Practice Test
Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.
/var/log/Cpbackup/backups/backup_fw.tgz Gaia's Backup feature allows backing up the configuration of the Gaia OS and of the Security Management server database, or restoring a previously saved configuration. The configuration is saved to a .tgz file in the following directory (image). Reference: https://supportcenter.checkpoint.com/supportcenter/portal? action=portlets.SearchResultMainAction&eventSubmit_doGoviewsolutiondetails=&solutionid=sk91400
Where can you trigger a failover of the cluster members? 1. Log in to Security Gateway CLI and run command clusterXL_admin down. 2. In SmartView Monitor right-click the Security Gateway member and select Cluster member stop. 3. Log into Security Gateway CLI and run command cphaprob down.
1 and 3. How to Initiate Failover Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7298.htm
What is the default time length that Hit Count Data is kept?
3 month. Reference: https://community.checkpoint.com/t5/General-Topics/What-is-the-default-time-that-HIT-count-data-is-kept-in-R80/td-p/33636
By default, which port does the WebUI listen on?
443. To configure Security Management Server on Gaia: Open a browser to the WebUI: https://<Gaia management IP address> Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_Gaia_IUG/html_frameset.htm?topic=documents/R80/CP_R80_Gaia_IUG/132120
Which of the following statements is TRUE about R80 management plug-ins?
A management plug-in interacts with a Security Management Server to provide new features and support for new products.
What is a precedence of traffic inspection for the defined polices?
A packet arrives at the gateway, it is checked against the rules in the networks policy layer and then if there is any rule which accepts the packet, it comes next to IPS layer and then after accepting the packet it passes to Threat Prevention layer. To simplify Policy management, R80 organizes the policy into Policy Layers. A layer is a set of rules, or a Rule Base. For example, when you upgrade to R80 from earlier versions: -Gateways that have the Firewall and the Application Control Software Blades enabled will have their Access Control Policy split into two ordered layers: Network and Applications. When the gateway matches a rule in a layer, it starts to evaluate the rules in the next layer. -Gateways that have the IPS and Threat Emulation Software Blades enabled will have their Threat Prevention policies split into two parallel layers: IPS and Threat Prevention. All layers are evaluated in parallel Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
Which of the following is TRUE regarding Gaia command line?
A. Configuration changes should be done in mgmt_cli and use CLISH for monitoring. Expert mode is used only for OS level tasks. B. Configuration changes should be done in expert-mode and CLISH is used for monitoring. C. Configuration changes should be done in mgmt-cli and use expert-mode for OS-level tasks. D. All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks
Review the following screenshot and select the BEST answer
A. Data Center Layer is an inline layer in the Access Control Policy. B. By default all layers are shared with all policies. C. If a connection is dropped in Network Layer, it will not be matched against the rules in Data Center Layer. D. If a connection is accepted in Network-layer, it will not be matched against the rules in Data Center Layer.
In the Check Point three-tiered architecture, which of the following is NOT a function of the Security Management Server?
A. Display policies and logs on the administrator's workstation. B. Verify and compile Security Policies. C. Processing and sending alerts such as SNMP traps and email notifications. D. Store firewall logs to hard drive storage
Packages and licenses are loaded from all of these sources EXCEPT
A. Download Center Web site B. UserUpdate C. User Center D. Check Point DVD Packages and licenses are loaded into these repositories from several sources: -the Download Center web site (packages) -the Check Point DVD (packages) -the User Center (licenses) -by importing a file (packages and licenses) -by running the cplic command line Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm
Which of the following Automatically Generated Rules NAT rules have the lowest implementation priority?
A. Machine Hide NAT B. Address Range Hide NAT C. Network Hide NAT D. Machine Static NAT SmartDashboard organizes the automatic NAT rules in this order: 1. Static NAT rules for Firewall, or node (computer or server) objects 2. Hide NAT rules for Firewall, or node objects 3. Static NAT rules for network or address range objects The safer, easier way to help you pass any IT exams - www.CiscoForAll.com 2658F0A55B54C618BB8577AF8405CB3B 4. Hide NAT rules for network or address range objects
Which of the following is NOT a SecureXL traffic flow?
