156-315.80 : Check Point Certified Security Expert – R80 : Part 11

  1. The SmartEvent R80 Web application for real-time event monitoring is called:

    • SmartView Monitor
    • SmartEventWeb
    • There is no Web application for SmartEvent
    • SmartView
  2. What will SmartEvent automatically define as events?

    • Firewall
    • VPN
    • IPS
    • HTTPS
  3. With MTA (Mail Transfer Agent) enabled the gateways manages SMTP traffic and holds external email with potentially malicious attachments. What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?

    • Threat Cloud Intelligence
    • Threat Prevention Software Blade Package
    • Endpoint Total Protection
    • Traffic on port 25
  4. What is not a purpose of the deployment of Check Point API?

    • Execute an automated script to perform common tasks
    • Create a customized GUI Client for manipulating the objects database
    • Create products that use and enhance the Check Point solution
    • Integrate Check Point products with 3rd party solution
  5. You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

    • edit fwaffinity.conf; reboot required
    • cpconfig; reboot required 
    • edit fwaffinity.conf; reboot not required
    • cpconfig; reboot not required
  6. Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.

    • WMI
    • Eventvwr
    • XML
    • Services.msc
  7. Which is not a blade option when configuring SmartEvent?

    • Correlation Unit
    • SmartEvent Unit
    • SmartEvent Server
    • Log Server
    Explanation:

    On the Management tab, enable these Software Blades:
    – Logging & Status
    – SmartEvent Server
    – SmartEvent Correlation Unit

  8. The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

    • ccp
    • cphaconf
    • cphad
    • cphastart
  9. Which statement is most correct regarding about “CoreXL Dynamic Dispatcher”?

    • The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
    • The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
    • The CoreXL FW instances assignment mechanism is based on IP Protocol type
    • The CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type
  10. What CLI command compiles and installs a Security Policy on the target’s Security Gateways?

    • fwm compile
    • fwm load
    • fwm fetch
    • fwm install
  11. Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company’s Developer Team is having random access issue to newly deployed Application Server in DMZ’s Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela’s desk for an investigation. Pamela decides to use Check Point’s Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.

    What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?

    • Pamela should check SecureXL status on DMZ Security gateway and if it’s turned ON. She should turn OFF SecureXL before using fw monitor to avoid misleading traffic captures.
    • Pamela should check SecureXL status on DMZ Security Gateway and if it’s turned OFF. She should turn ON SecureXL before using fw monitor to avoid misleading traffic captures.
    • Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire traffic.
    • Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire traffic.
  12. Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.

    • AV issues
    • VPN errors
    • Network issues
    • Authentication issues
  13. In which formats can Threat Emulation forensics reports be viewed in?

    • TXT, XML and CSV
    • PDF and TXT
    • PDF, HTML, and XML
    • PDF and HTML
  14. In ClusterXL Load Sharing Multicast Mode:

    • only the primary member received packets sent to the cluster IP address
    • only the secondary member receives packets sent to the cluster IP address
    • packets sent to the cluster IP address are distributed equally between all members of the cluster
    • every member of the cluster received all of the packets sent to the cluster IP address
  15. What kind of information would you expect to see using the sim affinity command?

    • The VMACs used in a Security Gateway cluster
    • The involved firewall kernel modules in inbound and outbound packet chain
    • Overview over SecureXL templated connections
    • Network interfaces and core distribution used for CoreXL
  16. What cloud-based SandBlast Mobile application is used to register new devices and users?

    • Check Point Protect Application
    • Management Dashboard
    • Behavior Risk Engine
    • Check Point Gateway
  17. What is the responsibility of SOLR process on R80.10 management server?

    • Validating all data before it’s written into the database
    • It generates indexes of data written to the database
    • Communication between SmartConsole applications and the Security Management Server
    • Writing all information into the database
  18. In the Firewall chain mode FFF refers to:

    • Stateful Packets
    • No Match
    • All Packets
    • Stateless Packets
  19. Which file gives you a list of all security servers in use, including port number?

    • $FWDIR/conf/conf.conf
    • $FWDIR/conf/servers.conf
    • $FWDIR/conf/fwauthd.conf
    • $FWDIR/conf/serversd.conf
  20. Which of the following commands shows the status of processes?

    • cpwd_admin -l
    • cpwd -l
    • cpwd admin_list
    • cpwd_admin list
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments