156-215.81 Online Training Archives

Check Point 156-215.81 certification exam marks a higher rank in the IT sector. In this Check Point 156-215.81 Check Point Certified Security Administrator R81 Online Training there are all new questions of CCSA 156-215.81 exam involved which hints you towards your accomplishment if you want success with worthy grades, which gives you exactly those which will be supportive for you in your final exams and as far as my involvement Exam4Training is the best for you as it has all the valuable online exam material which is vital for 156-215.81 Check Point Certified Security Administrator R81 exam.

Page 1 of 20

1. URL Filtering cannot be used to:

Control Bandwidth issues

Control Data Security

Improve organizational security

Decrease legal liability

2. Fill in the blanks: The _______ collects logs and sends them to the _______.

Log server; Security Gateway

Log server; security management server

Security management server; Security Gateway

Security Gateways; log server

3. To view statistics on detected threats, which Threat Tool would an administrator use?

Protections

IPS Protections

Profiles

ThreatWiki

4. Which statement is TRUE of anti-spoofing?

Anti-spoofing is not needed when IPS software blade is enabled

It is more secure to create anti-spoofing groups manually

It is BEST Practice to have anti-spoofing groups in sync with the routing table

With dynamic routing enabled, anti-spoofing groups are updated automatically whenever there is a routing change

5. What kind of NAT enables Source Port Address Translation by default?

Automatic Static NAT

Manual Hide NAT

Automatic Hide NAT

Manual Static NAT

6. From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?

Verify a Security Policy

Open a terminal shell

Add a static route

View Security Management GUI Clients

7. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher.

How can you enable them?

fw ctl multik dynamic_dispatching on

fw ctl multik dynamic_dispatching set_mode 9

fw ctl multik set_mode 9

fw ctl miltik pq enable

8. Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

9. With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis?

The complete communication is sent for inspection.

The IP address of the source machine.

The end user credentials.

The host portion of the UR

10. Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

What is the possible explanation for this?

DNS Rule is using one of the new feature of R80 where an administrator can mark a rule with the padlock icon to let other administrators know it is important.

Another administrator is logged into the Management and currently editing the DNS Rule.

DNS Rule is a placeholder rule for a rule that existed in the past but was deleted.

This is normal behavior in R80 when there are duplicate rules in the Rule Base.

Page 2 of 20

11. True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

True, every administrator works on a different database that Is independent of the other administrators

False, this feature has to be enabled in the Global Properties.

True, every administrator works in a session that is independent of the other administrators

False, only one administrator can login with write permission

12. Under which file is the proxy arp configuration stored?

$FWDIR/state/proxy_arp.conf on the management server

$FWDIR/conf/local.arp on the management server

$FWDIR/state/_tmp/proxy.arp on the security gateway

$FWDIR/conf/local.arp on the gateway

13. In which scenario is it a valid option to transfer a license from one hardware device to another?

From a 4400 Appliance to a 2200 Appliance

From a 4400 Appliance to an HP Open Server

From an IBM Open Server to an HP Open Server

From an IBM Open Server to a 2200 Appliance

14. Check Point licenses come in two forms.

What are those forms?

Central and Local.

Access Control and Threat Prevention.

On-premise and Public Cloud.

Security Gateway and Security Management.

15. What Check Point technologies deny or permit network traffic?

Application Control, DLP

Packet Filtering, Stateful Inspection, Application Layer Firewall.

ACL, SandBlast, MPT

IPS, Mobile Threat Protection

16. What are the three main components of Check Point security management architecture?

SmartConsole, Security Management, and Security Gateway

Smart Console, Standalone, and Security Management

SmartConsole, Security policy, and Logs & Monitoring

GUI-Client, Security Management, and Security Gateway

17. To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity.

Which Policy should the administrator install after Publishing the changes?

The Access Control and Threat Prevention Policies.

The Access Control Policy.

The Access Control & HTTPS Inspection Policy.

The Threat Prevention Policy.

18. In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?

"Inspect", "Bypass"

"Inspect", "Bypass", "Categorize"

"Inspect", "Bypass", "Block"

"Detect", "Bypass"

19. Fill in the blank: ____________ is the Gaia command that turns the server off.

sysdown

exit

halt

shut-down

20. Name the authentication method that requires token authenticator.

SecureID

Radius

DynamicID

TACACS

Page 3 of 20

21. Which GUI tool can be used to view and apply Check Point licenses?

cpconfig

Management Command Line

SmartConsole

SmartUpdate

22. Fill in the blank: To create policy for traffic to or from a particular location, use the _____________.

DLP shared policy

Geo policy shared policy

Mobile Access software blade

HTTPS inspection

23. Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security Management Server?

Save Policy

Install Database

Save session

Install Policy

24. Which part of SmartConsole allows administrators to add, edit delete, and clone objects?

Object Browser

Object Editor

Object Navigator

Object Explorer

25. What is the purpose of a Clean-up Rule?

Clean-up Rules do not server any purpose.

