EMT Practice Test

1. Question Content...


Question List

Question1: Which default Gaia user has full read/write access?

Question2: Which option will match a connection regardless of its association with a VPN community?

Question3: To increase security, the administrator has modified the Core protection 'Host Port Scan' from 'Medium' to
'High' Predefined Sensitivity. Which Policy should the administrator install after Publishing the changes?

Question4: How many users can have read/write access in Gaia Operating System at one time?

Question5: In Unified SmartConsole Gateways and Servers tab you can perform the following functions EXCEPT
________.

Question6: Identity Awareness allows easy configuration for network access and auditing based on what three items?

Question7: What command from the CLI would be used to view current licensing?

Question8: There are four policy types available for each policy package. What are those policy types?

Question9: Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

Question10: Aggressive Mode in IKEv1 uses how many packages for negotiation?

Question11: Which configuration element determines which traffic should be encrypted into a VPN tunnel vs. sent in the clear?

Question12: Why is a Central License the preferred and recommended method of licensing?

Question13: Choose what BEST describes a Session

Question14: Secure Internal Communication (SIC) is handled by what process?

Question15: The Network Operations Center administrator needs access to Check Point Security devices mostly for troubleshooting purposes. You do not want to give her access to the expert mode, but she still should be able to run tcpdump. How can you achieve this requirement?

Question16: Where can alerts be viewed?

Question17: What needs to be configured if the NAT property 'Translate destination on client side' is not enabled in Global properties?

Question18: Which of the following is considered a "Subscription Blade", requiring renewal every 1-3 years?

Question19: Which of the following is NOT a tracking option? (Select three)

Question20: What is the default shell for the command line interface?

Question21: Please choose correct command syntax to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?

Question22: To view the policy installation history for each gateway, which tool would an administrator use?

Question23: What kind of NAT enables Source Port Address Translation by default?

Question24: Tom has connected to the Management Server remotely using SmartConsole and is in the process of making some Rule Base changes, when he suddenly loses connectivity. Connectivity is restored shortly afterward.
What will happen to the changes already made?

Question25: In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?

Question26: Which one of these features is NOT associated with the Check Point URL Filtering and Application Control Blade?

Question27: Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?

Question28: What is the main difference between Static NAT and Hide NAT?

Question29: Name the utility that is used to block activities that appear to be suspicious.

Question30: Fill in the blank RADIUS Accounting gets_____data from requests generated by the accounting client

Question31: Fill in the blank: Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or__________.

Question32: Which of the following is true about Stateful Inspection?

Question33: True or False: The destination server for Security Gateway logs depends on a Security Management Server configuration.

Question34: Using R80 Smart Console, what does a "pencil icon" in a rule mean?

Question35: The competition between stateful inspection and proxies was based on performance, protocol support, and security. Considering stateful Inspections and Proxies, which statement is correct?

Question36: What command would show the API server status?

Question37: What protocol is specifically used for clustered environments?

Question38: Which software blade does NOT accompany the Threat Prevention policy?

Question39: Is it possible to have more than one administrator connected to a Security Management Server at once?

Question40: Which of the following is NOT an option to calculate the traffic direction?

Question41: What is the user ID of a user that have all the privileges of a root user?

Question42: Fill in the blank: Once a certificate is revoked from the Security GateWay by the Security Management Server, the certificate information is _______.

Question43: When a gateway requires user information for authentication, what order does it query servers for user information?

Question44: What are the software components used by Autonomous Threat Prevention Profiles in R8I.20 and higher?

Question45: Fill in the blanks: Gaia can be configured using _______ the ________.

Question46: Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enable which path is handling the traffic?

Question47: Fill in the blank Backup and restores can be accomplished through

Question48: Which icon in the WebUI indicates that read/write access is enabled?

Question49: In which deployment is the security management server and Security Gateway installed on the same appliance?

Question50: What is the purpose of the Stealth Rule?

Question51: Which Threat Prevention profile uses sanitization technology?

