Check Point Certified Security Administrator Part 2

When should you generate new licenses?

A. Only when the license is upgraded.
B. After a device upgrade.
C. When the existing license expires, the license is upgraded, or the IP address associated with the license changes.
D. Before installing contract files.

Fill in the blank: The position of an Implied rule is manipulated in the _ window.

A. Firewall
B. Object Explorer
C. Global Properties
D. NAT

Which of the following situations would not require a new license to be generated and installed?

A. The existing license expires.
B. The Security Gateway is upgraded.
C. The license is upgraded.
D. The IP address of the Security Management or Security Gateway has changed.

You have enabled “Extended Log” as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

A. Log Trimming is enabled.
B. Content Awareness is not enabled.
C. Logging has disk space issues.
D. Identity Awareness is not enabled.

Fill in the blank: In order to install a license, it must first be added to the _.

A. Package repository
B. Download Center Web site
C. License and Contract repository
D. User Center

What is required for a certificate-based VPN tunnel between two gateways with separate management systems?

A. Shared Secret Passwords
B. Unique Passwords
C. Shared User Certificates
D. Mutually Trusted Certificate Authorities

Main Mode in iKEv1 uses how many packages for negotiation?

A. 3
B. depends on the make of the peer gateway
C. 6
D. 4

Which is a main component of the Check Point security management architecture?

A. Proxy Server
B. Endpoint VPN client
C. Identity Collector
D. SmartConsole

What are the two types of NAT supported by the Security Gateway?

A. Destination and Hide
B. Source and Destination
C. Static and Source
D. Hide and Static

Fill in the blank: A(n) _ rule is created by an administrator and configured to allow or block traffic based on specified criteria.

A. Explicit
B. Implicit drop
C. Implicit accept
D. Inline

Where is the "Hit Count" feature enabled or disabled in SmartConsole?

A. In Global Properties.
B. On each Security Gateway.
C. On the Policy layer.
D. On the Policy Package.

Log query results can be exported to what file format?

A. Comma Separated Value (csv).
B. Word Document (docx).
C. Text (txt).
D. Portable Document Format (pdf).

In order to modify Security Policies the administrator can use which of the following tools? Select the BEST answer.

A. Command line of the Security Management Server or mgmtcli.exe on any Windows computer. B. SmartConsole or mgmtcli (API) on any computer where SmartConsole is installed.
C. mgmt_cli (API) or WebUI on Security Gateway and SmartConsole on the Security Management Server.
D. SmartConsole and WebUI on the Security Management Server.

Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

A. Anti-spam and Email Security
B. Anti-Virus
C. Firewall
D. Application Control

When a Security Gateway communicates about its status to an IP address other than its own, which deployment option was chosen?

A. Targeted
B. Bridge Mode
C. Distributed
D. Standalone

In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?

A. "Inspect", "Bypass", "Block"
B. "Inspect", "Bypass", "Categorize"
C. "Inspect", "Bypass"
D. "Detect", "Bypass"

Why is a Central License the preferred and recommended method of licensing?

A. Central Licensing ties to the IP address of the management server and is not dependent on the IP of any gateway in the event it changes.
B. Central Licensing actually not supported with Gaia.
C. Central Licensing ties to the IP address of a gateway and can be changed to any gateway if needed.
D. Central Licensing is the only option when deploying Gaia.

In order for changes made to policy to be enforced by a Security Gateway, what action must an administrator perform?

A. Install policy
B. Publish changes
C. Install database
D. Save changes

Which of the following is NOT an alert option?

A. SNMP
B. User defined alert
C. High alert
D. Mail

The VPN Link Selection will perform the following if the primary VPN link goes down?

A. The Firewall will send out the packet on all interfaces
B. The Firewall will inform the client that the tunnel is down
C. The Firewall can update the Link Selection entries to start using a different link for the same tunnel
D. The Firewall will drop the packets

A layer can support different combinations of blades. What are the supported blades:

A. Firewall, NAT, Content Awareness and Mobile Access
B. Firewall, URLF, Content Awareness and Mobile Access
C. Firewall (Network Access Control), Application & URL Filtering and Content Awareness
D. Firewall (Network Access Control), Application & URL Filtering, Content Awareness and Mobile Access

Fill in the blanks: The Application Layer Firewalls inspect traffic through the layer(s) of the TCP/IP model and up to and including the layer.

A. Upper; Application
B. Lower; Application
C. First two; Internet
D. First two; Transport

When configuring Anti-Spoofing, which tracking options can an Administrator select?

A. Log, Alert, None
B. Drop Packet, Alert, None
C. Log, Allow Packets, Email
D. Log, Send SNMP Trap, Email

What licensing feature automatically verifies current licenses and activates new licenses added to the License and Contracts repository?

