0

Exam 156-315.80
Check Point Certified Security Expert - R80
Version: 14.0

[ Total Questions: 391 ]

R80.10 SmartConsole application?

A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.

B. Firewall, IPS, Threat Emulation, Application Control.

C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.

D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

Answer: C

2. Which of the SecureXL templates are enabled by default on Security Gateway?

A. Accept

B. Drop

C. NAT

D. None

Answer: D

3. What happen when IPS profile is set in Detect Only Mode for troubleshooting?

A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center

C. It will not block malicious traffic

D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:

It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of

IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.

During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic,

while avoiding any impact on the flow of traffic.

4. The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via

which 2 processes?

A. fwd via cpm

The No.1 IT Certification Dumps

1
 Certify For Sure with IT Exam Dumps
B. fwm via fwd

C. cpm via cpd

D. fwd via cpd

Answer: A

5. What is the recommended configuration when the customer requires SmartLog indexing for 14 days and

SmartEvent to keep events for 180 days?

A. Use Multi-Domain Management Server.

B. Choose different setting for log storage and SmartEvent db

C. Install Management and SmartEvent on different machines.

D. it is not possible.

Answer: B

6. In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type

of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with _______

will not apply.

A. ffff

B. 1

C. 2

D. 3

Answer: B

7. What is UserCheck?

A. Messaging tool used to verify a user’s credentials.

B. Communication tool used to inform a user about a website or application they are trying to access.

C. Administrator tool used to monitor users on their network.

D. Communication tool used to notify an administrator when a new user is created.

Answer: B

8. Which of the following is NOT a component of Check Point Capsule?

The No.1 IT Certification Dumps

2
 Certify For Sure with IT Exam Dumps
A. Capsule Docs

B. Capsule Cloud

C. Capsule Enterprise

D. Capsule Workspace

Answer: C

9. Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

A. mgmt_cli add-host “Server_1” ip_address “10.15.123.10” --format txt

B. mgmt_cli add host name “Server_1” ip-address “10.15.123.10” --format json

C. mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” --format json

D. mgmt._cli add object “Server-1” ip-address “10.15.123.10” --format json

Answer: B

Explanation: Example:

mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json

• "--format json" is optional. By default the output is presented in plain text. References:

10. Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

A. enable DLP and select.exe and .bat file type

B. enable .exe & .bat protection in IPS Policy

C. create FW rule for particular protocol

D. tecli advanced attributes set prohibited_file_types exe.bat

Answer: A

11. How many interfaces can you configure to use the Multi-Queue feature?

A. 10 interfaces

B. 3 interfaces

C. 4 interfaces

D. 5 interfaces

Answer: D

Explanation: Note - References:

The No.1 IT Certification Dumps

3
 Certify For Sure with IT Exam Dumps

12. When using the Mail Transfer Agent, where are the debug logs stored?

A. $FWDIR/bin/emaild.mta. elg

B. $FWDIR/log/mtad elg

C. /var/log/mail.mta elg

D. $CPDIR/log/emaild elg

Answer: A

13. To help SmartEvent determine whether events originated internally or externally you must define using

the Initial Settings under General Settings in the Policy Tab. How many options are available to calculate

the traffic direction?

A. 5 Network; Host; Objects; Services; API

B. 3 Incoming; Outgoing; Network

C. 2 Internal; External

D. 4 Incoming; Outgoing; Internal; Other

Answer: D

14. What is the default size of NAT table fwx_alloc?

A. 20000

B. 35000

C. 25000

D. 10000

Answer: C

15. In a Client to Server scenario, which represents that the packet has already checked against the tables

and the Rule Base?

A. Big l

B. Little o

C. Little i

D. Big O

The No.1 IT Certification Dumps

4
 Certify For Sure with IT Exam Dumps
Answer: D

16. Which of these statements describes the Check Point ThreatCloud?

A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category

C. Prevents Cloud vulnerability exploits

D. A worldwide collaborative security network

Answer: D

17. From SecureXL perspective, what are the tree paths of traffic flow:

A. Initial Path; Medium Path; Accelerated Path

B. Layer Path; Blade Path; Rule Path

C. Firewall Path; Accept Path; Drop Path

D. Firewall Path; Accelerated Path; Medium Path

Answer: D

18. In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it

against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements

is correct?

A. If the Action of the matching rule is Accept the gateway will drop the packet

B. If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer

down

C. If the Action of the matching rule is Drop the gateway stops matching against later rules in the Policy

Rule Base and drops the packet

D. If the rule does not matched in the Network policy it will continue to other enabled polices

Answer: C

Explanation:

https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R8

0/CP_

The No.1 IT Certification Dumps

5
 Certify For Sure with IT Exam Dumps
19. After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

A. cvpnd_restart

B. cvpnd_restart

C. cvpnd restart

D. cvpnrestart

Answer: B

20. What is a best practice before starting to troubleshoot using the “fw monitor” tool?

A. Run the command: fw monitor debug on

B. Clear the connections table

C. Disable CoreXL

D. Disable SecureXL

Answer: D

21. John detected high load on sync interface. Which is most recommended solution?

A. For short connections like http service – delay sync for 2 seconds

B. Add a second interface to handle sync traffic

C. For short connections like http service – do not sync

D. For short connections like icmp service – delay sync for 2 seconds

Answer: A

22. Which configuration file contains the structure of the Security Server showing the port numbers,

corresponding protocol name, and status?

A. $FWDIR/database/fwauthd.conf

B. $FWDIR/conf/fwauth.conf

C. $FWDIR/conf/fwauthd.conf

D. $FWDIR/state/fwauthd.conf

Answer: C

23. You want to verify if your management server is ready to upgrade to R80.10. What tool could you use in

The No.1 IT Certification Dumps

6
 Certify For Sure with IT Exam Dumps
this process?

A. migrate export

B. upgrade_tools verify

C. pre_upgrade_verifier

D. migrate import

Answer: C

24. To fully enable Dynamic Dispatcher on a Security Gateway:

A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

D. run fw multik set_mode 1 in Expert mode and then reboot.

Answer: A

25. Which of the following is a task of the CPD process?

A. Invoke and monitor critical processes and attempts to restart them if they fail

B. Transfers messages between Firewall processes

C. Log forwarding

D. Responsible for processing most traffic on a security gateway

Answer: A

Explanation:

https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12496.htm

26. Which blades and or features are not supported in R80?

A. SmartEvent Maps

B. SmartEvent

C. Identity Awareness

D. SmartConsole Toolbars

Answer: A

The No.1 IT Certification Dumps

7
 Certify For Sure with IT Exam Dumps
27. Which command can you use to enable or disable multi-queue per interface?

A. cpmq set

B. Cpmqueue set

C. Cpmq config

D. St cpmq enable

Answer: A

28. What is not a purpose of the deployment of Check Point API?

A. Execute an automated script to perform common tasks

B. Create a customized GUI Client for manipulating the objects database

C. Create products that use and enhance the Check Point solution

D. Integrate Check Point products with 3rd party solution

Answer: B

29. Which of the following describes how Threat Extraction functions?

A. Detect threats and provides a detailed report of discovered threats.

B. Proactively detects threats.

C. Delivers file with original content.

D. Delivers PDF versions of original files with active content removed.

Answer: B

30. In R80 spoofing is defined as a method of:

A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B. Hiding your firewall from unauthorized users.

C. Detecting people using false or wrong authentication logins

D. Making packets appear as if they come from an authorized IP address.

Answer: D

Explanation:

IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your

network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS

The No.1 IT Certification Dumps

8
 Certify For Sure with IT Exam Dumps
attacks, or to gain unauthorized access.

31. NAT rules are prioritized in which order?

1. Automatic Static NAT

2. Automatic Hide NAT

3. Manual/Pre-Automatic NAT

4. Post-Automatic/Manual NAT rules

A. 1, 2, 3, 4

B. 1, 4, 2, 3

C. 3, 1, 2, 4

D. 4, 3, 1, 2

Answer: A

32. Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA

management CLI?

A. host name myHost12 ip-address 10.50.23.90

B. mgmt: add host name ip-address 10.50.23.90

C. add host name emailserver1 ip-address 10.50.23.90

D. mgmt: add host name emailserver1 ip-address 10.50.23.90

Answer: D

33. The SmartEvent R80 Web application for real-time event monitoring is called:

A. SmartView Monitor

B. SmartEventWeb

C. There is no Web application for SmartEvent

D. SmartView

Answer: B

34. Which of the following Windows Security Events will not map a username to an IP address in Identity

Awareness?

The No.1 IT Certification Dumps

9
 Certify For Sure with IT Exam Dumps
A. Kerberos Ticket Renewed

B. Kerberos Ticket Requested

C. Account Logon

D. Kerberos Ticket Timed Out

Answer: D

35. Which of the following is NOT a type of Endpoint Identity Agent?

A. Terminal

B. Light

C. Full

D. Custom

Answer: A

36. Which command lists all tables in Gaia?

A. fw tab –t

B. fw tab –list

C. fw-tab –s

D. fw tab -1

Answer: C

37. The essential means by which state synchronization works to provide failover in the event an active

member goes down, _______ is used specifically for clustered environments to allow gateways to report

their own state and learn about the states of other members in the cluster.

A. ccp

B. cphaconf

C. cphad

D. cphastart

Answer: A

38. What statement best describes the Proxy ARP feature for Manual NAT in R80.10?

The No.1 IT Certification Dumps

10
 Certify For Sure with IT Exam Dumps
A. Automatic proxy ARP configuration can be enabled

B. Translate Destination on Client Side should be configured

C. fw ctl proxy should be configured

D. local.arp file must always be configured

Answer: D

39. What is the minimum amount of RAM needed for a Threat Prevention Appliance?

A. 6 GB

B. 8GB with Gaia in 64-bit mode

C. 4 GB

D. It depends on the number of software blades enabled

Answer: C

40. The Check Point history feature in R80 provides the following:

A. View install changes and install specific version

B. View install changes

C. Policy Installation Date, view install changes and install specific version

D. Policy Installation Date only

Answer: C

41. SmartEvent provides a convenient way to run common command line executables that can assist in

investigating events. Right-clicking the IP address, source or destination, in an event provides a list of

default and customized commands. They appear only on cells that refer to IP addresses because the IP

address of the active cell is used as the destination of the command when run. The default commands are:

A. ping, traceroute, netstat, and route

B. ping, nslookup, Telnet, and route

C. ping, whois, nslookup, and Telnet

D. ping, traceroute, netstat, and nslookup

Answer: C

The No.1 IT Certification Dumps

11
 Certify For Sure with IT Exam Dumps
42. You need to see which hotfixes are installed on your gateway, which command would you use?

A. cpinfo –h all

B. cpinfo –o hotfix

C. cpinfo –l hotfix

D. cpinfo –y all

Answer: D

43. As an administrator, you may be required to add the company logo to reports. To do this, you would

save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which

directory on the SmartEvent server?

A. SFWDIR/smartevent/conf

B. $RTDIR/smartevent/conf

C. $RTDIR/smartview/conf

D. $FWDIR/smartview/conf

Answer: C

44. In the Check Point Security Management Architecture, which component(s) can store logs?

A. SmartConsole

B. Security Management Server and Security Gateway

C. Security Management Server

D. SmartConsole and Security Management Server

Answer: B

45. What is the valid range for VRID value in VRRP configuration?

A. 1 - 254

B. 1 - 255

C. 0 - 254

D. 0 - 255

Answer: B

Explanation:

The No.1 IT Certification Dumps

12
 Certify For Sure with IT Exam Dumps
Virtual Router ID - Enter a unique ID number for this virtual router. The range of valid values is 1 to 255. \

46. Which of the following is NOT a VPN routing option available in a star community?

A. To satellites through center only.

B. To center, or through the center to other satellites, to Internet and other VPN targets.

C. To center and to other satellites through center.

D. To center only.

Answer: AD

47. What are the different command sources that allow you to communicate with the API server?

A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D. API_cli Tool, Gaia CLI, Web Services

Answer: B

48. If there are two administration logged in at the same time to the SmartConsole, and there are objects

locked for editing, what must be done to make them available or other administrators? (Choose the BEST

answer.)

A. Publish or discard the session.

B. Revert the session.

C. Save and install the Policy.

D. Delete older versions of database.

Answer: A

49. Which command can you use to verify the number of active concurrent connections?

A. fw conn all

B. fw ctl pstat

C. show all connections

D. show connections

The No.1 IT Certification Dumps

13
 Certify For Sure with IT Exam Dumps
Answer: B

50. Fill in the blanks: A ________ license requires an administrator to designate a gateway for attachment

whereas a ________ license is automatically attached to a Security Gateway.

A. Formal; corporate

B. Local; formal

C. Local; central

D. Central; local

Answer: D

51. In R80.10, how do you manage your Mobile Access Policy?

A. Through the Unified Policy

B. Through the Mobile Console

C. From SmartDashboard

D. From the Dedicated Mobility Tab

Answer: A

52. SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s

machine via the web browser. What are the two modes of SNX?

A. Application and Client Service

B. Network and Application

C. Network and Layers

D. Virtual Adapter and Mobile App

Answer: B

53. You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify

security administration, which action would you choose?

A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B. Create a separate Security Policy package for each remote Security Gateway.

C. Create network objects that restricts all applicable rules to only certain networks.

The No.1 IT Certification Dumps

14
 Certify For Sure with IT Exam Dumps
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.

Answer: B

54. What is true of the API server on R80.10?

A. By default the API-server is activated and does not have hardware requirements.

B. By default the API-server is not active and should be activated from the WebUI.

C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or

more).

D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on

stand-alone servers with 8GB of RAM (or more).

Answer: D

55. The Event List within the Event tab contains:

A. a list of options available for running a query.

B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C. events generated by a query.

D. the details of a selected event.

Answer: C

56. What kind of information would you expect to see using the sim affinity command?

A. The VMACs used in a Security Gateway cluster

B. The involved firewall kernel modules in inbound and outbound packet chain

C. Overview over SecureXL templated connections

D. Network interfaces and core distribution used for CoreXL

Answer: D

57. What scenario indicates that SecureXL is enabled?

A. Dynamic objects are available in the Object Explorer

B. SecureXL can be disabled in cpconfig

C. fwaccel commands can be used in clish

The No.1 IT Certification Dumps

15
 Certify For Sure with IT Exam Dumps
D. Only one packet in a stream is seen in a fw monitor packet capture

Answer: C

58. Which of the completed statements is NOT true? The WebUI can be used to manage user accounts

and:

A. assign privileges to users.

B. edit the home directory of the user.

C. add users to your Gaia system.

D. assign user rights to their home directory in the Security Management Server.

Answer: D

59. In ClusterXL Load Sharing Multicast Mode:

A. only the primary member received packets sent to the cluster IP address

B. only the secondary member receives packets sent to the cluster IP address

C. packets sent to the cluster IP address are distributed equally between all members of the cluster

D. every member of the cluster received all of the packets sent to the cluster IP address

Answer: D

60. The system administrator of a company is trying to find out why acceleration is not working for the traffic.

The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.

What is the most likely reason that the traffic is not accelerated?

A. There is a virus found. Traffic is still allowed but not accelerated.

B. The connection required a Security server.

C. Acceleration is not enabled.

D. The traffic is originating from the gateway itself.

Answer: D

61. What must you do first if “fwm sic_reset” could not be completed?

A. Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B. Reinitialize SIC on the security gateway then run “fw unloadlocal”

The No.1 IT Certification Dumps

16
 Certify For Sure with IT Exam Dumps
C. Reset SIC from Smart Dashboard

D. Change internal CA via cpconfig

Answer: D

62. What is the name of the secure application for Mail/Calendar for mobile devices?

A. Capsule Workspace

B. Capsule Mail

C. Capsule VPN

D. Secure Workspace

Answer: A

63. You can access the ThreatCloud Repository from:

A. R80.10 SmartConsole and Application Wiki

B. Threat Prevention and Threat Tools

C. Threat Wiki and Check Point Website

D. R80.10 SmartConsole and Threat Prevention

Answer: D

64. You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were

dropped. You don’t have a budget to perform a hardware upgrade at this time. To optimize drops you

decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

A. fw ctl multik dynamic_dispatching on

B. fw ctl multik dynamic_dispatching set_mode 9

C. fw ctl multik set_mode 9

D. fw ctl multik pq enable

Answer: C

65. What command would show the API server status?

A. cpm status

B. api restart

The No.1 IT Certification Dumps

17
 Certify For Sure with IT Exam Dumps
C. api status

D. show api status

Answer: C

66. Which one of the following is true about Threat Emulation?

A. Takes less than a second to complete

B. Works on MS Office and PDF files only

C. Always delivers a file

D. Takes minutes to complete (less than 3 minutes)

Answer: D

67. You plan to automate creating new objects using new R80 Management API. You decide to use GAIA

CLI for this task.

What is the first step to run management API commands on GAIA’s shell?

A. mgmt_admin@teabag > id.txt

B. mgmt_login

C. login user admin password teabag

D. mgmt_cli login user “admin” password “teabag” > id.txt

Answer: B

68. When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous

times. No other VPN-related entries are present.

Which phase of the VPN negotiations has failed?

A. IKE Phase 1

B. IPSEC Phase 2

C. IPSEC Phase 1

D. IKE Phase 2

Answer: A

69. Which of the following commands shows the status of processes?

The No.1 IT Certification Dumps

18
 Certify For Sure with IT Exam Dumps
A. cpwd_admin -l

B. cpwd -l

C. cpwd admin_list

D. cpwd_admin list

Answer: D

70. What is the correct order of the default “fw monitor” inspection points?

A. i, I, o, O

B. 1, 2, 3, 4

C. i, o, I, O

D. I, i, O, o

Answer: C

71. What are the two high availability modes?

A. Load Sharing and Legacy

B. Traditional and New

C. Active and Standby

D. New and Legacy

Answer: D

Explanation:

ClusterXL has four working modes. This section briefly describes each mode and its relative advantages

and disadvantages.

72. Which component is NOT required to communicate with the Web Services API?

A. API key

B. session ID token

C. content-type

D. Request payload

Answer: A

The No.1 IT Certification Dumps

19
 Certify For Sure with IT Exam Dumps
73. Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management

Server, the certificate information is ______ .

A. Sent to the Internal Certificate Authority.

B. Sent to the Security Administrator.

C. Stored on the Security Management Server.

D. Stored on the Certificate Revocation List.

Answer: D

74. You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

A. edit fwaffinity.conf; reboot required

B. cpconfig; reboot required

C. edit fwaffinity.conf; reboot not required

D. cpconfig; reboot not required

Answer: B

75. Automation and Orchestration differ in that:

A. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.

B. Automation involves the process of coordinating an exchange of information through web service

interactions such as XML and JSON, but orchestration does not involve processes.

C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and

puts them all together into a process workflow.

D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

Answer: A

76. Which VPN routing option uses VPN routing for every connection a satellite gateway handles?

A. To satellites through center only

B. To center only

C. To center and to other satellites through center

D. To center, or through the center to other satellites, to Internet and other VPN targets

Answer: D

The No.1 IT Certification Dumps

20
 Certify For Sure with IT Exam Dumps

77. Which is NOT an example of a Check Point API?

A. Gateway API

B. Management API

C. OPSC SDK

D. Threat Prevention API

Answer: A

78. The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.

A. TCP 18211

B. TCP 257

C. TCP 4433

D. TCP 443

Answer: D

79. You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which

application would you use?

A. SmartEvent Client Info

B. SecuRemote

C. Check Point Protect

D. Check Point Capsule Cloud

Answer: C

80. Which statement is correct about the Sticky Decision Function?

A. It is not supported with either the Performance pack of a hardware based accelerator card

B. Does not support SPI’s when configured for Load Sharing

C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster

D. It is not required L2TP traffic

Answer: A

The No.1 IT Certification Dumps

21
 Certify For Sure with IT Exam Dumps
81. What is the port used for SmartConsole to connect to the Security Management Server?

A. CPMI port 18191/TCP

B. CPM port/TCP port 19009

C. SIC port 18191/TCP

D. https port 4434/TCP

Answer: A

82. What processes does CPM control?

A. Object-Store, Database changes, CPM Process and web-services

B. web-services, CPMI process, DLEserver, CPM process

C. DLEServer, Object-Store, CP Process and database changes

D. web_services, dle_server and object_Store

Answer: D

83. Which statement is true about ClusterXL?

A. Supports Dynamic Routing (Unicast and Multicast)

B. Supports Dynamic Routing (Unicast Only)

C. Supports Dynamic Routing (Multicast Only)

D. Does not support Dynamic Routing

Answer: A

84. What is the most ideal Synchronization Status for Security Management Server High Availability

deployment?

A. Lagging

B. Synchronized

C. Never been synchronized

D. Collision

Answer: B

85. What is the responsibility of SOLR process on R80.10 management server?

The No.1 IT Certification Dumps

22
 Certify For Sure with IT Exam Dumps
A. Validating all data before it’s written into the database

B. It generates indexes of data written to the database

C. Communication between SmartConsole applications and the Security Management Server

D. Writing all information into the database

Answer: B

86. Which of the following Check Point processes within the Security Management Server is responsible for

the receiving of log records from Security Gateway?

A. logd

B. fwd

C. fwm

D. cpd

Answer: B

87. Which of the following is NOT a type of Check Point API available in R80.10?

A. Identity Awareness Web Services

B. OPSEC SDK

C. Mobile Access

D. Management

Answer: C

88. The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

A. Secure Internal Communication (SIC)

B. Restart Daemons if they fail

C. Transfers messages between Firewall processes

D. Pulls application monitoring status

Answer: D

89. Which file gives you a list of all security servers in use, including port number?

A. $FWDIR/conf/conf.conf

The No.1 IT Certification Dumps

23
 Certify For Sure with IT Exam Dumps
B. $FWDIR/conf/servers.conf

C. $FWDIR/conf/fwauthd.conf

D. $FWDIR/conf/serversd.conf

Answer: C

90. There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B.

The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is

configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning.

FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became

active. After an hour, FW_A’s interface issues were resolved and it became operational.

When it re-joins the cluster, will it become active automatically?

A. No, since ‘maintain’ current active cluster member’ option on the cluster object properties is enabled by

default.

B. No, since ‘maintain’ current active cluster member’ option is enabled by default on the Global Properties.

C. Yes, since ‘Switch to higher priority cluster member’ option on the cluster object properties is enabled by

default.

D. Yes, since ‘Switch to higher priority cluster member’ option is enabled by default on the Global

Properties.

Answer: A

91. To add a file to the Threat Prevention Whitelist, what two items are needed?

A. File name and Gateway

B. Object Name and MD5 signature

C. MD5 signature and Gateway

D. IP address of Management Server and Gateway

Answer: B

92. What is the command to check the status of the SmartEvent Correlation Unit?

A. fw ctl get int cpsead_stat

B. cpstat cpsead

The No.1 IT Certification Dumps

24
 Certify For Sure with IT Exam Dumps
C. fw ctl stat cpsemd

D. cp_conf get_stat cpsemd

Answer: B

93. Check Point recommends configuring Disk Space Management parameters to delete old log entries

when available disk space is less than or equal to?

A. 50%

B. 75%

C. 80%

D. 15%

Answer: D

94. During inspection of your Threat Prevention logs you find four different computers having one event

each with a Critical Severity. Which of those hosts should you try to remediate first?

A. Host having a Critical event found by Threat Emulation

B. Host having a Critical event found by IPS

C. Host having a Critical event found by Antivirus

D. Host having a Critical event found by Anti-Bot

Answer: D

95. You need to change the MAC-address on eth2 interface of the gateway. What command and what

mode will you use to achieve this goal?

A. set interface eth2 mac-addr 11:11:11:11:11:11; CLISH

B. ifconfig eth1 hw 11:11:11:11:11:11; expert

C. set interface eth2 hw-addr 11:11:11:11:11:11; CLISH

D. ethtool -i eth2 mac 11:11:11:11:11:11; expert

Answer: A

96. To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the

following command in Expert mode and reboot:

The No.1 IT Certification Dumps

25
 Certify For Sure with IT Exam Dumps
A. fw ctl Dyn_Dispatch on

B. fw ctl Dyn_Dispatch enable

C. fw ctl multik set_mode 4

D. fw ctl multik set_mode 1

Answer: C

97. What is the command to show SecureXL status?

A. fwaccel status

B. fwaccel stats -m

C. fwaccel -s

D. fwaccel stat

Answer: D

Explanation:

To check overall SecureXL status: [Expert@HostName]# fwaccel stat References:

98. What can we infer about the recent changes made to the Rule Base?

A. Rule 7 was created by the ‘admin’ administrator in the current session

B. 8 changes have been made by administrators since the last policy installation

The No.1 IT Certification Dumps

26
 Certify For Sure with IT Exam Dumps
C. The rules 1, 5 and 6 cannot be edited by the ‘admin’ administrator

D. Rule 1 and object webserver are locked by another administrator

Answer: D

99. Which GUI client is supported in R80?

A. SmartProvisioning

B. SmartView Tracker

C. SmartView Monitor

D. SmartLog

Answer: C

100. When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer,

sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following

statements about the order of rule enforcement is true?

A. If the Action is Accept, the gateway allows the packet to pass through the gateway.

B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.

C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.

D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Answer: C

101. Which TCP-port does CPM process listen to?

A. 18191

B. 18190

C. 8983

D. 19009

Answer: D

102. You are investigating issues with to gateway cluster members are not able to establish the first initial

cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

A. TCP port 443

The No.1 IT Certification Dumps

27
 Certify For Sure with IT Exam Dumps
B. TCP port 257

C. TCP port 256

D. UDP port 8116

Answer: C

103. In SmartConsole, objects are used to represent physical and virtual network components and also

some logical components. These objects are divided into several categories. Which of the following is NOT

an objects category?

A. Limit

B. Resource

C. Custom Application / Site

D. Network Object

Answer: B

104. Which of the following will NOT affect acceleration?

A. Connections destined to or originated from the Security gateway

B. A 5-tuple match

C. Multicast packets

D. Connections that have a Handler (ICMP, FTP, H.323, etc.)

Answer: B

105. Which process handles connection from SmartConsole R80?

A. fwm

B. cpmd

C. cpm

D. cpd

Answer: C

106. You work as a security administrator for a large company. CSO of your company has attended a

security conference where he has learnt how hackers constantly modify their strategies and techniques to

The No.1 IT Certification Dumps

28
 Certify For Sure with IT Exam Dumps
evade detection and reach corporate resources. He wants to make sure that his company has the tight

protections in place. Check Point has been selected for the security vendor.

Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick

delivery of safe content to your users?

A. IPS AND Application Control

B. IPS, anti-virus and anti-bot

C. IPS, anti-virus and e-mail security

D. SandBlast

Answer: D

107. Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for

this?

A. UDP port 265

B. TCP port 265

C. UDP port 256

D. TCP port 256

Answer: D

Explanation:

Synchronization works in two modes:

Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is

handled by the fwd daemon using an encrypted TCP connection on port 256.

Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the

Security Gateway kernel using UDP connections on port 8116.

108. When users connect to the Mobile Access portal they are unable to open File Shares. Which log file

would you want to examine?

A. cvpnd.elg

B. httpd.elg

C. vpnd.elg

D. fw.elg

The No.1 IT Certification Dumps

29
 Certify For Sure with IT Exam Dumps
Answer: A

109. As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an

RSA Authentication Manager.

B. Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C. Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D. You can make sure that documents are sent to the intended recipients only.

Answer: C

110. What is the correct command to observe the Sync traffic in a VRRP environment?

A. fw monitor –e “accept[12:4,b]=224.0.0.18;”

B. fw monitor –e “accept port(6118;”

C. fw monitor –e “accept proto=mcVRRP;”

D. fw monitor –e “accept dst=224.0.0.18;”

Answer: D

111. Vanessa is expecting a very important Security Report. The Document should be sent as an

attachment via e-m ail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she

opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report

is missing some graphs, tables and links.

Which component of SandBlast protection is her company using on a Gateway?

A. SandBlast Threat Emulation

B. SandBlast Agent

C. Check Point Protect

D. SandBlast Threat Extraction

Answer: D

112. SandBlast agent extends 0 day prevention to what part of the network?

A. Web Browsers and user devices

The No.1 IT Certification Dumps

30
 Certify For Sure with IT Exam Dumps
B. DMZ server

C. Cloud

D. Email servers

Answer: A

113. Which of the following is an identity acquisition method that allows a Security Gateway to identify

Active Directory users and computers?

A. UserCheck

B. Active Directory Query

C. Account Unit Query

D. User Directory Query

Answer: B

Explanation:

Reference :

https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm

114. In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate

CLI command?

A. fw ctl sdstat

B. fw ctl affinity –l –a –r –v

C. fw ctl multik stat

D. cpinfo

Answer: B

115. When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

A. RADIUS

B. Remote Access and RADIUS

C. AD Query

D. AD Query and Browser-based Authentication

Answer: D

The No.1 IT Certification Dumps

31
 Certify For Sure with IT Exam Dumps
Explanation:

Identity Awareness gets identities from these acquisition sources:

116. SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

A. This statement is true because SecureXL does improve all traffic.

B. This statement is false because SecureXL does not improve this traffic but CoreXL does.

C. This statement is true because SecureXL does improve this traffic.

D. This statement is false because encrypted traffic cannot be inspected.

Answer: C

Explanation:

SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by

nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.

117. Which file contains the host address to be published, the MAC address that needs to be associated

with the IP Address, and the unique IP of the interface that responds to ARP request?

A. /opt/CPshrd-R80/conf/local.arp

B. /var/opt/CPshrd-R80/conf/local.arp

C. $CPDIR/conf/local.arp

D. $FWDIR/conf/local.arp

Answer: D

118. You are asked to check the status of several user-mode processes on the management server and

gateway. Which of the following processes can only be seen on a Management Server?

A. fwd

B. fwm

C. cpd

D. cpwd

Answer: B

119. What is the command to check the status of Check Point processes?

The No.1 IT Certification Dumps

32
 Certify For Sure with IT Exam Dumps
A. top

B. cptop

C. cphaprob list

D. cpwd_admin list

Answer: D

120. What is the purpose of Priority Delta in VRRP?

A. When a box up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta

C. When an Interface fail, Effective Priority = Priority – Priority Delta

D. When a box fail, Effective Priority = Priority – Priority Delta

Answer: C

Explanation:

Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The

monitored interfaces do not have to be running VRRP.

If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the

specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less

than the priority a backup platform has, then the backup platform will beging to send out its own HELLO

packet.

Once the master sees this packet with a priority greater than its own, then it releases the VIP. References:

121. Which one of these features is NOT associated with the Check Point URL Filtering and Application

Control Blade?

A. Detects and blocks malware by correlating multiple detection engines before users are affected.

B. Configure rules to limit the available network bandwidth for specified users or groups.

C. Use UserCheck to help users understand that certain websites are against the company’s security

policy.

D. Make rules to allow or block applications and Internet sites for individual applications, categories, and

risk levels.

Answer: A

The No.1 IT Certification Dumps

33
 Certify For Sure with IT Exam Dumps

122. You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each

profile defines a(n) ______ or _______ action for the file types.

A. Inspect/Bypass

B. Inspect/Prevent

C. Prevent/Bypass

D. Detect/Bypass

Answer: A

123. John is using Management HA. Which Smartcenter should be connected to for making changes?

A. secondary Smartcenter

B. active Smartenter

C. connect virtual IP of Smartcenter HA

D. primary Smartcenter

Answer: B

124. Which command is used to add users to or from existing roles?

A. Add rba user <User Name> roles <List>

B. Add rba user <User Name>

C. Add user <User Name> roles <List>

D. Add user <User Name>

Answer: A

125. Selecting an event displays its configurable properties in the Detail pane and a description of the event

in the Description pane. Which is NOT an option to adjust or configure?

A. Severity

B. Automatic reactions

C. Policy

D. Threshold

Answer: C

The No.1 IT Certification Dumps

34
 Certify For Sure with IT Exam Dumps

126. What CLI command compiles and installs a Security Policy on the target’s Security Gateways?

A. fwm compile

B. fwm load

C. fwm fetch

D. fwm install

Answer: B

127. Fill in the blank: The “fw monitor” tool can be best used to troubleshoot _______.

A. AV issues

B. VPN errors

C. Network issues

D. Authentication issues

Answer: C

128. An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office.

Both offices are protected by Check Point Security Gateway managed by the same Security Management

Server. While configuring the VPN community to specify the pre-shared secret the administrator found that

the check box to enable pre-shared secret and cannot be enabled.

Why does it not allow him to specify the pre-shared secret?

A. IPsec VPN blade should be enabled on both Security Gateway.

B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point

Security Gateway.

C. Certificate based Authentication is the only authentication method available between two Security

Gateway managed by the same SMS.

D. The Security Gateways are pre-R75.40.

Answer: C

129. What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in

Global Properties?

The No.1 IT Certification Dumps

35
 Certify For Sure with IT Exam Dumps
A. A host route to route to the destination IP.

B. Use the file local.arp to add the ARP entries for NAT to work.

C. Nothing, the Gateway takes care of all details necessary.

D. Enabling ‘Allow bi-directional NAT’ for NAT to work correctly.

Answer: C

130. R80.10 management server can manage gateways with which versions installed?

A. Versions R77 and higher

B. Versions R76 and higher

C. Versions R75.20 and higher

D. Versions R75 and higher

Answer: C

131. What is the SandBlast Agent designed to do?

A. Performs OS-level sandboxing for SandBlast Cloud architecture

B. Ensure the Check Point SandBlast services is running on the end user’s system

C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with

the network

D. Clean up email sent with malicious attachments

Answer: C

132. Check Point Support in many cases asks you for a configuration summary of your Check Point system.

This is also called:

A. cpexport

B. sysinfo

C. cpsizeme

D. cpinfo

Answer: C

133. What is the least amount of CPU cores required to enable CoreXL?

The No.1 IT Certification Dumps

36
 Certify For Sure with IT Exam Dumps
A. 2

B. 1

C. 4

D. 6

Answer: B

134. Session unique identifiers are passed to the web api using which http header option?

A. X-chkp-sid

B. Accept-Charset

C. Proxy-Authorization

D. Application

Answer: C

135. What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering,

Anti-Virus, IPS, and Threat Emulation?

A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command &

Control Centers

C. Anti-Bot is the only signature-based method of malware protection.

D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a

Command & Control Center.

Answer: D

136. Fill in the blanks: Gaia can be configured using the ________ or _______.

A. GaiaUI; command line interface

B. WebUI; Gaia Interface

C. Command line interface; WebUI

D. Gaia Interface; GaiaUI

Answer: C

The No.1 IT Certification Dumps

37
 Certify For Sure with IT Exam Dumps
137. Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______ API to learn users from

AD.

A. WMI

B. Eventvwr

C. XML

D. Services.msc

Answer: A

138. When doing a Stand-Alone Installation, you would install the Security Management Server with which

other Check Point architecture component?

A. None, Security Management Server would be installed by itself.

B. SmartConsole

C. SecureClient

D. Security Gateway

E. SmartEvent

Answer: D

139. What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

A. CCP and 18190

B. CCP and 257

C. CCP and 8116

D. CPC and 8116

Answer: C

140. Which Check Point feature enables application scanning and the detection?

A. Application Dictionary

B. AppWiki

C. Application Library

D. CPApp

Answer: B

The No.1 IT Certification Dumps

38
 Certify For Sure with IT Exam Dumps

141. Fill in the blanks. There are________ types of software containers: ________.

A. Three; security management, Security Gateway, and endpoint security

B. Three; Security Gateway, endpoint security, and gateway management

C. Two; security management and endpoint security

D. Two; endpoint security and Security Gateway

Answer: A

142. Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a

central and several remote locations which are managed centrally by R77.30 Security Management Server.

On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point

UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with

latest available firmware. She is in process of migrating to R80.

What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R80?

A. Missing an installed R77.20 Add-on on Security Management Server

B. Unsupported firmware on UTM-1 Edge-W appliance

C. Unsupported version on UTM-1 570 series appliance

D. Unsupported appliances on remote locations

Answer: A

143. Please choose the path to monitor the compliance status of the Check Point R80.10 based

management.

A. Gateways & Servers --> Compliance View

B. Compliance blade not available under R80.10

C. Logs & Monitor --> New Tab --> Open compliance View

D. Security & Policies --> New Tab --> Compliance View

Answer: C

144. How often does Threat Emulation download packages by default?

A. Once a week

The No.1 IT Certification Dumps

39
 Certify For Sure with IT Exam Dumps
B. Once an hour

C. Twice per day

D. Once per day

Answer: D

145. True or False: In R80, more than one administrator can login to the Security Management Server with

write permission at the same time.

A. False, this feature has to be enabled in the Global Properties.

B. True, every administrator works in a session that is independent of the other administrators.

C. True, every administrator works on a different database that is independent of the other administrators.

D. False, only one administrator can login with write permission.

Answer: B

146. What will SmartEvent automatically define as events?

A. Firewall

B. VPN

C. IPS

D. HTTPS

Answer: C

147. Fill in the blank: Authentication rules are defined for ________.

A. User groups

B. Users using UserCheck

C. Individual users

D. All users in the database

Answer: A

148. You have successfully backed up Check Point configurations without the OS information. What

command would you use to restore this backup?

A. restore_backup

The No.1 IT Certification Dumps

40
 Certify For Sure with IT Exam Dumps
B. import backup

C. cp_merge

D. migrate import

Answer: D

149. How many users can have read/write access in Gaia at one time?

A. Infinite

B. One

C. Three

D. Two

Answer: B

150. Which command shows actual allowed connections in state table?

A. fw tab –t StateTable

B. fw tab –t connections

C. fw tab –t connection

D. fw tab connections

Answer: B

151. Which is NOT an example of a Check Point API?

A. Gateway API

B. Management API

C. OPSEC SDK

D. Threat Prevention API

Answer: A

152. What are the three components for Check Point Capsule?

A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect

C. Capsule Workspace, Capsule Docs, Capsule Connect

The No.1 IT Certification Dumps

41
 Certify For Sure with IT Exam Dumps
D. Capsule Workspace, Capsule Docs, Capsule Cloud

Answer: D

153. What component of R80 Management is used for indexing?

A. DBSync

B. API Server

C. fwm

D. SOLR

Answer: D

154. Which command gives us a perspective of the number of kernel tables?

A. fw tab -t

B. fw tab -s

C. fw tab -n

D. fw tab -k

Answer: B

155. On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the

default Log Server uses port:

A. 18210

B. 18184

C. 257

D. 18191

Answer: B

156. Which software blade does NOT accompany the Threat Prevention policy?

A. Anti-virus

B. IPS

C. Threat Emulation

D. Application Control and URL Filtering

The No.1 IT Certification Dumps

42
 Certify For Sure with IT Exam Dumps
Answer: D

157. True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security

Gateway.

A. True, CLI is the prefer method for Licensing

B. False, Central License are handled via Security Management Server

C. False, Central Licenses are installed via Gaia on Security Gateways

D. True, Central License can be installed with CPLIC command on a Security Gateway

Answer: D

158. How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

A. cphaprob set int fwha_vmac_global_param_enabled 1

B. clusterXL set int fwha_vmac_global_param_enabled 1

C. fw ctl set int fwha_vmac_global_param_enabled 1

D. cphaconf set int fwha_vmac_global_param_enabled 1

Answer: C

159. To optimize Rule Base efficiency, the most hit rules should be where?

A. Removed from the Rule Base.

B. Towards the middle of the Rule Base.

C. Towards the top of the Rule Base.

D. Towards the bottom of the Rule Base.

Answer: C

160. Which feature is NOT provided by all Check Point Mobile Access solutions?

A. Support for IPv6

B. Granular access control

C. Strong user authentication

D. Secure connectivity

Answer: A

The No.1 IT Certification Dumps

43
 Certify For Sure with IT Exam Dumps
Explanation: Types of Solutions

All of Check Point's Remote Access solutions provide:

161. On R80.10 the IPS Blade is managed by:

A. Threat Protection policy

B. Anti-Bot Blade

C. Threat Prevention policy

D. Layers on Firewall policy

Answer: C

162. GAiA Software update packages can be imported and installed offline in situation where:

A. Security Gateway with GAiA does NOT have SFTP access to Internet

B. Security Gateway with GAiA does NOT have access to Internet.

C. Security Gateway with GAiA does NOT have SSH access to Internet.

D. The desired CPUSE package is ONLY available in the Check Point CLOUD.

Answer: B

163. SandBlast has several functional components that work together to ensure that attacks are prevented

in real-time. Which the following is NOT part of the SandBlast component?

A. Threat Emulation

B. Mobile Access

C. Mail Transfer Agent

D. Threat Cloud

Answer: C

164. Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination

MAC addresses

B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

C. The CoreXL FW instances assignment mechanism is based on IP Protocol type

The No.1 IT Certification Dumps

44
 Certify For Sure with IT Exam Dumps
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP

addresses, and the IP ‘Protocol’ type

Answer: B

165. How many policy layers do Access Control policy support?

A. 2

B. 4

C. 1

D. 3

Answer: A

Explanation: Two policy layers:

- Network Policy Layer

- Application Control Policy Layer

166. Fill in the blank: The R80 feature _______ permits blocking specific IP addresses for a specified time

period.

A. Block Port Overflow

B. Local Interface Spoofing

C. Suspicious Activity Monitoring

D. Adaptive Threat Prevention

Answer: C

Explanation:

Suspicious Activity Rules Solution

Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access

privileges upon detection of any suspicious network activity (for example, several attempts to gain

unauthorized access).

The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity

rules are Firewall rules that enable the system administrator to instantly block suspicious connections that

are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration

date), can be applied immediately without the need to perform an Install Policy operation.

The No.1 IT Certification Dumps

45
 Certify For Sure with IT Exam Dumps
References:

167. SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:

A. 19090,22

B. 19190,22

C. 18190,80

D. 19009,443

Answer: D

168. The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit

count feature work independently from logging and Track the hits if the Track option is set to “None”?

A. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.

B. Yes it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway.

C. No, it will not work independently because hit count requires all rules to be logged.

D. Yes it will work independently because when you enable Hit Count, the SMS collects the data from

supported Security Gateways.

Answer: D

169. When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help

it calculate traffic direction for events. What is this setting called and what are you defining?

A. Network, and defining your Class A space

B. Topology, and you are defining the Internal network

C. Internal addresses you are defining the gateways

D. Internal network(s) you are defining your networks

Answer: B

170. What two ordered layers make up the Access Control Policy Layer?

A. URL Filtering and Network

B. Network and Threat Prevention

C. Application Control and URL Filtering

The No.1 IT Certification Dumps

46
 Certify For Sure with IT Exam Dumps
D. Network and Application Control

Answer: D

171. Identify the API that is not supported by Check Point currently.

A. R80 Management API-

B. Identity Awareness Web Services API

C. Open REST API

D. OPSEC SDK

Answer: C

172. You want to store the GAIA configuration in a file for later reference. What command should you use?

A. write mem <filename>

B. show config –f <filename>

C. save config –o <filename>

D. save configuration <filename>

Answer: D

173. What command can you use to have cpinfo display all installed hotfixes?

A. cpinfo -hf

B. cpinfo –y all

C. cpinfo –get hf

D. cpinfo installed_jumbo

Answer: B

174. After the initial installation on Check Point appliance, you notice that the Management-interface and

default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway

address 192.168.80.1 onsave config

B. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw

The No.1 IT Certification Dumps

47
 Certify For Sure with IT Exam Dumps
192.168.80.1 onsave config

C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw

192.168.80.1 onsave config

D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop

gateway address 192.168.80.1 onsave config

Answer: A

175. There are 4 ways to use the Management API for creating host object with R80 Management API.

Which one is NOT correct?

A. Using Web Services

B. Using Mgmt_cli tool

C. Using CLISH

D. Using SmartConsole GUI console

E. Events are collected with SmartWorkflow from Trouble Ticket systems

Answer: E

176. GAIA greatly increases operational efficiency by offering an advanced and intuitive software update

agent, commonly referred to as the:

A. Check Point Update Service Engine

B. Check Point Software Update Agent

C. Check Point Remote Installation Daemon (CPRID)

D. Check Point Software Update Daemon

Answer: A

177. When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:

A. Threat Emulation

B. HTTPS

C. QOS

D. VoIP

Answer: D

The No.1 IT Certification Dumps

48
 Certify For Sure with IT Exam Dumps

178. Which Mobile Access Application allows a secure container on Mobile devices to give users access to

internal website, file share and emails?

A. Check Point Remote User

B. Check Point Capsule Workspace

C. Check Point Mobile Web Portal

D. Check Point Capsule Remote

Answer: C

179. You have enabled “Full Log” as a tracking option to a security rule. However, you are still not seeing

any data type information. What is the MOST likely reason?

A. Logging has disk space issues. Change logging storage options on the logging server or Security

Management Server properties and install database.

B. Data Awareness is not enabled.

C. Identity Awareness is not enabled.

D. Logs are arriving from Pre-R80 gateways.

Answer: A

180. Which of the following blades is NOT subscription-based and therefore does not have to be renewed

on a regular basis?

A. Application Control

B. Threat Emulation

C. Anti-Virus

D. Advanced Networking Blade

Answer: B

181. Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of

Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random

access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ

Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an

The No.1 IT Certification Dumps

49
 Certify For Sure with IT Exam Dumps
investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue

during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire

traffic in context of Firewall and problematic traffic?

A. Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn

OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B. Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn

ON SecureXL before using fw monitor to avoid misleading traffic captures.

C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire

traffic.

D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire

traffic.

Answer: A

182. What is the limitation of employing Sticky Decision Function?

A. With SDF enabled, the involved VPN Gateways only supports IKEv1

B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C. With SDF enabled, only ClusterXL in legacy mode is supported

D. With SDF enabled, you can only have three Sync interfaces at most

Answer: B

183. Why would an administrator see the message below?

The No.1 IT Certification Dumps

50
 Certify For Sure with IT Exam Dumps

A. A new Policy Package created on both the Management and Gateway will be deleted and must be

backed up first before proceeding.

B. A new Policy Package created on the Management is going to be installed to the existing Gateway.

C. A new Policy Package created on the Gateway is going to be installed on the existing Management.

D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by

the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Answer: B

184. Which encryption algorithm is the least secured?

A. AES-128

B. AES-256

C. DES

D. 3DES

Answer: C

185. Which command would disable a Cluster Member permanently?

A. clusterXL_admin down

The No.1 IT Certification Dumps

51
 Certify For Sure with IT Exam Dumps
B. cphaprob_admin down

C. clusterXL_admin down-p

D. set clusterXL down-p

Answer: C

186. DLP and Geo Policy are examples of what type of Policy?

A. Standard Policies

B. Shared Policies

C. Inspection Policies

D. Unified Policies

Answer: B

187. Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web

API?

A. SOAP

B. REST

C. XLANG

D. XML-RPC

Answer: B

Explanation:

The Identity Web API uses the REST protocol over SSL. The requests and responses are HTTP and in

JSON format.

188. For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

A. 20 minutes

B. 15 minutes

C. Admin account cannot be unlocked automatically

D. 30 minutes at least

Answer: D

The No.1 IT Certification Dumps

52
 Certify For Sure with IT Exam Dumps
189. Check Point security components are divided into the following components:

A. GUI Client, Security Gateway, WebUI Interface

B. GUI Client, Security Management, Security Gateway

C. Security Gateway, WebUI Interface, Consolidated Security Logs

D. Security Management, Security Gateway, Consolidate Security Logs

Answer: B

190. Which statement is NOT TRUE about Delta synchronization?

A. Using UDP Multicast or Broadcast on port 8161

B. Using UDP Multicast or Broadcast on port 8116

C. Quicker than Full sync

D. Transfers changes in the Kernel tables between cluster members.

Answer: A

191. Packet acceleration (SecureXL) identifies connections by several attributes- Which of the attributes is

NOT used for identifying connection?

A. Source Address

B. Destination Address

C. TCP Acknowledgment Number

D. Source Port

Answer: C

Explanation:

https //sc1.checkpoint.com/documents/R77/CP R77_Firewall_WebAdmm/92711.htm

192. When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but

exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?

A. Toni? AND 10.0.4.210 NOT 10.0.4.76

B. To** AND 10.0.4.210 NOT 10.0.4.76

C. Ton* AND 10.0.4.210 NOT 10.0.4.75

D. "Toni" AND 10.0.4.210 NOT 10.0.4.76

The No.1 IT Certification Dumps

53
 Certify For Sure with IT Exam Dumps
Answer: B

193. SmartEvent uses it's event policy to identify events. How can this be customized?

A. By modifying the firewall rulebase

B. By creating event candidates

C. By matching logs against exclusions

D. By matching logs against event rules

Answer: C

194. Which options are given on features, when editing a Role on Gaia Platform?

A. Read/Write, Read Only

B. Read/Write, Read Only, None

C. Read/Write, None

D. Read Only, None

Answer: B

195. What is the main difference between Threat Extraction and Threat Emulation?

A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B. Threat Extraction always delivers a file and takes less than a second to complete.

