The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
What CLI command compiles and installs a Security Policy on the target’s Security Gateways?
John is using Management HA. Which Smartcenter should be connected to for making changes?
Which statements below are CORRECT regarding Threat Prevention profiles in Smart Dashboard?
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
You need to see which hotfixes are installed on your gateway, which command would you use?
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be installed in Sydney, Australia.
What must you do to get SIC to work?
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
Which Check Point software blade provides Application Security and identity control?
Bob has finished io setup provisioning a secondary security management server. Now he wants to check if the provisioning has been correct. Which of the following Check Point command can be used to check if the security management server has been installed as a primary or a secondary security management server?
NO: 219
What cloud-based SandBlast Mobile application is used to register new devices and users?
When attempting to start a VPN tunnel, in the logs the error “no proposal chosen” is seen numerous times. No other VPN-related entries are present.
Which phase of the VPN negotiations has failed?
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are differences between the two.
Which of the following statements correctly identify each product's capabilities?
Bob needs to know if Alice was configuring the new virtual cluster interface correctly. Which of the following Check Point commands is true?
Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?
In the Check Point Security Management Architecture, which component(s) can store logs?
True or False: In R81, more than one administrator can login to the Security Management Server with write permission at the same time.
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
Bob is going to prepare the import of the exported R81.10 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.10 release. Which of the following Check Point command is true?
By default, how often does Threat Emulation update the engine on the Security Gateway?
SecureXL is able to accelerate the Connection Rate using templates. Which attributes are used in the template to identify the connection?
What command is used to manually failover a cluster during a zero-downtime upgrade?
Which of the following Central Deployment is NOT a limitation in R81.10 SmartConsole?
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application?
Can multiple administrators connect to a Security Management Server at the same time?
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
Please choose correct command to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?
Alice wants to upgrade the current security management machine from R80.40 to R81.10 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?
When configuring SmartEvent Initial settings, you must specify a basic topology for SmartEvent to help it calculate traffic direction for events. What is this setting called and what are you defining?
What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?
You have used the "set inactivity-timeout 120" command to prevent the session to be disconnected after 10 minutes of inactivity. However, the Web session is being disconnected after 10 minutes. Why?
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI client communications, database manipulation, policy compilation and Management HA synchronization?
Which command shows the current connections distributed by CoreXL FW instances?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________
What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?
What should the admin do in case the Primary Management Server is temporary down?
: 156
VPN Link Selection will perform the following when the primary VPN link goes down?
What API command below creates a new host with the name “New Host” and IP address of “192.168.0.10”?
When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
You find one of your cluster gateways showing “Down” when you run the “cphaprob stat” command. You then run the “clusterXL_admin up” on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with ____________ will not apply.
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
In R81.10 a new feature dynamic log distribution was added. What is this for?
Which process is used mainly for backward compatibility of gateways in R81.X? It provides communication with GUI-client, database manipulation, policy compilation and Management HA synchronization.
After verifying that API Server is not running, how can you start the API Server?
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:
What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
You pushed a policy to your gateway and you cannot access the gateway remotely any more. What command should you use to remove the policy from the gateway by logging in through console access?
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
What needs to be configured if the NAT property ‘Translate destination or client side’ is not enabled in Global Properties?
Using fw monitor you see the following inspection point notion E and i what does that mean?
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
On R81.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Which command can you use to verify the number of active concurrent connections?
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?
What are the different command sources that allow you to communicate with the API server?
Fill in the blank: The tool _____ generates a R81 Security Gateway configuration report.
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
Fill in the blank: The command ___________________ provides the most complete restoration of a R81 configuration.
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
Which of the following is NOT a VPN routing option available in a star community?
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn’t check all requirements for migration to R81?
You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
Please choose the path to monitor the compliance status of the Check Point R81.10 based management.
Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)
Which command would you use to set the network interfaces’ affinity in Manual mode?
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .