156-315.80 : Check Point Certified Security Expert – R80 : Part 19
-
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
- SandBlast Threat Emulation
- SandBlast Agent
- Check Point Protect
- SandBlast Threat Extraction
-
If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly?
- Nothing – the proxy ARP is automatically handled in the R80 version
- Add the proxy ARP configurations in a file called /etc/conf/local.arp
- Add the proxy ARP configurations in a file called $FWDIR/conf/local.arp
- Add the proxy ARP configurations in a file called $CPDIR/conf/local.arp
-
How many interfaces can you configure to use the Multi-Queue feature?
- 10 interfaces
- 3 interfaces
- 4 interfaces
- 5 interfaces
Explanation:Note –
– Multi-Queue lets you configure a maximum of five interfaces
– You must reboot the gateway after changing the Multi-Queue configuration -
Which firewall daemon is responsible for the FW CLI commands?
- fwd
- fwm
- cpm
- cpd
-
How long may verification of one file take for Sandblast Threat Emulation?
- up to 1 minutes
- within seconds cleaned file will be provided
- up to 5 minutes
- up to 3 minutes
-
GAIA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:
- Check Point Update Service Engine
- Check Point Software Update Agent
- Check Point Remote Installation Daemon (CPRID)
- Check Point Software Update Daemon
-
Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.
- Better understand the behavior of the Access Control Policy
- Improve Firewall performance – You can move a rule that has hot count to a higher position in the Rule Base
- Automatically rearrange Access Control Policy based on Hit Count Analysis
- Analyze a Rule Base – You can delete rules that have no matching connections
-
You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?
- set interface eth2 mac-addr 11:11:11:11:11:11; CLISH
- ifconfig eth1 hw 11:11:11:11:11:11; expert
- set interface eth2 hw-addr 11:11:11:11:11:11; CLISH
- ethtool -i eth2 mac 11:11:11:11:11:11; expert
-
The Check Point installation history feature in R80 provides the following:
- View install changes and install specific version
- View install changes
- Policy Installation Date, view install changes and install specific version
- Policy Installation Date only
-
You are the administrator for ABC Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it.
What does this mean?
- This rule No. 6 has been marked for deletion in your Management session.
- This rule No. 6 has been marked for deletion in another Management session.
- This rule No. 6 has been marked for editing in your Management session.
- This rule No. 6 has been marked for editing in another Management session.
-
By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?
- Six times per day
- Seven times per day
- Every two hours
- Every three hours
-
In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom. Which of the following statements is correct?
- If the Action of the matching rule is Accept, the gateway will drop the packet.
- If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down.
- If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.
- If the rule does not matched in the Network policy it will continue to other enabled policies
-
The back end database for Check Point R80 Management uses:
- DBMS
- MongoDB
- PostgreSQL
- MySQL
-
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?
- Ask
- Drop
- Inform
- Reject
-
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
- mgmt_cli add host name “myHost12 ip” address 10.50.23.90
- mgmt_cli add host name ip-address 10.50.23.90
- mgmt_cli add host “emailserver1” address 10.50.23.90
- mgmt_cli add host name “emailserver1” ip-address 10.50.23.90
-
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire mode configuration, chain modules marked with _______ will not apply.
- ffffffff
- 00000001
- 00000002
- 00000003
-
SmartConsole R80.x requires the following ports to be open for SmartEvent:
- 19009, 19090 & 443
- 19009, 19004 & 18190
- 18190 & 443
- 19009, 18190 & 443
-
In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared ‘down’, you would set the_________?
- life sign polling interval
- life sign timeout
- life_sign_polling_interval
- life_sign_timeout
-
Which is the correct order of a log flow processed by SmartEvent components?
- Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
- Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
- Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
- Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
-
CoreXL is NOT supported when one of the following features is enabled: (Choose three)
- Route-based VPN
- IPS
- IPv6
- Overlapping NAT
Explanation:CoreXL does not support Check Point Suite with these features:
– Check Point QoS (Quality of Service)
– Route-based VPN
– IPv6 on IPSO
– Overlapping NAT
Subscribe
0 Comments
Newest