NEW QUESTION 1
By default, which port does the WebUI listen on?

• A. 80
• B. 4434
• C. 443
• D. 8080

Answer: C

NEW QUESTION 2
What is the responsibility of SOLR process on R80.10 management server?

• A. Validating all data before it’s written into the database
• B. It generates indexes of data written to the database
• C. Communication between SmartConsole applications and the Security Management Server
• D. Writing all information into the database

Answer: B

NEW QUESTION 3
You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

• A. IPS AND Application Control
• B. IPS, anti-virus and anti-bot
• C. IPS, anti-virus and e-mail security
• D. SandBlast

Answer: D

NEW QUESTION 4
Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?

• A. logd
• B. fwd
• C. fwm
• D. cpd

Answer: B

NEW QUESTION 5
What is the SandBlast Agent designed to do?

• A. Performs OS-level sandboxing for SandBlast Cloud architecture
• B. Ensure the Check Point SandBlast services is running on the end user’s system
• C. If malware enters an end user’s system, the SandBlast Agent prevents the malware from spreading with the network
• D. Clean up email sent with malicious attachments

Answer: C

NEW QUESTION 6
What are the three components for Check Point Capsule?

• A. Capsule Docs, Capsule Cloud, Capsule Connect
• B. Capsule Workspace, Capsule Cloud, Capsule Connect
• C. Capsule Workspace, Capsule Docs, Capsule Connect
• D. Capsule Workspace, Capsule Docs, Capsule Cloud

Answer: D

NEW QUESTION 7
Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-m ail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?

• A. SandBlast Threat Emulation
• B. SandBlast Agent
• C. Check Point Protect
• D. SandBlast Threat Extraction

Answer: D

NEW QUESTION 8
Office mode means that:

• A. SecurID client assigns a routable MAC addres
• B. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.
• C. Users authenticate with an Internet browser and use secure HTTPS connection.
• D. Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.
• E. Allows a security gateway to assign a remote client an IP addres
• F. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Answer: D

NEW QUESTION 9
Which command is used to display status information for various components?

• A. show all systems
• B. show system messages
• C. sysmess all
• D. show sysenv all

Answer: D

NEW QUESTION 10
SmartEvent does NOT use which of the following procedures to identify events:

• A. Matching a log against each event definition
• B. Create an event candidate
• C. Matching a log against local exclusions
• D. Matching a log against global exclusions

Answer: C

Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event References:

NEW QUESTION 11
How long may verification of one file take for Sandblast Threat Emulation?

• A. up to 1 minutes
• B. within seconds cleaned file will be provided
• C. up to 5 minutes
• D. up to 3 minutes

Answer: B

NEW QUESTION 12
You notice that your firewall is under a DDoS attack and would like to enable the Penalty Box feature, which command you use?

• A. sim erdos –e 1
• B. sim erdos – m 1
• C. sim erdos –v 1
• D. sim erdos –x 1

Answer: A

NEW QUESTION 13
What statement best describes the Proxy ARP feature for Manual NAT in R80.10?

• A. Automatic proxy ARP configuration can be enabled
• B. Translate Destination on Client Side should be configured
• C. fw ctl proxy should be configured
• D. local.arp file must always be configured

Answer: D

NEW QUESTION 14
What is the recommended number of physical network interfaces in a Mobile Access cluster deployment?

• A. 4 Interfaces – an interface leading to the organization, a second interface leading to the internet, a third interface for synchronization, a fourth interface leading to the Security Management Server.
• B. 3 Interfaces – an interface leading to the organization, a second interface leading to the Internet, a third interface for synchronization.
• C. 1 Interface – an interface leading to the organization and the Internet, and configure for synchronization.
• D. 2 Interfaces – a data interface leading to the organization and the Internet, a second interface for synchronization.

Answer: B

NEW QUESTION 15
Which encryption algorithm is the least secured?

• A. AES-128
• B. AES-256
• C. DES
• D. 3DES

Answer: C

NEW QUESTION 16
What is the order of NAT priorities?

• A. Static NAT, IP pool NAT, hide NAT
• B. IP pool NAT, static NAT, hide NAT
• C. Static NAT, automatic NAT, hide NAT
• D. Static NAT, hide NAT, IP pool NAT

Answer: A

NEW QUESTION 17
What happen when IPS profile is set in Detect Only Mode for troubleshooting?

• A. It will generate Geo-Protection traffic
• B. Automatically uploads debugging logs to Check Point Support Center
• C. It will not block malicious traffic
• D. Bypass licenses requirement for Geo-Protection control

Answer: C

Explanation:
It is recommended to enable Detect-Only for Troubleshooting on the profile during the initial installation of
IPS. This option overrides any protections that are set to Prevent so that they will not block any traffic.
During this time you can analyze the alerts that IPS generates to see how IPS will handle network traffic, while avoiding any impact on the flow of traffic.

NEW QUESTION 18
......