Provide a metric for determining unnecessary rules.

To drop any traffic that is not explicitly allowed.

Used to better optimize a policy.

26. An administrator can use section titles to more easily navigate between large rule bases.

Which of these statements is FALSE?

Section titles are not sent to the gateway side.

These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement.

A Sectional Title can be used to disable multiple rules by disabling only the sectional title.

Sectional Titles do not need to be created in the SmartConsole.

27. Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU.

After installation, is the administrator required to perform any additional tasks?

Go to clash-Run cpstop | Run cpstart

Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway

Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores

Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy

28. Full synchronization between cluster members is handled by Firewall Kernel.

Which port is used for this?

UDP port 265

TCP port 265

UDP port 256

TCP port 256

29. Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

AES-GCM-256

AES-CBC-256

AES-GCM-128

30. Stateful Inspection compiles and registers connections where?

Connection Cache

State Cache

State Table

Network Table

Page 4 of 20

31. John is using Management HA.

Which Smartcenter should be connected to for making changes?

secondary Smartcenter

active Smartcenter

connect virtual IP of Smartcenter HA

primary Smartcenter

32. Which of the following are types of VPN communities?

Pentagon, star, and combination

Star, octagon, and combination

Combined and star

Meshed, star, and combination

33. Can you use the same layer in multiple policies or rulebases?

Yes - a layer can be shared with multiple policies and rules.

No - each layer must be unique.

No - layers cannot be shared or reused, but an identical one can be created.

Yes - but it must be copied and pasted with a different name.

34. After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Security Gateway IP-address cannot be changed without re-establishing the trust

The Security Gateway name cannot be changed in command line without re-establishing trust

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust

The Security Management Server IP-address cannot be changed without re-establishing the trust

35. Which Threat Prevention profile uses sanitization technology?

Cloud/data Center

perimeter

Sandbox

Guest Network

36. Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?

SmartManager

SmartConsole

Security Gateway

Security Management Server

37. Fill in the blank: An identity server uses a ___________ for user authentication.

Shared secret

Certificate

One-time password

Token

38. Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server.

SecurID

LDAP

NT domain

SMTP

39. Which tool is used to enable cluster membership on a Gateway?

SmartUpdate

cpconfig

SmartConsole

sysconfig

40. What are the three components for Check Point Capsule?

Capsule Docs, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Cloud

Page 5 of 20

41. Which message indicates IKE Phase 2 has completed successfully?

Quick Mode Complete

Aggressive Mode Complete

Main Mode Complete

IKE Mode Complete

42. True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

True, CLI is the prefer method for Licensing

False, Central License are handled via Security Management Server

False, Central License are installed via Gaia on Security Gateways

True, Central License can be installed with CPLIC command on a Security Gateway

43. Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events.

SmartView Web Application

SmartTracker

SmartMonitor

SmartReporter

44. Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code (with unification in R81.10)?

Enterprise Network Security Appliances

Rugged Appliances

Scalable Platforms

Small Business and Branch Office Appliances

45. DLP and Geo Policy are examples of what type of Policy?

Inspection Policies

Shared Policies

Unified Policies

Standard Policies

46. What is the purpose of the CPCA process?

Monitoring the status of processes

Sending and receiving logs

Communication between GUI clients and the SmartCenter server

Generating and modifying certificates

47. What type of NAT is a one-to-one relationship where each host is translated to a unique address?

Source

Static

Hide

Destination

48. Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?

AD Query

Terminal Servers Endpoint Identity Agent

Endpoint Identity Agent and Browser-Based Authentication

RADIUS and Account Logon

49. A SAM rule Is implemented to provide what function or benefit?

Allow security audits.

Handle traffic as defined in the policy.

Monitor sequence activity.

Block suspicious activity.

50. Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages.

Concurrent policy packages

Concurrent policies

Global Policies

Shared policies

Page 6 of 20

51. Using ClusterXL, what statement is true about the Sticky Decision Function?

Can only be changed for Load Sharing implementations

All connections are processed and synchronized by the pivot

Is configured using cpconfig

Is only relevant when using SecureXL

52. Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

Application Control

Threat Emulation

Logging and Status

Monitoring

53. How are the backups stored in Check Point appliances?

Saved as*.tar under /var/log/CPbackup/backups

Saved as*tgz under /var/CPbackup

Saved as*tar under /var/CPbackup

Saved as*tgz under /var/log/CPbackup/backups

54. Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

Application Control

Threat Emulation

Anti-Virus

Advanced Networking Blade

55. Which option would allow you to make a backup copy of the OS and Check Point configuration, without stopping Check Point processes?

All options stop Check Point processes

backup

migrate export

snapshot

56. What is the purpose of the Stealth Rule?

To prevent users from directly connecting to a Security Gateway.

To reduce the number of rules in the database.

To reduce the amount of logs for performance issues.

To hide the gateway from the Internet.

