Which of the following process pulls application monitoring status?
A. fwd
B. fwm
C. cpwd
D. cpd
Explanation: The process that pulls application monitoring status is cpd. cpd is a daemon that runs on Check Point products and performs various tasks related to management communication, policy installation, license verification, logging, etc. cpd also monitors the status of other processes and applications on the system and reports it to the management server. cpd uses SNMP to collect information from various sources, such as blades, gateways, servers, etc. You can view the application monitoring status in SmartConsole by using the Gateways & Servers tab in the Logs & Monitor view. References: Check Point Processes and Daemons
SandBlast agent extends 0 day prevention to what part of the network?
A. Web Browsers and user devices
B. DMZ server
C. Cloud
D. Email servers
Explanation: SandBlast agent extends zero-day prevention to web browsers and user devices. Zero-day prevention is a capability that protects devices from unknown and emerging threats that exploit vulnerabilities that have not been patched or disclosed. SandBlast Agent provides zero-day prevention by using various technologies such as threat emulation, threat extraction, anti-exploitation, anti-ransomware, and behavioral analysis. SandBlast Agent protects web browsers and user devices from malicious downloads, phishing links, drive-by downloads, browser exploits, malicious scripts, and more.
CPM process stores objects, policies, users, administrators, licenses and management data in a database. The database is:
A. MySQL
B. Postgres SQL
C. MarisDB
D. SOLR
Explanation: CPM process stores objects, policies, users, administrators, licenses and management data in a Postgres SQL database. This database is located in $FWDIR/conf and can be accessed using the pg_client command2. The other options are not the correct database type for CPM. References: Check Point R81 Security Management Administration Guide
Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?
A. The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
C. Time object to a rule to make the rule active only during specified times.
D. Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.
SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
A. Management Dashboard
B. Gateway
C. Personal User Storage
D. Behavior Risk Engine
How many policy layers do Access Control policy support?
A. 2
B. 4
C. 1
D. 3
Explanation:
The Access Control policy supports two policy layers. These are the Network layer and the Application & URL Filtering layer. The Network layer contains rules that control the network traffic based on the source, destination, service, and action. The Application & URL Filtering layer contains rules that control the application and web access based on the application, site category, and user identity12.
The Access Control policy can also use inline layers, which are sub-policies that are embedded within a rule. Inline layers allow more granular control over specific traffic or scenarios, such as VPN, Mobile Access, or different user groups13. However, inline layers are not considered as separate policy layers, but rather as extensions of the parent rule4.
Therefore, the correct answer is A. The Access Control policy supports two policy layers.
Fill in the blank: The “fw monitor” tool can be best used to troubleshoot ____________________.
A. AV issues
B. VPN errors
C. Network traffic issues
D. Authentication issues
Explanation: The “fw monitor” tool can be best used to troubleshoot network traffic issues. Fw monitor is a tool that allows administrators to capture packets at different inspection points in the Firewall kernel, and apply filters and flags to analyze the traffic. Fw monitor can help troubleshoot network connectivity problems, packet drops, NAT issues, VPN issues, and more. The other options are either not related or less suitable for fw monitor
What is the SandBlast Agent designed to do?
A. Performs OS-level sandboxing for SandBlast Cloud architecture
B. Ensure the Check Point SandBlast services is running on the end user’s system
C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
D. Clean up email sent with malicious attachments
Explanation: The SandBlast Agent is designed to prevent malware from spreading within the network if it enters an end user’s system. SandBlast Agent is a lightweight endpoint security solution that protects devices from advanced threats such as ransomware, phishing, zero-day attacks, and data exfiltration. SandBlast Agent uses various technologies such as behavioral analysis, anti-exploitation, anti-ransomware, threat emulation, threat extraction, and forensics to detect and block malware before it can harm the device or the network. The other options are either not the main purpose or not the functionality of SandBlast Agent.
What kind of information would you expect to see using the sim affinity command?
A. The VMACs used in a Security Gateway cluster
B. The involved firewall kernel modules in inbound and outbound packet chain
C. Overview over SecureXL templated connections
D. Network interfaces and core distribution used for CoreXL
Which statement is true regarding redundancy?
A. System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.
B. ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.
C. Machines in a ClusterXL High Availability configuration must be synchronized.
D. Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.
Explanation: The statement that is true regarding redundancy is Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments. ClusterXL and VRRP are two technologies that provide high availability and load sharing for Security Gateways. They are both supported by Gaia OS and can be deployed on various platforms5. The other statements are either false or incomplete regarding redundancy.
Sticky Decision Function (SDF) is required to prevent which of the following? Assume you set up an Active-Active cluster.
A. Symmetric routing
B. Failovers
C. Asymmetric routing
D. Anti-Spoofing
Explanation: Sticky Decision Function (SDF) is required to prevent asymmetric routing in an Active-Active cluster. Asymmetric routing occurs when packets from a source to a destination follow a different path than packets from the destination to the source. This can cause problems with stateful inspection and NAT. SDF ensures that packets from the same connection are handled by the same cluster member1. References: Check Point R81 ClusterXL Administration Guide
Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.
A. Block Port Overflow
B. Local Interface Spoofing
C. Suspicious Activity Monitoring
D. Adaptive Threat Prevention
| Page 3 out of 36 Pages |
| Previous |