Question1: What is the order of NAT priorities?
Question2: What is the purpose of Captive Portal?
Question3: Which command can you use to enable or disable multi-queue per interface?
Question4: Access roles allow the firewall administrator to configure network access according to:
Question5: What statement best describes the Proxy ARP feature for Manual NAT in R81.20?
Question6: SmartEvent does NOT use which of the following procedures to identify events:
Question7: Alice was asked by Bob to implement the Check Point Mobile Access VPN blade - therefore are some basic configuration steps required - which statement about the configuration steps is true?
Question8: To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was dropped, what would be the query syntax?
Question9: What is required for a certificate-based VPN tunnel between two gateways with separate management systems?
Question10: According to out of the box SmartEvent policy, which blade will automatically be correlated into events?
Question11: The Check Point Central Deployment Tool (CDT) communicates with the Security Gateway(s) over Check Point SIC via:
Question12: SmartEvent provides a convenient way to run common command line executables that can assist in investigating events. Right-clicking the IP address, source or destination, in an event provides a list of default and customized commands. They appear only on cells that refer to IP addresses because the IP address of the active cell is used as the destination of the command when run. The default commands are:
Question13: Which Check Point daemon invokes and monitors critical processes and attempts to restart them if they fail?
Question14: Secure Configuration Verification (SCV), makes sure that remote access client computers are configured in accordance with the enterprise Security Policy. Bob was asked by Alice to implement a specific SCV configuration but therefore Bob needs to edit and configure a specific Check Point file. Which location file and directory is true?
Question15: Pamela is Cyber Security Engineer working for Global Instance Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R81.20. Company's Developer Team is having random access issue to newly deployed Application Server in DMZ's Application Server Farm Tier and blames DMZ Security Gateway as root cause. The ticket has been created and issue is at Pamela's desk for an investigation. Pamela decides to use Check Point's Packet Analyzer Tool-fw monitor to iron out the issue during approved Maintenance window.
What do you recommend as the best suggestion for Pamela to make sure she successfully captures entire traffic in context of Firewall and problematic traffic?
Question16: Fill in the blank: A new license should be generated and installed in all of the following situations EXCEPT when ________ .
Question17: The ____ software blade package uses CPU-level and OS-level sandboxing in order to detect and block malware.
Question18: Which of the following processes pulls the application monitoring status from gateways?
Question19: You plan to automate creating new objects using new R81 Management API. You decide to use GAIA CLI for this task.
What is the first step to run management API commands on GAIA's shell?
Question20: What is correct statement about Security Gateway and Security Management Server failover in Check Point R81.X in terms of Check Point Redundancy driven solution?
Question21: A user complains that some Internet resources are not available. The Administrator is having issues seeing it packets are being dropped at the firewall (not seeing drops in logs). What is the solution to troubleshoot the issue?
Question22: You need to see which hotfixes are installed on your gateway, which command would you use?
Question23: How can you grant GAiAAPI Permissions for a newly created user?
Question24: When requiring certificates for mobile devices, make sure the authentication method is set to one of the following, Username and Password, RADIUS or ________.
Question25: What command verifies that the API server is responding?
Question26: What command can you use to have cpinfo display all installed hotfixes?
Question27: What is NOT a Cluster Mode?
Question28: Fill in the blanks: Default port numbers for an LDAP server is ________________ for standard connections and SSL connections.
Question29: You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?
Question30: Which is NOT a SmartEvent component?
Question31: By default how often updates are checked when the CPUSE Software Updates Policy is set to Automatic?
Question32: Security Checkup Summary can be easily conducted within:
Question33: Which statement is correct about the Sticky Decision Function?
Question34: When Identity Awareness is enabled, which identity source(s) is(are) used for Application Control?
Question35: How to can you make sure that the old logs will be available after updating the Management to version R81.
20 using the Advanced Upgrade Method?
Question36: Return oriented programming (ROP) exploits are detected by which security blade?
Question37: How many versions, besides the destination version, are supported in a Multi-Version Cluster Upgrade?
Question38: The essential means by which state synchronization works to provide failover in the event an active member goes down, ____________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.
Question39: You want to allow your Mobile Access Users to connect to an internal file share. Adding the Mobile Application 'File Share' to your Access Control Policy in the SmartConsole didn't work. You will be only allowed to select Services for the 'Service & Application' column How to fix it?
Question40: John is using Management HA. Which Security Management Server should he use for making changes?
Question41: Which of the following is NOT a VPN routing option available in a star community?
