156-315.80 Exam - Questions From Exam Topics Different Format

- Expert Veri ed, Online, Free.
 Custom View Settings
Topic 1 - Single Topic
Question #1 Topic 1
Identify the API that is not supported by Check Point currently.
A. R80 Management API-
B. Identity Awareness Web Services API
C. Open REST API
D. OPSEC SDK
Question #2 Topic 1
SandBlast Mobile identi es threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated
components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile
solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
Question #3 Topic 1
What are the different command sources that allow you to communicate with the API server?
A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
D. API_cli Tool, Gaia CLI, Web Services

Question #4 Topic 1
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
A. Anti-Bot is the only countermeasure against unknown malware
B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
C. Anti-Bot is the only signature-based method of malware protection.
D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.
Question #5 Topic 1
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Question #6 Topic 1
Which method below is NOT one of the ways to communicate using the Management API's?
A. Typing API commands using the "mgmt_cli" command
B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Typing API commands using Gaia's secure shell(clish)19+
D. Sending API commands over an http connection using web-services
Question #7 Topic 1
Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such
information to manager?
A. fw accel stat
B. fwaccel stat
C. fw acces stats
D. fwaccel stats
Question #8 Topic 1
SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the
two modes of
SNX?
A. Application and Client Service
B. Network and Application
C. Network and Layers
D. Virtual Adapter and Mobile App
Question #9 Topic 1
Which command would disable a Cluster Member permanently?
A. clusterXL_admin down
B. cphaprob_admin down
C. clusterXL_admin down-p
D. set clusterXL down-p
Question #10 Topic 1
Which two of these Check Point Protocols are used by SmartEvent Processes?
A. ELA and CPD
B. FWD and LEA
C. FWD and CPLOG
D. ELA and CPLOG
Fill in the blank: The tool ________ generates a R80 Security Gateway con guration report.
A. infoCP
B. infoview
C. cpinfo
D. fw cpinfo
Which of these statements describes the Check Point ThreatCloud?
A. Blocks or limits usage of web applications
B. Prevents or controls access to web sites based on category
C. Prevents Cloud vulnerability exploits
D. A worldwide collaborative security network
Automatic a nity means that if SecureXL is running, the a nity for each interface is automatically reset every
A. 15 sec
B. 60 sec
C. 5 sec
D. 30 sec
Which command will allow you to see the interface status?
A. cphaprob interface
B. cphaprob ""I interface
C. cphaprob ""a if
D. cphaprob stat
Which command can you use to enable or disable multi-queue per interface?
A. cpmq set
B. Cpmqueue set
C. Cpmq con g
D. St cpmq enable
To help SmartEvent determine whether events originated internally or externally you must de ne using the Initial Settings under General Settings in
the Policy
Tab. How many options are available to calculate the tra c direction?
A. 5 Network; Host; Objects; Services; API
B. 3 Incoming; Outgoing; Network
C. 2 Internal; External
D. 4 Incoming; Outgoing; Internal; Other
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services
B. Using Mgmt_cli tool
C. Using CLISH
D. Using SmartConsole GUI console
E. Events are collected with SmartWork ow from Trouble Ticket systems
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to
perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you
enable them?
A. fw ctl multik dynamic_dispatching on
B. fw ctl multik dynamic_dispatching set_mode 9
C. fw ctl multik set_mode 9
D. fw ctl multik pq enable

Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console.
CPM allows the
GUI client and management server to communicate via web services using ___________.
A. TCP port 19009
B. TCP Port 18190
C. TCP Port 18191
D. TCP Port 18209
Which command is used to set the CCP protocol to Multicast?
A. cphaprob set_ccp multicast
B. cphaconf set_ccp multicast
C. cphaconf set_ccp no_broadcast
D. cphaprob set_ccp no_broadcast
Which packet info is ignored with Session Rate Acceleration?
A. source port ranges
B. source ip
C. source port
D. same info from Packet Acceleration is used
Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?
A. Synchronized
B. Never been synchronized
C. Lagging
D. Collision
During inspection of your Threat Prevention logs you nd four different computers having one event each with a Critical Severity. Which of those
hosts should you try to remediate rst?
A. Host having a Critical event found by Threat Emulation
B. Host having a Critical event found by IPS
C. Host having a Critical event found by Antivirus
D. Host having a Critical event found by Anti-Bot
In R80 spoo ng is de ned as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
B. Hiding your rewall from unauthorized users.
C. Detecting people using false or wrong authentication logins
D. Making packets appear as if they come from an authorized IP address.
Connections to the Check Point R80 Web API use what protocol?
A. HTTPS
B. RPC
C. VPN
D. SIC
Which command lists all tables in Gaia?
A. fw tab ""t
B. fw tab ""list
C. fw-tab ""s
D. fw tab -1
What is true about the IPS-Blade?
A. In R80, IPS is managed by the Threat Prevention Policy
B. In R80, in the IPS Layer, the only three possible actions are Basic, Optimized and Strict
C. In R80, IPS Exceptions cannot be attached to "all rules"
D. In R80, the GeoPolicy Exceptions and the Threat Prevention Exceptions are the same
Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?
A. Detects and blocks malware by correlating multiple detection engines before users are affected.
B. Con gure rules to limit the available network bandwidth for speci ed users or groups.
C. Use UserCheck to help users understand that certain websites are against the company's security policy.
D. Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.
What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful
Inspection?
A. Stateful Mode
B. VPN Routing Mode
C. Wire Mode
D. Stateless Mode
What Factor preclude Secure XL Templating?
A. Source Port Ranges/Encrypted Connections
B. IPS
C. ClusterXL in load sharing Mode
D. CoreXL
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
A. fw ctl sdstat
B. fw ctl a nity ""l ""a ""r ""v
C. fw ctl multik stat
D. cpinfo
Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _____________ .
A. TCP Port 18190
B. TCP Port 18209
C. TCP Port 19009
D. TCP Port 18191
The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
A. Secure Internal Communication (SIC)
B. Restart Daemons if they fail
C. Transfers messages between Firewall processes
D. Pulls application monitoring status
What is not a component of Check Point SandBlast?
A. Threat Emulation
B. Threat Simulator
C. Threat Extraction
D. Threat Cloud
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
A. UDP port 265
B. TCP port 265
C. UDP port 256
D. TCP port 256
Fill in the blank: The command ___________ provides the most complete restoration of a R80 con guration.
A. upgrade_import
B. cpcon g
C. fwm dbimport -p <export le>
D. cpinfo ""recover
Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidated management console. It
empowers the migration from legacy Client-side logic to Server-side logic. The cpm process:
A. Allow GUI Client and management server to communicate via TCP Port 19001
B. Allow GUI Client and management server to communicate via TCP Port 18191
C. Performs database tasks such as creating, deleting, and modifying objects and compiling policy.
D. Performs database tasks such as creating, deleting, and modifying objects and compiling as well as policy code generation.
Which of the following type of authentication on Mobile Access can NOT be used as the rst authentication method?
A. Dynamic ID
B. RADIUS
C. Username and Password
D. Certi cate
Which of the SecureXL templates are enabled by default on Security Gateway?
A. Accept
B. Drop
C. NAT
D. None
What happen when IPS pro le is set in Detect Only Mode for troubleshooting?
A. It will generate Geo-Protection tra c
B. Automatically uploads debugging logs to Check Point Support Center
C. It will not block malicious tra c
D. Bypass licenses requirement for Geo-Protection control
What is true about VRRP implementations?
A. VRRP membership is enabled in cpcon g
B. VRRP can be used together with ClusterXL, but with degraded performance
C. You cannot have a standalone deployment
D. You cannot have different VRIDs in the same physical network
The Security Gateway is installed on GAIA R80. The default port for the Web User Interface is ______.
A. TCP 18211
B. TCP 257
C. TCP 4433
D. TCP 443
Fill in the blank: The R80 feature ______ permits blocking speci c IP addresses for a speci ed time period.
A. Block Port Over ow
B. Local Interface Spoo ng
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
In a Client to Server scenario, which represents that the packet has already checked against the tables and the Rule Base?
A. Big l
B. Little o
C. Little i
D. Big O
What is the mechanism behind Threat Extraction?
A. This a new mechanism which extracts malicious les from a document to use it as a counter-attack against its sender.
B. This is a new mechanism which is able to collect malicious les out of any kind of le types to destroy it prior to sending it to the intended
recipient.
C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity
Monitoring).
D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the
intended recipient, which makes this solution very fast.
You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
A. SmartEvent Client Info
B. SecuRemote
C. Check Point Protect
D. Check Point Capsule Cloud

Which view is NOT a valid CPVIEW view?
A. IDA
B. RAD
C. PDP
D. VPN
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are de ned,
allowing control over the rule base ow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during speci ed times.
D. Sub Policies ae sets of rules that can be created and attached to speci c rules. If the rule is matched, inspection will continue in the sub
policy attached to it rather than in the next rule.
fwssd is a child process of which of the following Check Point daemons?
A. fwd
B. cpwd
C. fwm
D. cpd
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoo ng
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
If you needed the Multicast MAC address of a cluster, what command would you run?
A. cphaprob ""a if
B. cphaconf ccp multicast
C. cphaconf debug data
D. cphaprob igmp
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSC SDK
D. Threat Prevention API
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect
B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud

Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security
Gateway?
A. logd
B. fwd
C. fwm
D. cpd
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
A. fwd via cpm
B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
You have successfully backed up Check Point con gurations without the OS information. What command would you use to restore this backup?
A. restore_backup
B. import backup
C. cp_merge
D. migrate import
The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to
achieve the requirement?
A. add host name <New HostName> ip-address <ip address>
B. add hostname <New HostName> ip-address <ip address>
C. set host name <New HostName> ip-address <ip address>
D. set hostname <New HostName> ip-address <ip address>

Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he
need if he does NOT include a SmartConsole machine in his calculations?
A. One machine, but it needs to be installed using SecurePlatform for compatibility purposes.
B. One machine
C. Two machines
D. Three machines
You can select the le types that are sent for emulation for all the Threat Prevention pro les. Each pro le de nes a(n) _____ or ______ action for
the le types.
A. Inspect/Bypass
B. Inspect/Prevent
C. Prevent/Bypass
D. Detect/Bypass
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
A. None, Security Management Server would be installed by itself.
B. SmartConsole
C. SecureClient
D. Security Gateway
E. SmartEvent
On R80.10 when con guring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
A. 18210
B. 18184
C. 257
D. 18191
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the most new image
What is the least amount of CPU cores required to enable CoreXL?
A. 2
B. 1
C. 4
D. 6
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would
you choose?
A. Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.
B. Create a separate Security Policy package for each remote Security Gateway.
C. Create network objects that restricts all applicable rules to only certain networks.
D. Run separate SmartConsole instances to login and con gure each Security Gateway directly.
Which of the following authentication methods ARE NOT used for Mobile Access?
A. RADIUS server
B. Username and password (internal, LDAP)
C. SecurID
D. TACACS+
What is the correct command to observe the Sync tra c in a VRRP environment?
A. fw monitor ""e "accept[12:4,b]=224.0.0.18;"
B. fw monitor ""e "accept port(6118;"
C. fw monitor ""e "accept proto=mcVRRP;"
D. fw monitor ""e "accept dst=224.0.0.18;"
What has to be taken into consideration when con guring Management HA?
A. The Database revisions will not be synchronized between the management servers
B. SmartConsole must be closed prior to synchronized changes in the objects database
C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall
Control Connections.
D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead,
you have to reconsider your design.
What is the difference between an event and a log?
A. Events are generated at gateway according to Event Policy
B. A log entry becomes an event when it matches any rule de ned in Event Policy
C. Events are collected with SmartWork ow form Trouble Ticket systems
D. Log and Events are synonyms
What are the attributes that SecureXL will check after the connection is allowed by Security Policy?
A. Source address, Destination address, Source port, Destination port, Protocol
B. Source MAC address, Destination MAC address, Source port, Destination port, Protocol
C. Source address, Destination address, Source port, Destination port
D. Source address, Destination address, Destination port, Protocol

