156-215.80 : Check Point Certified Security Administrator (CCSA R80) : Part 23
-
Which icon in the WebUI indicates that read/write access is enabled?
- Pencil
- Padlock
- Book
- Eyeglasses
-
What is NOT an advantage of Stateful Inspection?
- High Performance
- Good Security
- No Screening above Network layer
- Transparency
-
Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?
- Kerberos Ticket Renewed
- Kerberos Ticket Requested
- Account Logon
- Kerberos Ticket Timed Out
-
Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.
- On all satellite gateway to satellite gateway tunnels
- On specific tunnels for specific gateways
- On specific tunnels in the community
- On specific satellite gateway to central gateway tunnels
Explanation:Each VPN tunnel in the community may be set to be a Permanent Tunnel. Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a log, alert, or user defined action, can be issued. A VPN tunnel is monitored by periodically sending “tunnel test” packets. As long as responses to the packets are received the VPN tunnel is considered “up.” If no response is received within a given time period, the VPN tunnel is considered “down.” Permanent Tunnels can only be established between Check Point Security Gateways. The configuration of Permanent Tunnels takes place on the community level and:
– Can be specified for an entire community. This option sets every VPN tunnel in the community as permanent.
– Can be specified for a specific Security Gateway. Use this option to configure specific Security Gateways to have permanent tunnels.
– Can be specified for a single VPN tunnel. This feature allows configuring specific tunnels between specific Security Gateways as permanent. -
In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT ________.
- Upgrade the software version
- Open WebUI
- Open SSH
- Open service request with Check Point Technical Support
-
Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? Choose the BEST answer.
- Anti-Malware
- IPS
- Anti-Virus
- Content Awareness
Explanation:
Anti-Bot
The Need for Anti-Bot
There are two emerging trends in today’s threat landscape:
– A profit-driven cybercrime industry that uses different tools to meet its goals. This industry includes cyber-criminals, malware operators, tool providers, coders, and affiliate programs. Their “products” can be easily ordered online from numerous sites (for example, do-it-yourself malware kits, spam sending, data theft, and denial of service attacks) and organizations are finding it difficult to fight off these attacks.
– Ideological and state driven attacks that target people or organizations to promote a political cause or carry out a cyber-warfare campaign.
Both of these trends are driven by bot attacks.
A bot is malicious software that can invade your computer. There are many infection methods. These include opening attachments that exploit a vulnerability and accessing a web site that results in a malicious download. -
When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?
- Log, Send SNMP Trap, Email
- Drop Packet, Alert, None
- Log, Alert, None
- Log, Allow Packets, Email
Explanation: Configure Spoof Tracking – select the tracking action that is done when spoofed packets are detected:– Log – Create a log entry (default)
– Alert – Show an alert
– None – Do not log or alert -
Access roles allow the firewall administrator to configure network access according to:
- a combination of computer groups and networks
- users and user groups
- all of the above
- remote access clients
Explanation:
To create an access role:
1. Select Users and Administrators in the Objects Tree.
2. Right-click Access Roles > New Access Role.
The Access Role window opens.
3. Enter a Name and Comment (optional) for the access role.
4. In the Networks tab, select one of these:
– Any network
– Specific networks – Click the plus sign and select a network.
Your selection is shown in the Networks node in the Role Preview pane.
5. In the Users tab, select one of these:
– Any user
– All identified users – Includes users identified by a supported authentication method (internal users, AD users or LDAP users).
– Specific users – Click the plus sign.
A window opens. You can search for Active Directory entries or select them from the list.
6. In the Machines tab, select one of these:
– Any machine
– All identified machines – Includes machines identified by a supported authentication method (AD).
– Specific machines – Click the plus sign.
You can search for AD entries or select them from the list.
7. Optional: For computers that use Full Identity Agents, from the Machines tab select Enforce IP spoofing protection.
8. Click OK.
The access role is added to the Users and Administrators tree. -
What are the three deployment options available for a security gateway?
- Distributed, Bridge Mode, and Remote
- Bridge Mode, Remote, and Standalone
- Remote, Standalone, and Distributed
- Standalone, Distributed, and Bridge Mode
-
Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
- All Connections (Clear or Encrypted)
- Accept all encrypted traffic
- Specific VPN Communities
- All Site-to-Site VPN Communities
Explanation:The first rule is the automatic rule for the Accept All Encrypted Traffic feature. The Firewalls for the Security Gateways in the BranchOffices and LondonOffices VPN communities allow all VPN traffic from hosts in clients in these communities. Traffic to the Security Gateways is dropped. This rule is installed on all Security Gateways in these communities.