Question42: You work as a security administrator for a large company. CSO of your company has attended a security conference where he has learnt how hackers constantly modify their strategies and techniques to evade detection and reach corporate resources. He wants to make sure that his company has the tight protections in place. Check Point has been selected for the security vendor.
Which Check Point product protects BEST against malware and zero-day attacks while ensuring quick delivery of safe content to your users?
Question43: Besides fw monitor, what is another command that can be used to capture packets?
Question44: In Advanced Permanent Tunnel Configuration, to set the amount of time the tunnel test runs without a response before the peer host is declared 'down', you would set the_________?
Question45: What does the "unknown" SIC status shown on SmartConsole mean?
Question46: What is the purpose of the CPCA process?
Question47: What are types of Check Point APIs available currently as part of R81.20 code?
Question48: From SecureXL perspective, what are the tree paths of traffic flow:
Question49: What are the methods of SandBlast Threat Emulation deployment?
Question50: What scenario indicates that SecureXL is enabled?
Question51: On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:
Question52: Main Mode in IKEv1 uses how many packages for negotiation?
Question53: An established connection is going to www.google.com. The Application Control Blade Is inspecting the traffic. If SecureXL and CoreXL are both enabled, which path is handling the traffic?
Question54: What is the SOLR database for?
Question55: Which Identity Source(s) should be selected in Identity Awareness Tot when there is a requirement for a higher level of security for sensitive servers?
Question56: When defining QoS global properties, which option below is not valid?
Question57: Please choose the path to monitor the compliance status of the Check Point R81.20 based management.
Question58: As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name 'cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server?
Question59: What are the three components for Check Point Capsule?
Question60: Installations and upgrades with CPUSE require that the CPUSE agent is up-to-date. Usually the latest build is downloaded automatically. How can you verify the CPUSE agent build?
Question61: When synchronizing clusters, which of the following statements is FALSE?
Question62: SSL Network Extender (SNX) is a thin SSL VPN on-demand client that is installed on the remote user's machine via the web browser. What are the two modes of SNX?
Question63: Which is not a blade option when configuring SmartEvent?
Question64: What is mandatory for ClusterXL to work properly?
Question65: Which is NOT an example of a Check Point API?
Question66: In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with
__________________ will not apply.
Question67: To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of the these is NOT a SecureXL template?
Question68: What is the main objective when using Application Control?
Question69: Which application should you use to install a contract file?
Question70: Aaron is a Syber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances running GAiA R81.X The Network Security Developer Team is having an issue testing the API with a newly deployed R81.X Security Management Server Aaron wants to confirm API services are working properly. What should he do first?
Question71: Bob works for a big security outsourcing provider company and as he receives a lot of change requests per day he wants to use for scripting daily tasks the API services (torn Check Point for the GAIA API. Firstly he needs to be aware if the API services are running for the GAIA operating system. Which of the following Check Point Command is true:
Question72: Selecting an event displays its configurable properties in the Detail pane and a description of the event in the Description pane. Which is NOT an option to adjust or configure?
Question73: The log server sends what to the Correlation Unit?
Question74: Which of the following is an authentication method used for Identity Awareness?
Question75: You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?
Question76: You have created a rule at the top of your Rule Base to permit Guest Wireless access to the Internet.
However, when guest users attempt to reach the Internet, they are not seeing the splash page to accept your Terms of Service, and cannot access the Internet. How can you fix this?

Question77: You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?
Question78: Alice wants to upgrade the current security management machine from R80.40 to R81.20 and she wants to check the Deployment Agent status over the GAIA CLISH. Which of the following GAIACLISH command is true?
Question79: SandBlast has several functional components that work together to ensure that attacks are prevented in real- time. Which the following is NOT part of the SandBlast component?
Question80: Choose the correct syntax to add a new host named "emailserver1" with IP address 10.50.23.90 using GAiA Management CLI?
Question81: What is true of the API server on R81.20?
Question82: Which pre-defined Permission Profile should be assigned to an administrator that requires full access to audit all configurations without modifying them?
Question83: Automatic affinity means that if SecureXL is running, the affinity for each interface is automatically reset every
Question84: Which statement is WRONG regarding the usage of the Central Deployment in SmartConsole?
Question85: Bob is asked by Alice to disable the SecureXL mechanism temporary tor further diagnostic by their Check Point partner. Which of the following Check Point Command is true:
Question86: Which utility allows you to configure the DHCP service on Gaia from the command line?
Question87: What are the two modes for SNX (SSL Network Extender)?
Question88: What is the base level encryption key used by Capsule Docs?
Question89: Check Pont Central Deployment Tool (CDT) communicates with the Security Gateway / Cluster Members over Check Point SIC _______ .
