New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

156-315.81 Check Point Certified Security Expert R81.20 Questions and Answers

Questions 4

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Buy Now
Questions 5

Which one of the following is true about Capsule Connect?

Options:

A.

It is a full layer 3 VPN client

B.

It offers full enterprise mobility management

C.

It is supported only on iOS phones and Windows PCs

D.

It does not support all VPN authentication methods

Buy Now
Questions 6

: 131

Which command is used to display status information for various components?

Options:

A.

show all systems

B.

show system messages

C.

sysmess all

D.

show sysenv all

Buy Now
Questions 7

What is the purpose of Priority Delta in VRRP?

Options:

A.

When a box up, Effective Priority = Priority + Priority Delta

B.

When an Interface is up, Effective Priority = Priority + Priority Delta

C.

When an Interface fail, Effective Priority = Priority – Priority Delta

D.

When a box fail, Effective Priority = Priority – Priority Delta

Buy Now
Questions 8

What is considered Hybrid Emulation Mode?

Options:

A.

Manual configuration of file types on emulation location.

B.

Load sharing of emulation between an on premise appliance and the cloud.

C.

Load sharing between OS behavior and CPU Level emulation.

D.

High availability between the local SandBlast appliance and the cloud.

Buy Now
Questions 9

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

Options:

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Buy Now
Questions 10

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.

He can use the fw accel stat command on the gateway.

B.

He can use the fw accel statistics command on the gateway.

C.

He can use the fwaccel stat command on the Security Management Server.

D.

He can use the fwaccel stat command on the gateway

Buy Now
Questions 11

You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

Options:

A.

TCP port 443

B.

TCP port 257

C.

TCP port 256

D.

UDP port 8116

Buy Now
Questions 12

How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

Options:

A.

Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B.

Install appliance TE250X in standalone mode and setup MTA.

C.

You can utilize only Check Point Cloud Services for this scenario.

D.

It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Buy Now
Questions 13

What component of R81 Management is used for indexing?

Options:

A.

DBSync

B.

API Server

C.

fwm

D.

SOLR

Buy Now
Questions 14

Both ClusterXL and VRRP are fully supported by Gaia R81.20 and available to all Check Point appliances. Which the following command is NOT related to redundancy and functions?

Options:

A.

cphaprob stat

B.

cphaprob –a if

C.

cphaprob –l list

D.

cphaprob all show stat

Buy Now
Questions 15

Which statement is true about ClusterXL?

Options:

A.

Supports Dynamic Routing (Unicast and Multicast)

B.

Supports Dynamic Routing (Unicast Only)

C.

Supports Dynamic Routing (Multicast Only)

D.

Does not support Dynamic Routing

Buy Now
Questions 16

What processes does CPM control?

Options:

A.

Object-Store, Database changes, CPM Process and web-services

B.

web-services, CPMI process, DLEserver, CPM process

C.

DLEServer, Object-Store, CP Process and database changes

D.

web_services, dle_server and object_Store

Buy Now
Questions 17

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

Options:

A.

cpwd

B.

fwd

C.

cpd

D.

fwm

Buy Now
Questions 18

You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?

Options:

A.

cphaprob –f register

B.

cphaprob –d –s report

C.

cpstat –f all

D.

cphaprob –a list

Buy Now
Questions 19

Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

Options:

A.

Slow Path

B.

Medium Path

C.

Fast Path

D.

Accelerated Path

Buy Now
Questions 20

Can multiple administrators connect to a Security Management Server at the same time?

Options:

A.

No, only one can be connected

B.

Yes, all administrators can modify a network object at the same time

C.

Yes, every administrator has their own username, and works in a session that is independent of other administrators.

D.

Yes, but only one has the right to write.

Buy Now
Questions 21

What is the command to see cluster status in cli expert mode?

Options:

A.

fw ctl stat

B.

clusterXL stat

C.

clusterXL status

D.

cphaprob stat

Buy Now
Questions 22

Which command shows the current connections distributed by CoreXL FW instances?

Options:

A.

fw ctl multik stat

B.

fw ctl affinity -l

C.

fw ctl instances -v

D.

fw ctl iflist

Buy Now
Questions 23

Under which file is the proxy arp configuration stored?

Options:

A.

$FWDIR/state/proxy_arp.conf on the management server

B.

$FWDIR/conf/local.arp on the management server

C.

$FWDIR/state/_tmp/proxy.arp on the security gateway

D.

$FWDIR/conf/local.arp on the gateway

Buy Now
Questions 24

Where do you create and modify the Mobile Access policy in R81?

Options:

A.

SmartConsole

B.

SmartMonitor

C.

SmartEndpoint

D.

SmartDashboard

Buy Now
Questions 25

Which packet info is ignored with Session Rate Acceleration?

Options:

A.

source port ranges

B.

source ip

C.

source port

D.

same info from Packet Acceleration is used

Buy Now
Questions 26

Which of the following links will take you to the SmartView web application?