2. Site to site VPN – Connections between hosts in the VPN domains of all Site to Site VPN communities are allowed. These are the only protocols that are allowed: FTP, HTTP, HTTPS and SMTP.
3. Remote access – Connections between hosts in the VPN domains of RemoteAccess VPN community are allowed. These are the only protocols that are allowed: HTTP, HTTPS, and IMAP. -
When a Security Gateways sends its logs to an IP address other than its own, which deployment option is installed?
- Distributed
- Standalone
- Bridge
-
One of major features in R80 SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB, and AdminC are editing the same Security Policy?
- A lock icon shows that a rule or an object is locked and will be available.
- AdminA and AdminB are editing the same rule at the same time.
- A lock icon next to a rule informs that any Administrator is working on this particular rule.
- AdminA, AdminB and AdminC are editing three different rules at the same time.
Explanation:
In SmartConsole, administrators work with sessions. A session is created each time an administrator logs into SmartConsole. Changes made in the session are saved automatically. These changes are private and available only to the administrator. To avoid configuration conflicts, other administrators see a lock icon on objects and rules that are being edited in other sessions -
When should you generate new licenses?
- Before installing contract files.
- After an RMA procedure when the MAC address or serial number of the appliance changes.
- When the existing license expires, license is upgraded, or the IP-address where the license is tied changes.
- Only when the license is upgraded.
-
When a policy package is installed, ________ are also distributed to the target installation Security Gateways.
- Both User and Objects databases
- Network databases only
- Objects databases only
- User databases only
Explanation:
A policy package is a collection of different types of policies. After installation, the Security Gateway enforces all the policies in the package. A policy package can have one or more of these policy types:
– Access Control – consists of these types of rules:
– Firewall
– NAT
– Application Control and URL Filtering
– Data Awareness
– QoS
– Desktop Security – the Firewall policy for endpoint computers that have the Endpoint Security VPN remote access client installed as a standalone client.
– Threat Prevention – consists of:
– IPS – IPS protections continually updated by IPS Services
– Anti-Bot – Detects bot-infected machines, prevents bot damage by blocking bot commands and Control (C&C) communications
– Anti-Virus – Includes heuristic analysis, stops viruses, worms, and other malware at the gateway
– Threat Emulation – detects zero-day and advanced polymorphic attacks by opening suspicious files in a sandboxThe installation process:
– Runs a heuristic verification on rules to make sure they are consistent and that there are no redundant rules.
If there are verification errors, the policy is not installed. If there are verification warnings (for example, if anti-spoofing is not enabled for a Security Gateway with multiple interfaces), the policy package is installed with a warning.
– Makes sure that each of the Security Gateways enforces at least one of the rules. If none of the rules are enforced, the default drop rule is enforced.
– Distributes the user database and object database to the selected installation targets. -
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
- RADIUS
- Active Directory Query
- Remote Access
- Certificates
-
Which Check Point software blade provides Application Security and identity control?
- HTTPS Inspection
- Data Loss Prevention
- URL Filtering
- Application Control
Explanation:Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes.
-
How are the backups stored in Check Point appliances?
- Saved as *.tar under /var/log/CPbackup/backups
- Saved as *.tgz under /var/CPbackup
- Saved as *.tar under /var/CPbackup
- Saved as *.tgz under /var/log/CPbackup/backups
Explanation:
Backup configurations are stored in: /var/CPbackup/backups/
-
You are going to perform a major upgrade. Which back up solution should you use to ensure your database can be restored on that device?
- backup
- logswitch
- Database Revision
- snapshot
Explanation:The snapshot creates a binary image of the entire root (lv_current) disk partition. This includes Check Point products, configuration, and operating system.
Starting in R77.10, exporting an image from one machine and importing that image on another machine of the same type is supported.
The log partition is not included in the snapshot. Therefore, any locally stored FireWall logs will not be saved. -
Which tool is used to enable ClusterXL?
- SmartUpdate
- cpconfig
- SmartConsole
- sysconfig
-
What type of NAT is a one-to-one relationship where each host is translated to a unique address?
- Source
- Static
- Hide
- Destination