156-215.80 Exam Dumps - Check Point Certified Security Administrator R80

Log server; security management server

Log server; Security Gateway

Security management server; Security Gateway

Security Gateways; log server

The Firewall kernel only touches the packet if the connection is accelerated

The Firewall can run different policies per core

The Firewall kernel is replicated only with new connections and deletes itself once the connection times out

The Firewall can run the same policy on all cores

R80 Management API-

Identity Awareness Web Services API

Open REST API

OPSEC SDK

Run fwm dbexport -1 filename. Restore the database. Then, run fwm dbimport -1 filename to import the users.

Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.

Restore the entire database, except the user database, and then create the new user and user group.

Restore the entire database, except the user database.

SSL VPN is using HTTPS in addition to IKE, whereas IPSec VPN is clientless

SSL VPN adds an extra VPN header to the packet, IPSec VPN does not

IPSec VPN does not support two factor authentication, SSL VPN does support this

IPSec VPN uses an additional virtual adapter, SSL VPN uses the client network adapter only

Templates, Users

Users, Networks

Users, User Group

Networks, Hosts

Dynamic ID

RADIUS

Username and Password

Certificate

You checked the cache password on desktop option in Global Properties.

Another rule that accepts HTTP without authentication exists in the Rule Base.

You have forgotten to place the User Authentication Rule before the Stealth Rule.

Users must use the SecuRemote Client, to use the User Authentication Rule.

Gaia; command line interface

WebUI; Gaia Interface

Command line interface; WebUI

Gaia Interface; GaiaUI

C1>F6; C2>F4; C3>F2; C4>F5

C1>F2; C2>F1; C3>F6; C4>F4

C1>F2; C2>F4; C3>F1; C4>F5

C1>F4; C2>F6; C3>F3; C4>F5

User Name, Management Server IP, certificate fingerprint file

User Name, Password, Management Server IP

Password, Management Server IP

Password, Management Server IP, LDAP Server IP

Create a new logical-server object to represent your partner's CA

Exchange exported CA keys and use them to create a new server object to represent your partner's Certificate Authority (CA)

Manually import your partner's Certificate Revocation List.

Manually import your partner's Access Control List.

show configuration all

show confd configuration

show confd configuration all

show configuration

There is no traffic queue to be handled

Several NICs can use one traffic queue by one CPU

Each NIC has several traffic queues that are handled by multiple CPU cores

Each NIC has one traffic queue that is handled by one CPU

Use SmartView Tracker to follow his actions by filtering log entries that feature the WinSCP destination port. Then, export the corresponding entries to a separate log file for documentation.

Use SmartDashboard to add a rule in the firewall Rule Base that matches his IP address, and those of potential targets and suspicious protocols. Apply the alert action or customized messaging.

Watch his IP in SmartView Monitor by setting an alert action to any packet that matches your Rule Base and his IP address for inbound and outbound traffic.

Send the suspect an email with a keylogging Trojan attached, to get direct information about his wrongdoings.

Secure Internal Communication (SIC)

Restart Daemons if they fail

Transfer messages between Firewall processes

Pulls application monitoring status

Check Point R80 SmartConsole authentication is more secure than in previous versions and Vanessa requires a special authentication key for R80 SmartConsole. Check that the correct key details are used.

Check Point Management software authentication details are not automatically the same as the Operating System authentication details. Check that she is using the correct details.

SmartConsole Authentication is not allowed for Vanessa until a Super administrator has logged in first and cleared any other administrator sessions.

Authentication failed because Vanessa’s username is not allowed in the new Threat Prevention console update checks even though these checks passed with Gaia.