Which statement is NOT TRUE about Delta synchronization?
A. Using UDP Multicast or Broadcast on port 8161
B. Using UDP Multicast or Broadcast on port 8116
C. Quicker than Full sync
D. Transfers changes in the Kernel tables between cluster members.
The Event List within the Event tab contains:
A. a list of options available for running a query.
B. the top events, destinations, sources, and users of the query results, either as a chart or in a tallied list.
C. events generated by a query.
D. the details of a selected event.
Which statement is correct about the Sticky Decision Function?
A. It is not supported with either the Performance pack of a hardware based accelerator card
B. Does not support SPI's when con gured for Load Sharing
C. It is automatically disabled if the Mobile Access Software Blade is enabled on the cluster
D. It is not required L2TP tra c
Which statement is true regarding redundancy?
A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob ""f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability con guration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized
environments.
NAT rules are prioritized in which order?

1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules
A. 1, 2, 3, 4
B. 1, 4, 2, 3
C. 3, 1, 2, 4
D. 4, 3, 1, 2
In R80.10, how do you manage your Mobile Access Policy?
A. Through the Uni ed Policy
B. Through the Mobile Console
C. From SmartDashboard
D. From the Dedicated Mobility Tab
R80.10 management server can manage gateways with which versions installed?
A. Versions R77 and higher
B. Versions R76 and higher
C. Versions R75.20 and higher
D. Versions R75 and higher
Which command can you use to verify the number of active concurrent connections?
A. fw conn all
B. fw ctl pstat
C. show all connections
D. show connections
Which of the following statements is TRUE about R80 management plug-ins?
A. The plug-in is a package installed on the Security Gateway.
B. Installing a management plug-in requires a Snapshot, just like any upgrade process.
C. A management plug-in interacts with a Security Management Server to provide new features and support for new products.
D. Using a plug-in offers full central management only if special licensing is applied to speci c features of the plug-in.
How can SmartView application accessed?
A. http://<Security Management IP Address>/smartview
B. http://<Security Management IP Address>:4434/smartview/
C. https://<Security Management IP Address>/smartview/
D. https://<Security Management host name>:4434/smartview/
What command veri es that the API server is responding?
A. api stat
B. api status
C. show api_status
D. app_get_status
Where you can see and search records of action done by R80 SmartConsole administrators?
A. In SmartView Tracker, open active log
B. In the Logs & Monitor view, select "Open Audit Log View"
C. In SmartAuditLog View
D. In Smartlog, all logs

Fill in the blank: The R80 utility fw monitor is used to troubleshoot ________.
A. User data base corruption
B. LDAP con icts
C. Tra c issues
D. Phase two key negotiations
The Firewall kernel is replicated multiple times, therefore:
A. The Firewall kernel only touches the packet if the connection is accelerated
B. The Firewall can run different policies per core
C. The Firewall kernel is replicated only with new connections and deletes itself once the connection times out
D. The Firewall can run the same policy on all cores.
Selecting an event displays its con gurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an
option to adjust or con gure?
A. Severity
B. Automatic reactions
C. Policy
D. Threshold
To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
A. fw ctl multik set_mode 1
B. fw ctl Dynamic_Priority_Queue on
C. fw ctl Dynamic_Priority_Queue enable
D. fw ctl multik set_mode 9

Advanced Security Checkups can be easily conducted within:
A. Reports
B. Advanced
C. Checkups
D. Views
E. Summary
What is the limitation of employing Sticky Decision Function?
A. With SDF enabled, the involved VPN Gateways only supports IKEv1
B. Acceleration technologies, such as SecureXL and CoreXL are disabled when activating SDF
C. With SDF enabled, only ClusterXL in legacy mode is supported
D. With SDF enabled, you can only have three Sync interfaces at most
Which Mobile Access Application allows a secure container on Mobile devices to give users access to internal website, le share and emails?
A. Check Point Remote User
B. Check Point Capsule Workspace
C. Check Point Mobile Web Portal
D. Check Point Capsule Remote
Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run "fw ctl multik dynamic_dispatching on" and then Reboot.
B. Using cpcon g, update the Dynamic Dispatcher value to "full" under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the le, save, and reboot.
D. run fw ctl multik set_mode 1 in Expert mode and then reboot.
Session unique identi ers are passed to the web api using which http header option?
A. X-chkp-sid
B. Accept-Charset
C. Proxy-Authorization
D. Application
Which command shows actual allowed connections in state table?
A. fw tab ""t StateTable
B. fw tab ""t connections
C. fw tab ""t connection
D. fw tab connections
What SmartEvent component creates events?
A. Consolidation Policy
B. Correlation Unit
C. SmartEvent Policy
D. SmartEvent GUI
Which command collects diagnostic data for analyzing customer setup remotely?
A. cpinfo
B. migrate export
C. sysinfo
D. cpview
Which features are only supported with R80.10 Gateways but not R77.x?
A. Access Control policy uni es the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are de ned,
allowing control over the rule base ow and which security functionalities take precedence.
D. Time object to a rule to make the rule active only during speci ed times.
Which CLI command will reset the IPS pattern matcher statistics?
A. ips reset pmstat
B. ips pstats reset
C. ips pmstats refresh
D. ips pmstats reset
When requiring certi cates for mobile devices, make sure the authentication method is set to one of the following, Username and Password,
RADIUS or _______.
A. SecureID
B. SecurID
C. Complexity
D. TacAcs
Check Point recommends con guring Disk Space Management parameters to delete old log entries when available disk space is less than or
equal to?
A. 50%
B. 75%
C. 80%
D. 15%
SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component
of this architecture?
A. Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identi ed, an event is
forwarded to the SmartEvent Server.
B. Correlates all the identi ed threats with the consolidation policy.
C. Collects syslog data from third party devices and saves them to the database.
D. Connects with the SmartEvent Client when generating threat reports.
SecureXL improves non-encrypted rewall tra c throughput and encrypted VPN tra c throughput.
A. This statement is true because SecureXL does improve all tra c.
B. This statement is false because SecureXL does not improve this tra c but CoreXL does.
C. This statement is true because SecureXL does improve this tra c.
D. This statement is false because encrypted tra c cannot be inspected.
Which command gives us a perspective of the number of kernel tables?
A. fw tab -t
B. fw tab -s
C. fw tab -n
D. fw tab -k
When simulating a problem on ClusterXL cluster with cphaprob ""d STOP -s problem -t 0 register, to initiate a failover on an active cluster member,
what command allows you remove the problematic state?
A. cphaprob ""d STOP unregister
B. cphaprob STOP unregister
C. cphaprob unregister STOP
D. cphaprob ""d unregister STOP
How would you deploy TE250X Check Point appliance just for email tra c and in-line mode without a Check Point Security Gateway?
A. Install appliance TE250X on SpanPort on LAN switch in MTA mode.
B. Install appliance TE250X in standalone mode and setup MTA.
C. You can utilize only Check Point Cloud Services for this scenario.
D. It is not possible, always Check Point SGW is needed to forward emails to SandBlast appliance.
What is the main difference between Threat Extraction and Threat Emulation?
A. Threat Emulation never delivers a le and takes more than 3 minutes to complete.
B. Threat Extraction always delivers a le and takes less than a second to complete.
C. Threat Emulation never delivers a le that takes less than a second to complete.
D. Threat Extraction never delivers a le and takes more than 3 minutes to complete.
When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of:
A. Threat Emulation
B. HTTPS
C. QOS
D. VoIP
SandBlast offers exibility in implementation based on their individual business needs. What is an option for deployment of Check Point
SandBlast Zero-Day
Protection?
A. Smart Cloud Services
B. Load Sharing Mode Services
C. Threat Agent Solution
D. Public Cloud Services
Which of the following is NOT a component of Check Point Capsule?
A. Capsule Docs
B. Capsule Cloud
C. Capsule Enterprise
D. Capsule Workspace
What is the purpose of Priority Delta in VRRP?
A. When a box up, Effective Priority = Priority + Priority Delta
B. When an Interface is up, Effective Priority = Priority + Priority Delta
C. When an Interface fail, Effective Priority = Priority "" Priority Delta
D. When a box fail, Effective Priority = Priority "" Priority Delta
Which statements below are CORRECT regarding Threat Prevention pro les in SmartDashboard?
A. You can assign only one pro le per gateway and a pro le can be assigned to one rule Only.
B. You can assign multiple pro les per gateway and a pro le can be assigned to one rule only.
C. You can assign multiple pro les per gateway and a pro le can be assigned to one or more rules.
D. You can assign only one pro le per gateway and a pro le can be assigned to one or more rules.
Using ClusterXL, what statement is true about the Sticky Decision Function?
A. Can only be changed for Load Sharing implementations
B. All connections are processed and synchronized by the pivot
C. Is con gured using cpcon g
D. Is only relevant when using SecureXL
What is the name of the secure application for Mail/Calendar for mobile devices?
A. Capsule Workspace
B. Capsule Mail
C. Capsule VPN
D. Secure Workspace
Where do you create and modify the Mobile Access policy in R80?
A. SmartConsole
B. SmartMonitor
C. SmartEndpoint
D. SmartDashboard
SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:
A. 19090,22
B. 19190,22
C. 18190,80
D. 19009,443
Which con guration le contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?
A. $FWDIR/database/fwauthd.conf
B. $FWDIR/conf/fwauth.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/state/fwauthd.conf
What API command below creates a new host with the name "New Host" and IP address of "192.168.0.10"?
A. new host name "New Host" ip-address "192.168.0.10"
B. set host name "New Host" ip-address "192.168.0.10"
C. create host name "New Host" ip-address "192.168.0.10"
D. add host name "New Host" ip-address "192.168.0.10"
As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?
A. That is used to deploy the mobile device as a generator of one-time passwords for authenticating to an RSA Authentication Manager.
B. Fill Layer4 VPN ""SSL VPN that gives users network access to all mobile applications.
C. Full Layer3 VPN ""IPSec VPN that gives users network access to all mobile applications.
D. You can make sure that documents are sent to the intended recipients only.
You nd one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the
down member but unfortunately the member continues to show down. What command do you run to determine the cause?
A. cphaprob ""f register
B. cphaprob ""d ""s report
C. cpstat ""f all
D. cphaprob ""a list

