Checkpoint 156-215.81

Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?. Both License (.lic) and Contract (.xml) files. cp.macro. Contract file (.xml). license File (.lie).

When enabling tracking on a rule, what is the default option?. Accounting Log. Extended Log. Log. Detailed Log.

Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?. The Security Gateway (SG) and Security Management Server (SMS) software and the CPUSE engine. Licensed Check Point products for the Gala operating system and the Gaia operating system itself. The CPUSE engine and the Gaia operating system. The Gaia operating system only.

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as _______. User Center. User Administration. User Directory. UserCheck.

Can you use the same layer in multiple policies or rulebases?. Yes - a layer can be shared with multiple policies and rules. No - each layer must be unique. No - layers cannot be shared or reused, but an identical one can be created. Yes - but it must be copied and pasted with a different name.

Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?. Tom will have to reboot his SmartConsole computer, clear the cache, and restore changes. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot. Tom's changes will be lost since he lost connectivity and he will have to start again. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Security Gateway software blades must be attached to what?. Security Gateway. Security Gateway container. Management server. Management container.

Which tool allows you to monitor the top bandwidth on smart console?. Logs & Monitoring. Smart Event. Gateways & Severs Tab. SmartView Monitor.

A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?. The zone is based on the network topology and determined according to where the interface leads to. Security Zones are not supported by Check Point firewalls. The firewall rule can be configured to include one or more subnets in a zone. The local directly connected subnet defined by the subnet IP and subnet mask.

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?. Stateful Inspection offers unlimited connections because of virtual memory usage. Stateful Inspection offers no benefits over Packet Filtering. Stateful Inspection does not use memory to record the protocol used by the connection. Only one rule is required for each connection.

Which type of Endpoint Identity Agent includes packet tagging and computer authentication?. Full. Custom. Complete. Light.

Fill in the blanks: Gaia can be configured using _______ the ________. Command line interface; WebUI. Gaia Interface; GaiaUI. WebUI; Gaia Interface. GaiaUI; command line interface.

An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?. Section titles are not sent to the gateway side. These sections are simple visual divisions of the Rule Base and do not hinder the order of rule enforcement. A Sectional Title can be used to disable multiple rules by disabling only the sectional title. Sectional Titles do not need to be created in the SmartConsole.

In which scenario is it a valid option to transfer a license from one hardware device to another?. From a 4400 Appliance to a 2200 Appliance. From a 4400 Appliance to an HP Open Server. From an IBM Open Server to an HP Open Server. From an IBM Open Server to a 2200 Appliance.

What are the three types of UserCheck messages?. action, inform, and ask. ask, block, and notify. block, action, and warn. inform, ask, and block.

A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?. In the system SMEM memory pool. In State tables. In the Sessions table. In a CSV file on the firewall hard drive located in $FWDIR/conf/.

What is the RFC number that act as a best practice guide for NAT?. RFC 1939. RFC 1950. RFC 1918. RFC 793.

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?. WebCheck. UserCheck. Harmony Endpoint. URL categorization.

One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?. AdminA, AdminB and AdminC are editing three different rules at the same time. AdminA and AdminB are editing the same rule at the same time. AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator. AdminB sees a pencil icon next the rule that AdminB is currently editing.

What is a role of Publishing?. The Security Management Server Installs the updated policy and the entire database on Security Gateways. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

Name one limitation of using Security Zones in the network?. Security zones will not work in Automatic NAT rules. Security zone will not work in Manual NAT rules. Security zones will not work in firewall policy layer. Security zones cannot be used in network topology.

When configuring LDAP with User Directory integration, changes applied to a User Directory template are: Not reflected for any users unless the local user template is changed. Not reflected for any users who are using that template. Reflected for ail users who are using that template and if the local user template is changed as well. Reflected immediately for all users who are using that template.

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time. True, every administrator works on a different database that Is independent of the other administrators. False, this feature has to be enabled in the Global Properties. True, every administrator works in a session that is independent of the other administrators. False, only one administrator can login with write permission.

What are the three deployment options available for a security gateway?. Standalone, Distributed, and Bridge Mode. Bridge Mode, Remote, and Standalone. Remote, Standalone, and Distributed. Distributed, Bridge Mode, and Remote.

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?. Data Loss Prevention. Antivirus. Application Control. NAT.

Choose what BEST describes users on Gaia Platform. There are two default users and neither can be deleted. There are two default users and one cannot be deleted. There is one default user that can be deleted. There is one default user that cannot be deleted.

Which type of Check Point license ties the package license to the IP address of the Security Management Server?. Central. Corporate. Local. Formal.

An administrator wishes to use Application objects in a rule in their policy, but there are no Application objects listed as options to add when clicking the "+" to add new items to the "Services & Applications" column of a rule. What should be done to fix this?. The administrator should drag-and-drop the needed Application objects from the Object Explorer into the new rule. The "Application Control" blade should be enabled on a gateway. "Applications & URL Filtering" should first be enabled on the policy layer where the rule is being created. The administrator should first create some applications to add to the rule.

Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?. Threat Emulation. Monitoring. Logging and Status. Application Control.

Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?. Formal. Central. Corporate. Local.