Options:

A.

https:// /smartviewweb/

B.

https:// /smartview/

C.

https:// smartviewweb

D.

https:// /smartview

Buy Now
Questions 27

What are the different command sources that allow you to communicate with the API server?

Options:

A.

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B.

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C.

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D.

API_cli Tool, Gaia CLI, Web Services

Buy Now
Questions 28

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Buy Now
Questions 29

Advanced Security Checkups can be easily conducted within:

Options:

A.

Reports

B.

Advanced

C.

Checkups

D.

Views

E.

Summary

Buy Now
Questions 30

To help SmartEvent determine whether events originated internally or externally you must define using the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate the traffic direction?

Options:

A.

5 Network; Host; Objects; Services; API

B.

3 Incoming; Outgoing; Network

C.

2 Internal; External

D.

4 Incoming; Outgoing; Internal; Other

Buy Now
Questions 31

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

Options:

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Buy Now
Questions 32

When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Options:

A.

None, Security Management Server would be installed by itself.

B.

SmartConsole

C.

SecureClient

D.

Security Gateway

E.

SmartEvent

Buy Now
Questions 33

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Options:

A.

add host name ip-address

B.

add hostname ip-address

C.

set host name ip-address

D.

set hostname ip-address

Buy Now
Questions 34

For Management High Availability, which of the following is NOT a valid synchronization status?

Options:

A.

Collision

B.

Down

C.

Lagging

D.

Never been synchronized

Buy Now
Questions 35

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Options:

A.

Detects and blocks malware by correlating multiple detection engines before users are affected.

B.

Configure rules to limit the available network bandwidth for specified users or groups.

C.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

D.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Buy Now
Questions 36

What command verifies that the API server is responding?

Options:

A.

api stat

B.

api status

C.

show api_status

D.

app_get_status

Buy Now
Questions 37

Which command would disable a Cluster Member permanently?

Options:

A.

clusterXL_admin down

B.

cphaprob_admin down

C.

clusterXL_admin down-p

D.

set clusterXL down-p

Buy Now
Questions 38

How many images are included with Check Point TE appliance in Recommended Mode?

Options:

A.

2(OS) images

B.

images are chosen by administrator during installation

C.

as many as licensed for

D.

the newest image

Buy Now
Questions 39

Which command collects diagnostic data for analyzing customer setup remotely?

Options:

A.

cpinfo

B.

migrate export

C.

sysinfo

D.

cpview

Buy Now
Questions 40

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Options:

A.

Big l

B.

Little o

C.

Little i

D.

Big O

Buy Now
Questions 41

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

Options:

A.

Secure Internal Communication (SIC)

B.

Restart Daemons if they fail

C.

Transfers messages between Firewall processes

D.

Pulls application monitoring status

Buy Now
Questions 42

Which of the SecureXL templates are enabled by default on Security Gateway?

Options:

A.

Accept

B.

Drop

C.

NAT

D.

None

Buy Now
Questions 43

Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

Options:

A.

50%

B.

75%

C.

80%

D.

15%

Buy Now
Questions 44

You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.

Options:

A.

Inspect/Bypass

B.

Inspect/Prevent

C.

Prevent/Bypass

D.

Detect/Bypass

Buy Now
Questions 45

Which command can you use to enable or disable multi-queue per interface?

Options:

A.

cpmq set

B.

Cpmqueue set

C.

Cpmq config

D.

St cpmq enable

Buy Now
Questions 46

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Buy Now
Questions 47

Which view is NOT a valid CPVIEW view?

Options:

A.

IDA

B.

RAD

C.

PDP

D.

VPN

Buy Now
Questions 48

Where you can see and search records of action done by R81 SmartConsole administrators?

Options:

A.

In SmartView Tracker, open active log

B.

In the Logs & Monitor view, select “Open Audit Log View”

C.

In SmartAuditLog View

D.

In Smartlog, all logs

Buy Now
Questions 49

You want to store the GAIA configuration in a file for later reference. What command should you use?

Options:

A.

write mem

B.

show config –f

C.

save config –o

D.

save configuration

Buy Now
Questions 50

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

Options:

A.

Host having a Critical event found by Threat Emulation

B.

Host having a Critical event found by IPS

C.

Host having a Critical event found by Antivirus

D.

Host having a Critical event found by Anti-Bot

Buy Now
Questions 51

What is the limitation of employing Sticky Decision Function?

Options:

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Buy Now
Questions 52

Which of the following statements is TRUE about R81 management plug-ins?

Options:

A.

The plug-in is a package installed on the Security Gateway.

B.

Installing a management plug-in requires a Snapshot, just like any upgrade process.

C.

A management plug-in interacts with a Security Management Server to provide new features and support for new products.

D.

Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in.

Buy Now
Questions 53

What are the three components for Check Point Capsule?

Options:

A.

Capsule Docs, Capsule Cloud, Capsule Connect

B.

Capsule Workspace, Capsule Cloud, Capsule Connect

C.

Capsule Workspace, Capsule Docs, Capsule Connect

D.

