In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
R81.10 management server can manage gateways with which versions installed?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
Which command shows the current connections distributed by CoreXL FW instances?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
Which of the SecureXL templates are enabled by default on Security Gateway?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
What are the different command sources that allow you to communicate with the API server?
Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
Which of the following links will take you to the SmartView web application?
What is the main difference between Threat Extraction and Threat Emulation?
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
What is the name of the secure application for Mail/Calendar for mobile devices?
NO: 180
What command can you use to have cpinfo display all installed hotfixes?
Which method below is NOT one of the ways to communicate using the Management API’s?
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
Which of the following authentication methods ARE NOT used for Mobile Access?
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Which command collects diagnostic data for analyzing customer setup remotely?
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
Session unique identifiers are passed to the web api using which http header option?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
What is the correct command to observe the Sync traffic in a VRRP environment?
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:
For Management High Availability, which of the following is NOT a valid synchronization status?
John is using Management HA. Which Smartcenter should be connected to for making changes?
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
Customer’s R81 management server needs to be upgraded to R81.10. What is the best upgrade method when the management server is not connected to the Internet?
: 131
Which command is used to display status information for various components?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Can multiple administrators connect to a Security Management Server at the same time?
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
You need to see which hotfixes are installed on your gateway, which command would you use?
John detected high load on sync interface. Which is most recommended solution?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
What is a best practice before starting to troubleshoot using the “fw monitor” tool?
What is the command to check the status of the SmartEvent Correlation Unit?
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
To add a file to the Threat Prevention Whitelist, what two items are needed?
Both ClusterXL and VRRP are fully supported by Gaia R81.10 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?
SmartEvent does NOT use which of the following procedures to identify events:
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Where you can see and search records of action done by R81 SmartConsole administrators?
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Which two of these Check Point Protocols are used by SmartEvent Processes?
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Which command can you use to verify the number of active concurrent connections?
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
If you needed the Multicast MAC address of a cluster, what command would you run?
Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
How many images are included with Check Point TE appliance in Recommended Mode?
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
Which of the following is NOT a type of Check Point API available in R81.x?
You want to store the GAIA configuration in a file for later reference. What command should you use?