C. Threat Emulation never delivers a file that takes less than a second to complete.

D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Answer: B

196. On what port does the CPM process run?

A. TCP 857

B. TCP 18192

C. TCP 900

D. TCP 19009

Answer: D

The No.1 IT Certification Dumps

54
 Certify For Sure with IT Exam Dumps
197. Fill in the blank: A new license should be generated and installed in all of the following situations

EXCEPT when _______ .

A. The license is attached to the wrong Security Gateway.

B. The existing license expires.

C. The license is upgraded.

D. The IP address of the Security Management or Security Gateway has changed.

Answer: A

198. When using CPSTAT, what is the default port used by the AMON server?

A. 18191

B. 18192

C. 18194

D. 18190

Answer: B

199. Which path below is available only when CoreXL is enabled?

A. Slow path

B. Firewall path

C. Medium path

D. Accelerated path

Answer: C

200. The Correlation Unit performs all but the following actions:

A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

B. Generates an event based on the Event policy.

C. Assigns a severity level to the event.

D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an

ongoing event.

Answer: C

The No.1 IT Certification Dumps

55
 Certify For Sure with IT Exam Dumps
201. What key is used to save the current CPView page in a filename format cpview_”cpview process

ID”.cap”number of captures”?

A. S

B. W

C. C

D. Space bar

Answer: C

202. Fill in the blank: ________ information is included in “Full Log” tracking option, but is not included in

“Log” tracking option?

A. Destination port

B. Data type

C. File attributes

D. Application

Answer: B

203. SandBlast appliances can be deployed in the following modes:

A. using a SPAN port to receive a copy of the traffic only

B. detect only

C. inline/prevent or detect

D. as a Mail Transfer Agent and as part of the traffic flow only

Answer: C

204. Vanessa is a Firewall administrator. She wants to test a backup of her company’s production Firewall

cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided

to restore production backup via SmartConsole in lab environment.

Which details she need to fill in System Restore window before she can click OK button and test the

backup?

A. Server, SCP, Username, Password, Path, Comment, Member

B. Server, TFTP, Username, Password, Path, Comment, All Members

The No.1 IT Certification Dumps

56
 Certify For Sure with IT Exam Dumps
C. Server, Protocol, Username, Password, Path, Comment, All Members

D. Server, Protocol, username Password, Path, Comment, Member

Answer: C

205. Which statement is true regarding redundancy?

A. System Administrators know when their cluster has failed over and can also see why it failed over by

using the cphaprob –f if command.

B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C. Machines in a ClusterXL High Availability configuration must be synchronized.

D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open

servers, and virtualized environments.

Answer: D

206. You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet.

However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept

your Terms of Service, and cannot access the Internet. How can you fix this?

A. Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.

B. On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.

C. In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.

D. On the Security Management Server object, check the box ‘Identity Logging’.

Answer: A

207. Fill in the blank: The command _______ provides the most complete restoration of a R80

configuration.

A. upgrade_import

B. cpconfig

C. fwm dbimport -p <export file>

D. cpinfo –recover

The No.1 IT Certification Dumps

57
 Certify For Sure with IT Exam Dumps
Answer: A

208. CoreXL is supported when one of the following features is enabled:

A. Route-based VPN

B. IPS

C. IPv6

D. Overlapping NAT

Answer: B

Explanation:

CoreXL does not support Check Point Suite with these features: References:

209. To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the

following command in Expert mode then reboot:

A. fw ctl multik set_mode 1

B. fw ctl Dynamic_Priority_Queue on

C. fw ctl Dynamic_Priority_Queue enable

D. fw ctl multik set_mode 9

Answer: D

210. Which Check Point software blade provides Application Security and identity control?

A. Identity Awareness

B. Data Loss Prevention

C. URL Filtering

D. Application Control

Answer: D

211. Which of the following process pulls application monitoring status?

A. fwd

B. fwm

C. cpwd

The No.1 IT Certification Dumps

58
 Certify For Sure with IT Exam Dumps
D. cpd

Answer: D

212. Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for

specific gateways, or ________.

A. On all satellite gateway to satellite gateway tunnels

B. On specific tunnels for specific gateways

C. On specific tunnels in the community

D. On specific satellite gateway to central gateway tunnels

Answer: C

213. Which of the following is NOT an alert option?

A. SNMP

B. High alert

C. Mail

D. User defined alert

Answer: B

214. View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)

A. The current administrator has read-only permissions to Threat Prevention Policy.

B. Another user has locked the rule for editing.

C. Configuration lock is present. Click the lock symbol to gain read-write access.

D. The current administrator is logged in as read-only because someone else is editing the policy.

Answer: B

Explanation:

https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R8

0/CP_

The No.1 IT Certification Dumps

59
 Certify For Sure with IT Exam Dumps
215. In SmartEvent, what are the different types of automatic reactions that the administrator can

configure?

A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B. Mail, Block Source, Block Destination, Block Services, SNMP Trap

C. Mail, Block Source, Block Destination, External Script, SNMP Trap

D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Answer: A

216. What command lists all interfaces using Multi-Queue?

A. cpmq get

B. show interface all

C. cpmq set

D. show multiqueue all

Answer: A

217. Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server.

He can do this via WebUI or via CLI.

Which command should he use in CLI? (Choose the correct answer.)

A. remove database lock

B. The database feature has one command lock database override.

C. override database lock

D. The database feature has two commands lock database override and unlock database. Both will work.

Answer: D

218. With Mobile Access enabled, administrators select the web-based and native applications that can be

accessed by remote users and define the actions that users can perform the applications. Mobile Access

encrypts all traffic using:

A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to

access the native applications, they need to install the SSL Network Extender.

B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to

The No.1 IT Certification Dumps

60
 Certify For Sure with IT Exam Dumps
access the native application, they need to install the SSL Network Extender.

C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to

access the native applications, no additional software is required.

D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to

access the native application, no additional software is required.

Answer: A

219. What SmartEvent component creates events?

A. Consolidation Policy

B. Correlation Unit

C. SmartEvent Policy

D. SmartEvent GUI

Answer: B

220. Advanced Security Checkups can be easily conducted within:

A. Reports

B. Advanced

C. Checkups

D. Views

E. Summary

Answer: A

221. What is the default shell for the command line interface?

A. Expert

B. Clish

C. Admin

D. Normal

Answer: B

Explanation:

The default shell of the CLI is called clish

The No.1 IT Certification Dumps

61
 Certify For Sure with IT Exam Dumps

222. Which process is available on any management product and on products that require direct GUI

access, such as SmartEvent and provides GUI client communications, database manipulation, policy

compilation and Management HA synchronization?

A. cpwd

B. fwd

C. cpd

D. fwm

Answer: D

Explanation:

Firewall Management (fwm) is available on any management product, including Multi-Domain and on

products that requite direct GUI access, such as SmartEvent, It provides the following:

– GUI Client communication

– Database manipulation

– Policy Compilation

– Management HA sync

223. What does the Log "Views" tab show when SmartEvent is Correlating events?

A. A list of common reports

B. Reports for customization

C. Top events with charts and graphs

D. Details of a selected logs

Answer: C

224. Which command shows the current connections distributed by CoreXL FW instances?

A. fw ctl multik stat

B. fw ctl affinity -l

C. fw ctl instances -v

D. fw ctl iflist

Answer: A

The No.1 IT Certification Dumps

62
 Certify For Sure with IT Exam Dumps

225. What is the command to see cluster status in cli expert mode?

A. fw ctl stat

B. clusterXL stat

C. clusterXL status

D. cphaprob stat

Answer: D

226. What is the difference between SSL VPN and IPSec VPN?

A. IPSec VPN does not require installation of a resilient VPN client.

B. SSL VPN requires installation of a resident VPN client.

C. SSL VPN and IPSec VPN are the same.

D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed

Browser.

Answer: D

227. SmartEvent does NOT use which of the following procedures to identify events:

A. Matching a log against each event definition

B. Create an event candidate

C. Matching a log against local exclusions

D. Matching a log against global exclusions

Answer: C

Explanation:

Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria

that match an Event Definition. SmartEvent uses these procedures to identify events:

• Matching a Log Against Global Exclusions

• Matching a Log Against Each Event Definition

• Creating an Event Candidate

• When a Candidate Becomes an Event References:

The No.1 IT Certification Dumps

63
 Certify For Sure with IT Exam Dumps
228. In what way are SSL VPN and IPSec VPN different?

A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

C. IPSec VPN does not support two factor authentication, SSL VPN does support this

D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.

Answer: D

229. Capsule Connect and Capsule Workspace both offer secured connection for remote users who are

using their mobile devices. However, there are differences between the two.

Which of the following statements correctly identify each product's capabilities?

A. Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating

system and Android only

B. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect

offers both jailbreak/root detection and MDM cooperative enforcement.

C. For credential protection, Connect uses One-time Password login support and has no SSO support,

whereas Workspace offers both One-Time Password and certain SSO login support.

D. Workspace can support any application, whereas Connect has a limited number of application types

which it will support.

Answer: C

230. Fill in the blank: The tool _______ generates a R80 Security Gateway configuration report.

A. infoCP

B. infoview

C. cpinfo

D. fw cpinfo

Answer: C

231. What is considered Hybrid Emulation Mode?

A. Manual configuration of file types on emulation location.

B. Load sharing of emulation between an on premise appliance and the cloud.

The No.1 IT Certification Dumps

64
 Certify For Sure with IT Exam Dumps
C. Load sharing between OS behavior and CPU Level emulation.

D. High availability between the local SandBlast appliance and the cloud.

Answer: B

232. After trust has been established between the Check Point components, what is TRUE about name and

IP-address changes?

A. Security Gateway IP-address cannot be changed without re-establishing the trust.

B. The Security Gateway name cannot be changed in command line without re-establishing trust.

C. The Security Management Server name cannot be changed in SmartConsole without re-establishing

trust.

D. The Security Management Server IP-address cannot be changed without re-establishing the trust.

Answer: A

233. When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of

ThreatCloud?

A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of

company-related data

B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud

consisting of a combination of all on-premise private cloud environments

C. ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi

infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud

D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about

malicious and benign files that all of the customers can benefit from as it makes emulation of known files

unnecessary

Answer: D

234. Which of the following links will take you to the SmartView web application?

A. https://<Security Management Server host name>/smartviewweb/

B. https://<Security Management Server IP Address>/smartview/

C. https://<Security Management Server host name>smartviewweb

The No.1 IT Certification Dumps

65
 Certify For Sure with IT Exam Dumps
D. https://<Security Management Server IP Address>/smartview

Answer: B

235. At what point is the Internal Certificate Authority (ICA) created?

A. Upon creation of a certificate.

B. During the primary Security Management Server installation process.

C. When an administrator decides to create one.

D. When an administrator initially logs into SmartConsole.

Answer: B

236. Check Point Management (cpm) is the main management process in that it provides the architecture

for a consolidated management console. It empowers the migration from legacy Client-side logic to

Server-side logic. The cpm process:

A. Allow GUI Client and management server to communicate via TCP Port 19001

B. Allow GUI Client and management server to communicate via TCP Port 18191

C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as

policy code generation.

Answer: C

237. SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based

algorithms and has four dedicated components that constantly work together to protect mobile devices and

their data. Which component is NOT part of the SandBlast Mobile solution?

A. Management Dashboard

B. Gateway

C. Personal User Storage

D. Behavior Risk Engine

Answer: C

238. When setting up an externally managed log server, what is one item that will not be configured on the

The No.1 IT Certification Dumps

66
 Certify For Sure with IT Exam Dumps
R80 Security Management Server?

A. IP

B. SIC

C. NAT

D. FQDN

Answer: C

239. What will be the effect of running the following command on the Security Management Server?

A. Remove the installed Security Policy.

B. Remove the local ACL lists.

C. No effect.

D. Reset SIC on all gateways.

Answer: A

240. In the R80 SmartConsole, on which tab are Permissions and Administrators defined?

A. Security Policies

B. Logs and Monitor

C. Manage and Settings

D. Gateways and Servers

Answer: C

241. Fill in the blank: A _______ VPN deployment is used to provide remote users with secure access to

internal corporate resources by authenticating the user through an internet browser.

A. Clientless remote access

The No.1 IT Certification Dumps

67
 Certify For Sure with IT Exam Dumps
B. Clientless direct access

C. Client-based remote access

D. Direct access

Answer: A

242. How long may verification of one file take for Sandblast Threat Emulation?

A. up to 1 minutes

B. within seconds cleaned file will be provided

C. up to 5 minutes

D. up to 3 minutes

Answer: B

243. Which command will allow you to see the interface status?

A. cphaprob interface

B. cphaprob –I interface

C. cphaprob –a if

D. cphaprob stat

Answer: C

244. Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and

older?

A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in

the order in which they are defined, allowing control over the rule base flow and which security

functionalities take precedence.

B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C. Time object to a rule to make the rule active only during specified times.

D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched,

inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D

The No.1 IT Certification Dumps

68
 Certify For Sure with IT Exam Dumps
245. For Management High Availability, which of the following is NOT a valid synchronization status?

A. Collision

B. Down

C. Lagging

D. Never been synchronized

Answer: B

246. Which is NOT a SmartEvent component?

A. SmartEvent Server

B. Correlation Unit

C. Log Consolidator

D. Log Server

Answer: C

247. What is the purpose of the CPCA process?

A. Monitoring the status of processes.

B. Sending and receiving logs.

C. Communication between GUI clients and the SmartCenter server.

D. Generating and modifying certificates.

Answer: D

248. Hit Count is a feature to track the number of connections that each rule matches, which one is not

benefit of Hit Count.

A. Better understand the behavior of the Access Control Policy

B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule

Base

C. Automatically rearrange Access Control Policy based on Hit Count Analysis

D. Analyze a Rule Base - You can delete rules that have no matching connections

Answer: C

The No.1 IT Certification Dumps

69
 Certify For Sure with IT Exam Dumps
249. Which of the following type of authentication on Mobile Access can NOT be used as the first

authentication method?

A. Dynamic ID

B. RADIUS

C. Username and Password

D. Certificate

Answer: A

250. What are the methods of SandBlast Threat Emulation deployment?

A. Cloud, Appliance and Private

B. Cloud, Appliance and Hybrid

C. Cloud, Smart-1 and Hybrid

D. Cloud, OpenServer and Vmware

Answer: A

251. What is correct statement about Security Gateway and Security Management Server failover in Check

Point R80.X in terms of Check Point Redundancy driven solution?

A. Security Gateway failover is an automatic procedure but Security Management Server failover is a

manual procedure.

B. Security Gateway failover as well as Security Management Server failover is a manual procedure.

C. Security Gateway failover is a manual procedure but Security Management Server failover is an

automatic procedure.

D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.

Answer: A

252. Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a

new CPU to replace the existing single core CPU. After installation, is the administrator required to perform

any additional tasks?

A. Go to clash-Run cpstop | Run cpstart

B. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig |

The No.1 IT Certification Dumps

70
 Certify For Sure with IT Exam Dumps
Reboot Security Gateway

C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU

and Cores

D. Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig |

Reboot Security Gateway | Install Security Policy

Answer: B

253. You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command.

You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to

show down. What command do you run to determine the cause?

A. cphaprob –f register

B. cphaprob –d –s report

C. cpstat –f all

D. cphaprob –a list

Answer: D

254. To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

A. fw ctl set int fwha vmac global param enabled

B. fw ctl get int vmac global param enabled; result of command should return value 1

C. cphaprob-a if

D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Answer: D

255. By default, which port does the WebUI listen on?

A. 80

B. 4434

C. 443

D. 8080

Answer: C

The No.1 IT Certification Dumps

71
 Certify For Sure with IT Exam Dumps
256. The _______ software blade package uses CPU-level and OS-level sandboxing in order to detect and

block malware.

A. Next Generation Threat Prevention

B. Next Generation Threat Emulation

C. Next Generation Threat Extraction

D. Next Generation Firewall

Answer: B

257. What cloud-based SandBlast Mobile application is used to register new devices and users?

A. Check Point Protect Application

B. Management Dashboard

C. Behavior Risk Engine

D. Check Point Gateway

Answer: D

258. Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using

______ .

A. User Directory

B. Captive Portal and Transparent Kerberos Authentication

C. Captive Portal

D. UserCheck

Answer: B

259. Which two of these Check Point Protocols are used by SmartEvent Processes?

A. ELA and CPD

B. FWD and LEA

C. FWD and CPLOG

D. ELA and CPLOG

Answer: D

The No.1 IT Certification Dumps

72
 Certify For Sure with IT Exam Dumps
260. Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the

systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his

calculations?

A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.

B. One machine

C. Two machines

D. Three machines

Answer: C

Explanation:

One for Security Management Server and the other one for the Security Gateway.

261. When gathering information about a gateway using CPINFO, what information is included or excluded

when using the “-x” parameter?

A. Includes the registry

B. Gets information about the specified Virtual System

C. Does not resolve network addresses

D. Output excludes connection table

Answer: B

262. One of major features in R80 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same

Security Policy?

A. A lock icon shows that a rule or an object is locked and will be available.

B. AdminA and AdminB are editing the same rule at the same time.

C. A lock icon next to a rule informs that any Administrator is working on this particular rule.

D. AdminA, AdminB and AdminC are editing three different rules at the same time.

Answer: C

263. You are the administrator for ABC Corp. You have logged into your R80 Management server. You are

making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.

The No.1 IT Certification Dumps

73
 Certify For Sure with IT Exam Dumps
What does this mean?

A. This rule No. 6 has been marked for deletion in your Management session.

B. This rule No. 6 has been marked for deletion in another Management session.

C. This rule No. 6 has been marked for editing in your Management session.

D. This rule No. 6 has been marked for editing in another Management session.

Answer: C

264. Under which file is the proxy arp configuration stored?

A. $FWDIR/state/proxy_arp.conf on the management server

B. $FWDIR/conf/local.arp on the management server

C. $FWDIR/state/_tmp/proxy.arp on the security gateway

D. $FWDIR/conf/local.arp on the gateway

Answer: D

265. What is the mechanism behind Threat Extraction?

A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack

against its sender.

B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it

prior to sending it to the intended recipient.

The No.1 IT Certification Dumps

74
 Certify For Sure with IT Exam Dumps
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the

SAM database (Suspicious Activity Monitoring).

D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the

document and forwarded to the intended recipient, which makes this solution very fast.

Answer: D

266. To accelerate the rate of connection establishment, SecureXL groups all connection that match a

particular service and whose sole differentiating element is the source port. The type of grouping enables

even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection

on the same service will be forwarded to the Firewall kernel which will then create a template of the

connection. Which of the these is NOT a SecureXL template?

A. Accept Template

B. Deny Template

C. Drop Template

D. NAT Template

Answer: B

267. What is the most recommended way to install patches and hotfixes?

A. CPUSE Check Point Update Service Engine

B. rpm -Uv

C. Software Update Service

D. UnixinstallScript

Answer: A

268. In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the

type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with

_______ will not apply.

A. ffff

B. 1

C. 3

The No.1 IT Certification Dumps

75
 Certify For Sure with IT Exam Dumps
D. 2

Answer: D

269. Which command is used to display status information for various components?

A. show all systems

B. show system messages

C. sysmess all

D. show sysenv all

Answer: D

270. Which of the following is NOT an option to calculate the traffic direction?

A. Incoming

B. Internal

C. External

D. Outgoing

Answer: D

271. VPN Link Selection will perform the following when the primary VPN link goes down?

A. The Firewall will drop the packets.

B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

C. The Firewall will send out the packet on all interfaces.

D. The Firewall will inform the client that the tunnel is down.

Answer: B

272. Which of the following technologies extracts detailed information from packets and stores that

information in state tables?

A. INSPECT Engine

B. Stateful Inspection

C. Packet Filtering

D. Application Layer Firewall

The No.1 IT Certification Dumps

76
 Certify For Sure with IT Exam Dumps
Answer: A

273. What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

A. Source address, Destination address, Source port, Destination port, Protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol

C. Source address, Destination address, Source port, Destination port

D. Source address, Destination address, Destination port, Protocol

Answer: A

274. How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a

Check Point Security Gateway?

A. Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B. Install appliance TE250X in standalone mode and setup MTA.

C. You can utilize only Check Point Cloud Services for this scenario.

D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.

Answer: C

275. SmartEvent has several components that function together to track security threats. What is the

function of the Correlation Unit as a component of this architecture?

A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat

pattern is identified, an event is forwarded to the SmartEvent Server.

B. Correlates all the identified threats with the consolidation policy.

C. Collects syslog data from third party devices and saves them to the database.

D. Connects with the SmartEvent Client when generating threat reports.

Answer: A

276. What is mandatory for ClusterXL to work properly?

A. The number of cores must be the same on every participating cluster node

B. The Magic MAC number must be unique per cluster node

C. The Sync interface must not have an IP address configured

The No.1 IT Certification Dumps

77
 Certify For Sure with IT Exam Dumps
D. If you have “Non-monitored Private” interfaces, the number of those interfaces must be the same on all

cluster members

Answer: B

277. Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ______ all

traffic. However, in the Application Control policy layer, the default action is _______ all traffic.

A. Accept; redirect

B. Accept; drop

C. Redirect; drop

D. Drop; accept

Answer: D

278. Which tool provides a list of trusted files to the administrator so they can specify to the Threat

Prevention blade that these files do not need to be scanned or analyzed?

A. ThreatWiki

B. Whitelist Files

C. AppWiki

D. IPS Protections

Answer: B

279. Which packet info is ignored with Session Rate Acceleration?

A. source port ranges

B. source ip

C. source port

D. same info from Packet Acceleration is used

Answer: C

280. Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

A. All Connections (Clear or Encrypted)

B. Accept all encrypted traffic

The No.1 IT Certification Dumps

78
 Certify For Sure with IT Exam Dumps
C. Specific VPN Communities

D. All Site-to-Site VPN Communities

Answer: B

281. When requiring certificates for mobile devices, make sure the authentication method is set to one of

the following, Username and Password, RADIUS or _____.

A. SecureID

B. SecurID

C. Complexity

D. TacAcs

Answer: B

282. What are the steps to configure the HTTPS Inspection Policy?

A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy

C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy

D. Go to Application&url filtering blade > Https Inspection > Policy

Answer: A

283. Connections to the Check Point R80 Web API use what protocol?

A. HTTPS

B. RPC

C. VPN

D. SIC

Answer: A

284. When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to

initiate a failover on an active cluster member, what command allows you remove the problematic state?

A. cphaprob –d STOP unregister

B. cphaprob STOP unregister

The No.1 IT Certification Dumps

79
 Certify For Sure with IT Exam Dumps
C. cphaprob unregister STOP

D. cphaprob –d unregister STOP

Answer: A

Explanation:

esting a failover in a controlled manner using following command;

# cphaprob -d STOP -s problem -t 0 register

This will register a problem state on the cluster member this was entered on; If you then run;

# cphaprob list

this will show an entry named STOP.

to remove this problematic register run following;

# cphaprob -d STOP unregister References:

285. Which remote Access Solution is clientless?

A. Checkpoint Mobile

B. Endpoint Security Suite

C. SecuRemote

D. Mobile Access Portal

Answer: D

286. In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

A. SND is a feature to accelerate multiple SSL VPN connections

B. SND is an alternative to IPSec Main Mode, using only 3 packets

C. SND is used to distribute packets among Firewall instances

D. SND is a feature of fw monitor to capture accelerated packets

Answer: C

287. What is the recommended number of physical network interfaces in a Mobile Access cluster

deployment?

A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third

interface for synchronization, a fourth interface leading to the Security Management Server.

The No.1 IT Certification Dumps

80
 Certify For Sure with IT Exam Dumps
B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third

interface for synchronization.

C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for

synchronization.

Answer: B

288. An administrator would like to troubleshoot why templating is not working for some traffic. How can he

determine at which rule templating is disabled?

A. He can use the fw accel stat command on the gateway.

B. He can use the fw accel statistics command on the gateway.

C. He can use the fwaccel stat command on the Security Management Server.

D. He can use the fwaccel stat command on the gateway

Answer: D

289. Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an

Active-Active cluster.