Capsule Workspace, Capsule Docs, Capsule Cloud

Buy Now
Questions 54

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Buy Now
Questions 55

What SmartEvent component creates events?

Options:

A.

Consolidation Policy

B.

Correlation Unit

C.

SmartEvent Policy

D.

SmartEvent GUI

Buy Now
Questions 56

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Buy Now
Questions 57

What is the correct command to observe the Sync traffic in a VRRP environment?

Options:

A.

fw monitor –e “accept[12:4,b]=224.0.0.18;”

B.

fw monitor –e “accept port(6118;”

C.

fw monitor –e “accept proto=mcVRRP;”

D.

fw monitor –e “accept dst=224.0.0.18;”

Buy Now
Questions 58

fwssd is a child process of which of the following Check Point daemons?

Options:

A.

fwd

B.

cpwd

C.

fwm

D.

cpd

Buy Now
Questions 59

If you needed the Multicast MAC address of a cluster, what command would you run?

Options:

A.

cphaprob –a if

B.

cphaconf ccp multicast

C.

cphaconf debug data

D.

cphaprob igmp

Buy Now
Questions 60

Which of these statements describes the Check Point ThreatCloud?

Options:

A.

Blocks or limits usage of web applications

B.

Prevents or controls access to web sites based on category

C.

Prevents Cloud vulnerability exploits

D.

A worldwide collaborative security network

Buy Now
Questions 61

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:

Options:

A.

Allow GUI Client and management server to communicate via TCP Port 19001

B.

Allow GUI Client and management server to communicate via TCP Port 18191

C.

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Buy Now
Questions 62

Which method below is NOT one of the ways to communicate using the Management API’s?

Options:

A.

Typing API commands using the “mgmt_cli” command

B.

Typing API commands from a dialog box inside the SmartConsole GUI application

C.

Typing API commands using Gaia’s secure shell(clish)19+

D.

Sending API commands over an http connection using web-services

Buy Now
Questions 63

Which statement is true regarding redundancy?

Options:

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Buy Now
Questions 64

Which statement is NOT TRUE about Delta synchronization?

Options:

A.

Using UDP Multicast or Broadcast on port 8161

B.

Using UDP Multicast or Broadcast on port 8116

C.

Quicker than Full sync

D.

Transfers changes in the Kernel tables between cluster members.

Buy Now
Questions 65

What is the least amount of CPU cores required to enable CoreXL?

Options:

A.

2

B.

1

C.

4

D.

6

Buy Now
Questions 66

Which of the following describes how Threat Extraction functions?

Options:

A.

Detect threats and provides a detailed report of discovered threats.

B.

Proactively detects threats.

C.

Delivers file with original content.

D.

Delivers PDF versions of original files with active content removed.

Buy Now
Questions 67

The Event List within the Event tab contains:

Options:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Buy Now
Questions 68

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.

SmartEvent Client Info

B.

SecuRemote

C.

Check Point Protect

D.

Check Point Capsule Cloud

Buy Now
Questions 69

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

Options:

A.

logd

B.

fwd

C.

fwm

D.

cpd

Buy Now
Questions 70

Which command is used to set the CCP protocol to Multicast?

Options:

A.

cphaprob set_ccp multicast

B.

cphaconf set_ccp multicast

C.

cphaconf set_ccp no_broadcast

D.

cphaprob set_ccp no_broadcast

Buy Now
Questions 71

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.

Options:

A.

TCP port 19009

B.

TCP Port 18190

C.

TCP Port 18191

D.

TCP Port 18209

Buy Now
Questions 72

What is the port used for SmartConsole to connect to the Security Management Server?

Options:

A.

CPMI port 18191/TCP

B.

CPM port/TCP port 19009

C.

SIC port 18191/TCP

D.

https port 4434/TCP

Buy Now
Questions 73

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

Options:

A.

restore_backup

B.

import backup

C.

cp_merge

D.

migrate import

Buy Now
Questions 74

Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

Options:

A.

UDP port 265

B.

TCP port 265

C.

UDP port 256

D.

TCP port 256

Buy Now
Questions 75

Which is NOT an example of a Check Point API?

Options:

A.

Gateway API

B.

Management API

C.

OPSC SDK

D.

Threat Prevention API

Buy Now
Questions 76

Which command shows actual allowed connections in state table?

Options:

A.

fw tab –t StateTable

B.

fw tab –t connections

C.

fw tab –t connection

D.

fw tab connections

Buy Now
Questions 77

In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

Options:

A.

fw ctl sdstat

B.

fw ctl affinity –l –a –r –v

C.

fw ctl multik stat

D.

cpinfo

Buy Now
Questions 78

What must you do first if “fwm sic_reset” could not be completed?

Options:

A.

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.

Reset SIC from Smart Dashboard

D.

Change internal CA via cpconfig

Buy Now
Questions 79

Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

Options:

A.

WMI

B.

Eventvwr

C.

XML

D.

Services.msc

Buy Now
Questions 80

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Buy Now
Questions 81

Which encryption algorithm is the least secured?

Options:

A.

AES-128

B.

AES-256

C.

DES

D.

3DES

Buy Now
Questions 82

How many policy layers do Access Control policy support?

Options:

A.

2

B.

4

C.

1

D.

3

Buy Now
Questions 83

In which formats can Threat Emulation forensics reports be viewed in?

Options:

A.

TXT, XML and CSV

B.

PDF and TXT

C.

PDF, HTML, and XML

D.

PDF and HTML

Buy Now
Questions 84

What are the methods of SandBlast Threat Emulation deployment?

Options:

A.

Cloud, Appliance and Private

B.

Cloud, Appliance and Hybrid

C.

Cloud, Smart-1 and Hybrid

D.

Cloud, OpenServer and Vmware

Buy Now
Questions 85

Which one of the following is true about Threat Emulation?

Options:

A.

Takes less than a second to complete

B.

Works on MS Office and PDF files only

C.

Always delivers a file

D.

Takes minutes to complete (less than 3 minutes)

Buy Now
Questions 86

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

Options:

A.

A lock icon shows that a rule or an object is locked and will be available.

B.

AdminA and AdminB are editing the same rule at the same time.

C.

A lock icon next to a rule informs that any Administrator is working on this particular rule.

D.

AdminA, AdminB and AdminC are editing three different rules at the same time.

Buy Now
Questions 87

With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?

Options:

A.

Threat Cloud Intelligence

B.

Threat Prevention Software Blade Package

C.

Endpoint Total Protection

D.

Traffic on port 25

Buy Now
Questions 88

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .

Options:

A.

Sent to the Internal Certificate Authority.

B.

Sent to the Security Administrator.

C.

Stored on the Security Management Server.

D.

Stored on the Certificate Revocation List.

Buy Now
Questions 89

Which command gives us a perspective of the number of kernel tables?

Options:

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Buy Now
Questions 90

What is the most ideal Synchronization Status for Security Management Server High Availability deployment?

Options:

A.

Lagging

B.

Synchronized

C.

Never been synchronized

D.

Collision

Buy Now
Questions 91

What is the minimum amount of RAM needed for a Threat Prevention Appliance?

Options:

A.

6 GB

B.

8GB with Gaia in 64-bit mode

C.

4 GB

D.

It depends on the number of software blades enabled

Buy Now
Questions 92

You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?

Options:

A.

fwd

B.

fwm

C.

cpd

D.

cpwd

Buy Now
Questions 93

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

Options:

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Buy Now
Questions 94

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Buy Now
Questions 95

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Buy Now
Questions 96

Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.

Options:

A.

SmartMonitor

B.

SmartView Web Application

C.

SmartReporter

D.

SmartTracker

Buy Now
Questions 97

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

Options:

A.

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Buy Now
Questions 98

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

Options:

A.

SOAP

B.

REST

C.

XLANG

D.

XML-RPC

Buy Now
Questions 99

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Buy Now
Questions 100

Which of the following is NOT a component of Check Point Capsule?

Options:

A.

Capsule Docs

B.

Capsule Cloud

C.

Capsule Enterprise

D.

Capsule Workspace

Buy Now
Questions 101

Which SmartConsole tab is used to monitor network and security performance?

Options:

A.

Manage Setting

B.

Security Policies

C.

Gateway and Servers

D.

Logs and Monitor

Buy Now
Questions 102

SandBlast agent extends 0 day prevention to what part of the network?

Options:

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Buy Now
Questions 103

What is the SandBlast Agent designed to do?

Options:

A.

Performs OS-level sandboxing for SandBlast Cloud architecture

B.

Ensure the Check Point SandBlast services is running on the end user’s system

C.

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.

Clean up email sent with malicious attachments

Buy Now
Questions 104

Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

Options:

A.

host name myHost12 ip-address 10.50.23.90

B.

mgmt: add host name ip-address 10.50.23.90

C.

add host name emailserver1 ip-address 10.50.23.90

D.

mgmt: add host name emailserver1 ip-address 10.50.23.90

Buy Now
Questions 105

SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:

Options:

A.

ping, traceroute, netstat, and route

B.

ping, nslookup, Telnet, and route

C.

ping, whois, nslookup, and Telnet

D.

ping, traceroute, netstat, and nslookup

Buy Now
Questions 106

You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

Options:

A.

edit fwaffinity.conf; reboot required

B.

cpconfig; reboot required

C.

edit fwaffinity.conf; reboot not required

D.

cpconfig; reboot not required

Buy Now
Questions 107

What is the name of the secure application for Mail/Calendar for mobile devices?

Options:

A.

Capsule Workspace

B.

Capsule Mail

C.

Capsule VPN

D.

Secure Workspace

Buy Now
Questions 108

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Buy Now
Questions 109

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Buy Now
Questions 110

The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

Options:

A.

There is a virus found. Traffic is still allowed but not accelerated.

B.

The connection required a Security server.

C.

Acceleration is not enabled.

