156-315 80

Copyright © 2006-2011 Lead2pass.com , All Rights Reserved.
Vendor: Check Point
Exam Code: 156-315.80
Exam Name: Check Point Certified Security Expert - R80
Version: 19.041
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
150 days after your purchase.
You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)
PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.
Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.
If you have any suggestions, please feel free to contact us at support@lead2pass.com
If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
technology@lead2pass.com and our technical experts will provide support in 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently.
If anyone who share the file we will disable the free update and account access.
Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.
Order ID: ****************
PayPal Name: ****************
PayPal ID: ****************

QUESTION 1
Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidates management console. CPM allows the GUI client and
management server to communicate via web services using ___________.
A. TCP port 19009

B. TCP Port 18190
C. TCP Port 18191
D. TCP Port 18209
Answer: A
QUESTION 2
Which command is used to set the CCP protocol to Multicast?
A. cphaprob set_ccp multicast

B. cphaconf set_ccp multicast
C. cphaconf set_ccp no_broadcast
D. cphaprob set_ccp no_broadcast
Answer: B
Explanation:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails
=&solutionid=sk20576
QUESTION 3
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges

B. source ip
C. source port
D. same info from Packet Acceleration is used
Answer: C
Explanation:
http://trlj.blogspot.com/2015/10/check-point-acceleration.html
QUESTION 4
Which is the least ideal Synchronization Status for Security Management Server High Availability
deployment?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=docu
ments/R80/CP_R80_SecMGMT/120712
Get Latest & Actual 156-315.80 Exam's Question and Answers from Lead2pass. 2
http://www.lead2pass.com
QUESTION 5
During inspection of your Threat Prevention logs you find four different computers having one
event each with a Critical Severity. Which of those hosts should you try to remediate first?
A. Host having a Critical event found by Threat Emulation

B. Host having a Critical event found by IPS
C. Host having a Critical event found by Antivirus
D. Host having a Critical event found by Anti-Bot
Answer: D
QUESTION 6
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address

Translation.
B. Hiding your firewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Answer: D
Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack
connections to your network. Attackers use IP spoofing to send malware and bots to your
protected network, to execute DoS attacks, or to gain unauthorized access.
Reference:
http://dl3.checkpoint.com/paid/74/74d596decb6071a4ee642fbdaae7238f/CP_R80_SecurityMana
gement_AdminGuide.pdf?
HashKey=1479584563_6f823c8ea1514609148aa4fec5425db2&xtn=.pdf
QUESTION 7
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used
for this?
A. UDP port 265

B. TCP port 265
C. UDP port 256
D. TCP port 256
Answer: D
Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to
another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is
handled by the Security Gateway kernel using UDP connections on port 8116.
Reference:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_Ad
minGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/
CP_R80.10_ClusterXL_AdminGuide/7288
QUESTION 8
Fill in the blank: The command ___________ provides the most complete restoration of a R80
configuration.
A. upgrade_import
B. cpconfig
C. fwm dbimport -p <export file>
D. cpinfo 璻ecover
Answer: A
QUESTION 9
Check Point Management (cpm) is the main management process in that it provides the
architecture for a consolidated management console. It empowers the migration from legacy
Client-side logic to Server-side logic. The cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects as well as policy code
generation.
Answer: C
QUESTION 10
Which of the following type of authentication on Mobile Access can NOT be used as the first
authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certificate
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_MobileAccess_
AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/
EN/CP_R80.10_MobileAccess_AdminGuide/41587
QUESTION 11
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
Answer: D
QUESTION 12
What happen when IPS profile is set in Detect Only Mode for troubleshooting?
A. It will generate Geo-Protection traffic

B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious traffic
D. Bypass licenses requirement for Geo-Protection control
Answer: C
Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial
installation of IPS. This option overrides any protections that are set to Prevent so that they will
not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network
traffic, while avoiding any impact on the flow of traffic.
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12750.htm
QUESTION 13
What is true about VRRP implementations?
A. VRRP membership is enabled in cpconfig

B. VRRP can be used together with ClusterXL, but with degraded performance
C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/87911.htm
QUESTION 14
The Security Gateway is installed on GAIA R80. The default port for the Web User interface is
______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Answer: D
QUESTION 15
Fill in the blank: The R80 feature ______ permits blocking specific IP addresses for a specific
time period.
A. Block Port Overflow

B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
Answer: C
Explanation:
Suspicious Activity Rules Solution
Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify
access privileges upon detection of any suspicious network activity (for example, several
attempts to gain unauthorized access).
The detection of suspicious activity is based on the creation of Suspicious Activity rules.
Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block
suspicious connections that are not restricted by the currently enforced security policy. These
rules, once set (usually with an expiration date), can be applied immediately without the need to
perform an Install Policy operation
Reference:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm
QUESTION 16
In a Client to Server scenario, which represents that the packet has already checked against the
tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
Answer: D
QUESTION 17
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious files from a document to use it as a counter-
attack against its sender.
B. This is a new mechanism which is able to collect malicious files out of any kind of file types to
destroy it prior to sending it to the intended recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it
into the SAM database (Suspicious Activity Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from
the document and forwarded to the intended recipient, which makes this solution very fast.
Answer: D
QUESTION 18
You want to gather and analyze threats to your mobile device. It has to be a lightweight app.
Which application would you use?
A. SmartEvent Client Info

B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud
Answer: C
Explanation:
https://www.insight.com/content/dam/insight-web/en_US/pdfs/check-point/mobile-threat-
prevention-behavioral-risk-analysis.pdf
QUESTION 19
Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Answer: C
QUESTION 20
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and
older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are
inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is
matched, inspection will continue in the sub policy attached to it rather than in the next rule.
Answer: D
Explanation:
http://dl3.checkpoint.com/paid/1f/1f850d1640792cf885336cc6ae8b2743/CP_R80_ReleaseNotes.
pdf?HashKey=1517092603_dd917544d92dccc060e5b25d28a46f79&xtn=.pdf
QUESTION 21
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Answer: A
QUESTION 22
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up
an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Answer: C
QUESTION 23
CPM process stores objects, policies, users, administrators, licenses and management data in a
database.
The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_MultiDomainSecurity/html_frameset.htm?to
pic=documents/R80/CP_R80_MultiDomainSecurity/15420
QUESTION 24
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob -a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp
Answer: D
QUESTION 25
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#introduction%20
QUESTION 26
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect

B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Answer: D
Explanation:
https://www.checkpoint.com/products-solutions/mobile-security/check-point-capsule/
QUESTION 27
Which of the following Check Point processes within the Security Management Server is
responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Answer: B
Explanation:
QUESTION 28
The fwd process on the Security Gateway sends logs to the fwd process on the Management
Server via which 2 processes?
A. fwd via cpm

B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
Answer: A
QUESTION 29
You have successfully backed up Check Point configurations without the OS information. What
command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
Answer: C
QUESTION 30
The Firewall Administrator is required to create 100 new host objects with different IP addresses.
What API command can he use in the script to achieve the requirement?
A. add host name <New HostName> ip-address <ip address>

B. add hostname <New HostName> ip-address <ip address>
C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R80/APIs/#intro_gui_cli%20
QUESTION 31
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs
the systems this way, how many machines will he need if he does NOT include a SmartConsole
machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
Answer: C
Explanation:
One for Security Management Server and the other one for the Security Gateway.
QUESTION 32
You can select the file types that are sent for emulation for all the Threat Prevention profiles.
Each profile defines a(n) _____ or ______ action for the file types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/101703.htm
QUESTION 33
When doing a Stand-Alone Installation, you would install the Security Management Server with
which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.