57. When configuring Anti-Spoofing, which tracking options can an Administrator select?

Log, Alert, None

Log, Allow Packets, Email

Drop Packet, Alert, None

Log, Send SNMP Trap, Email

58. When an encrypted packet is decrypted, where does this happen?

Security policy

Inbound chain

Outbound chain

Decryption is not supported

59. Which type of attack can a firewall NOT prevent?

Network Bandwidth Saturation

Buffer Overflow

SYN Flood

SQL Injection

60. If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:

Rename the hostname of the Standby member to match exactly the hostname of the Active member.

Change the Standby Security Management Server to Active.

Change the Active Security Management Server to Standby.

Manually synchronize the Active and Standby Security Management Servers.

Page 7 of 20

61. Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

On all satellite gateway to satellite gateway tunnels

On specific tunnels for specific gateways

On specific tunnels in the community

On specific satellite gateway to central gateway tunnels

62. Security Zones do no work with what type of defined rule?

Application Control rule

Manual NAT rule

IPS bypass rule

Firewall rule

63. Fill in the blanks: A ____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

Formal; corporate

Local; formal

Local; central

Central; local

64. A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time.

What tool can you use to block this traffic?

Anti-Bot protection

Anti-Malware protection

Policy-based routing

Suspicious Activity Monitoring (SAM) rules

65. View the rule below.

What does the pen-symbol in the left column mean?

Those rules have been published in the current session.

Rules have been edited by the logged in administrator, but the policy has not been published yet.

Another user has currently locked the rules for editing.

The configuration lock is present. Click the pen symbol in order to gain the lock.

66. What is the default shell of Gaia CLI?

clish

Monitor

Read-only

Bash

67. What is the purpose of Captive Portal?

It manages user permission in SmartConsole

It provides remote access to SmartConsole

It authenticates users, allowing them access to the Internet and corporate resources

It authenticates users, allowing them access to the Gaia OS

68. When using Automatic Hide NAT, what is enabled by default?

Source Port Address Translation (PAT)

Static NAT

Static Route

HTTPS Inspection

69. Fill in the blank: Back up and restores can be accomplished through_________.

SmartConsole, WebUI, or CLI

WebUI, CLI, or SmartUpdate

CLI, SmartUpdate, or SmartBackup

SmartUpdate, SmartBackup, or SmartConsole

70. What is the Transport layer of the TCP/IP model responsible for?

It transports packets as datagrams along different routes to reach their destination.

It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application.

It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer.

It deals with all aspects of the physical components of network connectivity and connects with different network types.

Page 8 of 20

71. From SecureXL perspective, what are the tree paths of traffic flow:

Initial Path; Medium Path; Accelerated Path

Layer Path; Blade Path; Rule Path

Firewall Path; Accept Path; Drop Path

Firewall Path; Accelerated Path; Medium Path

72. Choose what BEST describes the reason why querying logs now is very fast.

New Smart-1 appliances double the physical memory install

Indexing Engine indexes logs for faster search results

SmartConsole now queries results directly from the Security Gateway

The amount of logs been store is less than the usual in older versions

73. An administrator wishes to enable Identity Awareness on the Check Point firewalls. However they allow users to use company issued or personal laptops.

Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?

AD Query

Browser-Based Authentication

Identity Agents

Terminal Servers Agent

74. Which of the following is NOT a valid deployment option for R80?

All-in-one (stand-alone)

CloudGuard

Distributed

Bridge Mode

75. You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information.

What is the MOST likely reason?

Identity Awareness is not enabled.

Log Trimming is enabled.

Logging has disk space issues

Content Awareness is not enabled.

76. What is the purpose of the Clean-up Rule?

To log all traffic that is not explicitly allowed or denied in the Rule Base

To clean up policies found inconsistent with the compliance blade reports

To remove all rules that could have a conflict with other rules in the database

To eliminate duplicate log entries in the Security Gateway

77. To enforce the Security Policy correctly, a Security Gateway requires:

a routing table

awareness of the network topology

a Demilitarized Zone

a Security Policy install

78. Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the ____________ algorithm.

SHA-256

SHA-200

MD5

SHA-128

79. How would you determine the software version from the CLI?

fw ver

fw stat

fw monitor

cpinfo

80. Log query results can be exported to what file format?

Word Document (docx)

Comma Separated Value (csv)

Portable Document Format (pdf)

Text (txt)

Page 9 of 20

81. In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

SND is a feature to accelerate multiple SSL VPN connections

SND is an alternative to IPSec Main Mode, using only 3 packets

SND is used to distribute packets among Firewall instances

SND is a feature of fw monitor to capture accelerated packets

82. You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway.

How do you review the logs to see what the problem may be?

Open SmartLog and connect remotely to the IP of the wireless controller

Open SmartView Tracker and filter the logs for the IP address of the tablet

Open SmartView Tracker and check all the IP logs for the tablet

Open SmartLog and query for the IP address of the Manager’s tablet

83. In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

Publish changes

Save changes

Install policy

Install database

84. The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades.

What does the Status Attention mean?

Cannot reach the Security Gateway.

The gateway and all its Software Blades are working properly.

