156-315.80 : Check Point Certified Security Expert – R80 : Part 09
-
What is the purpose of extended master key extension/session hash?
- UDP VOIP protocol extension
- In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication
- Special TCP handshaking extension
- Supplement DLP data watermark
-
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with __________________ will not apply.
- ffff
- 1
- 2
- 3
-
Which one of the following is true about Capsule Connect?
- It is a full layer 3 VPN client
- It offers full enterprise mobility management
- It is supported only on iOS phones and Windows PCs
- It does not support all VPN authentication methods
-
How often does Threat Emulation download packages by default?
- Once a week
- Once an hour
- Twice per day
- Once per day
-
You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
- TCP port 443
- TCP port 257
- TCP port 256
- UDP port 8116
-
Which statement is true about ClusterXL?
- Supports Dynamic Routing (Unicast and Multicast)
- Supports Dynamic Routing (Unicast Only)
- Supports Dynamic Routing (Multicast Only)
- Does not support Dynamic Routing
-
Which command shows detailed information about VPN tunnels?
- cat $FWDIR/conf/vpn.conf
- vpn tu tlist
- vpn tu
- cpview
-
Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?
- IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.
- Firewall, IPS, Threat Emulation, Application Control.
- IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
- Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
-
When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?
- Includes the registry
- Gets information about the specified Virtual System
- Does not resolve network addresses
- Output excludes connection table
-
What component of R80 Management is used for indexing?
- DBSync
- API Server
- fwm
- SOLR
-
After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?
- cvpnd_restart
- cvpnd_restart
- cvpnd restart
- cvpnrestart
-
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?
- Threat Emulation
- Mobile Access
- Mail Transfer Agent
- Threat Cloud
-
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:
- HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
- HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.
- HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
- HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
-
What is the benefit of “tw monitor” over “tcpdump”?
- “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.
- “fw monitor” is also available for 64-Bit operating systems.
- With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
- “fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
-
Which of the following describes how Threat Extraction functions?
- Detect threats and provides a detailed report of discovered threats.
- Proactively detects threats.
- Delivers file with original content.
- Delivers PDF versions of original files with active content removed.
-
Security Checkup Summary can be easily conducted within:
- Summary
- Views
- Reports
- Checkups
-
What command can you use to have cpinfo display all installed hotfixes?
- cpinfo -hf
- cpinfo –y all
- cpinfo –get hf
- cpinfo installed_jumbo
-
What is the port used for SmartConsole to connect to the Security Management Server?
- CPMI port 18191/TCP
- CPM port/TCP port 19009
- SIC port 18191/TCP
- https port 4434/TCP
-
What is considered Hybrid Emulation Mode?
- Manual configuration of file types on emulation location.
- Load sharing of emulation between an on premise appliance and the cloud.
- Load sharing between OS behavior and CPU Level emulation.
- High availability between the local SandBlast appliance and the cloud.
-
When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?
- IP
- SIC
- NAT
- FQDN
Subscribe
0 Comments
Newest