A. Symmetric routing

B. Failovers

C. Asymmetric routing

D. Anti-Spoofing

Answer: C

290. Which one of the following is true about Threat Extraction?

A. Always delivers a file to user

B. Works on all MS Office, Executables, and PDF files

C. Can take up to 3 minutes to complete

D. Delivers file only if no threats found

Answer: A

The No.1 IT Certification Dumps

81
 Certify For Sure with IT Exam Dumps
291. What command verifies that the API server is responding?

A. api stat

B. api status

C. show api_status

D. app_get_status

Answer: B

292. When SecureXL is enabled, all packets should be accelerated, except packets that match the

following conditions:

A. All UDP packets

B. All IPv6 Traffic

C. All packets that match a rule whose source or destination is the Outside Corporate Network

D. CIFS packets

Answer: D

293. Joey want to configure NTP on R80 Security Management Server. He decided to do this via WebUI.

What is the correct address to access the Web UI for Gaia platform via browser?

A. https://<Device_IP_Adress>

B. http://<Device IP_Address>:443

C. https://<Device_IP_Address>:10000

D. https://<Device_IP_Address>:4434

Answer: A

294. In which formats can Threat Emulation forensics reports be viewed in?

A. TXT, XML and CSV

B. PDF and TXT

C. PDF, HTML, and XML

D. PDF and HTML

Answer: C

The No.1 IT Certification Dumps

82
 Certify For Sure with IT Exam Dumps
295. With SecureXL enabled, accelerated packets will pass through the following:

A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

C. Network Interface Card and the Acceleration Device

D. Network Interface Card, OSI Network Layer, and the Acceleration Device

Answer: C

296. Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically

reset every

A. 15 sec

B. 60 sec

C. 5 sec

D. 30 sec

Answer: B

297. Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster

Members over Check Point SIC _______ .

A. TCP Port 18190

B. TCP Port 18209

C. TCP Port 19009

D. TCP Port 18191

Answer: D

298. Which features are only supported with R80.10 Gateways but not R77.x?

A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and

Mobile Access Software Blade policies.

B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.

C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in

the order in which they are defined, allowing control over the rule base flow and which security

functionalities take precedence.

The No.1 IT Certification Dumps

83
 Certify For Sure with IT Exam Dumps
D. Time object to a rule to make the rule active only during specified times.

Answer: C

299. Which tool is used to enable ClusterXL?

A. SmartUpdate

B. cpconfig

C. SmartConsole

D. sysconfig

Answer: B

300. Which command is used to set the CCP protocol to Multicast?

A. cphaprob set_ccp multicast

B. cphaconf set_ccp multicast

C. cphaconf set_ccp no_broadcast

D. cphaprob set_ccp no_broadcast

Answer: B

301. Which of these is an implicit MEP option?

A. Primary-backup

B. Source address based

C. Round robin

D. Load Sharing

Answer: A

302. fwssd is a child process of which of the following Check Point daemons?

A. fwd

B. cpwd

C. fwm

D. cpd

Answer: A

The No.1 IT Certification Dumps

84
 Certify For Sure with IT Exam Dumps

303. The Firewall Administrator is required to create 100 new host objects with different IP addresses. What

API command can he use in the script to achieve the requirement?

A. add host name <New HostName> ip-address <ip address>

B. add hostname <New HostName> ip-address <ip address>

C. set host name <New HostName> ip-address <ip address>

D. set hostname <New HostName> ip-address <ip address>

Answer: A

304. Can multiple administrators connect to a Security Management Server at the same time?

A. No, only one can be connected

B. Yes, all administrators can modify a network object at the same time

C. Yes, every administrator has their own username, and works in a session that is independent of other

administrators.

D. Yes, but only one has the right to write.

Answer: C

305. How is communication between different Check Point components secured in R80? As with all

questions, select the BEST answer.

A. By using IPSEC

B. By using SIC

C. By using ICA

D. By using 3DES

Answer: B

306. What is the difference between an event and a log?

A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy

C. Events are collected with SmartWorkflow form Trouble Ticket systems

D. Log and Events are synonyms

The No.1 IT Certification Dumps

85
 Certify For Sure with IT Exam Dumps
Answer: B

307. Tom has connected to the R80 Management Server remotely using SmartConsole and is in the

process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored

shortly afterward.

What will happen to the changes already made?

A. Tom’s changes will have been stored on the Management when he reconnects and he will not lose any

of his work.

B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that

computer, which is only accessible after a reboot.

C. Tom’s changes will be lost since he lost connectivity and he will have to start again.

D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

Answer: A

308. Fill in the blank: An identity server uses a ______ for user authentication.

A. Shared secret

B. Certificate

C. One-time password

D. Token

Answer: A

309. Which is not a blade option when configuring SmartEvent?

A. Correlation Unit

B. SmartEvent Unit

C. SmartEvent Server

D. Log Server

Answer: B

Explanation:

On the Management tab, enable these Software Blades: References:

The No.1 IT Certification Dumps

86
 Certify For Sure with IT Exam Dumps
310. How many layers make up the TCP/IP model?

A. 2

B. 7

C. 6

D. 4

Answer: D

311. What information is NOT collected from a Security Gateway in a Cpinfo?

A. Firewall logs

B. Configuration and database files

C. System message logs

D. OS and network statistics

Answer: A

312. What is true about the IPS-Blade?

A. In R80, IPS is managed by the Threat Prevention Policy

B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C. In R80, IPS Exceptions cannot be attached to “all rules”

D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Answer: A

313. What API command below creates a new host with the name “New Host” and IP address of

“192.168.0.10”?

A. new host name “New Host” ip-address “192.168.0.10”

B. set host name “New Host” ip-address “192.168.0.10”

C. create host name “New Host” ip-address “192.168.0.10”

D. add host name “New Host” ip-address “192.168.0.10”

Answer: D

314. What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy

The No.1 IT Certification Dumps

87
 Certify For Sure with IT Exam Dumps
Protocol (VRRP) configuration?

A. 1-254

B. 1-255

C. 0-254

D. 0 – 255

Answer: B

315. Which of the following statements is TRUE about R80 management plug-ins?

A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.

C. A management plug-in interacts with a Security Management Server to provide new features and

support for new products.

D. Using a plug-in offers full central management only if special licensing is applied to specific features of

the plug-in.

Answer: C

316. What is the default shell of Gaia CLI?

A. Monitor

B. CLI.sh

C. Read-only

D. Bash

Answer: B

317. Which command collects diagnostic data for analyzing customer setup remotely?

A. cpinfo

B. migrate export

C. sysinfo

D. cpview

Answer: A

Explanation:

The No.1 IT Certification Dumps

88
 Certify For Sure with IT Exam Dumps
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of

execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading

files to Check Point servers).

The CPInfo output file allows analyzing customer setups from a remote location. Check Point support

engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and

Objects. This allows the in-depth analysis of customer's configuration and environment settings.

318. Which utility allows you to configure the DHCP service on Gaia from the command line?

A. ifconfig

B. dhcp_ofg

C. sysconfig

D. cpconfig

Answer: C

319. Which pre-defined Permission Profile should be assigned to an administrator that requires full access

to audit all configurations without modifying them?

A. Auditor

B. Read Only All

C. Super User

D. Full Access

Answer: B

320. What is the purpose of a SmartEvent Correlation Unit?

A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to

the SmartEvent Server.

B. The SmartEvent Correlation Unit’s task it to assign severity levels to the identified events.

C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats

and convert them to events.

D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.

Answer: C

The No.1 IT Certification Dumps

89
 Certify For Sure with IT Exam Dumps

321. Which CLI command will reset the IPS pattern matcher statistics?

A. ips reset pmstat

B. ips pstats reset

C. ips pmstats refresh

D. ips pmstats reset

Answer: D

322. In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another

satellite VPN gateway?

A. Pentagon

B. Combined

C. Meshed

D. Star

Answer: D

323. If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall,

what else is necessary to be completed for it to function properly?

A. Nothing - the proxy ARP is automatically handled in the R80 version

B. Add the proxy ARP configurations in a file called /etc/conf/local.arp

C. Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp

D. Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp

Answer: D

324. Which method below is NOT one of the ways to communicate using the Management API’s?

A. Typing API commands using the “mgmt_cli” command

B. Typing API commands from a dialog box inside the SmartConsole GUI application

C. Typing API commands using Gaia’s secure shell(clish)19+

D. Sending API commands over an http connection using web-services

Answer: D

The No.1 IT Certification Dumps

90
 Certify For Sure with IT Exam Dumps

325. Which Check Point daemon monitors the other daemons?

A. fwm

B. cpd

C. cpwd

D. fwssd

Answer: C

326. In the Firewall chain mode FFF refers to:

A. Stateful Packets

B. No Match

C. All Packets

D. Stateless Packets

Answer: C

327. What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)

A. SmartCenter Server cannot reach this Security Gateway.

B. There is a blade reporting a problem.

C. VPN software blade is reporting a malfunction.

D. Security Gateway’s MGNT NIC card is disconnected.

Answer: B

328. Which statements below are CORRECT regarding Threat Prevention profiles in SmartDashboard?

A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

The No.1 IT Certification Dumps

91
 Certify For Sure with IT Exam Dumps
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Answer: C

329. If you needed the Multicast MAC address of a cluster, what command would you run?

A. cphaprob –a if

B. cphaconf ccp multicast

C. cphaconf debug data

D. cphaprob igmp

Answer: D

330. What is the order of NAT priorities?

A. Static NAT, IP pool NAT, hide NAT

B. IP pool NAT, static NAT, hide NAT

C. Static NAT, automatic NAT, hide NAT

D. Static NAT, hide NAT, IP pool NAT

Answer: A

331. What Factor preclude Secure XL Templating?

A. Source Port Ranges/Encrypted Connections

B. IPS

C. ClusterXL in load sharing Mode

D. CoreXL

Answer: A

332. Where do you create and modify the Mobile Access policy in R80?

A. SmartConsole

B. SmartMonitor

C. SmartEndpoint

D. SmartDashboard

Answer: A

The No.1 IT Certification Dumps

92
 Certify For Sure with IT Exam Dumps

333. What are the main stages of a policy installations?

A. Verification & Compilation, Transfer and Commit

B. Verification & Compilation, Transfer and Installation

C. Verification, Commit, Installation

D. Verification, Compilation & Transfer, Installation

Answer: B

334. You have a Geo-Protection policy blocking Australia and a number of other countries. Your network

now requires a Check Point Firewall to be installed in Sydney, Australia.

What must you do to get SIC to work?

A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of

this.

B. Create a rule at the top in the Sydney firewall to allow control traffic from your network

C. Nothing - Check Point control connections function regardless of Geo-Protection policy

D. Create a rule at the top in your Check Point firewall to bypass the Geo-Protection

Answer: C

335. Which command would you use to set the network interfaces’ affinity in Manual mode?

A. sim affinity -m

B. sim affinity -l

C. sim affinity -a

D. sim affinity -s

Answer: D

336. Office mode means that:

A. SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN

gateway assigns a routable IP address to the remote client.

B. Users authenticate with an Internet browser and use secure HTTPS connection.

C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

The No.1 IT Certification Dumps

93
 Certify For Sure with IT Exam Dumps
D. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a

tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

337. Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced

Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory

on the target machine

B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory

on the source machine

C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the

$FWDIR/log directory on the source machine

D. Size of the /var/log folder of the target machine must be at least 25GB or more

Answer: B

338. Which is the least ideal Synchronization Status for Security Management Server High Availability

deployment?

A. Synchronized

B. Never been synchronized

C. Lagging

D. Collision

Answer: D

339. You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and

used a device with 4 cores.

How many cores can be used in a Cluster for Firewall-kernel on the new device?

A. 3

B. 2

C. 1

The No.1 IT Certification Dumps

94
 Certify For Sure with IT Exam Dumps
D. 4

Answer: D

340. SandBlast agent extends 0 day prevention to what part of the network?

A. Web Browsers and user devices

B. DMZ server

C. Cloud

D. Email servers

Answer: A

341. What is the Implicit Clean-up Rule?

A. A setting is defined in the Global Properties for all policies.

B. A setting that is configured per Policy Layer.

C. Another name for the Clean-up Rule.

D. Automatically created when the Clean-up Rule is defined.

Answer: C

342. Using ClusterXL, what statement is true about the Sticky Decision Function?

A. Can only be changed for Load Sharing implementations

B. All connections are processed and synchronized by the pivot

C. Is configured using cpconfig

D. Is only relevant when using SecureXL

Answer: A

343. Which application should you use to install a contract file?

A. SmartView Monitor

B. WebUI

C. SmartUpdate

D. SmartProvisioning

Answer: C

The No.1 IT Certification Dumps

95
 Certify For Sure with IT Exam Dumps

344. Fill in the blank: The R80 utility fw monitor is used to troubleshoot _______ .

A. User data base corruption

B. LDAP conflicts

C. Traffic issues

D. Phase two key negotiations

Answer: C

Explanation:

Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW

Monitor utility captures network packets at multiple capture points along the FireWall inspection chains.