At least one Software Blade has a minor issue, but the gateway works.

Cannot make SIC between the Security Management Server and the Security Gateway

85. Which of the following commands is used to verify license installation?

Cplic verify license

Cplic print

Cplic show

Cplic license

86. URL Filtering employs a technology, which educates users on web usage policy in real time.

What is the name of that technology?

WebCheck

UserCheck

Harmony Endpoint

URL categorization

87. Where can administrator edit a list of trusted SmartConsole clients?

cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.

In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.

Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

88. What are the two types of NAT supported by the Security Gateway?

Destination and Hide

Hide and Static

Static and Source

Source and Destination

89. John is the administrator of a R80 Security Management server managing r R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole.

To make John’s changes available to other administrators, and to save the database before installing a policy, what must John do?

Logout of the session

File > Save

Install database

Publish the session

90. What are the Threat Prevention software components available on the Check Point Security Gateway?

IPS, Threat Emulation and Threat Extraction

IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction

IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction

IDS, Forensics, Anti-Virus, Sandboxing

Page 10 of 20

91. Choose what BEST describes users on Gaia Platform.

There are two default users and neither can be deleted.

There are two default users and one cannot be deleted.

There is one default user that can be deleted.

There is one default user that cannot be deleted.

92. Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility.

Which statement is true?

Manual NAT can offer more flexibility than Automatic NA

Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.

Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.

Automatic NAT can offer more flexibility than Manual NA

93. In ____________ NAT, the ____________ is translated.

Hide; source

Static; source

Simple; source

Hide; destination

94. Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

RADIUS

Check Point password

Security questions

SecurID

95. How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

Involved traffic logs will be forwarded to a log server.

Provides log details view email to the Administrator.

Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.

Provides additional information to the connected user.

96. Which of the following situations would not require a new license to be generated and installed?

The Security Gateway is upgraded.

The existing license expires.

The license is upgraded.

The IP address of the Security Management or Security Gateway has changed.

97. Fill in the blanks: Default port numbers for an LDAP server is ______ for standard connections and _______ SSL connections.

675, 389

389, 636

636, 290

290, 675

98. The competition between stateful inspection and proxies was based on performance, protocol support, and security.

Considering stateful Inspections and Proxies, which statement is correct?

Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities.

When it comes to performance, proxies were significantly faster than stateful inspection firewalls.

Proxies offer far more security because of being able to give visibility of the payload (the data).

When it comes to performance, stateful inspection was significantly faster than proxies.

99. What is the main objective when using Application Control?

To filter out specific content.

To assist the firewall blade with handling traffic.

To see what users are doing.

Ensure security and privacy of information.

100. Which tool is used to enable ClusterXL?

SmartUpdate

cpconfig

SmartConsole

sysconfig

Page 11 of 20

101. Office mode means that:

SecureID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Users authenticate with an Internet browser and use secure HTTPS connection.

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

102. Administrator wishes to update IPS from SmartConsole by clicking on the option “update now” under the IPS tab.

Which device requires internet access for the update to work?

Security Gateway

Device where SmartConsole is installed

SMS

SmartEvent

103. Jack works for a managed service provider and he has been tasked to create 17 new policies for several new customers. He does not have much time.

What is the BEST way to do this with R80 security management?

Create a text-file with mgmt_cli script that creates all objects and policies. Open the file in SmartConsole Command Line to run it.

Create a text-file with Gaia CLI -commands in order to create all objects and policies. Run the file in CLISH with command load configuration.

Create a text-file with DBEDIT script that creates all objects and policies. Run the file in the command line of the management server using command dbedit -f.

Use Object Explorer in SmartConsole to create the objects and Manage Policies from the menu to create the policies.

104. When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

RADIUS

Remote Access and RADIUS

AD Query

AD Query and Browser-based Authentication

105. Which of the following is NOT a back up method?

Save backup

System backup

snapshot

Migrate

106. Which of the following is NOT an advantage to using multiple LDAP servers?

You achieve a faster access time by placing LDAP servers containing the database at remote sites

Information on a user is hidden, yet distributed across several servers

You achieve compartmentalization by allowing a large number of users to be distributed across several servers

You gain High Availability by replicating the same information on several servers

107. Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

Firewall

Application Control

Anti-spam and Email Security

Antivirus

108. The default method for destination NAT is _____________, where NAT occurs on the Inbound interface closest to the client.

Destination side

Source side

Server side

Client side

109. Choose what BEST describes a Session.

Starts when an Administrator publishes all the changes made on SmartConsole.

Starts when an Administrator logs in to the Security Management Server through SmartConsole and ends when it is published.

Sessions ends when policy is pushed to the Security Gateway.

Sessions locks the policy package for editing.

110. Which of the following is NOT a VPN routing option available in a star community?

To satellites through center only

To center, or through the center to other satellites, to Internet and other VPN targets

To center and to other satellites through center

To center only

Page 12 of 20

111. What is the default shell of Gaia CLI?

Monitor

Read-only

Bash

112. Which of the following licenses are considered temporary?

Perpetual and Trial

Plug-and-play and Evaluation

Subscription and Perpetual

Evaluation and Subscription

113. Where can administrator edit a list of trusted SmartConsole clients in R80?

cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server.

Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients.

WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings>Permissions and Administrators>Advanced>Trusted Clients, via cpconfig on a Security Gateway.

114. Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default action is ________ all traffic.

Accept; redirect

Accept; drop

Redirect; drop

Drop; accept

115. Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.

Which details she need to fill in System Restore window before she can click OK button and test the backup?

Server, SCP, Username, Password, Path, Comment, Member

Server, TFTP, Username, Password, Path, Comment, All Members

Server, Protocol, Username, Password, Path, Comment, All Members

Server, Protocol, Username, Password, Path, Comment, Member

116. On the following picture an administrator configures Identity Awareness:

After clicking “Next” the above configuration is supported by:

Kerberos SSO which will be working for Active Directory integration

Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is completely transparent to the user

Obligatory usage of Captive Portal

The ports 443 or 80 what will be used by Browser-Based and configured Authentication

117. What does it mean if Bob gets this result on an object search? Refer to the image below. Choose the BEST answer.

Search detailed is missing the subnet mask.

There is no object on the database with that name or that IP address.

There is no object on the database with that IP address.

Object does not have a NAT IP address.

118. Why would an administrator see the message below?

A new Policy Package created on both the Management and Gateway will be deleted and must be packed up first before proceeding.

A new Policy Package created on the Management is going to be installed to the existing Gateway.

A new Policy Package created on the Gateway is going to be installed on the existing Management.

A new Policy Package created on the Gateway and transferred to the management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

119. Fill in the blank: The _________ software blade enables Application Security policies to allow, block, or limit website access based on user, group, and machine identities.

Application Control

Data Awareness

URL Filtering

Threat Emulation

120. At what point is the Internal Certificate Authority (ICA) created?

Upon creation of a certificate

During the primary Security Management Server installation process.

When an administrator decides to create one.

When an administrator initially logs into SmartConsole.

Page 13 of 20

121. In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?

Pentagon

Combined

Meshed

Star

122. Fill in the blank: ________information is included in the “Full Log” tracking option, but is not included in the “Log” tracking option?

file attributes

application

destination port

data type

123. In the R80 SmartConsole, on which tab are Permissions and Administrators defined?

Security Policies

Logs and Monitor

Manage and Settings

Gateway and Servers

124. Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

Full

Light

Custom

Complete

125. Fill in the blanks: The Application Layer Firewalls inspect traffic through the ________ layer(s) of the TCP/IP model and up to and including the ________ layer.

Lower; Application

First two; Internet

First two; Transport

Upper; Application

126. There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A’s interface issues were resolved and it became operational.

When it re-joins the cluster, will it become active automatically?

No, since “maintain current active cluster member” option on the cluster object properties is enabled by default

No, since “maintain current active cluster member” option is enabled by default on the Global Properties

Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by default

Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties

127. After the initial installation the First Time Configuration Wizard should be run. Select the BEST answer.

First Time Configuration Wizard can be run from the Unified SmartConsole.

First Time Configuration Wizard can be run from the command line or from the WebU

First time Configuration Wizard can only be run from the WebU

Connection to the internet is required before running the First Time Configuration wizard.

128. In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.

Command line of the Security Management Server or mgmt_cli.exe on any Windows computer.

SmartConsole and WebUI on the Security Management Server.

mgmt_cli or WebUI on Security Gateway and SmartConsole on the Security Management Server.

SmartConsole or mgmt_cli on any computer where SmartConsole is installed.

129. Which of the following is NOT an element of VPN Simplified Mode and VPN Communities?

“Encrypt” action in the Rule Base

Permanent Tunnels

“VPN” column in the Rule Base

Configuration checkbox “Accept all encrypted traffic”

130. Fill in the blanks: A Check Point software license consists of a _______ and _______ .

Software container; software package

Software blade; software container

Software package; signature

Signature; software blade

Page 14 of 20

131. Fill in the blank: Once a license is activated, a ________ should be installed.

License Management file

Security Gateway Contract file

Service Contract file

License Contract file

132. Which policy type is used to enforce bandwidth and traffic control rules?

Threat Emulation

Access Control

QoS

Threat Prevention

133. Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:

When Joe logs in, Bob will be log out automatically.

Since they both are log in on different interfaces, they both will be able to make changes.

If Joe tries to make changes, he won't, database will be locked.

Bob will be prompt that Joe logged in.

134. Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______

UserCheck

User Directory

User Administration

User Center

135. Which Check Point software blade provides protection from zero-day and undiscovered threats?

Firewall

Threat Emulation

Application Control

Threat Extraction

136. Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

assign privileges to users.

edit the home directory of the user.

add users to your Gaia system.

assign user rights to their home directory in the Security Management Server

137. Look at the following screenshot and select the BEST answer.

Clients external to the Security Gateway can download archive files from FTP_Ext server using FT

Internal clients can upload and download any-files to FTP_Ext-server using FT

Internal clients can upload and download archive-files to FTP_Ext server using FT

Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FT

138. Fill in the blanks: A security Policy is created in _________, stored in the _________, and Distributed to the various __________.