Matching a log against each event definition

Create an event candidate

Matching a log against local exclusions

Matching a log against global exclusions

On the Policy Package

On each Security Gateway

On the Policy layer

In Global Properties for the Security Management Server

When a box is up, Effective Priority = Priority + Priority Delta

When an Interface is up, Effective Priority = Priority + Priority Delta

When an Interface fails, Effective Priority = Priority - Priority Delta

When a box fails, Effective Priority = Priority - Priority Delta

the user connects and authenticates

office mode is initiated

the user requests a connection

the user connects

Only when there is Multicast solution set up

There is Load Sharing solution set up

Only when there is Unicast solution set up

There is High Availability solution set up

sysdown

exit

halt

shut-down

Only the objects being modified in the Management Database and other administrators can connect to make changes using a special session as long as they all connect from the same LAN network.

The entire Management Database and other administrators can connect to make changes only if the first administrator switches to Read-only.

The entire Management Database and all sessions and other administrators can connect only as Read-only.

Only the objects being modified in his session of the Management Database and other administrators can connect to make changes using different sessions.

Can only be changed for Load Sharing implementations

All connections are processed and synchronized by the pivot

Is configured using cpconfig

Is only relevant when using SecureXL

Three; security management, Security Gateway, and endpoint security

Three; Security gateway, endpoint security, and gateway management

Two; security management and endpoint security

Two; endpoint security and Security Gateway

Cleanup; stealth

Stealth; implicit

Cleanup; default

Implicit; explicit

Security questions

Check Point password

SecurID

RADIUS

John should lock and unlock his computer

Investigate this as a network connectivity issue

The access should be changed to authenticate the user instead of the PC

John should install the Identity Awareness Agent

To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.

Implied rules are fixed rules that you cannot change.

You can directly edit the Implicit rules by double-clicking on a specific Implicit rule.

You can edit the Implicit rules but only if requested by Check Point support personnel.

The setting Log does not capture this level of detail for GRE. Set the rule tracking action to Audit since certain types of traffic can only be tracked this way.

The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R77 Security Gateway cannot distinguish between GRE sessions. This is a known issue with GRE. Use IPSEC instead of the non-standard GRE protocol for encapsulation.

The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.

The Log Server is failing to log GRE traffic properly because it is VPN traffic. Disable all VPN configuration to the partner site to enable proper logging.

CPMI 200

TCP 8080

HTTP 80

HTTPS 443

23

264

900

259

Using Web Services

Using Mgmt_cli tool

Using CLISH

Using SmartConsole GUI console

Detects and blocks malware by correlating multiple detection engines before users are affected.

Configure rules to limit the available network bandwidth for specified users or groups.

Use UserCheck to help users understand that certain websites are against the company’s security policy.

Make rules to allow or block applications and Internet sites for individual applications, categories, and risk levels.

Application Control

Data Awareness

Identity Awareness

Threat Emulation

URL Filtering and Network

Network and Threat Prevention

Application Control and URL Filtering

Network and Application Control

Verify a Security Policy

Open a terminal shell

Add a static route

View Security Management GUI Clients

System backup

Save Configuration

Migrate

snapshot

Password

Certificate

MD5

Pre-shared secret

SmartCenter Server cannot reach this Security Gateway

There is a blade reporting a problem

VPN software blade is reporting a malfunction

Security Gateway’s MGNT NIC card is disconnected.

Used for full text search and enables powerful matching capabilities

Writes data to the database and full text search

Serves GUI responsible to transfer request to the DLE server

Enables powerful matching capabilities and writes data to the database

Consolidation Policy

Correlation Unit

SmartEvent Policy

SmartEvent GUI

Application Control

Threat Emulation

Anti-Virus

Advanced Networking Blade

backup

snapshot

Database Revision

migrate export

Log Implied Rule was not selected on Global Properties.

Log Implied Rule was not set correctly on the track column on the rules base.

Track log column is set to none.

Track log column is set to Log instead of Full Log.

There is one default user that cannot be deleted.

There are two default users and one cannot be deleted.

There is one default user that can be deleted.

There are two default users that cannot be deleted and one SmartConsole Administrator.

Yes.

No.

Yes, but only when using Automatic NAT.

Yes, but only when using Manual NAT.

Security Management Server

Check Point Gateway

SmartConsole

SmartUpdate upgrading/patching

UserCheck

User Directory

User Administration

User Center

TACACS

SecurID

Check Point password

RADIUS

degrades performance as the Security Policy grows in size

requires additional Check Point appliances

requires additional software subscription

increases cost

Set High Confidence to Low and Low Confidence to Inactive.

Set the Performance Impact to Medium or lower.

The problem is not with the Threat Prevention Profile. Consider adding more memory to the appliance.

Set the Performance Impact to Very Low Confidence to Prevent.

Gaia only

Gaia, SPLAT, Windows Server only

Gaia, SPLAT, Windows Server and IPSO only

Gaia and SPLAT only

Acquires identities from unidentified users.

Is only used for guest user authentication.

Allows access to users already identified.

Is deployed from the Identity Awareness page in the Global Properties settings.

Requires client and server side software.

Prompts the user to enter credentials.

Requires administrators to specifically allow LDAP traffic to and from the LDAP Server and the Security Gateway.

Is transparent, requiring no client or server side software, or client intervention.

Clients external to the Security Gateway can download archive files from FTP_Ext server using FTP.

Internal clients can upload and download any-files to FTP_Ext-server using FTP.

Internal clients can upload and download archive-files to FTP_Ext server using FTP.

Clients external to the Security Gateway can upload any files to the FTP_Ext-server using FTP.

SmartView Tracker

SmartPortal

SmartUpdate

SmartDashboard

Upon creation of a certificate

During the primary Security Management Server installation process.

When an administrator decides to create one.

When an administrator initially logs into SmartConsole.

“Encrypt” action in the Rule Base

Permanent Tunnels

“VPN” column in the Rule Base

Configuration checkbox “Accept all encrypted traffic”

ISO 37001

Sarbanes Oxley (SOX)

HIPPA

PCI

user is prompted for authentication by the Security Gateways again.

FTP data connection is dropped after the user is authenticated successfully.

user is prompted to authenticate from that FTP site only, and does not need to enter his username and password for Client Authentication

FTP connection is dropped by Rule 2.

In the SmartView Tracker, if you activate the column Matching Rate.

In SmartReporter, in the section Firewall Blade – Activity > Network Activity with information concerning Top Matched Logged Rules.

SmartReporter provides this information in the section Firewall Blade – Security > Rule Base Analysis with information concerning Top Matched Logged Rules.

It is not possible to see it directly. You can open SmartDashboard and select UserDefined in the Track column. Afterwards, you need to create your own program with an external counter.

The POP3 rule is disabled.

POP3 is accepted in Global Properties.

The POP3 rule is hidden.

POP3 is one of 3 services (POP3, IMAP, and SMTP) accepted by the default mail object in R77.

Logging has disk space issues. Change logging storage options on the logging server or Security Management Server properties and install database.

Data Awareness is not enabled.

Identity Awareness is not enabled.

Logs are arriving from Pre-R80 gateways.

Translated packet and untranslated packet

Untranslated packet and manipulated packet

Manipulated packet and original packet

Original packet and translated packet

NT domain

SMTP

LDAP

SecurID

Remove the installed Security Policy.

Remove the local ACL lists.

No effect.

Reset SIC on all gateways.

BGP, OSPF, RIP

BGP, OSPF, EIGRP, PIM, IGMP

BGP, OSPF, RIP, PIM, IGMP

BGP, OSPF, RIP, EIGRP

Application Dictionary

AppWiki

Application Library

CPApp

SmartView Monitor

WebUI

SmartUpdate

SmartProvisioning

Load Sharing and Legacy

Traditional and New

Active and Standby

New and Legacy

Check Point software deployed on a non-Check Point appliance.

The Open Server Consortium approved Server Hardware used for the purpose of Security and Availability.

A check Point Management Server deployed using the Open Systems Interconnection (OSI) Server and Security deployment model.

A check Point Management Server software using the Open SSL.

Read/Write, Read Only

Read/Write, Read only, None

Read/Write, None

Read Only, None

Low Security and No Screening above Network Layer

Application Independence

High Performance

Scalability