156-315.80 : Check Point Certified Security Expert – R80 : Part 12
-
What is the valid range for VRID value in VRRP configuration?
- 1 – 254
- 1 – 255
- 0 – 254
- 0 – 255
Explanation:Virtual Router ID – Enter a unique ID number for this virtual router. The range of valid values is 1 to 255.
-
What is true of the API server on R80.10?
- By default the API-server is activated and does not have hardware requirements.
- By default the API-server is not active and should be activated from the WebUI.
- By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).
- By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).
-
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
- fw ctl set int fwha vmac global param enabled
- fw ctl get int vmac global param enabled; result of command should return value 1
- cphaprob-a if
- fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
-
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
- 20 minutes
- 15 minutes
- Admin account cannot be unlocked automatically
- 30 minutes at least
-
Which is NOT a SmartEvent component?
- SmartEvent Server
- Correlation Unit
- Log Consolidator
- Log Server
-
Check Point APIs allow system engineers and developers to make changes to their organization’s security policy with CLI tools and Web Services for all the following except:
- Create new dashboards to manage 3rd party task
- Create products that use and enhance 3rd party solutions
- Execute automated scripts to perform common tasks
- Create products that use and enhance the Check Point Solution
Explanation:Check Point APIs let system administrators and developers make changes to the security policy with CLI tools and web-services. You can use an API to:
• Use an automated script to perform common tasks
• Integrate Check Point products with 3rd party solutions
• Create products that use and enhance the Check Point solution -
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
- All UDP packets
- All IPv6 Traffic
- All packets that match a rule whose source or destination is the Outside Corporate Network
- CIFS packets
-
On what port does the CPM process run?
- TCP 857
- TCP 18192
- TCP 900
- TCP 19009
-
What is the SandBlast Agent designed to do?
- Performs OS-level sandboxing for SandBlast Cloud architecture
- Ensure the Check Point SandBlast services is running on the end user’s system
- If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
- Clean up email sent with malicious attachments
-
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solution?
- Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
- Security Gateway failover as well as Security Management Server failover is a manual procedure.
- Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
- Security Gateway failover as well as Security Management Server failover is an automatic procedure.
-
SandBlast agent extends 0 day prevention to what part of the network?
- Web Browsers and user devices
- DMZ server
- Cloud
- Email servers
-
What command would show the API server status?
- cpm status
- api restart
- api status
- show api status
-
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?
- Accounting
- Suppression
- Accounting/Suppression
- Accounting/Extended
-
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
- /opt/CPshrd-R80/conf/local.arp
- /var/opt/CPshrd-R80/conf/local.arp
- $CPDIR/conf/local.arp
- $FWDIR/conf/local.arp
-
With SecureXL enabled, accelerated packets will pass through the following:
- Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
- Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
- Network Interface Card and the Acceleration Device
- Network Interface Card, OSI Network Layer, and the Acceleration Device
-
Which command would you use to set the network interfaces’ affinity in Manual mode?
- sim affinity -m
- sim affinity -l
- sim affinity -a
- sim affinity -s
-
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
- sim erdos –e 1
- sim erdos – m 1
- sim erdos –v 1
- sim erdos –x 1
-
In SmartEvent, which of the following is NOT an option to calculate the traffic direction?
- Incoming
- Internal
- External
- Outgoing
-
What command lists all interfaces using Multi-Queue?
- cpmq get
- show interface all
- cpmq set
- show multiqueue all
-
When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?
- ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
- ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments
- ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud
- ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary
Subscribe
0 Comments
Newest