Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services.
The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?
Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:
There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
If you needed the Multicast MAC address of a cluster, what command would you run?
Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .
Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
R81.10 management server can manage gateways with which versions installed?
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which method below is NOT one of the ways to communicate using the Management API’s?
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
Using ClusterXL, what statement is true about the Sticky Decision Function?
Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:
You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?
Alice & Bob are going to use Management Data Plane Separation and therefore the routing separation needs to be enabled. Which of the following command is true for enabling the Management Data Plane Separation (MDPS):
: 156
VPN Link Selection will perform the following when the primary VPN link goes down?
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
You want to store the GAIA configuration in a file for later reference. What command should you use?
SmartEvent does NOT use which of the following procedures to identify events:
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
You need to see which hotfixes are installed on your gateway, which command would you use?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
What is the main difference between Threat Extraction and Threat Emulation?
Which of the following is NOT a type of Check Point API available in R81.x?
Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically attached to a Security Gateway.
John detected high load on sync interface. Which is most recommended solution?
Besides fw monitor, what is another command that can be used to capture packets?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
Which SmartConsole tab is used to monitor network and security performance?
What statement best describes the Proxy ARP feature for Manual NAT in R81.10?
Please choose the path to monitor the compliance status of the Check Point R81.10 based management.
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
Which Check Point software blade provides Application Security and identity control?
What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
With SecureXL enabled, accelerated packets will pass through the following:
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
GAiA Software update packages can be imported and installed offline in situation where:
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
Fill in the blank: __________ information is included in “Full Log” tracking option, but is not included in “Log” tracking option?
Which SmartEvent component is responsible to collect the logs from different Log Servers?
You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways
Which two Identity Awareness daemons are used to support identity sharing?
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?
Is it possible to establish a VPN before the user login to the Endpoint Client?
Tom has connected to the R81 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
Which file gives you a list of all security servers in use, including port number?
Which Check Point feature enables application scanning and the detection?
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to fill in System Restore window before she can click OK button and test the backup?
Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
Which command collects diagnostic data for analyzing customer setup remotely?
Which of the SecureXL templates are enabled by default on Security Gateway?
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?