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.
D. Set the Performance Impact to Very Low Confidence to Prevent.
Correct Answer: B
Question # 31
Which of the following is NOT an alert option?
A. SNMP
B. High alert
C. Mail
D. User defined alert
Correct Answer: B
Question # 32
Which of the following is TRUE about the Check Point Host object?
A. Check Point Host has no routing ability even if it has more than one interface installed.
B. When you upgrade earlier versions, Check Point Host objects are converted to gateway objects.
C. Check Point Host is capable of having an IP forwarding mechanism.
D. Check Point Host can act as a firewall.
Correct Answer: A
Question # 33
Which command is used to obtain the configuration lock in Gaia?
A. Lock database override
B. Unlock database override
C. Unlock database lock
D. Lock database user
Correct Answer: A
Question # 34
The IPS policy for pre-R80 gateways is installed during the _______ .
A. Firewall policy install
B. Threat Prevention policy install
C. Anti-bot policy install
D. Access Control policy install
Correct Answer: B
Question # 35
Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
A. Firewall
B. Identity Awareness
C. Application Control
D. URL Filtering
Correct Answer: B
Question # 36
What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?
A. degrades performance as the Security Policy grows in size
B. requires additional Check Point appliances
C. requires additional software subscription
D. increases cost
Correct Answer: A
Question # 37
When using LDAP as an authentication method for Identity Awareness, the query:
A. Requires client and server side software.
B. Prompts the user to enter credentials.
C. Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.
D. Is transparent, requiring no client or server side software, or client intervention.
Correct Answer: D
Question # 38
Choose the SmartLog property that is TRUE.
A. SmartLog has been an option since release R71.10.
B. SmartLog is not a Check Point product.
C. SmartLog and SmartView Tracker are mutually exclusive.
D. SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.
Correct Answer: D
Question # 39
You want to reset SIC between smberlin and sgosaka.
In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message:
What is the reason for this behavior?
A. The Gateway was not rebooted, which is necessary to change the SIC key.
B. You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).
C. The check Point services on the Gateway were not restarted because you are still in the cpconfig utility.
D. The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.
Correct Answer: C
Question # 40
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 0
B. Blank field under Rule Number
C. Rule 1
D. Cleanup Rule
Correct Answer: A
Question # 41
Which tool CANNOT be launched from SmartUpdate R77?
A. IP Appliance Voyager
B. snapshot
C. GAiA WebUI
D. cpinfo
Correct Answer: B
Question # 42
Katie has been asked to do a backup on the Blue Security Gateway. Which command would accomplish this in the Gaia CLI?
A. Blue > add local backup
B. Expert&Blue#add local backing
C. Blue > set backup local
D. Blue > add backup local
Correct Answer: D
Question # 43
What must a Security Administrator do to comply with a management requirement to log all traffic accepted through the perimeter Security Gateway?
A. In Global Properties > Reporting Tools check the box Enable tracking all rules (including rules marked as None in the Track column). Send these logs to a secondary log server for a complete logging history. Use your normal log server for standard logging for troubleshooting.
B. Install the View Implicit Rules package using SmartUpdate.
C. Define two log servers on the R77 Gateway object. Lof Implied Rules on the first log server. Enable Log Rule Base on the second log server.
Use SmartReporter to merge the two log server records into the same database for HIPPA log audits.
D. Check the Log Implied Rules Globally box on the R77 Gateway object.
Correct Answer: A
Question # 44
Match the following commands to their correct function. Each command has one function only listed.
A. C1>F6; C2>F4; C3>F2; C4>F5
B. C1>F2; C2>F1; C3>F6; C4>F4
C. C1>F2; C2>F4; C3>F1; C4>F5
D. C1>F4; C2>F6; C3>F3; C4>F5
Correct Answer: A
Question # 45
You find a suspicious connection from a problematic host. You decide that you want to block everything from that whole network, not just the problematic host.
You want to block this for an hour while you investigate further, but you do not want to add any rules to the Rule Base. How do you achieve this?