Rule base, Security Management Server, Security Gateways

SmartConsole, Security Gateway, Security Management Servers

SmartConsole, Security Management Server, Security Gateways

The Check Point database, SmartConsole, Security Gateways

139. Look at the screenshot below.

What CLISH command provides this output?

show configuration all

show confd configuration

show confd configuration all

show configuration

140. Which authentication scheme requires a user to possess a token?

TACACS

SecurID

Check Point password

RADIUS

Page 15 of 20

141. If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

Log Implied Rule was not selected on Global Properties.

Log Implied Rule was not set correctly on the track column on the rules base.

Track log column is set to none.

Track log column is set to Log instead of Full Log.

142. The most important part of a site-to-site VPN deployment is the ________.

Internet

Remote users

Encrypted VPN tunnel

VPN gateways

143. R80 Security Management Server can be installed on which of the following operating systems?

Gaia only

Gaia, SPLAT, Windows Server only

Gaia, SPLAT, Windows Server and IPSO only

Gaia and SPLAT only

144. What port is used for delivering logs from the gateway to the management server?

Port 258

Port 18209

Port 257

Port 981

145. The organization's security manager wishes to back up just the Gaia operating system parameters.

Which command can be used to back up only Gaia operating system parameters like interface details, Static routes and Proxy ARP entries?

show configuration

backup

migrate export

upgrade export

146. Choose what BEST describes users on Gaia Platform.

There is one default user that cannot be deleted.

There are two default users and one cannot be deleted.

There is one default user that can be deleted.

There are two default users that cannot be deleted and one SmartConsole Administrator.

147. You are going to upgrade from R77 to R80. Before the upgrade, you want to back up the system so that, if there are any problems, you can easily restore to the old version with all configuration and management files intact.

What is the BEST backup method in this scenario?

backup

Database Revision

snapshot

migrate export

148. The IT Management team is interested in the new features of the Check Point R80 Management and wants to upgrade but they are concerned that the existing R77.30 Gaia Gateways cannot be managed by R80 because it is so different.

As the administrator responsible for the Firewalls, how can you answer or confirm these concerns?

R80 Management contains compatibility packages for managing earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.

R80 Management requires the separate installation of compatibility hotfix packages for managing the earlier versions of Check Point Gateways prior to R80. Consult the R80 Release Notes for more information.

R80 Management was designed as a completely different Management system and so can only monitor Check Point Gateways prior to R80.

R80 Management cannot manage earlier versions of Check Point Gateways prior to R80. Only R80 and above Gateways can be managed. Consult the R80 Release Notes for more information.

149. Provide very wide coverage for all products and protocols, with noticeable performance impact.

How could you tune the profile in order to lower the CPU load still maintaining security at good level? Select the BEST answer.

Set High Confidence to Low and Low Confidence to Inactive.

Set the Performance Impact to Medium or lower.

The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.

Set the Performance Impact to Very Low Confidence to Prevent.

150. Fill in the blank: A _______ is used by a VPN gateway to send traffic as if it were a physical interface.

VPN Tunnel Interface

VPN community

VPN router

VPN interface

Page 16 of 20

151. Fill in the blank: The ________ feature allows administrators to share a policy with other policy packages.

Shared policy packages

Shared policies

Concurrent policy packages

Concurrent policies

152. You want to define a selected administrator's permission to edit a layer. However, when you click the + sign in the “Select additional profile that will be able edit this layer” you do not see anything.

What is the most likely cause of this problem? Select the BEST answer.

“Edit layers by Software Blades” is unselected in the Permission Profile

There are no permission profiles available and you need to create one first.

All permission profiles are in use.

“Edit layers by selected profiles in a layer editor” is unselected in the Permission profile.

153. Which of the following is NOT an alert option?

SNMP

High alert

Mail

User defined alert

154. Fill in the blanks: A High Availability deployment is referred to as a ______ cluster and a Load Sharing deployment is referred to as a ________ cluster.

Standby/standby; active/active

Active/active; standby/standby

Active/active; active/standby;

Active/standby; active/active

155. AdminA and AdminB are both logged in on SmartConsole.

What does it mean if AdminB sees a locked icon on a rule? Choose the BEST answer.

Rule is locked by AdminA, because the save bottom has not been press.

Rule is locked by AdminA, because an object on that rule is been edited.

Rule is locked by AdminA, and will make it available if session is published.

Rule is locked by AdminA, and if the session is saved, rule will be available

156. Which of the following is TRUE about the Check Point Host object?

Check Point Host has no routing ability even if it has more than one interface installed.

When you upgrade to R80 from R77.30 or earlier versions, Check Point Host objects are converted to gateway objects.

Check Point Host is capable of having an IP forwarding mechanism.

