EMT Practice Test

1. Question Content...


Question List

Question1: Which one of the following is true about Threat Emulation?

Question2: Using mgmt_cli, what is the correct syntax to import a host object called Server_1 from the CLI?

Question3: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question4: Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.

Question5: In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?

Question6: To enable Dynamic Dispatch on Security Gateway without the Firewall Priority Queues, run the following command in Expert mode and reboot:

Question7: What are the blades of Threat Prevention?

Question8: What is the purpose of the command "ps aux | grep twd"?

Question9: Fill in the blank: The IPS policy for pre-R81 gateways is installed during the _______ .

Question10: Which two of these Check Point Protocols are used by SmartEvent Processes?

Question11: What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap"number of captures"?

Question12: Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?

Question13: SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Question14: Check Point security components are divided into the following components:

Question15: How is communication between different Check Point components secured in R81? As with all questions, select the BEST answer.

Question16: What is the Implicit Clean-up Rule?

Question17: Which of the following is NOT supported by CPUSE?

Question18: Which command lists firewall chain?

Question19: Can Check Point and Third-party Gateways establish a certificate-based Site-to-Site VPN tunnel?

Question20: Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?

Question21: Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

Question22: You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Question23: Can multiple administrators connect to a Security Management Server at the same time?

Question24: After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file?

Question25: Which command can you use to verify the number of active concurrent connections?

Question26: Which of the following technologies extracts detailed information from packets and stores that information in state tables?

Question27: What are the minimum open server hardware requirements for a Security Management Server/Standalone in R81?

Question28: In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Question29: What is false regarding prerequisites for the Central Deployment usage?

Question30: Fill in the blank: __________ information is included in "Full Log" tracking option, but is not included in "Log" tracking option?

Question31: What are the two modes for SNX (SSL Network Extender)?

Question32: If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)

Question33: You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?

Question34: Vanessa is a Firewall administrator. She wants to test a backup of her company's production Firewall cluster Dallas_GW. She has a lab environment that is identical to her production environment. She decided to restore production backup via SmartConsole in lab environment.
Which details she need to fill in System Restore window before she can click OK button and test the backup?

Question35: How many users can have read/write access in Gaia at one time?

Question36: Using ClusterXL, what statement is true about the Sticky Decision Function?

Question37: What statement best describes the Proxy ARP feature for Manual NAT in R81.10?

Question38: You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it?

Question39: What is mandatory for ClusterXL to work properly?

Question40: What does the Log "Views" tab show when SmartEvent is Correlating events?

Question41: Fill in the blanks: In the Network policy layer, the default action for the Implied last rule is ____ all traffic. However, in the Application Control policy layer, the default action is ______ all traffic.

Question42: When synchronizing clusters, which of the following statements is FALSE?

Question43: What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi-Version Cluster(MVC) Upgrade?

Question44: What is the port used for SmartConsole to connect to the Security Management Server?

Question45: How many policy layers do Access Control policy support?

Question46: You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?

Question47: What command verifies that the API server is responding?

Question48: Which components allow you to reset a VPN tunnel?

Question49: According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory. Which process is true for receiving these Tiles;

Question50: Which component is NOT required to communicate with the Web Services API?

Question51: Fill in the blank. Once a certificate is revoked from the Security Gateway by the Security Management Server, the certificate information is ________ .

Question52: One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?

Question53: Where do you create and modify the Mobile Access policy in R81?

Question54: What are possible Automatic Reactions in SmartEvent?

Question55: What SmartEvent component creates events?

Question56: What is true about the IPS-Blade?

Question57: John is using Management HA.
Which Smartcenter should be connected to for making changes?

Question58: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question59: What scenario indicates that SecureXL is enabled?

Question60: Which command is used to obtain the configuration lock in Gaia?

Question61: In the Firewall chain mode FFF refers to:

Question62: There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?

Question63: Which command shows detailed information about VPN tunnels?

Question64: What are the different command sources that allow you to communicate with the API server?

Question65: What is not a purpose of the deployment of Check Point API?

Question66: There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?

Question67: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question68: Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?

Question69: SmartEvent uses it's event policy to identify events. How can this be customized?

Question70: Office mode means that:

Question71: After the initial installation on Check Point appliance, you notice that the Management-interface and default gateway are incorrect.
Which commands could you use to set the IP to 192.168.80.200/24 and default gateway to 192.168.80.1.

Question72: You want to verify if your management server is ready to upgrade to R81.10. What tool could you use in this process?

Question73: Main Mode in IKEv1 uses how many packages for negotiation?

Question74: What is the purpose of a SmartEvent Correlation Unit?

Question75: Please choose the path to monitor the compliance status of the Check Point R81.10 based management.

Question76: Which file contains the host address to be published, the MAC address that needs to be associated with the IP Address, and the unique IP of the interface that responds to ARP request?

Question77: Which of the following will NOT affect acceleration?

Question78: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question79: Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?

Question80: Which configuration file contains the structure of the Security Server showing the port numbers, corresponding protocol name, and status?

Question81: What is the SOLR database for?

Question82: Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?

Question83: From SecureXL perspective, what are the tree paths of traffic flow:

Question84: What will SmartEvent automatically define as events?

Question85: What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Question86: Session unique identifiers are passed to the web api using which http header option?

Question87: John detected high load on sync interface. Which is most recommended solution?

Question88: Which of the following is NOT a component of Check Point Capsule?

Question89: SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX?

Question90: What is the recommended way to have a redundant Sync connection between the cluster nodes?

Question91: In which formats can Threat Emulation forensics reports be viewed in?

Question92: In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with __________________ will not apply.

