156-315.80 Check Point Certified Security Expert - R80 Questions and Answers

Used for full text search and enables powerful matching capabilities

Writes data to the database and full text search

Serves GUI responsible to transfer request to the DLE server

Enables powerful matching capabilities and writes data to the database

Improve the efficiency of traffic handling by SecureXL SNDs

Reduce the confusion for traffic capturing in FW Monitor

Improve the efficiency of CoreXL Kernel Instances

Reduce the performance of network interfaces

cvpnd_restart

cvpnd_restart

cvpnd restart

cvpnrestart

Next Generation Threat Prevention

Next Generation Threat Emulation

Next Generation Threat Extraction

Next Generation Firewall

Run command "set api start" in CLISH mode

Run command "mgmt__cli set api start" in Expert mode

Run command "mgmt api start" in CLISH mode

Run command "api start" in Expert mode

run fw ctl multik set_mode 9 in Expert mode and then Reboot.

Using cpconfig, update the Dynamic Dispatcher value to “full” under the CoreXL menu.

Edit/proc/interrupts to include multik set_mode 1 at the bottom of the file, save, and reboot.

run fw multik set_mode 1 in Expert mode and then reboot.

1-254

1-255

0-254

0 – 255

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

By dropping traffic that is not proven to be from clean websites in the URL Filtering blade

By allowing traffic from websites that are known to run Antivirus Software on servers regularly

By matching logs against ThreatCloud information about the reputation of the website

Right click Accept in the rule, select “More”, and then check ‘Enable Identity Captive Portal’.

On the firewall object, Legacy Authentication screen, check ‘Enable Identity Captive Portal’.

In the Captive Portal screen of Global Properties, check ‘Enable Identity Captive Portal’.

On the Security Management Server object, check the box ‘Identity Logging’.

The VMACs used in a Security Gateway cluster

The involved firewall kernel modules in inbound and outbound packet chain

Overview over SecureXL templated connections

Network interfaces and core distribution used for CoreXL

Better understand the behavior of the Access Control Policy

Improve Firewall performance - You can move a rule that has hot count to a higher position in the Rule Base

Automatically rearrange Access Control Policy based on Hit Count Analysis

Analyze a Rule Base - You can delete rules that have no matching connections

Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC

fw ctl set int vmac_mode 1

cphaconf vmac_mode set 1

Cluster Object -> Edit -> Cluster Members -> Edit -> Use Virtual MAC

20 minutes

15 minutes

Admin account cannot be unlocked automatically

30 minutes at least

SecureID

SecurID

Complexity

TacAcs

System Administrators know when their cluster has failed over and can also see why it failed over by using the cphaprob –f if command.

ClusterXL offers three different Load Sharing solutions: Unicast, Broadcast, and Multicast.

Machines in a ClusterXL High Availability configuration must be synchronized.

Both ClusterXL and VRRP are fully supported by Gaia and available to all Check Point appliances, open servers, and virtualized environments.

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

Network Interface Card and the Acceleration Device

Network Interface Card, OSI Network Layer, and the Acceleration Device

Automatic download of full installation and upgrade packages

Automatic download of hotfixes

Installation of private hotfixes

Offline installations

Source address, Destination address, Source port, Destination port, Protocol

Source MAC address, Destination MAC address, Source port, Destination port, Protocol

Source address, Destination address, Source port, Destination port

Source address, Destination address, Destination port, Protocol

Check Point Protect Application

Management Dashboard

Behavior Risk Engine

Check Point Gateway

Route-based VPN

IPS

IPv6

Overlapping NAT

source port ranges

source ip

source port

same info from Packet Acceleration is used

Authentication requests

CPMI dbsync

Logs

Event Policy

1 - 254

1 - 255

0 - 254

0 - 255

Size of the /var/log folder of the source machine must be at least 25% of the size of the /var/log directory on the target machine

Size of the /var/log folder of the target machine must be at least 25% of the size of the /var/log directory on the source machine

Size of the $FWDIR/log folder of the target machine must be at least 30% of the size of the $FWDIR/log directory on the source machine

Size of the /var/log folder of the target machine must be at least 25GB or more

In CLISH run: set interface eth2 mac-addr 11:11:11:11:11:11

In expert-mode run ifconfig eth1 hw 11:11:11:11 11 11

In CLISH run set interface eth2 hw-addr 11 11 11:11:11 11

In expert-mode run: ethtool -4 eth2 mac 11 11:11:11:11:11

SmartConsole

SmartMonitor

SmartEndpoint

SmartDashboard

Capsule Docs

Capsule Cloud

Capsule Enterprise

Capsule Workspace

Gateways & Servers --> Compliance View

Compliance blade not available under R80.10

Logs & Monitor --> New Tab --> Open compliance View

Security & Policies --> New Tab --> Compliance View

2

4

1

3

fwd

cpwd

fwm

cpd

fwaccel status

fwaccel stats -m

fwaccel -s

fwaccel stat

To satellites through center only

To center only

To center and to other satellites through center

To center, or through the center to other satellites, to Internet and other VPN targets

