Which of the following technologies extracts detailed information from packets and stores that information in state tables?
Fill in the blank: Each cluster has __________ interfaces.
Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch.
Which utility allows you to configure the DHCP service on GAIA from the command line?
Sysconfig Configuration Options
Which one of the following is the preferred licensing model? Select the Best answer.
A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are:
You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
What does this mean?
Examine the following Rule Base.
What can we infer about the recent changes made to the Rule Base?
On top of the print screen there is a number "8" which consists for the number of changes made and not saved.
Session Management Toolbar (top of SmartConsole)
What is the order of NAT priorities?
The order of NAT priorities is:
Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods.
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________.
There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.
Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?
SmartDashboard organizes the automatic NAT rules in this order:
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
What will be the effect of running the following command on the Security Management Server?
This command uninstall actual security policy (already installed)
By default, which port does the WebUI listen on?
To configure Security Management Server on Gaia:
Fill in the blank: The R80 utility fw monitor is used to troubleshoot _____________
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark
Fill in the blank: The command __________ provides the most complete restoration of a R80 configuration.
(Should be "migrate import")
"migrate import" Restores backed up configuration for R80 version, in previous versions the command was " upgrade_import ".
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
Authentication Schemes :- Check Point Password
- Operating System Password
- Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.
The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits even if the Track option is set to “None”?
What is the purpose of the Clean-up Rule?
These are basic access control rules we recommend for all Rule Bases:
There is also an implied rule that drops all traffic, but you can use the Cleanup rule to log the traffic.
You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?
Consider the Global Properties following settings:
The selected option “Accept Domain Name over UDP (Queries)” means:
After the initial installation on Check Point appliance, you notice that the Management interface and default gateway are incorrect. Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
You have discovered suspicious activity in your network. What is the BEST immediate action to take?
Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.
Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?
Fill in the blank: The position of an implied rule is manipulated in the __________________ window.
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
Which of the following commands is used to monitor cluster members in CLI?
To view statistics on detected threats, which Threat Tool would an administrator use?
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway
Which type of attack can a firewall NOT prevent?
Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.
What is the possible explanation for this?
Which option, when applied to a rule, allows all encrypted and non-VPN traffic that matches the rule?
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
Which feature in R77 permits blocking specific IP addresses for a specified time period?
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security Gateways in these communities.
2. Site to site VPN - Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are allowed: FTP, HTTP, HTTPS and SMTP.
3. Remote access - Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are allowed: HTTP, HTTPS, and IMAP.
Provide very wide coverage for all products and protocols, with noticeable performance impact.
How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.
The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different. As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?
Which of the following is NOT a back up method?
The built-in Gaia backup procedures:
Check Point provides three different procedures for backing up (and restoring) the operating system and networking parameters on your appliances.
NAT can NOT be configured on which of the following objects?
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?
Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.
You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.
The default method for destination NAT is _____________, where NAT occurs on the Inbound interface closest to the client.
AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a locked icon on a rule? Choose the BEST answer.
What are the three tabs available in SmartView Tracker?
After the initial installation the First Time Configuration Wizard should be run. Select the BEST answer.
Check Point Security Gateway and Check Point Security Management require running the First Time Configuration Wizard in order to be configured correctly. The First Time Configuration Wizard is available in Gaia Portal and also through CLI.
To invoke the First Time Configuration Wizard through CLI, run the config_system command from the Expert shell.
What action can be performed from SmartUpdate R77?
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows them as prioritized security events.
Event Analysis with SmartEvent
The SmartEvent Software Blade is a unified security event management and analysis solution that delivers real-time, graphical threat management information. SmartConsole, SmartView Web Application, and the SmartEvent GUI client consolidate billions of logs and show them as prioritized security events so you can immediately respond to security incidents, and do the necessary actions to prevent more attacks. You can customize the views to monitor the events that are most important to you. You can move from a high level view to detailed forensic analysis in a few clicks. With the free-text search and suggestions, you can quickly run data analysis and identify critical security events.
In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.
Which directory holds the SmartLog index files by default?
Which Check Point software blade provides protection from zero-day and undiscovered threats?
Which of the following statements accurately describes the command snapshot?
Which of the following is TRUE about the Check Point Host object?
A Check Point host is a host with only one interface, on which Check Point software has been installed, and which is managed by the Security Management server. It is not a routing mechanism and is not capable of IP forwarding.
Which of the following is NOT a VPN routing option available in a star community?
For simple hubs and spokes (or if there is only one Hub), the easiest way is to configure a VPN star community in R80 SmartConsole:
The two Dynamic Objects (DAIP Security Gateways) can securely route communication through the Security Gateway with the static IP address.
Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R77?
Which remote Access Solution is clientless?
Which of these statements describes the Check Point ThreatCloud?
You are about to test some rule and object changes suggested in an R77 news group. Which backup solution should you use to ensure the easiest restoration of your Security Policy to its previous configuration after testing the changes?
Which command can you use to enable or disable multi-queue per interface?
You are using SmartView Tracker to troubleshoot NAT entries. Which column do you check to view the NAT'd source port if you are using Source NAT?
Your company enforces a strict change control policy. Which of the following would be MOST effective for quickly dropping an attacker's specific active connection?
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
What happens when you run the command: fw sam -J src [Source IP Address]?
The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?
A Cleanup rule:
Which limitation of CoreXL is overcome by using (mitigated by) Multi-Queue?
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
3) Changes from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
Which of the following is a hash algorithm?
Which rule is responsible for the user authentication failure?
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
What component of R80 Management is used for indexing?
You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities sh you do first?