What is the purpose of Captive Portal?. It manages user permission in SmartConsole. It provides remote access to SmartConsole. It authenticates users, allowing them access to the Internet and corporate resources. It authenticates users, allowing them access to the Gaia OS.

Which of these is NOT a feature or benefit of Application Control?. Eliminate unknown and unwanted applications in your network to reduce IT complexity and application risk. Identify and control which applications are in your IT environment and which to add to the IT environment. Scans the content of files being downloaded by users in order to make policy decisions. Automatically identify trusted software that has authorization to run.

Identity Awareness allows easy configuration for network access and auditing based on what three items?. Client machine IP address. Network location, the identity of a user and the identity of a machine. Log server IP address. Gateway proxy IP address.

How do logs change when the "Accounting" tracking option is enabled on a traffic rule?. Involved traffic logs will be forwarded to a log server. Provides log details view email to the Administrator. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection. Provides additional information to the connected user.

Fill in the blank: The position of an Implied rule is manipulated in the _______ window. NAT. Global Properties. Object Explorer. Firewall.

You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?. Identity Awareness is not enabled. Log Trimming is enabled. Logging has disk space issues. Content Awareness is not enabled.

How many layers make up the TCP/IP model?. 2. 4. 6. 7.

Fill in the blank: The _____ feature allows administrators to share a policy with other policy packages. Concurrent policy packages. Concurrent policies. Global Policies. Shared policies.

Access roles allow the firewall administrator to configure network access according to: remote access clients. a combination of computer or computer groups and networks. users and user groups. All of the above.

In SmartEvent, a correlation unit (CU) is used to do what?. Collect security gateway logs, Index the logs and then compress the logs. Receive firewall and other software blade logs in a region and forward them to the primary log server. Analyze log entries and identify events. Send SAM block rules to the firewalls during a DOS attack.

The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities. When it comes to performance, proxies were significantly faster than stateful inspection firewalls. Proxies offer far more security because of being able to give visibility of the payload (the data). When it comes to performance, stateful inspection was significantly faster than proxies.

What are the Threat Prevention software components available on the Check Point Security Gateway?. IPS, Threat Emulation and Threat Extraction. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction. IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction. IDS, Forensics, Anti-Virus, Sandboxing.

Check Point licenses come in two forms. What are those forms?. Central and Local. Access Control and Threat Prevention. On-premise and Public Cloud. Security Gateway and Security Management.

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?. Manual NAT can offer more flexibility than Automatic NAT. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading. Automatic NAT can offer more flexibility than Manual NAT.

What is the default tracking option of a rule?. Tracking. Log. None. Alert.

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?. Anti-Bot protection. Anti-Malware protection. Policy-based routing. Suspicious Activity Monitoring (SAM) rules.

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?. Execute the command 'enable' in the cli.sh shell. Execute the 'conf t' command in the cli.sh shell. Execute the command 'expert' in the cli.sh shell. Execute the 'exit' command in the cli.sh shell.

Where can administrator edit a list of trusted SmartConsole clients?. cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server. In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients. WebUI client logged to Security Management Server, SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.

In which deployment is the security management server and Security Gateway installed on the same appliance?. Standalone. Remote. Distributed. Bridge Mode.

When dealing with rule base layers, what two layer types can be utilized?. Ordered Layers and Inline Layers. Inbound Layers and Outbound Layers. R81.10 does not support Layers. Structured Layers and Overlap Layers.

How can the changes made by an administrator before publishing the session be seen by a Super User administrator?. By impersonating the administrator with the 'Login as...' option. They cannot be seen. From the SmartView Tracker audit log. From Manage and Settings > Sessions, right click on the session and click 'View Changes...'.

What are the three main components of Check Point security management architecture?. SmartConsole, Security Management, and Security Gateway. Smart Console, Standalone, and Security Management. SmartConsole, Security policy, and Logs & Monitoring. GUI-Client, Security Management, and Security Gateway.

What is the main objective when using Application Control?. To filter out specific content. To assist the firewall blade with handling traffic. To see what users are doing. Ensure security and privacy of information.

What command from the CLI would be used to view current licensing?. license view. fw ctl tab -t license -s. show license -s. cplic print.

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?. Publish changes. Save changes. Install policy. Install database.

The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?. Cannot reach the Security Gateway. The gateway and all its Software Blades are working properly. At least one Software Blade has a minor issue, but the gateway works. Cannot make SIC between the Security Management Server and the Security Gateway.

Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?. RADIUS. Check Point password. Security questions. SecurID.

Which of the following is NOT a component of a Distinguished Name?. Common Name. Country. User container. Organizational Unit.

In SmartConsole, on which tab are Permissions and Administrators defined?. Manage and Settings. Logs and Monitor. Logs and Monitor. Gateways and Servers.

Which of the following is used to initially create trust between a Gateway and Security Management Server?. Certificate. Internal Certificate Authority. Token. One-time Password.

How many users can have read/write access in Gaia Operating System at one time?. One. Three. Two. Two.

What is the default shell of Gaia CLI?. clish. Monitor. Read-only. Bash.