Check Point Host can act as a firewall.

157. Which of the following is NOT a set of Regulatory Requirements related to Information Security?

ISO 37001

Sarbanes Oxley (SOX)

HIPPA

PCI

158. Which command is used to obtain the configuration lock in Gaia?

Lock database override

Unlock database override

Unlock database lock

Lock database user

159. Joey is using the computer with IP address 192.168.20.13. He wants to access web page “www.CheckPoint.com”, which is hosted on Web server with IP address 203.0.113.111.

How many rules on Check Point Firewall are required for this connection?

Two rules C first one for the HTTP traffic and second one for DNS traffic.

Only one rule, because Check Point firewall is a Packet Filtering firewall

Two rules C one for outgoing request and second one for incoming replay.

Only one rule, because Check Point firewall is using Stateful Inspection technology.

160. Fill in the blank: Licenses can be added to the License and Contract repository ________ .

From the User Center, from a file, or manually

From a file, manually, or from SmartView Monitor

Manually, from SmartView Monitor, or from the User Center

From SmartView Monitor, from the User Center, or from a file

Page 17 of 20

161. Fill in the blank: A(n) _____ rule is created by an administrator and is located before the first and before last rules in the Rule Base.

Firewall drop

Explicit

Implicit accept

Implicit drop

Implied

162. Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .

Firewall policy install

Threat Prevention policy install

Anti-bot policy install

Access Control policy install

163. Fill in the blank: RADIUS Accounting gets ______ data from requests generated by the accounting client

Destination

Identity

Payload

Location

164. Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows them as prioritized security events.

SmartMonitor

SmartView Web Application

SmartReporter

SmartTracker

165. Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?

Firewall

Identity Awareness

Application Control

URL Filtering

166. How many users can have read/write access in Gaia at one time?

Infinite

One

Three

Two

167. Sally has a Hot Fix Accumulator (HFA) she wants to install on her Security Gateway which operates with GAiA, but she cannot SCP the HFA to the system. She can SSH into the Security Gateway, but she has never been able to SCP files to it.

What would be the most likely reason she cannot do so?

She needs to edit /etc/SSHd/SSHd_config and add the Standard Mode account.

She needs to run sysconfig and restart the SSH process.

She needs to edit /etc/scpusers and add the Standard Mode account.

She needs to run cpconfig to enable the ability to SCP files.

168. John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.

John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server.

To make this scenario work, the IT administrator:

1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.

2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.

John plugged in his laptop to the network on a different network segment and he is not able to connect.

How does he solve this problem?

John should install the identity Awareness Agent

The firewall admin should install the Security Policy

John should lock and unlock the computer

Investigate this as a network connectivity issue

169. Which feature in R77 permits blocking specific IP addresses for a specified time period?

Suspicious Activity Monitoring

HTTP Methods

Local Interface Spoofing

Block Port Overflow

170. MyCorp has the following NAT rules. You need to disable the NAT function when Alpha-internal networks try to reach the Google DNS (8.8.8.8) server.

What can you do in this case?

Use manual NAT rule to make an exception

Use the NAT settings in the Global Properties

Disable NAT inside the VPN community

Use network exception in the Alpha-internal network object

Page 18 of 20

171. What is the potential downside or drawback to choosing the Standalone deployment option instead of the Distributed deployment option?

degrades performance as the Security Policy grows in size

requires additional Check Point appliances

requires additional software subscription

increases cost

172. Which of the following statements accurately describes the command snapshot?

snapshot creates a full OS-level backup, including network-interface data, Check Point production information, and configuration settings of a GAiA Security Gateway.

snapshot creates a Security Management Server full system-level backup on any OS

snapshot stores only the system-configuration settings on the Gateway

A Gateway snapshot includes configuration settings and Check Point product information from the remote Security Management Server

173. The Captive Portal tool:

Acquires identities from unidentified users.

Is only used for guest user authentication.

Allows access to users already identified.

Is deployed from the Identity Awareness page in the Global Properties settings.

174. Where do we need to reset the SIC on a gateway object?

SmartDashboard > Edit Gateway Object > General Properties > Communication

SmartUpdate > Edit Security Management Server Object > SIC

SmartUpdate > Edit Gateway Object > Communication

SmartDashboard > Edit Security Management Server Object > SIC

175. Anti-Spoofing is typically set up on which object type?

Security Gateway

Host

Security Management object

Network

176. What happens if the identity of a user is known?

If the user credentials do not match an Access Role, the system displays the Captive Portal.

If the user credentials do not match an Access Role, the system displays a sandbox.

If the user credentials do not match an Access Role, the traffic is automatically dropped.

If the user credentials match an Access Role, the rule is applied and traffic is accepted or dropped based on the defined action.

177. Message digests use which of the following?

DES and RC4

IDEA and RC4

SSL and MD4

SHA-1 and MD5

178. When using LDAP as an authentication method for Identity Awareness, the query:

Requires client and server side software.

Prompts the user to enter credentials.

Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.

Is transparent, requiring no client or server side software, or client intervention.

179. You are conducting a security audit. While reviewing configuration files and logs, you notice logs accepting POP3 traffic, but you do not see a rule allowing POP3 traffic in the Rule Base.

Which of the following is the most likely cause?

The POP3 rule is disabled.

POP3 is accepted in Global Properties.

The POP3 rule is hidden.

POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.

180. What action can be performed from SmartUpdate R77?

upgrade_export

fw stat -1

cpinfo

remote_uninstall_verifier

Page 19 of 20

181. Your manager requires you to setup a VPN to a new business partner site. The administrator from the partner site gives you his VPN settings and you notice that he setup AES 128 for IKE phase 1 and AES 256 for IKE phase 2.

Why is this a problematic setup?

The two algorithms do not have the same key length and so don't work together. You will get the error … No proposal chosen…

All is fine as the longest key length has been chosen for encrypting the data and a shorter key length for higher performance for setting up the tunnel.

Only 128 bit keys are used for phase 1 keys which are protecting phase 2, so the longer key length in phase 2 only costs performance and does not add security due to a shorter key in phase 1.

All is fine and can be used as is.

182. Choose the SmartLog property that is TRUE.

SmartLog has been an option since release R71.10.

SmartLog is not a Check Point product.

SmartLog and SmartView Tracker are mutually exclusive.

SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

183. Which directory holds the SmartLog index files by default?

$SMARTLOGDIR/data

$SMARTLOG/dir

$FWDIR/smartlog

$FWDIR/log

184. To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster.

Which type of cluster is it?

Full HA Cluster

High Availability

Standalone

Distributed

185. Can a Check Point gateway translate both source IP address and destination IP address in a given packet?

Yes.

No.

Yes, but only when using Automatic NA

Yes, but only when using Manual NA

186. Which of the following is NOT defined by an Access Role object?

Source Network

Source Machine

Source User

Source Server

187. Install the Security Policy.

2, 3, 4, 1, 5

2, 1, 3, 4, 5

1, 3, 2, 4, 5

2, 3, 4, 5, 1

188. You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu.

When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?

The Gateway was not rebooted, which is necessary to change the SIC key.

You must first initialize the Gateway object in SmartDashboard (i.e., right-click on the object, choose Basic Setup > Initialize).

The check Point services on the Gateway were not restarted because you are still in the cpconfig utility.

The activation key contains letters that are on different keys on localized keyboards. Therefore, the activation can not be typed in a matching fashion.

189. Which of these components does NOT require a Security Gateway R77 license?

Security Management Server

Check Point Gateway

SmartConsole

SmartUpdate upgrading/patching

190. What statement is true regarding Visitor Mode?

VPN authentication and encrypted traffic are tunneled through port TCP 443.

Only ESP traffic is tunneled through port TCP 443.

Only Main mode and Quick mode traffic are tunneled on TCP port 443.

All VPN traffic is tunneled through UDP port 4500.

Page 20 of 20

191. Mesh and Star are two types of VPN topologies.

Which statement below is TRUE about these types of communities?

A star community requires Check Point gateways, as it is a Check Point proprietary technology.

In a star community, satellite gateways cannot communicate with each other.

In a mesh community, member gateways cannot communicate directly with each other.

In a mesh community, all members can create a tunnel with any other member.

192. What CLI utility allows an administrator to capture traffic along the firewall inspection chain?

show interface (interface) Cchain

tcpdump

tcpdump /snoop

fw monitor

193. Your bank's distributed R77 installation has Security Gateways up for renewal.

Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

SmartView Tracker

SmartPortal

SmartUpdate

SmartDashboard

194. NAT can NOT be configured on which of the following objects?

HTTP Logical Server

Gateway

Address Range

Host

195. The fw monitor utility is used to troubleshoot which of the following problems?

Phase two key negotiation

Address translation

Log Consolidation Engine

User data base corruption

196. You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.

In the SmartView Tracker, if you activate the column Matching Rate.

In SmartReporter, in the section Firewall Blade C Activity > Network Activity with information concerning Top Matched Logged Rules.

SmartReporter provides this information in the section Firewall Blade C Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

197. Study the Rule base and Client Authentication Action properties screen.

After being authenticated by the Security Gateways, a user starts a HTTP connection to a Web site.

What happens when the user tries to FTP to another site using the command line? The:

user is prompted for authentication by the Security Gateways again.

FTP data connection is dropped after the user is authenticated successfully.

user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication

FTP connection is dropped by Rule 2.

198. What are the three tabs available in SmartView Tracker?

Network & Endpoint, Management, and Active

Network, Endpoint, and Active

Predefined, All Records, Custom Queries

Endpoint, Active, and Custom Queries

199. In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?

Rule 0

Blank field under Rule Number

Rule 1

Cleanup Rule

200. Which SmartConsole component can Administrators use to track changes to the Rule Base?

WebUI

SmartView Tracker

SmartView Monitor

SmartReporter