During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Dropped without sending a negative acknowledgment
B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
Explanation: For packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are dropped with logs and without sending a negative acknowledgment. Firewall Kernel Inspection is the process of applying security policies and rules to network traffic by the Firewall kernel module. If a packet does not match any rule or matches a rule with an action of Drop or Reject, the packet is dropped by the Firewall kernel module. The difference between Drop and Reject is that Drop silently discards the packet without informing the sender, while Reject discards the packet and sends a negative acknowledgment (such as an ICMP message) to the sender. However, both Drop and Reject actions generate logs that record the details of the dropped packets, such as source, destination, protocol, port, rule number, etc. The other options are either incorrect or describe different scenarios.
CoreXL is supported when one of the following features is enabled:
A. Route-based VPN
B. IPS
C. IPv6
D. Overlapping NAT
Explanation: CoreXL is supported when one of the following features is enabled: IPS. CoreXL does not support Check Point Suite with these features: Route-based VPN, IPv6, Overlapping NAT, QoS, Content Awareness, Application Control, URL Filtering, Identity Awareness, HTTPS Inspection, DLP, Anti-Bot, Anti-Virus, Threat Emulation.
Which TCP-port does CPM process listen to?
A. 18191
B. 18190
C. 8983
D. 19009
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
A. logd
B. fwd
C. fwm
D. cpd
Explanation: The fwd process within the Security Management Server is responsible for the receiving of log records from Security Gateway. The fwd process handles the communication with the Security Gateways and log servers via TCP port 2571. The other processes have different roles, such as logd for writing logs to the database, fwm for handling GUI clients, and cpd for infrastructure tasks2.
Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
A. User data base corruption
B. LDAP conflicts
C. Traffic issues
D. Phase two key negotiations
Explanation: Check Point’s FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark.
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
A. fwd via cpm
B. fwm via fwd
C. cpm via cpd
D. fwd via cpd
Explanation: The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via the cpm process. The cpm process is the main management process that handles database operations, policy installation, and communication with GUI clients via TCP port 190093. The other options are either incorrect or irrelevant to the log flow. References: Certified Security Expert (CCSE) R81.20 Course Overview, Check Point Ports Used for Communication by Various Check Point Modules
Which method below is NOT one of the ways to communicate using the Management API’s?
A. Typing API commands using the “mgmt_cli” command
B. Typing API commands from a dialog box inside the SmartConsole GUI application
C. Typing API commands using Gaia’s secure shell(clish)19+
D. Sending API commands over an http connection using web-services
Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?
A. /opt/CPshrd-R81/conf/local.arp
B. /var/opt/CPshrd-R81/conf/local.arp
C. $CPDIR/conf/local.arp
D. $FWDIR/conf/local.arp
Explanation: The file that contains the host address to be published, the MAC address that needs to be associated with the IP address, and the unique IP of the interface that responds to ARP request is $FWDIR/conf/local.arp. Local.arp is a configuration file that defines static ARP entries for hosts behind NAT devices. This file allows the Security Gateway to respond to ARP requests for NATed hosts with the correct MAC address, and to publish the NATed IP address instead of the real IP address. The other files are either not related or not valid.
How many images are included with Check Point TE appliance in Recommended Mode?
A. 2(OS) images
B. images are chosen by administrator during installation
C. as many as licensed for
D. the newest image
Explanation: The Check Point TE appliance in Recommended Mode includes 2(OS) images. One image is used for running the appliance, and the other image is used for backup and recovery purposes. The images are not chosen by the administrator during installation, nor based on the license or the latest version.
What are the three components for Check Point Capsule?
A. Capsule Docs, Capsule Cloud, Capsule Connect
B. Capsule Workspace, Capsule Cloud, Capsule Connect
C. Capsule Workspace, Capsule Docs, Capsule Connect
D. Capsule Workspace, Capsule Docs, Capsule Cloud
Explanation: The three components for Check Point Capsule are Capsule Workspace, Capsule Docs, and Capsule Cloud. Capsule Workspace is a secure container app that allows users to access corporate data and applications from their mobile devices. Capsule Docs is a solution that protects documents with encryption and granular access control. Capsule Cloud is a cloud-based security service that enforces security policies on devices that are outside the corporate network. References: Check Point Capsule
To fully enable Dynamic Dispatcher on a Security Gateway:
A. run fw ctl multik set_mode 9 in Expert mode and then Reboot.
B. Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.
C. Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.
D. run fw multik set_mode 1 in Expert mode and then reboot.
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
A. 50%
B. 75%
C. 80%
D. 15%
Explanation:
Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to a certain threshold. In this case, the correct threshold is specified as option D: 15%.
So, when the available disk space reaches or falls below 15%, old log entries should be deleted to free up space.
Options A, B, and C do not represent the recommended threshold for deleting old log entries according to Check Point's best practices.
| Page 4 out of 36 Pages |
| Previous |