156-315.80.

179q

Number: 156-315.80
Passing Score: 800
Time Limit: 120 min

156-315.80

https://www.gratisexam.com/

Check Point Certified Security Expert - R80

https://www.gratisexam.com/
Exam A

QUESTION 1
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

https://www.gratisexam.com/

A. fw ctl sdstat
B. fw ctl affinity –l –a –r –v
C. fw ctl multik stat
D. cpinfo

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _____________ .

A. TCP Port 18190

B. TCP Port 18209
C. TCP Port 19009
D. TCP Port 18191

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 3
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

A. Secure Internal Communication (SIC)

B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638

QUESTION 4
What is not a component of Check Point SandBlast?

A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

A. UDP port 265

B. TCP port 265
C. UDP port 256
D. TCP port 256

https://www.gratisexam.com/
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP
connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port
8116.

Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/7288

QUESTION 6
Fill in the blank: The command ___________ provides the most complete restoration of a R80 configuration.

A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo –recover

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the
migration from legacy Client-side logic to Server-side logic. The cpm process:

A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Correct Answer: C

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/html_frameset.htm?topic=documents/
R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_AdminGuide/41587

QUESTION 9
Which of the SecureXL templates are enabled by default on Security Gateway?

A. Accept
B. Drop
C. NAT
D. None

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
What happen when IPS profile is set in Detect Only Mode for troubleshooting?

https://www.gratisexam.com/
A. It will generate Geo-Protection traffic
B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to
Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm

QUESTION 11
What is true about VRRP implementations?

A. VRRP membership is enabled in cpconfig

B. VRRP can be used together with ClusterXL, but with degraded performance
C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm

QUESTION 12
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.

A. TCP 18211
B. TCP 257
C. TCP 4433

https://www.gratisexam.com/
D. TCP 443

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specified time period.

A. Block Port Overflow

B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for
example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system
administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an
expiration date), can be applied immediately without the need to perform an Install Policy operation.

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm

QUESTION 14
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?

A. Big l
B. Little o
C. Little i
D. Big O

https://www.gratisexam.com/
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
What is the mechanism behind Threat Extraction?

A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which
makes this solution very fast.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

A. SmartEvent Client Info

B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.insight.com/content/dam/insight-web/en_US/pdfs/check-point/mobile-threat-prevention-behavioral-risk-analysis.pdf

https://www.gratisexam.com/
QUESTION 17
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

A. logd
B. fwd
C. fwm
D. cpd

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638

QUESTION 18
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?

A. fwd via cpm

B. fwm via fwd
C. cpm via cpd
D. fwd via cpd

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

A. restore_backup
B. import backup
C. cp_merge
D. migrate import

https://www.gratisexam.com/
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the
requirement?

A. add host name <New HostName> ip-address <ip address>

https://www.gratisexam.com/

B. add hostname <New HostName> ip-address <ip address>

C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/APIs/#intro_gui_cli%20

QUESTION 21
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does
NOT include a SmartConsole machine in his calculations?

A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines

https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
One for Security Management Server and the other one for the Security Gateway.

QUESTION 22
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or ______ action for the file types.

A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm

QUESTION 23
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

A. None, Security Management Server would be installed by itself.

B. SmartConsole
C. SecureClient
D. Security Gateway
E. SmartEvent

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/89230.htm

https://www.gratisexam.com/
QUESTION 24
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

A. 18210
B. 18184
C. 257
D. 18191

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25
How many images are included with Check Point TE appliance in Recommended Mode?

A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 26
What is the least amount of CPU cores required to enable CoreXL?

A. 2
B. 1
C. 4
D. 6

https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm

QUESTION 27
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 28
Which of the following authentication methods ARE NOT used for Mobile Access?

A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm

QUESTION 29
What is the correct command to observe the Sync traffic in a VRRP environment?

https://www.gratisexam.com/
A. fw monitor –e “accept[12:4,b]=224.0.0.18;”
B. fw monitor –e “accept port(6118;”
C. fw monitor –e “accept proto=mcVRRP;”
D. fw monitor –e “accept dst=224.0.0.18;”

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 30
What has to be taken into consideration when configuring Management HA?

A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to
reconsider your design.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31
What is the difference between an event and a log?

A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy
C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms

Correct Answer: B

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

A. Source address, Destination address, Source port, Destination port, Protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 33
Which statement is NOT TRUE about Delta synchronization?