In SmartEvent, what are the different types of automatic reactions that the administrator can con gure?
A. Mail, Block Source, Block Event Activity, External Script, SNMP Trap
B. Mail, Block Source, Block Destination, Block Services, SNMP Trap
C. Mail, Block Source, Block Destination, External Script, SNMP Trap
D. Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
A. mgmt_cli add-host "Server_1" ip_address "10.15.123.10" --format txt
B. mgmt_cli add host name "Server_1" ip-address "10.15.123.10" --format json
C. mgmt_cli add object-host "Server_1" ip-address "10.15.123.10" --format json
D. mgmt._cli add object "Server-1" ip-address "10.15.123.10" --format json
What are the steps to con gure the HTTPS Inspection Policy?
A. Go to Manage&Settings > Blades > HTTPS Inspection > Con gure in SmartDashboard
B. Go to Application&url ltering blade > Advanced > Https Inspection > Policy
C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
D. Go to Application&url ltering blade > Https Inspection > Policy
You want to store the GAIA con guration in a le for later reference. What command should you use?
A. write mem < lename>
B. show con g ""f < lename>
C. save con g ""o < lename>
D. save con guration < lename>

How do Capsule Connect and Capsule Workspace differ?
A. Capsule Connect provides a Layer3 VPN. Capsule Workspace provides a Desktop with usable applications.
B. Capsule Workspace can provide access to any application.
C. Capsule Connect provides Business data isolation.
D. Capsule Connect does not require an installed application at client.
John detected high load on sync interface. Which is most recommended solution?
A. For short connections like http service "" delay sync for 2 seconds
B. Add a second interface to handle sync tra c
C. For short connections like http service "" do not sync
D. For short connections like icmp service "" delay sync for 2 seconds
Which of these is an implicit MEP option?
A. Primary-backup
B. Source address based
C. Round robin
D. Load Sharing
You have existing dbedit scripts from R77. Can you use them with R80.10?
A. dbedit is not supported in R80.10
B. dbedit is fully supported in R80.10
C. You can use dbedit to modify threat prevention or access policies, but not create or modify layers
D. dbedit scripts are being replaced by mgmt_cli in R80.10

Which remote Access Solution is clientless?
A. Checkpoint Mobile
B. Endpoint Security Suite
C. SecuRemote
D. Mobile Access Portal
What is the command to see cluster status in cli expert mode?
A. fw ctl stat
B. clusterXL stat
C. clusterXL status
D. cphaprob stat
Which Check Point daemon monitors the other daemons?
A. fwm
B. cpd
C. cpwd
D. fwssd
Which command is used to display status information for various components?
A. show all systems
B. show system messages
C. sysmess all
D. show sysenv all

What are the blades of Threat Prevention?
A. IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
B. DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction
C. IPS, AntiVirus, AntiBot
D. IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction
For Management High Availability, which of the following is NOT a valid synchronization status?
A. Collision
B. Down
C. Lagging
D. Never been synchronized
Can multiple administrators connect to a Security Management Server at the same time?
A. No, only one can be connected
B. Yes, all administrators can modify a network object at the same time
C. Yes, every administrator has their own username, and works in a session that is independent of other administrators.
D. Yes, but only one has the right to write.
Which process is available on any management product and on products that require direct GUI access, such as SmartEvent and provides GUI
client communications, database manipulation, policy compilation and Management HA synchronization?
A. cpwd
B. fwd
C. cpd
D. fwm
To add a le to the Threat Prevention Whitelist, what two items are needed?
A. File name and Gateway
B. Object Name and MD5 signature
C. MD5 signature and Gateway
D. IP address of Management Server and Gateway
Under which le is the proxy arp con guration stored?
A. $FWDIR/state/proxy_arp.conf on the management server
B. $FWDIR/conf/local.arp on the management server
C. $FWDIR/state/_tmp/proxy.arp on the security gateway
D. $FWDIR/conf/local.arp on the gateway
What information is NOT collected from a Security Gateway in a Cpinfo?
A. Firewall logs
B. Con guration and database les
C. System message logs
D. OS and network statistics
SandBlast appliances can be deployed in the following modes:
A. using a SPAN port to receive a copy of the tra c only
B. detect only
C. inline/prevent or detect
D. as a Mail Transfer Agent and as part of the tra c ow only

Tra c from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the tra c. Assuming
acceleration is enabled which path is handling the tra c?
A. Slow Path
B. Medium Path
C. Fast Path
D. Accelerated Path
The Correlation Unit performs all but the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identi ed later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
What is the difference between SSL VPN and IPSec VPN?
A. IPSec VPN does not require installation of a resilient VPN client.
B. SSL VPN requires installation of a resident VPN client.
C. SSL VPN and IPSec VPN are the same.
D. IPSec VPN requires installation of a resident VPN client and SSL VPN requires only an installed Browser.
Which of the following will NOT affect acceleration?
A. Connections destined to or originated from the Security gateway
B. A 5-tuple match
C. Multicast packets
D. Connections that have a Handler (ICMP, FTP, H.323, etc.)

The following command is used to verify the CPUSE version:
A. HostName:0>show installer status build
B. [Expert@HostName:0]#show installer status
C. [Expert@HostName:0]#show installer status build
D. HostName:0>show installer build
How do you enable virtual mac (VMAC) on-the- y on a cluster member?
A. cphaprob set int fwha_vmac_global_param_enabled 1
B. clusterXL set int fwha_vmac_global_param_enabled 1
C. fw ctl set int fwha_vmac_global_param_enabled 1
D. cphaconf set int fwha_vmac_global_param_enabled 1
To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating
element is the source port. The type of grouping enables even the very rst packets of a TCP handshake to be accelerated. The rst packets of the
rst connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the
these is NOT a SecureXL template?
A. Accept Template
B. Deny Template
C. Drop Template
D. NAT Template
Which of the following is NOT a type of Check Point API available in R80.10?
A. Identity Awareness Web Services
B. OPSEC SDK
C. Mobile Access
D. Management
When an encrypted packet is decrypted, where does this happen?
A. Security policy
B. Inbound chain
C. Outbound chain
D. Decryption is not supported
John is using Management HA. Which Smartcenter should be connected to for making changes?
A. secondary Smartcenter
B. active Smartenter
C. connect virtual IP of Smartcenter HA
D. primary Smartcenter
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can
only be seen on a Management Server?
A. fwd
B. fwm
C. cpd
D. cpwd
What scenario indicates that SecureXL is enabled?
A. Dynamic objects are available in the Object Explorer
B. SecureXL can be disabled in cpcon g
C. fwaccel commands can be used in clish
D. Only one packet in a stream is seen in a fw monitor packet capture

What processes does CPM control?
A. Object-Store, Database changes, CPM Process and web-services
B. web-services, CPMI process, DLEserver, CPM process
C. DLEServer, Object-Store, CP Process and database changes
D. web_services, dle_server and object_Store
Which encryption algorithm is the least secured?
A. AES-128
B. AES-256
C. DES
D. 3DES
What is the command to check the status of the SmartEvent Correlation Unit?
A. fw ctl get int cpsead_stat
B. cpstat cpsead
C. fw ctl stat cpsemd
D. cp_conf get_stat cpsemd
You need to see which hot xes are installed on your gateway, which command would you use?
A. cpinfo ""h all
B. cpinfo ""o hot x
C. cpinfo ""l hot x
D. cpinfo ""y all

VPN Link Selection will perform the following when the primary VPN link goes down?
A. The Firewall will drop the packets.
B. The Firewall can update the Link Selection entries to start using a different link for the same tunnel.
C. The Firewall will send out the packet on all interfaces.
D. The Firewall will inform the client that the tunnel is down.
Which of the following links will take you to the SmartView web application?
A. https://<Security Management Server host name>/smartviewweb/
B. https://<Security Management Server IP Address>/smartview/
C. https://<Security Management Server host name>smartviewweb
D. https://<Security Management Server IP Address>/smartviewapp
Which directory below contains log les?
A. /opt/CPSmartlog-R80/log
B. /opt/CPshrd-R80/log
C. /opt/CPsuite-R80/fw1/log
D. /opt/CPsuite-R80/log
Which GUI client is supported in R80?
A. SmartProvisioning
B. SmartView Tracker
C. SmartView Monitor
D. SmartLog
From SecureXL perspective, what are the tree paths of tra c ow:
A. Initial Path; Medium Path; Accelerated Path
B. Layer Path; Blade Path; Rule Path
C. Firewall Path; Accept Path; Drop Path
D. Firewall Path; Accelerated Path; Medium Path
To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:
A. fw ctl Dyn_Dispatch on
B. fw ctl Dyn_Dispatch enable
C. fw ctl multik set_mode 4
D. fw ctl multik set_mode 1
What is the protocol and port used for Health Check and State Synchronization in ClusterXL?
A. CCP and 18190
B. CCP and 257
C. CCP and 8116
D. CPC and 8116
Which command shows the current connections distributed by CoreXL FW instances?
A. fw ctl multik stat
B. fw ctl a nity -l
C. fw ctl instances -v
D. fw ctl i ist
What is the purpose of extended master key extension/session hash?
A. UDP VOIP protocol extension
B. In case of TLS1.x it is a prevention of a Man-in-the-Middle attack/disclosure of the client-server communication
C. Special TCP handshaking extension
D. Supplement DLP data watermark
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which speci es the type of tra c applicable to the chain module.
For Wire Mode con guration, chain modules marked with __________________ will not apply.
A. ffff
B. 1
C. 2
D. 3
Which one of the following is true about Capsule Connect?
A. It is a full layer 3 VPN client
B. It offers full enterprise mobility management
C. It is supported only on iOS phones and Windows PCs
D. It does not support all VPN authentication methods
How often does Threat Emulation download packages by default?
A. Once a week
B. Once an hour
C. Twice per day
D. Once per day

You are investigating issues with to gateway cluster members are not able to establish the rst initial cluster synchronization. What service is
used by the FWD daemon to do a Full Synchronization?
A. TCP port 443
B. TCP port 257
C. TCP port 256
D. UDP port 8116
Which statement is true about ClusterXL?
A. Supports Dynamic Routing (Unicast and Multicast)
B. Supports Dynamic Routing (Unicast Only)
C. Supports Dynamic Routing (Multicast Only)
D. Does not support Dynamic Routing
Which command shows detailed information about VPN tunnels?
A. cat $FWDIR/conf/vpn.conf
B. vpn tu tlist
C. vpn tu
D. cpview
Which Check Point software blades could be enforced under Threat Prevention pro le using Check Point R80.10 SmartConsole application?
A. IPS, Anti-Bot, URL Filtering, Application Control, Threat Emulation.
B. Firewall, IPS, Threat Emulation, Application Control.
C. IPS, Anti-Bot, Anti-Virus, Threat Emulation, Threat Extraction.
D. Firewall, IPS, Anti-Bot, Anti-Virus, Threat Emulation.

