Check Point Security Exam A

Questions and Answers

Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as ______

User Directory

Fill in the blanks: Gaia can be configured using ______ and ______

Command line interface; WebUI

True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

True (A)

Fill in the blank: The position of an Implied rule is manipulated in the ______ window.

Global Properties

Flashcards

What is the default tracking option of a rule?

The default tracking option for a rule is "Log".

What's the default shell of the Gaia CLI?

The default shell in Gaia CLI is "cli.sh".

What are the deployment options available for a Security Gateway?

The three deployment options available for a security gateway are:

1. Standalone - Security Management Server and Security Gateway installed on same appliance
2. Distributed - Security Management Server and Security Gateway installed on separate appliances
3. Cluster - Multiple Security Gateways working as a single unit.

Can section titles be used to define permission levels?

An administrator can use section titles to help organize and navigate a large rule base. Section titles cannot be used to define specific permission levels or access restrictions.

What components can the Check Point Upgrade Service Engine (CPUSE) directly receive updates for?

The Check Point Upgrade Service Engine (CPUSE) within Gaia can directly receive updates for components such as Security Gateway, SmartConsole, and SmartView Monitor.

When integrating LDAP with Check Point Security Management, what's it called?

When using Check Point Security Management in conjunction with LDAP, it is referred to as "LDAP User Directory integration".

What are the features and benefits of Check Point Application Control?

Application Control is a software blade that allows administrators to manage network access based on applications. It provides benefits such as control over specific applications, improved security, and better network performance. However, it does NOT directly control user identities or require a dedicated identity server; these are functions of Identity Awareness.

Can multiple administrators edit the same Security Policy in SmartConsole?

SmartConsole, the central management tool for Check Point security, allows for concurrent administration. This means multiple administrators can work on the same Security Policy at the same time, but ONLY ONE administrator can have write permission on an object at any given time. The other administrators can only view the policy and changes made by the administrator with write permission.

Where are the Security Management Server and Security Gateway in a Distributed Deployment?

In a Distributed deployment, the Security Management Server and the Security Gateway software are installed on separate platforms.

What are the default user accounts in Gaia OS?

Gaia OS includes two default user accounts that cannot be deleted:

1. admin (full read/write access)
2. root (full read/write access and extra functionality)

What is the purpose of "Publishing" in SmartConsole?

The purpose of "Publishing" in SmartConsole is to distribute the Security Policy to the Security Gateways, making the changes effective.

What is a benefit of Stateful Inspection over Packet Filtering?

When comparing Stateful Inspection and Packet Filtering, a major benefit of Stateful Inspection is its ability to analyze TCP/IP state information for each connection. This provides enhanced security by allowing only connections that are known to be valid, making it more secure than Packet Filtering, which only analyzes individual packets.

What is a "Hit Count" feature?

A "hit count" is a counter that tracks the number of times a specific rule in a security policy has been matched. It is NOT a tracking option; it's a feature that's either enabled or disabled.

Which Check Point license is tied to the Security Management Server's IP address?

The Check Point license that ties the package to the IP address of the Security Management Server is called a "Central License".

Which software blade monitors Check Point devices and provides information on network and security performance?

The Check Point software blade that provides a comprehensive view of network and security performance is called "SmartView Monitor".

Where is the position of an Implied rule managed?

The position of an Implied rule is manipulated in the Rule Base window. It is a rule that automatically gets added to a rule base without the need for a manual configuration.

How do you use the Online Activation method for Check Point appliances?

The Online Activation method is used to activate licenses for Check Point manufactured appliances. Administrators initiate the process with a unique activation key and an online connection to Check Point.

How do logs change when "Accounting" tracking is enabled?

Logs are the recorded events that occur on Check Point devices. When "Accounting" tracking is enabled on a traffic rule, logs will include both the start and end times of each connection, adding more detailed information about the connection duration.

When do you need to define Proxy ARP?

Proxy ARP is a technique used to intercept ARP requests and respond on behalf of another device. A network administrator typically needs to manually define Proxy ARP when a network device is behind a Firewall or NAT and there is a need for communication with devices on the other side of the Firewall.

How can a Super User administrator see changes made by other administrators?

A user account with read/write access to a Security Management Server can view all the objects and configurations, including the changes made by other administrators. However, they can't see changes made by the current administrator before publishing the session. Only a Super User administrator with full access rights can view these unpublished changes.

What are the two forms of Check Point licenses?

Check Point licenses come in two forms: "Package" and "Blade".

What's the role of the Security Management Server in Check Point Security Management architecture?

The "Security Management Server" is responsible for managing and distributing the Security Policy to the Security Gateways.

What is the purpose of UserCheck?

UserCheck provides a mechanism allowing the administrator to control user access to network resources. It does NOT directly control user access to the operating system or network file systems; these are controlled by different security mechanisms.

What is the purpose of the Captive Portal feature?

Captive Portal is a feature used to control access to a network or website. It typically forces a user to authenticate by clicking an accept button on a web page before gaining access. This is a primary way user access is controlled, but it's not the only way: network access can also be controlled by the operating system and the file system.

What process enables Secure Internal Communication (SIC) between a Gateway and Security Management Server?

When a Security Gateway interacts with the Security Management Server through Secure Internal Communication (SIC), it uses the "SIC process". This process is responsible for establishing a secure connection between the two devices, enabling them to communicate securely.

Why might data type information not be visible even with "Extended Log" enabled?

Logs are recorded events on Check Point devices. Enabling "Extended Log" as a tracking option provides more detailed information, including data type, but it doesn't guarantee data type information will be visible, depending on the specific traffic and the configured settings.

What's the main goal of Application Control?

The main goal of Application Control is to control and monitor the use of applications on the network, improving visibility and reducing traffic caused by unwanted or malicious applications, but it cannot monitor all applications that are used on a network. There might be applications that are not recognized or not properly classified by the database library.

What types of layers can you use within a rule base?

The two basic layers that can be utilized when working with rule base layers are: Access Control and Threat Prevention. These layers provide distinct functional domains for policy rules.

How do you switch from the default Gaia CLI shell to the advanced shell?

The Gaia CLI (Command Line Interface) provides a powerful way to manage Check Point devices. The advanced shell, accessible by typing "bash", allows the administrator to run various Linux commands, offering more flexibility than the default shell "cli.sh".

Which Check Point license is tied to a specific Security Gateway's IP address?

The Check Point license tied to a specific Security Gateway's IP address, which cannot be transferred to another gateway, is called a "Gateway License".

What is the WebUI used for in Gaia?

The "WebUI" (Web User Interface) is a web-based interface that allows administrators to manage Check Point devices. It's a graphical tool for accessing and controlling Check Point features, making it easier for administrators with less experience to navigate.

What is Identity Sharing?

Identity Sharing allows multiple Check Point devices to share user information. It enables a central identity database to be used across multiple Security Gateways, providing a more consistent and manageable identity system.

What is the purpose of a Stealth Rule?

Stealth rules are used to hide the presence of a Check Point Security Gateway. These rules allow network traffic to pass through the Security Gateway without being logged, making the presence of the Security Gateway less visible to malicious attackers.

What are the advantages of a "shared policy"?

A shared policy is a policy that is shared between multiple policy packages. This allows administrators to reuse common configuration settings across different policy packages.

Which software blade provides protection against malicious bots?

The Check Point software blade that monitors network traffic and detects suspicious activity that is associated with known threats in the ThreatCloud is called "Anti-Bot".

What are "Core Protections"?

A Core Protection is a set of predefined rules that provide protection against various common threats, including attempts to scan for open ports on devices. They are part of the "Threat Prevention" policy.

Where can Check Point software licenses be installed?

Check Point software licenses can be installed in the Security Management Server or on the Security Gateway. Administrators can choose between these options based on their specific needs and the network architecture.

What is the Transport layer of the TCP/IP model responsible for?

The TCP/IP model is a set of networking standards designed to facilitate communication between devices. This model has four main layers: Application, Transport, Internet, and Network Access. The Transport layer is responsible for how data is reliably transmitted over the network, ensuring data integrity and handling flow control.

What is a Security Policy?

The "Security Policy" is a set of rules that define how the Check Point device should handle network traffic. The policy is created in SmartConsole, stored in the Security Management Server, and then distributed to the Security Gateways to enforce the rules.

What is a "Session" in Check Point?

A "Session" in Check Point security refers to communication between two devices. It includes all the traffic exchanged between them during a specific connection. Each session can be tracked and analyzed by Check Point security devices.

What is the purpose of a Stealth Rule?

Stealth rules are a type of Security Policy rule. They allow traffic to pass through the Security Gateway without being logged, rendering it invisible to attackers. This is a common practice for networks that want to reduce their visibility to attackers, but it's important to understand that it can also make it harder to monitor and troubleshoot traffic.

What can a Security Management Server administrator do in Check Point?

Users with administrator access to a Security Management Server can perform various tasks, including monitoring network traffic, configuring security policies, managing logs, and troubleshooting network issues. They can view and modify settings and have the ability to set up and enforce rules and restrictions.

What is a Security Zone in Check Point?

