156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 14
-
When using GAiA, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
- As expert user, issue these commands:
# IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
- Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field
(conf :(conns :(conn :hwaddr (“00:0C:29:12:34:56”)
- As expert user, issue the command:
# IP link set eth0 addr 00:0C:29:12:34:56
- Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
- As expert user, issue these commands:
-
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, the gateway policy permits access only from John’s desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his desktop with a static IP (10.0.0.19). He wants to move around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
3) Changes from static IP address to DHCP for the client PC.
What should John request when he cannot access the web server from his laptop?
- John should lock and unlock his computer
- Investigate this as a network connectivity issue
- The access should be changed to authenticate the user instead of the PC
- John should install the Identity Awareness Agent
-
Review the rules. Assume domain UDP is enabled in the implied rules.
What happens when a user from the internal network tries to browse to the internet using HTTP? The user:
- can connect to the Internet successfully after being authenticated.
- is prompted three times before connecting to the Internet successfully.
- can go to the Internet after Telnetting to the client authentication daemon port 259.
- can go to the Internet, without being prompted for authentication.
-
Which component functions as the Internal Certificate Authority for R77?
- Security Gateway
- Management Server
- Policy Server
- SmartLSM
-
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all of the following except:
- Create new dashboards to manage 3rd party task
- Create products that use and enhance 3rd party solutions
- Execute automated scripts to perform common tasks
- Create products that use and enhance the Check Point Solution
-
In what way are SSL VPN and IPSec VPN different?
- SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
- SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
- IPSec VPN does not support two factor authentication, SSL VPN does support this
- IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only
-
Which command can you use to enable or disable multi-queue per interface?
- cpmq set
- Cpmqueue set
- Cpmq config
- Set cpmq enable
-
Which limitation of CoreXL is overcome by using (mitigated by) Multi-Queue?
- There is no traffic queue to be handled
- Several NICs can use one traffic queue by one CPU
- Each NIC has several traffic queues that are handled by multiple CPU cores
- Each NIC has one traffic queue that is handled by one CPU
-
To fully enable Dynamic Dispatcher on a Security Gateway:
- run fw ctl multik set_mode 9 in Expert mode and then reboot
- Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu
- Edit /proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot
- run fw ctl multik set_mode 1 in Expert mode and then reboot
-
What are types of Check Point APIs available currently as part of R80.10 code?
- Security Gateway API, Management API, Threat Prevention API and Identity Awareness Web Services API
- Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
- OSE API, OPSEC SDK API, Threat Prevention API and Policy Editor API
- CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
-
What is the purpose of Priority Delta in VRRP?
- When a box is up, Effective Priority = Priority + Priority Delta
- When an Interface is up, Effective Priority = Priority + Priority Delta
- When an Interface fails, Effective Priority = Priority – Priority Delta
- When a box fails, Effective Priority = Priority – Priority Delta
-
The Firewall kernel is replicated multiple times, therefore:
- The Firewall kernel only touches the packet if the connection is accelerated
- The Firewall can run different policies per core
- The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
- The Firewall can run the same policy on all cores
-
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
- Using Web Services
- Using Mgmt_cli tool
- Using CLISH
- Using SmartConsole GUI console
-
Which the following type of authentication on Mobile Access can NOT be used as the first authentication method?
- Dynamic ID
- RADIUS
- Username and Password
- Certificate
-
Which command can you use to verify the number of active concurrent connections?
- fw conn all
- fw ctl pst pstat
- show all connections
- show connections
-
Which remote Access Solution is clientless?
- Checkpoint Mobile
- Endpoint Security Suite
- SecuRemote
- Mobile Access Portal
-
What component of R80 Management is used for indexing?
- DBSync
- API Server
- fwm
- SOLR
-
Which NAT rules are prioritized first?
- Post-Automatic/Manual NAT rules
- Manual/Pre-Automatic NAT
- Automatic Hide NAT
- Automatic Static NAT
-
What is the difference between an event and a log?
- Events are generated at gateway according to Event Policy
- A log entry becomes an event when it matches any rule defined in Event Policy
- Events are collected with SmartWorkflow from Trouble Ticket systems
- Logs and Events are synonyms
-
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
- There is a virus found. Traffic is still allowed but not accelerated
- The connection required a Security server
- Acceleration is not enabled
- The traffic is originating from the gateway itself
Subscribe
0 Comments
Newest