A. Using UDP Multicast or Broadcast on port 8161

B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm

QUESTION 34
The Event List within the Event tab contains:

https://www.gratisexam.com/
A. a list of options available for running a query.
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
C. events generated by a query.
D. the details of a selected event.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915

QUESTION 35
Which statement is correct about the Sticky Decision Function?

A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI’s when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7290.htm

QUESTION 36
Which statement is true regarding redundancy?

A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Correct Answer: D
Section: (none)

https://www.gratisexam.com/
Explanation

Explanation/Reference:

QUESTION 37
NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules

A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 38
In R80.10, how do you manage your Mobile Access Policy?

A. Through the Unified Policy

B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 39

https://www.gratisexam.com/
R80.10 management server can manage gateways with which versions installed?

A. Versions R77 and higher

B. Versions R76 and higher
C. Versions R75.20 and higher
D. Versions R75 and higher

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/88/88e25b652f62aa6f59dc955e34f98d5c/CP_R80.10_ReleaseNotes.pdf?
HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf

QUESTION 40
To fully enable Dynamic Dispatcher on a Security Gateway:

A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
D. run fw multik set_mode 1 in Expert mode and then reboot.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261

QUESTION 41
Session unique identifiers are passed to the web api using which http header option?

A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application

Correct Answer: C

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
Which command shows actual allowed connections in state table?

A. fw tab –t StateTable
B. fw tab –t connections
C. fw tab –t connection
D. fw tab connections

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 43
What SmartEvent component creates events?

A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm

QUESTION 44
Which command collects diagnostic data for analyzing customer setup remotely?

https://www.gratisexam.com/
A. cpinfo
B. migrate export
C. sysinfo
D. cpview

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces
the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while
viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings.

Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739

QUESTION 45
Which features are only supported with R80.10 Gateways but not R77.x?

A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over
the rule base flow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: http://slideplayer.com/slide/12183998/

QUESTION 46
Which CLI command will reset the IPS pattern matcher statistics?

A. ips reset pmstat

B. ips pstats reset

https://www.gratisexam.com/
C. ips pmstats refresh
D. ips pmstats reset

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm

QUESTION 47
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or _______.

A. SecureID
B. SecurID
C. Complexity
D. TacAcs

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm

QUESTION 48
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?

A. 50%
B. 75%
C. 80%
D. 15%

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 49
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent
Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 50
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

A. This statement is true because SecureXL does improve all traffic.

B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
C. This statement is true because SecureXL does improve this traffic.
D. This statement is false because encrypted traffic cannot be inspected.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets
flowing in long duration connections.

Reference: https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Nokia_IPSO_White_Paper_20080401.pdf

QUESTION 51
Which command gives us a perspective of the number of kernel tables?

https://www.gratisexam.com/
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 52
When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command
allows you remove the problematic state?

A. cphaprob –d STOP unregister

B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob –d unregister STOP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:
esting a failover in a controlled manner using following command;
# cphaprob -d STOP -s problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run;
# cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister

Reference: https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/

QUESTION 53
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

https://www.gratisexam.com/
A. Install appliance TE250X on SpanPort on LAN switch in MTA mode.
B. Install appliance TE250X in standalone mode and setup MTA.
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 54
What is the main difference between Threat Extraction and Threat Emulation?

A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 55
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:

A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP

Correct Answer: D
Section: (none)
Explanation

https://www.gratisexam.com/
Explanation/Reference:

QUESTION 56
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day
Protection?

A. Smart Cloud Services

B. Load Sharing Mode Services
C. Threat Agent Solution
D. Public Cloud Services

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 57
Which of the following is NOT a component of Check Point Capsule?

A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 58
What is the purpose of Priority Delta in VRRP?

A. When a box up, Effective Priority = Priority + Priority Delta

https://www.gratisexam.com/
B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority – Priority Delta
D. When a box fail, Effective Priority = Priority – Priority Delta

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP
HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.

Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk38524

QUESTION 59
Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?

A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 60
Using ClusterXL, what statement is true about the Sticky Decision Function?

A. Can only be changed for Load Sharing implementations

B. All connections are processed and synchronized by the pivot
C. Is configured using cpconfig
D. Is only relevant when using SecureXL

https://www.gratisexam.com/
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
What is the name of the secure application for Mail/Calendar for mobile devices?

A. Capsule Workspace

https://www.gratisexam.com/

B. Capsule Mail
C. Capsule VPN
D. Secure Workspace

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.checkpoint.com/products/mobile-secure-workspace/

QUESTION 62
Where do you create and modify the Mobile Access policy in R80?

A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard

Correct Answer: A

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 63
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:

A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 64
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client
communications, database manipulation, policy compilation and Management HA synchronization?

A. cpwd
B. fwd
C. cpd
D. fwm

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Firewall Management (fwm) is available on any management product, including Multi-Domain and on products that requite direct GUI access, such as SmartEvent,
It provides the following:
– GUI Client communication
– Database manipulation

https://www.gratisexam.com/
– Policy Compilation
– Management HA sync

QUESTION 65
To add a file to the Threat Prevention Whitelist, what two items are needed?

A. File name and Gateway

B. Object Name and MD5 signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents/R80/
CP_R80BC_ThreatPrevention/101703

QUESTION 66
Under which file is the proxy arp configuration stored?

A. $FWDIR/state/proxy_arp.conf on the management server

B. $FWDIR/conf/local.arp on the management server
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
What information is NOT collected from a Security Gateway in a Cpinfo?

A. Firewall logs
B. Configuration and database files

https://www.gratisexam.com/
C. System message logs
D. OS and network statistics

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739

QUESTION 68
SandBlast appliances can be deployed in the following modes:

A. using a SPAN port to receive a copy of the traffic only

B. detect only
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the traffic flow only

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is
enabled which path is handling the traffic?

A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 70
The Correlation Unit performs all but the following actions:

A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 71
What is the difference between SSL VPN and IPSec VPN?

A. IPSec VPN does not require installation of a resilient VPN client.

B. SSL VPN requires installation of a resident VPN client.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 72
Which of the following will NOT affect acceleration?

A. Connections destined to or originated from the Security gateway

B. A 5-tuple match
C. Multicast packets
D. Connections that have a Handler (ICMP, FTP, H.323, etc.)

https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 73
The following command is used to verify the CPUSE version:

A. HostName:0>show installer status build

B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html

QUESTION 74
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

A. cphaprob set int fwha_vmac_global_param_enabled 1

B. clusterXL set int fwha_vmac_global_param_enabled 1
C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk50840

QUESTION 75

https://www.gratisexam.com/
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the
source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same
service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.checkpoint.com/thread/7894-nat-templates-securexl

QUESTION 76
Which of the following is NOT a type of Check Point API available in R80.10?

A. Identity Awareness Web Services

B. OPSEC SDK
C. Mobile Access
D. Management

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 77
When an encrypted packet is decrypted, where does this happen?

A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported

https://www.gratisexam.com/
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 78
John is using Management HA. Which Smartcenter should be connected to for making changes?

A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 79
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on
a Management Server?

A. fwd
B. fwm
C. cpd
D. cpwd

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 80

https://www.gratisexam.com/
What scenario indicates that SecureXL is enabled?

A. Dynamic objects are available in the Object Explorer

B. SecureXL can be disabled in cpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 81
What processes does CPM control?

A. Object-Store, Database changes, CPM Process and web-services

B. web-services, CPMI process, DLEserver, CPM process
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 82
Which encryption algorithm is the least secured?

A. AES-128
B. AES-256
C. DES
D. 3DES

Correct Answer: C

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 83
What is the command to check the status of the SmartEvent Correlation Unit?

A. fw ctl get int cpsead_stat

B. cpstat cpsead
C. fw ctl stat cpsemd
D. cp_conf get_stat cpsemd

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113265

QUESTION 84
You need to see which hotfixes are installed on your gateway, which command would you use?

A. cpinfo –h all
B. cpinfo –o hotfix
C. cpinfo –l hotfix
D. cpinfo –y all

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk72800

QUESTION 85
VPN Link Selection will perform the following when the primary VPN link goes down?

https://www.gratisexam.com/
A. The Firewall will drop the packets.
B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.
C. The Firewall will send out the packet on all interfaces.
D. The Firewall will inform the client that the tunnel is down.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 86
Which of the following links will take you to the SmartView web application?

A. https://<Security Management Server host name>/smartviewweb/

B. https://<Security Management Server IP Address>/smartview/
C. https://<Security Management Server host name>smartviewweb
D. https://<Security Management Server IP Address>/smartview

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://community.checkpoint.com/thread/5212-smartview-accessing-check-point-logs-from-web

QUESTION 87
Which directory below contains log files?