The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically. No action is required if the firewall has internet access and a DNS server to resolve domain names. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts. The cpinfo command must be run on the firewall with the switch -online-license-activation.

In which scenario will an administrator need to manually define Proxy ARP?. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.

Which Threat Prevention profile uses sanitization technology?. Cloud/data Center. perimeter. Sandbox. Guest Network.

Which two Identity Awareness daemons are used to support identity sharing?. Policy Activation Point (PAP) and Policy Decision Point (PDP). Policy Manipulation Point (PMP) and Policy Activation Point (PAP). Policy Enforcement Point (PEP) and Policy Manipulation Point (PMP). Policy Decision Point (PDP) and Policy Enforcement Point (PEP).

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?. SmartDashboard. SmartEvent. SmartView Monitor. SmartUpdate.

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?. Cache the data to speed up its own function. Share the data to the ThreatCloud for use by other Threat Prevention blades. Log the traffic for Administrator viewing. Delete the data to ensure an analysis of the data is done each time.

Which policy type is used to enforce bandwidth and traffic control rules?. Access Control. Threat Emulation. Threat Prevention. QoS.

When a SAM rule is required on Security Gateway to quickly block suspicious connections which are not restricted by the Security Policy, what actions does the administrator need to take?. SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required. The policy type SAM must be added to the Policy Package and a new SAM rule must be applied. Simply Publishing the changes applies the SAM rule on the firewall. The administrator must work on the firewall CLI (for example with SSH and PuTTY) and the command 'sam block' must be used with the right parameters. The administrator should open the LOGS & MONITOR view and find the relevant log. Right clicking on the log entry will show the Create New SAM rule option.

Fill in the blank: An Endpoint identity agent uses a _____ for user authentication. Token. Username/password or Kerberos Ticket. Shared secret. Certificate.

Fill in the blanks: The _______ collects logs and sends them to the _______. Log server; Security Gateway. Log server; security management server. Security management server; Security Gateway. Security Gateways; log server.

Which of the following is NOT an advantage to using multiple LDAP servers?. You achieve a faster access time by placing LDAP servers containing the database at remote sites. You achieve compartmentalization by allowing a large number of users to be distributed across several servers. Information on a user is hidden, yet distributed across several servers. You gain High Availability by replicating the same information on several servers.

Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer. Upper; Application. First two; Internet. Lower; Application. First two; Transport.

When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?. The gateway is not powered on. Incorrect routing to reach the gateway. The Admin would need to login to Read-Only mode. Another Admin has made an edit to that object and has yet to publish the change.

DLP and Geo Policy are examples of what type of Policy?. Inspection Policies. Shared Policies. Unified Policies. Standard Policies.

Fill in the blanks: In _____ NAT, Only the ________ is translated. Static; source. Simple; source. Hide; destination. Hide; source.

Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?. IPS blade. IPSEC VPN Blade. Identity Awareness Blade. Firewall Blade.

In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs it is recommended to Install the Log Server on a dedicated computer. Which statement is FALSE?. The dedicated Log Server must be the same version as the Security Management Server. More than one Log Server can be installed. A Log Server has a SIC certificate which allows secure communication with the SMS and Security Gateways. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

In order to modify Security Policies the administrator can use which of the following tools? (Choose the best answer.). SmartConsole and WebUI on the Security Management Server. SmartConsole or mgmt_cli (API) on any computer where SmartConsole is installed. Command line of the Security Management Server or mgmt_cli.exe on any Windows computer. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.

A SAM rule Is implemented to provide what function or benefit?. Allow security audits. Handle traffic as defined in the policy. Monitor sequence activity. Block suspicious activity.

Is it possible to have more than one administrator connected to a Security Management Server at once?. Yes, but only if all connected administrators connect with read-only permissions. Yes, but objects edited by one administrator will be locked for editing by others until the session is published. No, only one administrator at a time can connect to a Security Management Server. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.

Which default Gaia user has full read/write access?. admin. superuser. monitor. altuser.

Which is a main component of the Check Point security management architecture?. Identity Collector. Endpoint VPN client. SmartConsole. Proxy Server.

When using Automatic Hide NAT, what is enabled by default?. Source Port Address Translation (PAT). Static NAT. Static Route. HTTPS Inspection.

Which of the following cannot be configured in an Access Role Object?. Networks. Users. Time. Machines.

What are the two types of NAT supported by the Security Gateway?. Source and Destination. Static and Source. Hide and Static. Destination and Hide.

In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?. Logging & Monitoring. None - the data is available by default. Monitoring Blade. SNMP.

What is UserCheck?. Administrator tool used to monitor users on their network. Communication tool used to notify an administrator when a new user is created. Messaging tool used to verify a user s credentials. Communication tool used to inform a user about a website or application they are trying to access.

What is the default shell for the command line interface?. Clish. Admin. Normal. Expert.

When configuring Anti-Spoofing, which tracking options can an Administrator select?. Log, Alert, None. Log, Allow Packets, Email. Drop Packet, Alert, None. Log, Send SNMP Trap, Email.

Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? (Choose the best answer.). IPS. Anti-Virus. Anti-Malware. Content Awareness.