B. SmartConsole
C. SecureClient
D. Security Gateway
E. SmartEvent
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-
webAdmin/89230.htm
QUESTION 34
On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API)
the default Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R8Q_LoggingAndMonitorinq/html_frameset.htm?
topic=documents/R80/CP_R80_LoggingAndMonitoring/120829
QUESTION 35
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
Answer: A
QUESTION 36
What is the least amount of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_PerformanceTuning_WebAdmin/6731.htm
QUESTION 37
You are working with multiple Security Gateways enforcing an extensive number of rules. To
simplify security administration, which action would you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and configure each Security Gateway directly.
Answer: B
QUESTION 38
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm
QUESTION 39
What is the correct command to observe the Sync traffic in a VRRP environment?
A. fw monitor -e "accept[12:4,b]=224.0.0.18;"
B. fw monitor -e "accept(6118;"
C. fw monitor -e "accept proto=mcVRRP;"
D. fw monitor -e "accept dst=224.0.0.18;"
Answer: D
QUESTION 40
What has to be taken into consideration when configuring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow
FW1_cpredundant to pass before the Firewall Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you
wanted to employ Virtual Routers instead, you have to reconsider your design.
Answer: A
QUESTION 41
What is the difference between an event and a log?
A. Events are generated at gateway according to Event Policy

B. A log entry becomes an event when it matches any rule defined in Event Policy
C. Events are collected with SmartWorkflow form Trouble Ticket systems
D. Log and Events are synonyms
Answer: B
QUESTION 42
What are the attributes that SecureXL will check after the connection is allowed by Security
Policy?
A. Source address, Destination address, Source port, Destination port, Protocol

B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol
Answer: A
QUESTION 43
Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161

B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7288.htm
QUESTION 44
The Event List within the Event tab contains:
A. a list of options available for running a query.

B. the top events, destinations, sources, and users of the query results, either as a chart or in a
tallied list.
C. events generated by a query.
D. the details of a selected event.
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80_LoggingAndMonitoring/html_frameset.htm?t
opic=documents/R80/CP_R80_LoggingAndMonitoring/131915
QUESTION 45
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI's when configured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP traffic
Answer: A
Explanation:
QUESTION 46
Which statement is true regarding redundancy?
A. System Administrators know their cluster has failed over and can also see why it failed over by
using the cphaprob 璮 if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point
appliances, open servers, and virtualized environments.
Answer: D
Explanation:
https://www.checkpoint.com/download/public-files/gaia-technical-brief.pdf
QUESTION 47
NAT rules are prioritized in which order?
1. Automatic Static NAT

2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
Answer: A
QUESTION 48
In R80.10, how do you manage your Mobile Access Policy?
A. Through the Unified Policy

B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab
Answer: C
QUESTION 49
R80.10 management server can manage gateways with which versions installed?
A. Versions R77 and higher

B. Versions R76 and higher
C. Versions R75.20 and higher
D. Versions R75 and higher
Answer: C
Explanation:
http://dl3.checkpoint.com/paid/88/88e25b652f62aa6f59dc955e34f98d5c/CP_R80.10_ReleaseNot
es.pdf?HashKey=1538443232_ff63052c2c5a68c42c47eae9e15273c8&xtn=.pdf
QUESTION 50
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Answer: B
Explanation:
QUESTION 51
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.

B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and
support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to specific
features of the plug-in.
Answer: C
QUESTION 52
How can SmartView application accessed?
A. http://<Security Management IP Address>/smartview

B. http://<Security Management IP Address>:4434/smartview
C. https://<Security Management IP Address>/smartview/
D. https://<Security Management host name>:4434/smartview
Answer: C
QUESTION 53
What command verifies that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Answer: B
Explanation:
https://www.hurricanelabs.com/blog/check-point-api-merging-management-servers-with-r80-10
QUESTION 54
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In SmartView Tracker, open active log

B. In the Logs & Monitor view, select "Open Audit Log View"
C. In SmartAuditLog View
D. In Smartlog, all logs
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_LoggingAndMo
nitoring_AdminGuide/html_frameset.htm?topic=documents/R80.10/
WebAdminGuides/EN/CP_R80.10_LoggingAndMonitoring_AdminGuide/188029
QUESTION 55
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
A. User data base corruption

B. LDAP conflicts
C. Traffic issues
D. Phase two key negotiations
Answer: C
Explanation:
Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet
level. The FW Monitor utility captures network packets at multiple capture points along the
FireWall inspection chains. These captured packets can be inspected later using the WireShark
Reference:
QUESTION 56
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm
QUESTION 57
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Answer: A
Explanation:
CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the
time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader
utility for uploading files to Check Point servers).
The CPInfo output file allows analyzing customer setups from a remote location. Check Point
support engineers can open the CPInfo file in a demo mode, while viewing actual customer
Security Policies and Objects. This allows the in-depth analysis of customer's configuration and
environment settings.
Reference:
QUESTION 58
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness,
and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are
inspected in the order in which they are defined, allowing control over the rule base flow and
which security functionalities take precedence.
D. Time object to a rule to make the rule active only during specified times.
Answer: C
Explanation:
http://slideplayer.com/slide/12183998/
QUESTION 59
Which CLI command will reset the IPS pattern matcher statistics?
A. ips reset pmstat

B. ips pstats reset
C. ips pmstats refresh
D. ips pmstats reset
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/84627.htm
QUESTION 60
When requiring certificates for mobile devices, make sure the authentication method is set to one
of the following, Username and Password, RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
Answer: B
Explanation:
QUESTION 61
Check Point recommends configuring Disk Space Management parameters to delete old log
entries when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Answer: D
QUESTION 62
SmartEvent has several components that function together to track security threats. What is the
function of the Correlation Unit as a component of this architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a
threat pattern is identified, an event is forwarded to the SmartEvent Server.
B. Correlates all the identified threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
Answer: A
QUESTION 63
SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic
throughput.
A. This statement is true because SecureXL does improve all traffic.

B. This statement is false because SecureXL does not improve this traffic but CoreXL does.
C. This statement is true because SecureXL does improve this traffic.
D. This statement is false because encrypted traffic cannot be inspected.
Answer: C
Explanation:
SecureXL improved non-encrypted firewall traffic throughput, and encrypted VPN traffic
throughput, by nearly an order-of-magnitude- particularly for small packets flowing in long
duration connections.
Reference:
https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/10001/FILE/SecureXL_and_Noki
a_IPSO_White_Paper_20080401.pdf
QUESTION 64
Which command gives us a perspective of the number of kernel tables?
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
Answer: B
QUESTION 65
When simulating a problem on ClusterXL cluster with cphaprob -d STOP -s problem -t 0 register,
to initiate a failover on an active cluster member, what command allows you remove the
problematic state?
A. cphaprob -d STOP unregister
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob -d unregister STOP
Answer: A
Explanation:
esting a failover in a controlled manner using following command; # cphaprob -d STOP -s
problem -t 0 register
This will register a problem state on the cluster member this was entered on; If you then run; #
cphaprob list
this will show an entry named STOP.
to remove this problematic register run following;
# cphaprob -d STOP unregister
Reference:
https://fwknowledge.wordpress.com/2013/04/04/manual-failover-of-the-fw-cluster/
QUESTION 66
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode
without a Check Point Security Gateway?
A. Install appliance TE250X on SpanPort on LAN switch in MTA mode.

