156-315.80 : Check Point Certified Security Expert – R80 : Part 22
-
After finishing installation admin John likes to use top command in expert mode. John has to set the expert-password and was able to use top command. A week later John has to use the top command again, He detected that the expert password is no longer valid. What is the most probable reason for this behavior?
- “write memory” was not issued on clish
- changes are only possible via SmartConsole
- “save config” was not issued in expert mode
- “save config” was not issued on clish
-
What kind of information would you expect to see using the “sim affinity –l” command?
- The VMACs used in a Security Gateway cluster
- The involved firewall kernel modules in inbound and outbound packet chain
- Overview over SecureXL templated connections
- Affinity Distribution
-
Which of the following is a task of the CPD process?
- Invoke and monitor critical processes and attempts to restart them if they fail
- Transfers messages between Firewall processes
- Log forwarding
- Responsible for processing most traffic on a security gateway
-
You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?
- In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11
- In expert-mode run: ifconfig eth1 hw 11:11:11:11:11:11
- In CLISH run: set interface eth2 hw-addr: 11:11:11:11:11:11
- In expert-mode run: ethtool –i eth2 mac 11:11:11:11:11:11
-
Matt wants to upgrade his old Security Management Server to R80.x using the Advanced Upgrade with Database Migration. What is one of the requirements for a successful upgrade?
- Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
- Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
- Size of the $FWDIR/log folder of the target machine must be at least 25% of the size of the $FWDIR/log directory on the source machine
- Size of the /var/log folder of the target machine must be at least 25GB or more
-
The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?
- field_name:string
- name field:string
- name_field:string
- field name:string
-
If a “ping”-packet is dropped by FW1 Policy –on how many inspection Points do you see this packet in “fw monitor”?
- “i”, “l” and “o”
- I don’t see it in fw monitor
- “i” only
- “i” and “l”
-
Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet Assigned Number Authority (IANA) for VRRP is:
- 224.0.0.18
- 224.0.0.5
- 224.0.0.102
- 224.0.0.22
-
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
- Mail, Block Source, Block Event Activity, External Script, SNMP Trap
- Mail, Block Source, Trigger log, Block Services, SNMP Trap
- Mail, Block Source, Trigger log, External Script, SNMP Trap
- Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
-
What ports are used for SmartConsole to connect to the Security Management Server?
- CPMI (18190)
- CPM (19009), CPMI (18190) & https (443)
- CPM (19009), CPMI (18190) & CPD (18191)
- ICA_Pull (18210), CPMI (18190) & https (443)
-
What are the blades of Threat Prevention?
- IPS, QoS, AntiVirus, AntiBot, Threat Emulation/Extraction
- DLP, AntiVirus, QoS, AntiBot, Threat Emulation/Extraction
- IPS, AntiVirus, AntiBot
- IPS, AntiVirus, AntiBot, Threat Emulation/Extraction
-
Is the first packet of an UDP session is rejected by a rule definition from within a security policy (not including the clean up rule), what message is send back through the kernel?
- Nothing
- TCP FIN
- TCP RST
- ICMP unreachable
-
What feature allows Remote-access VPN users to access resources across a site-to-site VPN tunnel?
- Specific VPN Communities
- Remote Access VPN Switch
- Mobile Access VPN Domain
- Network Access VPN Domain
-
What is the base level encryption key used by Capsule Docs?
- RSA 2048
- RSA 1024
- SHA-256
- AES
-
After verifying that API Server is not running, how can you start the API Server?
- Run command “set api start” in CLISH mode
- Run command “mgmt_cli set api start” in Expert mode
- Run command “mgmt api start” in any mode
- Run command “api start” in any mode
-
What solution is Multi-queue intended to provide?
- Improve the efficiency of traffic handling by SecureXL SNDs
- Reduce the confusion for traffic capturing in FW Monitor
- Improve the efficiency of CoreXL Kernel Instances
- Reduce the performance of network interfaces
-
What traffic does the Anti-bot feature block?
- Command and Control traffic from hosts that have been identified as infected
- Command and Control traffic to servers with reputation for hosting malware
- Network traffic that is directed to unknown or malicious servers
- Network traffic to hosts that have been identified as infected
-
When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?
- Toni? AND 10.0.4.210 NOT 10.0.4.76
- To** AND 10.0.4.210 NOT 10.0.4.76
- Ton* AND 10.0.4.210 NOT 10.0.4.75
- “Toni” AND 10.0.4.210 NOT 10.0.4.76
-
Which of the following processes pulls application monitoring status from gateways?
- cpm
- fwm
- cpwd
- cpd
-
What is the command used to activated Multi-Version Cluster mode?
- set cluster member mvc on in Clish
- set mvc on on Clish
- set cluster MVC on in Expert Mode
- set cluster mvc on in Expert Mode
Subscribe
0 Comments
Newest