Question52: Fill in the blank: SmartConsole, SmartEvent GUI client, and ___________ allow viewing of billions of consolidated logs and shows them as prioritized security events.

Question53: Which one of the following is TRUE?

Question54: Under which file is the proxy arp configuration stored?

Question55: Fill in the blank: It is Best Practice to have a _____ rule at the end of each policy layer.

Question56: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question57: What Identity Agent allows packet tagging and computer authentication?

Question58: To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members? Choose the best answer.

Question59: Which of the following is a valid deployment option?

Question60: What is NOT an advantage of Packet Filtering?

Question61: From the Gaia web interface, which of the following operations CANNOT be performed on a Security Management Server?

Question62: In which scenario will an administrator need to manually define Proxy ARP?

Question63: Fill in the blank: In Security Gateways R75 and above, SIC uses ______________ for encryption.

Question64: The SIC Status "Unknown" means

Question65: Check Point licenses come in two forms. What are those forms?

Question66: Fill in the blank: With the User Directory Software Blade, you can create user definitions on a(n)
___________ Server.

Question67: Which policy type is used to enforce bandwidth and traffic control rules?

Question68: Which of the following is NOT a valid deployment option for R80?

Question69: Which of the following methods can be used to update the trusted log server regarding the policy and configuration changes performed on the Security Management Server?

Question70: Fill in the blank: When tunnel test packets no longer invoke a response, SmartView Monitor displays
_____________ for the given VPN tunnel.

Question71: Fill in the blank: A(n)_____rule is created by an administrator and configured to allow or block traffic based on specified criteria.

Question72: Which of the following is NOT an authentication scheme used for accounts created through SmartConsole?

Question73: Which Check Point software blade monitors Check Point devices and provides a picture of network and security performance?

Question74: Fill in the blank Once a license is activated, a___________should be installed.

Question75: When using Automatic Hide NAT, what is enabled by default?

Question76: Which of the following is used to enforce changes made to a Rule Base?

Question77: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question78: Which of the following cannot be configured in an Access Role Object?

Question79: Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

Question80: Which of the following is NOT a tracking log option in R80.x?

Question81: Which method below is NOT one of the ways to communicate using the Management API's?

Question82: When you upload a package or license to the appropriate repository in SmartUpdate. where is the package or license stored?

Question83: Fill in the blank When LDAP is integrated with Check Point Security Management it is then referred to as_____

Question84: Which key is created during Phase 2 of a site-to-site VPN?

Question85: Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?

Question86: John is the administrator of a R80 Security Management server managing r R77.30 Check Point Security Gateway. John is currently updating the network objects and amending the rules using SmartConsole. To make John's changes available to other administrators, and to save the database before installing a policy, what must John do?

Question87: What is the most complete definition of the difference between the Install Policy button on the SmartConsole's tab, and the Install Policy within a specific policy?

Question88: Which of the following is NOT a valid deployment option for R80?

Question89: Which Threat Prevention Profile is not included by default in R80 Management?

Question90: In R80 Management, apart from using SmartConsole, objects or rules can also be modified using:

Question91: Fill in the blanks: A Security Policy is created in_____, stored in the_____ and Distributed to the various

Question92: The default shell of the Gaia CLI is cli.sh. How do you change from the cli.sh shell to the advanced shell to run Linux commands?

Question93: Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

Question94: Which of the following is NOT a component of Check Point Capsule?

Question95: SmartConsole provides a consolidated solution for everything that is necessary for the security of an organization, such as the following

Question96: You have enabled "Extended Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

Question97: Fill in the blank: By default, the SIC certificates issued by R80 Management Server are based on the
____________ algorithm.

Question98: Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

Question99: Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

Question100: Which of the following is TRUE regarding Gaia command line?

Question101: Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?

Question102: Fill in the blanks: The _______ collects logs and sends them to the _______.

Question103: Where can administrator edit a list of trusted SmartConsole clients?

Question104: Which message indicates IKE Phase 2 has completed successfully?

