Deck 3: Check Point Certified Security Expert - R80

A) SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
B) SmartConsole GUI Console, mgmt._cli Tool, Gaia CLI, Web Services
C) SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D) API_cli Tool, Gaia CLI, Web Services

A) HTTPS
B) RPC
C) VPN
D) SIC

A) add host name ip-address
B) add hostname ip-address
C) set host name ip-address
D) set hostname ip-address

A) TCP port 19009
B) TCP Port 18190
C) TCP Port 18191
D) TCP Port 18209

A) fwd via cpm
B) fwm via fwd
C) cpm via cpd
D) fwd via cpd

A) ELA and CPD
B) FWD and LEA
C) FWD and CPLOG
D) ELA and CPLOG

A) 15 sec
B) 60 sec
C) 5 sec
D) 30 sec

A) Secure Internal Communication (SIC)
B) Restart Daemons if they fail
C) Transfers messages between Firewall processes
D) Pulls application monitoring status

A) None, Security Management Server would be installed by itself.
B) SmartConsole
C) SecureClient
D) Security Gateway
E) SmartEvent

A) 18191
B) 18190
C) 8983
D) 19009

A) Gateway API
B) Management API
C) OPSC SDK
D) Threat Prevention API

A) Typing API commands using the "mgmt_cli" command
B) Typing API commands from a dialog box inside the SmartConsole GUI application
C) Typing API commands using Gaia's secure shell(clish)19+
D) Sending API commands over an http connection using web-services

A) Host having a Critical event found by Threat Emulation
B) Host having a Critical event found by IPS
C) Host having a Critical event found by Antivirus
D) Host having a Critical event found by Anti-Bot

A) MySQL
B) Postgres SQL
C) MarisDB
D) SOLR

A) Application and Client Service
B) Network and Application
C) Network and Layers
D) Virtual Adapter and Mobile App

A) clusterXL_admin down
B) cphaprob_admin down
C) clusterXL_admin down-p
D) set clusterXL down-p

A) IDA
B) RAD
C) PDP
D) VPN

A) Stateful Mode
B) VPN Routing Mode
C) Wire Mode
D) Stateless Mode

A) This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
B) This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
C) This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
D) Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

A) Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B) Mail, Block Source, Block Destination, Block Services, SNMP Trap
C) Mail, Block Source, Block Destination, External Script, SNMP Trap
D) Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

A) SmartConsole
B) SmartMonitor
C) SmartEndpoint
D) SmartDashboard

A) Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
B) Capsule Workspace can provide access to any application.
C) Capsule Connect provides Business data isolation.
D) Capsule Connect does not require an installed application at client.

A) new host name "New Host" ip-address "192.168.0.10"
B) set host name "New Host" ip-address "192.168.0.10"
C) create host name "New Host" ip-address "192.168.0.10"
D) add host name "New Host" ip-address "192.168.0.10"

A) With SDF enabled, the involved VPN Gateways only supports IKEv1
B) Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C) With SDF enabled, only ClusterXL in legacy mode is supported
D) With SDF enabled, you can only have three Sync interfaces at most

A) fwd
B) fwm
C) cpwd
D) cpd

A) cphaprob -d STOP unregister
B) cphaprob STOP unregister
C) cphaprob unregister STOP
D) cphaprob -d unregister STOP

A) 1, 2, 3, 4
B) 1, 4, 2, 3
C) 3, 1, 2, 4
D) 4, 3, 1, 2

A) Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
B) Correlates all the identified threats with the consolidation policy.
C) Collects syslog data from third party devices and saves them to the database.
D) Connects with the SmartEvent Client when generating threat reports.

A) When a box up, Effective Priority = Priority + Priority Delta
B) When an Interface is up, Effective Priority = Priority + Priority Delta
C) When an Interface fail, Effective Priority = Priority - Priority Delta
D) When a box fail, Effective Priority = Priority - Priority Delta

A) fw conn all
B) fw ctl pstat
C) show all connections
D) show connections

A) fw monitor -e "accept[12:4,b]=224.0.0.18;"
B) fw monitor -e "accept(6118;"
C) fw monitor -e "accept proto=mcVRRP;"
D) fw monitor -e "accept dst=224.0.0.18;"

A) You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B) You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C) You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D) You can assign only one profile per gateway and a profile can be assigned to one or more rules.

A) 19090,22
B) 19190,22
C) 18190,80
D) 19009,443

A) Threat Emulation
B) HTTPS
C) QOS
D) VoIP

A) 2
B) 1
C) 4
D) 6

A) fw tab -t
B) fw tab -s
C) fw tab -n
D) fw tab -k

A) This statement is true because SecureXL does improve all traffic.
B) This statement is false because SecureXL does not improve this traffic but CoreXL does.
C) This statement is true because SecureXL does improve this traffic.
D) This statement is false because encrypted traffic cannot be inspected.