When gathering information about a gateway using CPINFO, what information is included or excluded when using the "-x" parameter?
A. Includes the registry
B. Gets information about the speci ed Virtual System
C. Does not resolve network addresses
D. Output excludes connection table
What component of R80 Management is used for indexing?
A. DBSync
B. API Server
C. fwm
D. SOLR
After making modi cations to the $CVPNDIR/conf/cvpnd.C le, how would you restart the daemon?
A. cvpnd_restart
B. cvpnd_restart
C. cvpnd restart
D. cvpnrestart
SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part
of the
SandBlast component?
A. Threat Emulation
B. Mobile Access
C. Mail Transfer Agent
D. Threat Cloud
With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and de ne the
actions that users can perform the applications. Mobile Access encrypts all tra c using:
A. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, they
need to install the SSL Network Extender.
B. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, they
need to install the SSL Network Extender.
C. HTTPS for web-based applications and 3DES or RC4 algorithm for native applications. For end users to access the native applications, no
additional software is required.
D. HTTPS for web-based applications and AES or RSA algorithm for native applications. For end users to access the native application, no
additional software is required.
What is the bene t of "tw monitor" over "tcpdump"?
A. "fw monitor" reveals Layer 2 information, while "tcpdump" acts at Layer 3.
B. "fw monitor" is also available for 64-Bit operating systems.
C. With "fw monitor", you can see the inspection points, which cannot be seen in "tcpdump"
D. "fw monitor" can be used from the CLI of the Management Server to collect information from multiple gateways.
Which of the following describes how Threat Extraction functions?
A. Detect threats and provides a detailed report of discovered threats.
B. Proactively detects threats.
C. Delivers le with original content.
D. Delivers PDF versions of original les with active content removed.
Security Checkup Summary can be easily conducted within:
A. Summary
B. Views
C. Reports
D. Checkups
What command can you use to have cpinfo display all installed hot xes?
A. cpinfo -hf
B. cpinfo ""y all
C. cpinfo ""get hf
D. cpinfo installed_jumbo
What is the port used for SmartConsole to connect to the Security Management Server?
A. CPMI port 18191/TCP
B. CPM port/TCP port 19009
C. SIC port 18191/TCP
D. https port 4434/TCP
What is considered Hybrid Emulation Mode?
A. Manual con guration of le types on emulation location.
B. Load sharing of emulation between an on premise appliance and the cloud.
C. Load sharing between OS behavior and CPU Level emulation.
D. High availability between the local SandBlast appliance and the cloud.
When setting up an externally managed log server, what is one item that will not be con gured on the R80 Security Management Server?
A. IP
B. SIC
C. NAT
D. FQDN
Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not
connected to the
Internet?
A. Export R80 con guration, clean install R80.10 and import the con guration
B. CPUSE o ine upgrade
C. CPUSE online upgrade
D. SmartUpdate upgrade
When installing a dedicated R80 SmartEvent server. What is the recommended size of the root partition?
A. Any size
B. Less than 20GB
C. More than 10GB and less than 20GB
D. At least 20GB
As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG le with the name
"˜cover-company-
[1]
A. SFWDIR/smartevent/conf
B. $RTDIR/smartevent/conf
C. $RTDIR/smartview/conf
D. $FWDIR/smartview/conf
Which one of the following is true about Threat Extraction?
A. Always delivers a le to user
B. Works on all MS O ce, Executables, and PDF les
C. Can take up to 3 minutes to complete
D. Delivers le only if no threats found

Which one of the following is true about Threat Emulation?
A. Takes less than a second to complete
B. Works on MS O ce and PDF les only
C. Always delivers a le
D. Takes minutes to complete (less than 3 minutes)
Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point appliances. Which the following command is NOT
related to redundancy and functions?
A. cphaprob stat
B. cphaprob ""a if
C. cphaprob ""l list
D. cphaprob all show stat
What is the purpose of a SmartEvent Correlation Unit?
A. The SmartEvent Correlation Unit is designed to check the connection reliability from SmartConsole to the SmartEvent Server.
B. The SmartEvent Correlation Unit's task it to assign severity levels to the identi ed events.
C. The Correlation unit role is to evaluate logs from the log server component to identify patterns/threats and convert them to events.
D. The SmartEvent Correlation Unit is designed to check the availability of the SmartReporter Server.
What are the main stages of a policy installations?
A. Veri cation & Compilation, Transfer and Commit
B. Veri cation & Compilation, Transfer and Installation
C. Veri cation, Commit, Installation
D. Veri cation, Compilation & Transfer, Installation

What is a best practice before starting to troubleshoot using the "fw monitor" tool?
A. Run the command: fw monitor debug on
B. Clear the connections table
C. Disable CoreXL
D. Disable SecureXL
SmartEvent does NOT use which of the following procedures to identify events:
A. Matching a log against each event de nition
B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
What is the most recommended way to install patches and hot xes?
A. CPUSE Check Point Update Service Engine
B. rpm -Uv
C. Software Update Service
D. UnixinstallScript
Automation and Orchestration differ in that:
A. Automation relates to codifying tasks, whereas orchestration relates to codifying processes.
B. Automation involves the process of coordinating an exchange of information through web service interactions such as XML and JSON, but
orchestration does not involve processes.
C. Orchestration is concerned with executing a single task, whereas automation takes a series of tasks and puts them all together into a
process work ow.
D. Orchestration relates to codifying tasks, whereas automation relates to codifying processes.

An administrator would like to troubleshoot why templating is not working for some tra c. How can he determine at which rule templating is
disabled?
A. He can use the fw accel stat command on the gateway.
B. He can use the fw accel statistics command on the gateway.
C. He can use the fwaccel stat command on the Security Management Server.
D. He can use the fwaccel stat command on the gateway
Which web services protocol is used to communicate to the Check Point R80 Identity Awareness Web API?
A. SOAP
B. REST
C. XLANG
D. XML-RPC
What is mandatory for ClusterXL to work properly?
A. The number of cores must be the same on every participating cluster node
B. The Magic MAC number must be unique per cluster node
C. The Sync interface must not have an IP address con gured
D. If you have "Non-monitored Private" interfaces, the number of those interfaces must be the same on all cluster members
Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?
A. host name myHost12 ip-address 10.50.23.90
B. mgmt: add host name ip-address 10.50.23.90
C. add host name emailserver1 ip-address 10.50.23.90
D. mgmt: add host name emailserver1 ip-address 10.50.23.90

Using Threat Emulation technologies, what is the best way to block .exe and .bat le types?
A. enable DLP and select.exe and .bat le type
B. enable .exe & .bat protection in IPS Policy
C. create FW rule for particular protocol
D. tecli advanced attributes set prohibited_ le_types exe.bat
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?
A. 4 Interfaces "" an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a
fourth interface leading to the Security Management Server.
B. 3 Interfaces "" an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
C. 1 Interface "" an interface leading to the organization and the Internet, and con gure for synchronization.
D. 2 Interfaces "" a data interface leading to the organization and the Internet, a second interface for synchronization.
Which process handles connection from SmartConsole R80?
A. fwm
B. cpmd
C. cpm
D. cpd
What is the command to show SecureXL status?
A. fwaccel status
B. fwaccel stats -m
C. fwaccel -s
D. fwaccel stat
The SmartEvent R80 Web application for real-time event monitoring is called:
A. SmartView Monitor
B. SmartEventWeb
C. There is no Web application for SmartEvent
D. SmartView
What will SmartEvent automatically de ne as events?
A. Firewall
B. VPN
C. IPS
D. HTTPS
With MTA (Mail Transfer Agent) enabled the gateways manages SMTP tra c and holds external email with potentially malicious attachments.
What is required in order to enable MTA (Mail Transfer Agent) functionality in the Security Gateway?
A. Threat Cloud Intelligence
B. Threat Prevention Software Blade Package
C. Endpoint Total Protection
D. Tra c on port 25
What is not a purpose of the deployment of Check Point API?
A. Execute an automated script to perform common tasks
B. Create a customized GUI Client for manipulating the objects database
C. Create products that use and enhance the Check Point solution
D. Integrate Check Point products with 3 rd party solution

You need to change the number of rewall Instances used by CoreXL. How can you achieve this goal?
A. edit fwa nity.conf; reboot required
B. cpcon g; reboot required
C. edit fwa nity.conf; reboot not required
D. cpcon g; reboot not required
Fill in the blank: Identity Awareness AD-Query is using the Microsoft _______________ API to learn users from AD.
A. WMI
B. Eventvwr
C. XML
D. Services.msc
Which is not a blade option when con guring SmartEvent?
A. Correlation Unit
B. SmartEvent Unit
C. SmartEvent Server
D. Log Server
The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used
speci cally for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
A. ccp
B. cphaconf
C. cphad
D. cphastart
Which statement is most correct regarding about "CoreXL Dynamic Dispatcher"?
A. The CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
B. The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
C. The CoreXL FW instances assignment mechanism is based on IP Protocol type
D. The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP "˜Protocol' type
What CLI command compiles and installs a Security Policy on the target's Security Gateways?
A. fwm compile
B. fwm load
C. fwm fetch
D. fwm install
Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using
GAiA/R80.10.
Company's Developer Team is having random access issue to newly deployed Application Server in DMZ's Application Server Farm Tier and
blames DMZ
Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an investigation. Pamela decides to use Check
Point's Packet
Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire tra c in context of Firewall and
problematic tra c?
A. Pamela should check SecureXL status on DMZ Security gateway and if it's turned ON. She should turn OFF SecureXL before using fw
monitor to avoid misleading tra c captures.
B. Pamela should check SecureXL status on DMZ Security Gateway and if it's turned OFF. She should turn ON SecureXL before using fw
monitor to avoid misleading tra c captures.
C. Pamela should use tcpdump over fw monitor tool as tcpdump works at OS-level and captures entire tra c.
D. Pamela should use snoop over fw monitor tool as snoop works at NIC driver level and captures entire tra c.
Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.
A. AV issues
B. VPN errors
C. Network issues
D. Authentication issues
In which formats can Threat Emulation forensics reports be viewed in?
A. TXT, XML and CSV
B. PDF and TXT
C. PDF, HTML, and XML
D. PDF and HTML
In ClusterXL Load Sharing Multicast Mode:
A. only the primary member received packets sent to the cluster IP address
B. only the secondary member receives packets sent to the cluster IP address
C. packets sent to the cluster IP address are distributed equally between all members of the cluster
D. every member of the cluster received all of the packets sent to the cluster IP address
What kind of information would you expect to see using the sim a nity command?
A. The VMACs used in a Security Gateway cluster
B. The involved rewall kernel modules in inbound and outbound packet chain
C. Overview over SecureXL templated connections
D. Network interfaces and core distribution used for CoreXL

What cloud-based SandBlast Mobile application is used to register new devices and users?
A. Check Point Protect Application
B. Management Dashboard
C. Behavior Risk Engine
D. Check Point Gateway
What is the responsibility of SOLR process on R80.10 management server?
A. Validating all data before it's written into the database
B. It generates indexes of data written to the database
C. Communication between SmartConsole applications and the Security Management Server
D. Writing all information into the database
In the Firewall chain mode FFF refers to:
A. Stateful Packets
B. No Match
C. All Packets
D. Stateless Packets
Which le gives you a list of all security servers in use, including port number?
A. $FWDIR/conf/conf.conf
B. $FWDIR/conf/servers.conf
C. $FWDIR/conf/fwauthd.conf
D. $FWDIR/conf/serversd.conf
Which of the following commands shows the status of processes?
A. cpwd_admin -l
B. cpwd -l
C. cpwd admin_list
D. cpwd_admin list
What is the valid range for VRID value in VRRP con guration?
A. 1 - 254
B. 1 - 255
C. 0 - 254
D. 0 - 255
What is true of the API server on R80.10?
A. By default the API-server is activated and does not have hardware requirements.
B. By default the API-server is not active and should be activated from the WebUI.
C. By default the API server is active on management and stand-alone servers with 16GB of RAM (or more).
D. By default, the API server is active on management servers with 4 GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or
more).
To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
A. fw ctl set int fwha vmac global param enabled
B. fw ctl get int vmac global param enabled; result of command should return value 1
C. cphaprob-a if
D. fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
A. 20 minutes
B. 15 minutes
C. Admin account cannot be unlocked automatically
D. 30 minutes at least
Which is NOT a SmartEvent component?
A. SmartEvent Server
B. Correlation Unit
C. Log Consolidator
D. Log Server
Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services
for all the following except:
A. Create new dashboards to manage 3 rd party task
B. Create products that use and enhance 3 rd party solutions
C. Execute automated scripts to perform common tasks
D. Create products that use and enhance the Check Point Solution
When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
A. All UDP packets
B. All IPv6 Tra c
C. All packets that match a rule whose source or destination is the Outside Corporate Network
D. CIFS packets
On what port does the CPM process run?
A. TCP 857
B. TCP 18192
C. TCP 900
D. TCP 19009
What is the SandBlast Agent designed to do?
A. Performs OS-level sandboxing for SandBlast Cloud architecture
B. Ensure the Check Point SandBlast services is running on the end user's system
C. If malware enters an end user's system, the SandBlast Agent prevents the malware from spreading with the network
D. Clean up email sent with malicious attachments
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point
Redundancy driven solution?
A. Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.
B. Security Gateway failover as well as Security Management Server failover is a manual procedure.
C. Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.
D. Security Gateway failover as well as Security Management Server failover is an automatic procedure.
SandBlast agent extends 0 day prevention to what part of the network?
A. Web Browsers and user devices
B. DMZ server
C. Cloud
D. Email servers
What command would show the API server status?
A. cpm status
B. api restart
C. api status
D. show api status
In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log,
Detailed Log and Extended Log?
A. Accounting
B. Suppression
C. Accounting/Suppression
D. Accounting/Extended
Which le contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the
interface that responds to ARP request?
A. /opt/CPshrd-R80/conf/local.arp
B. /var/opt/CPshrd-R80/conf/local.arp
C. $CPDIR/conf/local.arp
D. $FWDIR/conf/local.arp
With SecureXL enabled, accelerated packets will pass through the following:
A. Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device
B. Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device
C. Network Interface Card and the Acceleration Device
D. Network Interface Card, OSI Network Layer, and the Acceleration Device
Which command would you use to set the network interfaces' a nity in Manual mode?
A. sim a nity -m
B. sim a nity -l
C. sim a nity -a
D. sim a nity -s
You notice that your rewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?
A. sim erdos ""e 1
B. sim erdos "" m 1
C. sim erdos ""v 1
D. sim erdos ""x 1
In SmartEvent, which of the following is NOT an option to calculate the tra c direction?
A. Incoming
B. Internal
C. External
D. Outgoing
What command lists all interfaces using Multi-Queue?
A. cpmq get
B. show interface all
C. cpmq set
D. show multiqueue all

When deploying SandBlast, how would a Threat Emulation appliance bene t from the integration of ThreatCloud?
A. ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data
B. ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-
premise private cloud environments
C. ThreatCloud is a collaboration platform for Check Point customers to bene t from VMWare ESXi infrastructure which supports the Threat
Emulation Appliances as virtual machines in the EMC Cloud
D. ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign les that all of
the customers can bene t from as it makes emulation of known les unnecessary
During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule de nition,
packets are:
A. Dropped without sending a negative acknowledgment
B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
Vanessa is rewall administrator in her company. Her company is using Check Point rewall on a central and several remote locations which are
managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are
using Check Point UTM-
1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available rmware. She is in process of
migrating to R80.
What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R80?
A. Missing an installed R77.20 Add-on on Security Management Server
B. Unsupported rmware on UTM-1 Edge-W appliance
C. Unsupported version on UTM-1 570 series appliance
D. Unsupported appliances on remote locations
Please choose the path to monitor the compliance status of the Check Point R80.10 based management.
A. Gateways & Servers --> Compliance View
B. Compliance blade not available under R80.10
C. Logs & Monitor --> New Tab --> Open compliance View
D. Security & Policies --> New Tab --> Compliance View

When using CPSTAT, what is the default port used by the AMON server?
A. 18191
B. 18192
C. 18194
D. 18190
What must you do rst if "fwm sic_reset" could not be completed?
A. Cpstop then nd keyword "certi cate" in objects_5_0.C and delete the section
B. Reinitialize SIC on the security gateway then run "fw unloadlocal"
C. Reset SIC from Smart Dashboard
D. Change internal CA via cpcon g
Check Point security components are divided into the following components:
A. GUI Client, Security Gateway, WebUI Interface
B. GUI Client, Security Management, Security Gateway
C. Security Gateway, WebUI Interface, Consolidated Security Logs
D. Security Management, Security Gateway, Consolidate Security Logs
You have a Geo-Protection policy blocking Australia and a number of other countries. Your network now requires a Check Point Firewall to be
installed in Sydney,
Australia.
What must you do to get SIC to work?
A. Remove Geo-Protection, as the IP-to-country database is updated externally, and you have no control of this.
B. Create a rule at the top in the Sydney rewall to allow control tra c from your network
C. Nothing - Check Point control connections function regardless of Geo-Protection policy
D. Create a rule at the top in your Check Point rewall to bypass the Geo-Protection
In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which speci es the type of tra c applicable to the chain module.
For Stateful
Mode con guration, chain modules marked with __________________ will not apply.
A. ffff
B. 1
C. 3
D. 2
In what way are SSL VPN and IPSec VPN different?
A. SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless
B. SSL VPN adds an extra VPN header to the packet, IPSec VPN does not
C. IPSec VPN does not support two factor authentication, SSL VPN does support this
D. IPSec VPN uses an additional virtual adapter; SSL VPN uses the client network adapter only.
In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
A. SND is a feature to accelerate multiple SSL VPN connections
B. SND is an alternative to IPSec Main Mode, using only 3 packets
C. SND is used to distribute packets among Firewall instances
D. SND is a feature of fw monitor to capture accelerated packets
You have a Gateway is running with 2 cores. You plan to add a second gateway to build a cluster and used a device with 4 cores.
How many cores can be used in a Cluster for Firewall-kernel on the new device?
A. 3
B. 2
C. 1
D. 4
Which NAT rules are prioritized rst?
A. Post-Automatic/Manual NAT rules
B. Manual/Pre-Automatic NAT
C. Automatic Hide NAT
D. Automatic Static NAT
What is the most ideal Synchronization Status for Security Management Server High Availability deployment?
A. Lagging
B. Synchronized
C. Never been synchronized
D. Collision
Joey wants to upgrade from R75.40 to R80 version of Security management. He will use Advanced Upgrade with Database Migration method to
achieve this.
What is one of the requirements for his success?
A. Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine
B. Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine
C. Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine
D. Size of the /var/log folder of the target machine must be at least 25GB or more
Which is NOT an example of a Check Point API?
A. Gateway API
B. Management API
C. OPSEC SDK
D. Threat Prevention API

What are the methods of SandBlast Threat Emulation deployment?
A. Cloud, Appliance and Private
B. Cloud, Appliance and Hybrid
C. Cloud, Smart-1 and Hybrid
D. Cloud, OpenServer and Vmware
SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP
address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP
addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
A. ping, traceroute, netstat, and route
B. ping, nslookup, Telnet, and route
C. ping, whois, nslookup, and Telnet
D. ping, traceroute, netstat, and nslookup
What is the minimum amount of RAM needed for a Threat Prevention Appliance?
A. 6 GB
B. 8GB with Gaia in 64-bit mode
C. 4 GB
D. It depends on the number of software blades enabled
You can access the ThreatCloud Repository from:
A. R80.10 SmartConsole and Application Wiki
B. Threat Prevention and Threat Tools
C. Threat Wiki and Check Point Website
D. R80.10 SmartConsole and Threat Prevention

Which path below is available only when CoreXL is enabled?
A. Slow path
B. Firewall path
C. Medium path
D. Accelerated path
Capsule Connect and Capsule Workspace both offer secured connection for remote users who are using their mobile devices. However, there are
differences between the two.
Which of the following statements correctly identify each product's capabilities?
A. Workspace supports ios operating system, Android, and WP8, whereas Connect supports ios operating system and Android only
B. For compliance/host checking, Workspace offers the MDM cooperative enforcement, whereas Connect offers both jailbreak/root detection
and MDM cooperative enforcement.
C. For credential protection, Connect uses One-time Password login support and has no SSO support, whereas Workspace offers both One-
Time Password login support as well as SSO for speci c applications.
D. Workspace can support any application, whereas Connect has a limited number of application types which it will support.
You want to verify if your management server is ready to upgrade to R80.10.