A. Automatic Licensing and Verification tool
B. Verification licensing
C. Verification tool
D. Automatic licensing

What are valid authentication methods for mutual authenticating the VPN gateways?

A. Pre-shared Secret and PKI Certificates
B. PKI Certificates and Kerberos Tickets
C. Pre-Shared Secrets and Kerberos Ticket
D. PKI Certificates and DynamicID OTP

Which option in tracking allows you to see the amount of data passed in the connection?

A. Advanced
B. Accounting
C. Data
D. Logs

Both major kinds of NAT support Hide and Static NAT. However, one offers more flexibility. Which statement is true?

A. Manual NAT can offer more flexibility than Automatic NAT.
B. Dynamic NAT with Port Address Translation can offer more flexibility than Network Address Translation (NAT) Overloading.
C. Automatic NAT can offer more flexibility than Manual NAT.
D. Dynamic Network Address Translation (NAT) Overloading can offer more flexibility than Port Address Translation.

Fill in the blank: Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is _.

A. Stored on the Security Management Server.
B. Stored on the Certificate Revocation List.
C. Sent to the Internal Certificate Authority.
D. Sent to the Security Administrator.

Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

A. Threat Emulation
B. Anti-Virus
C. Advanced Networking Blade
D. Application Control

In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

A. Monitoring Blade
B. SNMP
C. None - the data is available by default
D. Logging & Monitoring

How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

A. Involved traffic logs are updated every 10 minutes to show how much data has passed on the connection.
B. Involved traffic logs will be forwarded to a log server.
C. Provides additional information to the connected user.
D. Provides log details view email to the Administrator.

What are the software components used by Autonomous Threat Prevention Profiles in R81.20 and higher?

A. Sandbox, ThreatCloud, Zero Phishing, Sanitization, C&C Protection, IPS, File and URL Reputation
B. IPS, Threat Emulation and Threat Extraction
C. Sandbox, ThreatCloud, Sanitization, C&C Protection, IPS
D. IPS, Anti-Bot, Anti-Virus, SandBlast and Macro Extraction

In large organizations where there are a number of managed Check Point firewalls that generate a lot of logs it is recommended to install the Log Server on a dedicated computer. Which statement is FALSE?

A. The dedicated Log Server must be the same version as the Security Management Server.
B. A Log Server has a SIC certificate which allows secure communication with the SMS and Security Gateways.
C. More than one Log Server can be installed.
D. A dedicated SmartEvent server is required for a separate Log Server to be deployed in the SmartEvent server.

What is required for a site-to-site VPN tunnel that does not use certificates?

A. Unique Passwords
B. Pre-Shared Secret
C. SecureID
D. RSA Token

Fill in the blanks: A _ license requires an administrator to designate a gateway for attachment whereas a license is automatically attached to a Security Gateway.

A. Local; formal
B. Central; local
C. Formal; corporate
D. Local; central

When URL Filtering is set, what identifying data gets sent to the Check Point Online Web Service?

A. The full URL, including page data, is sent to the Check Point Online Web Service.
B. The URL and IP address are sent to the Check Point Online Web Service.
C. The host part of the URL is sent to the Check Point Online Web Service.
D. The URL and server certificate are sent to the Check Point Online Web Service.

What is the main difference between Static NAT and Hide NAT?

A. Static NAT only allows outgoing connections. Hide NAT allows incoming and outgoing connections.
B. Hide NAT only allows incoming connections to protect your network.
C. Static NAT allow incoming and outgoing connections. Hide NAT only allows outgoing connections.
D. Static NAT only allows incoming connections to protect your network.

What default layers are included when creating a new policy layer?

A. Application Control, URL Filtering and Threat Prevention
B. Firewall, Application Control and IPSec VPN
C. Firewall, Application Control and IPS
D. Access Control, Threat Prevention and HTTPS Inspection

If there is an Accept Implied Policy set to “First”, what is the reason Jorge cannot see any logs?

A. Track log column is set to Log instead of Full Log.
B. Log Implied Rule was not selected on Global Properties.
C. Track log column is set to none.
D. Log Implied Rule was not set correctly on the track column on the rules base.

What are the types of Software Containers?

A. Smart Console, Security Management, and Security Gateway
B. Security Management, Security Gateway, and Endpoint Security
C. Security Management, Standalone, and Security Gateway
D. Security Management, Log & Monitoring, and Security Policy

At what point is the Internal Certificate Authority (ICA) created?

A. When an administrator initially logs into SmartConsole.
B. During the primary Security Management Server deployment process.
C. Upon creation of a certificate.
D. When an administrator decides to create one.