A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log

Correct Answer: C
Section: (none)
Explanation

https://www.gratisexam.com/
Explanation/Reference:

QUESTION 88
Which GUI client is supported in R80?

A. SmartProvisioning
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 89
From SecureXL perspective, what are the tree paths of traffic flow:

A. Initial Path; Medium Path; Accelerated Path

B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 90
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

A. fw ctl Dyn_Dispatch on
B. fw ctl Dyn_Dispatch enable

https://www.gratisexam.com/
C. fw ctl multik set_mode 4
D. fw ctl multik set_mode 1

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261#Confiquration%20R80.10

QUESTION 91
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

A. CCP and 18190

B. CCP and 257
C. CCP and 8116
D. CPC and 8116

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/index.html

QUESTION 92
Which command shows the current connections distributed by CoreXL FW instances?

A. fw ctl multik stat

B. fw ctl affinity -l
C. fw ctl instances -v
D. fw ctl iflist

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 93
What is the purpose of extended master key extension/session hash?

A. UDP VOIP protocol extension

B. In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication
C. Special TCP handshaking extension
D. Supplement DLP data watermark

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 94
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode
configuration, chain modules marked with __________________ will not apply.

A. ffff
B. 1
C. 2
D. 3

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 95
Which one of the following is true about Capsule Connect?

A. It is a full layer 3 VPN client

B. It offers full enterprise mobility management
C. It is supported only on iOS phones and Windows PCs
D. It does not support all VPN authentication methods

https://www.gratisexam.com/
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 96
How often does Threat Emulation download packages by default?

A. Once a week
B. Once an hour
C. Twice per day
D. Once per day

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm

QUESTION 97
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD
daemon to do a Full Synchronization?

A. TCP port 443

B. TCP port 257
C. TCP port 256
D. UDP port 8116

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 98
Which statement is true about ClusterXL?

A. Supports Dynamic Routing (Unicast and Multicast)

B. Supports Dynamic Routing (Unicast Only)
C. Supports Dynamic Routing (Multicast Only)
D. Does not support Dynamic Routing

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7300.htm

QUESTION 99
Which command shows detailed information about VPN tunnels?

A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/html_frameset.htm?topic=documents/
R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/209239

QUESTION 100
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?

A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

B. Firewall, IPS, Threat Emulation, Application Control.
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

https://www.gratisexam.com/
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 101
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

A. Includes the registry

B. Gets information about the specified Virtual System
C. Does not resolve network addresses
D. Output excludes connection table

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://www.networksecurityplus.net/2015/02/check-point-how-to-collect-cpinfo-cli.html

QUESTION 102
SmartEvent does NOT use which of the following procedures to identify events:

A. Matching a log against each event definition

B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these
procedures to identify events:

https://www.gratisexam.com/
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm

QUESTION 103
What is the most recommended way to install patches and hotfixes?

A. CPUSE Check Point Update Service Engine

B. rpm -Uv
C. Software Update Service
D. UnixinstallScript

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 104
Automation and Orchestration differ in that:

A. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does
not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 105
An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

https://www.gratisexam.com/
A. He can use the fw accel stat command on the gateway.
B. He can use the fw accel statistics command on the gateway.
C. He can use the fwaccel stat command on the Security Management Server.
D. He can use the fwaccel stat command on the gateway

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 106
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?

A. SOAP
B. REST
C. XLANG
D. XML-RPC

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in JSON format.

Reference: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/html_frameset.htm?
topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide/148699

QUESTION 107
What is mandatory for ClusterXL to work properly?

A. The number of cores must be the same on every participating cluster node
B. The Magic MAC number must be unique per cluster node
C. The Sync interface must not have an IP address configured
D. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all cluster members

https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 108
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

A. host name myHost12 ip-address 10.50.23.90

B. mgmt: add host name ip-address 10.50.23.90
C. add host name emailserver1 ip-address 10.50.23.90
D. mgmt: add host name emailserver1 ip-address 10.50.23.90

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 109
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

A. enable DLP and select.exe and .bat file type

B. enable .exe & .bat protection in IPS Policy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_file_types exe.bat

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 110

https://www.gratisexam.com/
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to
the Security Management Server.
B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Mobile_Access_WebAdmin/41723.htm

QUESTION 111
Which process handles connection from SmartConsole R80?

A. fwm
B. cpmd
C. cpm
D. cpd

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 112
What is the command to show SecureXL status?

A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat

Correct Answer: D

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:
Explanation:
To check overall SecureXL status:
[Expert@HostName]# fwaccel stat

Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397

QUESTION 113
The SmartEvent R80 Web application for real-time event monitoring is called:

A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 114
What will SmartEvent automatically define as events?

A. Firewall
B. VPN
C. IPS
D. HTTPS

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915

https://www.gratisexam.com/
QUESTION 115
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in
order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?

A. Threat Cloud Intelligence

B. Threat Prevention Software Blade Package
C. Endpoint Total Protection
D. Traffic on port 25

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 116
What is not a purpose of the deployment of Check Point API?

A. Execute an automated script to perform common tasks

B. Create a customized GUI Client for manipulating the objects database
C. Create products that use and enhance the Check Point solution
D. Integrate Check Point products with 3rd party solution

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: Check Point APIs Reference Guide R80 PDF

QUESTION 117
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required
C. edit fwaffinity.conf; reboot not required

https://www.gratisexam.com/
D. cpconfig; reboot not required

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm#o94530

QUESTION 118
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

A. WMI
B. Eventvwr
C. XML
D. Services.msc

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: http://dl3.checkpoint.com/paid/e0/e01d7daa665096a4941f930f2567d29e/CP_R80.10_IdentityAwareness_AdminGuide.pdf?
HashKey=1553448919_104b8593c2a2087ec2ffe8e86b314d66&xtn=.pdf page 17

QUESTION 119
Which is not a blade option when configuring SmartEvent?

A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

https://www.gratisexam.com/
On the Management tab, enable these Software Blades:
Logging & Status
SmartEvent Server
SmartEvent Correlation Unit

Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/120829

QUESTION 120
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for
clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

A. ccp
B. cphaconf
C. cphad
D. cphastart

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://etherealmind.com/checkpoint-nokia-firewall-cluster-xl/?doing_wp_cron=1553442264.8447830677032470703125

QUESTION 121
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105261

QUESTION 122

https://www.gratisexam.com/
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?

A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_SecurityManagement_WebAdminGuide/13141

QUESTION 123
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10.
Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security
Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-
fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid
misleading traffic captures.
B. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid
misleading traffic captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 124
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

https://www.gratisexam.com/
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 125
In which formats can Threat Emulation forensics reports be viewed in?

A. TXT, XML and CSV

B. PDF and TXT
C. PDF, HTML, and XML
D. PDF and HTML

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/

QUESTION 126
With SecureXL enabled, accelerated packets will pass through the following:

A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
C. Network Interface Card and the Acceleration Device

https://www.gratisexam.com/
D. Network Interface Card, OSI Network Layer, and the Acceleration Device

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 127
Which command would you use to set the network interfaces’ affinity in Manual mode?

A. sim affinity -m
B. sim affinity -l
C. sim affinity -a
D. sim affinity -s

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 128
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

A. sim erdos –e 1
B. sim erdos – m 1
C. sim erdos –v 1
D. sim erdos –x 1

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
QUESTION 129
Which of the following is NOT an option to calculate the traffic direction?

A. Incoming
B. Internal
C. External
D. Outgoing

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 130
What command lists all interfaces using Multi-Queue?

A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/93689.htm

QUESTION 131
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud
environments
C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances
as virtual machines in the EMC Cloud
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can

https://www.gratisexam.com/
 benefit from as it makes emulation of known files unnecessary

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 132
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:

A. Dropped without sending a negative acknowledgment

B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 133
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally
by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570
series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R80.

What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?

A. Missing an installed R77.20 Add-on on Security Management Server

B. Unsupported firmware on UTM-1 Edge-W appliance
C. Unsupported version on UTM-1 570 series appliance
D. Unsupported appliances on remote locations

Correct Answer: A
Section: (none)
Explanation

https://www.gratisexam.com/
Explanation/Reference:

QUESTION 134
Please choose the path to monitor the compliance status of the Check Point R80.10 based management.

A. Gateways & Servers --> Compliance View

B. Compliance blade not available under R80.10
C. Logs & Monitor --> New Tab --> Open compliance View
D. Security & Policies --> New Tab --> Compliance View

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 135
When using CPSTAT, what is the default port used by the AMON server?

A. 18191
B. 18192
C. 18194
D. 18190

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/html_frameset.htm?topic=documents/
R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_CLI_ReferenceGuide/162534

QUESTION 136
What must you do first if “fwm sic_reset” could not be completed?

A. Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

https://www.gratisexam.com/
B. Reinitialize SIC on the security gateway then run “fw unloadlocal”
C. Reset SIC from Smart Dashboard
D. Change internal CA via cpconfig

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 137
Check Point security components are divided into the following components:

A. GUI Client, Security Gateway, WebUI Interface

B. GUI Client, Security Management, Security Gateway
C. Security Gateway, WebUI Interface, Consolidated Security Logs
D. Security Management, Security Gateway, Consolidate Security Logs

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 138
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney,
Australia.

What must you do to get SIC to work?

A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
B. Create a rule at the top in the Sydney firewall to allow control traffic from your network
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Correct Answer: C
Section: (none)

https://www.gratisexam.com/
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/92707.htm

QUESTION 139
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode
configuration, chain modules marked with __________________ will not apply.

A. ffff
B. 1
C. 3
D. 2

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: http://dkcheckpoint.blogspot.com/2016/07/chapter-2-chain-module.html

QUESTION 140
In what way are SSL VPN and IPSec VPN different?

A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 141
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

https://www.gratisexam.com/
A. SND is a feature to accelerate multiple SSL VPN connections
B. SND is an alternative to IPSec Main Mode, using only 3 packets
C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 142
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

A. 3
B. 2
C. 1
D. 4

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 143
Which NAT rules are prioritized first?

A. Post-Automatic/Manual NAT rules

B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT

Correct Answer: B
Section: (none)

https://www.gratisexam.com/
Explanation

Explanation/Reference:

QUESTION 144
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?

A. Lagging
B. Synchronized
C. Never been synchronized
D. Collision

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 145
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine
D. Size of the /var/log folder of the target machine must be at least 25GB or more

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R77/
CP_R77_Gaia_Installation_and_Upgrade_Guide/90083

QUESTION 146
Which is NOT an example of a Check Point API?

https://www.gratisexam.com/
A. Gateway API
B. Management API
C. OPSEC SDK
D. Threat Prevention API

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 147
What are the methods of SandBlast Threat Emulation deployment?

A. Cloud, Appliance and Private

B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 148
What is the minimum amount of RAM needed for a Threat Prevention Appliance?

A. 6 GB
B. 8GB with Gaia in 64-bit mode
C. 4 GB
D. It depends on the number of software blades enabled

Correct Answer: C
Section: (none)

https://www.gratisexam.com/
Explanation

Explanation/Reference:

QUESTION 149
Which of the following is NOT a VPN routing option available in a star community?

A. To satellites through center only.

B. To center, or through the center to other satellites, to Internet and other VPN targets.
C. To center and to other satellites through center.
D. To center only.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_VPN/html_frameset.htm

QUESTION 150
Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .

A. Sent to the Internal Certificate Authority.

B. Sent to the Security Administrator.
C. Stored on the Security Management Server.
D. Stored on the Certificate Revocation List.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 151
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

A. Security Gateway IP-address cannot be changed without re-establishing the trust.

https://www.gratisexam.com/
B. The Security Gateway name cannot be changed in command line without re-establishing trust.
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.
D. The Security Management Server IP-address cannot be changed without re-establishing the trust.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 152
What is the order of NAT priorities?

A. Static NAT, IP pool NAT, hide NAT

B. IP pool NAT, static NAT, hide NAT
C. Static NAT, automatic NAT, hide NAT
D. Static NAT, hide NAT, IP pool NAT

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919

QUESTION 153
Which Check Point feature enables application scanning and the detection?

A. Application Dictionary
B. AppWiki
C. Application Library
D. CPApp

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
Reference: https://www.checkpoint.com/products/application-control-software-blade/

QUESTION 154
Which SmartConsole tab is used to monitor network and security performance?

A. Manage Setting
B. Security Policies
C. Gateway and Servers
D. Logs and Monitor

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 155
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.

A. SmartMonitor
B. SmartView Web Application
C. SmartReporter
D. SmartTracker

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?topic=documents/R80/
CP_R80_LoggingAndMonitoring/131915

QUESTION 156
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.

Which phase of the VPN negotiations has failed?

A. IKE Phase 1

https://www.gratisexam.com/
B. IPSEC Phase 2
C. IPSEC Phase 1
D. IKE Phase 2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 157
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

A. Kerberos Ticket Renewed

B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 158
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

A. User Directory
B. Captive Portal and Transparent Kerberos Authentication
C. Captive Portal
D. UserCheck

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm

QUESTION 159
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

A. Next Generation Threat Prevention

B. Next Generation Threat Emulation
C. Next Generation Threat Extraction
D. Next Generation Firewall

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 160
Which tool is used to enable ClusterXL?