A. Medium Path B. Accelerated Path C. High Priority Path D. Slow Path SecureXL is an acceleration solution that maximizes performance of the Firewall and does not compromise security. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. The Firewall can inspect and process connections more efficiently and accelerate throughput and connection rates. These are the SecureXL traffic flows: Slow path - Packets and connections that are inspected by the Firewall and are not processed by SecureXL. Accelerated path - Packets and connections that are offloaded to SecureXL and are not processed by the Firewall. Medium path - Packets that require deeper inspection cannot use the accelerated path. It is not necessary for the Firewall to inspect these packets, they can be offloaded and do not use the slow path. For example, packets that are inspected by IPS cannot use the accelerated path and can be offloaded to the IPS PSL (Passive Streaming Library). SecureXL processes these packets more quickly than packets on the slow path.
Which of the following is NOT a component of a Distinguished Name?
A. Organizational Unit B. Country C. Common Name D. User container Distinguished Name Components CN=common name, OU=organizational unit, O=organization, L=locality, ST=state or province, C=country name Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/ CP_R76_SecMan_WebAdmin/71950
Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?
A. Security questions B. Check Point password C. SecurID D. RADIUS Authentication Schemes: - Check Point Password - Operating System Password - RADIUS - SecurID - TACAS - Undefined If a user with an undefined authentication scheme is matched to a Security Rule with some form of authentication, access is always denied.
Which of the following is NOT a license activation method?
A. SmartConsole Wizard X B. Online Activation C. License Activation Wizard D. Offline Activation
Which feature is NOT provided by all Check Point Mobile Access solutions?
A. Support for IPv6 B. Granular access control C. Strong user authentication D. Secure connectivity Types of Solutions All of Check Point's Remote Access solutions provide: -Enterprise-grade, secure connectivity to corporate resources. -Strong user authentication. -Granular access control. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/83586.htm
A new license should be generated and installed in all of the following situations EXCEPT when ________ .
A. The license is attached to the wrong Security Gateway B. The existing license expires C. The license is upgraded D. The IP address of the Security Management or Security Gateway has changed There is no need to generate new license in this situation, just need to detach license from wrong Security Gateway and attach it to the right one.
Which policy type has its own Exceptions section?
A. Thread Prevention B. Access Control C. Threat Emulation D. Desktop Security The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_ThreatPrevention_WebAdmin/82209.htm#o97030
In R80, Unified Policy is a combination of
Access control policy, QoS Policy, Desktop Security Policy and VPN policy. D is the best answer given the choices. Unified Policy In R80 the Access Control policy unifies the policies of these pre-R80 Software Blades: -Firewall and VPN -Application Control and URL Filtering -Identity Awareness -Data Awareness -Mobile Access -Security Zones Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/ CP_R80_SecMGMT/126197&anchor=o129934
Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
Active Directory Query. AD Query extracts user and computer identity information from the Active Directory Security Event Logs. The system generates a Security Event log entry when a user or computer accesses a network resource. For example, this occurs when a user logs in, unlocks a screen, or accesses a network drive. Reference : https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62402.htm
Which command is used to add users to or from existing roles?
Add rba user <User Name> roles <List> Configuring Roles - CLI (rba) [image] Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73101.htm
Which default Gaia user has full read/write access?
Administrator
View the rule below. What does the lock-symbol in the left column mean?
Another user has locked the rule for editing. Administrator Collaboration More than one administrator can connect to the Security Management Server at the same time. Every administrator has their own username, and works in a session that is independent of the other administrators. When an administrator logs in to the Security Management Server through SmartConsole, a new editing session starts. The changes that the administrator makes during the session are only available to that administrator. Other administrators see a lock icon on object and rules that are being edited. To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
Web Control Layer has been set up using the settings in the following dialogue (image). Consider the following policy and select the BEST answer.
Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and 5.6. Policy Layers and Sub-Policies R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your network segments or business units/functions. In addition, you can also assign granular privileges by layer or sub-policy to distribute workload and tasks to the most qualified administrators -With layers, the rule base is organized into a set of security rules. These set of rules or layers, are inspected in the order in which they are defined, allowing control over the rule base flow and the security functionalities that take precedence. If an "accept" action is performed across a layer, the inspection will continue to the next layer. For example, a compliance layer can be created to overlay across a cross-section of rules. -Sub-policies are sets of rules that are created for a specific network segment, branch office or business unit, so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next rule. -Sub-policies and layers can be managed by specific administrators, according to their permissions profiles. This facilitates task delegation and workload distribution. Reference: https://community.checkpoint.com/docs/DOC-1065
Which Check Point feature enables application scanning and the detection?
AppWiki. AppWiki enables application scanning and detection of more than 5,000 distinct applications and over 300,000 Web 2.0 widgets including instant messaging, social networking, video streaming, VoIP, games and more. Reference: https://www.checkpoint.com/products/application-control-software-blade/
The Gaia operating system supports which routing protocols?
BGP, OSPF, RIP. The Advanced Routing Suite CLI is available as part of the Advanced Networking Software Blade. For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networking blade enables them to run industry- standard dynamic routing protocols including BGP, OSPF, RIPv1, and RIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecurePlatform_AdvancedRouting_WebAdmin/html_frameset.htm
The following graphic shows: A. View from SmartLog for logs initiated from source address 10.1.1.202 B. View from SmartView Tracker for logs of destination address 10.1.1.202 C. View from SmartView Tracker for logs initiated from source address 10.1.1.202 D. View from SmartView Monitor for logs initiated from source address 10.1.1.202
C. View from SmartView Tracker for logs initiated from source address 10.1.1.202
You are unable to login to SmartConsole. You login to the management server and run #cpwd_admin list with the following output (image): What reason could possibly BEST explain why you are unable to connect to SmartConsole?
CPM and FWM are down. The correct answer would be FWM (is the process making available communication between SmartConsole applications and Security Management Server.). STATE is T (Terminate = Down). Symptoms -SmartDashboard fails to connect to the Security Management server. 1. Verify if the FWM process is running. To do this, run the command: [Expert@HostName:0]# ps -aux | grep fwm 2. If the FWM process is not running, then try force-starting the process with the following command: [Expert@HostName:0]# cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm" Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk12120
Browser-based Authentication sends users to a web page to acquire identities using ________ .
Captive Portal and Transparent Kerberos Authentication. To enable Identity Awareness: 1. Log in to SmartDashboard. 2. From the Network Objects tree, expand the Check Point branch. 3. Double-click the Security Gateway on which to enable Identity Awareness. 4. In the Software Blades section, select Identity Awareness on the Network Security tab. The Identity Awareness Configuration wizard opens. 5. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets. AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers. Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
Which type of the Check Point license ties the package license to the IP address of the Security Management Server?
Central
Which one of the following is the preferred licensing model?
Central licensing because it ties the package license to the IP-address of the Security Management Server and has no dependency of the gateway. A Central License is a license attached to the Security Management server IP address, rather than the gateway IP address. The benefits of a Central License are: -Only one IP address is needed for all licenses. -A license can be taken from one gateway and given to another. -The new license remains valid when changing the gateway IP address. There is no need to create and install a new license. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm#o13527
An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret, the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre- shared secret?
Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
What are the three authentication methods for SIC?
Certificates, standards-based SSL for the creation of secure channels, and 3DES or AES128 for encryption. Secure Internal Communication (SIC) Secure Internal Communication (SIC) lets Check Point platforms and products authenticate with each other. The SIC procedure creates a trusted status between gateways, management servers and other Check Point components. SIC is required to install polices on gateways and to send logs between gateways and management servers. These security measures make sure of the safety of SIC: Certificates for authentication Standards-based SSL for the creation of the secure channel 3DES for encryption Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/ CP_R76_SecMan_WebAdmin/71950
VPN gateways authenticate using ___________ and ___________ .
Certificates; pre-shared secrets. VPN gateways authenticate using Digital Certificates and Pre-shared secrets.
Tina is a new administrator who is currently reviewing the new Check Point R80 Management console interface. In the Gateways view, she is reviewing the Summary screen as in the screenshot below. What as an 'Open Server'?
Check Point software deployed on a non-Check Point appliance. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/index.html
To build an effective Security Policy, use a ________ and _______ rule.
Cleanup; stealth.
A _________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser
Clientless remote access. Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80BC_Firewall/html_frameset.htm?topic=documents/R80/CP_R80BC_Firewall/92704
What is the default shell for the command line interface?
Clish. The default shell of the CLI is called clish Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm
Gaia can be configured using the _______ or ______ .
Command line interface; WebUI. Configuring Gaia for the First Time In This Section: Running the First Time Configuration Wizard in WebUI The safer, easier way to help you pass any IT exams - www.CiscoForAll.com 2658F0A55B54C618BB8577AF8405CB3B Running the First Time Configuration Wizard in CLI After you install Gaia for the first time, use the First Time Configuration Wizard to configure the system and the Check Point products on it. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/ CP_R77_Gaia_AdminWebAdminGuide/112568
What are the three conflict resolution rules in the Threat Prevention Policy Layers?
Conflict on settings, conflict on address, and conflict on exception.
You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
Create a separate Security Policy package for each remote Security Gateway.
Harriet wants to protect sensitive information from intentional loss when users browse to a specific URL: https://personal.mymail.com, which blade will she enable to achieve her goal?
DLP. Check Point revolutionizes DLP by combining technology and processes to move businesses from passive detection to active Data Loss Prevention. Innovative MultiSpect™ data classification combines user, content and process information to make accurate decisions, while UserCheck™ technology empowers users to remediate incidents in real time. Check Point's self-educating network-based DLP solution frees IT/security personnel from incident handling and educates users on proper data handling policies—protecting sensitive corporate information from both intentional and unintentional loss. Reference: https://www.checkpoint.com/downloads/product-related/datasheets/DLP-software-blade-datasheet.pdf
When attempting to start a VPN tunnel, in the logs the error 'no proposal chosen' is seen numerous times. No other VPN-related log entries are present. Which phase of the VPN negotiations has failed?
IKE Phase 1.
Which Threat Prevention Software Blade provides comprehensive against malicious and unwanted network traffic, focusing on application and server vulnerabilities?
IPS. The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including: -Malware attacks -Dos and DDoS attacks -Application and server vulnerabilities -Insider threats -Unwanted application traffic, including IM and P2P Reference: https://www.checkpoint.com/products/ips-software-blade/
Choose what BEST describes the Policy Layer Traffic Inspection.
If a packet matches an inline layer, it will continue matching the next layer. Reference: https://community.checkpoint.com/thread/1092
When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?
If the Action is Accept, the gateway continues to check rules in the next Policy Layer down.
What does ExternalZone represent in the presented rule? (Image)
Interfaces that administrator has defined to be part of External Security Zone. Configure the Security Gateway 80 interfaces in the Interfaces tab in the Security Gateway window. To configure the interfaces: 1. From the Devices window, double-click the Security Gateway 80. The Security Gateway window opens. 2. Select the Interfaces tab. 3. Select Use the following settings. The interface settings open. 4. Select the interface and click Edit. The Edit window opens. 5. From the IP Assignment section, configure the IP address of the interface: 1. Select Static IP. 2. Enter the IP address and subnet mask for the interface. 6. In Security Zone, select Wireless, DMS, External, or Internal. Security zone is a type of zone, created by a bridge to easily create segments, while maintaining IP addresses and router configurations. Security zones let you choose if to enable or not the firewall between segments. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartProvisioning_WebAdmin/16741.htm
What is the purpose of Captive Portal?
It authenticates users, allowing them access to the Internet and corporate resources. Captive Portal - a simple method that authenticates users through a web interface before granting them access to Intranet resources. When users try to access a protected resource, they get a web page that must be filled out to continue. Reference : https://www.checkpoint.com/products/identity-awareness-software-blade/
Two administrators Dave and Jon both manage R80 Management as administrators for ABC Corp. Jon logged into the R80 Management and then shortly after Dave logged in to the same server. They are both in the Security Policies view. From the screenshots below, why does Dave not have the rule no.6 in his SmartConsole view even though Jon has it his in his SmartConsole view?
Jon is currently editing rule no.6 but has not yet Published his changes
With the User Directory Software Blade, you can create R80 user definitions on a(an) ___________ Server.
LDAP. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
Load Sharing Multicast. ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
Which type of Check Point license is tied to the IP address of a specific Security Gateway and cannot be transferred to a gateway that has a different IP address?
Local.
You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database. The most likely reason for the logs data to stop is the low disk space on the logging device, which can be the Management Server or the Gateway Server.
What is NOT an advantage of Packet Filtering?
Low Security and No Screening above Network Layer. Packet Filter Advantages and Disadvantages (image) Reference: https://www.checkpoint.com/smb/help/utm1/8.2/7078.htm QUESTION 96 In the Check Point three-tiered architecture, which of the following is NOT a f
In R80 spoofing is defined as a method of
Making packets appear as if they come from an authorized IP address. IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.
What are the two high availability modes?
New and Legacy. ClusterXL has four working modes. This section briefly describes each mode and its relative advantages and disadvantages. -Load Sharing Multicast Mode -Load Sharing Unicast Mode -New High Availability Mode -High Availability Legacy Mode Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm#o7363
Vanessa is firewall administrator in her company; her company is using Check Point firewalls on central and remote locations, which are managed centrally by R80 Security Management Server. One central location has an installed R77.30 Gateway on Open server. Remote location is using Check Point UTM-1 570 series appliance with R71. Which encryption is used in Secure Internal Communication (SIC) between central management and firewall on each location?
On central firewall AES128 encryption is used for SIC, on Remote firewall 3DES encryption is used for SIC
What are the two types of address translation rules?
Original packet and translated packet. The NAT Rule Base has two sections that specify how the IP addresses are translated: Original Packet Translated Packet Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
If there are two administrators logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available to other administrators?
Publish or discard the session. To make changes available to all administrators, and to unlock the objects and rules that are being edited, the administrator must publish the session. To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created. When you select Install Policy, you are prompted to publish all unpublished changes. You cannot install a policy if the included changes are not published. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
Using the SmartConsole, which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
Read Only All. To create a new permission profile: 1. In SmartConsole, go to Manage & Settings > Permissions and Administrators > Permission Profiles. 2. Click New Profile. The New Profile window opens. 3. Enter a unique name for the profile. 4. Select a profile type: -Read/Write All - Administrators can make changes -Auditor (Read Only All) - Administrators can see information but cannot make changes -Customized - Configure custom settings 5. Click OK Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/124265
Which options are given on features, when editing a Role on Gaia Platform?
Read/Write, Read Only, None. Roles Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow Gaia users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features. You can also specify which access mechanisms (WebUI or the CLI) are available to the user. Note - When users log in to the WebUI, they see only those features that they have read-only or read/write access to. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings. Gaia includes these predefined roles: adminRole - Gives the user read/write access to all features. monitorRole- Gives the user read-only access to all features. You cannot delete or change the predefined roles. Note - Do not define a new user for external users. An external user is one that is defined on an authentication server (such as RADIUS or TACACS) and not on the local Gaia system. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_Gaia_AdminWebAdminGuide/75930
Assuming you have a Distributed Deployment, what will be the effect of running the following command on the Security Management Server? fw unloadlocal
Remove the installed Security Policy. This command uninstall actual security policy (already installed) Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/6751.htm
Examine the following Rule Base. What can we infer about the recent changes made to the Rule Base?
Rule 1 and object webserver are locked by another administrator. On top of the print screen there is a number "8" which consists for the number of changes made and not saved. Session Management Toolbar (top of SmartConsole) Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/117948
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the right protections in place. Check Point has been selected for the security vendor. Which Check Point products protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
SandBlast. SandBlast Zero-Day Protection Hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. Zero-day exploit protection from Check Point provides a deeper level of inspection so you can prevent more malware and zero-day attacks, while ensuring quick delivery of safe content to your users. Reference: https://www.checkpoint.com/products-solutions/zero-day-protection/
When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?
Security Gateway. There are different deployment scenarios for Check Point software products. Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/86429.htm
The _________ collects logs and sends them to the _________ .
Security Gateways; log server.
When you upload a package or license to the appropriate repository in SmartUpdate, where is the package or license stored
Security Management Server. SmartUpdate installs two repositories on the Security Management server: -License & Contract Repository, which is stored on all platforms in the directory $FWDIR\conf\. -Package Repository, which is stored: - on Windows machines in C:\SUroot. - on UNIX machines in /var/suroot. The Package Repository requires a separate license, in addition to the license for the Security Management server. This license should stipulate the number of nodes that can be managed in the Package Repository. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/13128.htm#o13527
DLP and Geo Policy are examples of what type of Policy?
Shared Policies. The Shared policies are installed with the Access Control Policy, check the image. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
SmartConsole machine is not part of the domain. To enable Identity Awareness: 1. Log in to SmartDashboard. 2. From the Network Objects tree, expand the Check Point branch. 3. Double-click the Security Gateway on which to enable Identity Awareness. 4. In the Software Blades section, select Identity Awareness on the Network Security tab. The Identity Awareness Configuration wizard opens. 5. Select one or more options. These options set the methods for acquiring identities of managed and unmanaged assets. -AD Query - Lets the Security Gateway seamlessly identify Active Directory users and computers. -Browser-Based Authentication - Sends users to a Web page to acquire identities from unidentified users. If Transparent Kerberos Authentication is configured, AD users may be identified transparently. -Terminal Servers - Identify users in a Terminal Server environment (originating from one IP address). Note - When you enable Browser-Based Authentication on a Security Gateway that is on an IP Series appliance, make sure to set the Voyager management application port to a port other than 443 or 80. 6. Click Next. The Integration With Active Directory window opens. When SmartDashboard is part of the domain, SmartDashboard suggests this domain automatically. If you select this domain, the system creates an LDAP Account Unit with all of the domain controllers in the organization's Active Directory. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/62050.htm
What are the three essential components of the Check Point Security Management Architecture?
SmartConsole, Security Management Server, Security Gateway. Basic deployments: Standalone deployment - Security Gateway and the Security Management server are installed on the same machine. Distributed deployment - Security Gateway and the Security Management server are installed on different machines. Assume an environment with gateways on different sites. Each Security Gateway connects to the Internet on one side, and to a LAN on the other. You can create a Virtual Private Network (VPN) between the two Security Gateways, to secure all communication between them. The Security Management server is installed in the LAN, and is protected by a Security Gateway. The Security Management server manages the Security Gateways and lets remote users connect securely to the corporate network. SmartDashboard can be installed on the Security Management server or another computer. There can be other OPSEC-partner modules (for example, an Anti-Virus Server) to complete the network security with the Security Management server and its Security Gateways. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/html_frameset.htm?topic=documents/R77/ CP_R77_SecurityManagement_WebAdminGuide/118037
Which product correlates logs and detects security threats, providing a centralized display of potential attack patterns from all network devices?
SmartEvent. SmartEvent correlates logs from all Check Point enforcement points, including end-points, to identify suspicious activity from the clutter. Rapid data analysis and custom event logs immediately alert administrators to anomalous behavior such as someone attempting to use the same credential in multiple geographies simultaneously. Reference: https://www.checkpoint.com/products/smartevent/
Which application should you use to install a contract file?
SmartUpdate. Using SmartUpdate: If you already use an NGX R65 (or higher) Security Management / Provider-1 / Multi-Domain Management Server, SmartUpdate allows you to import the service contract file that you have downloaded in Step #3. Open SmartUpdate and from the Launch Menu select 'Licenses & Contracts' -> 'Update Contracts' -> 'From File...' and provide the path to the file you have downloaded in Step #3: Note: If SmartUpdate is connected to the Internet, you can download the service contract file directly from the UserCenter without going through the download and import steps. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089
In which deployment is the security management server and Security Gateway installed on the same appliance
Standalone. Installing Standalone Standalone Deployment - The Security Management Server and the Security Gateway are installed on the same computer or appliance. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Installation_and_Upgrade_Guide-webAdmin/89230.htm#o98246
Which of the following technologies extracts detailed information from packets and stores that information in state tables?
Stateful Inspection. Reference: https://www.checkpoint.com/smb/help/utm1/8.2/7080.htm
What is the order of NAT priorities?
Static NAT, IP pool NAT, hide NAT. The order of NAT priorities is: 1. Static NAT 2. IP Pool NAT 3. Hide NAT Since Static NAT has all of the advantages of IP Pool NAT and more, it has a higher priority than the other NAT methods. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Firewall_WebAdmin/6724.htm#o6919
The R80 feature ________ permits blocking specific IP addresses for a specified time period.
Suspicious Activity Monitoring or SAM. Suspicious Activity Rules is a utility integrated into SmartView Monitor that is used to modify access privileges upon detection of any suspicious network activity (for example, several attempts to gain unauthorized access). The detection of suspicious activity is based on the creation of Suspicious Activity rules. Suspicious Activity rules are Firewall rules that enable the system administrator to instantly block suspicious connections that are not restricted by the currently enforced security policy. These rules, once set (usually with an expiration date), can be applied immediately without the need to perform an Install Policy operation. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartViewMonitor_AdminGuide/17670.htm
The Security Gateway is installed on GAiA R80. The default port for the WEB User Interface is _______ .
TCP 443
You are the senior Firewall administrator for ABC Corp, and have recently returned from a training course on Check Point's new advanced R80 management platform. You are presenting an in-house overview of the new features of Check Point R80 Management to the other administrators in ABC Corp. How will you describe the new "Publish" button in R80 Management Console?
The Publish button makes any changes an administrator has made in their management session visible to all other administrator sessions and saves it to the Database. To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
Administrator Kofi has just made some changes on his Management Server and then clicks on the Publish button in SmartConsole but then gets the error message shown in the screenshot below. Where can the administrator check for more information on these errors?
The Validations section in SmartConsole. The validations pane in SmartConsole shows configuration error messages. Examples of errors are object names that are not unique, and the use of objects that are not valid in the Rule Base. To publish, you must fix the errors. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
Ken wants to obtain a configuration lock from other administrator on R80 Security Management Server Operating System. He can do this via WebUI or via CLI. Which command should he use in CLI?
The database feature has two commands: lock database override and unlock database. Both will work. Use the database feature to obtain the configuration lock. The database feature has two commands: lock database [override]. unlock database The commands do the same thing: obtain the configuration lock from another administrator. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/75697.htm#o73091
ALPHA Corp has a new administrator who logs into the Gaia Portal to make some changes. He realizes that even though he has logged in as an administrator, he is unable to make any changes because all configuration options are greyed out as shown in the screenshot image below. What is the likely cause for this?
The database is locked by another administrator SSH session. There is a lock on top left side of the screen. B is the logical answer.
You are the administrator for Alpha Corp. You have logged into your R80 Management server. You are making some changes in the Rule Base and notice that rule No.6 has a pencil icon next to it. What does this mean?
The rule No.6 has been marked for editing in your Management session.
What does the "unknown" SIC status shown on SmartConsole mean?
There is no connection between the Security Gateway and SMS. The most typical status is Communicating. Any other status indicates that the SIC communication is problematic. For example, if the SIC status is Unknown then there is no connection between the Gateway and the Security Management server. If the SIC status is Not Communicating, the Security Management server is able to contact the gateway, but SIC communication cannot be established. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SecMan_WebAdmin/html_frameset.htm?topic=documents/R76/ CP_R76_SecMan_WebAdmin/118037
Each cluster has __________ interfaces.
Three. Each cluster member has three interfaces: one external interface, one internal interface, and one for synchronization. Cluster member interfaces facing in each direction are connected via a switch, router, or VLAN switch. Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
To center, or through the center to other satellites, to internet and other VPN targets. On the VPN Routing page, enable the VPN routing for satellites section, by selecting one of these options: To center and to other Satellites through center; this allows connectivity between Gateways; for example, if the spoke Gateways are DAIP Gateways, and the hub is a Gateway with a static IP address To center, or through the center to other satellites, to Internet and other VPN targets; this allows connectivity between the Gateways, as well as the ability to inspect all communication passing through the hub to the Internet. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31021
To optimize Rule Base efficiency the most hit rules should be where?