B. Install appliance TE250X in standalone mode and setup MTA.
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
Answer: C
QUESTION 67
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a file and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a file and takes less than a second to complete.
C. Threat Emulation never delivers a file that takes less than a second to complete.
D. Threat Extraction never delivers a file and takes more than 3 minutes to complete.
Answer: B
QUESTION 68
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception
of:
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
Answer: D
QUESTION 69
SandBlast offers flexibility in implementation based on their individual business needs. What is an
option for deployment of Check Point SandBlast Zero-Day Protection?
A. Smart Cloud Services

B. Load Sharing Mode Services
C. Threat Agent Solution
D. Public Cloud Services
Answer: A
QUESTION 70
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
Answer: C
QUESTION 71
What is the purpose of Priority Delta in VRRP?
A. When a box up, Effective Priority = Priority + Priority Delta

B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority ?Priority Delta
D. When a box fail, Effective Priority = Priority ?Priority Delta
Answer: C
Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other
interfaces.
The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by
the specified delta value and then will send out a new VRRP HELLO packet. If the new effective
priority is less than the priority a backup platform has, then the backup platform will beging to
send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP.
Reference:
QUESTION 72
Which statements below are CORRECT regarding Threat Prevention profiles in
SmartDashboard?
A. You can assign only one profile per gateway and a profile can be assigned to one rule Only.
B. You can assign multiple profiles per gateway and a profile can be assigned to one rule only.
C. You can assign multiple profiles per gateway and a profile can be assigned to one or more rules.
D. You can assign only one profile per gateway and a profile can be assigned to one or more rules.
Answer: D
QUESTION 73
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. Can only be changed for Load Sharing implementations

B. All connections are processed and synchronized by the pivot
C. Is configured using cpconfig
D. Is only relevant when using SecureXL
Answer: A
QUESTION 74
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
D. Secure Workspace
Answer: A
Explanation:
https://www.checkpoint.com/products/mobile-secure-workspace/
QUESTION 75
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
Answer: A
QUESTION 76
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443
Answer: D
QUESTION 77
Which configuration file contains the structure of the Security Server showing the port numbers,
corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
Answer: C
QUESTION 78
What API command below creates a new host with the name "New Host" and IP address of
"192.168.0.10"?
A. new host name "New Host" ip-address "192.168.0.10"

B. set host name "New Host" ip-address "192.168.0.10"
C. create host name "New Host" ip-address "192.168.0.10"
D. add host name "New Host" ip-address "192.168.0.10"
Answer: D
QUESTION 79
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating
to an RSA Authentication Manager.
B. Fill Layer4 VPN -SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN -IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
Answer: C
Explanation:
QUESTION 80
You find one of your cluster gateways showing "Down" when you run the "cphaprob stat"
command. You then run the "clusterXL_admin up" on the down member but unfortunately the
member continues to show down. What command do you run to determine the cause?
A. cphaprob -f register
B. cphaprob -d -s report
C. cpstat -f all
D. cphaprob -a list
Answer: D
QUESTION 81
In SmartEvent, what are different types of automatic reactions that the administrator can
configure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Answer: A
Explanation:
QUESTION 82
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt

B. mgmt_cli add host name "Server_1" ip-address "10.15.123.10" --format json
C. mgmt_cli add object-host "Server_1" ip-address "10.15.123.10" --format json
D. mgmt._cli add object "Server-1" ip-address "10.15.123.10" --format json
Answer: B
Explanation:
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1" --format json ?;--format jso"; is
optional. By default the output is presented in plain text.
Reference:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v1.1%20
QUESTION 83
What are the steps to configure the HTTPS Inspection Policy?
A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
D. Go to Application&url filtering blade > Https Inspection > Policy
Answer: A
QUESTION 84
You want to store the GAIA configuration in a file for later reference. What command should you
use?
A. write mem <filename>

B. show config -f <filename>
C. save config -o <filename>
D. save configuration <filename>
Answer: D
QUESTION 85
How do Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable
applications.
B. Capsule Workspace can provide access to any application.
C. Capsule Connect provides Business data isolation.
D. Capsule Connect does not require an installed application at client.
Answer: A
QUESTION 86
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service ?delay sync for 2 seconds
B. Add a second interface to handle sync traffic
C. For short connections like http service ?do not sync
D. For short connections like icmp service ?delay sync for 2 seconds
Answer: A
QUESTION 87
Which of these is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13812.htm
QUESTION 88
You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10

B. dbedit is fully supported in R80.10
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D. dbedit scripts are being replaced by mgmt_cli in R80.10
Answer: D
Explanation:
https://www.checkpoint.com/downloads/product-related/r80.10-mgmt-architecture-overview.pdf
QUESTION 89
Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/92708.htm
QUESTION 90
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Answer: D
QUESTION 91
Which Check Point daemon monitors the other daemons?
A. fwm
B. cpd
C. cpwd
D. fwssd
Answer: C
Explanation:
QUESTION 92
Which command is used to display status information for various components?
A. show all systems

B. show system messages
C. sysmess all
D. show sysenv all
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_framese
t.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/120709
QUESTION 93
What are the blades of Threat Prevention?
A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

B. DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
C. IPS, AntiVirus, AntiBot
D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
Answer: A
Explanation:
https://www.checkpoint.com/products/next-generation-threat-prevention/
QUESTION 94
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?to
pic=documents/R76/CP_R76_SecMan_WebAdmin/13132
QUESTION 95
Can multiple administrators connect to a Security Management Server at the same time?
A. No, only one can be connected

B. Yes, all administrators can modify a network object at the same time
C. Yes, every administrator has their own username, and works in a session that is independent of
other administrators.
D. Yes, but only one has the right to write.
Answer: C
Explanation:
https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_Smart
Provisioning_AdminGuide/html_frameset.htm?topic=documents/R80.20_M1/
WebAdminGuides/EN/CP_R80.20_M1_SmartProvisioning_AdminGuide/16727
QUESTION 96
Which process is available on any management product and on products that require direct GUI
access, such as SmartEvent and provides GUI client communications, database manipulation,
policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
Answer: D
Explanation:
Firewall Management (fwm) is available on any management product, including Multi-Domain and
on products that requite direct GUI access, such as SmartEvent, It provides the following:
?GUI Client communication
?Database manipulation
?Policy Compilation
?Management HA sync
QUESTION 97
To add a file to the Threat Prevention Whitelist, what two items are needed?
A. File name and Gateway

B. Object Name and MD5 signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway
Answer: B
Explanation:
https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?to
pic=documents/R80/CP_R80BC_ThreatPrevention/101703
QUESTION 98
Under which file is the proxy arp configuration stored?
A. $FWDIR/state/proxy_arp.conf on the management server

B. $FWDIR/conf/local.arp on the management server
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
Answer: D
QUESTION 99
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Configuration and database files
C. System message logs
D. OS and network statistics
Answer: A
Explanation:
QUESTION 100
SandBlast appliances can be deployed in the following modes:
A. using a SPAN port to receive a copy of the traffic only

B. detect only
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the traffic flow only
Answer: C
QUESTION 101
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on
the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the
traffic?
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
Answer: A
QUESTION 102
The Correlation Unit performs all but the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified
later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it
to an ongoing event.
Answer: C
QUESTION 103
What is the difference between SSL VPN and IPSec VPN?
A. IPSec VPN does not require installation of a resilient VPN client.

B. SSL VPN requires installation of a resident VPN client.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed
Browser.
Answer: D
QUESTION 104
Which of the following will NOT affect acceleration?
A. Connections destined to or originated from the Security gateway

B. A 5-tuple match
C. Multicast packets
D. Connections that have a Handler (ICMP, FTP, H.323, etc.)
Answer: B
QUESTION 105
The following command is used to verify the CPUSE version:
A. HostName:0>show installer status build

B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build
Answer: A
Explanation:
http://dkcheckpoint.blogspot.com/2017/11/how-to-fix-deployment-agent-issues.html
QUESTION 106
How do you enable virtual mac (VMAC) on-the-fly on a cluster member?
A. cphaprob set int fwha_vmac_global_param_enabled 1

B. clusterXL set int fwha_vmac_global_param_enabled 1
C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1
Answer: C
Explanation:
QUESTION 107
To accelerate the rate of connection establishment, SecureXL groups all connection that match a
particular service and whose sole differentiating element is the source port. The type of grouping
enables even the very first packets of a TCP handshake to be accelerated. The first packets of
the first connection on the same service will be forwarded to the Firewall kernel which will then
create a template of the connection. Which of the these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Answer: B
Explanation:
https://community.checkpoint.com/thread/7894-nat-templates-securexl
QUESTION 108
Which of the following is NOT a type of Check Point API available in R80.10?
A. Identity Awareness Web Services

B. OPSEC SDK
C. Mobile Access
D. Management
Answer: C
QUESTION 109
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
Answer: A
QUESTION 110
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
Answer: B
QUESTION 111
You are asked to check the status of several user-mode processes on the management server
and gateway. Which of the following processes can only be seen on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
Answer: B
QUESTION 112
What scenario indicates that SecureXL is enabled?
A. Dynamic objects are available in the Object Explorer

B. SecureXL can be disabled in cpconfig
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture
Answer: C
QUESTION 113
What processes does CPM control?
A. Object-Store, Database changes, CPM Process and web-services

B. web-services, CPMI process, DLEserver, CPM process
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store
Answer: D
QUESTION 114
Which encryption algorithm is the least secured?
A. AES-128
B. AES-256
C. DES
D. 3DES
Answer: C
QUESTION 115
What is the command to check the status of the SmartEvent Correlation Unit?
A. fw ctl get int cpsead_stat

B. cpstat cpsead
C. fw ctl stat cpsemd
D. cp_conf get_stat cpsemd
Answer: B
Explanation:
QUESTION 116
You need to see which hotfixes are installed on your gateway, which command would you use?
A. cpinfo -h all
B. cpinfo -o hotfix
C. cpinfo -I hotfix
D. cpinfo -y all
Answer: D
Explanation:
QUESTION 117
VPN Link Selection will perform the following when the primary VPN link goes down?
A. The Firewall will drop the packets.

B. The Firewall can update the Link Selection entries to start using a different link for the same
tunnel.
C. The Firewall will send out the packet on all interfaces.
D. The Firewall will inform the client that the tunnel is down.
Answer: B
QUESTION 118
Which of the following links will take you to the SmartView web application?
A. https://<Security Management Server host name>/smartviewweb/

B. https://<Security Management Server IP Address>/smartview/
C. https://<Security Management Server host name>smartviewweb
D. https://<Security Management Server IP Address>/smartview
Answer: B
Explanation:
https://community.checkpoint.com/thread/5212-smartview-accessing-check-point-logs-from-web
QUESTION 119
Which directory below contains log files?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Answer: C
QUESTION 120
Which GUI client is supported in R80?
A. SmartProvisioning
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog
Answer: C
QUESTION 121
From SecureXL perspective, what are the tree paths of traffic flow:
A. Initial Path; Medium Path; Accelerated Path

B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
Answer: D
QUESTION 122
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the
following command in Expert mode and reboot:
A. fw ctl Dyn_Dispatch on
B. fw ctl Dyn_Dispatch enable
C. fw ctl multik set_mode 4
D. fw ctl multik set_mode 1
Answer: C
Explanation:
=&solutionid=sk105261#Confiquration%20R80.10
QUESTION 123
Which command line interface utility allows the administrator to verify the Security Policy name
and timestamp currently installed on a firewall module?
A. fw stat
B. fw ctl pstat
C. fw ver
D. cpstat fwd
Answer: A
QUESTION 124
Which command displays the installed Security Gateway version?
A. fw ver
B. fw stat
C. fw printver
D. cpstat -gw
Answer: A
QUESTION 125
Which command will erase all CRL's?
A. vpn crladmin
B. cpstop/cpstart
C. vpn crl_zap
D. vpn flush
Answer: C
QUESTION 126
What is the supported ClusterXL configuration when configuring a cluster synchronization
network on a VLAN interface?
A. It is supported on the lowest VLAN tag of the VLAN interface

B. It is not supported on a VLAN tag.
C. It is supported on VLAN tag 4095
D. It is supported on VLAN tag 4096.
Answer: A
QUESTION 127
Which SmartConsole component can Administrators use to track changes to the Rule Base?
A. SmartView Monitor
B. SmartReporter
C. WebUI
D. SmartView Tracker
Answer: D
QUESTION 128
UDP packets are delivered if they are ___________.
A. referenced in the SAM related dynamic tables

B. a valid response to an allowed request on the inverse UDP ports and IP
C. a stateful ACK to a valid SYN-SYN/ACK on the inverse UDP ports and IP
D. bypassing the kernel by the forwarding layer of ClusterXL
Answer: B
QUESTION 129
Choose the BEST sequence for configuring user management in Smart Dashboard, using an
LDAP server.
A. Configure a workstation object for the LDAP server, configure a server object for the LDAP
Account Unit, and enable LDAP in Global Properties.
B. Configure a server object for the LDAP Account Unit, and create an LDAP resource object.
C. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and
configure a server object for the LDAP Account Unit.
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and
create an LDAP resource object.
Answer: C
QUESTION 130
Remote clients are using IPSec VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cpvpnd
C. fwm
D. fwd
Answer: A
QUESTION 131
Remote clients are using SSL VPN to authenticate via LDAP server to connect to the
organization. Which gateway process is responsible for the authentication?
A. vpnd
B. cpvpnd
C. fwm
D. fwd
Answer: B
QUESTION 132
Which of the following is NOT a LDAP server option in Smart Directory?
A. Novell_DS
B. Netscape_DS
C. OPSEC_DS
D. Standard_DS
Answer: D
QUESTION 133
An Account Unit is the interface between the __________ and the __________.
A. Users, Domain
B. Gateway, Resources
C. System, Database
D. Clients, Server
Answer: D
QUESTION 134
Which of the following is a valid Active Directory designation for user John Doe in the Sales
department of AcmeCorp.com?
A. Cn=john_doe,ou=Sales,ou=acmecorp,dc=com
B. Cn=john_doe,ou=Sales,ou=acme,ou=corp,dc=com
C. Cn=john_doe,dc=Sales,dc=acmecorp,dc=com
D. Cn=john_doe,ou=Sales,dc=acmecorp,dc=com
Answer: D
QUESTION 135
Which of the following is a valid Active Directory designation for user Jane Doe in the MIS
department of AcmeCorp.com?
A. Cn= jane_doe,ou=MIS,DC=acmecorp,dc=com
B. Cn= jane_doe,ou=MIS,cn=acmecorp,dc=com
C. Cn=jane_doe,ou=MIS,dc=acmecorp,dc=com
D. Cn= jane_doe,ou=MIS,cn=acme,cn=corp,dc=com
Answer: C
QUESTION 136
Which utility or command is useful for debugging by capturing packet information, including
verifying LDAP authentication?
A. fw monitor
B. ping
C. um_core enable
D. fw debug fwm
Answer: A
QUESTION 137
You can NOT use Smart Dashboard's Smart Directory features to connect to the LDAP server.
What should you investigate?
1. Verify you have read-only permissions as administrator for the operating system.
2. Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to
the LDAP server.
3. Check that the Login Distinguished Name configured has root (Administrator) permission (or at
least write permission) in the access control configuration of the LDAP server.
A. 1 and 3
B. 2 and 3
C. 1 and 2
D. 1, 2, and 3
Answer: B
QUESTION 138
When, during policy installation, does the atomic load task run?
A. It is the first task during policy installation.