Which of the following log queries would show only dropped packets with source address of 192.168.1.1 and destination address of 172.26.1.1?. src:192.168.1.1 OR dst:172.26.1.1 AND action:Drop. src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop. 192.168.1.1 AND 172.26.1.1 AND drop. 192.168.1.1 OR 172.26.1.1 AND action:Drop.

Which of the following licenses are considered temporary?. Plug-and-play (Trial) and Evaluation. Perpetual and Trial. Evaluation and Subscription. Subscription and Perpetual.

Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) ___________ Server. SecurID. LDAP. NT domain. SMTP.

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?. Different computers or appliances. The same computer or appliance. Both on virtual machines or both on appliances but not mixed. In Azure and AWS cloud environments.

Core Protections are installed as part of what Policy?. Access Control Policy. Desktop Firewall Policy. Mobile Access Policy. Threat Prevention Policy.

A Check Point Software license consists of two components, the Software Blade and the Software Container. There are ______ types of Software Containers: ________. Two; Security Management and Endpoint Security. Two; Endpoint Security and Security Gateway. Three; Security Management, Security Gateway, and Endpoint Security. Three; Security Gateway, Endpoint Security, and Gateway Management.

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?. "Inspect", "Bypass". "Inspect", "Bypass", "Categorize". "Inspect", "Bypass", "Block". "Detect", "Bypass".

Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___________. Captive Portal and Transparent Kerberos Authentication. UserCheck. User Directory. Captive Portal.

With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis?. The complete communication is sent for inspection. The IP address of the source machine. The end user credentials. The host portion of the URL.

Choose what BEST describes the reason why querying logs now are very fast. The amount of logs being stored is less than previous versions. New Smart-1 appliances double the physical memory install. Indexing Engine indexes logs for faster search results. SmartConsole now queries results directly from the Security Gateway.

Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?. Centos Linux. Gaia embedded. Gaia. Red Hat Enterprise Linux version 5.

What is the main difference between Static NAT and Hide NAT?. Static NAT only allows incoming connections to protect your network. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections. Hide NAT only allows incoming connections to protect your network.

Which application is used for the central management and deployment of licenses and packages?. SmartProvisioning. SmartLicense. SmartUpdate. Deployment Agent.

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?. Firewall. Application Control. Anti-spam and Email Security. Anti-Virus.

Why is a Central License the preferred and recommended method of licensing?. Central Licensing is actually not supported with Gaia. Central Licensing is the only option when deploying Gaia. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.

Which of the following technologies extracts detailed information from packets and stores that information in state tables?. Next-Generation Firewall. Application Layer Firewall. INSPECT Engine. Packet Filtering.

What default layers are included when creating a new policy layer?. Application Control, URL Filtering and Threat Prevention. Access Control, Threat Prevention and HTTPS Inspection. Firewall, Application Control and IPSec VPN. Firewall, Application Control and IPS.

When changes are made to a Rule base, it is important to _______________ to enforce changes. Publish database. Activate policy. Install policy. Save changes.

After a new Log Server is added to the environment and the SIC trust has been established with the SMS what will the gateways do?. The gateways can only send logs to an SMS and cannot send logs to a Log Server. Log Servers are proprietary log archive servers. Gateways will send new firewall logs to the new Log Server as soon as the SIC trust is set up between the SMS and the new Log Server. The firewalls will detect the new Log Server after the next policy install and redirect the new logs to the new Log Server. Logs are not automatically forwarded to a new Log Server. SmartConsole must be used to manually configure each gateway to send its logs to the server.

Secure Internal Communication (SIC) is handled by what process?. CPM. HTTPS. FWD. CPD.

To increase security, the administrator has modified the Core protection ‘Host Port Scan’ from ‘Medium’ to ‘High’ Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?. The Access Control and Threat Prevention Policies. The Access Control Policy. The Access Control & HTTPS Inspection Policy. The Threat Prevention Policy.

Name the utility that is used to block activities that appear to be suspicious. Penalty Box. Drop Rule in the rulebase. Suspicious Activity Monitoring (SAM). Stealth rule.

When should you generate new licenses?. When the existing license expires, the license is upgraded, or the IP address associated with the license changes. After a device upgrade. Before installing contract files. Only when the license is upgraded.

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?. The URL and server certificate are sent to the Check Point Online Web Service. The full URL, including page data, is sent to the Check Point Online Web Service. The full URL, including page data, is sent to the Check Point Online Web Service. The host part of the URL is sent to the Check Point Online Web Service. The URL and IP address are sent to the Check Point Online Web Service.

Which deployment adds a Security Gateway to an existing environment without changing IP routing?. Remote. Standalone. Distributed. Bridge Mode.

Name the pre-defined Roles included in Gaia OS. AdminRole, and MonitorRole. ReadWriteRole, and ReadyOnly Role. AdminRole, cloningAdminRole, and Monitor Role. AdminRole.

Gaia has two default user accounts that cannot be deleted. What are those user accounts?. Admin and Default. Expert and Clish. Control and Monitor. Admin and Monitor.

Name the authentication method that requires token authenticator. SecureID. Radius. DynamicID. TACACS.

Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware?. Anti-Bot. None - both Anti-Virus and Anti-Bot are required for this. Anti-Virus. None - both URL Filtering and Anti-Virus are required for this.

Log query results can be exported to what file format?. Word Document (docx). Comma Separated Value (csv). Portable Document Format (pdf). Text (txt).

There are four policy types available for each policy package. What are those policy types?. Access Control, Threat Prevention, Mobile Access and HTTPS Inspection. Access Control, Custom Threat Prevention, Autonomous Threat Prevention and HTTPS Inspection. There are only three policy types: Access Control, Threat Prevention and NAT. Access Control, Threat Prevention, NAT and HTTPS Inspection.

Which tool allows for the automatic updating of the Gaia OS and Check Point products installed on the Gaia OS?. CPASE - Check Point Automatic Service Engine. CPAUE - Check Point Automatic Update Engine. CPDAS - Check Point Deployment Agent Service. CPUSE - Check Point Upgrade Service Engine.

The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways. Which statement best describes this Secure Internal Communication (SIC)?. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA. New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.

Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events. SmartView Web Application. SmartTracker. SmartMonitor. SmartReporter.

What kind of NAT enables Source Port Address Translation by default?. Automatic Static NAT. Manual Hide NAT. Automatic Hide NAT. Manual Static NAT.

Application Control/URL filtering database library is known as: Application database. AppWiki. Application-Forensic Database. Application Library.

What are the types of Software Containers?. Smart Console, Security Management, and Security Gateway. Security Management, Security Gateway, and Endpoint Security. Security Management, Log & Monitoring, and Security Policy. Security Management, Standalone, and Security Gateway.

Stateful Inspection compiles and registers connections where?. Connection Cache. State Cache. State Table. Network Table.

Security Zones do no work with what type of defined rule?. Application Control rule. Manual NAT rule. IPS bypass rule. Firewall rule.

Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code (with unification in R81.10)?. Enterprise Network Security Appliances. Rugged Appliances. Scalable Platforms. Small Business and Branch Office Appliances.

Which of the following is NOT a valid deployment option?. All-in-one (stand-alone). CloudGuard. Bridge Mode. Distributed.

Which of the following is NOT a method used by Identity Awareness for acquiring identity?. Remote Access. Cloud IdP (Identity Provider). Active Directory Query. RADIUS.

What Check Point tool is used to automatically update Check Point products for the Gaia OS?. Check Point Update Engine. Check Point Upgrade Sen/ice Engine (CPUSE). Check Point Upgrade Installation Service. Check Point INSPECT Engine.

What are the advantages of a "shared policy"?. Allows the administrator to share a policy between all the users identified by the Security Gateway. Allows the administrator to share a policy so that it is available to use in another Policy Package. Allows the administrator to share a policy between all the administrators managing the Security Management Server. Allows the administrator to install a policy on one Security Gateway and it gets installed on another managed Security Gateway.

URL Filtering cannot be used to: Control Bandwidth issues. Control Data Security. Improve organizational security. Decrease legal liability.

Which SmartConsole application shows correlated logs and aggregated data to provide an overview of potential threats and attack patterns?. SmartEvent. SmartView Tracker. SmartLog. SmartView Monitor.

Which of the following is used to extract state related information from packets and store that information in state tables?. STATE Engine. TRACK Engine. RECORD Engine. INSPECT Engine.

Which part of SmartConsole allows administrators to add, edit delete, and clone objects?. Object Browser. Object Editor. Object Navigator. Object Explorer.

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?. Source Port Address Translation (PAT) is enabled by default. Automatic NAT rules are supported for Network objects only. Automatic NAT rules are supported for Host objects only. Source Port Address Translation (PAT) is disabled by default.

Which of the following is true about Stateful Inspection?. Stateful Inspection looks at both the headers of packets, as well as deeply examining their content. Stateful Inspection requires that a server reply to a request, in order to track a connection's state. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.

What is the user ID of a user that have all the privileges of a root user?. User ID 1. User ID 2. User ID 0. User ID 99.

What are the two elements of address translation rules?. Original packet and translated packet. Manipulated packet and original packet. Translated packet and untranslated packet. Untranslated packet and manipulated packet.

Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a _______ license is automatically attached to a Security Gateway. Formal; corporate. Local; central. Central; local. Local; formal.

Fill in the blank: RADIUS protocol uses _________ to communicate with the gateway. UDP. CCP. TDP. HTTP.

Which software blade enables Access Control policies to accept, drop, or limit web site access based on user, group, and/or machine?. Application Control. Threat Emulation. Data Awareness. Identity Awareness.

Which one of the following is TRUE?. One policy can be either inline or ordered, but not both. Inline layer can be defined as a rule action. Ordered policy is a sub-policy within another policy. Pre-R80 Gateways do not support ordered layers.

You have discovered suspicious activity in your network. What is the BEST immediate action to take?. Contact your ISP to request them to block the traffic. Wait until traffic has been identified before making any changes. Create a new policy rule to block the traffic. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.

Which of the following is NOT an identity source used for Identity Awareness?. Remote Access. UserCheck. RADIUS. AD Query.