A security zone is a logical grouping of one or more network interfaces. It's used to define the security posture of network segments, allowing administrators to implement different security policies for different network areas.

What is the purpose of a SAM rule?

The purpose of a "SAM rule" is to quickly block suspicious connections that are not covered by the Security Policy. SAM rules are typically used for immediate protection when there is a need to react to a potential threat in real time.

What are the types of Software Containers?

A "Software Container" is a component of a Check Point license, providing the core functionalities needed for the specific software blade. There are two types of Software Containers: "Core" and "Subscription".

What is a Standalone deployment?

In a "Standalone" deployment, the Security Management Server and the Security Gateway are installed on the same appliance. This is the simplest deployment option, suitable for smaller networks where the hardware resources are sufficient for both components.

What's the main difference between Static and Hide NAT?

The main difference between Static NAT and Hide NAT is the level of flexibility, with Hide NAT providing more options for customization and dynamic address mappings. Static NAT involves a fixed mapping between internal and external addresses, while Hide NAT allows for more dynamic and variable address mappings, providing greater control and flexibility for scenarios where fixed mappings are not suitable.

What's the purpose of the Communication Initialization (SIC) process?

The process of establishing trust between a Security Management Server and a Security Gateway is critical for communication and management, enabled by Secure Internal Communication (SIC). This communication is secured using certificates and encrypted communications.

What is the purpose of the SmartUpdate tool?

The "SmartUpdate" tool in Check Point is used to update Check Point products, including Gaia OS, Security Blades, and other software components. It automates the update process, making it easier to maintain security and ensure that the Check Point devices have the latest security protections.

Where are licenses and packages stored in SmartUpdate?

The "License and Contracts" repository in SmartUpdate is where licenses and packages are stored. This repository centralizes license management, making it easier to track, manage, and deploy licenses.

Study Notes

Exam Questions and Answers

• Question 1 (Exam A): When enabling tracking on a rule, what is the default option?

  • Detailed Log is not the default option.
  • The default option is Log.

• Question 2 (Exam A): Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

  • Licensed Check Point products for the Gala operating system and the Gaia operating system itself.

• Question 3 (Exam A): Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?

  • Contract file (.xml)

• Question 4 (Exam A): Fill in the blank: When LDAP is integrated with Check Point Security Management, it is then referred to as

  • User Administration

• Question 5 (Exam A): Can you use the same layer in multiple policies or rulebases?

  • Yes, a layer can be shared with multiple policies and rules.

• Question 6 (Exam A): Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward. What will happen to the changes already made?

  • Tom's changes will have been stored on the Management when he reconnects and he will not lose any of his work.

• Question 7 (Exam A): Security Gateway software blades must be attached to what?

  • Security Gateway container

• Question 8 (Exam A): Which tool allows you to monitor the top bandwidth on smart console?

  • SmartView Monitor

• Question 9 (Exam A): A security zone is a group of one or more network interfaces from different centrally managed gateways. What is considered part of the zone?

  • The local directly connected subnet defined by the subnet IP and subnet mask.
  • Security Zones are not supported by Check Point firewalls. The firewall rule can be configured to include one or more subnets in a zone. The zone is based on the network topology and determined according to where the interface leads to.

• Question 10 (Exam A): When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

  • Only one rule is required for each connection.

• Question 11 (Exam A): Which type of Endpoint Identity Agent includes packet tagging and computer authentication?

  • Full

• Question 12 (Exam A): Fill in the blanks: Gaia can be configured using

  • Gaia Interface; GaiaUI

• Question 13 (Exam A): An administrator can use section titles to more easily navigate between large rule bases. Which of these statements is FALSE?

  • A Sectional Title can be used to disable multiple rules by disabling only the sectional title.

• Question 14 (Exam A): In which scenario is it a valid option to transfer a license from one hardware device to another?

  • From a 4400 Appliance to a 2200 Appliance.

• Question 15 (Exam A): What are the three types of UserCheck messages?

  • inform, ask, and block

• Question 16 (Exam A): A stateful inspection firewall works by registering connection data and compiling this information. Where is the information stored?

  • In the State tables.

• Question 17 (Exam A): What is the RFC number that acts as a best practice guide for NAT?

  • RFC 1918

• Question 18 (Exam A): URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?

  • UserCheck

• Question 19 (Exam A): One of major features in SmartConsole is concurrent administration. Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

  • AdminC sees a lock icon which indicates that the rule is locked for editing by another administrator.

• Question 20 (Exam A): What is a role of Publishing?

  • The Publish operation sends the modifications made via SmartConsole in the private session and makes them public.

• Question 21 (Exam A): Name one limitation of using Security Zones in the network?

  • Security zones will not work in Manual NAT rules.

• Question 22 (Exam A): When configuring LDAP with User Directory integration, changes applied to a User Directory template are:

  • Reflected immediately for all users who are using that template.

• Question 23 (Exam A): True or False: More than one administrator can log into the Security Management Server with SmartConsole with write permission at the same time.

  • True, every administrator works on a different database that is independent of the other administrators.

• Question 24 (Exam A): What are the three deployment options available for a security gateway?

  • Standalone, Distributed, and Bridge Mode

• Question 25 (Exam A): Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?

  • NAT

• Question 26 (Exam A): Choose what BEST describes users on Gaia Platform.

  • There is one default user that cannot be deleted.

• Question 27 (Exam A): Which type of Check Point license ties the package license to the IP address of the Security Management Server?

  • Central

• Question 28 (Exam A): Which statement is true regarding using section titles in rule bases?

  • Section titles are not sent to the gateway.

• Question 29 (Exam A): Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

  • Monitoring

• Question 30 (Exam A): Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?

  • Local

• Question 31 (Exam A): What is the purpose of Captive Portal?

  • It manages user permission in SmartConsole.

• Question 32 (Exam A): Which statement is NOT a benefit of Application Control?

  • Scans the content of files being downloaded by users in order to make policy decisions.

• Question 33 (Exam A): Identity Awareness allows easy configuration for network access and auditing based on what three items?

  • Client machine IP address, Network location, and the identity of a user and the identity of a machine.

• Question 34 (Exam A): How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

  • Involved traffic logs will be forwarded to a log server.

• Question 35 (Exam A): Fill in the blank: The position of an Implied rule is manipulated in the

  • Global Properties

• Question 36 (Exam A): You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

  • Content Awareness is not enabled.

• Question 37 (Exam A): How many layers make up the TCP/IP model?

  • 4

• Question 38 (Exam A): Fill in the blank: The feature allows administrators to share a policy with other policy packages.

  • Shared policies

• Question 39 (Exam A): Access roles allow the firewall administrator to configure network access according to:

  • All of the above (remote access clients, a combination of computer or computer groups and networks, users and user groups).

• Question 40 (Exam A): In SmartEvent, a correlation unit (CU) is used to do what?

  • Collect security gateway logs, index the logs and then compress the logs.

• Question 41 (Exam A): The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?

  • When it comes to performance, stateful inspection was significantly faster than proxies.

• Question 42 (Exam A): What are the Threat Prevention software components available on the Check Point Security Gateway?

  • IPS, Anti-Bot, Anti-Virus, Threat Emulation, and Threat Extraction

• Question 43 (Exam A): Check Point licenses come in two forms. What are those forms?

  • Central and Local.

• Question 44 (Exam A): Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?

  • Manual NAT can offer more flexibility than Automatic NAT.

• Question 45 (Exam A): What is the default tracking option of a rule?

  • Log

• Question 46 (Exam A): A network administrator has informed you that they have identified a malicious host on the network and instructed you to block it. Corporate policy dictates that firewall policy changes cannot be made at this time. What tool can you use to block this traffic?

  • Anti-Malware protection

• Question 47 (Exam A): The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?

  • Execute the command "expert" in the cli.sh shell

• Question 48 (Exam A): Where can an administrator edit a list of trusted SmartConsole clients?

  • In cpconfig on a Security Management Server, in the WebUI logged into a Security Management Server

• Question 49 (Exam A): In which deployment is the security management server and Security Gateway installed on the same appliance?

  • Standalone

• Question 50 (Exam A): When dealing with rule base layers, what two layer types can be utilized?

  • Ordered Layers and Inline Layers

• Question 51 (Exam A): How can the changes made by an administrator before publishing the session be seen by a Super User administrator?

  • From the SmartView Tracker audit log.

• Question 52 (Exam A): What are the three main components of Check Point security management architecture?

  • SmartConsole, Security Management, and Security Gateway.

• Question 53 (Exam A): What is the main objective when using Application Control?

  • To filter out specific content.

• Question 54 (Exam A): What command from the CLI would be used to view current licensing?

  • show license -s

• Question 55 (Exam A): In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

  • Install policy

• Question 56 (Exam A): The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?

  • At least one Software Blade has a minor issue, but the gateway works.

• Question 57 (Exam A): Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

  • Security questions

• Question 58 (Exam A): Which of the following is NOT a component of a Distinguished Name?

  • User container

• Question 59 (Exam A): In SmartConsole, on which tab are Permissions and Administrators defined?

  • Manage and Settings

• Question 60 (Exam A): Which of the following is used to initially create trust between a Gateway and Security Management Server?