A. SmartUpdate
B. cpconfig
C. SmartConsole
D. sysconfig

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ClusterXL_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_ClusterXL_WebAdminGuide/161105

QUESTION 161
One of major features in R80 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

A. A lock icon shows that a rule or an object is locked and will be available.

https://www.gratisexam.com/
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference:
http://downloads.checkpoint.com/dc/download.htm?ID=65846

QUESTION 162
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24

set static-route default nexthop gateway address 192.168.80.1 on
save config
B. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0
add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0
set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on
save config
D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24
add static-route default nexthop gateway address 192.168.80.1 on
save config

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 163
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly
loses connectivity. Connectivity is restored shortly afterward.

https://www.gratisexam.com/
What will happen to the changes already made?

A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.
C. Tom’s changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 164
On the following picture an administrator configures Identity Awareness:

https://www.gratisexam.com/
https://www.gratisexam.com/
After clicking “Next” the above configuration is supported by:

A. Kerberos SSO which will be working for Active Directory integration

B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses in a method that is
completely transparent to the user.
C. Obligatory usage of Captive Portal.
D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_IdentityAwareness/html_frameset.htm?topic=documents/R80/
CP_R80BC_IdentityAwareness/62050

QUESTION 165
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:

A. assign privileges to users.

B. edit the home directory of the user.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm

QUESTION 166
In the Check Point Security Management Architecture, which component(s) can store logs?

A. SmartConsole
B. Security Management Server and Security Gateway
C. Security Management Server
D. SmartConsole and Security Management Server

https://www.gratisexam.com/
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 167
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

A. The current administrator has read-only permissions to Threat Prevention Policy.

B. Another user has locked the rule for editing.
C. Configuration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265

QUESTION 168
By default, which port does the WebUI listen on?

A. 80
B. 4434
C. 443
D. 8080

Correct Answer: C

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_Gaia_IUG/html_frameset.htm?topic=documents/R80/CP_R80_Gaia_IUG/132120

QUESTION 169
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

A. To satellites through center only

B. To center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31021

QUESTION 170
Which of the following is NOT a type of Endpoint Identity Agent?

A. Terminal
B. Light
C. Full
D. Custom

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_IdentityAwareness_WebAdminGuide/html_frameset.htm?topic=documents/R77/
CP_R77_IdentityAwareness_WebAdminGuide/64917

QUESTION 171
In the R80 SmartConsole, on which tab are Permissions and Administrators defined?

https://www.gratisexam.com/
A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateways and Servers

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 172
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user
through an internet browser.

A. Clientless remote access

B. Clientless direct access
C. Client-based remote access
D. Direct access

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm?topic=documents/R80/CP_R80BC_Firewall/92704

QUESTION 173
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?

A. A host route to route to the destination IP.

B. Use the file local.arp to add the ARP entries for NAT to work.
C. Nothing, the Gateway takes care of all details necessary.
D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

Correct Answer: C

https://www.gratisexam.com/
Section: (none)
Explanation

Explanation/Reference:

QUESTION 174
At what point is the Internal Certificate Authority (ICA) created?

A. Upon creation of a certificate.

B. During the primary Security Management Server installation process.
C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/
CP_R76_SecMan_WebAdmin/13118

QUESTION 175
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

A. Auditor
B. Read Only All
C. Super User
D. Full Access

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265

QUESTION 176
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.

https://www.gratisexam.com/
A. False, this feature has to be enabled in the Global Properties.
B. True, every administrator works in a session that is independent of the other administrators.
C. True, every administrator works on a different database that is independent of the other administrators.
D. False, only one administrator can login with write permission.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 177
Which utility allows you to configure the DHCP service on Gaia from the command line?

A. ifconfig
B. dhcp_ofg
C. sysconfig
D. cpconfig

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 178
DLP and Geo Policy are examples of what type of Policy?

A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Unified Policies

Correct Answer: B
Section: (none)

https://www.gratisexam.com/
Explanation

Explanation/Reference:
Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197

QUESTION 179
How many users can have read/write access in Gaia at one time?

A. Infinite
B. One
C. Three
D. Two

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

https://www.gratisexam.com/

https://www.gratisexam.com/