Question90: Which process handles connection from SmartConsole R81?
Question91: Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R81.
20 SmartConsole application?
Question92: Which directory below contains log files?
Question93: Which software blade does NOT accompany the Threat Prevention policy?
Question94: Which process handles connection from SmartConsole R81?
Question95: In CoreXL, the Firewall kernel is replicated multiple times. Each replicated copy or instance can perform the following:
Question96: Which of the following is NOT an attribute of packet acceleration?
Question97: An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server.
While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret and cannot be enabled.
Why does it not allow him to specify the pre-shared secret?
Question98: Hit Count is a feature to track the number of connections that each rule matches, which one is not benefit of Hit Count.
Question99: What are not possible commands to acquire the lock in order to make changes in Clish or Web GUI?
Question100: The Compliance Blade allows you to search for text strings in many windows and panes, to search for a value in a field, what would your syntax be?
Question101: Identity Awareness allows the Security Administrator to configure network access based on which of the following?
Question102: What is the purpose of Priority Delta in VRRP?
Question103: Which Check Point process provides logging services, such as forwarding logs from Gateway to Log Server, providing Log Export API (LEA) & Event Logging API (EL-A) services.
Question104: You have enabled "Full Log" as a tracking option to a security rule. However, you are still not seeing any data type information. What is the MOST likely reason?
Question105: What will SmartEvent automatically define as events?
Question106: What are the steps to configure the HTTPS Inspection Policy?
Question107: Which one of the following is true about Threat Emulation?
Question108: Gaia has two default user accounts that cannot be deleted. What are those user accounts?
Question109: DLP and Geo Policy are examples of what type of Policy?
Question110: According to the policy installation flow the transfer state (CPTA) is responsible for the code generated by the FWM. On the Security Gateway side a process receives them and first stores them Into a temporary directory.
Which process is true for receiving these Tiles;
Question111: Which of the following cannot be configured in an Access Role Object?
Question112: Which command shows actual allowed connections in state table?
Question113: Which one of the following is true about Capsule Connect?
Question114: What is the correct Syntax for adding an access-rule via R80 API?
Question115: If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which if these steps should NOT be performed:
Question116: Which statement is false in respect of the SmartConsole after upgrading the management server to R81.20?
Question117: You are investigating issues with to gateway cluster members are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?
Question118: Advanced Security Checkups can be easily conducted within:
Question119: What level of CPU load on a Secure Network Distributor would indicate that another may be necessary?
Question120: Where is the license for Check Point Mobile users installed?
Question121: What needs to be configured if the NAT property 'Translate destination or client side' is not enabled in Global Properties?
Question122: Within the Check Point Firewall Kernel resides Chain Modules, which are individually responsible for the inspection of a specific blade or feature that has been enabled in the configuration of the gateway. For Wire mode configuration, chain modules marked with _______ will not apply.
Question123: What component of R81 Management is used for indexing?
Question124: You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?
Question125: What is the best sync method in the ClusterXL deployment?
Question126: What is false regarding prerequisites for the Central Deployment usage?
Question127: What kind of information would you expect to see using the sim affinity command?
Question128: In SmartConsole, objects are used to represent physical and virtual network components and also some logical components. These objects are divided into several categories. Which of the following is NOT an objects category?
Question129: In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:
Question130: R81.20 management server can manage gateways with which versions installed?
Question131: After having saved the Cllsh Configuration with the "save configuration config.txt* command, where can you find the config.txt file?
Question132: The admin is connected via ssh lo the management server. He wants to run a mgmt_dl command but got a Error 404 message. To check the listening ports on the management he runs netstat with the results shown below. What can be the cause for the issue?

Question133: Which SmartConsole tab is used to monitor network and security performance?
Question134: At what point is the Internal Certificate Authority (ICA) created?
Question135: To ensure that VMAC mode is enabled, which CLI command should you run on all cluster members?
Question136: After upgrading the primary security management server from R80.40 to R81.10 Bob wants to use the central deployment in SmartConsole R81.10 for the first time. How many installations (e.g. Jumbo Hotfix, Hotfixes or Upgrade Packages) can run of such at the same time:
Question137: When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?
Question138: Which is NOT an example of a Check Point API?
Question139: How many interfaces can you configure to use the Multi-Queue feature?
Question140: An administrator would like to troubleshoot why templating is not working for some traffic. How can he determine at which rule templating is disabled?
Question141: How many policy layers do Access Control policy support?
Question142: Please choose correct command to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?