  • One-time Password

• Question 61 (Exam A): How many users can have read/write access in Gaia Operating System at one time?

  • Infinite

• Question 62 (Exam A): What is the default shell of Gaia CLI?

  • clish

• Question 63 (Exam A): The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?

  • The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.

• Question 64 (Exam A): In which scenario will an administrator need to manually define Proxy ARP?

  • When they configure a "Manual Hide NAT" which translates to an IP address that does not belong to one of the firewall's interfaces.

• Question 65 (Exam A): Which Threat Prevention profile uses sanitization technology?

  • Perimeter

• Question 66 (Exam A): Which two Identity Awareness daemons are used to support identity sharing?

  • Policy Decision Point (PDP) and Policy Enforcement Point (PEP).

• Question 67 (Exam A): Which product correlates logs and detects security threats?

  • SmartEvent

• Question 68 (Exam A): To provide updated malicious data signatures to all Threat Prevention blades, the Threat Prevention gateway does what with the data?

  • Share the data to the ThreatCloud for use by other Threat Prevention blades.

• Question 69 (Exam A): Which policy type is used to enforce bandwidth and traffic control rules?

  • QoS

• Question 70 (Exam A): When a SAM rule is required on Security Gateway to quickly block suspicious connections, what actions does the administrator need to take?

  • SmartView Monitor should be opened and then the SAM rule/s can be applied immediately. Installing policy is not required.

• Question 71 (Exam A): Fill in the blank: An Endpoint identity agent uses a _____ for user authentication.

  • Username/password or Kerberos Ticket

• Question 72 (Exam A): Fill in the blanks: The _____ collects logs and sends them to the _____.

  • Security management server; Security Gateway

• Question 73 (Exam A): Which of the following is NOT an advantage to using multiple LDAP servers?

  • Information on a user is hidden, yet distributed across several servers.

• Question 74 (Exam A): Fill in the blank: In NAT, only the _____ is translated.

  • Destination (or Source)

• Question 75 (Exam A): When Admin logs into SmartConsole and sees a lock icon on a gateway object, what does that indicate?

  • Another Admin has made an edit to that object and has yet to publish the change.

• Question 76 (Exam A): DLP and Geo Policy are examples of what type of Policy?

  • Shared Policies

• Question 77 (Exam A): Fill in the blanks: In NAT, only the _____ is translated.

  • Source)

• Question 78 (Exam A): Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?

  • IPS blade

• Question 79 (Exam A): In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs, it is recommended to install the Log Server on a dedicated computer. Which statement is FALSE?

  • The dedicated Log Server must be the same version as the Security Management Server.

• Question 80 (Exam A): In order to modify Security Policies the administrator can use which of the following tools?

  • SmartConsole and WebUI on the Security Management Server.

• Question 81 (Exam A): A SAM rule is implemented to provide what function or benefit?

  • Handle traffic as defined in the policy.

• Question 82 (Exam A): Is it possible to have more than one administrator connected to a Security Management Server at once?

  • Yes, but objects edited by one administrator will be locked for editing by others until the session is published.

• Question 83 (Exam A): Which default Gaia user has full read/write access?

  • admin

• Question 84 (Exam A): Which is a main component of the Check Point security management architecture?

  • SmartConsole

• Question 85 (Exam A): When using Automatic Hide NAT, what is enabled by default?

  • Source Port Address Translation (PAT)

• Question 86 (Exam A): Which of the following cannot be configured in an Access Role Object?

  • Time

• Question 87 (Exam A): What are the two types of NAT supported by the Security Gateway?

  • Hide and Static

• Question 88 (Exam A): In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

  • Monitoring Blade

• Question 89 (Exam A): What is UserCheck?

  • Communication tool used to inform a user about a website or application they are trying to access.

• Question 90 (Exam A): What is the default shell for the command line interface?

  • clish

• Question 91 (Exam A): When configuring Anti-Spoofing, which tracking options can an Administrator select?

  • Log, Alert, None

• Question 92( Exam A): Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers?

  • IPS

• Question 93 (Exam A): Which log queries show only dropped packets with a specific source and destination address?

  • src:192.168.1.1 AND dst:172.26.1.1 AND action:Drop

• Question 94 (Exam A): Which of the following licenses are considered temporary?

  • Plug-and-play (Trial) and Evaluation

• Question 95 (Exam A): Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n) _____ Server.

  • LDAP

• Question 96 (Exam A): In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

  • Different computers or appliances.

• Question 97 (Exam A): Core Protections are installed as part of what Policy?

  • Access Control Policy.