What tool could you use in this process?
A. migrate export
B. upgrade_tools verify
C. pre_upgrade_veri er
D. migrate import
GAiA Software update packages can be imported and installed o ine in situation where:
A. Security Gateway with GAiA does NOT have SFTP access to Internet
B. Security Gateway with GAiA does NOT have access to Internet.
C. Security Gateway with GAiA does NOT have SSH access to Internet.
D. The desired CPUSE package is ONLY available in the Check Point CLOUD.
What statement best describes the Proxy ARP feature for Manual NAT in R80.10?
A. Automatic proxy ARP con guration can be enabled
B. Translate Destination on Client Side should be con gured
C. fw ctl proxy should be con gured
D. local.arp le must always be con gured
The system administrator of a company is trying to nd out why acceleration is not working for the tra c. The tra c is allowed according to the
rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the tra c is not accelerated?
A. There is a virus found. Tra c is still allowed but not accelerated.
B. The connection required a Security server.
C. Acceleration is not enabled.
D. The tra c is originating from the gateway itself.
Which blades and or features are not supported in R80?
A. SmartEvent Maps
B. SmartEvent
C. Identity Awareness
D. SmartConsole Toolbars
Which application should you use to install a contract le?
A. SmartView Monitor
B. WebUI
C. SmartUpdate
D. SmartProvisioning
Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab
environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to ll in System Restore window before she can click OK button and test the backup?
A. Server, SCP, Username, Password, Path, Comment, Member
B. Server, TFTP, Username, Password, Path, Comment, All Members
C. Server, Protocol, Username, Password, Path, Comment, All Members
D. Server, Protocol, username Password, Path, Comment, Member
Fill in the blanks. There are ________ types of software containers: ___________.
A. Three; security management, Security Gateway, and endpoint security
B. Three; Security Gateway, endpoint security, and gateway management
C. Two; security management and endpoint security
D. Two; endpoint security and Security Gateway
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
A. INSPECT Engine
B. Stateful Inspection
C. Packet Filtering
D. Application Layer Firewall
Which tool provides a list of trusted les to the administrator so they can specify to the Threat Prevention blade that these les do not need to be
scanned or analyzed?
A. ThreatWiki
B. Whitelist Files
C. AppWiki
D. IPS Protections
Which Check Point software blade provides Application Security and identity control?
A. Identity Awareness
B. Data Loss Prevention
C. URL Filtering
D. Application Control
What is UserCheck?
A. Messaging tool used to verify a user's credentials.
B. Communication tool used to inform a user about a website or application they are trying to access.
C. Administrator tool used to monitor users on their network.
D. Communication tool used to notify an administrator when a new user is created.
Which of the following is NOT an alert option?
A. SNMP
B. High alert
C. Mail
D. User de ned alert
What does it mean if Deyra sees the gateway status? (Choose the BEST answer.)
A. SmartCenter Server cannot reach this Security Gateway.
B. There is a blade reporting a problem.
C. VPN software blade is reporting a malfunction.
D. Security Gateway's MGNT NIC card is disconnected.

How many layers make up the TCP/IP model?
A. 2
B. 7
C. 6
D. 4
What is the Implicit Clean-up Rule?
A. A setting is de ned in the Global Properties for all policies.
B. A setting that is con gured per Policy Layer.
C. Another name for the Clean-up Rule.
D. Automatically created when the Clean-up Rule is de ned.
Ken wants to obtain a con guration lock from other administrator on R80 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)
A. remove database lock
B. The database feature has one command lock database override.
C. override database lock
D. The database feature has two commands lock database override and unlock database. Both will work.
What will be the effect of running the following command on the Security Management Server?
A. Remove the installed Security Policy.
B. Remove the local ACL lists.
C. No effect.
D. Reset SIC on all gateways.
Which of the following is NOT a VPN routing option available in a star community?
A. To satellites through center only.
B. To center, or through the center to other satellites, to Internet and other VPN targets.
C. To center and to other satellites through center.
D. To center only.
Fill in the blank. Once a certi cate is revoked from the Security Gateway by the Security Management Server, the certi cate information is ________
.
A. Sent to the Internal Certi cate Authority.
B. Sent to the Security Administrator.
C. Stored on the Security Management Server.
D. Stored on the Certi cate Revocation List.
After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?
A. Security Gateway IP-address cannot be changed without re-establishing the trust.
B. The Security Gateway name cannot be changed in command line without re-establishing trust.
C. The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.
D. The Security Management Server IP-address cannot be changed without re-establishing the trust.
What is the order of NAT priorities?
A. Static NAT, IP pool NAT, hide NAT
B. IP pool NAT, static NAT, hide NAT
C. Static NAT, automatic NAT, hide NAT
D. Static NAT, hide NAT, IP pool NAT
Which Check Point feature enables application scanning and the detection?
A. Application Dictionary
B. AppWiki
C. Application Library
D. CPApp
Which SmartConsole tab is used to monitor network and security performance?
A. Manage Setting
B. Security Policies
C. Gateway and Servers
D. Logs and Monitor
Fill in the blank: The R80 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security
events.
A. SmartMonitor
B. SmartView Web Application
C. SmartReporter
D. SmartTracker
O ce mode means that:
A. SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to
the remote client.
B. Users authenticate with an Internet browser and use secure HTTPS connection.
C. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
D. Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a
routable IP address to the remote client.
When attempting to start a VPN tunnel, in the logs the error "no proposal chosen" is seen numerous times. No other VPN-related entries are
present.
Which phase of the VPN negotiations has failed?
A. IKE Phase 1
B. IPSEC Phase 2
C. IPSEC Phase 1
D. IKE Phase 2
Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?
A. Kerberos Ticket Renewed
B. Kerberos Ticket Requested
C. Account Logon
D. Kerberos Ticket Timed Out
Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ________ .
A. User Directory
B. Captive Portal and Transparent Kerberos Authentication
C. Captive Portal
D. UserCheck
The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
A. Next Generation Threat Prevention
B. Next Generation Threat Emulation
C. Next Generation Threat Extraction
D. Next Generation Firewall
Which tool is used to enable ClusterXL?
A. SmartUpdate
B. cpcon g
C. SmartConsole
D. syscon g
How many policy layers do Access Control policy support?
A. 2
B. 4
C. 1
D. 3
One of major features in R80 SmartConsole is concurrent administration.

Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
A. A lock icon shows that a rule or an object is locked and will be available.
B. AdminA and AdminB are editing the same rule at the same time.
C. A lock icon next to a rule informs that any Administrator is working on this particular rule.
D. AdminA, AdminB and AdminC are editing three different rules at the same time.
After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.
A. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 set static-route default nexthop gateway address 192.168.80.1 on save
con g
B. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 add static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on save con g
C. set interface Mgmt ipv4-address 192.168.80.200 255.255.255.0 set static-route 0.0.0.0. 0.0.0.0 gw 192.168.80.1 on save con g
D. set interface Mgmt ipv4-address 192.168.80.200 mask-length 24 add static-route default nexthop gateway address 192.168.80.1 on save
con g
Tom has connected to the R80 Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when
he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?
A. Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.
B. Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible
after a reboot.
C. Tom's changes will be lost since he lost connectivity and he will have to start again.
D. Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.
What key is used to save the current CPView page in a lename format cpview_"cpview process ID".cap"number of captures"?
A. S
B. W
C. C
D. Space bar
On the following picture an administrator con gures Identity Awareness:
After clicking "Next" the above con guration is supported by:
A. Kerberos SSO which will be working for Active Directory integration
B. Based on Active Directory integration which allows the Security Gateway to correlate Active Directory users and machines to IP addresses
in a method that is completely transparent to the user.
C. Obligatory usage of Captive Portal.
D. The ports 443 or 80 what will be used by Browser-Based and con gured Authentication.
Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
A. assign privileges to users.
B. edit the home directory of the user.
C. add users to your Gaia system.
D. assign user rights to their home directory in the Security Management Server.
In the Check Point Security Management Architecture, which component(s) can store logs?
A. SmartConsole
B. Security Management Server and Security Gateway
C. Security Management Server
D. SmartConsole and Security Management Server
View the rule below. What does the lock-symbol in the left column mean? (Choose the BEST answer.)
A. The current administrator has read-only permissions to Threat Prevention Policy.
B. Another user has locked the rule for editing.
C. Con guration lock is present. Click the lock symbol to gain read-write access.
D. The current administrator is logged in as read-only because someone else is editing the policy.
By default, which port does the WebUI listen on?
A. 80
B. 4434
C. 443
D. 8080
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
A. To satellites through center only
B. To center only
C. To center and to other satellites through center
D. To center, or through the center to other satellites, to Internet and other VPN targets
Ko , the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS
port. Which
CLISH commands are required to be able to change this TCP port?
A. set web ssl-port <new port number>
B. set Gaia-portal port <new port number>
C. set Gaia-portal https-port <new port number>
D. set web https-port <new port number>
Joey want to con gure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web
UI for Gaia platform via browser?
A. https://<Device_IP_Adress>
B. http://<Device IP_Address>:443
C. https://<Device_IP_Address>:10000
D. https://<Device_IP_Address>:4434
The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from
logging and Track the hits if the Track option is set to "None"?
A. No, it will work independently. Hit Count will be shown only for rules Track option set as Log or alert.
B. Yes it will work independently as long as "analyze all rules" tick box is enabled on the Security Gateway.
C. No, it will not work independently because hit count requires all rules to be logged.
D. Yes it will work independently because when you enable Hit Count, the SMS collects the data from supported Security Gateways.
Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for speci c gateways, or ______ .
A. On all satellite gateway to satellite gateway tunnels
B. On speci c tunnels for speci c gateways
C. On speci c tunnels in the community
D. On speci c satellite gateway to central gateway tunnels
True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.
A. True, CLI is the prefer method for Licensing
B. False, Central License are handled via Security Management Server
C. False, Central Licenses are installed via Gaia on Security Gateways
D. True, Central License can be installed with CPLIC command on a Security Gateway
In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
A. Pentagon
B. Combined
C. Meshed
D. Star
When a packet arrives at the gateway, the gateway checks it against the rules in the hop Policy Layer, sequentially from top to bottom, and
enforces the rst rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
A. If the Action is Accept, the gateway allows the packet to pass through the gateway.
B. If the Action is Drop, the gateway continues to check rules in the next Policy Layer down.
C. If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
D. If the Action is Drop, the gateway applies the Implicit Clean-up Rule for that Policy Layer.
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
A. UserCheck
B. Active Directory Query
C. Account Unit Query
D. User Directory Query

Why would an administrator see the message below?
A. A new Policy Package created on both the Management and Gateway will be deleted and must be backed up rst before proceeding.
B. A new Policy Package created on the Management is going to be installed to the existing Gateway.
C. A new Policy Package created on the Gateway is going to be installed on the existing Management.
D. A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the
Gateway but can be restored from a periodic backup on the Gateway.
Which command is used to add users to or from existing roles?
A. Add rba user <User Name> roles <List>
B. Add rba user <User Name>
C. Add user <User Name> roles <List>
D. Add user <User Name>

Which option, when applied to a rule, allows tra c to VPN gateways in speci c VPN communities?
A. All Connections (Clear or Encrypted)
B. Accept all encrypted tra c
C. Speci c VPN Communities
D. All Site-to-Site VPN Communities
Fill in the blank: An identity server uses a __________ for user authentication.
A. Shared secret
B. Certi cate
C. One-time password
D. Token
In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are
divided into several categories. Which of the following is NOT an objects category?
A. Limit
B. Resource
C. Custom Application / Site
D. Network Object
Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
A. Application Control
B. Threat Emulation
C. Anti-Virus
D. Advanced Networking Blade

Fill in the blank: __________ information is included in "Full Log" tracking option, but is not included in "Log" tracking option?
A. Destination port
B. Data type
C. File attributes
D. Application
Which options are given on features, when editing a Role on Gaia Platform?
A. Read/Write, Read Only
B. Read/Write, Read Only, None
C. Read/Write, None
D. Read Only, None
Fill in the blanks: Gaia can be con gured using the ______ or _____ .
A. GaiaUI; command line interface
B. WebUI; Gaia Interface
C. Command line interface; WebUI
D. Gaia Interface; GaiaUI
What is the purpose of the CPCA process?
A. Monitoring the status of processes.
B. Sending and receiving logs.
C. Communication between GUI clients and the SmartCenter server.
D. Generating and modifying certi cates.

