The Correlation Unit performs all but which of the following actions:
A . Marks logs that individually are not events, but may be part of a larger pattern to be identified later
B . Generates an event based on the Event policy
C . Assigns a severity level to the event
D . Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event
Answer: C
What are types of Check Point APIs available currently as part of R80.10 code?
A . Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
B . Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C . OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D . CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Answer: B
Explanation:
Reference: http://dl3.checkpoint.com/paid/29/29532b9eec50d0a947719ae631f640d0/ CP_R80_CheckPoint_API_ReferenceGuide.pdf? HashKey=1522171994_d7bae71a861bbc54c18c61420e586d77&xtn=.pdf
When synchronizing clusters, which of the following statements is FALSE?
A . The state of connections using resources is maintained in a Security Server, so their connections cannot be synchronized.
B . Only cluster members running on the same OS platform can be synchronized.
C . In the case of a failover, accounting information on the failed member may be lost despite a properly working synchronization.
D . Client Authentication or Session Authentication connections through a cluster member will be lost if the cluster member fails.
Answer: D
Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
A . 50%
B . 75%
C . 80%
D . 15%
Answer: D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk110557
The “MAC magic” value must be modified under the following condition:
A . There is more than one cluster connected to the same VLAN
B . A firewall cluster is configured to use Multicast for CCP traffic
C . There are more than two members in a firewall cluster
D . A firewall cluster is configured to use Broadcast for CCP traffic
Answer: D
Explanation:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk25977
The SmartEvent R80 Web application for real-time event monitoring is called:
A . SmartView Monitor
B . SmartEventWeb
C . There is no Web application for SmartEvent
D . SmartView
Answer: A
Explanation:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/ html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
A . Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B . Mail, Block Source, Block Destination, Block Services, SNMP Trap
C . Mail, Block Source, Block Destination, External Script, SNMP Trap
D . Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Answer: A
Explanation:
These are the types of Automatic Reactions:
– Mail – tell an administrator by email that the event occurred. See Create a Mail Reaction.
– Block Source – instruct the Security Gateway to block the source IP address from which this event was detected for a configurable period of time . Select a period of time from one minute to more than three weeks. See Create a Block Source Reaction
– Block Event activity – instruct the Security Gateway to block a distributed attack that emanates from multiple sources, or attacks multiple destinations for a configurable period of time. Select a period of time from one minute to more than three weeks). See Create a Block Event Activity Reaction.
– External Script – run a script that you provide. See Creating an External Script Automatic Reaction to write a script that can exploit SmartEvent data.
– SNMP Trap – generate an SNMP Trap. See Create an SNMP Trap Reaction.
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/ html_frameset.htm?topic=documents/R80/CP_R80_LoggingAndMonitoring/131915
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
A . Stateful Mode
B . VPN Routing Mode
C . Wire Mode
D . Stateless Mode
Answer: C
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can now be deployed. The VPN connection is no different from any other connections along a dedicated wire, thus the meaning of "Wire Mode".
Reference: https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk30974
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
A . SandBlast Threat Emulation
B . SandBlast Agent
C . Check Point Protect
D . SandBlast Threat Extraction
Answer: D
What is the port used for SmartConsole to connect to the Security Management Server:
A . CPMI port 18191/TCP
B . CPM port / TCP port 19009
C . SIC port 18191/TCP
D . https port 4434/TCP
Answer: A