Check Point Certified Security Administrator Part 3

Which policy type is used to enforce bandwidth and traffic control rules?

A. Threat Prevention
B. QoS
C. Threat Emulation
D. Access Control

Which Check Point Application Control feature enables application scanning and detection?

A. Application Dictionary
B. Application Library
C. CPApp
D. AppWiki

What type of NAT is a one-to-one relationship where each host is translated to a unique address?

A. Source
B. Destination
C. Hide
D. Static

For Automatic Hide NAT rules created by the administrator what is a TRUE statement?

A. Source Port Address Translation (PAT) is enabled by default.
B. Source Port Address Translation (PAT) is disabled by default.
C. Automatic NAT rules are supported for Network objects only.
D. Automatic NAT rules are supported for Host objects only.

In which scenario will an administrator need to manually define Proxy ARP?

A. When they configure an "Automatic Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
B. When they configure an "Automatic Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
C. When they configure a "Manual Static NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.
D. When they configure a "Manual Hide NAT" which translates to an IP address that belongs to one of the firewall's interfaces.

What is UserCheck?

A. Messaging tool used to verify a user’s credentials.
B. Communication tool used to inform a user about a website or application they are trying to access.
C. Communication tool used to notify an administrator when a new user is created.
D. Administrator tool used to monitor users on their network.

Which Autonomous Threat Prevention profile uses sanitization technology?

A. Cloud/data Center
B. Guest Network
C. Sandbox
D. Perimeter

URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?

A. WebCheck
B. URL categorization
C. UserCheck
D. Harmony Endpoint

You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.

A. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Management add the following line to the $FWDIR/conf/user.def.FW1 file -> subnetforrangeandpeer = { };
B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network.
C. In the SmartConsole create a dedicated VPN Community for both Gateways. On the Gateway add the following line to the $FWDIR/conf/user.def.FW1 file -> subnetforrangeandpeer = { };
D. In the SmartConsole create a dedicated VPN Community for both Gateways. Go to Security Policies / Access Control and create an in-line layer rule with source and destination containing the two networks used for the IKE P2 SA. Put the name of the Community in the VPN column.

Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

A. No, Certificate based VPNs are only possible between Check Point devices
B. No, they cannot share certificate authorities
C. Yes, but they have to have a pre-shared secret key
D. Yes, but they need to have a mutually trusted certificate authority

Which tool allows you to monitor the top bandwidth on smart console?

A. Smart Event
B. Gateways & Servers Tab
C. SmartView Monitor
D. Logs & Monitoring

Where can alerts be viewed?

A. Alerts can be seen in SmartView Monitor.
B. Alerts can be seen in SmartUpdate.
C. Alerts can be seen in the Threat Prevention policy.
D. Alerts can be seen from the CLI of the gateway.

Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?

A. SmartView Monitor
B. SmartEvent
C. SmartDashboard
D. SmartUpdate

In the Check Point Security Management Architecture, which component(s) can store logs?

A. Security Management Server and Security Gateway
B. SmartConsole
C. SmartConsole and Security Management Server
D. Security Management Server

Which of the following is NOT a tracking log option in R81.x?

A. Full Log
B. Log
C. Detailed Log
D. Extended Log

What makes log queries faster?

A. Size of physical memory on the log server.
B. Logs are stored in the management server instead of a separate log server.
C. Indexing Engine indexes logs for faster search results.
D. Optimized log query where SmartConsole queries logs directly from the Security Gateway.

Which information is included in the "Extended Log" tracking option, but is not included in the "Log" tracking option?

A. data type information
B. application information
C. file attributes
D. destination port

How many layers make up the TCP/IP model?

A. 6
B. 4
C. 7
D. 2

What is the user ID of a user that have all the privileges of a root user?

A. User ID 99
B. User ID 1
C. User ID 2
D. User ID 0

In SmartEvent, a correlation unit (CU) is used to do what?

A. Receive firewall and other software blade logs in a region and forward them to the primary log server.
B. Collect security gateway logs, index the logs and then compress the logs.
C. Send SAM block rules to the firewalls during a DOS attack.
D. Analyze log entries and identify events.

Choose what BEST describes users on Gaia Platform.

A. There is one default user that can be deleted.
B. There are two default users and neither can be deleted.
C. There is only one default user that cannot be deleted.
D. There are two default users and one cannot be deleted.

What is the purpose of a Stealth Rule?

A. A rule that allows administrators to access SmartConsole from any device.
B. To drop any traffic destined for the firewall that is not otherwise explicitly allowed.
C. A rule at the end of your policy to drop any traffic that is not explicitly allowed.
D. A rule used to hide a server's IP address from the outside world.

Gaia has two default user accounts that cannot be deleted. What are those user accounts?

A. Expert and Clish
B. Control and Monitor
C. Admin and Monitor
D. Admin and Default

Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

A. IPS
B. Anti-Spam
C. Anti-bot
D. Anti-Virus

You had setup the VPN Community ‘VPN-Stores' with 3 gateways. There are some issues with one remote gateway(1.1.1.1) and an your local gateway. What will be the best log filter to see only the IKE Phase 2 agreed networks for both gateways.

A. action:"Key Install" AND 1.1.1.1 AND Quick Mode
B. Blade:"VPN" AND VPN-Stores AND Main Mode
C. action:"Key Install" AND 1.1.1.1 AND Main Mode
D. Blade:"VPN" AND VPN-Stores AND Quick Mode

Which Security Blade needs to be enabled in order to sanitize and remove potentially malicious content from files, before those files enter the network?

A. Anti-Virus
B. Anti-Malware
C. Threat Extraction
D. Threat Emulation

John is the administrator of a Security Management server managing a Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John’s changes available to other administrators before installing a policy, what should John do?

A. File > Save
B. Publish the session.
C. Install database.
D. Logout of the session.

To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

A. Share the data to the ThreatCloud for use by other Threat Prevention blades.
B. Log the traffic for Administrator viewing.
C. Cache the data to speed up its own function.
D. Delete the data to ensure an analysis of the data is done each time.

Which of the following is TRUE regarding Gaia command line?

A. Configuration changes should be done in mgmtcli and use clish for monitoring. Expert mode is used only for OS level tasks. B. Configuration changes should be done in mgmtcli and use expert mode for OS-level tasks.
C. Configuration changes should be done in expert mode and clish is used for monitoring.
D. All configurations should be done through clish and expert mode should be used for Linux commands or remaining tasks.

When connected to the Check Point Management Server using the SmartConsole, the first administrator to connect has a lock on:

A. only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.
B. the entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.
C. the entire Management Database and all sessions and other administrators can connect only as Read-only.
D. only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored?

A. Check Point user center
B. Security Management Server
C. Security Gateway
D. SmartConsole installed device

Security Gateway software blades must be attached to what?

A. Security Gateway
B. Security Gateway container
C. Management server
D. Management container

Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?

A. Antivirus
B. Data Loss Prevention
C. Application Control
D. NAT

Secure Internal Communication (SIC) is handled by what process?

A. HTTPS
B. CPD
C. CPM
D. FWD

Which of the following licenses are considered temporary?

A. Plug-and-play (Trial) and Evaluation
B. Subscription and Perpetual
C. Perpetual and Trial
D. Evaluation and Subscription

What technologies are used to deny or permit network traffic?

A. Stateful Inspection, URL/Application Blade, and Threat Prevention
B. Stateful Inspection, Firewall Blade, and URL/Application Blade
C. Firewall Blade, URL/Application Blade, and IPS
D. Packet Filtering, Stateful Inspection, and Application Layer Firewall

When using Automatic Hide NAT, what is enabled by default?

A. Source Port Address Translation (PAT)
B. Static Route
C. HTTPS Inspection
D. Static NAT

Fill in the blank: The _ feature allows administrators to share a policy with other policy packages.

A. Concurrent policy packages
B. Shared policies
C. Global Policies
D. Concurrent policies

Name the utility that is used to block activities that appear to be suspicious?

A. Suspicious Activity Monitoring (SAM)
B. Penalty Box
C. Drop Rule in the rulebase
D. Stealth rule

What is a role of Publishing?

A. The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.
B. The Security Management Server installs the updated session and the entire Rule Base on Security Gateways.
C. The Security Management Server installs the updated policy and the entire database on Security Gateways.
D. Modifies network objects, such as servers, users, services, or IPS profiles, but not the Rule Base.

A network administrator has informed you that they have identified a malicious host on the network, and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

A. Anti-Bot protection
B. Suspicious Activity Monitoring (SAM) rules
C. Anti-Malware protection
D. Policy-based routing

What is NOT an advantage of Stateful Inspection?

A. High Performance
B. No Screening above Network Layer
C. Good Security
D. Transparency

From the GAiA Portal, which of the following operations CANNOT be performed on a Security Management Server?

A. Add a static route
B. View Security Management GUI Clients
C. Verify a Security Policy
D. Open a terminal shell

AdminA and AdminB are both logged into SmartConsole. What does it mean if AdminB sees a lock icon on a rule? (Choose the best answer.)

A. Rule is locked by AdminA and will be made available if the session is published.
B. Rule is locked by AdminA and if the session is saved, the rule will be made available.
C. Rule is locked by AdminB because the save button has not been pressed.
D. Rule is locked by AdminB because the rule is currently being edited.

Which of the following is true about Stateful Inspection?

A. Stateful Inspection looks at both the headers of packets, as well as examining their content.
B. Stateful Inspection requires two rules, one for outgoing traffic and one for incoming traffic.
C. Stateful Inspection requires that a server reply to a request, in order to track a connection’s state.
D. Stateful Inspection tracks state using two tables, one for incoming traffic and one for outgoing traffic.

Aggressive Mode in iKEv1 uses how many packages for negotiation?

A. 3
B. depends on the make of the peer gateway
C. 6
D. 5

Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:

A. Since they both are logged in on different interfaces, they will both be able to make changes.
B. The database will be locked by Bob and Joe will not be able to make any changes.
C. Bob will receive a prompt that Joe has logged in.
D. When Joe logs in. Bob will be logged out automatically.

What does the 'unknown' SIC status shown on SmartConsole mean?

A. The management can contact the Security Gateway but cannot establish Secure Internal Communication
B. Administrator input the wrong SIC key
C. SIC activation key requires a reset
D. There is no connection between the Security Gateway and Security Management Server

When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

A. Stateful Inspection offers unlimited connections because of virtual memory usage
B. Stateful Inspection does not use memory to record the protocol used by the connection
C. Only one rule is required for each connection.
D. Stateful Inspection offers no benefits over Packet Filtering.

A stateful inspection firewall works by registering connection data and compares traffic to this information. Where is the information stored?

A. It is stored in the OS sessions table.
B. It is stored using state tables.
C. It is stored in the system SMEM memory pool.
D. It is stored in a CSV file on the security gateway hard drive located in "$FWDIR/conf/…".

You have discovered suspicious activity in your network. What is the BEST immediate action to take?

A. Wait until traffic has been identified before making any changes.
B. Contact your ISP to request them to block the traffic.
C. Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.
D. Create a new policy rule to block the traffic.

Where can the administrator edit a list of trusted SmartConsole clients?

A. Using cpconfig on any Gateway or Server, in the GAiA Portal logged into a Security Management Server.
B. Only using SmartConsole: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients.
C. In the GAiA Portal logged into a Security Management Server, using SmartDashboard: Manage and Settings > Permissions and Administrators > Advanced > Trusted Clients, via cpconfig on a Security Gateway.
D. Using cpconfig on a Security Management Server, in the GAiA Portal logged into a Security Management Server, in SmartConsole: Manage and Settings > Permissions and Administrators >Trusted Clients.