What is the default shell of Gaia CLI?
A. Monitor
B. CLI.sh
C. Read-only
D. Bash
You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet. However, when guest users attempt to reach
the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you x this?
A. Right click Accept in the rule, select "More", and then check "˜Enable Identity Captive Portal'.
B. On the rewall object, Legacy Authentication screen, check "˜Enable Identity Captive Portal'.
C. In the Captive Portal screen of Global Properties, check "˜Enable Identity Captive Portal'.
D. On the Security Management Server object, check the box "˜Identity Logging'.
Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
A. The license is attached to the wrong Security Gateway.
B. The existing license expires.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.
Which Check Point software blade provides protection from zero-day and undiscovered threats?
A. Firewall
B. Threat Emulation
C. Application Control
D. Threat Extraction
If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to
make them available or other administrators? (Choose the BEST answer.)
A. Publish or discard the session.
B. Revert the session.
C. Save and install the Policy.
D. Delete older versions of database.
Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically
attached to a
Security Gateway.
A. Formal; corporate
B. Local; formal
C. Local; central
D. Central; local
An administrator is creating an IPsec site-to-site VPN between his corporate o ce and branch o ce. Both o ces are protected by Check Point
Security Gateway managed by the same Security Management Server. While con guring the VPN community to specify the pre-shared secret the
administrator found that the check box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
A. IPsec VPN blade should be enabled on both Security Gateway.
B. Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
C. Certi cate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
D. The Security Gateways are pre-R75.40.
Fill in the blank: Authentication rules are de ned for ________ .
A. User groups
B. Users using UserCheck
C. Individual users
D. All users in the database

How is communication between different Check Point components secured in R80? As with all questions, select the BEST answer.
A. By using IPSEC
B. By using SIC
C. By using ICA
D. By using 3DES
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how
hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his
company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
A. IPS AND Application Control
B. IPS, anti-virus and anti-bot
C. IPS, anti-virus and e-mail security
D. SandBlast
You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST
likely reason?
A. Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install
database.
B. Data Awareness is not enabled.
C. Identity Awareness is not enabled.
D. Logs are arriving from Pre-R80 gateways.
What are the two high availability modes?
A. Load Sharing and Legacy
B. Traditional and New
C. Active and Standby
D. New and Legacy

Which feature is NOT provided by all Check Point Mobile Access solutions?
A. Support for IPv6
B. Granular access control
C. Strong user authentication
D. Secure connectivity
Which of the following is NOT a type of Endpoint Identity Agent?
A. Terminal
B. Light
C. Full
D. Custom
What can we infer about the recent changes made to the Rule Base?
A. Rule 7 was created by the "ãdmin' administrator in the current session
B. 8 changes have been made by administrators since the last policy installation
C. The rules 1, 5 and 6 cannot be edited by the "ãdmin' administrator
D. Rule 1 and object webserver are locked by another administrator

In the R80 SmartConsole, on which tab are Permissions and Administrators de ned?
A. Security Policies
B. Logs and Monitor
C. Manage and Settings
D. Gateways and Servers
Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating
the user through an internet browser.
A. Clientless remote access
B. Clientless direct access
C. Client-based remote access
D. Direct access
What needs to be con gured if the NAT property "˜Translate destination or client side' is not enabled in Global Properties?
A. A host route to route to the destination IP.
B. Use the le local.arp to add the ARP entries for NAT to work.
C. Nothing, the Gateway takes care of all details necessary.
D. Enabling "Ãllow bi-directional NAT' for NAT to work correctly.
At what point is the Internal Certi cate Authority (ICA) created?
A. Upon creation of a certi cate.
B. During the primary Security Management Server installation process.
C. When an administrator decides to create one.
D. When an administrator initially logs into SmartConsole.

Which pre-de ned Permission Pro le should be assigned to an administrator that requires full access to audit all con gurations without modifying
them?
A. Auditor
B. Read Only All
C. Super User
D. Full Access
When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
A. RADIUS
B. Remote Access and RADIUS
C. AD Query
D. AD Query and Browser-based Authentication
True or False: In R80, more than one administrator can login to the Security Management Server with write permission at the same time.
A. False, this feature has to be enabled in the Global Properties.
B. True, every administrator works in a session that is independent of the other administrators.
C. True, every administrator works on a different database that is independent of the other administrators.
D. False, only one administrator can login with write permission.
Which utility allows you to con gure the DHCP service on Gaia from the command line?
A. ifcon g
B. dhcp_ofg
C. syscon g
D. cpcon g
There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is con gured to work as HA (High
availability) with default cluster con guration. FW_A is con gured to have higher priority than FW_B. FW_A was active and processing the tra c in
the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's
interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
A. No, since "˜maintain' current active cluster member' option on the cluster object properties is enabled by default.
B. No, since "˜maintain' current active cluster member' option is enabled by default on the Global Properties.
C. Yes, since "˜Switch to higher priority cluster member' option on the cluster object properties is enabled by default.
D. Yes, since "˜Switch to higher priority cluster member' option is enabled by default on the Global Properties.
DLP and Geo Policy are examples of what type of Policy?
A. Standard Policies
B. Shared Policies
C. Inspection Policies
D. Uni ed Policies
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _______ .
A. Firewall policy install
B. Threat Prevention policy install
C. Anti-bot policy install
D. Access Control policy install
How many users can have read/write access in Gaia at one time?
A. In nite
B. One
C. Three
D. Two
Which software blade does NOT accompany the Threat Prevention policy?
A. Anti-virus
B. IPS
C. Threat Emulation
D. Application Control and URL Filtering
Check Point ClusterXL Active/Active deployment is used when:
A. Only when there is Multicast solution set up.
B. There is Load Sharing solution set up.
C. Only when there is Unicast solution set up.
D. There is High Availability solution set up.
To optimize Rule Base e ciency, the most hit rules should be where?
A. Removed from the Rule Base.
B. Towards the middle of the Rule Base.
C. Towards the top of the Rule Base.
D. Towards the bottom of the Rule Base.
What two ordered layers make up the Access Control Policy Layer?
A. URL Filtering and Network
B. Network and Threat Prevention
C. Application Control and URL Filtering
D. Network and Application Control

Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all tra c. However, in the Application Control policy
layer, the default action is ______ all tra c.
A. Accept; redirect
B. Accept; drop
C. Redirect; drop
D. Drop; accept
Which command is used to obtain the con guration lock in Gaia?
A. Lock database override
B. Unlock database override
C. Unlock database lock
D. Lock database user
What is the default shell for the command line interface?
A. Expert
B. Clish
C. Admin
D. Normal
You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task.
What is the rst step to run management API commands on GAIA's shell?
A. mgmt_admin@teabag > id.txt
B. mgmt_login
C. login user admin password teabag
D. mgmt_cli login user "admin" password "teabag" > id.txt

On R80.10 the IPS Blade is managed by:
A. Threat Protection policy
B. Anti-Bot Blade
C. Threat Prevention policy
D. Layers on Firewall policy
When users connect to the Mobile Access portal they are unable to open File Shares.
Which log le would you want to examine?
A. cvpnd.elg
B. httpd.elg
C. vpnd.elg
D. fw.elg
What is the correct order of the default "fw monitor" inspection points?
A. i, I, o, O
B. 1, 2, 3, 4
C. i, o, I, O
D. I, i, O, o
What is the default size of NAT table fwx_alloc?
A. 20000
B. 35000
C. 25000
D. 10000
What are types of Check Point APIs available currently as part of R80.10 code?
A. Security Gateway API Management API, Threat Prevention API and Identity Awareness Web Services API
B. Management API, Threat Prevention API, Identity Awareness Web Services API and OPSEC SDK API
C. OSE API, OPSEC SDK API, Threat Extraction API and Policy Editor API
D. CPMI API, Management API, Threat Prevention API and Identity Awareness Web Services API
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with
Security_report.pdf le was delivered to her e-mail inbox. When she opened the PDF le, she noticed that the le is basically empty and only few
lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
A. SandBlast Threat Emulation
B. SandBlast Agent
C. Check Point Protect
D. SandBlast Threat Extraction
If an administrator wants to add manual NAT for addresses now owned by the Check Point rewall, what else is necessary to be completed for it
to function properly?
A. Nothing - the proxy ARP is automatically handled in the R80 version
B. Add the proxy ARP con gurations in a le called /etc/conf/local.arp
C. Add the proxy ARP con gurations in a le called $FWDIR/conf/local.arp
D. Add the proxy ARP con gurations in a le called $CPDIR/conf/local.arp
How many interfaces can you con gure to use the Multi-Queue feature?
A. 10 interfaces
B. 3 interfaces
C. 4 interfaces
D. 5 interfaces
Which rewall daemon is responsible for the FW CLI commands?
A. fwd
B. fwm
C. cpm
D. cpd
How long may veri cation of one le take for Sandblast Threat Emulation?
A. up to 1 minutes
B. within seconds cleaned le will be provided
C. up to 5 minutes
D. up to 3 minutes
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core
CPU. After installation, is the administrator required to perform any additional tasks?
A. Go to clash-Run cpstop | Run cpstart
B. Go to clash-Run cpcon g | Con gure CoreXL to make use of the additional Cores | Exit cpcon g | Reboot Security Gateway
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Go to clash-Run cpcon g | Con gure CoreXL to make use of the additional Cores | Exit cpcon g | Reboot Security Gateway | Install Security
Policy
GAIA greatly increases operational e ciency by offering an advanced and intuitive software update agent, commonly referred to as the:
A. Check Point Update Service Engine
B. Check Point Software Update Agent
C. Check Point Remote Installation Daemon (CPRID)
D. Check Point Software Update Daemon

Hit Count is a feature to track the number of connections that each rule matches, which one is not bene t of Hit Count.
A. Better understand the behavior of the Access Control Policy
B. Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base
C. Automatically rearrange Access Control Policy based on Hit Count Analysis
D. Analyze a Rule Base - You can delete rules that have no matching connections
You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?
A. set interface eth2 mac-addr 11:11:11:11:11:11; CLISH
B. ifcon g eth1 hw 11:11:11:11:11:11; expert
C. set interface eth2 hw-addr 11:11:11:11:11:11; CLISH
D. ethtool -i eth2 mac 11:11:11:11:11:11; expert
The Check Point history feature in R80 provides the following:
A. View install changes and install speci c version
B. View install changes
C. Policy Installation Date, view install changes and install speci c version
D. Policy Installation Date only

