156-315.81 Online Training Archives

Check Point 156-315.81 certification exam marks a higher rank in the IT sector. In this Check Point 156-315.81 Check Point Certified Security Expert R81 Online Training there are all new questions of CCSE 156-315.81 exam involved which hints you towards your accomplishment if you want success with worthy grades, which gives you exactly those which will be supportive for you in your final exams and as far as my involvement Exam4Training is the best for you as it has all the valuable online exam material which is vital for 156-315.81 Check Point Certified Security Expert R81 exam.

Page 1 of 20

1. Which of the following authentication methods ARE NOT used for Mobile Access?

RADIUS server

Username and password (internal, LDAP)

SecurID

TACACS+

2. What Factor preclude Secure XL Templating?

Source Port Ranges/Encrypted Connections

IPS

ClusterXL in load sharing Mode

CoreXL

3. What is true about VRRP implementations?

VRRP membership is enabled in cpconfig

VRRP can be used together with ClusterXL, but with degraded performance

You cannot have a standalone deployment

You cannot have different VRIDs in the same physical network

4. Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

Dynamic ID

RADIUS

Username and Password

Certificate

5. Which statement is NOT TRUE about Delta synchronization?

Using UDP Multicast or Broadcast on port 8161

Using UDP Multicast or Broadcast on port 8116

Quicker than Full sync

Transfers changes in the Kernel tables between cluster members.

6. The Firewall Administrator is required to create 100 new host objects with different IP addresses.

What API command can he use in the script to achieve the requirement?

add host name <New HostName> ip-address <ip address>

add hostname <New HostName> ip-address <ip address>

set host name <New HostName> ip-address <ip address>

set hostname <New HostName> ip-address <ip address>

7. What is the mechanism behind Threat Extraction?

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

8. What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Anti-Bot is the only countermeasure against unknown malware

Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers

Anti-Bot is the only signature-based method of malware protection.

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

9. Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

15 sec

60 sec

5 sec

30 sec

10. The Event List within the Event tab contains:

a list of options available for running a query.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

events generated by a query.

the details of a selected event.

Page 2 of 20

11. SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser.

What are the two modes of SNX?

Application and Client Service

Network and Application

Network and Layers

Virtual Adapter and Mobile App

12. Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

Time object to a rule to make the rule active only during specified times.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

13. In R81, how do you manage your Mobile Access Policy?

Through the Unified Policy

Through the Mobile Console

From SmartDashboard

From the Dedicated Mobility Tab

14. On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

18210

18184

257

18191

15. CoreXL is supported when one of the following features is enabled:

Route-based VPN

IPS

IPv6

Overlapping NAT

16. You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

Create a separate Security Policy package for each remote Security Gateway.

Create network objects that restricts all applicable rules to only certain networks.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

17. Which method below is NOT one of the ways to communicate using the Management API’s?

Typing API commands using the “mgmt_cli” command

Typing API commands from a dialog box inside the SmartConsole GUI application

Typing API commands using Gaia’s secure shell(clish)19+

Sending API commands over an http connection using web-services

18. Which command would disable a Cluster Member permanently?

clusterXL_admin down

cphaprob_admin down

clusterXL_admin down-p

set clusterXL down-p

19. Which TCP-port does CPM process listen to?

18191

18190

8983

19009

20. Which is NOT an example of a Check Point API?

Gateway API

Management API

OPSC SDK

Threat Prevention API

Page 3 of 20

21. What command verifies that the API server is responding?

api stat

api status

show api_status

app_get_status

22. Which command lists all tables in Gaia?

fw tab Ct

fw tab Clist

fw-tab Cs

fw tab -1

23. You have successfully backed up Check Point configurations without the OS information.

What command would you use to restore this backup?

restore_backup

import backup

cp_merge

migrate import

24. Which CLI command will reset the IPS pattern matcher statistics?

ips reset pmstat

ips pstats reset

ips pmstats refresh

ips pmstats reset

25. What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Stateful Mode

VPN Routing Mode

Wire Mode

Stateless Mode

26. Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

infoCP

infoview

cpinfo

fw cpinfo

27. Which of the following statements is TRUE about R81 management plug-ins?

The plug-in is a package installed on the Security Gateway.

Installing a management plug-in requires a Snapshot, just like any upgrade process.

A management plug-in interacts with a Security Management Server to provide new features and support for new products.

Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

28. Which command can you use to verify the number of active concurrent connections?

fw conn all

fw ctl pstat

show all connections

show connections

29. Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

One machine

Two machines

Three machines

30. You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Inspect/Bypass

Inspect/Prevent

Prevent/Bypass

Detect/Bypass

Page 4 of 20

31. Which command shows actual allowed connections in state table?

fw tab Ct StateTable

fw tab Ct connections

fw tab Ct connection

fw tab connections

32. What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

Source address, Destination address, Source port, Destination port, Protocol

Source MAC address, Destination MAC address, Source port, Destination port, Protocol

Source address, Destination address, Source port, Destination port

Source address, Destination address, Destination port, Protocol

33. SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data.

Which component is NOT part of the SandBlast Mobile solution?

Management Dashboard

Gateway

Personal User Storage

Behavior Risk Engine

34. What is the least amount of CPU cores required to enable CoreXL?

35. What happen when IPS profile is set in Detect Only Mode for troubleshooting?

It will generate Geo-Protection traffic

Automatically uploads debugging logs to Check Point Support Center

It will not block malicious traffic

Bypass licenses requirement for Geo-Protection control

36. What are the different command sources that allow you to communicate with the API server?

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

API_cli Tool, Gaia CLI, Web Services

37. In R81 spoofing is defined as a method of:

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

Hiding your firewall from unauthorized users.

Detecting people using false or wrong authentication logins

Making packets appear as if they come from an authorized IP address.

38. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher.

How can you enable them?

fw ctl multik dynamic_dispatching on

fw ctl multik dynamic_dispatching set_mode 9

fw ctl multik set_mode 9

fw ctl multik pq enable

39. Which statement is correct about the Sticky Decision Function?

It is not supported with either the Performance pack of a hardware based accelerator card

Does not support SPI’s when configured for Load Sharing

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

It is not required L2TP traffic

40. Which command will allow you to see the interface status?

cphaprob interface

cphaprob CI interface

cphaprob Ca if

cphaprob stat

Page 5 of 20

41. Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

Check Point Remote User

Check Point Capsule Workspace

Check Point Mobile Web Portal

Check Point Capsule Remote

42. You want to gather and analyze threats to your mobile device. It has to be a lightweight app.

Which application would you use?

SmartEvent Client Info

SecuRemote

Check Point Protect

Check Point Capsule Cloud

43. What is the correct command to observe the Sync traffic in a VRRP environment?

fw monitor Ce “accept[12:4,b]=224.0.0.18;”

fw monitor Ce “accept port(6118;”

fw monitor Ce “accept proto=mcVRRP;”

fw monitor Ce “accept dst=224.0.0.18;”

44. Advanced Security Checkups can be easily conducted within:

Reports

Advanced

Checkups

Views

Summary

45. When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

SecureID

SecurID

Complexity

TacAcs

46. Where you can see and search records of action done by R81 SmartConsole administrators?

In SmartView Tracker, open active log

In the Logs & Monitor view, select “Open Audit Log View”

In SmartAuditLog View

In Smartlog, all logs

47. Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

50%

75%

80%

15%

48. Which command is used to set the CCP protocol to Multicast?

cphaprob set_ccp multicast

cphaconf set_ccp multicast

cphaconf set_ccp no_broadcast

cphaprob set_ccp no_broadcast

49. Which command can you use to enable or disable multi-queue per interface?

cpmq set

Cpmqueue set

Cpmq config

St cpmq enable

50. Which of the following process pulls application monitoring status?

fwd

fwm

cpwd

cpd

Page 6 of 20

51. fwssd is a child process of which of the following Check Point daemons?

fwd

cpwd

fwm

cpd

52. Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Block Port Overflow

Local Interface Spoofing

Suspicious Activity Monitoring

Adaptive Threat Prevention

53. Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

User data base corruption

LDAP conflicts

Traffic issues

Phase two key negotiations

54. How can SmartView application accessed?

http://<Security Management IP Address>/smartview

http://<Security Management IP Address>:4434/smartview/

https://<Security Management IP Address>/smartview/

https://<Security Management host name>:4434/smartview/

55. Identify the API that is not supported by Check Point currently.

R81 Management API-

Identity Awareness Web Services API

Open REST API

OPSEC SDK

56. Which packet info is ignored with Session Rate Acceleration?

source port ranges

source ip

source port

same info from Packet Acceleration is used

57. To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

fw ctl multik set_mode 1

fw ctl Dynamic_Priority_Queue on

fw ctl Dynamic_Priority_Queue enable

fw ctl multik set_mode 9

58. When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

None, Security Management Server would be installed by itself.

SmartConsole

SecureClient

Security Gateway

SmartEvent

59. Post-Automatic/Manual NAT rules

1, 2, 3, 4

1, 4, 2, 3

3, 1, 2, 4

4, 3, 1, 2

60. Session unique identifiers are passed to the web api using which http header option?

X-chkp-sid

Accept-Charset

Proxy-Authorization

Application

Page 7 of 20

61. Your manager asked you to check the status of SecureXL, and its enabled templates and features.

What command will you use to provide such information to manager?

fw accel stat

fwaccel stat

fw acces stats

fwaccel stats

62. Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

TCP Port 18190

TCP Port 18209

TCP Port 19009

TCP Port 18191

63. Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane.

Which is NOT an option to adjust or configure?

Severity

Automatic reactions

Policy

Threshold

64. Which view is NOT a valid CPVIEW view?

IDA

RAD

PDP

VPN

65. Which of the SecureXL templates are enabled by default on Security Gateway?

Drop

NAT

None

66. Which features are only supported with R81.10 Gateways but not R77.x?

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

Time object to a rule to make the rule active only during specified times.

67. What SmartEvent component creates events?

Consolidation Policy

Correlation Unit

SmartEvent Policy

SmartEvent GUI

68. What is true about the IPS-Blade?

In R81, IPS is managed by the Threat Prevention Policy

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

In R81, IPS Exceptions cannot be attached to “all rules”

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

69. ESTION NO: 10

Which two of these Check Point Protocols are used by SmartEvent Processes?

ELA and CPD

FWD and LEA

FWD and CPLOG

ELA and CPLOG

70. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

TCP port 19009

TCP Port 18190

TCP Port 18191

TCP Port 18209

Page 8 of 20

71. What has to be taken into consideration when configuring Management HA?

The Database revisions will not be synchronized between the management servers

Smart Console must be closed prior to synchronized changes in the objects database

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

72. The Firewall kernel is replicated multiple times, therefore:

The Firewall kernel only touches the packet if the connection is accelerated

The Firewall can run different policies per core

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

The Firewall can run the same policy on all cores.

73. The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

fwd via cpm

fwm via fwd

cpm via cpd

fwd via cpd

74. Which command collects diagnostic data for analyzing customer setup remotely?

cpinfo

migrate export

sysinfo

cpview

75. In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Big l

Little o

Little i

Big O

76. What is the difference between an event and a log?

Events are generated at gateway according to Event Policy

A log entry becomes an event when it matches any rule defined in Event Policy

Events are collected with SmartWorkflow form Trouble Ticket systems

Log and Events are synonyms

77. R81.10 management server can manage gateways with which versions installed?

Versions R77 and higher

Versions R76 and higher

Versions R75.20 and higher

Versions R75 and higher

78. Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

79. Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.

upgrade_import

cpconfig

fwm dbimport -p <export file>

cpinfo Crecover

80. To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab.

How many options are available to calculate the traffic direction?

5 Network; Host; Objects; Services; API

3 Incoming; Outgoing; Network

2 Internal; External

4 Incoming; Outgoing; Internal; Other

Page 9 of 20

81. The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .

TCP 18211

TCP 257

TCP 4433

TCP 443

82. To fully enable Dynamic Dispatcher on a Security Gateway:

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

run fw multik set_mode 1 in Expert mode and then reboot.

83. Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

logd

fwd

fwm

cpd

84. Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

Synchronized

Never been synchronized

Lagging

Collision

85. Which statement is true regarding redundancy?

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob Cf if command.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

Machines in a ClusterXL High Availability configuration must be synchronized.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

86. There are 4 ways to use the Management API for creating host object with R81 Management API.

Which one is NOT correct?

