156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 16

  1. Which is a suitable command to check whether Drop Templates are activated or not?

    • fw ctl get int activate_drop_templates
    • fwaccel stat
    • fwaccel stats
    • fw ctl templates –d
  2. Please choose correct command syntax to add an “emailserver1” host with IP address 10.50.23.90 using GAiA management CLI?

    • host name myHost12 ip-address 10.50.23.90
    • mgmt add host name ip-address 10.50.23.90
    • add host name emailserver1 ip-address 10.50.23.90
    • mgmt add host name emailserver1 ip-address 10.50.23.90
  3. The CDT utility supports which of the following?

    • Major version upgrades to R77.30
    • Only Jumbo HFA’s and hotfixes
    • Only major version upgrades to R80.10
    • All upgrades
  4. Using ClusterXL, what statement is true about the Sticky Decision Function?

    • Can only be changed for Load Sharing implementations
    • All connections are processed and synchronized by the pivot
    • Is configured using cpconfig
    • Is only relevant when using SecureXL
  5. What command would show the API server status?

    • cpm status
    • api restart
    • api status
    • show api status
  6. How Capsule Connect and Capsule Workspace differ?

    • Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications
    • Capsule Workspace can provide access to any application
    • Capsule Connect provides Business data isolation
    • Capsule Connect does not require an installed application at client
  7. Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

    • The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
    • Limits the upload and download throughput for streaming media in the company to 1 Gbps.
    • Time object to a rule to make the rule active only during specified times.
    • Sub Policies are sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
  8. What are the three components for Check Point Capsule?

    • Capsule Docs, Capsule Cloud, Capsule Connect
    • Capsule Workspace, Capsule Cloud, Capsule Connect
    • Capsule Workspace, Capsule Docs, Capsule Connect
    • Capsule Workspace, Capsule Docs, Capsule Cloud
  9. Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

    • UDP port 265
    • TCP port 265
    • UDP port 256
    • TCP port 256
  10. What is true about the IPS-Blade?

    • in R80, IPS is managed by the Threat Prevention Policy
    • in R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
    • in R80, IPS Exceptions cannot be attached to “all rules”
    • in R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
  11. Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

    • Go to clash-Run cpstop | Run cpstart
    • Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway
    • Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
    • Go to clash-Run cpconfig | Configure CoreXL to make use of the additional Cores | Exit cpconfig | Reboot Security Gateway | Install Security Policy
  12. When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?

    • Any size
    • Less than 20GB
    • More than 10GB and less than 20 GB
    • At least 20GB
  13. Which firewall daemon is responsible for the FW CLI commands?

    • fwd
    • fwm
    • cpm
    • cpd
  14. If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsible, which of these steps should NOT be performed:

    • Rename the hostname of the Standby member to match exactly the hostname of the Active member.
    • Change the Standby Security Management Server to Active.
    • Change the Active Security Management Server to Standby.
    • Manually synchronize the Active and Standby Security Management Servers.
  15. Using R80 Smart Console, what does a “pencil icon” in a rule mean?

    • I have changed this rule
    • Someone else has changed this rule
    • This rule is managed by check point’s SOC
    • This rule can’t be changed as it’s an implied rule
  16. Which method below is NOT one of the ways to communicate using the Management API’s?

    • Typing API commands using the “mgmt_cli” command
    • Typing API commands from a dialog box inside the SmartConsole GUI application
    • Typing API commands using Gaia’s secure shell (clash)19+
    • Sending API commands over an http connection using web-services
  17. Session unique identifiers are passed to the web api using which http header option?

    • X-chkp-sid
    • Accept-Charset
    • Proxy-Authorization
    • Application
  18. What is the main difference between Threat Extraction and Threat Emulation?

    • Threat Emulation never delivers a file and takes more than 3 minutes to complete
    • Threat Extraction always delivers a file and takes less than a second to complete
    • Threat Emulation never delivers a file that takes less than a second to complete
    • Threat Extraction never delivers a file and takes more than 3 minutes to complete
  19. Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

    • Detects and blocks malware by correlating multiple detection engines before users are affected.
    • Configure rules to limit the available network bandwidth for specified users or groups.
    • Use UserCheck to help users understand that certain websites are against the company’s security policy.
    • Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
  20. You want to store the GAiA configuration in a file for later reference. What command should you use?

    • write mem <filename>
    • show config -f <filename>
    • save config -o <filename>
    • save configuration <filename>