New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

156-315.81 Check Point Certified Security Expert R81.20 Questions and Answers

Questions 4

Which of the following is NOT a valid type of SecureXL template?

Options:

A.

Accept Template

B.

Deny template

C.

Drop Template

D.

NAT Template

Buy Now
Questions 5

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Buy Now
Questions 6

What are the two ClusterXL Deployment options?

Options:

A.

Distributed and Full High Availability

B.

Broadcast and Multicast Mode

C.

Distributed and Standalone

D.

Unicast and Multicast Mode

Buy Now
Questions 7

The “Hit count” feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to “None”?

Options:

A.

No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.

B.

Yes it will work independently as long as “analyze all rules” tick box is enabled on the Security Gateway.

C.

No, it will not work independently because hit count requires all rules to be logged.

D.

Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.

Buy Now
Questions 8

The “MAC magic” value must be modified under the following condition:

Options:

A.

There is more than one cluster connected to the same VLAN

B.

A firewall cluster is configured to use Multicast for CCP traffic

C.

There are more than two members in a firewall cluster

D.

A firewall cluster is configured to use Broadcast for CCP traffic

Buy Now
Questions 9

In the Check Point Security Management Architecture, which component(s) can store logs?

Options:

A.

SmartConsole

B.

Security Management Server and Security Gateway

C.

Security Management Server

D.

SmartConsole and Security Management Server

Buy Now
Questions 10

Which Correction mechanisms are available with ClusterXL under R81.20?

Options:

A.

Correction Mechanisms are only available of Maestro Hyperscale Orchestrators

B.

Pre-Correction and SDF (Sticky Decision Function)

C.

SDF (Sticky Decision Function) and Flush and ACK

D.

Dispatcher (Early Correction) and Firewall (Late Correction)

Buy Now
Questions 11

Which Mobile Access Solution is clientless?

Options:

A.

Mobile Access Portal

B.

Checkpoint Mobile

C.

Endpoint Security Suite

D.

SecuRemote

Buy Now
Questions 12

What is the recommended way to have a redundant Sync connection between the cluster nodes?

Options:

A.

In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Connect both Sync interfaces

without using a switch.

B.

Use a group of bonded interfaces. In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define a Virtual IP for the Sync

interface.

C.

In the SmartConsole / Gateways & Servers -> select Cluster Properties / Network Management and define two Sync interfaces per node. Use two different Switches to

connect both Sync interfaces.

D.

Use a group of bonded interfaces connected to different switches. Define a dedicated sync interface, only one interface per node using the SmartConsole / Gateways &

Servers -> select Cluster Properties / Network Management.

Buy Now
Questions 13

Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?

Options:

A.

set web ssl-port

B.

set Gaia-portal port

C.

set Gaia-portal https-port

D.

set web https-port

Buy Now
Questions 14

You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

Options:

A.

Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.

B.

On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.

C.

In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.

D.

On the Security Management Server object, check the box ‘Identity Logging’.

Buy Now
Questions 15

SandBlast agent extends 0-day prevention to what part of the network?

Options:

A.

Web Browsers and user devices

B.

DMZ server

C.

Cloud

D.

Email servers

Buy Now
Questions 16

Which options are given on features, when editing a Role on Gaia Platform?

Options:

A.

Read/Write, Read Only

B.

Read/Write, Read Only, None

C.

Read/Write, None

D.

Read Only, None

Buy Now
Questions 17

Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?

Options:

A.

show agent status

B.

show uninstaller status

C.

show installer packages

D.

show installer status

Buy Now
Questions 18

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

Options:

A.

Both License (.lic) and Contract (.xml) files

B.

cp.macro

C.

Contract file (.xml)

D.

license File (.lic)

Buy Now
Questions 19

John is using Management HA. Which Security Management Server should he use for making changes?

Options:

A.

secondary Smartcenter

B.

active SmartConsole

C.

connect virtual IP of Smartcenter HA

D.

primary Log Server

Buy Now
Questions 20

What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?

Options:

A.

Specific VPN Communities

B.

Remote Access VPN Switch

C.

Mobile Access VPN Domain

D.

Network Access VPN Domain

Buy Now
Questions 21

There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?

Options:

A.

Using Web Services

B.

Using Mgmt_cli tool

C.

Using CLISH

D.

Using SmartConsole GUI console

E.

Events are collected with SmartWorkflow from Trouble Ticket systems

Buy Now
Questions 22

Where you can see and search records of action done by R81 SmartConsole administrators?

Options:

A.

In SmartView Tracker, open active log

B.

In the Logs & Monitor view, select “Open Audit Log View”

C.

In SmartAuditLog View

D.

In Smartlog, all logs

Buy Now
Questions 23

You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

Options:

A.

restore_backup

B.

import backup

C.

cp_merge

D.

migrate import

Buy Now
Questions 24

To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:

Options:

A.

fw ctl multik set_mode 1

B.

fw ctl Dynamic_Priority_Queue on

C.

fw ctl Dynamic_Priority_Queue enable

D.

fw ctl multik set_mode 9

Buy Now
Questions 25

An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.

Why does it not allow him to specify the pre-shared secret?

Options:

A.

IPsec VPN blade should be enabled on both Security Gateway.

B.

Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.

C.

Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.

D.

The Security Gateways are pre-R75.40.