Which statement describes what Identity Sharing is in Identity Awareness?. Users can share identities with other users. Management servers can acquire and share identities with Security Gateways. Administrators can share identities with other administrators. Security Gateways can acquire and share identities with other Security Gateways.

What is the order of NAT priorities?. IP pool NAT, static NAT, hide NAT. Static NAT, hide NAT, IP pool NAT. Static NAT, IP pool NAT, hide NAT. Static NAT, automatic NAT, hide NAT.

Which Security Blade needs to be enabled in order to sanitize and remove potentially malicious content from files, before those files enter the network?. Threat Emulation. Anti-Malware. Anti-Virus. Threat Extraction.

What are the three essential components of the Check Point Security Management Architecture?. WebUI, SmartConsole, Security Gateway. SmartConsole, Security Management Server, Security Gateway. SmartConsole, SmartUpdate, Security Gateway. Security Management Server, Security Gateway, Command Line Interface.

A layer can support different combinations of blades. What are the supported blades: Firewall, URLF, Content Awareness and Mobile Access. Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access. Firewall, NAT, Content Awareness and Mobile Access. Firewall (Network Access Control), Application & URL Filtering and Content Awareness.

What type of NAT is a one-to-one relationship where each host is translated to a unique address?. Hide. Source. Destination. Static.

Which option in tracking allows you to see the amount of data passed in the connection?. Data. Accounting. Logs. Advanced.

If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators? (Choose the BEST answer.). Save and install the Policy. Delete older versions of database. Revert the session. Publish or discard the session.

Which of the following is NOT an alert option?. User defined alert. Mail. SNMP. High alert.

Which Identity Source(s) should be selected in Identity Awareness for when there is a requirement for a higher level of security for sensitive servers?. RADIUS and Account Logon. AD Query. Endpoint Identity Agent and Browser-Based Authentication. Terminal Servers Endpoint Identity Agent.

Which Check Point software blade provides protection from zero-day and undiscovered threats?. Threat Emulation. Firewall. Application Control. Threat Extraction.

Which options are given on features, when editing a Role on Gaia Platform?. Read/Write, None. Read/Write, Read Only, None. Read/Write, Read Only. Read Only, None.

AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a lock icon on a rule? (Choose the BEST answer.). Rule is locked by AdminA and will be made available if the session is published. Rule is locked by AdminA because the rule is currently being edited. Rule is locked by AdminA and if the session is saved, the rule will be made available. Rule is locked by AdminA because the save button has not been pressed.

Fill in the blanks: A Security Policy is created in _____, stored in the _____, and Distributed to the various _______. Rule base, Security Management Server, Security Gateways. SmartConsole, Security Management Server, Security Gateways. SmartConsole, Security Gateway, Security Management Servers. The Check Point database, SmartConsole, Security Gateways.

What is NOT an advantage of Stateful Inspection?. Good Security. Transparency. No Screening above Network Layer. High Performance.

Fill in the blank: Once a license is activated, a ______ should be installed. Security Gateway Contract file. Service Contract file. License Management file. License Contract file.

Where is the “Hit Count” feature enabled or disabled in SmartConsole?. On the Policy layer. On each Security Gateway. In Global Properties. On the Policy Package.

Fill in the blank: The ______ is used to obtain identification and security information about network users. User index. UserCheck. User Directory. User server.

When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?. SmartConsole installed device. Check Point user center. Security Management Server. Security Gateway.

By default, which port does the WebUI listen on?. 8080. 80. 4434. 443.

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway. False, Central Licenses are handled via Security Management Server. True, CLI is the preferred method for Licensing. False, Central Licenses are installed via Gaia on Security Gateways. True, Central Licenses can be installed with CPLIC command on a Security Gateway.

Fill in the blanks: A Check Point software license consists of a _______ and _______. Software blade; software container. Software package; signature. Signature; software blade. Software container; software package.

SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following: Security Policy Management and Log Analysis. Security Policy Management, Log Analysis, System Health Monitoring, Multi-Domain Security Management. Security Policy Management, Log Analysis and System Health Monitoring. Security Policy Management, Threat Prevention rules, System Health Monitoring and Multi-Domain Security Management.

Which of the following is NOT a tracking log option in R80.x?. Full Log. Detailed Log. Log. Extended Log.

Fill in the blank: To create a policy for traffic to or from a specific geographical location, use the ______. HTTPS Inspection. Data Loss Prevention (DLP) shared policy. Mobile Access software blade. Geo Policy shared policy.

Where can alerts be viewed?. Alerts can be seen in SmartView Monitor. Alerts can be seen in the Threat Prevention policy. Alerts can be seen in SmartUpdate. Alert can be seen from the CLI of the gateway.

Which of the following is NOT a valid application navigation tab in SmartConsole?. Manage and Command Line. Logs and Monitor. Gateway and Servers. Security Policies.

Fill in the blank: An identity server uses a _________ to trust a Terminal Server Identity Agent. One-time password. Shared secret. Certificate. Token.

John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators before installing a policy, what should John do?. File > Save. Install database. Logout of the session. Publish the session.

