156-315.80 : Check Point Certified Security Expert – R80 : Part 05
-
What command verifies that the API server is responding?
- api stat
- api status
- show api_status
- api_get_status
-
Where you can see and search records of action done by R80 SmartConsole administrators?
- In SmartView Tracker, open active log
- In the Logs & Monitor view, select “Open Audit Log View”
- In SmartAuditLog View
- In Smartlog, all logs
-
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
- User data base corruption
- LDAP conflicts
- Traffic issues
- Phase two key negotiations
Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.
-
In CoreXL, the Firewall kernel is replicated multiple times, therefore:
- The Firewall kernel only touches the packet if the connection is accelerated
- The Firewall can run different policies per core
- The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
- The Firewall can run the same policy on all cores.
Explanation:On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel. When CoreXL is enabled, all the kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.
-
Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
- Severity
- Automatic reactions
- Policy
- Threshold
-
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
- fw ctl multik set_mode 1
- fw ctl Dynamic_Priority_Queue on
- fw ctl Dynamic_Priority_Queue enable
- fw ctl multik set_mode 9
-
Advanced Security Checkups can be easily conducted within:
- Reports
- Advanced
- Checkups
- Views
- Summary
-
What is the limitation of employing Sticky Decision Function?
- With SDF enabled, the involved VPN Gateways only supports IKEv1
- Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
- With SDF enabled, only ClusterXL in legacy mode is supported
- With SDF enabled, you can only have three Sync interfaces at most
-
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, file share and emails?
- Check Point Remote User
- Check Point Capsule Workspace
- Check Point Mobile Web Portal
- Check Point Capsule Remote
-
To fully enable Dynamic Dispatcher on a Security Gateway:
- run “fw ctl multik dynamic_dispatching on” and then Reboot.
- Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
- Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
- run fw ctl multik set_mode 1 in Expert mode and then reboot.
-
Session unique identifiers are passed to the web api using which http header option?
- X-chkp-sid
- Accept-Charset
- Proxy-Authorization
- Application
-
Which command shows actual allowed connections in state table?
- fw tab –t StateTable
- fw tab –t connections
- fw tab –t connection
- fw tab connections
-
What SmartEvent component creates events?
- Consolidation Policy
- Correlation Unit
- SmartEvent Policy
- SmartEvent GUI
-
Which command collects diagnostic data for analyzing customer setup remotely?
- cpinfo
- migrate export
- sysinfo
- cpview
Explanation:CPInfo is an auto-updatable utility that collects diagnostics data on a customer’s machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPInfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer’s configuration and environment settings. -
Which features are only supported with R80.10 Gateways but not R77.x?
- Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies
- Limits the upload and download throughput for streaming media in the company to 1 Gbps.
- The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
- Time object to a rule to make the rule active only during specified times.
-
Which CLI command will reset the IPS pattern matcher statistics?
- ips reset pmstat
- ips pstats reset
- ips pmstats refresh
- ips pmstats reset
-
When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or _______.
- SecureID
- SecurID
- Complexity
- TacAcs
-
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
- 50%
- 75%
- 80%
- 15%
-
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?
- Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.
- Correlates all the identified threats with the consolidation policy.
- Collects syslog data from third party devices and saves them to the database.
- Connects with the SmartEvent Client when generating threat reports.
-
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
- This statement is true because SecureXL does improve all traffic.
- This statement is true because SecureXL does improve all traffic.
- This statement is true because SecureXL does improve this traffic.
- This statement is false because encrypted traffic cannot be inspected.
Explanation:SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long duration connections.