Buy Now
Questions 26

What SmartEvent component creates events?

Options:

A.

Consolidation Policy

B.

Correlation Unit

C.

SmartEvent Policy

D.

SmartEvent GUI

Buy Now
Questions 27

Which statement is NOT TRUE about Delta synchronization?

Options:

A.

Using UDP Multicast or Broadcast on port 8161

B.

Using UDP Multicast or Broadcast on port 8116

C.

Quicker than Full sync

D.

Transfers changes in the Kernel tables between cluster members.

Buy Now
Questions 28

What Factor preclude Secure XL Templating?

Options:

A.

Source Port Ranges/Encrypted Connections

B.

IPS

C.

ClusterXL in load sharing Mode

D.

CoreXL

Buy Now
Questions 29

In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Options:

A.

Big l

B.

Little o

C.

Little i

D.

Big O

Buy Now
Questions 30

CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:

Options:

A.

MySQL

B.

Postgres SQL

C.

MarisDB

D.

SOLR

Buy Now
Questions 31

Which command can you use to enable or disable multi-queue per interface?

Options:

A.

cpmq set

B.

Cpmqueue set

C.

Cpmq config

D.

St cpmq enable

Buy Now
Questions 32

Which of these statements describes the Check Point ThreatCloud?

Options:

A.

Blocks or limits usage of web applications

B.

Prevents or controls access to web sites based on category

C.

Prevents Cloud vulnerability exploits

D.

A worldwide collaborative security network

Buy Now
Questions 33

When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.

Options:

A.

SecureID

B.

SecurID

C.

Complexity

D.

TacAcs

Buy Now
Questions 34

Which command collects diagnostic data for analyzing customer setup remotely?

Options:

A.

cpinfo

B.

migrate export

C.

sysinfo

D.

cpview

Buy Now
Questions 35

Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every

Options:

A.

15 sec

B.

60 sec

C.

5 sec

D.

30 sec

Buy Now
Questions 36

What is the benefit of “tw monitor” over “tcpdump”?

Options:

A.

“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.

B.

“fw monitor” is also available for 64-Bit operating systems.

C.

With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”

D.

“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.

Buy Now
Questions 37

Which command would disable a Cluster Member permanently?

Options:

A.

clusterXL_admin down

B.

cphaprob_admin down

C.

clusterXL_admin down-p

D.

set clusterXL down-p

Buy Now
Questions 38

Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.

Options:

A.

upgrade_import

B.

cpconfig

C.

fwm dbimport -p

D.

cpinfo –recover

Buy Now
Questions 39

What are the three components for Check Point Capsule?

Options:

A.

Capsule Docs, Capsule Cloud, Capsule Connect

B.

Capsule Workspace, Capsule Cloud, Capsule Connect

C.

Capsule Workspace, Capsule Docs, Capsule Connect

D.

Capsule Workspace, Capsule Docs, Capsule Cloud

Buy Now
Questions 40

Which of the SecureXL templates are enabled by default on Security Gateway?

Options:

A.

Accept

B.

Drop

C.

NAT

D.

None

Buy Now
Questions 41

The Event List within the Event tab contains:

Options:

A.

a list of options available for running a query.

B.

the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.

C.

events generated by a query.

D.

the details of a selected event.

Buy Now
Questions 42

According to out of the box SmartEvent policy, which blade will automatically be correlated into events?

Options:

A.

Firewall

B.

VPN

C.

IPS

D.

HTTPS

Buy Now
Questions 43

Which of the following statements about Site-to-Site VPN Domain-based is NOT true?

Options:

A.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

When the Security Gateway encounters traffic originating from one VPN Domain with the destination to a VPN Domain of another VPN Gateway, that traffic is identified as VPN traffic and is sent through the VPN Tunnel between the two Gateways.

B.

Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to

forward traffic to these VTIs. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

C.

Domain-based- VPN domains are pre-defined for all VPN Gateways.

A VPN domain is a service or user that can send or receive VPN traffic through a VPN Gateway.

D.

Domain-based- VPN domains are pre-defined for all VPN Gateways. A VPN domain is a host or network that can send or receive VPN traffic through a VPN Gateway.

Buy Now
Questions 44

As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Options:

A.

That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.

B.

Fill Layer4 VPN –SSL VPN that gives users network access to all mobile applications.

C.

Full Layer3 VPN –IPSec VPN that gives users network access to all mobile applications.

D.

You can make sure that documents are sent to the intended recipients only.

Buy Now
Questions 45

Which directory below contains log files?

Options:

A.

/opt/CPSmartlog-R81/log

B.

/opt/CPshrd-R81/log

C.

/opt/CPsuite-R81/fw1/log

D.

/opt/CPsuite-R81/log

Buy Now
Questions 46

Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

Options:

A.

mgmt_cli add-host “Server_1” ip_address “10.15.123.10” --format txt

B.

mgmt_cli add host name “Server_1” ip-address “10.15.123.10” --format json

C.

mgmt_cli add object-host “Server_1” ip-address “10.15.123.10” --format json

D.

mgmt._cli add object “Server-1” ip-address “10.15.123.10” --format json

Buy Now
Questions 47

SmartConsole R81 requires the following ports to be open for SmartEvent R81 management:

Options:

A.

19090,22

B.

19190,22

C.

18190,80

D.