What technologies are used to deny or permit network traffic?. Stateful Inspection, Firewall Blade, and URL/Application Blade. Packet Filtering, Stateful Inspection, and Application Layer Firewall. Firewall Blade, URL/Application Blade, and IPS. Stateful Inspection, URL/Application Blade, and Threat Prevention.

When connected to the Check Point Management Server using the SmartConsole the first administrator to connect has a lock on: only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions. the entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only. the entire Management Database and all sessions and other administrators can connect only as Read-only. the entire Management Database and all sessions and other administrators can connect only as Read-only.

Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?. Windows Management Instrumentation (WMI). Hypertext Transfer Protocol Secure (HTTPS). Lightweight Directory Access Protocol (LDAP). Remote Desktop Protocol (RDP).

Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in: Since they both are logged in on different interfaces, they will both be able to make changes. When Joe logs in, Bob will be logged out automatically. The database will be locked by Bob and Joe will not be able to make any changes. Bob will receive a prompt that Joe has logged in.

If there is an Accept Implied Policy set to “First", what is the reason Jorge cannot see any logs?. Log Implied Rule was not set correctly on the track column on the rules base. Track log column is set to Log instead of Full Log. Track log column is set to none. Log Implied Rule was not selected on Global Properties.

Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?. IPS. Anti-Virus. Anti-Spam. Anti-bot.

What is the purpose of a Stealth Rule?. A rule that allows administrators to access SmartConsole from any device. To drop any traffic destined for the firewall that is not otherwise explicitly allowed. A rule at the end of your policy to drop any traffic that is not explicitly allowed. A rule used to hide a server's IP address from the outside world.

Which one of the following is the preferred licensing model? (Choose the best answer.). Local licensing because it ties the package license to the IP-address of the gateway and has no dependency of the Security Management Server. Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency on the gateway. Central licensing because it ties the package license to the MAC-address of the Security Management Server’s Mgmt-interface and has no dependency on the gateway. Local licensing because it ties the package license to the MAC-address of the gateway management interface and has no Security Management Server dependency.

Fill in the blanks: Default port numbers for an LDAP server is____ for standard connections and____ SSL connections. 636; 8080. 290; 3389. 389; 636. 443, 389.

Identity Awareness allows the Security Administrator to configure network access based on which of the following?. Identity of the machine, username, and certificate. Network location, identity of a user, and identity of a machine. Name of the application, identity of the user, and identity of the machine. Browser-Based Authentication, identity of a user, and network location.

Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?. Full Access. Read Only All. Super User. Editor.

If an administrator wants to restrict access to a network resource, only allowing certain users to access it, and only when they are on a specific network, what is the best way to accomplish this?. Create an inline layer where the destination is the target network resource. Define sub-rules allowing only specific sources to access the target resource. Use a “New Legacy User At Location”, specifying the LDAP user group that the users belong to, at the desired location. Create a rule allowing only specific source IP addresses access to the target network resource. Create an Access Role object, with specific users or user groups specified, and specific networks defined. Use this access role as the “Source” of an Access Control rule.

Which command shows the installed licenses in Expert mode?. print cplic. show licenses. fwlic print. cplic print.

Which type of attack can a firewall NOT prevent?. Buffer Overflow. SYN Flood. SQL Injection. Network Bandwidth Saturation.

What object type would you use to grant network access to an LDAP user group?. User Group. SmartDirectory Group. Access Role. Group Template.

In the Check Point Security Management Architecture, which component(s) can store logs?. Security Management Server. SmartConsole and Security Management Server. SmartConsole. Security Management Server and Security Gateway.

Choose what BEST describes a Session. Sessions ends when policy is pushed to the Security Gateway. Starts when an Administrator logs in through SmartConsole and ends when the Administrator logs out. Sessions locks the policy package for editing. Starts when an Administrator publishes all the changes made on SmartConsole.

Which Check Point Application Control feature enables application scanning and detection?. CPApp. AppWiki. Application Library. Application Dictionary.

Fill in the blank: In order to install a license, it must first be added to the ______. License and Contract repository. Package repository. Download Center Web site. User Center.

Which software blade does NOT accompany the Threat Prevention policy?. IPS. Application Control and URL Filtering. Threat Emulation. Anti-virus.

Which of the following is an authentication method used for Identity Awareness?. RSA. PKI. Captive Portal. SSL.

In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?. Display policies and logs on the administrator’s workstation. Processing and sending alerts such as SNMP traps and email notifications. Verify and compile Security Policies. Store firewall logs to hard drive storage.

Fill in the blank: RADIUS Accounting gets ____ data from requests generated by the accounting client. Location. Payload. Destination. Identity.

When a gateway requires user information for authentication, what order does it query servers for user information?. First - Internal user database, then LDAP servers in order of priority, finally the generic external user profile. First the Internal user database, then generic external user profile, finally LDAP servers in order of priority. First the highest priority LDAP server, then the internal user database, then lower priority LDAP servers, finally the generic external profile. The external generic profile, then the internal user database, finally the LDAP servers in order of priority.

Which Threat Tool within SmartConsole provides a list of trusted files for the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?. AppWiki. ThreatWiki. IPS Protections. Whitelist Files.