D.

The traffic is originating from the gateway itself.

Buy Now
Questions 111

When using CPSTAT, what is the default port used by the AMON server?

Options:

A.

18191

B.

18192

C.

18194

D.

18190

Buy Now
Questions 112

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Options:

A.

cphaprob –d STOP unregister

B.

cphaprob STOP unregister

C.

cphaprob unregister STOP

D.

cphaprob –d unregister STOP

Buy Now
Questions 113

Check Point security components are divided into the following components:

Options:

A.

GUI Client, Security Gateway, WebUI Interface

B.

GUI Client, Security Management, Security Gateway

C.

Security Gateway, WebUI Interface, Consolidated Security Logs

D.

Security Management, Security Gateway, Consolidate Security Logs

Buy Now
Questions 114

Which Check Point software blade provides Application Security and identity control?

Options:

A.

Identity Awareness

B.

Data Loss Prevention

C.

URL Filtering

D.

Application Control

Buy Now
Questions 115

With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

Options:

A.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.

B.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.

C.

HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.

D.

HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

Buy Now
Questions 116

Which directory below contains log files?

Options:

A.

/opt/CPSmartlog-R81/log

B.

/opt/CPshrd-R81/log

C.

/opt/CPsuite-R81/fw1/log

D.

/opt/CPsuite-R81/log

Buy Now
Questions 117

You can access the ThreatCloud Repository from:

Options:

A.

R81.20 SmartConsole and Application Wiki

B.

Threat Prevention and Threat Tools

C.

Threat Wiki and Check Point Website

D.

R81.20 SmartConsole and Threat Prevention

Buy Now
Questions 118

What is true of the API server on R81.20?

Options:

A.

By default the API-server is activated and does not have hardware requirements.

B.

By default the API-server is not active and should be activated from the WebUI.

C.

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Buy Now
Questions 119

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Buy Now
Questions 120

Which of the following commands shows the status of processes?

Options:

A.

cpwd_admin -l

B.

cpwd -l

C.

cpwd admin_list

D.

cpwd_admin list

Buy Now
Questions 121

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Options:

A.

Security Gateway IP-address cannot be changed without re-establishing the trust.

B.

The Security Gateway name cannot be changed in command line without re-establishing trust.

C.

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.

D.

The Security Management Server IP-address cannot be changed without re-establishing the trust.

Buy Now
Questions 122

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Options:

A.

INSPECT Engine

B.

Stateful Inspection

C.

Packet Filtering

D.

Application Layer Firewall

Buy Now
Questions 123

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Buy Now
Questions 124

What kind of information would you expect to see using the sim affinity command?

Options:

A.

The VMACs used in a Security Gateway cluster

B.

The involved firewall kernel modules in inbound and outbound packet chain

C.

Overview over SecureXL templated connections

D.

Network interfaces and core distribution used for CoreXL

Buy Now
Questions 125

During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

Options:

A.

Dropped without sending a negative acknowledgment

B.

Dropped without logs and without sending a negative acknowledgment

C.

Dropped with negative acknowledgment

D.

Dropped with logs and without sending a negative acknowledgment

Buy Now
Questions 126

Which is NOT an example of a Check Point API?

Options:

A.

Gateway API

B.

Management API

C.

OPSEC SDK

D.

Threat Prevention API

Buy Now
Questions 127

What is the order of NAT priorities?

Options:

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Buy Now
Questions 128

Which NAT rules are prioritized first?

Options:

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Buy Now
Questions 129

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

Options:

A.

User Directory

B.

Captive Portal and Transparent Kerberos Authentication

C.

Captive Portal

D.

UserCheck

Buy Now
Questions 130

What command lists all interfaces using Multi-Queue?

Options:

A.

cpmq get

B.

show interface all

C.

cpmq set

D.

show multiqueue all

Buy Now
Questions 131

Which Check Point feature enables application scanning and the detection?

Options:

A.

Application Dictionary

B.

AppWiki

C.

Application Library

D.

CPApp

Buy Now
Questions 132

What is the command to show SecureXL status?

Options:

A.

fwaccel status

B.

fwaccel stats -m

C.

fwaccel -s

D.

fwaccel stat

Buy Now
Questions 133

What is the responsibility of SOLR process on R81.20 management server?

Options:

A.

Validating all data before it’s written into the database

B.

It generates indexes of data written to the database

C.

Communication between SmartConsole applications and the Security Management Server

D.

Writing all information into the database

Buy Now
Questions 134

What will be the effect of running the following command on the Security Management Server?

Options:

A.

Remove the installed Security Policy.

B.

Remove the local ACL lists.

C.

No effect.

D.

Reset SIC on all gateways.

Buy Now
Questions 135

In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Options:

A.

SND is a feature to accelerate multiple SSL VPN connections

B.

SND is an alternative to IPSec Main Mode, using only 3 packets

C.

SND is used to distribute packets among Firewall instances

D.

SND is a feature of fw monitor to capture accelerated packets

Buy Now
Questions 136

The log server sends what to the Correlation Unit?