Question93: When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:

Question94: Which command shows the current connections distributed by CoreXL FW instances?

Question95: Why would an administrator see the message below?

Question96: Which directory below contains log files?

Question97: Which statement is correct about the Sticky Decision Function?

Question98: What is the name of the secure application for Mail/Calendar for mobile devices?

Question99: According to out of the box SmartEvent policy, which blade will automatically be correlated into events?

Question100: What is the valid range for Virtual Router Identifier (VRID) value in a Virtual Routing Redundancy Protocol (VRRP) configuration?

Question101: You need to change the number of firewall Instances used by CoreXL. How can you achieve this goal?

Question102: In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom Which of the following statements is correct?

Question103: In what way are SSL VPN and IPSec VPN different?

Question104: Which TCP port does the CPM process listen on?

Question105: Fill in the blanks: Gaia can be configured using the ______ or _____ .

Question106: Which of the following describes how Threat Extraction functions?

Question107: In R81, where do you manage your Mobile Access Policy?

Question108: Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R81?

Question109: Which command gives us a perspective of the number of kernel tables?

Question110: In a Client to Server scenario, which inspection point is the first point immediately following the tables and rule base check of a packet coming from outside of the network?

Question111: John detected high load on sync interface. Which is most recommended solution?

Question112: How many images are included with Check Point TE appliance in Recommended Mode?

Question113: After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?

Question114: In the Check Point Security Management Architecture, which component(s) can store logs?

Question115: If a "ping"-packet is dropped by FW1 Policy -on how many inspection Points do you see this packet in "fw monitor"?

Question116: To fully enable Dynamic Dispatcher on a Security Gateway:

Question117: SandBlast agent extends 0 day prevention to what part of the network?

Question118: The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.

Question119: Fill in the blank: The R81 feature _____ permits blocking specific IP addresses for a specified time period.

Question120: With Mobile Access enabled, administrators select the web-based and native applications that can be accessed by remote users and define the actions that users can perform the applications. Mobile Access encrypts all traffic using:

Question121: Fill in the blank: The R81 SmartConsole, SmartEvent GUI client, and _______ consolidate billions of logs and shows then as prioritized security events.

Question122: How long may verification of one file take for Sandblast Threat Emulation?

Question123: Identify the API that is not supported by Check Point currently.

Question124: When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?

Question125: What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Question126: Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.10 SmartConsole application?

Question127: Which of the following is a new R81 Gateway feature that had not been available in R77.X and older?

Question128: What state is the Management HA in when both members have different policies/databases?

Question129: Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:

Question130: Which command shows the current Security Gateway Firewall chain?

Question131: What is the command to show SecureXL status?

Question132: Which of the following Windows Security Events will not map a username to an IP address in Identity Awareness?

Question133: Which options are given on features, when editing a Role on Gaia Platform?

Question134: Packet acceleration (SecureXL) identifies connections by several attributes- Which of the attributes is NOT used for identifying connection?

Question135: Which application should you use to install a contract file?

Question136: What is the purpose of extended master key extension/session hash?

Question137: In Logging and Monitoring, the tracking options are Log, Detailed Log and Extended Log. Which of the following options can you add to each Log, Detailed Log and Extended Log?

Question138: How can SmartView application accessed?

Question139: What is Dynamic Balancing?

Question140: The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"?

Question141: Which is the correct order of a log flow processed by SmartEvent components?

Question142: Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?

Question143: What is the benefit of "tw monitor" over "tcpdump"?

Question144: Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?

Question145: In R81, how do you manage your Mobile Access Policy?

Question146: The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

Question147: GAiA Software update packages can be imported and installed offline in situation where:

Question148: Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?

Question149: When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?

Question150: What are the attributes that SecureXL will check after the connection is allowed by Security Policy?

Question151: Which one of the following is true about Threat Extraction?

Question152: Fill in the blank: Authentication rules are defined for ________ .

Question153: Which of the following is NOT a valid type of SecureXL template?

Question154: Which software blade does NOT accompany the Threat Prevention policy?

Question155: An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?

Question156: What Is the difference between Updatable Objects and Dynamic Objects

Question157: Advanced Security Checkups can be easily conducted within:

Question158: Which packet info is ignored with Session Rate Acceleration?

Question159: For best practices, what is the recommended time for automatic unlocking of locked admin accounts?

Question160: If an administrator wants to add manual NAT for addresses now owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

Question161: Which two Cluster Solutions are available under R81.10?

Question162: To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?

Question163: On the following picture an administrator configures Identity Awareness:

After clicking "Next" the above configuration is supported by:

Question164: Which is NOT an example of a Check Point API?

Question165: Mobile Access Gateway can be configured as a reverse proxy for Internal Web Applications Reverse proxy users browse to a URL that is resolved to the Security Gateway IP address. Which of the following Check Point command is true for enabling the Reverse Proxy:

Question166: John is using Management HA. Which Security Management Server should he use for making changes?

Question167: Ken wants to obtain a configuration lock from other administrator on R81 Security Management Server. He can do this via WebUI or via CLI.
Which command should he use in CLI? (Choose the correct answer.)

Question168: Which Check Point daemon monitors the other daemons?

Question169: When deploying SandBlast, how would a Threat Emulation appliance benefit from the integration of ThreatCloud?

Question170: Which command can you use to enable or disable multi-queue per interface?

Question171: Check Point ClusterXL Active/Active deployment is used when:

Question172: In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?

Question173: What happen when IPS profile is set in Detect Only Mode for troubleshooting?

Question174: What command is used to manually failover a cluster during a zero downtime upgrade?

Question175: Which command would you use to set the network interfaces' affinity in Manual mode?