marks4sure logo
Your organization’s disaster recovery plan needs an update to the backup and restore section to reap the new distributed R80 installation benefits. Your plan must meet the following required and desired objectives:
Required Objective: The Security Policy repository must be backed up no less frequently than every 24 hours.
Desired Objective: The R80 components that enforce the Security Policies should be backed up at least once a week.
Desired Objective: Back up R80 logs at least once a week.
Your disasterrecovery plan is as follows:
- Use the cron utility to run the command upgrade_export each night on the Security Management Servers.
- Configure the organization's routine back up software to back up the files created by the command upgrade_export.
- Configure the GAiA back up utility to back up the Security Gateways every Saturday night.
- Use the cron utility to run the command upgrade_export each Saturday night on the log servers.
- Configure an automatic, nightly logswitch.
- Configure theorganization's routine back up software to back up the switched logs every night.
Upon evaluation, your plan:
Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?
In SmartDashboard, Translate destination on client side is checked in Global Properties. When Network Address Translation is used:
Which command line interface utility allows the administrator to verify the Security Policy name and timestamp currentlyinstalled on a firewall module?
Match the followingcommands to their correct function.
Each command has one function only listed.
Which operating systems are supported by a Check Point Security Gateway on an open server? Select MOST complete list.
Which Security Gateway R80 configuration setting forces the Client Authentication authorization time-out to refresh, each time a new user is authenticated? The:
Your customer, Mr. Smith needs access to other networks and should be able to use all services. Session authentication is not suitable. You select Client Authentication with HTTP. The standard authentication port for clientHTTP authentication (Port 900) is already in use. You want to use Port 9001 but are having connectivity problems. Why are you having problems?
Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check PointEnterprise Appliances using GAiA/R80.10. Company’s Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security Management Server as root cause. The ticket has been created and issue is at Aaron’s desk for an investigation. What do you recommend as the best suggestion for Aaron to make sure API testing works as expected?
When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to the wrong cluster?
Where you can see and search records of action done by R80 SmartConsole administrators?
GAiA Software update packages can be imported and installed offline in situation where:
What are the different command sources that allow you to communicate with the API server?
For best practices, what is the recommended time for automatic unlocking of locked admin accounts?
How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?
UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?
The fwd process on the Security Gateway sends logs to the fwd process on the Management Server via which 2 processes?
WhenConfiguring Endpoint Compliance Settings for Applications and Gateways within Mobile Access, which of the three approaches will allow you to configure individual policies for each application?
Fill in the blank.
In Load SharingUnicast mode, the internal cluster IP address is 10.4.8.3. The internal interfaces on two members are 10.4.8.1 and 10.4.8.2. Internal host 10.4.8.108 Pings 10.4.8.3, and receives replies. The following is the ARP table from the internal Windows host 10.4.8.108. Review the exhibit and type the IP address of the member serving as the pivot machine in the space below.
Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment.
Your expanding network currently includes ClusterXL runningMulticast mode on two members, as shown in this topology:
Exhibit:
You need to add interfaces: 10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for these interfaces is 10.10.10.3/24. Both cluster gateways have a Quad card with an available eth3 interface. What is the correct procedure to add these interfaces?
To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?
Which configuration file contains the structure of the Security Servers showing the port numbers, corresponding protocol name, and status?
When migrating the SmartEvent data base from one server to another, the first step is to back up the files on the original server. Which of the following commands should you run to back up the SmartEvent data base?
After verifying that API Server is not running, how can you start the API Server?
Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ .
How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:
Exhibit:
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit theSecurity Gateway bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
Fill in the blanks. To view thenumber of concurrent connections going through core 0 on the firewall, you would use the command and syntax __ __ _ ___ __ ___________ __ .
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated. What is the most likely reason that the traffic is not accelerated?
Select the command set best used to verify proper failover function of a new ClusterXL configuration.
You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?
Exhibit:
1) fw2 is a member in a VPN community.
2) ClusterXL software blade is not enabled on fw2.
3) fw2 is a DAIP Gateway.
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?
Fill in the blank. What is the correct command and syntax used to view a connection table summary on a Check Point Firewall?
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
Your organization maintains several IKE VPN’s. Executives in your organization want to know which mechanism Security Gateway R80 uses to guarantee the authenticity and integrity of messages. Which technology should you explain to the executives?
In what way in Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Complete this statement. To save interface information before upgrading a Windows Gateway, use command
MegaCorps' disaster recovery plan is past due for an update to the backup and restore section to enjoy the benefits of the new distributed R80 installation. You must propose a plan that meets the following required and desired objectives:
Required: Security Policy repository must be backed up no less frequently than every 24 hours.
Desired: Back up R80 components enforcing the Security Policies at least once a week.
Desired: Back up R80 logs at least once a week.
You develop a disaster recovery plan proposing the following:
* Use the utility cron to run the command upgrade_export each night on the Security Management Servers.
* Configure the organization's routine backup software to back up files created by the command upgrade_export.
* Configure GAiA back up utility to back up Security Gateways every Saturday night.
* Use the utility cron to run the command upgrade_export each Saturday night on the log servers.
* Configure an automatic, nightly logswitch.
* Configure the organization's routine back up software to back up the switched logs every night.
The corporate IT change review committee decides your plan:
Check Point recommends configuring Disk Space Management parameters to delete old log entities when available disk space is less than or equal to?
When migrating the SmartEvent data base from one server to another, the last step is to save the files on the new server. Which of thefollowing commands should you run to save the SmartEvent data base files on the new server?
Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?
In a zero downtime scenario, which command do you run manually after all cluster members are upgraded?
If Jack was concerned about the number of log entries he would receive in the SmartReporter system, which policy would he need to modify?
MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R80. Which migration tool is recommended?
Type the command and syntax you would use to verify that your Check Point cluster is functioning correctly.
Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should beguaranteed. Which actions should be taken to achieve that?
1) Use same hard drive for database directory, log files, and temporary directory.
2) Use Consolidation Rules.
3) Limit logging to blocked traffic only.
4) Use Multiple Database Tables.
The command useful for debugging by capturing packet information, including verifying LDAP authentication on all Check Point platforms is
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?
Several Security Policies can be used for different installation targets. The Firewall protecting Human Resources’ servers should have its own Policy Package. These rules must be installed on this machine and not onthe Internet Firewall. How can this be accomplished?
You are about to integrate RSA SecurID users into the Check Point infrastructure. What kind of users are to be defined via SmartDashboard?
Afterfiltering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o inspection points, but not in the O inspection point. Which is the likely source of the issue?
You find that Users are not prompted for authentication when they access their Web servers, even though you havecreated an HTTP rule via User Authentication. Choose the BEST reason why.
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimizemalware infection and unauthorized access risks. Thus, the gateway policy permits access only from John's desktop which is assigned a static IP address 10.0.0.19.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but that limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop with a static IP (10.0.0.19). He wants tomove around the organization and continue to have access to the HR Web Server.
To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources installs the policy.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
What should John do when he cannot access the web server from a different personal computer?
You intend to upgrade a Check Point Gateway from R71 to R80. Prior to upgrading, you want to back up the Gateway should there be any problems with the upgrade. Which of the following allows for the Gateway configuration to be completely backed up into a manageable size in the least amount of time?
Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.
As a Security Administrator, you must refresh the Client Authentication authorization time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R80 Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this network to go out to the Internet?
You cannot use SmartDashboard’s User Directory features to connect to the LDAP server. What should you investigate?
1) Verify you have read-only permissions as administrator for the operating system.
2) Verify there are no restrictions blocking SmartDashboard's User Manager from connecting to the LDAP server.
3) Check that the login Distinguished Name configured has root permission (or at least write permission Administrative access) in the LDAP Server's access control configuration.
Captive Portal is a __________ that allows the gateway to request login information from the user.
You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAiA. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on GAiA. Where can you view them? Give the BEST answer.
TESTED 16 Apr 2024