• Question 98 (Exam A): A Check Point Software license consists of two components, the Software Blade and the Software Container. There are _____ types of Software Containers:

  • Three

• Question 99 (Exam A): In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?

  • Inspect, Bypass, and Categorize

• Question 100 (Exam A): Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using ___

  • Captive Portal and Transparent Kerberos Authentication.

• Question 101 (Exam A): With URL Filtering, what portion of the traffic is sent to the Check Point Online Web Service for analysis?

  • The host portion of the URL.

• Question 102 (Exam A): Choose what BEST describes the reason why querying logs now are very fast.

  • Indexing Engine indexes logs for faster search results.

• Question 103 (Exam A): Rugged appliances use which operating system? (name of OS)

  • Red Hat Enterprise Linux version 5

• Question 104 (Exam A): What is the main difference between Static NAT and Hide NAT?

  • Static NAT allows incoming and outgoing connections; Hide NAT only allows outgoing connections.

• Question 105 (Exam A): Which application is used for the central management and deployment of licenses and packages?

  • SmartUpdate

• Question 106 (Exam A): Which Check Point software blade prevents malicious files?

  • Anti-Virus

• Question 107 (Exam A): Why is a Central License the preferred and recommended method of licensing?

  • Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.

• Question 108 (Exam A): Which of the following technologies extracts detailed information from packets and stores that information in state tables?

  • INSPECT Engine

• Question 109 (Exam A): What default layers are included when creating a new policy layer?

  • Application Control, URL Filtering, and Threat Prevention

• Question 110 (Exam A): When changes are made to a Rule base, it is important to _____ to enforce changes.

  • Publish database

• Question 111 (Exam A): After a new Log Server is added to the environment and the SIC trust has been established, what will the gateways do?

  • Logs are not automatically forwarded to a new Log Server. SmartConsole must be used manually to configure each gateway to send its logs to the server.

• Question 112 (Exam A): Secure Internal Communication (SIC) is handled by what process?

  • CPD

• Question 113 (Exam A): To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to ‘High' Predefined Sensitivity. Which Policy should the administrator install?

  • The Threat Prevention Policy

• Question 114 (Exam A): Name the utility that is used to block activities that appear to be suspicious.

  • Suspicious Activity Monitoring (SAM)

• Question 115 (Exam A): When should you generate new licenses?

  • When the existing license expires, the license is upgraded, or the IP address associated with the license changes.

• Question 116 (Exam A): When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?

  • The host part of the URL is sent to the Check Point Online Web Service.

• Question 117 (Exam A): Which deployment adds a Security Gateway to an existing environment without changing IP routing?

  • Bridge mode

• Question 118 (Exam A): Name the pre-defined Roles included in Gaia OS.

  • AdminRole, and MonitorRole

• Question 119 (Exam A): Gaia has two default user accounts that cannot be deleted. What are those user accounts?

  • Admin and Monitor

• Question 120 (Exam A): Name the authentication method that requires token authenticator.

  • SecurID

• Question 121 (Exam A): Which default Gaia user has full read/write access?

  • Admin

• Question 122 (Exam A): Log query results can be exported to what file format?

  • Comma Separated Value (csv)

• Question 123 (Exam A): There are four policy types available for each policy package. What are those policy types?

  • Access Control, Threat Prevention, Mobile Access, and HTTPS Inspection.

• Question 124 (Exam A): Which tool allows for the automatic updating of the Gaia OS?

  • CPASE - Check Point Automatic Service Engine

• Question 125 (Exam A): The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways.

  • After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.

• Question 126 (Exam A): Which of the following allows viewing of billions of consolidated security logs?

  • SmartView Web Application

• Question 127 (Exam A): What kind of NAT enables Source Port Address Translation by default?

  • Automatic Hide NAT.

• Question 128 (Exam A): Application Control/URL filtering database library is known as:

  • AppWiki

• Question 129 (Exam A): What are the types of Software Containers?

  • Security Management, Security Gateway, and Endpoint Security.

• Question 130 (Exam A): Stateful Inspection compiles and registers connections where?

  • State Table

• Question 131 (Exam A): Security Zones do no work with what type of defined rule?

  • Manual NAT rule

• Question 132 (Exam A): Most Check Point deployments use Gaia but which product deployment utilizes special Check Point code?

  • Enterprise Network Security Appliances.

• Question 133 (Exam A): Which of the following is NOT a valid deployment option?

  • CloudGuard

• Question 134 (Exam A): Which of the following is NOT a method used by Identity Awareness for acquiring identity?

  • Remote Access.

• Question 135 (Exam A): What Check Point tool is used to automatically update Check Point products for the Gaia OS?