SmartProvisioning

SmartView Tracker

SmartView Monitor

SmartLog

cvpnd.elg

httpd.elg

vpnd.elg

fw.elg

IPS, DLP, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

DLP, AntiVirus, QoS, AntiBot, Sandblast Threat Emulation/Extraction

IPS, AntiVirus, AntiBot

IPS, AntiVirus, AntiBot, Sandblast Threat Emulation/Extraction

19009, 19090 & 443

19009, 19004 & 18190

18190 & 443

19009, 18190 & 443

A new Policy Package created on both the Management and Gateway will be deleted and must be backed up first before proceeding.

A new Policy Package created on the Management is going to be installed to the existing Gateway.

A new Policy Package created on the Gateway is going to be installed on the existing Management.

A new Policy Package created on the Gateway and transferred to the Management will be overwritten by the Policy Package currently on the Gateway but can be restored from a periodic backup on the Gateway.

Eliminate all possible contradictory rules such as the Stealth or Cleanup rules.

Create a separate Security Policy package for each remote Security Gateway.

Create network objects that restricts all applicable rules to only certain networks.

Run separate SmartConsole instances to login and configure each Security Gateway directly.

add host name ip-address

add hostname ip-address

set host name ip-address

set hostname ip-address

No, since ‘maintain’ current active cluster member’ option on the cluster object properties is enabled by default.

No, since ‘maintain’ current active cluster member’ option is enabled by default on the Global Properties.

Yes, since ‘Switch to higher priority cluster member’ option on the cluster object properties is enabled by default.

Yes, since ‘Switch to higher priority cluster member’ option is enabled by default on the Global Properties.

blada: application control AND action:drop

blade."application control AND action;drop

(blade: application control AND action;drop)

blade;"application control AND action:drop

Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.

Data Awareness is not enabled.

Identity Awareness is not enabled.

Logs are arriving from Pre-R80 gateways.

fwm compile

fwm load

fwm fetch

fwm install

SMS Alert, Log, SNMP alert

Syslog, None, User-defined scripts

None, Log, Syslog

Alert, SNMP trap, Mail

Java Script

XML

Text

JSON

remove database lock

The database feature has one command lock database override.

override database lock

The database feature has two commands lock database override and unlock database. Both will work.

Stateful Packets

No Match

All Packets

Stateless Packets

Smart Cloud Services

Load Sharing Mode Services

Threat Agent Solution

Public Cloud Services

ffffffff

00000001

00000002

00000003

SmartMonitor

SmartView Web Application

SmartReporter

SmartTracker

cphaprob –d STOP unregister

cphaprob STOP unregister

cphaprob unregister STOP

cphaprob –d unregister STOP

4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.

3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.

1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.

2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Connections destined to or originated from the Security gateway

A 5-tuple match

Multicast packets

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Takes less than a second to complete

Works on MS Office and PDF files only

Always delivers a file

Takes minutes to complete (less than 3 minutes)

AES-128

AES-256

DES

3DES

Dynamic ID

RADIUS

Username and Password

Certificate

fw unloadlocal

fw unloadpolicy

fwm unload local

fwm unload policy

Security Gateway IP-address cannot be changed without re-establishing the trust.

The Security Gateway name cannot be changed in command line without re-establishing trust.

The Security Management Server name cannot be changed in SmartConsole without re-establishing trust.

The Security Management Server IP-address cannot be changed without re-establishing the trust.

On all satellite gateway to satellite gateway tunnels

On specific tunnels for specific gateways

On specific tunnels in the community

On specific satellite gateway to central gateway tunnels

Events are generated at gateway according to Event Policy

A log entry becomes an event when it matches any rule defined in Event Policy

Events are collected with SmartWorkflow form Trouble Ticket systems

Log and Events are synonyms

Secure Internal Communication (SIC)

Restart Daemons if they fail

Transfers messages between Firewall processes

Pulls application monitoring status

cpmq set

Cpmqueue set

Cpmq config

St cpmq enable

$FWDIR/database/fwauthd.conf

$FWDIR/conf/fwauth.conf

$FWDIR/conf/fwauthd.conf

$FWDIR/state/fwauthd.conf

All connections that were initiated before the upgrade will be dropped, causing network downtime

All connections that were initiated before the upgrade will be handled normally

All connections that were initiated before the upgrade will be handled by the standby gateway

All connections that were initiated before the upgrade will be handled by the active gateway