Using Web Services

Using Mgmt_cli tool

Using CLISH

Using SmartConsole GUI console

Events are collected with SmartWorkflow from Trouble Ticket systems

87. Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Symmetric routing

Failovers

Asymmetric routing

Anti-Spoofing

88. In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

fw ctl sdstat

fw ctl affinity Cl Ca Cr Cv

fw ctl multik stat

cpinfo

89. How many images are included with Check Point TE appliance in Recommended Mode?

2(OS) images

images are chosen by administrator during installation

as many as licensed for

the most new image

90. The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

Secure Internal Communication (SIC)

Restart Daemons if they fail

Transfers messages between Firewall processes

Pulls application monitoring status

Page 10 of 20

91. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic.

The cpm process:

Allow GUI Client and management server to communicate via TCP Port 19001

Allow GUI Client and management server to communicate via TCP Port 18191

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

92. If you needed the Multicast MAC address of a cluster, what command would you run?

cphaprob Ca if

cphaconf ccp multicast

cphaconf debug data

cphaprob igmp

93. Connections to the Check Point R81 Web API use what protocol?

HTTPS

RPC

VPN

SIC

94. What is the limitation of employing Sticky Decision Function?

With SDF enabled, the involved VPN Gateways only supports IKEv1

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

With SDF enabled, only ClusterXL in legacy mode is supported

With SDF enabled, you can only have three Sync interfaces at most

95. What are the three components for Check Point Capsule?

Capsule Docs, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Cloud

96. Full synchronization between cluster members is handled by Firewall Kernel.

Which port is used for this?

UDP port 265

TCP port 265

UDP port 256

TCP port 256

97. CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

MySQL

Postgres SQL

MarisDB

SOLR

98. During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity.

Which of those hosts should you try to remediate first?

Host having a Critical event found by Threat Emulation

Host having a Critical event found by IPS

Host having a Critical event found by Antivirus

Host having a Critical event found by Anti-Bot

99. What is not a component of Check Point SandBlast?

Threat Emulation

Threat Simulator

Threat Extraction

Threat Cloud

100. Which of these statements describes the Check Point ThreatCloud?

Blocks or limits usage of web applications

Prevents or controls access to web sites based on category

Prevents Cloud vulnerability exploits

A worldwide collaborative security network

Page 11 of 20

101. Identify the API that is not supported by Check Point currently.

R81 Management API-

Identity Awareness Web Services API

Open REST API

OPSEC SDK

102. SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data.

Which component is NOT part of the SandBlast Mobile solution?

Management Dashboard

Gateway

Personal User Storage

Behavior Risk Engine

103. What are the different command sources that allow you to communicate with the API server?

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

API_cli Tool, Gaia CLI, Web Services

104. What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Anti-Bot is the only countermeasure against unknown malware

Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers

Anti-Bot is the only signature-based method of malware protection.

Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

105. Which TCP-port does CPM process listen to?

18191

18190

8983

19009

106. Which method below is NOT one of the ways to communicate using the Management API’s?

Typing API commands using the “mgmt_cli” command

Typing API commands from a dialog box inside the SmartConsole GUI application

Typing API commands using Gaia’s secure shell(clish)19+

Sending API commands over an http connection using web-services

107. Your manager asked you to check the status of SecureXL, and its enabled templates and features.

What command will you use to provide such information to manager?

fw accel stat

fwaccel stat

fw acces stats

fwaccel stats

108. SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser.

What are the two modes of SNX?

Application and Client Service

Network and Application

Network and Layers

Virtual Adapter and Mobile App

109. Which command would disable a Cluster Member permanently?

clusterXL_admin down

cphaprob_admin down

clusterXL_admin down-p

set clusterXL down-p

110. ESTION NO: 10

Which two of these Check Point Protocols are used by SmartEvent Processes?

ELA and CPD

FWD and LEA

FWD and CPLOG

ELA and CPLOG

Page 12 of 20

111. Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.

infoCP

infoview

cpinfo

fw cpinfo

112. Which of these statements describes the Check Point ThreatCloud?

Blocks or limits usage of web applications

Prevents or controls access to web sites based on category

Prevents Cloud vulnerability exploits

A worldwide collaborative security network

113. Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

15 sec

60 sec

5 sec

30 sec

114. Which command will allow you to see the interface status?

cphaprob interface

cphaprob CI interface

cphaprob Ca if

cphaprob stat

115. Which command can you use to enable or disable multi-queue per interface?

cpmq set

Cpmqueue set

Cpmq config

St cpmq enable

116. To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab.

How many options are available to calculate the traffic direction?