Question143: When detected, an event can activate an Automatic Reaction. The SmartEvent administrator can create and configure one Automatic Reaction, or many, according to the needs of the system. Which of the following statement is false and NOT part of possible automatic reactions:
Question144: SandBlast Mobile identifies threats in mobile devices by using on-device, network, and cloud-based algorithms and has four dedicated components that constantly work together to protect mobile devices and their data. Which component is NOT part of the SandBlast Mobile solution?
Question145: Which of the following is NOT a type of Check Point API available in R81.x?
Question146: The CPD daemon is a Firewall Kernel Process that does NOT do which of the following?
Question147: Fill in the blank: The R81 utility fw monitor is used to troubleshoot ______________________.
Question148: On the following picture an administrator configures Identity Awareness:

After clicking "Next" the above configuration is supported by:
Question149: Which of the following is an identity acquisition method that allows a Security Gateway to identify Active Directory users and computers?
Question150: Which of the following Check Point commands is true to enable Multi-Version Cluster (MVC)?
Question151: How many images are included with Check Point TE appliance in Recommended Mode?
Question152: Which Check Point software blade provides visibility of users, groups and machines while also providing access control through identity-based policies?
Question153: What key is used to save the current CPView page in a filename format cpview_"cpview process ID".cap" number of captures"?
Question154: What is the default shell of Gaia CLI?
Question155: Which of the following Check Point processes within the Security Management Server is responsible for the receiving of log records from Security Gateway?
Question156: Which of the following statements about SecureXL NAT Templates is true?
Question157: Fill in the blanks: A _______ license requires an administrator to designate a gateway for attachment whereas a ________ license is automatically attached to a Security Gateway.
Question158: Vanessa is firewall administrator in her company. Her company is using Check Point firewall on a central and several remote locations which are managed centrally by R77.30 Security Management Server. On central location is installed R77.30 Gateway on Open server. Remote locations are using Check Point UTM-1570 series appliances with R75.30 and some of them are using a UTM-1-Edge-X or Edge-W with latest available firmware. She is in process of migrating to R81.
What can cause Vanessa unnecessary problems, if she didn't check all requirements for migration to R81?
Question159: Name the file that is an electronically signed file used by Check Point to translate the features in the license into a code?
Question160: For Management High Availability, which of the following is NOT a valid synchronization status?
Question161: Can multiple administrators connect to a Security Management Server at the same time?
Question162: Check Point security components are divided into the following components:
Question163: Which Operating Systems are supported for the Endpoint Security VPN?
Question164: Which one is not a valid upgrade method to R81.20?
Question165: Which command is used to set the CCP protocol to Multicast?
Question166: What is the minimum amount of RAM needed for a Threat Prevention Appliance?
Question167: Which two Cluster Solutions are available under R81.20?
Question168: When installing a dedicated R81 SmartEvent server. What is the recommended size of the root partition?
Question169: Identity Awareness lets an administrator easily configure network access and auditing based on three items.
Choose the correct statement.
Question170: The fwd process on the Security Gateway sends logs to the fwd process on the Management Server, where it is forwarded to___________via____________
Question171: Joey wants to upgrade from R75.40 to R81 version of Security management. He will use Advanced Upgrade with Database Migration method to achieve this.
What is one of the requirements for his success?
Question172: Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e- mail. An e-mail with Security_report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links.
Which component of SandBlast protection is her company using on a Gateway?
Question173: Fill in the blank: Browser-based Authentication sends users to a web page to acquire identities using
________ .
Question174: What Factor preclude Secure XL Templating?
Question175: Connections to the Check Point R80 Web API use what protocol?
Question176: What are valid Policy Types in R81.X?
Question177: In R81 spoofing is defined as a method of:
Question178: You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the down member but unfortunately the member continues to show down. What command do you run to determine the cause?
Question179: Which two of these Check Point Protocols are used by SmartEvent Processes?
Question180: Which of the following type of authentication on Mobile Access can NOT be used as the first authentication method?
Question181: Which components allow you to reset a VPN tunnel?
Question182: What two ordered layers make up the Access Control Policy Layer?
Question183: You need to change the MAC-address on eth2 interface of the gateway. What is the correct way to change MAC-address in Check Point Gaia?
Question184: What is the recommended configuration when the customer requires SmartLog indexing for 14 days and SmartEvent to keep events for 180 days?
Question185: Which User-mode process is responsible for the FW CLI commands?
Question186: SandBlast offers flexibility in implementation based on their individual business needs. What is an option for deployment of Check Point SandBlast Zero-Day Protection?
Question187: What is the most recommended way to install patches and hotfixes?
Question188: Bob is going to prepare the import of the exported R81.20 management database. