Security Checkup Summary can be easily conducted within Views. Views is a feature in SmartConsole that allows you to create customized dashboards and reports based on various security data sources, such as logs, events, audit trails, and more. You can use Views to perform a Security Checkup Summary, which is a comprehensive analysis of your network security posture and potential risks. You can use predefined templates or create your own views to generate the summary. References:  Check Point Security Expert R81 Course , Views Administration Guide

Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP.

If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will begin to send out its own HELLO packet.

Once the master sees this packet with a priority greater than its own, then it releases the VIP.

The Correlation Unit in SmartEvent architecture has the function of analyzing each log entry as it arrives at the log server according to the Event Policy. When it identifies a threat pattern, it forwards an event to the SmartEvent Server. This is an essential function in threat detection and analysis, as it helps in identifying and alerting about security threats based on the configured policies.

Option A correctly describes the function of the Correlation Unit, making it the verified answer.

 In ClusterXL Load Sharing Multicast Mode,  every member of the cluster receives all of the packets sent to the cluster IP address . This mode uses multicast MAC addresses to distribute packets to all cluster members. Each member decides whether to accept or reject the packet based on a load balancing algorithm.  This mode provides better performance and scalability than Unicast mode, but requires a switch that supports multicast MAC addresses. 

 The extended master key extension/session hash is a feature introduced in TLS 1.3 to prevent a Man-in-the-Middle attack/disclosure of the client-server communication. It works by generating a unique session hash for each connection, which is derived from the master key and other parameters. This session hash is then used to authenticate the application data and the end-of-handshake messages, ensuring that no one can tamper with or eavesdrop on the communication. References:  Check Point Security Expert R81 Course , TLS 1.3 RFC

Automation and Orchestration differ in that automation relates to codifying tasks, whereas orchestration relates to codifying processes. Automation is the process of converting manual tasks into executable scripts or programs that can be run by machines or software agents. Orchestration is the process of coordinating multiple automated tasks into a coherent workflow that achieves a desired outcome or goal. Orchestration can also involve integrating different systems, tools, and services through web service interactions such as XML and JSON. References:  Check Point Security Expert R81 Course , Automation & Orchestration Administration Guide

Threat Extraction is a software blade that always delivers a file to user. Threat Extraction removes or sanitizes the active content from the files and converts them to PDF format, which is safer and more compatible. Threat Extraction can also work together with Threat Emulation to provide both clean and original files to the users. Threat Extraction works on MS Office, PDF, and archive files, but not on executables. Threat Extraction can take up to 3 minutes to complete, depending on the file size and complexity. References:  Check Point Security Expert R81 Course ,  Threat Extraction Administration Guide

The command cpinfo -y all can be used to have cpinfo display all installed hotfixes. Cpinfo is a tool that collects diagnostic data from a Check Point gateway or management server. The data includes configuration files, logs, status reports, and more. The -y parameter is used to specify which sections of data to include in the cpinfo output. The value all means to include all sections, including the hotfixes section, which shows the list of hotfixes installed on the system. References:  Check Point Security Expert R81 Course , cpinfo Utility

Capsule Connect is a full layer 3 VPN client that provides secure and seamless remote access to corporate networks from iOS and Android devices. It supports all VPN authentication methods, such as certificates, passwords, tokens, and challenge-response. It also supports split tunneling and seamless roaming. References:  Capsule Connect Datasheet ,  Capsule Connect Administration Guide

Dynamic Dispatch is a feature that enhances CoreXL performance by dynamically assigning new co n nections to CoreXL FW instances based on their CPU utilization 1 .  To enable Dynamic Dispatch on S e curity Gateway without enabling Firewall Priority Queues (FPQ), you need to run the command  fw ctl multik set_mode 4  in Expert mode and reboot 2 . This command will set the CoreXL mode to Dynamic Dispatcher without FPQ. The other options are not correct because:

A. fw ctl Dyn_Dispatch on: This command does not exist and will return an error message.

B. fw ctl Dyn_Dispatch enable: This command does not exist and will return an error message.

D.  fw ctl multik set_mode 1: This command will set the CoreXL mode to Static Dispatcher without FPQ, which is the default mode 2 . This mode will use a static hash function to assign new connections to CoreXL FW instances based on their IP addresses and protocol.

When two Security Gateways are managed by the same Security Management Server, they use certificate based authentication to establish a VPN tunnel. This is because the Security Management Server acts as an internal certificate authority (ICA) that can issue and revoke certificates for the Security Gateways. The Security Management Server also maintains a trust relationship with the Security Gateways, which is based on a one-time password (OTP) that is used to initialize secure internal communication (SIC). Therefore, there is no need to use a pre-shared secret for authentication between two Security Gateways managed by the same SMS.

 In a Zero downtime upgrade, you should upgrade the Standby Member first. This is because the Standby Member does not process traffic and can be upgraded without affecting the cluster availability. After upgrading the Standby Member, you can perform a failover and make it the Active Member. Then you can upgrade the original Active Member, which becomes the Standby Member after the failover. References:  Getting Started - Check Point Software , section “Upgrading Cluster Members with Zero Downtime”

 CPUSE (Check Point Upgrade Service Engine) is a tool that allows users to download, import, install, and uninstall software packages on Gaia OS. CPUSE has a web-based user interface that can be accessed through Gaia Portal.  CPUSE offers four package options in the web GUI for different purposes 4 :

Clean Install - This option performs a clean installation of a Major Version pac k age, which erases all existing configuration and data on the system.

Export Package - This option exports a package from CPUSE repository to an e x ternal location for backup or transfer purposes.

Upgrade - This option performs an upgrade of a Major Version package or a M i nor Version package, which preserves the existing configuration and data on the system.

Database Conversion - This option converts the database schema of a Major Ve r sion package to match the current version.

Therefore, the correct answer is B.

 To verify the CPUSE agent build, you can use either of these methods:

In WebUI Status and Actions page

By running the following command in CLISH: show installer status build The CPUSE agent build indicates the version of the CPUSE agent that is installed on the m a chine. The CPUSE agent is responsible for downloading, verifying, installing, and remo v ing packages on Gaia OS. It is recommended to keep the CPUSE agent up-to-date to ensure a smooth installation and upgrade process. References: [CPUSE Agent]

 The traffic that the Anti-bot feature blocks is command and control traffic from hosts that have been identified as infected. Anti-bot is a blade that detects and prevents botnet attacks by using a cloud-based service that provides up-to-date threat intelligence.  When Anti-bot detects a host that is communicating with a malicious command and control server, it blocks the traffic and generates an alert 2 .  The other options are not the types of traffic that Anti-bot blocks. References:  2 : Check Point Software, Getting Started, Anti-Bot.