5 Network; Host; Objects; Services; API

3 Incoming; Outgoing; Network

2 Internal; External

4 Incoming; Outgoing; Internal; Other

117. There are 4 ways to use the Management API for creating host object with R81 Management API.

Which one is NOT correct?

Using Web Services

Using Mgmt_cli tool

Using CLISH

Using SmartConsole GUI console

Events are collected with SmartWorkflow from Trouble Ticket systems

118. CoreXL is supported when one of the following features is enabled:

Route-based VPN

IPS

IPv6

Overlapping NAT

119. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher.

How can you enable them?

fw ctl multik dynamic_dispatching on

fw ctl multik dynamic_dispatching set_mode 9

fw ctl multik set_mode 9

fw ctl multik pq enable

120. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

TCP port 19009

TCP Port 18190

TCP Port 18191

TCP Port 18209

Page 13 of 20

121. Which command is used to set the CCP protocol to Multicast?

cphaprob set_ccp multicast

cphaconf set_ccp multicast

cphaconf set_ccp no_broadcast

cphaprob set_ccp no_broadcast

122. Which packet info is ignored with Session Rate Acceleration?

source port ranges

source ip

source port

same info from Packet Acceleration is used

123. Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

Synchronized

Never been synchronized

Lagging

Collision

124. During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity.

Which of those hosts should you try to remediate first?

Host having a Critical event found by Threat Emulation

Host having a Critical event found by IPS

Host having a Critical event found by Antivirus

Host having a Critical event found by Anti-Bot

125. In R81 spoofing is defined as a method of:

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

Hiding your firewall from unauthorized users.

Detecting people using false or wrong authentication logins

Making packets appear as if they come from an authorized IP address.

126. Connections to the Check Point R81 Web API use what protocol?

HTTPS

RPC

VPN

SIC

127. Which command lists all tables in Gaia?

fw tab Ct

fw tab Clist

fw-tab Cs

fw tab -1

128. What is true about the IPS-Blade?

In R81, IPS is managed by the Threat Prevention Policy

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

In R81, IPS Exceptions cannot be attached to “all rules”

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

129. Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

130. What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Stateful Mode

VPN Routing Mode

Wire Mode

Stateless Mode

Page 14 of 20

131. What Factor preclude Secure XL Templating?

Source Port Ranges/Encrypted Connections

IPS

ClusterXL in load sharing Mode

CoreXL

132. In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

fw ctl sdstat

fw ctl affinity Cl Ca Cr Cv

fw ctl multik stat

cpinfo

133. Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

TCP Port 18190

TCP Port 18209

TCP Port 19009

TCP Port 18191

134. The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

Secure Internal Communication (SIC)

Restart Daemons if they fail

Transfers messages between Firewall processes

Pulls application monitoring status

135. What is not a component of Check Point SandBlast?

Threat Emulation

Threat Simulator

Threat Extraction

Threat Cloud

136. Full synchronization between cluster members is handled by Firewall Kernel.

Which port is used for this?

UDP port 265

TCP port 265

UDP port 256

TCP port 256

137. Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.

upgrade_import

cpconfig

fwm dbimport -p <export file>

cpinfo Crecover

138. Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic.

The cpm process:

Allow GUI Client and management server to communicate via TCP Port 19001

Allow GUI Client and management server to communicate via TCP Port 18191

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

139. Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

Dynamic ID

RADIUS

Username and Password

Certificate

140. Which of the SecureXL templates are enabled by default on Security Gateway?

Drop

NAT

None

Page 15 of 20

141. What happen when IPS profile is set in Detect Only Mode for troubleshooting?

It will generate Geo-Protection traffic

Automatically uploads debugging logs to Check Point Support Center

It will not block malicious traffic

Bypass licenses requirement for Geo-Protection control

142. What is true about VRRP implementations?

VRRP membership is enabled in cpconfig

VRRP can be used together with ClusterXL, but with degraded performance

You cannot have a standalone deployment

You cannot have different VRIDs in the same physical network

143. The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______.

TCP 18211

TCP 257

TCP 4433

TCP 443

144. Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Block Port Overflow

Local Interface Spoofing

Suspicious Activity Monitoring

Adaptive Threat Prevention

145. In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Big l

Little o

Little i

Big O

146. What is the mechanism behind Threat Extraction?

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

147. You want to gather and analyze threats to your mobile device. It has to be a lightweight app.

Which application would you use?

SmartEvent Client Info

SecuRemote

Check Point Protect

Check Point Capsule Cloud

148. Which view is NOT a valid CPVIEW view?

IDA

RAD

PDP

VPN

149. Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

Time object to a rule to make the rule active only during specified times.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

150. fwssd is a child process of which of the following Check Point daemons?

fwd

cpwd

fwm

cpd

Page 16 of 20

151. Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.

Symmetric routing

Failovers

Asymmetric routing

Anti-Spoofing

152. CPM process stores objects, policies, users, administrators, licenses and management data in a database.

The database is:

MySQL

Postgres SQL

MarisDB

SOLR

153. If you needed the Multicast MAC address of a cluster, what command would you run?

cphaprob Ca if

cphaconf ccp multicast

cphaconf debug data

cphaprob igmp

154. Which is NOT an example of a Check Point API?

Gateway API

Management API

OPSC SDK

Threat Prevention API

155. What are the three components for Check Point Capsule?

Capsule Docs, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Cloud, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Connect

Capsule Workspace, Capsule Docs, Capsule Cloud

156. Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

logd

fwd

fwm

cpd

157. The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

fwd via cpm

fwm via fwd

cpm via cpd

fwd via cpd

158. You have successfully backed up Check Point configurations without the OS information.

What command would you use to restore this backup?

restore_backup

import backup

cp_merge

migrate import

159. The Firewall Administrator is required to create 100 new host objects with different IP addresses.

What API command can he use in the script to achieve the requirement?

add host name <New HostName> ip-address <ip address>

add hostname <New HostName> ip-address <ip address>

set host name <New HostName> ip-address <ip address>

set hostname <New HostName> ip-address <ip address>

160. Tom has been tasked to install Check Point R81 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

One machine

Two machines

Three machines

Page 17 of 20

161. You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Inspect/Bypass

Inspect/Prevent

Prevent/Bypass

Detect/Bypass

162. When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

None, Security Management Server would be installed by itself.

SmartConsole

SecureClient

Security Gateway

SmartEvent

163. On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

18210

18184

257

18191

164. How many images are included with Check Point TE appliance in Recommended Mode?

2(OS) images

images are chosen by administrator during installation

as many as licensed for

the most new image

165. What is the least amount of CPU cores required to enable CoreXL?

166. You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

Create a separate Security Policy package for each remote Security Gateway.

Create network objects that restricts all applicable rules to only certain networks.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

167. Which of the following authentication methods ARE NOT used for Mobile Access?

RADIUS server

Username and password (internal, LDAP)

SecurID

TACACS+

168. What is the correct command to observe the Sync traffic in a VRRP environment?

fw monitor Ce “accept[12:4,b]=224.0.0.18;”

fw monitor Ce “accept port(6118;”

fw monitor Ce “accept proto=mcVRRP;”

fw monitor Ce “accept dst=224.0.0.18;”

169. What has to be taken into consideration when configuring Management HA?

The Database revisions will not be synchronized between the management servers

SmartConsole must be closed prior to synchronized changes in the objects database

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

170. What is the difference between an event and a log?

Events are generated at gateway according to Event Policy

A log entry becomes an event when it matches any rule defined in Event Policy

Events are collected with SmartWorkflow form Trouble Ticket systems

Log and Events are synonyms

Page 18 of 20

171. What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

Source address, Destination address, Source port, Destination port, Protocol

Source MAC address, Destination MAC address, Source port, Destination port, Protocol

Source address, Destination address, Source port, Destination port

Source address, Destination address, Destination port, Protocol

172. Which statement is NOT TRUE about Delta synchronization?

Using UDP Multicast or Broadcast on port 8161

Using UDP Multicast or Broadcast on port 8116

Quicker than Full sync

Transfers changes in the Kernel tables between cluster members.

173. The Event List within the Event tab contains:

a list of options available for running a query.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

events generated by a query.

the details of a selected event.

174. Which statement is correct about the Sticky Decision Function?

It is not supported with either the Performance pack of a hardware based accelerator card

Does not support SPI’s when configured for Load Sharing

It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

It is not required L2TP traffic

175. Which statement is true regarding redundancy?

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob Cf if command.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

Machines in a ClusterXL High Availability configuration must be synchronized.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

176. Post-Automatic/Manual NAT rules

1, 2, 3, 4

1, 4, 2, 3

3, 1, 2, 4

4, 3, 1, 2

177. In R81, how do you manage your Mobile Access Policy?

Through the Unified Policy

Through the Mobile Console

From SmartDashboard

From the Dedicated Mobility Tab

178. R81.10 management server can manage gateways with which versions installed?

Versions R77 and higher

Versions R76 and higher

Versions R75.20 and higher

Versions R75 and higher

179. Which command can you use to verify the number of active concurrent connections?

fw conn all

fw ctl pstat

show all connections

show connections

180. Which of the following statements is TRUE about R81 management plug-ins?

The plug-in is a package installed on the Security Gateway.

Installing a management plug-in requires a Snapshot, just like any upgrade process.

A management plug-in interacts with a Security Management Server to provide new features and support for new products.

Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

Page 19 of 20

181. How can SmartView application accessed?

http://<Security Management IP Address>/smartview

http://<Security Management IP Address>:4434/smartview/

https://<Security Management IP Address>/smartview/

https://<Security Management host name>:4434/smartview/

182. What command verifies that the API server is responding?

api stat

api status

show api_status

app_get_status

183. Where you can see and search records of action done by R81 SmartConsole administrators?

In SmartView Tracker, open active log

In the Logs & Monitor view, select “Open Audit Log View”

In SmartAuditLog View

In Smartlog, all logs

184. Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.

User data base corruption

LDAP conflicts

Traffic issues

Phase two key negotiations

185. The Firewall kernel is replicated multiple times, therefore:

The Firewall kernel only touches the packet if the connection is accelerated

The Firewall can run different policies per core

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

The Firewall can run the same policy on all cores.

186. Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane.

Which is NOT an option to adjust or configure?

Severity

Automatic reactions

Policy

Threshold

187. To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

fw ctl multik set_mode 1

fw ctl Dynamic_Priority_Queue on

fw ctl Dynamic_Priority_Queue enable

fw ctl multik set_mode 9

188. Advanced Security Checkups can be easily conducted within:

Reports

Advanced

Checkups

Views

Summary

189. What is the limitation of employing Sticky Decision Function?

With SDF enabled, the involved VPN Gateways only supports IKEv1

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

With SDF enabled, only ClusterXL in legacy mode is supported

With SDF enabled, you can only have three Sync interfaces at most

190. Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?

Check Point Remote User

Check Point Capsule Workspace

Check Point Mobile Web Portal

Check Point Capsule Remote

Page 20 of 20

191. Which of the following process pulls application monitoring status?

fwd

fwm

cpwd

cpd

192. To fully enable Dynamic Dispatcher on a Security Gateway:

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

run fw multik set_mode 1 in Expert mode and then reboot.

193. Session unique identifiers are passed to the web api using which http header option?

X-chkp-sid

Accept-Charset

Proxy-Authorization

Application

194. Which command shows actual allowed connections in state table?

fw tab Ct StateTable

fw tab Ct connections

fw tab Ct connection

fw tab connections

195. What SmartEvent component creates events?

Consolidation Policy

Correlation Unit

SmartEvent Policy

SmartEvent GUI

196. Which command collects diagnostic data for analyzing customer setup remotely?

cpinfo

migrate export

sysinfo

cpview

197. Which features are only supported with R81.10 Gateways but not R77.x?

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

Time object to a rule to make the rule active only during specified times.

198. Which CLI command will reset the IPS pattern matcher statistics?

ips reset pmstat

ips pstats reset

ips pmstats refresh

ips pmstats reset

199. When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

SecureID

SecurID

Complexity

TacAcs

200. Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

50%

75%

80%

15%