19009,443

Buy Now
Questions 48

When an encrypted packet is decrypted, where does this happen?

Options:

A.

Security policy

B.

Inbound chain

C.

Outbound chain

D.

Decryption is not supported

Buy Now
Questions 49

You have existing dbedit scripts from R77. Can you use them with R81.20?

Options:

A.

dbedit is not supported in R81.20

B.

dbedit is fully supported in R81.20

C.

You can use dbedit to modify threat prevention or access policies, but not create or modify layers

D.

dbedit scripts are being replaced by mgmt_cli in R81.20

Buy Now
Questions 50

Which command gives us a perspective of the number of kernel tables?

Options:

A.

fw tab -t

B.

fw tab -s

C.

fw tab -n

D.

fw tab -k

Buy Now
Questions 51

Which of the following describes how Threat Extraction functions?

Options:

A.

Detect threats and provides a detailed report of discovered threats.

B.

Proactively detects threats.

C.

Delivers file with original content.

D.

Delivers PDF versions of original files with active content removed.

Buy Now
Questions 52

Connections to the Check Point R81 Web API use what protocol?

Options:

A.

HTTPS

B.

RPC

C.

VPN

D.

SIC

Buy Now
Questions 53

The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Options:

A.

add host name ip-address

B.

add hostname ip-address

C.

set host name ip-address

D.

set hostname ip-address

Buy Now
Questions 54

What command verifies that the API server is responding?

Options:

A.

api stat

B.

api status

C.

show api_status

D.

app_get_status

Buy Now
Questions 55

In R81 spoofing is defined as a method of:

Options:

A.

Disguising an illegal IP address behind an authorized IP address through Port Address Translation.

B.

Hiding your firewall from unauthorized users.

C.

Detecting people using false or wrong authentication logins

D.

Making packets appear as if they come from an authorized IP address.

Buy Now
Questions 56

On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

Options:

A.

18210

B.

18184

C.

257

D.

18191

Buy Now
Questions 57

What has to be taken into consideration when configuring Management HA?

Options:

A.

The Database revisions will not be synchronized between the management servers

B.

SmartConsole must be closed prior to synchronized changes in the objects database

C.

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

D.

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

Buy Now
Questions 58

Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

Options:

A.

Synchronized

B.

Never been synchronized

C.

Lagging

D.

Collision

Buy Now
Questions 59

Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?

Options:

A.

Severity

B.

Automatic reactions

C.

Policy

D.

Threshold

Buy Now
Questions 60

How can SmartView application accessed?

Options:

A.

http:// /smartview

B.

http:// :4434/smartview/

C.

https:// /smartview/

D.

https:// :4434/smartview/

Buy Now
Questions 61

SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user’s machine via the web browser. What are the two modes of SNX?

Options:

A.

Application and Client Service

B.

Network and Application

C.

Network and Layers

D.

Virtual Adapter and Mobile App

Buy Now
Questions 62

Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .

Options:

A.

TCP Port 18190

B.

TCP Port 18209

C.

TCP Port 19009

D.

TCP Port 18191

Buy Now
Questions 63

You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Options:

A.

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

B.

Create a separate Security Policy package for each remote Security Gateway.

C.

Create network objects that restricts all applicable rules to only certain networks.

D.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

Buy Now
Questions 64

Which statement is true regarding redundancy?

Options:

A.

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

B.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

C.

Machines in a ClusterXL High Availability configuration must be synchronized.

D.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Buy Now
Questions 65

If you needed the Multicast MAC address of a cluster, what command would you run?

Options:

A.

cphaprob –a if

B.

cphaconf ccp multicast

C.

cphaconf debug data

D.

cphaprob igmp

Buy Now
Questions 66

What is the mechanism behind Threat Extraction?

Options:

A.

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

B.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

C.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

D.

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Buy Now
Questions 67

The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

Options:

A.

Secure Internal Communication (SIC)

B.

Restart Daemons if they fail

C.

Transfers messages between Firewall processes

D.

Pulls application monitoring status

Buy Now
Questions 68

What is true about the IPS-Blade?

Options:

A.

In R81, IPS is managed by the Threat Prevention Policy

B.

In R81, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict

C.

In R81, IPS Exceptions cannot be attached to “all rules”

D.

In R81, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same

Buy Now
Questions 69

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:

Options:

A.

Allow GUI Client and management server to communicate via TCP Port 19001

B.

Allow GUI Client and management server to communicate via TCP Port 18191

C.

Performs database tasks such as creating, deleting, and modifying objects and compiling policy.

D.

Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.

Buy Now
Questions 70

Fill in the blanks: Gaia can be configured using the ______ or _____ .

Options:

A.

GaiaUI; command line interface

B.

WebUI; Gaia Interface

C.

Command line interface; WebUI

D.

Gaia Interface; GaiaUI

Buy Now
Questions 71

On R81.20 the IPS Blade is managed by:

Options:

A.

Threat Protection policy

B.

Anti-Bot Blade

C.

Threat Prevention policy

D.

Layers on Firewall policy

Buy Now
Questions 72

Packet acceleration (SecureXL) identities connections by several attributes. Which of the attributes is NOT used for identifying connection?

Options:

A.

Source Port

B.

TCP Acknowledgment Number

C.

Source Address

D.