  • Check Point Upgrade Service Engine (CPUSE)

• Question 136 (Exam A): What are the advantages of a "shared policy"?

  • Allows the administrator to share a policy so that it is available to use in another Policy Package.

• Question 137 (Exam A): URL Filtering cannot be used to:

  • Control Bandwidth issues.

• Question 138 (Exam A): Which SmartConsole application shows correlated logs?

  • SmartEvent.

• Question 139 (Exam A): Which of the following is used to extract state related information?

  • STATE Engine

• Question 140 (Exam A): Which part of SmartConsole allows administrators to add, edit delete, and clone objects?

  • Object Explorer

• Question 141 (Exam A): For Automatic Hide NAT rules created by the administrator, what is a TRUE statement?

  • Source Port Address Translation (PAT) is enabled by default.

• Question 142 (Exam A): Which of the following is true about Stateful Inspection?

  • Stateful Inspection requires two rules.

• Question 143 (Exam A): What is the user ID of a user that have all the privileges of a root user?

  • User ID 0

• Question 144 (Exam A): What are the two elements of address translation rules?

  • Original packet and translated packet.

• Question 145 (Exam A): Fill in the blanks: A _____ license requires an administrator to designate a gateway for attachment whereas a _____ license is automatically attached to a Security Gateway.

  • Formal; local

• Question 146 (Exam A): Fill in the blank: RADIUS protocol uses ____ to communicate with the gateway.

  • UDP

• Question 147 (Exam A): Which software blade enables Access Control policies?

  • Application Control

• Question 148 (Exam A): Which one of the following is TRUE?

  • Ordered policy is a sub-policy within anothe policy.

• Question 149 (Exam A): You have discovered suspicious activity. What is the BEST immediate action to take?

  • Create a Suspicious Activity Monitoring (SAM) rule to block that traffic.

• Question 150 (Exam A): Which of the following is NOT an identity source used for Identity Awareness?

  • AD Query

• Question 151 (Exam A): Which statement describes what Identity Sharing is in Identity Awareness?

  • Management servers can acquire and share identities with Security Gateways

• Question 152 (Exam A): What is the order of NAT priorities?

  • Static NAT, hide NAT, IP Pool NAT

• Question 153 (Exam A): Which Security Blade needs to be enabled?

  • Threat Extraction

• Question 154 (Exam A): What are the three essential components of the Check Point Security Management Architecture?

  • SmartConsole, Security Management Server, and Security Gateway

• Question 155 (Exam A): A layer can support different combinations of blades. What are the blades?

  • Firewall, URL Filtering, Content Awareness, and Mobile Access

• Question 156 (Exam A): What type of NAT is a one-to-one relationship?

  • Static

• Question 157 (Exam A): Which option in tracking allows you to see the amount of data passed?

  • Logs

• Question 158 (Exam A): If there are two administrators... What must be done to make them available? - Publish or discard the session.

• Question 159 (Exam A): Which is NOT an alert option?

  • User defined (or high) alert

• Question 160 (Exam A): Which Identity Source(s) should be selected?

  • Endpoint Identity Agent and Browser-Based Authentication

• Question 161 (Exam A): Which Check Point software blade provides?

  • Threat Emulation

• Question 162 (Exam A): Which options are given on features while editing a role?

  • Read/Write, Read Only, None

• Question 163 (Exam A): Which Check Point tool is used to automatically update Check Point products for the Gaia OS?

  • Check Point Upgrade Service Engine (CPUSE)

• Question 164 (Exam A): Fill in the blanks: A Security Policy is created in and stored in the

  • Rule base, Security Management Server.

• Question 165 (Exam A): What is NOT an advantage of Stateful Inspection?

  • No Screening above Network Layer

• Question 166 (Exam A): Fill in the blank: Once a license is activated, a _____ should be installed.

  • License Contract file

• Question 167 (Exam A): Where is the "Hit Count" feature enabled or disabled in SmartConsole?

  • On the Policy layer.

• Question 168 (Exam A): Fill in the blank: The _____ is used to obtain identification and security information.

  • User Directory

• Question 169 (Exam A): When you upload a package or license, where is the package or license stored?

  • Security Management Server

• Question 170 (Exam A): By default, which port does the WebUI listen on?

  • 443

• Question 171 (Exam A): True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway

  • True, CLI is the preferred method for licensing

• Question 172 (Exam A): Fill in the blanks: A Check Point software license consists of a ____ and _____.

  • Software blade; software container

• Question 173 (Exam A): SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following:

  • Security Policy Management, Log Analysis, System Health Monitoring, Multi-Domain Security Management.