Question105: Which command shows the installed licenses?

Question106: What is a role of Publishing?

Question107: Which command shows detailed information about VPN tunnels?

Question108: Which is a suitable command to check whether Drop Templates are activated or not?

Question109: In order to see real-time and historical graph views of Security Gateway statistics in SmartView Monitor, what feature needs to be enabled on the Security Gateway?

Question110: Which of the following is the most secure means of authentication?

Question111: Which of the following is used to extract state related information from packets and store that information in state tables?

Question112: When comparing Stateful Inspection and Packet Filtering, what is a benefit that Stateful Inspection offers over Packer Filtering?

Question113: Access roles allow the firewall administrator to configure network access according to:

Question114: Fill in the blank: An LDAP server holds one or more ______________.

Question115: When an encrypted packet is decrypted, where does this happen?

Question116: In HTTPS Inspection policy, what actions are available in the "Actions" column of a rule?

Question117: What is true about the IPS-Blade?

Question118: Fill in the blanks: The Application Layer Firewalls inspect traffic through the ______ layer(s) of the TCP/IP model and up to and including the ______ layer.

Question119: Fill in the blank: Authentication rules are defined for ____________.

Question120: Choose what BEST describes users on Gaia Platform.

Question121: Which tool is used to enable ClusterXL?

Question122: Which Threat Prevention Software Blade provides protection from malicious software that can infect your network computers? (Choose the best answer.)

Question123: Fill in the blanks: There are ________ types of software containers ________.

Question124: A SAM rule Is implemented to provide what function or benefit?

Question125: URL Filtering cannot be used to:

Question126: Which back up method uses the command line to create an image of the OS?

Question127: What default layers are included when creating a new policy layer?

Question128: What are the three main components of Check Point security management architecture?

Question129: While enabling the Identity Awareness blade the Identity Awareness wizard does not automatically detect the windows domain Why does it not detect the windows domain?

Question130: How can the changes made by an administrator before publishing the session be seen by a superuser administrator?

Question131: Which of the following is NOT a role of the SmartCenter:

Question132: The purpose of the Communication Initialization process is to establish a trust between the Security Management Server and the Check Point gateways. Which statement best describes this Secure Internal Communication (SIC)?

Question133: The Gateway Status view in SmartConsole shows the overall status of Security Gateways and Software Blades. What does the Status Attention mean?

Question134: Administrator Dave logs into R80 Management Server to review and makes some rule changes. He notices that there is a padlock sign next to the DNS rule in the Rule Base.

What is the possible explanation for this?

Question135: Which of the completed statements is NOT true? The WebUI can be used to manage Operating System user accounts and

Question136: Which of the following is NOT supported by Bridge Mode Check Point Security Gateway

Question137: DLP and Geo Policy are examples of what type of Policy?

Question138: Check Point ClusterXL Active/Active deployment is used when:

Question139: In ____________ NAT, the ____________ is translated.

Question140: Which command shows the installed licenses in Expert mode?

Question141: Which of the following is NOT a valid configuration screen of an Access Role Object?

Question142: Which of the following Windows Security Events will NOT map a username to an IP address in Identity Awareness?

Question143: When configuring LDAP User Directory integration, Changes applied to a User Directory template are:

Question144: Which of the following is used to initially create trust between a Gateway and Security Management Server?

Question145: Which path below is available only when CoreXL is enabled?

Question146: The SmartEvent R80 Web application for real-time event monitoring is called:

Question147: What is the main difference between Threat Extraction and Threat Emulation?

Question148: Which of the following is considered to be the more secure and preferred VPN authentication method?

Question149: After trust has been established between the Check Point components, what is TRUE about name and IP-address changes?

Question150: View the rule below. What does the pen-symbol in the left column mean?

Question151: Fill in the blank: An identity server uses a ___________ for user authentication.

Question152: What are the three types of UserCheck messages?

Question153: If an administrator wants to restrict access to a network resource only allowing certain users to access it, and only when they are on a specific network what is the best way to accomplish this?

