156-315.80 : Check Point Certified Security Expert – R80 : Part 09

  1. What is the purpose of extended master key extension/session hash?

    • UDP VOIP protocol extension
    • In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication
    • Special TCP handshaking extension
    • Supplement DLP data watermark
  2. In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Wire Mode configuration, chain modules marked with __________________ will not apply.

    • ffff
    • 1
    • 2
    • 3
  3. Which one of the following is true about Capsule Connect?

    • It is a full layer 3 VPN client
    • It offers full enterprise mobility management
    • It is supported only on iOS phones and Windows PCs
    • It does not support all VPN authentication methods
  4. How often does Threat Emulation download packages by default?

    • Once a week
    • Once an hour
    • Twice per day
    • Once per day
  5. You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

    • TCP port 443
    • TCP port 257
    • TCP port 256
    • UDP port 8116
  6. Which statement is true about ClusterXL?

    • Supports Dynamic Routing (Unicast and Multicast)
    • Supports Dynamic Routing (Unicast Only)
    • Supports Dynamic Routing (Multicast Only)
    • Does not support Dynamic Routing
  7. Which command shows detailed information about VPN tunnels?

    • cat $FWDIR/conf/vpn.conf
    • vpn tu tlist
    • vpn tu
    • cpview
  8. Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?

    • IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.
    • Firewall, IPS, Threat Emulation, Application Control.
    • IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
    • Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.
  9. When gathering information about a gateway using CPINFO, what information is included or excluded when using the “-x” parameter?

    • Includes the registry
    • Gets information about the specified Virtual System
    • Does not resolve network addresses
    • Output excludes connection table
  10. What component of R80 Management is used for indexing?

    • DBSync
    • API Server
    • fwm
    • SOLR
  11. After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

    • cvpnd_restart
    • cvpnd_restart
    • cvpnd restart
    • cvpnrestart
  12. SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

    • Threat Emulation
    • Mobile Access
    • Mail Transfer Agent
    • Threat Cloud
  13. With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

    • HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they need to install the SSL Network Extender.
    • HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they need to install the SSL Network Extender.
    • HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no additional software is required.
    • HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no additional software is required.
  14. What is the benefit of “tw monitor” over “tcpdump”?

    • “fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.
    • “fw monitor” is also available for 64-Bit operating systems.
    • With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
    • “fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
  15. Which of the following describes how Threat Extraction functions?

    • Detect threats and provides a detailed report of discovered threats.
    • Proactively detects threats.
    • Delivers file with original content.
    • Delivers PDF versions of original files with active content removed.
  16. Security Checkup Summary can be easily conducted within:

    • Summary
    • Views
    • Reports
    • Checkups
  17. What command can you use to have cpinfo display all installed hotfixes?

    • cpinfo -hf
    • cpinfo –y all
    • cpinfo –get hf
    • cpinfo installed_jumbo
  18. What is the port used for SmartConsole to connect to the Security Management Server?

    • CPMI port 18191/TCP
    • CPM port/TCP port 19009
    • SIC port 18191/TCP
    • https port 4434/TCP
  19. What is considered Hybrid Emulation Mode?

    • Manual configuration of file types on emulation location.
    • Load sharing of emulation between an on premise appliance and the cloud.
    • Load sharing between OS behavior and CPU Level emulation.
    • High availability between the local SandBlast appliance and the cloud.
  20. When setting up an externally managed log server, what is one item that will not be configured on the R80 Security Management Server?

    • IP
    • SIC
    • NAT
    • FQDN
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments