Checkpoint 156-315.80 Check Point Certified Security Expert (CCSE) R80 Exam Practice Test

fw ctl stat

clusterXL stat

clusterXL status

cphaprob stat

fwd

fwm

cpm

cpd

Connections destined to or originated from the Security gateway

A 5-tuple match

Multicast packets

Connections that have a Handler (ICMP, FTP, H.323, etc.)

Analyzes each log entry as it arrives at the log server according to the Event Policy. When a threat pattern is identified, an event is forwarded to the SmartEvent Server.

Correlates all the identified threats with the consolidation policy.

Collects syslog data from third party devices and saves them to the database.

Connects with the SmartEvent Client when generating threat reports.

Tom’s changes will have been stored on the Management when he reconnects and he will not lose any of his work.

Tom will have to reboot his SmartConsole computer, and access the Management cache store on that computer, which is only accessible after a reboot.

Tom’s changes will be lost since he lost connectivity and he will have to start again.

Tom will have to reboot his SmartConsole computer, clear to cache, and restore changes.

SecurID client assigns a routable MAC address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

Users authenticate with an Internet browser and use secure HTTPS connection.

Local ISP (Internet service Provider) assigns a non-routable IP address to the remote user.

Allows a security gateway to assign a remote client an IP address. After the user authenticates for a tunnel, the VPN gateway assigns a routable IP address to the remote client.

To satellites through center only

To center only

To center and to other satellites through center

To center, or through the center to other satellites, to Internet and other VPN targets

Security Policies

Logs and Monitor

Manage and Settings

Gateways and Servers

For FTP connections – do not sync

Add a second interface to handle sync traffic

For short connections like http service – do not sync

For short connections like icmp service – delay sync for 2 seconds

Matching a log against each event definition

Create an event candidate

Matching a log against local exclusions

Matching a log against global exclusions

Network Interface Card, OSI Network Layer, OS IP Stack, and the Acceleration Device

Network Interface Card, Check Point Firewall Kernal, and the Acceleration Device

Network Interface Card and the Acceleration Device

Network Interface Card, OSI Network Layer, and the Acceleration Device

Check Point Protect Application

Management Dashboard

Behavior Risk Engine

Check Point Gateway

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

Time object to a rule to make the rule active only during specified times.

Sub Policies ae sets of rules that can be created and attached to specific rules. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Lagging

Synchronized

Never been synchronized

Collision

By modifying the firewall rulebase

By creating event candidates

By matching logs against exclusions

By matching logs against event rules

SmartConsole

Security Management Server and Security Gateway

Security Management Server

SmartConsole and Security Management Server

CPMl (18190)

CPM (19009), CPMl (18190) https (443)

CPM (19009). CPMl (18190) CPD (18191)

ICA_Pull (18210), CPMl (18190) https (443)

User Directory

Captive Portal and Transparent Kerberos Authentication

Captive Portal

UserCheck

GaiaUI; command line interface

WebUI; Gaia Interface

Command line interface; WebUI

Gaia Interface; GaiaUI

migrate export

upgrade_tools verify

pre_upgrade_verifier

migrate import

fwm compile

fwm load

fwm fetch

fwm install

Upon creation of a certificate.

During the primary Security Management Server installation process.

When an administrator decides to create one.

When an administrator initially logs into SmartConsole.

Web Browsers and user devices

DMZ server

Cloud

Email servers

Remove the installed Security Policy.

Remove the local ACL lists.

No effect.

Reset SIC on all gateways.

Marks logs that individually are not events, but may be part of a larger pattern to be identified later.

Generates an event based on the Event policy.

Assigns a severity level to the event.

Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.

This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.

This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.

This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).

Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Use 1 cluster + 1st sync

Use 1 dedicated sync interface

Use 3 clusters + 1st sync + 2nd sync + 3rd sync

Use 2 clusters +1st sync + 2nd sync

SecureID

SecurID

Complexity

TacAcs

The Database revisions will not be synchronized between the management servers

SmartConsole must be closed prior to synchronized changes in the objects database

If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

Support for IPv6

Granular access control

Strong user authentication

Secure connectivity

19090,22

19190,22

18190,80

19009,443

IKE Phase 1

IPSEC Phase 2

IPSEC Phase 1

IKE Phase 2

cpinfo –h all

cpinfo –o hotfix

cpinfo –l hotfix

cpinfo –y all

224.0.0.18

224 00 5

224.0.0.102

224.0.0.22

AES-128

AES-256

DES

3DES

fw ctl set int fwha vmac global param enabled

fw ctl get int vmac global param enabled; result of command should return value 1

cphaprob-a if

fw ctl get int fwha_vmac_global_param_enabled; result of command should return value 1

User data base corruption

LDAP conflicts

Traffic issues

Phase two key negotiations

Messaging tool used to verify a user’s credentials.

Communication tool used to inform a user about a website or application they are trying to access.

Administrator tool used to monitor users on their network.

Communication tool used to notify an administrator when a new user is created.

cphaprob –a if

cphaconf ccp multicast

cphaconf debug data

cphaprob igmp

Dynamic objects are available in the Object Explorer

SecureXL can be disabled in cpconfig

fwaccel commands can be used in clish

Only one packet in a stream is seen in a fw monitor packet capture

fw ctl get int cpsead_stat

cpstat cpsead

fw ctl stat cpsemd

cp_conf get_stat cpsemd

upgrade_import

cpconfig

fwm dbimport -p

cpinfo –recover

Mail, Block Source, Block Event Activity, External Script, SNMP Trap

Mail, Block Source, Block Destination, Block Services, SNMP Trap

Mail, Block Source, Block Destination, External Script, SNMP Trap

Mail, Block Source, Block Event Activity, Packet Capture, SNMP Trap

ThreatCloud is a database-related application which is located on-premise to preserve privacy of company-related data

ThreatCloud is a collaboration platform for all the CheckPoint customers to form a virtual cloud consisting of a combination of all on-premise private cloud environments

ThreatCloud is a collaboration platform for Check Point customers to benefit from VMWare ESXi infrastructure which supports the Threat Emulation Appliances as virtual machines in the EMC Cloud

ThreatCloud is a collaboration platform for all the Check Point customers to share information about malicious and benign files that all of the customers can benefit from as it makes emulation of known files unnecessary

SMS Alert, Log, SNMP alert

Syslog, None, User-defined scripts

None, Log, Syslog

Alert, SNMP trap, Mail

RSA 2048

RSA 1024

SHA-256

AES

Reports

Advanced

Checkups

Views

SmartView Monitor, API_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, mgmt_cli Tool, Gaia CLI, Web Services

SmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services

API_cli Tool, Gaia CLI, Web Services

show all systems

show system messages

sysmess all

show sysenv all

host name myHost12 ip-address 10.50.23.90

mgmt: add host name ip-address 10.50.23.90

add host name emailserver1 ip-address 10.50.23.90

mgmt: add host name emailserver1 ip-address 10.50.23.90

ffffffff

00000001

00000002

00000003

$FWDIR/conf/conf.conf

$FWDIR/conf/servers.conf

$FWDIR/conf/fwauthd.conf

$FWDIR/conf/serversd.conf

Threat Emulation never delivers a file and takes more than 3 minutes to complete.

Threat Extraction always delivers a file and takes less than a second to complete.

Threat Emulation never delivers a file that takes less than a second to complete.

Threat Extraction never delivers a file and takes more than 3 minutes to complete.

SmartUpdate

cpconfig

SmartConsole

sysconfig

Go to Manage&Settings > Blades > HTTPS Inspection > Configure in SmartDashboard

Go to Application&url filtering blade > Advanced > Https Inspection > Policy

Go to Manage&Settings > Blades > HTTPS Inspection > Policy

Go to Application&url filtering blade > Https Inspection > Policy

R80.40 and later

R76 and later

R70 and Later

R80.10 and Later

CPUSE offline upgrade only

Advanced upgrade or CPUSE offline upgrade

Advanced Upgrade only

SmartUpdate offline upgrade

Security Gateway failover is an automatic procedure but Security Management Server failover is a manual procedure.

Security Gateway failover as well as Security Management Server failover is a manual procedure.

Security Gateway failover is a manual procedure but Security Management Server failover is an automatic procedure.

Security Gateway failover as well as Security Management Server failover is an automatic procedure.

Access Control policy unifies the Firewall, Application Control & URL Filtering, Data Awareness, and Mobile Access Software Blade policies.

Limits the upload and download throughput for streaming media in the company to 1 Gbps.

The rule base can be built of layers, each containing a set of the security rules. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.

Time object to a rule to make the rule active only during specified times.

This rule No. 6 has been marked for deletion in your Management session.

This rule No. 6 has been marked for deletion in another Management session.

This rule No. 6 has been marked for editing in your Management session.

This rule No. 6 has been marked for editing in another Management session.

The CoreXL FW instanxces assignment mechanism is based on Source MAC addresses, Destination MAC addresses

The CoreXL FW instances assignment mechanism is based on the utilization of CPU cores

The CoreXL FW instances assignment mechanism is based on IP Protocol type

The CoreXl FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type

Post-Automatic/Manual NAT rules

Manual/Pre-Automatic NAT

Automatic Hide NAT

Automatic Static NAT

Route-based VPN

IPS

IPv6

Overlapping NAT

To satellites through center only.

To center, or through the center to other satellites, to Internet and other VPN targets.

To center and to other satellites through center.

To center only.

By dropping traffic from websites identified through ThreatCloud Verification and URL Caching

By dropping traffic that is not proven to be from clean websites in the URL Filtering blade

By allowing traffic from websites that are known to run Antivirus Software on servers regularly

By matching logs against ThreatCloud information about the reputation of the website

Security Gateway with GAiA does NOT have SFTP access to Internet

Security Gateway with GAiA does NOT have access to Internet.

Security Gateway with GAiA does NOT have SSH access to Internet.

The desired CPUSE package is ONLY available in the Check Point CLOUD.

The Firewall kernel only touches the packet if the connection is accelerated

The Firewall can run different policies per core

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

The Firewall can run the same policy on all cores.

“write memory” was not issued on clish

changes are only possible via SmartConsole

“save config” was not issued in expert mode

“save config” was not issued on clish

“i", “l” and “o”

I don’t see it in fw monitor

“i" only

“i" and “l”