B. It is the last task during policy installation.
C. Before CPD runs on the Gateway.
D. Immediately after fwm load runs on theSmart Center.
Answer: B
QUESTION 139
What process is responsible for transferring the policy file from Smart Center to the Gateway?
A. FWD
B. FWM
C. CPRID
D. CPD
Answer: D
QUESTION 140
What firewall kernel table stores information about port allocations for Hide NAT connections?
A. NAT_dst_any_list
B. host_ip_addrs
C. NAT_src_any_list
D. fwx_alloc
Answer: D
QUESTION 141
Where do you define NAT properties so that NAT is performed either client side or server side?
A. In SmartDashboard under Gateway setting

B. In SmartDashboard under Global Properties > NAT definition
C. In SmartDashboard in the NAT Rules
D. In file $DFWDIR/lib/table.def
Answer: B
QUESTION 142
The process ___________ is responsible for all other security server processes run on the
Gateway.
A. FWD
B. CPLMD
C. FWM
D. CPD
Answer: A
QUESTION 143
The process ________ is responsible for GUI Client communication with the Smart Center.
A. FWD
B. FWM
C. CPD
D. CPLMD
Answer: B
QUESTION 144
Which command would you use to save the interface information before upgrading a Windows
Gateway?
A. cp /etc/sysconfig/network.C [location]
B. ipconfig -a > [filename].txt
C. ifconfig > [filename].txt
D. netstat -m > [filename].txt
Answer: B
QUESTION 145
When upgrading a cluster in Full Connectivity Mode, the first thing you must do is see if all cluster
members have the same products installed. Which command should you run?
A. fw fcu
B. cphaprob fcustat
C. cpconfig
D. fw ctl conn -a
Answer: D
QUESTION 146
Check Point recommends that you back up systems running Check Point products. Run your
back ups during maintenance windows to limit disruptions to services, improve CPU usage, and
simplify time allotment. Which back up method does Check Point recommend before major
changes, such as upgrades?
A. snapshot
B. upgrade export
C. backup
D. migrate export
Answer: A
QUESTION 147
simplify time allotment. Which back up method does Check Point recommend every couple of
months, depending on how frequently you make changes to the network or policy?
A. backup
B. migrate export
C. upgrade export
D. snapshot
Answer: A
QUESTION 148
simplify time allotment.
Which back up method does Check Point recommend anytime outside a maintenance window?
A. backup
B. migrate export
C. backup export
D. snapshot
Answer: B
QUESTION 149
Snapshot is available on which Security Management Server and Security Gateway platforms?
A. Solaris
B. Windows 2003 Server
C. Windows XP Server
D. Secure Platform
Answer: D
QUESTION 150
The file snapshot generates is very large, and can only be restored to:
A. The device that created it, after it has been upgraded

B. Individual members of a cluster configuration
C. Windows Server class systems
D. A device having exactly the same Operating System as the device that created the file
Answer: D
QUESTION 151
Smart Reporterreports can be used to analyze data from a penetration-testing regimen in all of
the following examples, EXCEPT:
A. Possible worm/malware activity.

B. Analyzing traffic patterns against public resources.
C. Analyzing access attempts via social-engineering.
D. Tracking attempted port scans.
Answer: C
QUESTION 152
What is the best tool to produce a report which represents historical system information?
A. Smart ViewTracker
B. Smart viewMonitor
C. Smart Reporter-Standard Reports
D. Smart Reporter-Express Reports
Answer: D
QUESTION 153
If Jack was concerned about the number of log entries he would receive in the SmartReporter
system, which policy would he need to modify?
A. Consolidation Policy
B. Log Consolidator Policy
C. Log Sequence Policy
D. Report Policy
Answer: A
QUESTION 154
Identify the API that is not supported by Check Point currently.
A. R80 Management API

B. Identity Awareness Web Services API
C. Open REST API
D. OPSEC SDK
Answer: C
QUESTION 155
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-
based algorithms and has four dedicated components that constantly work together to protect
mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Answer: C
Explanation:
https://community.checkpoint.com/docs/DOC-3072-sandblast-mobile-architecture-overview
QUESTION 156
What are the different command sources that allow you to communicate with the API server?
A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B. SmartConsole GUI Console, mgmt._cli Tool, Gaia CLI, Web Services
C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D. API_cli Tool, Gaia CLI, Web Services
Answer: B
Explanation:
QUESTION 157
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL
Filtering, Anti-Virus, IPS, and Threat Emulation?
A. Anti-Bot is the only countermeasure against unknown malware

B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command
& Control Centers
C. Anti-Bot is the only signature-based method of malware protection.
D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to
a Command & Control Center.
Answer: D
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_AntiBotAntiVirus_AdminGuide/index.html
QUESTION 158
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Answer: D
Explanation:
https://www.checkpoint.com/downloads/products/r80.10-security-management-architecture-
overview.pdf
QUESTION 159
Which method below is NOT one of the ways to communicate using the Management API's?
A. Typing API commands using the "mgmt_cli" command

B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Typing API commands using Gaia's secure shell(clish)19+
D. Sending API commands over an http connection using web-services
Answer: D
Explanation:
QUESTION 160
Your manager asked you to check the status of SecureXL, and its enable templates and features,
what command will you use to provide such information to manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Answer: B
Explanation:
QUESTION 161
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote
user's machine via the web browser. What are the two modes of SNX?
A. Application and Client Service
B. Network and Application
C. Network and Layers
D. Virtual Adapter and Mobile App
Answer: B
Explanation:
QUESTION 162
Which command would disable a Cluster Member permanently?
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
D. set clusterXL down-p
Answer: C
QUESTION 163
Which file defines the fields for each object used in the file objects.C (color, num/string, default
value...)?
A. $FWDIR/conf/classes.C
B. $FWDIR/conf/scheam.C
C. $FWDIR/conf/table.C
D. $FWDIR/conf/fields.C
Answer: A
QUESTION 164
Which procedure creates a new administrator in Smart Workflow?
A. Run cpconfig, supply the Login Name.

Profile Properties, Name, Access Applications and Permissions.
B. In Smart Dashboard, clickSmart Workflow/ Enable Smart Workflowand the Enable
SmartWorkflow wizard will start. Supply the Login Name, Profile Properties, Name, Access
Applications and Permissions when prompted.
C. On the Provider-1 primary MDS, run cpconfig, supply the Login Name, Profile Properties, Name,
Access Applications and Permissions.
D. In Smart Dashboard, click Users and Administrators right click Administrators / New Administrator
and supply the Login Name. Profile Properties, Name, Access Applications and Permissions.
Answer: D
QUESTION 165
When you check Web Server in a host-node object, what happens to the host?
A. The Web server daemon is enabled on the host.
B. More granular controls are added to the host, in addition to Web Intelligence tab settings.
C. You can specify allowed ports in the Web server's node-object properties.
You then do not need to list all allowed ports in the Rule Base.
D. IPS Web Intelligence is enabled to check on the host.
Answer: B
QUESTION 166
Which external user authentication protocols are supported in SSL VPN?
A. LDAP, Active Directory, SecurID

B. DAP, SecurID, Check Point Password, OS Password, RADIUS, TACACS
C. LDAP, RADIUS, Active Directory, SecurID
D. LDAP, RADIUS, TACACS, SecurID
Answer: B
QUESTION 167
Which of the following commands can be used to stop Management portal services?
A. fw stopportal
B. cpportalstop
C. cpstop / portal
D. smartportalstop
Answer: D
QUESTION 168
Which command would you use to save the interface information before upgrading
aGAiAGateway?
A. netstat -m > [filename].txt

B. ipconfig -a > [filename].txt
D. cp /etc/sysconfig/network.C [location]
Answer: C
QUESTION 169
Which command would you use to save the routing information before upgrading a Secure
Platform Gateway?
A. cp /etc/sysconfig/network.C [location]
B. netstat -m > [filename].txt
D. ipconfig -a > [filename].txt
Answer: A
QUESTION 170
Which command would you use to save the routing information before upgrading a Windows
Gateway?
A. ipconfig -a > [filename].txt

B. ifconfig > [filename].txt
C. cp /etc/sysconfig/network.C [location]
D. netstat -m > [filename].txt
Answer: D
QUESTION 171
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection
times out
D. The Firewall can run the same policy on all cores.
Answer: D
Explanation:
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times.
Each replicated copy, or instance, runs on one processing core. These instances handle traffic
concurrently, and each instance is a complete and independent inspection kernel. When CoreXL
is enabled, all the kernel instances in the Security Gateway process traffic through the same
interfaces and apply the same security policy.
Reference:
QUESTION 172
Selecting an event displays its configurable properties in the Detail pane and a description of the
event in the Description pane. Which is NOT an option to adjust or configure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
Answer: C
Explanation:
QUESTION 173
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the
following command in Expert mode then reboot:
A. fw ctl multik set_mode 1

B. fw ctl Dynamic_Priority_Queue on
C. fw ctl Dynamic_Priority_Queue enable
D. fw ctl multik set_mode 9
Answer: D
Explanation:
QUESTION 174
Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
Answer: A
QUESTION 175
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Answer: B
Explanation:
QUESTION 176
Which Mobile Access Application allows a secure container on Mobile devices to give users
access to internal website, file share and emails?
A. Check Point Remote User

B. Check Point Capsule Workspace
C. Check Point Mobile Web Portal
D. Check Point Capsule Remote
Answer: C
Explanation:
QUESTION 177
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
Answer: D
QUESTION 178
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.

B. Using cpconfig, update the Dynamic Dispatcher value to "full" under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
D. run fw multik set_mode 1 in Expert mode and then reboot.
Answer: A
Explanation:
QUESTION 179
Session unique identifiers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Answer: C
QUESTION 180
Which command shows actual allowed connections in state table?
A. fw tab -t StateTable
B. fw tab -t connections
C. fw tab -t connection
D. fw tab connections
Answer: B
QUESTION 181
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Answer: A
QUESTION 182
Which command lists all tables in Gaia?
A. fw tab -t
B. fw tab -list
C. fw-tab -s
D. fw tab -1
Answer: C
Explanation:
http://dl3.checkpoint.com/paid/c7/c76b823d81bab77e1e40ac086fa81411/
CP_R77_versions_CLI_ReferenceGuide.pdf?
HashKey=1538418170_96def40f213f24a8b273cc77b408dd3f&xtn=.pdf
QUESTION 183
What is true about the IPS-Blade?
A. In R80, IPS is managed by the Threat Prevention Policy

B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. In R80, IPS Exceptions cannot be attached to "all rules"
D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Answer: A
QUESTION 184
Which one of these features is NOT associated with the Check Point URL Filtering and
Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Configure rules to limit the available network bandwidth for specified users or groups.
C. Use UserCheck to help users understand that certain websites are against the company's
security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories,
and risk levels.
Answer: A
Explanation:
https://sc1.checkpoint.com/documents/R76/CP_R76_AppControl_WebAdmin/60902.htm
QUESTION 185
What is a feature that enables VPN connections to successfully maintain a private and secure
VPN session without employing Stateful Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
Answer: C
Explanation:
Wire Mode is a VPN-1 NGX feature that enables VPN connections to successfully fail over,
bypassing Security Gateway enforcement. This improves performance and reduces downtime.
Based on a trusted source and destination, Wire Mode uses internal interfaces and VPN
Communities to maintain a private and secure VPN session, without employing Stateful
Inspection. Since Stateful Inspection no longer takes place, dynamic-routing protocols that do not
survive state verification in non-Wire Mode configurations can now be deployed. The VPN
connection is no different from any other connections along a dedicated wire, thus the meaning of
"Wire Mode".
Reference:
QUESTION 186
What Factor preclude Secure XL Templating?
A. Source Port Ranges/Encrypted Connections

B. IPS
C. ClusterXL in load sharing Mode
D. CoreXL
Answer: A
QUESTION 187
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most
accurate CLI command?
A. fw ctl sdstat
B. fw ctl affinity -l a -r -v
C. fw ctl multik stat
D. cpinfo
Answer: B
QUESTION 188
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster
Members over Check Point SIC _____________ .
A. TCP Port 18190

B. TCP Port 18209
C. TCP Port 19009
D. TCP Port 18191
Answer: D
QUESTION 189
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)

B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
Answer: D
Explanation:
QUESTION 190
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Answer: B
QUESTION 191
How does Check Point recommend that you secure the sync interface between gateways?
A. Configure the sync network to operate within the DMZ.

B. Secure each sync interface in a cluster with Endpoint.
C. Use a dedicated sync network.
D. Encrypt all sync traffic between cluster members.
Answer: C
QUESTION 192
How would you set the debug buffer size to 1024?
A. Run fw ctl set buf 1024

B. Run fw ctl kdebug 1024
C. Run fw ctl debug -buf 1024
D. Run fw ctl set int print_cons 1024
Answer: C
QUESTION 193
Steve is troubleshooting a connection problem with an internal application. If he knows the source
IP address is 192.168.4.125, how could he filter this traffic?
A. Run fw monitor -e "accept dsrc=192.168.4.125;"

B. Run fw monitor -e "accept dst=192.168.4.125;"
C. Run fw monitor -e "accept ip=192.168.4.125;"
D. Run fw monitor -e "accept src=192.168.4.125;"
Answer: D
QUESTION 194
Check Point support has asked Tony for a firewall capture of accepted packets. What would be
the correct syntax to create a capture file to a filename calledmonitor. out?
A. Run fw monitor -e "accept;" -f monitor.out

B. Run fw monitor -e "accept;" -c monitor.out
C. Run fw monitor -e "accept;" -o monitor.out
D. Run fw monitor -e "accept;" -m monitor.out
Answer: C
QUESTION 195
What is NOT a valid LDAP use in Check PointSmart Directory?
A. Retrieve gateway CRL's

B. External users management
C. Enforce user access to internal resources
D. Provide user authentication information for the Security Management Server
Answer: C
QUESTION 196
There are several Smart Directory(LDAP) features that can be applied to further enhance Smart
Directory(LDAP) functionality, which of the following is NOT one of those features?
A. High Availability, where user information can be duplicated across several servers
B. Support multiple Smart Directory(LDAP) servers on which many user databases are distributed
C. Encrypted or non-encrypted Smart Directory(LDAP) Connections usage
D. Support many Domains under the same account unit
Answer: D
QUESTION 197
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. ELA and CPD

B. FWD and LEA
C. FWD and CPLOG
D. ELA and CPLOG
Answer: D
QUESTION 198
Fill in the blank: The tool ________ generates a R80 Security Gateway configuration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Answer: C
QUESTION 199
Which of these statements describes the Check Point ThreatCloud?
A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category
C. Prevents Cloud vulnerability exploits
D. A worldwide collaborative security network
Answer: D
QUESTION 200
Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically
reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Answer: B
Explanation:
QUESTION 201
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob -I interface
C. cphaprob -a if
D. cphaprob stat
Answer: C
Explanation:
QUESTION 202
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq config
D. St cpmq enable
Answer: A
Explanation:
QUESTION 203
To help SmartEvent determine whether events originated internally you must define using the
Initial Settings under General Settings in the Policy Tab. How many options are available to
calculate the traffic direction?
A. 5 Network; Host; Objects; Services; API