Options:

A.

Authentication requests

B.

CPMI dbsync

C.

Logs

D.

Event Policy

Buy Now
Questions 137

Fill in the blank RADIUS protocol uses_____to communicate with the gateway

Options:

A.

TDP

B.

CCP

C.

HTTP

D.

UDP

Buy Now
Questions 138

In the Firewall chain mode FFF refers to:

Options:

A.

Stateful Packets

B.

No Match

C.

All Packets

D.

Stateless Packets

Buy Now
Questions 139

What traffic does the Anti-bot feature block?

Options:

A.

Command and Control traffic from hosts that have been identified as infected

B.

Command and Control traffic to servers with reputation for hosting malware

C.

Network traffic that is directed to unknown or malicious servers

D.

Network traffic to hosts that have been identified as infected

Buy Now
Questions 140

In what way are SSL VPN and IPSec VPN different?

Options:

A.

SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

B.

SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

C.

IPSec VPN does not support two factor authentication, SSL VPN does support this

D.

IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Buy Now
Questions 141

By default, which port does the WebUI listen on?

Options:

A.

80

B.

4434

C.

443

D.

8080

Buy Now
Questions 142

What are the main stages of a policy installation?

Options:

A.

Initiation, Conversion and FWD REXEC

B.

Verification, Commit, Installation

C.

Initiation, Conversion and Save

D.

Verification Compilation, Transfer and Commit

Buy Now
Questions 143

What is the main objective when using Application Control?

Options:

A.

To filter out specific content.

B.

To assist the firewall blade with handling traffic.

C.

To see what users are doing.

D.

Ensure security and privacy of information.

Buy Now
Questions 144

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Buy Now
Questions 145

Which command is used to add users to or from existing roles?

Options:

A.

Add rba user roles

B.

Add rba user

C.

Add user roles

D.

Add user

Buy Now
Questions 146

If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:

Options:

A.

Rename the hostname of the Standby member to match exactly the hostname of the Active member.

B.

Change the Standby Security Management Server to Active.

C.

Change the Active Security Management Server to Standby.

D.

Manually synchronize the Active and Standby Security Management Servers.

Buy Now
Questions 147

Which is the lowest gateway version supported by R81.20 management server?

Options:

A.

R77.30

B.

R80.20

C.

R77

D.

R65

Buy Now
Questions 148

Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the

inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire

mode configuration, chain modules marked with _______ will not apply.

Options:

A.

ffffffff

B.

00000001

C.

00000002

D.

00000003

Buy Now
Questions 149

What is Dynamic Balancing?

Options:

A.

It is a ClusterXL feature that switches an HA cluster into an LS cluster if required to maximize throughput

B.

It is a feature that uses a daemon to balance the required number of firewall instances and SNDs based on the current load

C.

It is a new feature that is capable of dynamically reserve the amount of Hash kernel memory to reflect the resource usage necessary for maximizing the session rate.

D.

It is a CoreXL feature that assigns the SND to network interfaces to balance the RX Cache of the interfaces

Buy Now
Questions 150

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?

Options:

A.

Toni? AND 10.0.4.210 NOT 10.0.4.76

B.

To** AND 10.0.4.210 NOT 10.0.4.76

C.

Ton* AND 10.0.4.210 NOT 10.0.4.75

D.

"Toni" AND 10.0.4.210 NOT 10.0.4.76

Buy Now
Questions 151

View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

Options:

A.

The current administrator has read-only permissions to Threat Prevention Policy.

B.

Another user has locked the rule for editing.

C.

Configuration lock is present. Click the lock symbol to gain read-write access.

D.

The current administrator is logged in as read-only because someone else is editing the policy.

Buy Now
Questions 152

Which command shows the current Security Gateway Firewall chain?

Options:

A.

show current chain

B.

show firewall chain

C.

fw ctl chain

D.

fw ctl firewall-chain

Buy Now
Questions 153

The admin lost access to the Gaia Web Management Interface but he was able to connect via ssh. How can you check if the web service is enabled, running and which port is used?

Options:

A.

In expert mode run #netstat -tulnp | grep httpd to see if httpd is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

B.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd to see if the httpd is up

C.

In dish run >show web ssl-port to see if the web daemon is enabled and which port is in use. In expert mode run #netstat -anp | grep httpd2 to see if the httpd2 is up

D.

In expert mode run #netstat -tulnp | grep httpd2 to see if httpd2 is up and to get the port number. In dish run >show web daemon-enable to see if the web daemon is enabled.

Buy Now
Questions 154

The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________

Options:

A.

cpd, fwm

B.

cpm, cpd

C.

fwm, cpd

D.

cpwd, fwssd

Buy Now
Questions 155

Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

Options:

A.

To satellites through center only

B.

To center only

C.

To center and to other satellites through center

D.

