156-315.80 : Check Point Certified Security Expert – R80 : Part 03
-
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
- It will generate Geo-Protection traffic
- Automatically uploads debugging logs to Check Point Support Center
- It will not block malicious traffic
- Bypass licenses requirement for Geo-Protection control
Explanation:It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic. -
What is true about VRRP implementations?
- VRRP membership is enabled in cpconfig
- VRRP can be used together with ClusterXL, but with degraded performance
- You cannot have a standalone deployment
- You cannot have different VRIDs in the same physical network
-
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.
- TCP 18211
- TCP 257
- TCP 4433
- TCP 443
-
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specified time period.
- Block Port Overflow
- Local Interface Spoofing
- Suspicious Activity Monitoring
- Adaptive Threat Prevention
Explanation:Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation. -
What is the mechanism behind Threat Extraction?
- This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
- This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
- This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
- Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.
-
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
- SmartEvent Client Info
- SecuRemote
- Check Point Protect
- Check Point Capsule Cloud
-
Which view is NOT a valid CPVIEW view?
- IDA
- DLP
- PDP
- VPN
-
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
- The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
- Limits the upload and download throughput for streaming media in the company to 1 Gbps.
- Time object to a rule to make the rule active only during specified times.
- Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
-
fwssd is a child process of which of the following Check Point daemons?
- fwd
- cpwd
- fwm
- cpd
-
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
- Symmetric routing
- Failovers
- Asymmetric routing
- Anti-Spoofing
-
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
- MySQL
- Postgres SQL
- MarisDB
- SOLR
-
If you needed the Multicast MAC address of a cluster, what command would you run?
- cphaprob –a if
- cphaconf ccp multicast
- cphaconf debug data
- cphaprob igmp
-
Which is NOT an example of a Check Point API?
- Gateway API
- Management API
- OPSC SDK
- Threat Prevention API
-
What are the three components for Check Point Capsule?
- Capsule Docs, Capsule Cloud, Capsule Connect
- Capsule Workspace, Capsule Cloud, Capsule Connect
- Capsule Workspace, Capsule Docs, Capsule Connect
- Capsule Workspace, Capsule Docs, Capsule Cloud
-
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
- logd
- fwd
- fwm
- cpd
-
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
- fwd via cpm
- fwm via fwd
- cpm via cpd
- fwd via cpd
-
You have successfully backed up Management Server configurations without the OS information. What command would you use to restore this backup?
- restore_backup
- import backup
- cp_merge
- migrate import
-
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
- add host name <New HostName> ip-address <ip address>
- add hostname <New HostName> ip-address <ip address>
- set host name <New HostName> ip-address <ip address>
- set hostname <New HostName> ip-address <ip address>
-
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
- One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
- One machine
- Two machines
- Three machines
Explanation:One for Security Management Server and the other one for the Security Gateway.
-
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or ______ action for the file types.
- Inspect/Bypass
- Inspect/Prevent
- Prevent/Bypass
- Detect/Bypass