You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?
Exhibit:
1) fw2 is a member in a VPN community.
2) ClusterXL software blade is not enabled on fw2.
3) fw2 is a DAIP Gateway.
Fill in the blanks. To view the number of concurrent connections going through your firewall, you would use the command and syntax __ ___ __ __________ __ .
Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should beguaranteed. Which actions should be taken to achieve that?
1) Use same hard drive for database directory, log files, and temporary directory.
2) Use Consolidation Rules.
3) Limit logging to blocked traffic only.
4) Use Multiple Database Tables.
Which statements about Management HA are correct?
1) Primary SmartCenter describes first installed SmartCenter
2) Active SmartCenter is always used to administrate with SmartConsole
3) Active SmartCenter describes first installed SmartCenter
4) Primary SmartCenter is always used to administrate with SmartConsole
Match the VPN-related terms with their definitions. Each correct term is only used once.
Exhibit:
A ClusterXL configuration is limited to ___ members.
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
To stop acceleration on a GAiA Security Gateway, enter command:
To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command
Which CLI tool helps on verifying proper ClusterXL sync?
When a packet is flowing through the security gateway, which one of the following is a valid inspection path?
What is the purpose of the pre-defined exclusions included with SmartEvent R80?
Match the ClusterXL modes with their configurations.
Exhibit:
Which of the following is the preferred method for adding static routes in GAiA?
Your expanding network currently includes ClusterXL runningMulticast mode on two members, as shown in this topology:
Exhibit:
You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces?
Which of the following authentication methods can be configured in the Identity Awareness setup wizard?
Fill in the blank. What is the correct command and syntax used to view a connection table summary on a Check Point Firewall?
You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?
Type the command and syntax to configure the Cluster Control Protocol (CCP) to use Broadcast.
Fill in the blank. To enter the router shell, use command __________ .
Which file defines the fields for each object used in the file objects.C (color, num/string, default value…)?
Type the full fw command and syntax that will show full synchronization status.
If you need strong protection for the encryption of user data, what option would be the BEST choice?
Paul has just joined the MegaCorp security administration team. Natalie, the administrator, creates a newadministrator account for Paul in SmartDashboard and installs the policy. When Paul tries to login it fails. How can Natalie verify whether Paul’s IP address is predefined on the security management server?
Which of the following are authentication methods that Security Gateway R80 uses to validate connection attempts? Select the response below that includes the MOST complete list of valid authentication methods.
Which of the following statements accurately describes the command upgrade_export?
Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into thedomain, that information is also used to meet Identity Awareness credential requests.
Which of the following allows administrators to allow or deny traffic to or from a specific network based on the user’s credentials?
Which command displays the installed Security Gateway version?
Which of the following options is available with the GAiA cpconfig utility on a Management Server?
How granular may an administrator filter an Access Role with identity awareness? Per:
Your R80 primary Security Management Server is installed on GAiA. You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?
You are a Security Administrator who has installed Security Gateway R80 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1)Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
- Allow bi-directional NAT
- Translate destination on client side
Do the above settings limit the partner’s access?
Which of the following statements accurately describes the command snapshot?
You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Serverthat has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?
Your perimeter Security Gateway’sexternal IP is 200.200.200.3. Your network diagram shows:
Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?
A snapshot deliversa complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?
What type of traffic can be re-directed to the Captive Portal?
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not onthe Internet Firewall. How can this be accomplished?
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
Where can you find the Check Point’s SNMP MIB file?
Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:
You cannot use SmartDashboard’s User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the_________.
Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to a set of designated IP addresses to minimize malwareinfection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
He has received a new laptop and wants to access the HR Web Server from anywhere in the organization.The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19).
He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources, and installs the policy.
2) Adds anaccess role object to the Firewall Rule Base that lets John Adams access the HR Web Server from any machine and from any location and installs policy.
John plugged in his laptop to the network on a different network segment and was not able to connect to the HR Web server. What is the next BEST troubleshooting step?
You have three servers located in a DMZ, using private IP addresses. You wantinternal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway’s external interface.
What is the best configuration for 10.10.10.x users to access the DMZservers, using the DMZ servers’ public IP addresses?
You are MegaCorp’s Security Administrator. There are various network objects which must be NATed. Some ofthem use the Automatic Hide NAT method, while others use the Automatic Static NAT method. What is the rule order if both methods are used together? Give the BEST answer.
Which of the following process pulls applications monitoring status?
To findrecords in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was blocked, what would be the query syntax?
What is not a component of Check Point SandBlast?
Which command will reset the kernel debug options to default settings?
How many images are included with Check Point TE appliance in Recommended Mode?
In SmartEvent, what are the different types of automatic reactions that the administrator can configure?
What are the main stages of a policy installation?
What is the valid range for VRID value in VRRP configuration?
Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration.
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n)_________ or ___________ action for the file types.
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
Which one ofthe following processes below would not start if there was a licensing issue.
If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?
SecureXL improves non-encrypted firewalltraffic throughput and encrypted VPN traffic throughput.
Which process handles connections from SmartConsole R80?
How can SmartView Web application be accessed?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
The “MAC magic” value must be modified under the following condition:
You want to store the GAiA configuration in a file for later reference. What command should you use?
As an administrator, you may berequired to add the company logo to reports. To do this, you would save the logo as a PNG file with the name ‘cover-company-logo.png’ and then copy that image file to which directory on the SmartEvent server?
What is the main difference between Threat Extraction and Threat Emulation?
What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions?
What is the SOLR database for?
In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is themost accurate CLI command?
Which of the following is a task of the CPD process?
Copyright © 2021-2025 CertsTopics. All Rights Reserved