To center, or through the center to other satellites, to Internet and other VPN targets

Buy Now
Questions 156

After replacing a faulty Gateway the admin installed the new Hardware and want to push the policy. Installing the policy using the SmartConsole he got an Error for the Threat Prevention Policy. There is no error for the Access Control Policy. What will be the most common cause for the issue?

Options:

A.

The admin forgot to reestablish the SIC for the new hardware. That is typically the case when configure only the interfaces of the replacement hardware instead restoring a backup.

B.

The IPS Protection engine on the replacement hardware is too old. Before pushing the Threat Prevention Policy use SmartConsole -> Security Policies -> Updates -> IPS 'Update Now' to update the engine.

C.

The admin forgot to apply the new license. The Access Control license is included by default but the service subscriptions for the Threat Prevention Blades are missing.

D.

The Threat Prevention Policy can't be installed on a Gateway without an already installed Access Control Policy. First install only the Access Control Policy.

Buy Now
Questions 157

You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it?

Options:

A.

A Quantum Spark Appliance is selected as Installation Target for the policy packet.

B.

The Mobile Access Blade is not enabled for the Access Control Layer of the policy.

C.

The Mobile Access Policy Source under Gateway properties Is set to Legacy Policy and not to Unified Access Policy.

D.

The Mobile Access Blade is not enabled under Gateway properties.

Buy Now
Questions 158

What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi-Version Cluster(MVC) Upgrade?

Options:

A.

1) Enable the MVC mechanism on both cluster members «cphaprob mvc on

2) Upgrade the passive node M2 to R81.20

3) In SmartConsole. change the version of the cluster object

4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC

B.

1) Enable the MVC mechanism on both cluster members #cphaprob mvc on

2) Upgrade the passive node M2 to R81.20

3) In SmartConsole. change the version of the cluster object

4) Install the Access Control Policy

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy

C.

1) In SmartConsole. change the version of the cluster object

2) Upgrade the passive node M2 to R81.20

3) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 Wcphaconf mvc on

4) Install the Access Control Policy and make sure that the installation will not stop if installation on one cluster member fails

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member,

D.

1) Upgrade the passive node M2 to R81.20

2) Enable the MVC mechanism on the upgraded R81.20 Cluster Member M2 ttcphaconf mvc on

3) In SmartConsole, change the version of the cluster object 4} Install the Access Control Policy

5) After examine the cluster states upgrade node M1 to R81.20

6) On each Cluster Member, disable the MVC mechanism and Install the Access Control Policy upgrade the passive node M2 to R81

Buy Now
Questions 159

You had setup the VPN Community VPN-Stores'with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways

Options:

A.

action:"Key Install" AND 1.1.1.1 AND Main Mode

B.

action:"Key Install- AND 1.1.1.1 ANDQuick Mode

C.

Blade:"VPN" AND VPN-Stores AND Main Mode

D.

Blade:"VPN" AND VPN-Stores AND Quick Mode

Buy Now
Questions 160

You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.

What is the first step to run management API commands on GAIA’s shell?

Options:

A.

mgmt_admin@teabag > id.txt

B.

mgmt_login

C.

login user admin password teabag

D.

mgmt_cli login user “admin” password “teabag” > id.txt

Buy Now
Questions 161

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

Options:

A.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

B.

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to

forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

C.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

D.

Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

Buy Now
Questions 162

Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?

Options:

A.

fw tab -t connections -s

B.

fw tab -t connections

C.

fw tab -t connections -c

D.

fw tab -t connections -f

Buy Now
Questions 163

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

Options:

A.

ip show int eth0

B.

show interface eth0 mq

C.

ifconfig -i eth0 verbose

D.

ethtool -i eth0

Buy Now
Questions 164

What is the command used to activated Multi-Version Cluster mode?

Options:

A.

set cluster member mvc on in Clish

B.

set mvc on on Clish

C.

set cluster MVC on in Expert Mode

D.

set cluster mvc on in Expert Mode

Buy Now
Questions 165

Which of the following statements about SecureXL NAT Templates is true?

Options:

A.

NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are enabled by default and work only if Accept Templates are enabled.

B.

DROP Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

C.

NAT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new

connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if Accept Templates are disabled.

D.

ACCEPT Templates are generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rulebase so that similar new connections can take advantage of this information and do NAT without the expensive rulebase lookup. These are disabled by default and work only if NAT Templates are disabled.

Buy Now
Questions 166

Packet acceleration (SecureXL) identities connections by several attributes. Which of the attributes is NOT used for identifying connection?

Options:

A.

Source Port

B.

TCP Acknowledgment Number

C.

Source Address

D.

Destination Address

Buy Now
Questions 167

What technologies are used to deny or permit network traffic?

Options:

A.

Stateful Inspection, Firewall Blade, and URL/Application Blade

B.

Packet Filtering, Stateful Inspection, and Application Layer Firewall

C.

Firewall Blade, URL/Application Blade, and IPS

D.

Stateful Inspection, URL/Application Blade, and Threat Prevention

Buy Now
Questions 168

Which TCP port does the CPM process listen on?

Options:

A.

18191

B.

18190

C.

