NEW QUESTION 1
How often does Threat Emulation download packages by default?

• A. Once a week
• B. Once an hour
• C. Twice per day
• D. Once per day

Answer: D

NEW QUESTION 2
You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) ______ or _______ action for the file types.

• A. Inspect/Bypass
• B. Inspect/Prevent
• C. Prevent/Bypass
• D. Detect/Bypass

Answer: A

NEW QUESTION 3
What is the least amount of CPU cores required to enable CoreXL?

• A. 2
• B. 1
• C. 4
• D. 6

Answer: B

NEW QUESTION 4
Which application should you use to install a contract file?

• A. SmartView Monitor
• B. WebUI
• C. SmartUpdate
• D. SmartProvisioning

Answer: C

NEW QUESTION 5
Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?

• A. UDP port 265
• B. TCP port 265
• C. UDP port 256
• D. TCP port 256

Answer: D

Explanation:
Synchronization works in two modes:
Full Sync transfers all Security Gateway kernel table information from one cluster member to another. It is handled by the fwd daemon using an encrypted TCP connection on port 256.
Delta Sync transfers changes in the kernel tables between cluster members. Delta sync is handled by the Security Gateway kernel using UDP connections on port 8116.

NEW QUESTION 6
What is the SandBlast Agent designed to do?

• A. Performs OS-level sandboxing for SandBlast Cloud architecture
• B. Ensure the Check Point SandBlast services is running on the end user’s system
• C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
• D. Clean up email sent with malicious attachments

Answer: C

NEW QUESTION 7
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

• A. sim erdos –e 1
• B. sim erdos – m 1
• C. sim erdos –v 1
• D. sim erdos –x 1

Answer: A

NEW QUESTION 8
How many policy layers do Access Control policy support?

• A. 2
• B. 4
• C. 1
• D. 3

Answer: A

Explanation:
Two policy layers:
- Network Policy Layer
- Application Control Policy Layer

NEW QUESTION 9
What processes does CPM control?

• A. Object-Store, Database changes, CPM Process and web-services
• B. web-services, CPMI process, DLEserver, CPM process
• C. DLEServer, Object-Store, CP Process and database changes
• D. web_services, dle_server and object_Store

Answer: D

NEW QUESTION 10
What is the purpose of Priority Delta in VRRP?

• A. When a box up, Effective Priority = Priority + Priority Delta
• B. When an Interface is up, Effective Priority = Priority + Priority Delta
• C. When an Interface fail, Effective Priority = Priority – Priority Delta
• D. When a box fail, Effective Priority = Priority – Priority Delta

Answer: C

Explanation:
Each instance of VRRP running on a supported interface may monitor the link state of other interfaces. The monitored interfaces do not have to be running VRRP.
If a monitored interface loses its link state, then VRRP will decrement its priority over a VRID by the specified delta value and then will send out a new VRRP HELLO packet. If the new effective priority is less than the priority a backup platform has, then the backup platform will beging to send out its own HELLO packet.
Once the master sees this packet with a priority greater than its own, then it releases the VIP. References:

NEW QUESTION 11
In R80 spoofing is defined as a method of:

• A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation.
• B. Hiding your firewall from unauthorized users.
• C. Detecting people using false or wrong authentication logins
• D. Making packets appear as if they come from an authorized IP address.

Answer: D

Explanation:
IP spoofing replaces the untrusted source IP address with a fake, trusted one, to hijack connections to your network. Attackers use IP spoofing to send malware and bots to your protected network, to execute DoS attacks, or to gain unauthorized access.

NEW QUESTION 12
The system administrator of a company is trying to find out why acceleration is not working for the traffic. The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?

• A. There is a virus foun
• B. Traffic is still allowed but not accelerated.
• C. The connection required a Security server.
• D. Acceleration is not enabled.
• E. The traffic is originating from the gateway itself.

Answer: D

NEW QUESTION 13
On what port does the CPM process run?

• A. TCP 857
• B. TCP 18192
• C. TCP 900
• D. TCP 19009

Answer: D

NEW QUESTION 14
Which features are only supported with R80.10 Gateways but not R77.x?

• A. Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.
• B. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
• C. The rule base can be built of layers, each containing a set of the security rule
• D. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
• E. Time object to a rule to make the rule active only during specified times.

Answer: C

NEW QUESTION 15
What is the order of NAT priorities?

• A. Static NAT, IP pool NAT, hide NAT
• B. IP pool NAT, static NAT, hide NAT
• C. Static NAT, automatic NAT, hide NAT
• D. Static NAT, hide NAT, IP pool NAT

Answer: A

NEW QUESTION 16
What are the steps to configure the HTTPS Inspection Policy?

• A. Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard
• B. Go to Application&url filtering blade > Advanced > Https Inspection > Policy
• C. Go to Manage&Settings > Blades > HTTPS Inspection > Policy
• D. Go to Application&url filtering blade > Https Inspection > Policy

Answer: A

NEW QUESTION 17
On R80.10 the IPS Blade is managed by:

• A. Threat Protection policy
• B. Anti-Bot Blade
• C. Threat Prevention policy
• D. Layers on Firewall policy

Answer: C

NEW QUESTION 18
fwssd is a child process of which of the following Check Point daemons?

• A. fwd
• B. cpwd
• C. fwm
• D. cpd

Answer: A

NEW QUESTION 19
What is the mechanism behind Threat Extraction?

• A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
• B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
• C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
• D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Answer: D

NEW QUESTION 20
Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

• A. Auditor
• B. Read Only All
• C. Super User
• D. Full Access

Answer: B

NEW QUESTION 21
What must you do first if “fwm sic_reset” could not be completed?

• A. Cpstop then find keyword “certificate” in objects_5_0.C and delete the section
• B. Reinitialize SIC on the security gateway then run “fw unloadlocal”
• C. Reset SIC from Smart Dashboard
• D. Change internal CA via cpconfig

Answer: D

NEW QUESTION 22
What are the different command sources that allow you to communicate with the API server?

• A. SmartView Monitor, API_cli Tool, Gaia CLI, Web Services
• B. SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services
• C. SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
• D. API_cli Tool, Gaia CLI, Web Services

Answer: B

NEW QUESTION 23
Which of these is an implicit MEP option?

• A. Primary-backup
• B. Source address based
• C. Round robin
• D. Load Sharing

Answer: A

NEW QUESTION 24
What happen when IPS profile is set in Detect Only Mode for troubleshooting?

• A. It will generate Geo-Protection traffic
• B. Automatically uploads debugging logs to Check Point Support Center
• C. It will not block malicious traffic
• D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of
IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

NEW QUESTION 25
Where do you create and modify the Mobile Access policy in R80?

• A. SmartConsole
• B. SmartMonitor
• C. SmartEndpoint
• D. SmartDashboard

Answer: A

NEW QUESTION 26
Which Check Point software blade provides protection from zero-day and undiscovered threats?

• A. Firewall
• B. Threat Emulation
• C. Application Control
• D. Threat Extraction

Answer: B

NEW QUESTION 27
......