Messaging tool used to verify a user’s credentials.

Communication tool used to inform a user about a website or application they are trying to access.

Administrator tool used to monitor users on their network.

Communication tool used to notify an administrator when a new user is created.

fwd

fwm

cpd

cpwd

It will generate Geo-Protection traffic

Automatically uploads debugging logs to Check Point Support Center

It will not block malicious traffic

Bypass licenses requirement for Geo-Protection control

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Accept; redirect

Accept; drop

Redirect; drop

Drop; accept

cpexport

sysinfo

cpsizeme

cpinfo

It is not supported with either the Performance pack of a hardware based accelerator card

Does not support SPI’s when configured for Load Sharing

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

It is not required L2TP traffic

Application Dictionary

AppWiki

Application Library

CPApp

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

Generates an event based on the Event policy.

Assigns a severity level to the event.

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

cphaprob interface

cphaprob –I interface

cphaprob –a if

cphaprob stat

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

Reinitialize SIC on the security gateway then run “fw unloadlocal”

Reset SIC from Smart Dashboard

Change internal CA via cpconfig

SmartView Monitor

SmartEventWeb

There is no Web application for SmartEvent

SmartView

Kerberos SSO which will be working for Active Directory integration

Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user.

Obligatory usage of Captive Portal.

The ports 443 or 80 what will be used by Browser-Based and configured Authentication.

Run cprestart from clish

After upgrading the hardware, increase the number of kernel instances using cpconfig

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

Hyperthreading must be enabled in the bios to use CoreXL

Missing an installed R77.20 Add-on on Security Management Server

Unsupported firmware on UTM-1 Edge-W appliance

Unsupported version on UTM-1 570 series appliance

Unsupported appliances on remote locations

Mutually Trusted Certificate Authorities

Shared User Certificates

Shared Secret Passwords

Unique Passwords

Management Dashboard

Gateway

Personal User Storage

Behavior Risk Engine

Once a week

Once an hour

Twice per day

Once per day

TXT, XML and CSV

PDF and TXT

PDF, HTML, and XML

PDF and HTML

Clientless remote access

Clientless direct access

Client-based remote access

Direct access

Events are generated at gateway according to Event Policy

A log entry becomes an event when it matches any rule defined in Event Policy

Events are collected with SmartWorkflow form Trouble Ticket systems

Log and Events are synonyms

1-254

1-255

0-254

0 – 255

Blocks or limits usage of web applications

Prevents or controls access to web sites based on category

Prevents Cloud vulnerability exploits

A worldwide collaborative security network

Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.

Create a rule at the top in the Sydney firewall to allow control traffic from your network

Nothing - Check Point control connections function regardless of Geo-Protection policy

Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

In SmartView Tracker, open active log

In the Logs & Monitor view, select “Open Audit Log View”

In SmartAuditLog View

In Smartlog, all logs

Severity

Automatic reactions

Policy

Threshold

Source Port Ranges/Encrypted Connections

IPS

ClusterXL in load sharing Mode

CoreXL

Publish or discard the session.

Revert the session.

Save and install the Policy.

Delete older versions of database.

fw ctl sdstat

fw ctl affinity –l –a –r –v

fw ctl multik stat

cpinfo

Next Generation Threat Prevention

Next Generation Threat Emulation

Next Generation Threat Extraction

Next Generation Firewall

Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.

Data Awareness is not enabled.

Identity Awareness is not enabled.

Logs are arriving from Pre-R80 gateways.

Three; security management, Security Gateway, and endpoint security

Three; Security Gateway, endpoint security, and gateway management

Two; security management and endpoint security

Two; endpoint security and Security Gateway

Collision

Down

Lagging

Never been synchronized

cpmq get

show interface all

cpmq set

show multiqueue all

Host having a Critical event found by Threat Emulation

Host having a Critical event found by IPS

Host having a Critical event found by Antivirus

Host having a Critical event found by Anti-Bot

False, this feature has to be enabled in the Global Properties.

True, every administrator works in a session that is independent of the other administrators.

True, every administrator works on a different database that is independent of the other administrators.

False, only one administrator can login with write permission.

Infinite

One

Three

Two

$FWDIR/database/fwauthd.conf

$FWDIR/conf/fwauth.conf

$FWDIR/conf/fwauthd.conf

$FWDIR/state/fwauthd.conf

Dynamic ID

RADIUS

Username and Password

Certificate

fwm compile

fwm load

fwm fetch

fwm install

GUI Client, Security Gateway, WebUI Interface

GUI Client, Security Management, Security Gateway

Security Gateway, WebUI Interface, Consolidated Security Logs

Security Management, Security Gateway, Consolidate Security Logs

Manually, Scheduled, Automatic

Manually, Automatic, Disabled

Manually, Scheduled, Disabled

Manually, Scheduled, Enabled

224.0.0.18

224 00 5

224.0.0.102

224.0.0.22

restore_backup

import backup

cp_merge

migrate import

Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

fw ctl set int vmac_mode 1

cphaconf vmac_mode set 1

Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC

Accept

Drop

NAT

None

Threat Emulation

HTTPS

QOS

VoIP

Server, SCP, Username, Password, Path, Comment, Member

Server, TFTP, Username, Password, Path, Comment, All Members

Server, Protocol, Username, Password, Path, Comment, All Members

Server, Protocol, username Password, Path, Comment, Member

Web Browsers and user devices

DMZ server

Cloud

Email servers

Firewall

Threat Emulation

Application Control

Threat Extraction

cphaprob –d STOP unregister

cphaprob STOP unregister

cphaprob unregister STOP

cphaprob –d unregister STOP

Rule 7 was created by the ‘admin’ administrator in the current session

8 changes have been made by administrators since the last policy installation

The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator

Rule 1 and object webserver are locked by another administrator

X-chkp-sid

Accept-Charset

Proxy-Authorization

Application

Secure Internal Communication (SIC)

Restart Daemons if they fail

Transfers messages between Firewall processes

Pulls application monitoring status

Accept Template

Deny Template

Drop Template

NAT Template

The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.

The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.

The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

If you create a new Security Policy, the Manual NAT rules will be transferred to this new policy.

There is no benefit since Automatic NAT has in any case higher priority over Manual NAT

You have the full control about the priority of the NAT rules

On IPSO and GAIA Gateways, it is handled in a stateful manner

cpm status

api restart

api status

show api status

Capsule Workspace

Capsule Mail

Capsule VPN

Secure Workspace

fw monitor –e “accept[12:4,b]=224.0.0.18;”

fw monitor –e “accept port(6118;”

fw monitor –e “accept proto=mcVRRP;”

fw monitor –e “accept dst=224.0.0.18;”

Performs OS-level sandboxing for SandBlast Cloud architecture

Ensure the Check Point SandBlast services is running on the end user’s system

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

Clean up email sent with malicious attachments

CPUSE Check Point Update Service Engine

rpm -Uv

Software Update Service

UnixinstallScript

fwd via cpm

fwm via fwd

cpm via cpd

fwd via cpd