Destination Address

Buy Now
Questions 73

In R81.20 a new feature dynamic log distribution was added. What is this for?

  • Configure the Security Gateway to distribute logs between multiple active Log Servers to support a better rate of Logs and Log Servers redundancy

  • In case of a Management High Availability the management server stores the logs dynamically on the member with the most available disk space in /var/log

  • Synchronize the log between the primary and secondary management server in case of a Management High Availability

Options:

A.

To save disk space in case of a firewall cluster local logs are distributed between the cluster members.

Buy Now
Questions 74

In which scenario will an administrator need to manually define Proxy ARP?

Options:

A.

When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

B.

When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

C.

When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall’s interfaces.

D.

When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall’s interfaces.

Buy Now
Questions 75

Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Options:

A.

/opt/CPshrd-R81/conf/local.arp

B.

/var/opt/CPshrd-R81/conf/local.arp

C.

$CPDIR/conf/local.arp

D.

$FWDIR/conf/local.arp

Buy Now
Questions 76

You want to verify if your management server is ready to upgrade to R81.20. What tool could you use in this process?

Options:

A.

migrate export

B.

upgrade_tools verify

C.

pre_upgrade_verifier

D.

migrate import

Buy Now
Questions 77

The SmartEvent R81 Web application for real-time event monitoring is called:

Options:

A.

SmartView Monitor

B.

SmartEventWeb

C.

There is no Web application for SmartEvent

D.

SmartView

Buy Now
Questions 78

What statement best describes the Proxy ARP feature for Manual NAT in R81.20?

Options:

A.

Automatic proxy ARP configuration can be enabled

B.

Translate Destination on Client Side should be configured

C.

fw ctl proxy should be configured

D.

local.arp file must always be configured

Buy Now
Questions 79

Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Options:

A.

ThreatWiki

B.

Whitelist Files

C.

AppWiki

D.

IPS Protections

Buy Now
Questions 80

Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.

Which command should he use in CLI? (Choose the correct answer.)

Options:

A.

remove database lock

B.

The database feature has one command lock database override.

C.

override database lock

D.

The database feature has two commands lock database override and unlock database. Both will work.

Buy Now
Questions 81

After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.

Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Options:

A.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24set static-route default nexthop gateway address 192.168.80.1 onsave config

B.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

C.

set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 onsave config

D.

set interface Mgmt ipv4-address 192.168.80.200 mask-length 24add static-route default nexthop gateway address 192.168.80.1 onsave config

Buy Now
Questions 82

Office mode means that:

Options:

A.

SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

B.

Users authenticate with an Internet browser and use secure HTTPS connection.

C.

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

D.

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Buy Now
Questions 83

What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)

Options:

A.

SmartCenter Server cannot reach this Security Gateway.

B.

There is a blade reporting a problem.

C.

VPN software blade is reporting a malfunction.

D.

Security Gateway’s MGNT NIC card is disconnected.

Buy Now
Questions 84

What kind of information would you expect to see using the sim affinity command?

Options:

A.

The VMACs used in a Security Gateway cluster

B.

The involved firewall kernel modules in inbound and outbound packet chain

C.

Overview over SecureXL templated connections

D.

Network interfaces and core distribution used for CoreXL

Buy Now
Questions 85

On what port does the CPM process run?

Options:

A.

TCP 857

B.

TCP 18192

C.

TCP 900

D.

TCP 19009

Buy Now
Questions 86

Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.

Which of the following statements correctly identify each product's capabilities?

Options:

A.

Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only

B.

For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection and MDM cooperative enforcement.

C.

For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-Time Password and certain SSO login support.

D.

Workspace can support any application, whereas Connect has a limited number of application types which it will support.

Buy Now
Questions 87

What is the order of NAT priorities?

Options:

A.

Static NAT, IP pool NAT, hide NAT

B.

IP pool NAT, static NAT, hide NAT

C.

Static NAT, automatic NAT, hide NAT

D.

Static NAT, hide NAT, IP pool NAT

Buy Now
Questions 88

Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.

What is one of the requirements for his success?

Options:

A.

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

B.

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

C.

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

D.

Size of the /var/log folder of the target machine must be at least 25GB or more

Buy Now
Questions 89

Which NAT rules are prioritized first?

Options:

A.

Post-Automatic/Manual NAT rules

B.

Manual/Pre-Automatic NAT

C.

Automatic Hide NAT

D.

Automatic Static NAT

Buy Now
Questions 90

Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

Options:

A.

Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.

B.

Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.

C.

Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.

D.

Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.

Buy Now
Questions 91

Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

Options:

A.

AV issues

B.

VPN errors

C.

Network traffic issues

D.

Authentication issues

Buy Now
Questions 92

One of major features in R81 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

Options:

A.

A lock icon shows that a rule or an object is locked and will be available.

B.

AdminA and AdminB are editing the same rule at the same time.

C.

A lock icon next to a rule informs that any Administrator is working on this particular rule.

D.

AdminA, AdminB and AdminC are editing three different rules at the same time.

Buy Now
Questions 93

What must you do first if “fwm sic_reset” could not be completed?

Options:

A.

Cpstop then find keyword “certificate” in objects_5_0.C and delete the section

B.

Reinitialize SIC on the security gateway then run “fw unloadlocal”

C.

Reset SIC from Smart Dashboard

D.