B. 3 Incoming; Outgoing; Network
C. 2 Internal; External
D. 4 Incoming; Outgoing; Internal; Other
Answer: D
Explanation:
http://dl3.checkpoint.com/paid/21/CP_R76_SmartEventIntro_AdminGuide.pdf?HashKey=153841
7023_7cb74dfe0e109c21f130f556d419faaf&xtn=.pdf
QUESTION 204
There are 4 ways to use the Management API for creating host object with R80 Management
API. Which one is NOT correct?
A. Using Web Services

B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
E. Events are collected with SmartWorkflow from Trouble Ticket systems
Answer: E
Explanation:
QUESTION 205
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Answer: B
QUESTION 206
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many
packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To
optimize drops you decide to use Priorities Queues and fully enable Dynamic Dispatcher. How
can you enable them?
A. fw ctl multik dynamic_dispatching on

B. fw ctl multik dynamic_dispatching set_mode 9
C. fw ctl multik set_mode 9
D. fw ctl multik pq enable
Answer: C
Explanation:
QUESTION 207
By default the R80 web API uses which content-type in its response?
A. Java Script
B. XML
C. Text
D. JSON
Answer: D
QUESTION 208
What are the main stages of a policy installation?
A. Verification & Compilation, Transfer and Commit

B. verification & Compilation, Transfer and Installation
C. verification, Commit, Installation
D. verification, Compilation & Transfer, installation
Answer: A
QUESTION 209
When using CPSTAT, what is the default port used by the AMON server?
A. 18191
B. 18192
C. 18194
D. 18190
Answer: B
QUESTION 210
What is the command perform a manual full-sync?
A. fw sync-full<IP address of the other node

B. cp_cnf fwsync<IP -Address of the other node>
C. fw fcu <IP-Address of the other node
D. fw ctl sync<IP-Address of the other node
Answer: A
QUESTION 211
What is the SOLR database for?
A. Used for full text search and enables powerful matching capabilities.
B. Writes data to the database and full text search
C. Servers GUI responsible to transfer to the DLEserver
D. Enables power matching capabilities and writes data to the database
Answer: D
QUESTION 212
Due to high CPU workload on the Security Gateway, the administrator decided to purchase a new
multicore CPU top replace the existing single core CPU, After installatin, is the administrator
required to perform any additional tasks?
A. Go to class-run cpstop| Run cpstar

B. Go to class-Run cpconfig| Configure CoreXL to make use of the additional Cores| Exist cpconfig |
Reboot security Gateway.
C. Administrator does not need to perform any task. Check Point will make use of the newly installed
CPU and Cores.
D. Go to clash-cpconf| Configure CoreXl to make use of the additional Core |Exit cpconfig| Reboot
Gateway| install security policy.
Answer: D
QUESTION 213
What is the protocol and port used for Health Check and State Synchronization ClusterXL?
A. CCP and 18190

B. ccp and 257
C. ccp and 8116
D. cpc and 18116
Answer: C
QUESTION 214
You have a Geo-Protection policy blocking Australia and a number of the countries. You network
now requires a Check point Firewall to be installed in Sydney, Australi
A. What must you do to get SIC to work?

B. Remove Goe-Protection as the IP-to-country database externally and you have no control of this.
C. Create a rule at the top in the Sydney firewall to also control traffic from your network.
D. Nothing-Check Point control connection function regardless of Geo-Protection policy
E. Create a rule at the top in your point firewall to bypass the Goe-Protection
Answer: B
QUESTION 215
Which of to the following is true about Capsule Connect?
A. It is a full layer 3 VPN client
B. It offers full enterprise mobility management
C. It is supported only on IOS phones and Windows PCs
D. It does not support all VPN authentication methods
Answer: B
QUESTION 216
What is a best practice before starting to troubleshooting using the `'fw monitor'' tool?
A. Run the command: fw monitor debug on

B. Clear the connections table
C. Disable CoreXL
D. Disable SecureXL
Answer: D
QUESTION 217
You can access the ThreatCloud Repository form:
A. R80.10 SmartConsole and Application WiKi

B. Threat Prevention and Threat Tools
C. Threat WiKi and Check point Website
D. R80.10 smartConsole and Threat prevention
Answer: C
QUESTION 218
In what way is Secure Distribute (SND) a relevant feature if the security gateway?
A. SDN is a feature to accelerate multiple SSL VPN connections

B. SDN is an alternative to IPSec Main Mode, using only 3 packets
C. SDN is used to distribute packets firewall instances
D. SDN is a feature fw monitor to capture accelerated packets
Answer: C
QUESTION 219
Which files below are NOT core dump files when debugging the security Acceleration Module
card?
A. /var/log/messages*
B. /var/logcrash/,date./nmcore/*
C. var/log/sam_log/*
D. /var/crash/,date>/vmcore/*
Answer: D
QUESTION 220
GAIA Software packets can be imported and installed offline in situation where:
A. Security gateway GAIA does NOT have SFTP access to internet

B. Security Gateway GAIA does NOT have access to internet.
C. Security gateway with GAIA does NOT have SSH access to internet.
D. The desired CPUSE packets is only available in the Check point CLOUD.
Answer: D
QUESTION 221
The WebUI offers three methods for downloading Hotfixes via CPUSE. One of them is Automatic
method. How many times per day will cpuse agent check for hotfixes and automatically download
them?
A. Six times per day

B. Seven times per day
C. Every two hours
D. Every three hours
Answer: D
QUESTION 222
To ensure that VMAC mode is enabled, which CLI command you should run on all cluster
members? Choose the best answer.
A. fw ctl set int fwha vmac global param enabled

B. fw ctl get int fwha vmac global param enabled; result of command should return value 1
C. cphaprob -a if
D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1
Answer: B
QUESTION 223
Capsule Connect and Capsule EWorkspace both offer secured connection for remote users who
are using their mobile devices, there are differences between the two. Which of the following
statement correctly identify each product's capabilities?
A. Workspace supports operating system, Android, and WP8, where Connect support operating
system and Android only.
B. For compliance/host checking. Workspace offers the MDM cooperative enforcement, whereas
Connect offers both jailbreak/root detection and MDM cooperative enforcement.
C. For credential protection, Connection uses One-time Password Login support and has no support,
whereas Workspace offers both One-Time password and certain SSP login support.
D. Workspace can support any application whereas Connect has a limited number of application
types which it will support.
Answer: B
QUESTION 224
Which Check point software blades cloud be enforced under Threat Prevention profile using
Point1R80.10 SmartConsole application?
A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation

B. Firewall, IPS Threat Emulation, Application Control
C. IPS, Anti-Bot, Anti-virus, Threat Emulation, Threat Extraction
D. Firewall, IPS Anti-Bot, Anti-Virus, Threat Emulation
Answer: C
QUESTION 225
If the Active Security Management Server fails or if it becomes necessary to change the active to
standby, the following steps must be taken to prevent data loss. Providing the active Security
management server is responsive, which if these steps should NOT be performed:
A. Rename the hostname the hostname of the Standby member exactly the hostname of the Active
member.
B. Change the Standby Security Management server to Active.
C. Change the Active security Management server to standby.
D. Manually synchronize the active and standby security Management servers.
Answer: A
QUESTION 226
Which of the following will NOT affect acceleration?
A. Connection destination to or originated from the security

B. A S-tuple match
C. Multicast packets
D. Connecti0ons that have a Handler (ICMP, H323,etc.)
Answer: C
QUESTION 227
if a ''ping-packet is dropped by FW1 policy-on how many inspection points do you see this packet
in ''fw monitor''?
A. ''i'', ''i'' and ''o''