Towards the top of the Rule Base. It is logical that if lesser rules are checked for the matched rule to be found the lesser CPU cycles the device is using. Checkpoint match a session from the first rule on top till the last on the bottom.
The R80 utility fw monitor is used to troubleshoot _____________
Traffic issues. Check Point's FW Monitor is a powerful built-in tool for capturing network traffic at the packet level. The FW Monitor utility captures network packets at multiple capture points along the FireWall inspection chains. These captured packets can be inspected later using the WireShark Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30583
Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?
Two machines. One for Security Management Server and the other one for the Security Gateway.
RADIUS protocol uses ______ to communicate with the gateway.
UDP. Reference: https://sc1.checkpoint.com/documents/R76SP/CP_R76SP_Security_System_WebAdminGuide/105209.htm
The __________ is used to obtain identification and security information about network users.
User Directory
Which of the following is NOT an integral part of VPN communication within a network?
VPN key
The tool _______ generates an R80 Security Gateway configuration report.
cpinfo. CPInfo is an auto-updatable utility that collects diagnostics data on a customer's machine at the time of execution and uploads it to Check Point servers (it replaces the standalone cp_uploader utility for uploading files to Check Point servers). The CPinfo output file allows analyzing customer setups from a remote location. Check Point support engineers can open the CPinfo file in a demo mode, while viewing actual customer Security Policies and Objects. This allows the in-depth analysis of customer's configuration and environment settings. When contacting Check Point Support, collect the cpinfo files from the Security Management server and Security Gateways involved in your case. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92739
Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade statistics of VPN, Identity Awareness and DLP?
cpview. CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views. Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101878
Joey wants to configure NTP on R80 Security Management Server. He decided to do this via WebUI. What is the correct IP address and default port to access the Web UI for Gaia platform via browser?
https://<Device_IP_Address>:443. Access to Web UI Gaia administration interface, initiate a connection from a browser to the default administration IP address: Logging in to the WebUI Logging in To log in to the WebUI: 1. Enter this URL in your browser: https://<Gaia IP address> 2. Enter your user name and password. Reference: https://sc1.checkpoint.com/documents/R77/CP_R77_Gaia_AdminWebAdminGuide/html_frameset.htm?topic=documents/R77/ CP_R77_Gaia_AdminWebAdminGuide/75930
Kofi, the administrator of the ALPHA Corp network wishes to change the default Gaia WebUI Portal port number currently set on the default HTTPS port. Which CLISH commands are required to be able to change this TCP port?
set web ssl-port <new port number> In Clish A. Connect to command line on Security Gateway / each Cluster member. B. Log in to Clish. C. Set the desired port (e.g., port 4434): HostName> set web ssl-port <Port_Number> D. Save the changes: HostName> save config E. Verify that the configuration was saved: [Expert@HostName]# grep 'httpd:ssl_port' /config/db/initial Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83482
With which command can you view the running configuration of Gaia Operating system.
show configuration
Which utility allows you to configure the DHCP service on GAIA from the command line?
sysconfig Refrence: https://sc1.checkpoint.com/documents/R76/CP_R76_Splat_AdminGuide/51548.htm NOTE: Question must be wrong because no answer is possible for GAIA system, this must be SPLAT version. DHCP CLI configuration for GAIA reference: https://sc1.checkpoint.com/documents/R76/CP_R76_Gaia_WebAdmin/73181.htm#o80096
To enforce the Security Policy correctly, a Security Gateway requires:
that each Security Gateway enforces at least one rule.
The command __________ provides the most complete restoration of an R80 configuration.
upgrade_import/migrate import (Should be "migrate import") "migrate import" Restores backed up configuration for R80 version, in previous versions the command was " upgrade_import ".
Which of the following commands can be used to remove site-to-site IPSEC Security Associations (SA)?
vpn tu. Description Launch the TunnelUtil tool which is used to control VPN tunnels. Usage vpn tu vpn tunnelutil Example vpn tu Output (image) Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_CLI_WebAdmin/12467.htm#o12627