Change internal CA via cpconfig

Buy Now
Questions 94

To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?

Options:

A.

fw ctl set int fwha vmac global param enabled

B.

fw ctl get int vmac global param enabled; result of command should return value 1

C.

cphaprob-a if

D.

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

Buy Now
Questions 95

After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Options:

A.

Security Gateway IP-address cannot be changed without re-establishing the trust.

B.

The Security Gateway name cannot be changed in command line without re-establishing trust.

C.

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.

D.

The Security Management Server IP-address cannot be changed without re-establishing the trust.

Buy Now
Questions 96

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .

Options:

A.

User Directory

B.

Captive Portal and Transparent Kerberos Authentication

C.

Captive Portal

D.

UserCheck

Buy Now
Questions 97

What is the minimum amount of RAM needed for a Threat Prevention Appliance?

Options:

A.

6 GB

B.

8GB with Gaia in 64-bit mode

C.

4 GB

D.

It depends on the number of software blades enabled

Buy Now
Questions 98

What CLI command compiles and installs a Security Policy on the target’s Security Gateways?

Options:

A.

fwm compile

B.

fwm load

C.

fwm fetch

D.

fwm install

Buy Now
Questions 99

How many layers make up the TCP/IP model?

Options:

A.

2

B.

7

C.

6

D.

4

Buy Now
Questions 100

What command would show the API server status?

Options:

A.

cpm status

B.

api restart

C.

api status

D.

show api status

Buy Now
Questions 101

What is true of the API server on R81.20?

Options:

A.

By default the API-server is activated and does not have hardware requirements.

B.

By default the API-server is not active and should be activated from the WebUI.

C.

By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).

D.

By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

Buy Now
Questions 102

In the Firewall chain mode FFF refers to:

Options:

A.

Stateful Packets

B.

No Match

C.

All Packets

D.

Stateless Packets

Buy Now
Questions 103

SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?

Options:

A.

Management Dashboard

B.

Gateway

C.

Personal User Storage

D.

Behavior Risk Engine

Buy Now
Questions 104

Which command is used to set the CCP protocol to Multicast?

Options:

A.

cphaprob set_ccp multicast

B.

cphaconf set_ccp multicast

C.

cphaconf set_ccp no_broadcast

D.

cphaprob set_ccp no_broadcast

Buy Now
Questions 105

Which command shows actual allowed connections in state table?

Options:

A.

fw tab –t StateTable

B.

fw tab –t connections

C.

fw tab –t connection

D.

fw tab connections

Buy Now
Questions 106

What is the limitation of employing Sticky Decision Function?

Options:

A.

With SDF enabled, the involved VPN Gateways only supports IKEv1

B.

Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF

C.

With SDF enabled, only ClusterXL in legacy mode is supported

D.

With SDF enabled, you can only have three Sync interfaces at most

Buy Now
Questions 107

What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Options:

A.

Stateful Mode

B.

VPN Routing Mode

C.

Wire Mode

D.

Stateless Mode

Buy Now
Questions 108

During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

Options:

A.

Host having a Critical event found by Threat Emulation

B.

Host having a Critical event found by IPS

C.

Host having a Critical event found by Antivirus

D.

Host having a Critical event found by Anti-Bot

Buy Now
Questions 109

What is the correct command to observe the Sync traffic in a VRRP environment?

Options:

A.

fw monitor –e “accept[12:4,b]=224.0.0.18;”

B.

fw monitor –e “accept port(6118;”

C.

fw monitor –e “accept proto=mcVRRP;”

D.

fw monitor –e “accept dst=224.0.0.18;”

Buy Now
Questions 110

In R81, how do you manage your Mobile Access Policy?

Options:

A.

Through the Unified Policy

B.

Through the Mobile Console

C.

From SmartDashboard

D.

From the Dedicated Mobility Tab

Buy Now
Questions 111

Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Options:

A.

Detects and blocks malware by correlating multiple detection engines before users are affected.

B.

Configure rules to limit the available network bandwidth for specified users or groups.

C.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

D.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Buy Now
Questions 112

When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:

Options:

A.

Syslog

B.

SNMPTrap

C.

Block Source

D.

Mail

Buy Now
Questions 113

How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?

Options:

A.

1

B.

3

C.

2

D.

4

Buy Now
Questions 114

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

Options:

A.

Centos Linux

B.

Gaia embedded.

C.

Gaia

D.

Red Hat Enterprise Linux version 5

Buy Now
Questions 115

When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

Options:

A.

If the Action is Accept, the gateway allows the packet to pass through the gateway.

B.

If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.

C.

If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.

D.

If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.

Buy Now
Questions 116

How many interfaces can you configure to use the Multi-Queue feature?

Options:

A.

10 interfaces

B.

3 interfaces

C.

4 interfaces

D.

5 interfaces

Buy Now
Questions 117

Which command is used to add users to or from existing roles?

Options:

A.

Add rba user roles

B.

Add rba user

C.

Add user roles

D.

Add user

Buy Now
Questions 118

The back-end database for Check Point R81 Management uses:

Options:

A.

DBMS

B.

MongoDB

C.

PostgreSQL

D.

MySQL

Buy Now
Questions 119

What API command below creates a new host object with the name "My Host" and IP address of "192 168 0 10"?