B. i dont't see it in fw monitor
C. ''i'' only
D. ''i'' and ''i''
Answer: C
QUESTION 228
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security gateway API, Management API, Threat Prevention API and identity Awareness Web
services API
B. Management API, Threat Prevention API, identity Awareness Web services API and OPSEC SDK
API
C. OSE API, OPSEC SDK API, Threat Extraction API and policy Editor API
D. CPMI API, Management API, Threat Prevention API and identity Awareness Web services API
Answer: B
QUESTION 229
Steve is a Cyber Security Engineer working for Global Bank with large scale deployment of
Check point Enterprise Appliances. Steve's Manager-Diana asks him to provide ecommerce
Firewall Connection Table details to Bank's SOC Team as well as Check Point Support Team.
Which command will trigger heavy impact on the ecommerce Firewall performance and should be
avoided by Steve?
A. Fw tab -t connections -s
B. Fw tab -t connections
C. Fw tab -t connections -c
D. Fw tab -t connections -f
Answer: B
QUESTION 230
Which CLI allows you to run connectivity tests from the Security to an AD domain controller?
A. Test_ad_connectivity -d <domain>
B. Ad_test_connectivity -d <domain>
C. Test_connectivity_ad -d <domain>
D. Ad_connectivity-test -d <domain
Answer: A
QUESTION 231
You are investigating issues with to gateway cluster members are not able to establish the first
initial cluster synchronization. What service is used by the FWD deamon to do a Full
synchronization?
A. TCP port 443

B. TCP port 257
C. TCP port 256
D. UDP port 8116
Answer: C
QUESTION 232
When deploying Sandblast, how would a Threat Emulation appliance be benefits from the
integration of threatCloud?
A. ThreatCloud is a database-related appliance with is located on-premise to preserve privacy of
company-related data.
B. ThreatCloud is a collaboration platform for Check point customer to benefits from a virtual cloud
consisting of a combination of all on-premise private cloud environments.
C. ThreatCloud is a collaboration platform forCheck Point customer to benefit from VMWare ESXi
infrastructure which supports the Threat Emulation Appliance as virtual machine in the EMC cloud.
D. ThreatCloud is collaborating platforms for all the Check point customer to share information about
malicious and beings files all of the customer can benefits from as it makes emulation of know files
Unnecessary.
Answer: D
QUESTION 233
Which is not a blade option when configuring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
Answer: B
QUESTION 234
What command would show the API server status?
A. cpn\ status
B. apl restart
C. api status
D. show apl status
Answer: C
QUESTION 235
Which one of the following is true about Threat Extraction?
A. Always delivers a file to user.

B. Works on all Office, Executable, and PDF files
C. Can take up to 3 minutes to complete
D. Delivers file only if no Threat found
Answer: B
QUESTION 236
Check Point APIs allow system engineers and developers to make changes to their
organization's security policy with CLI tools and Web Services for all of the following except?
A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions.
C. Execute automated scripts to perform common tasks.
D. Create products that use and enhance the Check Point Solution.
Answer: A
QUESTION 237
What command all interface using Multi_queue?
A. Cpng get
B. Show interface all
C. Cpng set
D. Show multiqueue all
Answer: B
QUESTION 238
Which command show the current connection distributd byCoreXL FW instances?
A. Fw ctl multi state

B. Fw cti affinity -I
C. Fw cti instances -v
D. Fw cti lists
Answer: A
QUESTION 239
After trucking installation admin john likes to use top command in except mode john has to set the
export password and was use top command and A week later john has to use the top command
again. He detected that the expert password is no longer valit. What is the more probable reason
for this behavior?
A. "Write memory was not issued on clash

B. Changes are only possible via SmartConsole
C. "save config" was not issue in expect mode
D. 'save config'' was not issue on dish
Answer: A
QUESTION 240
Automation and Orchestration differ in that:
A. Automation relates to codifying tasks, whereas orchestration relates to configure processe.

B. Automation involves the process of coordinating an exchange of information through web service
such as XML JSON, but orchestration does not involve processes.
C. Orchestration is connected executing a single task, whereas automation takes a series of tasks
and puts them all together into a process workflow.
D. Orchestration relates codifying tasks, whereas automation relates to codifying process
Answer: D
About Lead2pass.com
Lead2pass.com was founded in 2006. We provide latest & high quality IT Certification Training
Exam Questions, Study Guides, Practice Tests. Lead the way to help you pass any IT Certification
exams, 100% Pass Guaranteed or Full Refund. Especially Cisco, Microsoft, CompTIA, Citrix, EMC,
HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
Our Slogan: First Test, First Pass.
Help you to pass any IT Certification exams at the first try.
You can reach us at any of the email addresses listed below.
Sales: sales@lead2pass.com
Support: support@lead2pass.com
Technical Assistance Center: technology@lead2pass.com
Any problems about IT certification or our products, you could rely upon us, we will give you
satisfactory answers in 24 hours.
View list of all certification exams: http://www.lead2pass.com/all-products.html

156-315 80

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

156-315 80

Uploaded by

Copyright:

Available Formats

Copyright © 2006-2011 Lead2pass.com , All Rights Reserved.

Vendor: Check Point

Exam Code: 156-315.80

Exam Name: Check Point Certified Security Expert - R80

If you have any suggestions, please feel free to contact us at support@lead2pass.com

Order ID: ****************

PayPal Name: ****************

PayPal ID: ****************

A. TCP port 19009

A. cphaprob set_ccp multicast

A. source port ranges

A. Host having a Critical event found by Threat Emulation

A. Disguising an illegal IP address behind an authorized IP address through Port Address

A. UDP port 265

A. It will generate Geo-Protection traffic

A. VRRP membership is enabled in cpconfig

A. Block Port Overflow

A. SmartEvent Client Info

A. Capsule Docs, Capsule Cloud, Capsule Connect

A. fwd via cpm

A. add host name <New HostName> ip-address <ip address>

A. None, Security Management Server would be installed by itself.

A. Events are generated at gateway according to Event Policy

A. Source address, Destination address, Source port, Destination port, Protocol

A. Using UDP Multicast or Broadcast on port 8161

A. a list of options available for running a query.

1. Automatic Static NAT

A. Through the Unified Policy

A. Versions R77 and higher

A. The plug-in is a package installed on the Security Gateway.

A. http://<Security Management IP Address>/smartview

A. In SmartView Tracker, open active log

A. User data base corruption

A. ips reset pmstat

A. This statement is true because SecureXL does improve all traffic.

A. cphaprob -d STOP unregister

A. Install appliance TE250X on SpanPort on LAN switch in MTA mode.

A. Smart Cloud Services

A. When a box up, Effective Priority = Priority + Priority Delta

A. Can only be changed for Load Sharing implementations

A. new host name "New Host" ip-address "192.168.0.10"

A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt

A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

A. write mem <filename>

A. dbedit is not supported in R80.10

A. show all systems

A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

A. No, only one can be connected

A. File name and Gateway

A. $FWDIR/state/proxy_arp.conf on the management server

A. using a SPAN port to receive a copy of the traffic only

A. IPSec VPN does not require installation of a resilient VPN client.

A. Connections destined to or originated from the Security gateway

A. HostName:0>show installer status build

A. cphaprob set int fwha_vmac_global_param_enabled 1

A. Identity Awareness Web Services

A. Dynamic objects are available in the Object Explorer

A. Object-Store, Database changes, CPM Process and web-services

A. fw ctl get int cpsead_stat

A. The Firewall will drop the packets.

A. https://<Security Management Server host name>/smartviewweb/

A. Initial Path; Medium Path; Accelerated Path

A. It is supported on the lowest VLAN tag of the VLAN interface