Question154: Which of the following licenses are considered temporary?

Question155: Fill in the blank: In order to install a license, it must first be added to the ____________.

Question156: Fill in the blanks: A Check Point software license consists of a__________ and _______.

Question157: Fill in the blank: The position of an implied rule is manipulated in the __________________ window.

Question158: When should you generate new licenses?

Question159: You have discovered suspicious activity in your network. What is the BEST immediate action to take?

Question160: Which Threat Prevention Software Blade provides comprehensive protection against malicious and unwanted network traffic, focusing on application and server vulnerabilities?

Question161: How are the backups stored in Check Point appliances?

Question162: What are the three deployment options available for a security gateway?

Question163: When an Admin logs into SmartConsole and sees a lock icon on a gateway object and cannot edit that object, what does that indicate?

Question164: You want to store the GAiA configuration in a file for later reference. What command should you use?

Question165: When configuring Anti-Spoofing, which tracking options can an Administrator select?

Question166: In SmartEvent, a correlation unit (CU) is used to do what?

Question167: Which single Security Blade can be turned on to block both malicious files from being downloaded as well as block websites known to host malware?

Question168: Which of the following commands is used to monitor cluster members?

Question169: When connected to the Check Point R80 Management Server using the SmartConsole the first administrator to connect has a lock on:

Question170: What is a reason for manual creation of a NAT rule?

Question171: Which of the following is NOT a policy type available for each policy package?

Question172: Which SmartConsole tab is used to monitor network and security performance?

Question173: What does it mean if Deyra sees the gateway status:

Choose the BEST answer.

Question174: You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

Question175: An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server (SMS). While configuring the VPN community to specify the pre-shared secret, the administrator did not find a box to input the pre-shared secret. Why does it not allow him to specify the pre-shared secret?

Question176: An administrator wishes to use Application objects in a rule in their policy but there are no Application objects listed as options to add when clicking the"+" to add new items to the "Services & Applications" column of a rule. What should be done to fix this?

Question177: What is the purpose of Captive Portal?

Question178: You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?

Question179: What object type would you use to grant network access to an LDAP user group?

Question180: You are the Check Point administrator for Alpha Corp with an R80 Check Point estate. You have received a call by one of the management users stating that they are unable to browse the Internet with their new tablet connected to the company Wireless. The Wireless system goes through the Check Point Gateway. How do you review the logs to see what the problem may be?

Question181: URL Filtering employs a technology, which educates users on web usage policy in real time. What is the name of that technology?

Question182: Which of the following is NOT supported by Bridge Mode on the Check Point Security Gateway?

Question183: Which of the following statements about Site-to-Site VPN Domain-based is NOT true?
* Route-based- The Security Gateways will have a Virtual Tunnel Interface (VTI) for each VPN Tunnel with a peer VPN Gateway. The Routing Table can have routes to forward traffic to these VTls. Any traffic routed through a VTI is automatically identified as VPN Traffic and is passed through the VPN Tunnel associated with the VTI.

Question184: What two ordered layers make up the Access Control Policy Layer?

Question185: Gaia includes Check Point Upgrade Service Engine (CPUSE), which can directly receive updates for what components?

Question186: When should you generate new licenses?

Question187: Which part of SmartConsole allows administrators to add, edit delete, and clone objects?

Question188: What are the two elements of address translation rules?

Question189: A layer can support different combinations of blades What are the supported blades:

Question190: Bob and Joe both have Administrator Roles on their Gaia Platform. Bob logs in on the WebUI and then Joe logs in through CLI. Choose what BEST describes the following scenario, where Bob and Joe are both logged in:

Question191: How do logs change when the "Accounting" tracking option is enabled on a traffic rule?

Question192: Which tool is used to enable cluster membership on a Gateway?

Question193: What is the BEST command to view configuration details of all interfaces in Gaia CLISH?

Question194: What are the three components for Check Point Capsule?