A. Use dbedit to script the addition of a rule directly into the Rule Bases_5_0.fws configuration file.
B. Select Block intruder from the Tools menu in SmartView Tracker.
C. Create a Suspicious Activity Rule in Smart Monitor.
D. Add a temporary rule using SmartDashboard and select hide rule.
Correct Answer: C
Question # 46
A Cleanup rule:
A. logs connections that would otherwise be dropped without logging by default.
B. drops packets without logging connections that would otherwise be dropped and logged by default.
C. logs connections that would otherwise be accepted without logging by default.
D. drops packets without logging connections that would otherwise be accepted and logged by default.
Correct Answer: A
Question # 47
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
A. Check Point Password
B. TACACS
C. LDAP
D. Windows password
Correct Answer: C
Question # 48
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.
A. SmartView Tracker, SmartDashboard, CPINFO, SmartUpdate, SmartView Status
B. SmartView Tracker, SmartDashboard, SmartLSM, SmartView Monitor
C. SmartView Tracker, CPINFO, SmartUpdate
D. Security Policy Editor, Log Viewer, Real Time Monitor GUI
Correct Answer: C
Question # 49
How many packets does the IKE exchange use for Phase 1 Main Mode?
A. 12
B. 1
C. 3
D. 6
Correct Answer: D
Question # 50
As you review this Security Policy, what changes could you make to accommodate Rule 4?
A. Remove the service HTTP from the column Service in Rule 4.
B. Modify the column VPN in Rule 2 to limit access to specific traffic.
C. Nothing at all
D. Modify the columns Source or Destination in Rule 4
Correct Answer: B
Question # 51
While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.
A. 1, 2, 5, 4
B. 3, 2, 5, 4
C. 1, 5, 2, 4
D. 3, 5, 2, 4
Correct Answer: C
Question #52
How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?
A. Change the gateway settings to allow Captive Portal access via an external interface.
B. No action is necessary. This access is available by default.
C. Change the Identity Awareness settings under Global Properties to allow Captive Policy access on all interfaces.
D. Change the Identity Awareness settings under Global Properties to allow Captive Policy access for an external interface.
Correct Answer: A
Question # 53
Review the rules. Assume domain UDP is enabled in the implied rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
A. can connect to the Internet successfully after being authenticated.
B. is prompted three times before connecting to the Internet successfully.
C. can go to the Internet after Telnetting to the client authentication daemon port 259.
D. can go to the Internet, without being prompted for authentication.
Correct Answer: D
Question # 54
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run fw ctl multik set_mode 9 in Expert mode and then reboot
B. Using cpconfig, update the Dynamic Dispatcher value to ג€full ג€ under the CoreXL menu
C. Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot
D. run fw ctl multik set_mode 1 in Expert mode and then reboot
Correct Answer: A
Question # 55
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services
B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
Correct Answer: C
Question # 56
What component of R80 Management is used for indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
Correct Answer: D
Question # 57
Which is the correct order of a log flow processed by SmartEvent components:
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
Correct Answer: D
Question # 58
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Correct Answer: A
Question # 59
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Correct Answer: A
Question # 60
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)
B. Restart Daemons if they fail
C. Transfer messages between Firewall processes
D. Pulls application monitoring status
Correct Answer: D
Question # 61
How Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications
B. Capsule Workspace can provide access to any application
C. Capsule Connect provides Business data isolation
D. Capsule Connect does not require an installed application at client
Correct Answer: A
Question # 62
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect
B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Correct Answer: D
Question # 63
What is true about the IPS-Blade?
A. in R80, IPS is managed by the Threat Prevention Policy
B. in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. in R80, IPS Exceptions cannot be attached to ג€all rules €ג
D. in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Correct Answer: A
Question # 64
Which firewall daemon is responsible for the FW CLI commands?
A. fwd
B. fwm
C. cpm
D. cpd
Correct Answer: A
Question # 65
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete
B. Threat Extraction always delivers a file and takes less than a second to complete
C. Threat Emulation never delivers a file that takes less than a second to complete
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete
Correct Answer: B
Question # 66
From SecureXL perspective, what are the tree paths of traffic flow:
A. Initial Path; Medium Path; Accelerated Path
B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Correct Answer: D
Question # 67
R80.10 management server can manage gateways with which versions installed?
A. Versions R77 and higher
B. Versions R76 and higher
C. Versions R75.20 and higher
D. Version R75 and higher
Correct Answer: B
Question # 68
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Correct Answer: B
Question # 69
Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161
B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members
Correct Answer: A
Question # 70
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?
A. Export R80 configuration, clean install R80.10 and import the configuration
B. CPUSE online upgrade
C. CPUSE offline upgrade
D. SmartUpdate upgrade
Correct Answer: C
Question # 71
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats
B. Proactively detects threats
C. Delivers file with original content
D. Delivers PDF versions of original files with active content removed
Correct Answer: B
Question # 72
When using Monitored circuit VRRP, what is a priority delta?
A. When an interface fails the priority changes to the priority delta
B. When an interface fails the delta claims the priority
C. When an interface fails the priority delta is subtracted from the priority
D. When an interface fails the priority delta decides if the other interfaces takes over
Correct Answer: C
Question # 73
What is the best sync method in the ClusterXL deployment?
A. Use 1 cluster + 1 sync
B. Use 1 dedicated sync interface
C. Use 3 clusters + 1 st nd rd sync + 2 sync + 3 sync
D. Use 2 clusters + 1 st nd sync + 2 sync
Correct Answer: B
Question # 75
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
A. fw ctl multik dynamic_dispatching on
B. fw ctl multik dynamic_dispatching set_mode 9
C. fw ctl multik set_mode 9
D. fw ctl miltik pq enable
Correct Answer: A
Question #76
An LDAP server holds one or more ______________.
A. Server Units
B. Administrator Units
C. Account Units
D. Account Servers
Correct Answer: C
Question #78
Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?
A. SmartManager
B. SmartConsole
C. Security Gateway
D. Security Management Server
Correct Answer: D
Question # 79
Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?
A. AES-GCM-256
B. AES-CBC-256
C. AES-GCM-128
D. DES
Correct Answer: B
Question # 80
Which one of the following is TRUE?
A. Ordered policy is a sub-policy within another policy
B. One policy can be either inline or ordered, but not both
C. Inline layer can be defined as a rule action
D. Pre-R80 Gateways do not support ordered layers
Correct Answer: C
Question # 81
What two ordered layers make up the Access Control Policy Layer?
A. URL Filtering and Network
B. Network and Threat Prevention
C. Application Control and URL Filtering
D. Network and Application Control
Correct Answer: D
Question # 82
The destination server for Security Gateway logs depends on a Security Management Server configuration.
A. False, log servers are configured on the Log Server General Properties
B. True, all Security Gateways will only forward logs with a SmartCenter Server configuration
C. True, all Security Gateways forward logs automatically to the Security Management Server
D. False, log servers are enabled on the Security Gateway General Properties
Correct Answer: B
Question # 83
Consider the Global Properties following settings:
The selected option `Accept Domain Name over UDP (Queries)` means:
A. UDP Queries will be accepted by the traffic allowed only through interfaces with external anti-spoofing topology and this will be done before first explicit rule written by Administrator in a Security Policy.
B. All UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by
Administrator in a Security Policy.
C. No UDP Queries will be accepted by the traffic allowed through all interfaces and this will be done before first explicit rule written by
Administrator in a Security Policy.
D. All UDP Queries will be accepted by the traffic allowed by first explicit rule written by Administrator in a Security Policy.
Correct Answer: A
Question # 84
The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?
A. Add tcpdump to CLISH using add command. Create a new access role. Add tcpdump to the role. Create new user with any UID and assign role to the user.
B. Add tcpdump to CLISH using add command. Create a new access role. Add tcpdump to the role. Create new user with UID 0 and assign role to the user.
C. Create a new access role. Add expert-mode access to the role. Create new user with UID 0 and assign role to the user.
D. Create a new access role. Add expert-mode access to the role. Create new user with any UID and assign role to the user.
Correct Answer: A
Question # 85
What is the purpose of a Clean-up Rule?
A. Clean-up Rules do not server any purpose.
B. Provide a metric for determining unnecessary rules.
C. To drop any traffic that is not explicitly allowed.
D. Used to better optimize a policy.
Correct Answer: C
Question # 86
Vanessa is attempting to log into the Gaia Web Portal. She is able to login successfully. Then she tries the same username and password for SmartConsole but gets the message in the screenshot image below. She has checked that the IP address of the Server is correct and the username and password she used to login into Gaia is also correct.
What is the most likely reason?
A. Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.
B. Check Point Management software authentication details are not automatically the same as the Operating System authentication details.
Check that she is using the correct details.
C. SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.
D. Authentication failed because Vanessa’s username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.
Correct Answer: B
Question # 87
Fill in the bank: In Office mode, a Security Gateway assigns a remote client to an IP address once___________.
A. the user connects and authenticates
B. office mode is initiated
C. the user requests a connection
D. the user connects
Correct Answer: A
Question # 88
What is the BEST method to deploy Identity Awareness for roaming users?
A. Use Office Mode
B. Use identity agents
C. Share user identities between gateways
D. Use captive portal
Correct Answer: B
Question # 89
What does it mean if Deyra sees the gateway status:
A. SmartCenter Server cannot reach this Security Gateway
B. There is a blade reporting a problem
C. VPN software blade is reporting a malfunction
D. Security Gateway’s MGNT NIC card is disconnected.
Correct Answer: B
Question # 90
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out
Correct Answer: D
Question # 91
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted traffic
C. Specific VPN Communities
D. All Site-to-Site VPN Communities
Correct Answer: B
Question # 92
How are the backups stored in Check Point appliances?
A. Saved as *.tar under /var/log/CPbackup/backups
B. Saved as *.tgz under /var/CPbackup
C. Saved as *.tar under /var/CPbackup
D. Saved as *.tgz under /var/log/CPbackup/backups
Correct Answer: B
Question # 93
Which of the following is NOT an identity source used for Identity Awareness?
A. Remote Access
B. UserCheck
C. AD Query
D. RADIUS
Correct Answer: B
Question # 94
Which of the following is NOT a valid configuration screen of an Access Role Object?
A. Users
B. Networks
C. Time
D. Machines
Correct Answer: C
Question # 95
What Check Point technologies deny or permit network traffic?
A. Application Control, DLP
B. Packet Filtering, Stateful Inspection, Application Layer Firewall.
C. ACL, SandBlast, MPT
D. IPS, Mobile Threat Protection
Correct Answer: B
Question # 96
In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?
A. Limit
B. IP Address
C. Custom Application / Site
D. Network Object
Correct Answer: B
Question # 97
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. SmartConsole
C. SecureClient
D. SmartEvent
Correct Answer: D
Question # 98 You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to
accept your Terms of Service, and cannot access the Internet. How can you fix this?
A. Right click Accept in the rule, select ג€More ג€, and then check ג€Enable Identity Captive Portal €ג
B. On the firewall object, Legacy Authentication screen, check ג€Enable Identity Captive Portal €ג
C. In the Captive Portal screen of Global Properties, check ג€Enable Identity Captive Portal €ג
D. On the Security Management Server object, check the box ג€Identity Logging €ג
Correct Answer: A
Question # 99
Which information is included in the `Extended Log` tracking option, but is not included in the `Log` tracking option?
A. file attributes
B. application information
C. destination port
D. data type information
Correct Answer: B
Question #100
Which key is created during Phase 2 of a site-to-site VPN?
A. Pre-shared secret
B. Diffie-Hellman Public Key
C. Symmetrical IPSec key
D. Diffie-Hellman Private Key
Correct Answer: C
Question #101
Which SmartConsole tab is used to monitor network and security performance?
A. Manage & Settings
B. Security Policies
C. Gateway & Servers
D. Logs & Monitor
Correct Answer: D
Question # 102
Which of the following is NOT a policy type available for each policy package?
A. Threat Emulation
B. Access Control
C. Desktop Security
D. Threat Prevention
Correct Answer: A
Question # 103
View the rule below. What does the pen-symbol in the left column mean?
A. Those rules have been published in the current session.
B. Rules have been edited by the logged in administrator, but the policy has not been published yet.
C. Another user has currently locked the rules for editing.
D. The configuration lock is present. Click the pen symbol in order to gain the lock.
Correct Answer: B
Question # 104
When a Security Gateway sends its logs to an IP address other than its own, which deployment option is installed?
A. Distributed
B. Standalone
C. Bridge Mode
D. Targeted
Correct Answer: A
Question # 105
Which of the following is NOT a valid deployment option for R80?
A. All-in-one (stand-alone)
B. CloudGuard
C. Distributed
D. Bridge Mode
Correct Answer: B
Question # 106
Which software blade does NOT accompany the Threat Prevention policy?
A. Anti-virus
B. IPS
C. Threat Emulation
D. Application Control and URL Filtering
Correct Answer: D
Question # 107
One of major features in R80.x SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA,
AdminB, and AdminC are editing the same Security Policy?
A. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.
B. AdminA and AdminB are editing the same rule at the same time.
C. AdminB sees a pencil icon next the rule that AdminB is currently editing.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
Correct Answer: A