These captured packets can be inspected later using the WireShark.

345. Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point

appliances. Which the following command is NOT related to redundancy and functions?

A. cphaprob stat

B. cphaprob –a if

C. cphaprob –l list

D. cphaprob all show stat

Answer: D

346. When installing a dedicated R80 SmartEvent server. What is the recommended size of the root

partition?

A. Any size

B. Less than 20GB

C. More than 10GB and less than 20GB

D. At least 20GB

Answer: D

347. Where you can see and search records of action done by R80 SmartConsole administrators?

A. In SmartView Tracker, open active log

The No.1 IT Certification Dumps

96
 Certify For Sure with IT Exam Dumps
B. In the Logs & Monitor view, select “Open Audit Log View”

C. In SmartAuditLog View

D. In Smartlog, all logs

Answer: B

348. SandBlast offers flexibility in implementation based on their individual business needs. What is an

option for deployment of Check Point SandBlast Zero-Day Protection?

A. Smart Cloud Services

B. Load Sharing Mode Services

C. Threat Agent Solution

D. Public Cloud Services

Answer: A

349. Security Checkup Summary can be easily conducted within:

A. Summary

B. Views

C. Reports

D. Checkups

Answer: B

350. You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature,

which command you use?

A. sim erdos –e 1

B. sim erdos – m 1

C. sim erdos –v 1

D. sim erdos –x 1

Answer: A

351. What is not a component of Check Point SandBlast?

A. Threat Emulation

The No.1 IT Certification Dumps

97
 Certify For Sure with IT Exam Dumps
B. Threat Simulator

C. Threat Extraction

D. Threat Cloud

Answer: B

352. What are the blades of Threat Prevention?

A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B. DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C. IPS, AntiVirus, AntiBot

D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Answer: D

353. Check Point APIs allow system engineers and developers to make changes to their organization’s

security policy with CLI tools and Web Services for all the following except:

A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions

C. Execute automated scripts to perform common tasks

D. Create products that use and enhance the Check Point Solution

Answer: A

Explanation:

Check Point APIs let system administrators and developers make changes to the security policy with CLI

tools and web-services. You can use an API to:

• Use an automated script to perform common tasks

• Integrate Check Point products with 3rd party solutions

• Create products that use and enhance the Check Point solution References:

354. Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the

gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?

A. Slow Path

B. Medium Path

The No.1 IT Certification Dumps

98
 Certify For Sure with IT Exam Dumps
C. Fast Path

D. Accelerated Path

Answer: A

355. What is true about VRRP implementations?

A. VRRP membership is enabled in cpconfig

B. VRRP can be used together with ClusterXL, but with degraded performance

C. You cannot have a standalone deployment

D. You cannot have different VRIDs in the same physical network

Answer: C

356. With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email

with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent)

functionality in the Security Gateway?

A. Threat Cloud Intelligence

B. Threat Prevention Software Blade Package

C. Endpoint Total Protection

D. Traffic on port 25

Answer: B

357. CPM process stores objects, policies, users, administrators, licenses and management data in a

database. The database is:

A. MySQL

B. Postgres SQL

C. MarisDB

D. SOLR

Answer: B

358. Which Check Point software blade provides protection from zero-day and undiscovered threats?

A. Firewall

The No.1 IT Certification Dumps

99
 Certify For Sure with IT Exam Dumps
B. Threat Emulation

C. Application Control

D. Threat Extraction

Answer: B

359. Which NAT rules are prioritized first?

A. Post-Automatic/Manual NAT rules

B. Manual/Pre-Automatic NAT

C. Automatic Hide NAT

D. Automatic Static NAT

Answer: B

360. When an encrypted packet is decrypted, where does this happen?

A. Security policy

B. Inbound chain

C. Outbound chain

D. Decryption is not supported

Answer: A

361. What are types of Check Point APIs available currently as part of R80.10 code?

A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services

API

B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API

C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API

D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API

Answer: B

362. What has to be taken into consideration when configuring Management HA?

A. The Database revisions will not be synchronized between the management servers

B. SmartConsole must be closed prior to synchronized changes in the objects database

The No.1 IT Certification Dumps

100
 Certify For Sure with IT Exam Dumps
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow

FW1_cpredundant to pass before the Firewall Control Connections.

D. For Management Server synchronization, only External Virtual Switches are supported. So, if you

wanted to employ Virtual Routers instead, you have to reconsider your design.

Answer: A

363. The Firewall kernel is replicated multiple times, therefore:

A. The Firewall kernel only touches the packet if the connection is accelerated

B. The Firewall can run different policies per core

C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times

out

D. The Firewall can run the same policy on all cores.

Answer: D

Explanation:

On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each

replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and

each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel

instances in the Security Gateway process traffic through the same interfaces and apply the same security

policy.

364. Which command is used to obtain the configuration lock in Gaia?

A. Lock database override

B. Unlock database override

C. Unlock database lock

D. Lock database user

Answer: A

Explanation:

Obtaining a Configuration Lock

365. How many images are included with Check Point TE appliance in Recommended Mode?

The No.1 IT Certification Dumps

101
 Certify For Sure with IT Exam Dumps
A. 2(OS) images

B. images are chosen by administrator during installation

C. as many as licensed for

D. the most new image

Answer: A

366. Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of

logs and shows then as prioritized security events.

A. SmartMonitor

B. SmartView Web Application

C. SmartReporter

D. SmartTracker

Answer: B

367. The following command is used to verify the CPUSE version:

A. HostName:0>show installer status build

B. [Expert@HostName:0]#show installer status

C. [Expert@HostName:0]#show installer status build

D. HostName:0>show installer build

Answer: A

368. Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade

method when the management server is not connected to the Internet?

A. Export R80 configuration, clean install R80.10 and import the configuration

B. CPUSE offline upgrade

C. CPUSE online upgrade

D. SmartUpdate upgrade

Answer: C

369. Your manager asked you to check the status of SecureXL, and its enabled templates and features.

The No.1 IT Certification Dumps

102
 Certify For Sure with IT Exam Dumps
What command will you use to provide such information to manager?

A. fw accel stat

B. fwaccel stat

C. fw acces stats

D. fwaccel stats

Answer: B

370. Which one of the following is true about Capsule Connect?

A. It is a full layer 3 VPN client

B. It offers full enterprise mobility management

C. It is supported only on iOS phones and Windows PCs

D. It does not support all VPN authentication methods

Answer: A

371. What is the purpose of extended master key extension/session hash?

A. UDP VOIP protocol extension

B. In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server

communication

C. Special TCP handshaking extension

D. Supplement DLP data watermark

Answer: B

372. Check Point ClusterXL Active/Active deployment is used when:

A. Only when there is Multicast solution set up.

B. There is Load Sharing solution set up.

C. Only when there is Unicast solution set up.

D. There is High Availability solution set up.

Answer: D

373. The log server sends what to the Correlation Unit?

The No.1 IT Certification Dumps

103
 Certify For Sure with IT Exam Dumps
A. Authentication requests

B. CPMI dbsync

C. Logs

D. Event Policy

Answer: D

374. Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .

A. Firewall policy install

B. Threat Prevention policy install

C. Anti-bot policy install

D. Access Control policy install

Answer: C

Explanation:

https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=docu

ments

375. Which view is NOT a valid CPVIEW view?

A. IDA

B. RAD

C. PDP

D. VPN

Answer: C

376. Check Point Management (cpm) is the main management process in that it provides the architecture

for a consolidates management console. CPM allows the GUI client and management server to

communicate via web services using _______ .

A. TCP port 19009

B. TCP Port 18190

C. TCP Port 18191

D. TCP Port 18209

The No.1 IT Certification Dumps

104
 Certify For Sure with IT Exam Dumps
Answer: A

377. What is a feature that enables VPN connections to successfully maintain a private and secure VPN

session without employing Stateful Inspection?

A. Stateful Mode

B. VPN Routing Mode

C. Wire Mode

D. Stateless Mode

Answer: C

Explanation:

Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over, bypassing

Security Gateway enforcement. This improves performance and reduces downtime. Based on a trusted

source and destination, Wire Mode uses internal interfaces and VPN Communities to maintain a private

and secure VPN session, without employing Stateful Inspection. Since Stateful Inspection no longer takes

place, dynamic-routing protocols that do not survive state verification in non-Wire Mode configurations can

now be deployed. The VPN connection is no different from any other connections along a dedicated wire,

thus the meaning of "Wire Mode".

378. Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check

Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details

from one of the firewalls for which he is responsible. Which of these commands may impact performance

briefly and should not be used during heavy traffic times of day?

A. fw tab -t connections -s

B. fw tab -t connections

C. fw tab -t connections -c

D. fw tab -t connections -f

Answer: B

379. Which command shows detailed information about VPN tunnels?

A. cat $FWDIR/conf/vpn.conf

The No.1 IT Certification Dumps

105
 Certify For Sure with IT Exam Dumps
B. vpn tu tlist

C. vpn tu

D. cpview

Answer: B

380. Which of the following authentication methods ARE NOT used for Mobile Access?

A. RADIUS server

B. Username and password (internal, LDAP)

C. SecurID

D. TACACS+

Answer: D

381. Which directory below contains log files?

A. /opt/CPSmartlog-R80/log

B. /opt/CPshrd-R80/log

C. /opt/CPsuite-R80/fw1/log

D. /opt/CPsuite-R80/log

Answer: C

382. How can SmartView application accessed?

A. http://<Security Management IP Address>/smartview

B. http://<Security Management IP Address>:4434/smartview/

C. https://<Security Management IP Address>/smartview/

D. https://<Security Management host name>:4434/smartview/

Answer: C

383. How do Capsule Connect and Capsule Workspace differ?

A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable

applications.

B. Capsule Workspace can provide access to any application.

The No.1 IT Certification Dumps

106
 Certify For Sure with IT Exam Dumps
C. Capsule Connect provides Business data isolation.

D. Capsule Connect does not require an installed application at client.

Answer: A

384. What is the benefit of “tw monitor” over “tcpdump”?

A. “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B. “fw monitor” is also available for 64-Bit operating systems.

C. With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D. “fw monitor” can be used from the CLI of the Management Server to collect information from multiple

gateways.

Answer: C

385. During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel

Inspection and are rejected by the rule definition, packets are:

A. Dropped without sending a negative acknowledgment

B. Dropped without logs and without sending a negative acknowledgment

C. Dropped with negative acknowledgment

D. Dropped with logs and without sending a negative acknowledgment

Answer: D

386. Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal

port number currently set on the default HTTPS port. Which CLISH commands are required to be able to

change this TCP port?

The No.1 IT Certification Dumps

107
 Certify For Sure with IT Exam Dumps

A. set web ssl-port <new port number>

B. set Gaia-portal port <new port number>

C. set Gaia-portal https-port <new port number>

D. set web https-port <new port number>

Answer: A

387. In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the

following options can you add to each Log, Detailed Log and Extended Log?

A. Accounting

B. Suppression

C. Accounting/Suppression

D. Accounting/Extended

Answer: C

388. Which SmartConsole tab is used to monitor network and security performance?

A. Manage Setting

B. Security Policies

C. Gateway and Servers

The No.1 IT Certification Dumps

108
 Certify For Sure with IT Exam Dumps
D. Logs and Monitor

Answer: D

389. You have existing dbedit scripts from R77. Can you use them with R80.10?

A. dbedit is not supported in R80.10

B. dbedit is fully supported in R80.10

C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers

D. dbedit scripts are being replaced by mgmt_cli in R80.10

Answer: D

390. On the following picture an administrator configures Identity Awareness:

The No.1 IT Certification Dumps

109
 Certify For Sure with IT Exam Dumps

After clicking “Next” the above configuration is supported by:

A. Kerberos SSO which will be working for Active Directory integration

B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory

users and machines to IP addresses in a method that is completely transparent to the user.

C. Obligatory usage of Captive Portal.

D. The ports 443 or 80 what will be used by Browser-Based and configured Authentication.

Answer: B

The No.1 IT Certification Dumps

110
 Certify For Sure with IT Exam Dumps
391. Which firewall daemon is responsible for the FW CLI commands?

A. fwd

B. fwm

C. cpm

D. cpd

Answer: A

The No.1 IT Certification Dumps

111