You are the administrator for ABC Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and
notice that rule
No.6 has a pencil icon next to it.
What does this mean?
A. This rule No. 6 has been marked for deletion in your Management session.
B. This rule No. 6 has been marked for deletion in another Management session.
C. This rule No. 6 has been marked for editing in your Management session.
D. This rule No. 6 has been marked for editing in another Management session.
By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?
A. Six times per day
B. Seven times per day
C. Every two hours
D. Every three hours
In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer,
sequentially from top to bottom. Which of the following statements is correct?
A. If the Action of the matching rule is Accept, the gateway will drop the packet.
B. If the Action of the matching rule is Drop, the gateway continues to check rules in the next Policy Layer down.
C. If the Action of the matching rule is Drop, the gateway stops matching against later rules in the Policy Rule Base and drops the packet.
D. If the rule does not matched in the Network policy it will continue to other enabled policies
The back end database for Check Point R80 Management uses:
A. DBMS
B. MongoDB
C. PostgreSQL
D. MySQL
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not
supported in
UserCheck objects?
A. Ask
B. Drop
C. Inform
D. Reject
Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI?
A. mgmt_cli add host name "myHost12 ip" address 10.50.23.90
B. mgmt_cli add host name ip-address 10.50.23.90
C. mgmt_cli add host "emailserver1" address 10.50.23.90
D. mgmt_cli add host name "emailserver1" ip-address 10.50.23.90
Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a speci c blade or feature
that has been enabled in the con guration of the gateway. For Wire mode con guration, chain modules marked with _______ will not apply.
A. ffffffff
B. 00000001
C. 00000002
D. 00000003
SmartConsole R80.x requires the following ports to be open for SmartEvent:
A. 19009, 19090 & 443
B. 19009, 19004 & 18190
C. 18190 & 443
D. 19009, 18190 & 443
In Advanced Permanent Tunnel Con guration, to set the amount of time the tunnel test runs without a response before the peer host is declared
"˜down', you would set the_________?
A. life sign polling interval
B. life sign timeout
C. life_sign_polling_interval
D. life_sign_timeout
Which is the correct order of a log ow processed by SmartEvent components?
A. Firewall > Correlation Unit > Log Server > SmartEvent Server Database > SmartEvent Client
B. Firewall > SmartEvent Server Database > Correlation Unit > Log Server > SmartEvent Client
C. Firewall > Log Server > SmartEvent Server Database > Correlation Unit > SmartEvent Client
D. Firewall > Log Server > Correlation Unit > SmartEvent Server Database > SmartEvent Client
CoreXL is NOT supported when one of the following features is enabled: (Choose three)
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
A. fwm
B. cpd
C. cpwd
D. cpm
What is considered Hybrid Emulation Mode?
A. Manual con guration of le types on emulation location.
B. Load sharing of emulation between an on premise appliance and the cloud.
C. Load sharing between OS behavior and CPU Level emulation.
D. Load Sharing of Threat Emulation Server and Firewall blade
You have pushed policy to GW-3 and now cannot pass tra c through the gateway. As a last resort, to restore tra c ow, what command would
you run to remove the latest policy from GW-3?
A. fw unloadlocal
B. fw unloadpolicy
C. fwm unload local
D. fwm unload policy
If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to
prevent data loss.
Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
A. Rename the hostname of the Standby member to match exactly the hostname of the Active member.
B. Change the Standby Security Management Server to Active.
C. Change the Active Security Management Server to Standby.
D. Manually synchronize the Active and Standby Security Management Servers.

The Log server sends what to the Correlation Unit?
A. Authentication requests
B. CPMI dbsync
C. Logs
D. Event Policy
Which component is NOT required to communicate with the Web Services API?
A. API key
B. session ID token
C. content-type
D. Request payload
Which of the following is NOT supported by CPUSE?
A. Automatic download of full installation and upgrade packages
B. Automatic download of hot xes
C. Installation of private hot xes
D. O ine installations
What are the available options for downloading Check Point hot xes in Gaia WebUI (CPUSE)?
A. Manually, Scheduled, Automatic
B. Manually, Automatic, Disabled
C. Manually, Scheduled, Disabled
D. Manually, Scheduled, Enabled

Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GaiA
R80.X. The
Network Security Developer Team is having an issue testing the API with a newly deployed R80.X Security Management Server. Aaron wants to
con rm API services are working properly. What should he do rst?
A. Aaron should check API Server status with "fwm api status" from Expert mode. If services are stopped, he should start them with "fwm api
start".
B. Aaron should check API Server status with "cpapi status" from Expert mode. If services are stopped, he should start them with "cpapi
start".
C. Aaron should check API Server status with "api status" from Expert mode. If services are stopped, he should start them with "api start".
D. Aaron should check API Server status with "cpm api status" from Expert mode. If services are stopped, he should start them with "cpi api
start".
What is the command to check the status of Check Point processes?
A. top
B. cptop
C. cphaprob list
D. cpws_admin list
After verifying that API Server is not running, how can you start the API Server?
A. Run command "set api start" in CLISH mode
B. Run command "mgmt_cli set api start" in Expert mode
C. Run command "mgmt api start" in CLISH mode
D. Run command "api start" in Expert mode
If SecureXL is disabled which path is used to process tra c?
A. Passive path
B. Medium path
C. Firewall path
D. Accelerated path
How would you enable VMAC Mode in ClusterXL?
A. Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC
B. fw ctl set int vmac_mode 1
C. cphaconf vmac_mode set 1
D. Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC
Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can
you verify the
CPUSE agent build?
A. In WebUI Status and Actions page or by running the following command in CLISH: show installer status build
B. In WebUI Status and Actions page or by running the following command in CLISH: show installer status version
C. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer status build
D. In the Management Server or Gateway object in SmartConsole or by running the following command in CLISH: show installer agent
When con guring SmartEvent Initial settings, you must specify a basic topology to SmartEvent to help it calculate tra c direction for events. What
is this setting called, and what are you de ning?
A. Network; and de ning your Class A space
B. Topology; and you are de ning the Internal network
C. Internal addresses; you are de ning the gateways
D. Internal network(s); you are de ning your networks
Steve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances. Steve's manager,
Diana, asks him to provide rewall connection table details from one of the rewalls for which he is responsible. Which of these commands may
impact performance brie y and should not be used during heavy tra c times of day?
A. fw tab ""t connections ""s
B. fw tab ""t connections
C. fw tab ""t connections ""c
D. fw tab ""t connections ""f

SandBlast offers busineses exibility in implementation based on their individual business needs. What is an option for deployment of Check
Point SandBlast
Zero-Day Protection?
A. Smart Cloud Service
B. Any Cloud Service
C. Threat Agent Service
D. Public Cloud Service
In R80, where do you manage your Mobile Access Policy?
A. Access Control Policy
B. Through the Mobile Console
C. Shared Gateways Policy
D. From the Dedicated Mobility Tab
John detected high load on sync interface. Which is most recommended solution?
A. For FTP connections "" do not sync
B. Add a second interface to handle sync tra c
C. For short connections like http service "" do not sync
D. For short connections like icmp service "" delay sync for 2 seconds
Which of the following is NOT an attribute of packet acceleration?
A. Source address
B. Protocol
C. Destination port
D. VLAN tag
Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing
single core CPU.
After installation, is the administrator required to perform any additional tasks?
A. Run cprestart from clish
B. After upgrading the hardware, increase the number of kernel instances using cpcon g
C. Administrator does not need to perform any task. Check Point will make use of the newly installed CPU and Cores
D. Hyperthreading must be enabled in the bios to use CoreXL
Packet acceleration (SecureXL) identi es connections by several attributes. Which of the attributes is NOT used for identifying connection?
A. Source Address
B. Destination Address
C. TCP Acknowledgement Number
D. Source Port
There are 4 ways to use the Management API for creating host object with R80 Management API. Which one is NOT correct?
A. Using Web Services
B. Using cpcon g
C. Using CLISH
D. Using SmartConsole GUI console
Topic 2 - More Questions.
Question #1 Topic 2
What is the valid range for VRID value in VRRP con guration?
A. 1-254
B. 1-255
C. 0-254
D. 0-255
Question #2 Topic 2
Which of the following is NOT an option to calculate the tra c direction?
A. Incoming
B. Internal
C. External
D. Outgoing

156-315.80 Exam - Questions From Exam Topics Different Format

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

156-315.80 Exam - Questions From Exam Topics Different Format

Uploaded by

Copyright:

Available Formats

- Expert Veri ed, Online, Free.

 Custom View Settings

Topic 1 - Single Topic

Identify the API that is not supported by Check Point currently.

A. R80 Management API-

B. Identity Awareness Web Services API

C. Open REST API

C. Personal User Storage

D. Behavior Risk Engine

A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

D. API_cli Tool, Gaia CLI, Web Services

A. Anti-Bot is the only countermeasure against unknown malware

C. Anti-Bot is the only signature-based method of malware protection.

Which TCP-port does CPM process listen to?

A. Typing API commands using the "mgmt_cli" command

C. Typing API commands using Gaia's secure shell(clish)19+

D. Sending API commands over an http connection using web-services

A. Application and Client Service

B. Network and Application

C. Network and Layers

D. Virtual Adapter and Mobile App

Which command would disable a Cluster Member permanently?

D. set clusterXL down-p

Question #10 Topic 1

A. ELA and CPD

B. FWD and LEA

C. FWD and CPLOG

D. ELA and CPLOG

Question #11 Topic 1

Which of these statements describes the Check Point ThreatCloud?

A. Blocks or limits usage of web applications

B. Prevents or controls access to web sites based on category

C. Prevents Cloud vulnerability exploits

D. A worldwide collaborative security network

Question #13 Topic 1

Question #14 Topic 1

Which command will allow you to see the interface status?

B. cphaprob ""I interface

Question #15 Topic 1

A. 5 Network; Host; Objects; Services; API

B. 3 Incoming; Outgoing; Network

D. 4 Incoming; Outgoing; Internal; Other

Question #17 Topic 1

A. Using Web Services

B. Using Mgmt_cli tool

D. Using SmartConsole GUI console

E. Events are collected with SmartWork ow from Trouble Ticket systems

Question #18 Topic 1

CoreXL is supported when one of the following features is enabled:

Question #19 Topic 1

A. fw ctl multik dynamic_dispatching on

B. fw ctl multik dynamic_dispatching set_mode 9

C. fw ctl multik set_mode 9

D. fw ctl multik pq enable

A. TCP port 19009

B. TCP Port 18190

C. TCP Port 18191

D. TCP Port 18209

Question #21 Topic 1

Which command is used to set the CCP protocol to Multicast?

A. cphaprob set_ccp multicast