Options:

A.

set host name "My Host" ip-address "192.168.0.10"

B.

new host name "My Host" ip-address "192 168.0.10"

C.

create host name "My Host" ip-address "192.168 0.10"

D.

mgmt.cli -m add host name "My Host" ip-address "192.168.0 10"

Buy Now
Questions 120

SmartEvent uses it's event policy to identify events. How can this be customized?

Options:

A.

By modifying the firewall rulebase

B.

By creating event candidates

C.

By matching logs against exclusions

D.

By matching logs against event rules

Buy Now
Questions 121

By default, which port does the WebUI listen on?

Options:

A.

80

B.

4434

C.

443

D.

8080

Buy Now
Questions 122

What is the main objective when using Application Control?

Options:

A.

To filter out specific content.

B.

To assist the firewall blade with handling traffic.

C.

To see what users are doing.

D.

Ensure security and privacy of information.

Buy Now
Questions 123

The back-end database for Check Point Management uses:

Options:

A.

PostgreSQL

B.

MongoDB

C.

MySQL

D.

DBMS

Buy Now
Questions 124

Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services.

Options:

A.

DASSERVICE

B.

FWD

C.

CPVIEWD

D.

CPD

Buy Now
Questions 125

Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:

Options:

A.

cpexport

B.

sysinfo

C.

cpsizeme

D.

cpinfo

Buy Now
Questions 126

CoreXL is NOT supported when one of the following features is enabled: (Choose three)

Options:

A.

Route-based VPN

B.

IPS

C.

IPv6

D.

Overlapping NAT

Buy Now
Questions 127

In the R81 SmartConsole, on which tab are Permissions and Administrators defined?

Options:

A.

Security Policies

B.

Logs and Monitor

C.

Manage and Settings

D.

Gateways and Servers

Buy Now
Questions 128

What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?

Options:

A.

Idle <20%

B.

USR <20%

C.

SYS <20%

D.

Wait <20%

Buy Now
Questions 129

What could NOT be a reason for synchronization issues in a Management HA environment?

Options:

A.

Accidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate

B.

There is a network connectivity failure between the servers

C.

Servers are in Collision Mode. Two servers, both in active state cannot be synchronized either automatically or manually.

D.

The products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server

Buy Now
Questions 130

What is the name of the secure application for Mail/Calendar for mobile devices?

Options:

A.

Capsule Workspace

B.

Capsule Mail

C.

Capsule VPN

D.

Secure Workspace

Buy Now
Questions 131

: 156

VPN Link Selection will perform the following when the primary VPN link goes down?

Options:

A.

The Firewall will drop the packets.

B.

The Firewall can update the Link Selection entries to start using a different link for the same tunnel.

C.

The Firewall will send out the packet on all interfaces.

D.

The Firewall will inform the client that the tunnel is down.

Buy Now
Questions 132

In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

Options:

A.

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

B.

Mail, Block Source, Block Destination, Block Services, SNMP Trap

C.

Mail, Block Source, Block Destination, External Script, SNMP Trap

D.

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

Buy Now
Questions 133

When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

Options:

A.

Includes the registry

B.

Gets information about the specified Virtual System

C.

Does not resolve network addresses

D.

Output excludes connection table

Buy Now
Questions 134

Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?

Options:

A.

cpwd

B.

fwd

C.

cpd

D.

fwm

Buy Now
Questions 135

Which web services protocol is used to communicate to the Check Point R81 Identity Awareness Web API?

Options:

A.

SOAP

B.

REST

C.

XLANG

D.

XML-RPC

Buy Now
Questions 136

What component of R81 Management is used for indexing?

Options:

A.

DBSync

B.

API Server

C.

fwm

D.

SOLR

Buy Now
Questions 137

Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?

Options:

A.

You can assign only one profile per gateway and a profile can be assigned to one rule Only.

B.

You can assign multiple profiles per gateway and a profile can be assigned to one rule only.

C.

You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.

D.

You can assign only one profile per gateway and a profile can be assigned to one or more rules.

Buy Now
Questions 138

Which command shows detailed information about VPN tunnels?

Options:

A.

cat $FWDIR/conf/vpn.conf

B.

vpn tu tlist

C.

vpn tu

D.

cpview

Buy Now
Questions 139

When simulating a problem on ClusterXL cluster with cphaprob –d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Options:

A.

cphaprob –d STOP unregister

B.

cphaprob STOP unregister

C.

cphaprob unregister STOP

D.

cphaprob –d unregister STOP

Buy Now
Questions 140

What are the blades of Threat Prevention?

Options:

A.

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B.

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

C.

IPS, AntiVirus, AntiBot

D.

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

Buy Now
Questions 141

What is the purpose of extended master key extension/session hash?

Options:

A.

UDP VOIP protocol extension

B.

In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication

C.

Special TCP handshaking extension

D.

Supplement DLP data watermark

Buy Now
Questions 142

True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.

Options:

A.

False, this feature has to be enabled in the Global Properties.

B.

True, every administrator works in a session that is independent of the other administrators.

C.

True, every administrator works on a different database that is independent of the other administrators.

D.

False, only one administrator can login with write permission.

Buy Now
Questions 143

What is the SandBlast Agent designed to do?

Options:

A.

Performs OS-level sandboxing for SandBlast Cloud architecture

B.

Ensure the Check Point SandBlast services is running on the end user’s system

C.