• Question 174 (Exam A): Which of the following is NOT a tracking log option?

  • Full Log

• Question 175 (Exam A): Fill in the blank: To create a policy for traffic to or from a specific geographical location, use the _____.

  • Geo Policy shared policy

• Question 176 (Exam A): Where can alerts be viewed?

  • SmartView Monitor.

• Question 177 (Exam A): Which of the following is NOT a valid application navigation tab?

  • Manage and Command Line

• Question 178 (Exam A): Fill in the blank: An identity server uses a _____ to trust a Terminal Server Identity Agent.

  • Certificate

• Question 179 (Exam A): If the administrator is currently updating the network objects what should John do before installing a policy?

  • Publish the session.

• Question 180 (Exam A): What technologies are used to deny or permit network traffic?

  • Stateful Inspection, Firewall Blade, and URL/Application Blade

• Question 181 (Exam A): When connected to the Check Point Management Server, when the first administrator connects, what does that admin have a lock on?

  • The entire Management Database and other administrators can connect to make changes.

• Question 182 (Exam A): Using AD Query, what protocol?

  • LDAP

• Question 183 (Exam A): Bob and Joe both have Admin Roles, what BEST describes their situation?

  • Since they both are logged in on different interfaces, they will be able to make changes.

• Question 184 (Exam A): If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

  • Track log column is set to Log instead of Full Log

• Question 185 (Exam A): Which Threat Prevention Software Blade provides protection?

  • IPS

• Question 186 (Exam A): What is the purpose of Stealth Rule?

  • To drop any traffic destined for the firewall.

• Question 187 (Exam A): Which licensing model? (Choose the best answer.)

  • Local licensing because it ties the package license to the IP-address of the gateway.

• Question 188 (Exam A): Fill in the blanks: Default port numbers for an LDAP server is ____ for standard connections and _____ for SSL connections.

  • 389, 636

• Question 189 (Exam A): Identity Awareness allows the Security Administrator.

  • Network location, identity of a user, and identity of a machine.

• Question 190 (Exam A): Using the SmartConsole, which pre-defined Permission Profile should be assigned?

  • Read Only All

• Question 191 (Exam A): If an administrator wants to restrict network access, what is the best way?

  • Create an Access Role object with specific users/user groups and specific networks.

• Question 192 (Exam A): Which command shows the installed licenses in Expert mode?

  • cplic print

• Question 193 (Exam A): Which single Security Blade can block downloaded malicious files?

  • Anti-Virus, Anti-Malware

• Question 194 (Exam A): What object type would be used to grant network access to an LDAP user group?

  • Access Role

• Question 195 (Exam A): In the Check Point Security Management Architecture, which component(s) can store logs?

  • Security Management Server and Security Gateway

• Question 196 (Exam A): Choose what BEST describes a session.

  • Starts when an Administrator logs in, and ends when the administrator publishes changes made.

• Question 197 (Exam A): Which Check Point tool is used to sanitize malicious content?

  • Threat Extraction

• Question 198 (Exam A): Fill in the blank: In order to install a license, it must first be added to the _____.

  • License and Contract repository

• Question 199 (Exam A): Which software blade does NOT accompany the Threat Prevention policy?

  • Anti-virus

• Question 200 (Exam A): Which authentication method for Identity Awareness?

  • RSA

• Question 201 (Exam A): Which of the following is NOT a function?

  • Verify and compile Security Policies

• Question 202 (Exam A): Fill in the blank: RADIUS Accounting gets _____ data from requests.

  • Identity

• Question 203 (Exam A): When a gateway requires user information...

  • First the internal user database, then generic external user profile, finally LDAP servers in order of priority.

• Question 204 (Exam A): Which Threat Tool within SmartConsole?

  • Whitelist Files

• Question 205 (Exam A): What is the Transport layer of the TCP/IP responsible for?

  • It transports packets as datagrams along different routes

• Question 206 (Exam A): Which of the complete statements is NOT true?

  • edit the home directory of the user

• Question 207 (Exam A): An administrator wishes to enable Identity Awareness.

  • Browser-Based Authentication

• Question 208 (Exam A): Which Check Point supported authentication scheme typically requires a token?

  • SecurID

• Question 209 (Exam A): Which Check Point software blade provides visibility of users?

  • Identity Awareness

• Question 210 (Exam A): Fill in the blank: Backup and restores can be accomplished through ___.

  • SmartUpdate, SmartBackup, or SmartConsole

• Question 211 (Exam A): Which SmartConsole tab shows logs?

  • Logs Monitor

• Question 212 (Exam A): You received a call that a user can't browse the internet