The purpose of the Communication Initialization process is to establish a trust between the Security Management Server (SMS) to other Check Point Gateways and Servers. Which statement best describes this Secure Internal Communication (SIC)?

A. After successful initialization, the gateway can communicate with any Check Point node that possesses a SIC certificate signed by the same ICA.
B. New firewalls can easily establish the trust by using the expert password defined on the SMS and the SMS IP address.
C. A SIC certificate is automatically generated on the gateway because the gateway hosts a subordinate CA to the SMS ICA.
D. Secure Internal Communications authenticates the security gateway to the SMS before http communications are allowed.

Which SmartConsole tab shows logs and detected security threats, providing a centralized display of potential attack patterns from all network devices?

A. LOGS & MONITOR
B. SECURITY POLICIES
C. GATEWAYS & SERVERS
D. MANAGE & SETTINGS

In a Distributed deployment, the Security Gateway and the Security Management software are installed on what platforms?

A. The installation can be done on virtual machines only, but not on appliances and not in mixed environments.
B. The installation is done on different computers or appliances.
C. The installation is done on the same computer or appliance.
D. The installation is allowed in Azure only but not in AWS cloud environments.

What is the default shell for the Gaia command line interface?

A. Admin
B. Clish
C. Expert
D. Bash

Fill in the blanks: Gaia can be configured using the or .

A. GaiaUI; command line interface (serial console only)
B. Gaia Interface; Gaia Ultimate Shell
C. Command line interface; GAiA Portal
D. Web Ultimate Interface; Gaia Interface (SSH)

The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?

A. Execute the command ‘enable’ in the cli.sh shell
B. Execute the ‘conf t’ command in the cli.sh shell
C. Execute the command ‘expert’ in the cli.sh shell
D. Execute the ‘exit’ command in the cli.sh shell

How many users can have read/write access in Gaia Operating System at one time?

A. One
B. Two
C. Three
D. Infinite

Which part of SmartConsole allows administrators to add, edit, delete, and clone objects?

A. Object Explorer
B. Object Navigator
C. Object Editor
D. Object Browser

Is it possible to have more than one administrator connected to a Security Management Server at once?

A. Yes, but objects edited by one administrator will be locked for editing by others until the session is published.
B. Yes, but only if all connected administrators connect with read-only permissions.
C. Yes, but only one of those administrators will have write-permissions. All others will have read-only permission.
D. No, only one administrator at a time can connect to a Security Management Server.

When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?

A. Incorrect routing to reach the gateway.
B. The Admin would need to login to Read-Only mode.
C. The gateway is not powered on.
D. Another Admin has made an edit to that object and has yet to publish the change.

Which of the following is considered a “Subscription Blade”, requiring renewal every 1-3 years?

A. IPS blade
B. IPSEC VPN Blade
C. Firewall Blade
D. Identity Awareness Blade

The Online Activation method is available for Check Point manufactured appliances. How does the administrator use the Online Activation method?

A. The cpinfo command must be run on the firewall with the switch -online-license-activation.
B. Using the Gaia First Time Configuration Wizard, the appliance connects to the Check Point User Center and downloads all necessary licenses and contracts.
C. The SmartLicensing GUI tool must be launched from the SmartConsole for the Online Activation tool to start automatically.
D. No action is required if the firewall has internet access and a DNS server to resolve domain names.

Check Point licenses come in two forms. What are those forms?

A. Security Gateway and Security Management.
B. On-premise and Public Cloud.
C. Central and Local.
D. Access Control and Threat Prevention.

True or False: In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway.

A. True, Central Licenses can be installed with CPLIC command on a Security Gateway
B. True, CLI is the preferred method for Licensing
C. False, Central Licenses are installed via Gaia on Security Gateways
D. False, Central Licenses are handled via Security Management Server

Which application is used for the central management and deployment of licenses and packages?

A. Deployment Agent
B. SmartLicense
C. SmartProvisioning
D. SmartUpdate

Which command shows the installed licenses in Expert mode?

A. show licenses
B. fwlic print
C. cplic print
D. print cplic

In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?

A. Network Object
B. IP Address
C. Limit
D. Custom Application / Site

What is the purpose of the Stealth Rule?

A. To reduce the amount of logs for performance issues.
B. To reduce the number of rules in the database.
C. To prevent users from directly connecting to a Security Gateway.
D. To make the gateway visible to the Internet.

What are the advantages of a “shared policy”?

A. Allows the administrator to share a policy between all the users identified by the Security Gateway.
B. Allows the administrator to share a policy between all the administrators managing the Security Management Server.
C. Allows the administrator to share a policy so that it is available to use in another Policy Package.
D. Allows the administrator to install a policy on one Security Gateway and it gets installed on another managed Security Gateway.