If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network

D.

Clean up email sent with malicious attachments

Buy Now
Questions 144

What key is used to save the current CPView page in a filename format cpview_”cpview process ID”.cap”number of captures”?

Options:

A.

S

B.

W

C.

C

D.

Space bar

Buy Now
Questions 145

Which file gives you a list of all security servers in use, including port number?

Options:

A.

$FWDIR/conf/conf.conf

B.

$FWDIR/conf/servers.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/conf/serversd.conf

Buy Now
Questions 146

Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .

Options:

A.

Sent to the Internal Certificate Authority.

B.

Sent to the Security Administrator.

C.

Stored on the Security Management Server.

D.

Stored on the Certificate Revocation List.

Buy Now
Questions 147

What is the valid range for VRID value in VRRP configuration?

Options:

A.

1 - 254

B.

1 - 255

C.

0 - 254

D.

0 - 255

Buy Now
Questions 148

In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Options:

A.

Accounting

B.

Suppression

C.

Accounting/Suppression

D.

Accounting/Extended

Buy Now
Questions 149

Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Options:

A.

INSPECT Engine

B.

Stateful Inspection

C.

Packet Filtering

D.

Application Layer Firewall

Buy Now
Questions 150

Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:

Options:

A.

Create new dashboards to manage 3rd party task

B.

Create products that use and enhance 3rd party solutions

C.

Execute automated scripts to perform common tasks

D.

Create products that use and enhance the Check Point Solution

Buy Now
Questions 151

Which of the following is NOT a VPN routing option available in a star community?

Options:

A.

To satellites through center only.

B.

To center, or through the center to other satellites, to Internet and other VPN targets.

C.

To center and to other satellites through center.

D.

To center only.

Buy Now
Questions 152

What is UserCheck?

Options:

A.

Messaging tool used to verify a user’s credentials.

B.

Communication tool used to inform a user about a website or application they are trying to access.

C.

Administrator tool used to monitor users on their network.

D.

Communication tool used to notify an administrator when a new user is created.

Buy Now
Questions 153

In which formats can Threat Emulation forensics reports be viewed in?

Options:

A.

TXT, XML and CSV

B.

PDF and TXT

C.

PDF, HTML, and XML

D.

PDF and HTML

Buy Now
Questions 154

In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Options:

A.

ffff

B.

1

C.

3

D.

2

Buy Now
Questions 155

What is the Implicit Clean-up Rule?

Options:

A.

A setting is defined in the Global Properties for all policies.

B.

A setting that is configured per Policy Layer.

C.

Another name for the Clean-up Rule.

D.

Automatically created when the Clean-up Rule is defined.

Buy Now
Questions 156

Which path below is available only when CoreXL is enabled?

Options:

A.

Slow path

B.

Firewall path

C.

Medium path

D.

Accelerated path

Buy Now
Questions 157

Which process handles connection from SmartConsole R81?

Options:

A.

fwm

B.

cpmd

C.

cpm

D.

cpd

Buy Now
Questions 158

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

Options:

A.

20 minutes

B.

15 minutes

C.

Admin account cannot be unlocked automatically

D.

30 minutes at least

Buy Now
Questions 159

The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

Options:

A.

Next Generation Threat Prevention

B.

Next Generation Threat Emulation

C.

Next Generation Threat Extraction

D.

Next Generation Firewall

Buy Now
Questions 160

Which of the following is NOT an option to calculate the traffic direction?

Options:

A.

Incoming

B.

Internal

C.

External

D.

Outgoing

Buy Now
Questions 161

Which is NOT a SmartEvent component?

Options:

A.

SmartEvent Server

B.

Correlation Unit

C.

Log Consolidator

D.

Log Server

Buy Now
Questions 162

How often does Threat Emulation download packages by default?

Options:

A.

Once a week

B.

Once an hour

C.

Twice per day

D.

Once per day

Buy Now
Questions 163

Which statement is true about ClusterXL?

Options:

A.

Supports Dynamic Routing (Unicast and Multicast)

B.

Supports Dynamic Routing (Unicast Only)

C.

Supports Dynamic Routing (Multicast Only)

D.

Does not support Dynamic Routing

Buy Now
Questions 164

As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?

Options:

A.

SFWDIR/smartevent/conf

B.

$RTDIR/smartevent/conf

C.

$RTDIR/smartview/conf

D.

$FWDIR/smartview/conf

Buy Now
Questions 165

You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Options:

A.

SmartEvent Client Info

B.

SecuRemote

C.

Check Point Protect

D.

Check Point Capsule Cloud

Buy Now
Questions 166

What are the main stages of a policy installations?

Options:

A.

Verification & Compilation, Transfer and Commit

B.

Verification & Compilation, Transfer and Installation

C.

Verification, Commit, Installation

D.

Verification, Compilation & Transfer, Installation

Buy Now
Questions 167

Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Options:

A.

$FWDIR/database/fwauthd.conf

B.

$FWDIR/conf/fwauth.conf

C.

$FWDIR/conf/fwauthd.conf

D.

$FWDIR/state/fwauthd.conf

Buy Now
Questions 168

What are the steps to configure the HTTPS Inspection Policy?

Options:

A.

Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B.

Go to Application&url filtering blade > Advanced > Https Inspection > Policy

C.

Go to Manage&Settings > Blades > HTTPS Inspection > Policy

D.

Go to Application&url filtering blade > Https Inspection > Policy

Buy Now
Questions 169

After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Options:

A.

cvpnd_restart

B.

cvpnd_restart

C.

cvpnd restart

D.

cvpnrestart

Buy Now
Questions 170

Which of these is an implicit MEP option?

Options:

A.

Primary-backup

B.

Source address based

C.

Round robin

D.

Load Sharing

Buy Now
Questions 171

What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?

Options:

A.

new host name “New Host” ip-address “192.168.0.10”

B.

set host name “New Host” ip-address “192.168.0.10”

C.

create host name “New Host” ip-address “192.168.0.10”

D.

add host name “New Host” ip-address “192.168.0.10”

Buy Now
Questions 172

Which of the following will NOT affect acceleration?

Options:

A.

Connections destined to or originated from the Security gateway

B.

A 5-tuple match

C.

Multicast packets

D.

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Buy Now
Questions 173

What is the command to check the status of the SmartEvent Correlation Unit?

Options:

A.

fw ctl get int cpsead_stat

B.

cpstat cpsead

C.

fw ctl stat cpsemd

D.

cp_conf get_stat cpsemd

Buy Now
Questions 174

Using ClusterXL, what statement is true about the Sticky Decision Function?

Options:

A.

Can only be changed for Load Sharing implementations

B.

All connections are processed and synchronized by the pivot

C.

Is configured using cpconfig

D.

Is only relevant when using SecureXL

Buy Now
Questions 175

What information is NOT collected from a Security Gateway in a Cpinfo?

Options:

A.

Firewall logs

B.

Configuration and database files

C.

System message logs

D.

OS and network statistics

Buy Now
Questions 176

Customer’s R81 management server needs to be upgraded to R81.20. What is the best upgrade method when the management server is not connected to the Internet?

Options:

A.

Export R81 configuration, clean install R81.20 and import the configuration

B.

CPUSE offline upgrade

C.

CPUSE online upgrade

D.

SmartUpdate upgrade

Buy Now
Questions 177

An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?

Options:

A.

He can use the fw accel stat command on the gateway.

B.

He can use the fw accel statistics command on the gateway.

C.

He can use the fwaccel stat command on the Security Management Server.

D.

He can use the fwaccel stat command on the gateway

Buy Now
Questions 178

What is the main difference between Threat Extraction and Threat Emulation?

Options:

A.

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

B.

Threat Extraction always delivers a file and takes less than a second to complete.

C.

Threat Emulation never delivers a file that takes less than a second to complete.

D.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

Buy Now
Questions 179

The following command is used to verify the CPUSE version:

Options:

A.

HostName:0>show installer status build

B.

[Expert@HostName:0]#show installer status

C.

[Expert@HostName:0]#show installer status build

D.

HostName:0>show installer build

Buy Now
Questions 180

What is the command to see cluster status in cli expert mode?

Options:

A.

fw ctl stat

B.

clusterXL stat

C.

clusterXL status

D.

cphaprob stat

Buy Now
Questions 181

How do you enable virtual mac (VMAC) on-the-fly on a cluster member?

Options:

A.

cphaprob set int fwha_vmac_global_param_enabled 1

B.

clusterXL set int fwha_vmac_global_param_enabled 1

C.

fw ctl set int fwha_vmac_global_param_enabled 1

D.

cphaconf set int fwha_vmac_global_param_enabled 1

Buy Now
Questions 182

John is using Management HA. Which Smartcenter should be connected to for making changes?

Options:

A.

secondary Smartcenter

B.

active Smartenter

C.

connect virtual IP of Smartcenter HA

D.

primary Smartcenter

Buy Now
Questions 183

NO: 180

What command can you use to have cpinfo display all installed hotfixes?

Options:

A.

cpinfo -hf

B.

cpinfo –y all

C.

cpinfo –get hf

D.

cpinfo installed_jumbo

Buy Now
Questions 184

Which Check Point daemon monitors the other daemons?

Options:

A.

fwm

B.

cpd

C.

cpwd

D.

fwssd

Buy Now
Questions 185

What processes does CPM control?

Options:

A.

Object-Store, Database changes, CPM Process and web-services

B.

web-services, CPMI process, DLEserver, CPM process

C.

DLEServer, Object-Store, CP Process and database changes

D.

web_services, dle_server and object_Store

Buy Now
Questions 186

To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Options:

A.

fw ctl Dyn_Dispatch on

B.

fw ctl Dyn_Dispatch enable

C.

fw ctl multik set_mode 4

D.

fw ctl multik set_mode 1

Buy Now
Questions 187

You want to store the GAIA configuration in a file for later reference. What command should you use?

Options:

A.

write mem

B.

show config –f

C.

save config –o

D.

save configuration

Buy Now
Questions 188

From SecureXL perspective, what are the tree paths of traffic flow:

Options:

A.

Initial Path; Medium Path; Accelerated Path

B.

Layer Path; Blade Path; Rule Path

C.

Firewall Path; Accept Path; Drop Path

D.

Firewall Path; Accelerated Path; Medium Path

Buy Now
Exam Code: 156-315.81
Exam Name: Check Point Certified Security Expert R81.20
Last Update: Dec 26, 2024
Questions: 628

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99