A) System Administrators know their cluster has failed over and can also see why it failed over by using the cphaprob -f if command.
B) ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C) Machines in a ClusterXL High Availability configuration must be synchronized.
D) Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

A) 2(OS) images
B) images are chosen by administrator during installation
C) as many as licensed for
D) the most new image

A) File name and Gateway
B) Object Name and MD5 signature
C) MD5 signature and Gateway
D) IP address of Management Server and Gateway

A) Dynamic objects are available in the Object Explorer
B) SecureXL can be disabled in cpconfig
C) fwaccel commands can be used in clish
D) Only one packet in a stream is seen in a fw monitor packet capture

A) For short connections like http service - delay sync for 2 seconds
B) Add a second interface to handle sync traffic
C) For short connections like http service - do not sync
D) For short connections like icmp service - delay sync for 2 seconds

A) fw ctl get int cpsead_stat
B) cpstat cpsead
C) fw ctl stat cpsemd
D) cp_conf get_stat cpsemd

A) Firewall logs
B) Configuration and database files
C) System message logs
D) OS and network statistics

A) using a SPAN port to receive a copy of the traffic only
B) detect only
C) inline/prevent or detect
D) as a Mail Transfer Agent and as part of the traffic flow only

A) /opt/CPSmartlog-R80/log
B) /opt/CPshrd-R80/log
C) /opt/CPsuite-R80/fw1/log
D) /opt/CPsuite-R80/log

A) secondary Smartcenter
B) active Smartenter
C) connect virtual IP of Smartcenter HA
D) primary Smartcenter

A) fwm
B) cpd
C) cpwd
D) fwssd

A) dbedit is not supported in R80.10
B) dbedit is fully supported in R80.10
C) You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D) dbedit scripts are being replaced by mgmt_cli in R80.10

A) Identity Awareness Web Services
B) OPSEC SDK
C) Mobile Access
D) Management

A) Once a week
B) Once an hour
C) Twice per day
D) Once per day

A) IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
B) DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
C) IPS, AntiVirus, AntiBot
D) IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

A) Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
B) Generates an event based on the Event policy.
C) Assigns a severity level to the event.
D) Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

A) IPSec VPN does not require installation of a resilient VPN client.
B) SSL VPN requires installation of a resident VPN client.
C) SSL VPN and IPSec VPN are the same.
D) IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.

A) Accept Template
B) Deny Template
C) Drop Template
D) NAT Template

A) It is a full layer 3 VPN client
B) It offers full enterprise mobility management
C) It is supported only on iOS phones and Windows PCs
D) It does not support all VPN authentication methods

A) cphaprob set int fwha_vmac_global_param_enabled 1
B) clusterXL set int fwha_vmac_global_param_enabled 1
C) fw ctl set int fwha_vmac_global_param_enabled 1
D) cphaconf set int fwha_vmac_global_param_enabled 1

A) AES-128
B) AES-256
C) DES
D) 3DES

A) Connections destined to or originated from the Security gateway
B) A 5-tuple match
C) Multicast packets
D) Connections that have a Handler (ICMP, FTP, H.323, etc.)

A) Threat Cloud Intelligence
B) Threat Prevention Software Blade Package
C) Endpoint Total Protection
D) Traffic on port 25

A) The VMACs used in a Security Gateway cluster
B) The involved firewall kernel modules in inbound and outbound packet chain
C) Overview over SecureXL templated connections
D) Network interfaces and core distribution used for CoreXL

A) $FWDIR/conf/conf.conf
B) $FWDIR/conf/servers.conf
C) $FWDIR/conf/fwauthd.conf
D) $FWDIR/conf/serversd.conf

A) cphaprob stat
B) cphaprob -a if
C) cphaprob -l list
D) cphaprob all show stat

A) Stateful Packets
B) No Match
C) All Packets
D) Stateless Packets

A) Verification & Compilation, Transfer and Commit
B) Verification & Compilation, Transfer and Installation
C) Verification, Commit, Installation
D) Verification, Compilation & Transfer, Installation

A) SOAP
B) REST
C) XLANG
D) XML-RPC

A) Validating all data before it's written into the database
B) It generates indexes of data written to the database
C) Communication between SmartConsole applications and the Security Management Server
D) Writing all information into the database

A) AV issues
B) VPN errors
C) Network issues
D) Authentication issues

A) TCP port 443
B) TCP port 257
C) TCP port 256
D) UDP port 8116

A) Export R80 configuration, clean install R80.10 and import the configuration
B) CPUSE offline upgrade
C) CPUSE online upgrade
D) SmartUpdate upgrade

A) The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B) The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C) The CoreXL FW instances assignment mechanism is based on IP Protocol type
D) The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type

A) Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
B) Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but orchestration does not involve processes.
C) Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a process workflow.
D) Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

A) Manual configuration of file types on emulation location.
B) Load sharing of emulation between an on premise appliance and the cloud.
C) Load sharing between OS behavior and CPU Level emulation.
D) High availability between the local SandBlast appliance and the cloud.

A) Summary
B) Views
C) Reports
D) Checkups

A) HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL. Network Extender.
B) HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL. Network Extender.
C) HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
D) HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.

A) Check Point Protect Application
B) Management Dashboard
C) Behavior Risk Engine
D) Check Point Gateway

A) Correlation Unit
B) SmartEvent Unit
C) SmartEvent Server
D) Log Server

A) cpinfo -hf
B) cpinfo -y all
C) cpinfo -get hf
D) cpinfo installed_jumbo

A) Includes the registry
B) Gets information about the specified Virtual System
C) Does not resolve network addresses
D) Output excludes connection table