EMT Practice Test

1. Question Content...


Question List

Question1: What protocol is specifically used for clustered environments?

Question2: DLP and Geo Policy are examples of what type of Policy?

Question3: Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Question4: If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

Question5: Which of the following is the most secure means of authentication?

Question6: What are the two types of address translation rules?

Question7: What is the difference between an event and a log?

Question8: Which utility shows the security gateway general system information statistics like operating system information and resource usage, and individual software blade statistics of VPN, Identity Awareness and DLP?

Question9: Which authentication scheme requires a user to possess a token?

Question10: How Capsule Connect and Capsule Workspace differ?

Question11: What port is used for delivering logs from the gateway to the management server?

Question12: Identity Awareness allows the Security Administrator to configure network access based on which of the following?

Question13: Examine the following Rule Base.

What can we infer about the recent changes made to the Rule Base?

Question14: You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

Question15: AdminA and AdminB are both logged in on SmartConsole. What does it mean if AdminB sees a locked icon on a rule? Choose the BEST answer.

Question16: Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

Question17: Which one of the following is true about Threat Extraction?

Question18: Which command is used to add users to or from existing roles?

Question19: The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?

Question20: When logging in for the first time to a Security management Server through SmartConsole, a fingerprint is saved to the:

Question21: To install a brand new Check Point Cluster, the MegaCorp IT department bought 1 Smart-1 and 2 Security Gateway Appliances to run a cluster. Which type of cluster is it?

Question22: Which feature in R77 permits blocking specific IP addresses for a specified time period?

Question23: You are the Security Administrator for MegaCorp. In order to see how efficient your firewall Rule Base is, you would like to see how many often the particular rules match. Where can you see it? Give the BEST answer.

Question24: As you review this Security Policy, what changes could you make to accommodate Rule 4?

Question25: What is the default time length that Hit Count Data is kept?

Question26: You want to reset SIC between smberlin and sgosaka.

In SmartDashboard, you choose sgosaka, Communication, Reset. On sgosaka, you start cpconfig, choose Secure Internal Communication and enter the new SIC Activation Key. The screen reads The SIC was successfully initialized and jumps back to the menu. When trying to establish a connection, instead of a working connection, you receive this error message:

What is the reason for this behavior?

Question27: When LDAP is integrated with Check Point Security Management, it is then referred to as _______

Question28: Which of the following is NOT an alert option?

Question29: Which of the following is NOT defined by an Access Role object?

Question30: How would you deploy TE250X Check Point appliance just for email traffic and in-line mode without a Check Point Security Gateway?

Question31: Which of the following is used to enforce changes made to a Rule Base?

Question32: ABC Corp., and have recently returned from a training course on Check Point's new advanced R80 management platform. You are presenting an in-house R80 Management to the other administrators in ABC Corp.

How will you describe the new "Publish" button in R80 Management Console?

Question33: What port is used for communication to the User Center with SmartUpdate?

Question34: What is the BEST method to deploy Identity Awareness for roaming users?

Question35: Which of these attributes would be critical for a site-to-site VPN?

Question36: Which remote Access Solution is clientless?

Question37: What are the advantages of a "shared policy" in R80?

Question38: A digital signature:

Question39: Phase 1 of the two-phase negotiation process conducted by IKE operates in ______ mode.

Question40: Which deployment adds a Security Gateway to an existing environment without changing IP routing?

Question41: The __________ is used to obtain identification and security information about network users.

Question42: What does it mean if Deyra sees the gateway status:

Choose the BEST answer.

Question43: Choose the Best place to find a Security Management Server backup file named backup_fw, on a Check Point Appliance.

Question44: Which utility allows you to configure the DHCP service on GAIA from the command line?

Question45: Which statement is NOT TRUE about Delta synchronization?

Question46: Which of the following licenses are considered temporary?

Question47: Tom has been tasked to install Check Point R80 in a distributed deployment. Before Tom installs the systems this way, how many machines will he need if he does NOT include a SmartConsole machine in his calculations?

Question48: To view statistics on detected threats, which Threat Tool would an administrator use?

Question49: You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Question50: In which scenario is it a valid option to transfer a license from one hardware device to another?

Question51: Which is the correct order of a log flow processed by SmartEvent components:

Question52: In the Network policy layer, the default action for the Implied last rule is ________ all traffic. However, in the Application Control policy layer, the default action is ________ all traffic.

Question53: The Firewall kernel is replicated multiple times, therefore:

Question54: When a policy package is installed, ________ are also distributed to the target installation Security Gateways.

Question55: You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?

Question56: By default, which port does the WebUI listen on?

Question57: Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment. Which details she need to fill in System Restore window before she can click OK button and test the backup?

Question58: The technical-support department has a requirement to access an intranet server. When configuring a User Authentication rule to achieve this, which of the following should you remember?

Question59: While in SmartView Tracker, Brady has noticed some very odd network traffic that he thinks could be an intrusion. He decides to block the traffic for 60 minutes, but cannot remember all the steps. What is the correct order of steps needed to set up the block?
1) Select Active Mode tab in SmartView Tracker.
2) Select Tools > Block Intruder.
3) Select Log Viewing tab in SmartView Tracker.
4) Set Blocking Timeout value to 60 minutes.
5) Highlight connection that should be blocked.

Question60: Administrator wishes to update IPS from SmartConsole by clicking on the option "update now" under the IPS tab. Which device requires internet access for the update to work?

Question61: Which one of the following is a way that the objects can be manipulated using the new API integration in R80 Management?

Question62: Which limitation of CoreXL is overcome by using (mitigated by) Multi-Queue?

Question63: In what way are SSL VPN and IPSec VPN different?

Question64: What is also referred to as Dynamic NAT?

Question65: Which of these components does NOT require a Security Gateway R77 license?

Question66: What happens if the identity of a user is known?

Question67: ________information is included in the "Full Log" tracking option, but is not included in the "Log" tracking option?

Question68: What is the SOLR database for?

Question69: John is using Management HA. Which Smartcenter should be connected to for making changes?

Question70: Which of the following is NOT a SecureXL traffic flow?

Question71: When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches a packet. Which of the following statements about the order of rule enforcement is true?

Question72: You have discovered suspicious activity in your network. What is the BEST immediate action to take?

Question73: What are the steps to configure the HTTPS Inspection Policy?

Question74: What is UserCheck?

Question75: What is the default shell for the command line interface?

Question76: Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

Question77: You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

Question78: Which default user has full read/write access?

Question79: Your bank's distributed R77 installation has Security Gateways up for renewal. Which SmartConsole application will tell you which Security Gateways have licenses that will expire within the next 30 days?

Question80: As a Security Administrator, you must refresh the Client Authentication authorized time-out every time a new user connection is authorized. How do you do this? Enable the Refreshable Timeout setting:

Question81: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question82: When configuring Spoof Tracking, which tracking actions can an administrator select to be done when spoofed packets are detected?

Question83: VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?

Question84: What is the purpose of the Stealth Rule?

Question85: What CLI utility allows an administrator to capture traffic along the firewall inspection chain?