8983

D.

19009

Buy Now
Questions 169

What are the two types of tests when using the Compliance blade?

Options:

A.

Policy-based tests and Global properties

B.

Global tests and Object-based tests

C.

Access Control policy analysis and Threat Prevention policy analysis

D.

Tests conducted based on the loC XMfcfile and analysis of SOLR documents

Buy Now
Questions 170

Where is the license for Check Point Mobile users installed?

Options:

A.

The Primary Gateway

B.

The Standby Gateway

C.

The Endpoint Server

D.

The Security Management Server

Buy Now
Questions 171

A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?

Options:

A.

run fw unloadlocal" on the relevant gateway and check the ping again

B.

run "cpstop" on the relevant gateway and check the ping again

C.

run ‘’fw log" on the relevant gateway

D.

run ‘’fw ctl zdebug drop" on the relevant gateway

Buy Now
Questions 172

Which is the command to identify the NIC driver before considering about the employment of the Multi-Queue feature?

Options:

A.

show interface eth0 mq

B.

ethtool A eth0

C.

ifconfig -i eth0 verbose

D.

ip show Int eth0

Buy Now
Questions 173

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

Options:

A.

Yes, but they need to have a mutually trusted certificate authority

B.

Yes, but they have to have a pre-shared secret key

C.

No, they cannot share certificate authorities

D.

No, Certificate based VPNs are only possible between Check Point devices

Buy Now
Questions 174

Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .

Options:

A.

The license is attached to the wrong Security Gateway.

B.

The existing license expires.

C.

The license is upgraded.

D.

The IP address of the Security Management or Security Gateway has changed.

Buy Now
Questions 175

What is the default shell for the command line interface?

Options:

A.

Expert

B.

Clish

C.

Admin

D.

Normal

Buy Now
Questions 176

At what point is the Internal Certificate Authority (ICA) created?

Options:

A.

Upon creation of a certificate.

B.

During the primary Security Management Server installation process.

C.

When an administrator decides to create one.

D.

When an administrator initially logs into SmartConsole.

Buy Now
Questions 177

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

Options:

A.

UserCheck

B.

Active Directory Query

C.

Account Unit Query

D.

User Directory Query

Buy Now
Questions 178

DLP and Geo Policy are examples of what type of Policy?

Options:

A.

Standard Policies

B.

Shared Policies

C.

Inspection Policies

D.

Unified Policies

Buy Now
Questions 179

What is "Accelerated Policy Installation"?

Options:

A.

Starting R81, the Desktop Security Policy installation process is accelerated thereby reducing the duration of the process significantly

B.

Starting R81, the QoS Policy installation process is accelerated thereby reducing the duration of the process significantly

C.

Starting R81, the Access Control Policy installation process is accelerated thereby reducing the duration of the process significantly

D.

Starting R81, the Threat Prevention Policy installation process is accelerated thereby reducing the duration of the process significantly

Buy Now
Questions 180

What are valid authentication methods for mutual authenticating the VPN gateways?

Options:

A.

PKI Certificates and Kerberos Tickets

B.

PKI Certificates and DynamicID OTP

C.

Pre-Shared Secrets and Kerberos Ticket

D.

Pre-shared Secret and PKI Certificates

Buy Now
Questions 181

Which software blade does NOT accompany the Threat Prevention policy?

Options:

A.

Anti-virus

B.

IPS

C.

Threat Emulation

D.

Application Control and URL Filtering

Buy Now
Questions 182

What command is used to manually failover a cluster during a zero-downtime upgrade?

Options:

A.

set cluster member down

B.

cpstop

C.

clusterXL_admin down

D.

set clusterXL down

Buy Now
Questions 183

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

Options:

A.

Admin and Default

B.

Expert and Clish

C.

Control and Monitor

D.

Admin and Monitor

Buy Now
Questions 184

In which deployment is the security management server and Security Gateway installed on the same appliance?

Options:

A.

Standalone

B.

Remote

C.

Distributed

D.

Bridge Mode

Buy Now
Questions 185

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Buy Now
Questions 186

What is the most recommended way to install patches and hotfixes?

Options:

A.

CPUSE Check Point Update Service Engine

B.

rpm -Uv

C.

Software Update Service

D.

UnixinstallScript

Buy Now
Questions 187

What is the benefit of “tw monitor” over “tcpdump”?

Options:

A.

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.

“fw monitor” is also available for 64-Bit operating systems.

C.

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Buy Now
Questions 188

What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

Options:

A.

CCP and 18190

B.

CCP and 257

C.

CCP and 8116

D.

CPC and 8116

Buy Now
Exam Code: 156-315.81
Exam Name: Check Point Certified Security Expert R81.20
Last Update: Dec 26, 2024
Questions: 628
156-315.81 pdf

156-315.81 PDF

$25.5  $84.99
156-315.81 Engine

156-315.81 Testing Engine

$30  $99.99
156-315.81 PDF + Engine

156-315.81 PDF + Testing Engine

$40.5  $134.99