Which upgrade method you should use upgrading from R80.40 to R81.20 to avoid any downtime?
AMulti-Version Cluster Upgrade (MVC)
BZero Downtime Upgrade (ZDU)
CConnectivity Upgrade (CU)
DMinimal Effort Upgrade (ME)
While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain. Why does it not detect the windows domain?
ASecurity Gateway is not part of the Domain
BSmartConsole machine is not part of the domain
CIdentity Awareness is not enabled on Global properties
DSecurity Management Server is not part of the domain
Which of the following is NOT a method used by Identity Awareness for acquiring identity?
ARemote Access
BActive Directory Query
CCloud IdP (Identity Provider)
DRADIUS
Question 6
Performance Tuning
0
Question 7
Performance Tuning
Question 8
Performance Tuning
Question 9
High Availability
Question 10
High Availability
Question 11
High Availability
Question 12
Advanced Policy Configuration
Question 13
Custom Threat Protection
Question 14
Advanced Security Maintenance
Question 15
Remote Access VPN
Question 16
Mobile Access VPN
Question 17
Remote Access VPN
Question 18
Remote Access VPN
Question 19
Advanced Security Monitoring
Question 20
Advanced User Access Management
Question 21
Advanced Security Monitoring
Question 22
Advanced Deployments Management
Question 23
High Availability
Question 24
Advanced Deployments Management
Question 25
Advanced Security Maintenance
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which statement is most correct regarding about “CoreXL Dynamic Dispatcher’?
AThe CoreXL FW instances assignment mechanism is based on IP Protocol type.
BThe CoreXL FW instances assignment mechanism is based on the utilization of CPU cores
CThe CoreXL FW instances assignment mechanism is based on Source MAC addresses, Destination MAC addresses
DThe CoreXL FW instances assignment mechanism is based on Source IP addresses, Destination IP addresses, and the IP ‘Protocol’ type.
CoreXL is NOT supported when one of the following features is enabled:
AOverlapping NAT
BRoute-based VPN
CIPv6
DIPS
What is the correct description for the Dynamic Balancing / Spit feature?
ADynamic Balancing / Split dynamically change the number of SND's and firewall instances based on the current load. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
BDynamic Balancing / Split dynamically distribute the traffic from one network interface to multiple SND’s. The interface must support Multi-Queue. It is only available on Quantum Appliances (not on Quantum Spark or Open Server)
CDynamic Balancing / Split dynamically change the number of SND’s and firewall instances based on the current load. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
DDynamic Balancing / Spit dynamically distribute the traffic from one network interface to multiple SND’s. The interface must support Multi-Queue. It is only available on Quantum Appliances and Open Server (not on Quantum Spark)
What could NOT be a reason for synchronization issues in a Management HA environment?
AHardware clocks do not match even with adjustments for different time zones
BAccidentally, you have configured unique IP addresses per Management Server which invalidates the CA Certificate
CThere is a network connectivity failure between the servers
DThe products installed on the servers do not match: one device is a Standalone Server while the other is only a Security Management server.
What order should be used when upgrading a Management High Availability Cluster?
ASecondary Management, then Primary Management
BActive Management, then Standby Management
CStandby Management, then Active Management
DPrimary Management, then Secondary Management
What mechanism can ensure that the Security Gateway can communicate with the Management Server with ease in situations with overwhelmed network resources?
AThere is a feature for ensuring stable connectivity to the management server and is done via Priority Queuing.
BThe corresponding feature is new to R81.10 and is called “Management Data Plane Separation”
CThe corresponding feature is called “Dynamic Split”
DThe corresponding feature is called “Dynamic Dispatching”
What is the difference between Updatable Objects and Dynamic Objects
AUpdatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
BDynamic Objects are maintained automatically by the Threat Cloud. For Dynamic Objects there is no need to install policy for the changes to take effect. Updatable Objects are created and maintained locally.
CUpdatable Objects is a Threat Cloud Service. The provided Objects are updated automatically. Dynamic Objects are created and maintained locally. For Dynamic Objects there is no need to install policy for the changes to take effect.
DDynamic Objects are maintained automatically by the Threat Cloud. Updatable Objects are created and maintained locally. In both cases there is no need to install policy for the changes to take effect.
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
AEnable .exe bat protection in IPS Policy
Btecli advanced attributes set prohibited_file_types exe, bat
Ccreate FW rule for particular protocol
Denable DLP and select .exe and .bat file type
Which command will reset the kernel debug options to default settings?
Afw ctl dbg –a 0
Bfw ctl debug set 0
Cfw ctl debug 0
Dfw ctl dbg resetall
Is it possible to establish a VPN before the user login to the Endpoint Client.
AYes, you had to set neo_remember_user_password to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_remember_user_password attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway
BYes, you had to set neo_always_connected to true in the trac.defaults of the Remote Access Client or you can use the endpoint_vpn_always_connected attribute in the trac_client_1.ttm file located in the $FWDIR/conf directory on the Security Gateway
CNo, the user must login first.
DYes, you have to enable Machine Authentication in the Gateway object of the Smart Console
Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications. Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:
AReverseProxy
BReverseCLIProxy
CReverseProxyCLI
DProxyReverseCLI
What are the two modes for SNX (SSL Network Extender)?
ANetwork Mode and Hub Mode
BNetwork Mode and Application Mode
CVisitor Mode and Office Mode
DOffice Mode and Hub Moe
Native Applications require a thin client under which circumstances?
AIf you want to have assigned a particular Office Mode IP address
BIf you are about to use a client (FTP, RDP, ...) that is installed on the endpoint.
CIf you want to use a VPN Client that is not officially supported by the underlying operating system
DIf you want to use a legacy 32-Bit Windows OS
You have used the SmartEvent GUI to create a custom Event policy. What is the best way to display the correlated Events generated by SmartEvent Policies?
AIn the SmartConsole / Logs & Monitor –> open the Logs View and use type:Correlated as query filter.
BSelect the Events tab in the SmartEvent GUI or use the Events tab in the SmartView web interface.
COpen SmartView Monitor and select the SmartEvent Window from the main menu.
DIn the SmartConsole / Logs & Monitor –> open a new Tab and select External Apps / SmartEvent.
Fill in the blanks. Default port numbers for an LDAP server is _______ for standard connections and _______ SSL connections.
A443; 389
B636; 8080
C290; 3389
D389; 636
When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:
ASyslog
BSNMP Trap
CMail
DBlock Source
Choose the correct syntax to add a new host named “emailserver1” with IP address 10.50.23.90 using GAiA Management CLI?
Amgmt._cli add host name “emailserver1” ip-address 10.50.23.90
Cmgmt._cli add host name “myHost12 ip” address 10.50.23.90
Dmgmt._cli add host name ip-address 10.50.23.90
What command verifies that the API server is responding?
Aapi stat
Bshow api_status
Capi_get_status
Dapi status
What are the different command sources that allow you to communicate with the API server?
AAPI_cli Tool, Gaia CLI, Web Services
BSmartConsole GUI Console, API_cli Tool, Gaia CLI, Web Services
CSmartView Monitor, API_cli Tool, Gaia CLI, Web Services
DSmartConsole GUI Console, mgmt._cli Tool, Gaia CLI, Web Services
Alice works for a big security outsourcing provider company and as she receives a lot of change requests per day she wants to use for scripting daily tasks the API services from Check Point for the Management API. Firstly, she needs to be aware if the API services are running for the management. Which of the following Check Point Command is true:
