CPU-level of your Security gateway is peaking to 100% causing problems with traffic. You suspect that the problem might be the Threat Prevention settings.
The following Threat Prevention Profile has been created.
How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.
You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?
Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?
Which option in a firewall rule would only match and allow traffic to VPN gateways for one Community in common?
Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?
Fill in the blanks: There are ________ types of software containers ________.
Identity Awareness allows the Security Administrator to configure network access based on which of the following?
Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.
Fill in the blank: ____________ is the Gaia command that turns the server off.
Which SmartConsole tab is used to monitor network and security performance?
When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:
Which method below is NOT one of the ways to communicate using the Management API’s?
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
Which of the following are available SmartConsole clients which can be installed from the R77 Windows CD? Read all answers and select the most complete and valid list.
You have just installed your Gateway and want to analyze the packet size distribution of your traffic with SmartView Monitor.
Unfortunately, you get the message:
“There are no machines that contain Firewall Blade and SmartView Monitor”.
What should you do to analyze the packet size distribution of your traffic? Give the BEST answer.
Which R77 GUI would you use to see number of packets accepted since the last policy install?
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
When launching SmartDashboard, what information is required to log into R77?
Jennifer McHanry is CEO of ACME. She recently bought her own personal iPad. She wants use her iPad to access the internal Finance Web server. Because the iPad is not a member of the Active Directory domain, she cannot identify seamlessly with AD Query. However, she can enter her AD credentials in the Captive Portal and then get the same access as on her office computer. Her access to resources is based on rules in the R77 Firewall Rule Base.
To make this scenario work, the IT administrator must:
1) Enable Identity Awareness on a gateway and select Captive Portal as one of the Identity Sources.
2) In the Portal Settings window in the User Access section, make sure that Name and password login is selected.
3) Create a new rule in the Firewall Rule Base to let Jennifer McHanry access network destinations. Select accept as the Action.
4) Install policy.
Ms McHanry tries to access the resource but is unable. What should she do?
You find that Users are not prompted for authentication when they access their Web servers, even though you have created an HTTP rule via User Authentication. Choose the BEST reason why.
How do you configure the Security Policy to provide uses access to the Captive Portal through an external (Internet) interface?
A client has created a new Gateway object that will be managed at a remote location. When the client attempts to install the Security Policy to the new Gateway object, the object does not appear in the Install On check box. What should you look for?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
According to Check Point Best Practice, when adding a non-managed Check Point Gateway to a Check Point security solution what object SHOULD be added? A(n):
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup?
Fill in the blanks: A High Availability deployment is referred to as a ______ cluster and a Load Sharing deployment is referred to as a ________ cluster.
On the following picture an administrator configures Identity Awareness:
After clicking “Next” the above configuration is supported by:
Which of the following is NOT a VPN routing option available in a star community?
Fill in the blanks: A security Policy is created in _________ , stored in the _________ , and Distributed to the various __________ .
The organization's security manager wishes to back up just the Gaia operating system parameters. Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?
Study the Rule base and Client Authentication Action properties screen.
After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site. What happens when the user tries to FTP to another site using the command line? The:
What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?
When using LDAP as an authentication method for Identity Awareness, the query:
Where can administrator edit a list of trusted SmartConsole clients in R80?
Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time. What is the BEST way to do this with R80 security management?
Fill in the blank: A _______ is used by a VPN gateway to send traffic as if it were a physical interface.
When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored
Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.
Fill in the blanks: VPN gateways authenticate using ___________ and ___________ .
Which one of the following is the preferred licensing model? Select the Best answer.
Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
What will be the effect of running the following command on the Security Management Server?
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?