What is the Transport layer of the TCP/IP model responsible for?. It deals with all aspects of the physical components of network connectivity and connects with different network types. It defines the protocols that are used to exchange data between networks and how host programs interact with the Application layer. It manages the flow of data between two hosts to ensure that the packets are correctly assembled and delivered to the target application. It transports packets as datagrams along different routes to reach their destination.

Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and: add users to your Gaia system. assign privileges to users. assign user rights to their home directory in the Security Management Server. edit the home directory of the user.

An administrator wishes to enable Identity Awareness on the Check Point firewalls. However, they allow users to use company issued or personal laptops. Since the administrator cannot manage the personal laptops, which of the following methods would BEST suit this company?. AD Query. Browser-Based Authentication. Identity Agents. Terminal Servers Agent.

Which Check Point supported authentication scheme typically requires a user to possess a token?. RADIUS. Check Point password. TACACS. SecurID.

Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?. Firewall. Identity Awareness. Application Control. URL Filtering.

Fill in the blank: Backup and restores can be accomplished through _________. SmartUpdate, SmartBackup. or SmartConsole. WebUI, CLI, or SmartUpdate. CLI, SmartUpdate, or SmartBackup. SmartConsole, WebUI, or CLI.

Which SmartConsole tab shows logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?. Logs Monitor. Security Policies. Manage Settings. Gateway Servers.

You are the Check Point administrator for Alpha Corp. You received a call that one of the users is unable to browse the Internet on their new tablet which is connected to the company wireless, which goes through a Check Point Gateway. How would you review the logs to see what is blocking this traffic?. Open SmartEvent to see why they are being blocked. Open SmartMonitor and connect remotely to the wireless controller. From SmartConsole, go to the Log & Monitor tab and filter for the IP address of the tablet. Open SmartUpdate and review the logs tab.

While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?. SmartConsole machine is not part of the domain. Security Gateway is not part of the Domain. Identity Awareness is not enabled on Global properties. Security Management Server is not part of the domain.

In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?. Custom Application / Site. IP Address. Network Object. Limit.

What is the purpose of the Stealth Rule?. To make the gateway visible to the Internet. To prevent users from directly connecting to a Security Gateway. To reduce the amount of logs for performance issues. To reduce the number of rules in the database.

Identity Awareness lets an administrator easily configure network access and auditing based on three items. Choose the correct statement. Network location, the identity of a user and the active directory membership. Network location, the identity of a user and the identity of a machine. Network location, the telephone number of a user and the UID of a machine. Geographical location, the identity of a user and the identity of a machine.

Which SmartConsole tab is used to monitor network and security performance?. Security Policies. Logs Monitor. Manage Settings. Gateway Servers.

From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?. Add a static route. Verify a Security Policy. Open a terminal shell. View Security Management GUI Clients.

The SIC Status “Unknown” means: There is no connection between the gateway and Security Management Server. The Security Management Server can contact the gateway, but cannot establish SIC. The secure communication is established. There is connection between the gateway and Security Management Server but it is not trusted.

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is __________. Sent to the Security Administrator. Stored on the Certificate Revocation List. Sent to the Internal Certificate Authority. Stored on the Security Management Server.

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?. Anti-Virus. Threat Emulation. Application Control. Advanced Networking Blade.

Which of the following situations would not require a new license to be generated and installed?. The IP address of the Security Management or Security Gateway has changed. The license is upgraded. The Security Gateway is upgraded. The existing license expires.

What does the “unknown” SIC status shown on SmartConsole mean?. The management can contact the Security Gateway but cannot establish Secure Internal Communication. SIC activation key requires a reset. Administrator input the wrong SIC key. There is no connection between the Security Gateway and Security Management Server.

Fill in the blank: A(n) __________ rule is created by an administrator and configured to allow or block traffic based on specified criteria. Inline. Explicit. Implicit accept. Implicit drop.

Of all the Check Point components in your network, which one changes most often and should be backed up most frequently?. SmartManager. SmartConsole. Security Gateway. Security Management Server.

When a Security Gateways sends its logs to an IP address other than its own, which deployment option is installed?. Distributed. Standalone. Bridge Mode. Targeted.

Which of the following is NOT a type of Endpoint Identity Agent?. Terminal. Light. Full. Custom.

What are two basic rules Check Point recommends for building an effective security policy?. Accept Rule and Drop Rule. Cleanup Rule and Stealth Rule. Explicit Rule and Implied Rule. NAT Rule and Reject Rule.

Which command is used to add users to or from existing roles?. Add rba user roles. Add rba user. Add user roles. Add user.

What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?. Verification tool. Verification licensing. Automatic licensing. Automatic licensing and Verification tool.

At what point is the Internal Certificate Authority (ICA) created?. During the primary Security Management Server installation process. Upon creation of a certificate. When an administrator decides to create one. When an administrator initially logs into SmartConsole.

What is NOT an advantage of Packet Filtering?. Low Security and No Screening above Network Layer. Application Independence. High Performance. Scalability.

Which information is included in the “Extended Log” tracking option, but is not included in the “Log” tracking option?. file attributes. application information. destination port. data type information.

Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?. UserCheck. Active Directory Query. Account Unit Query. User Directory Query.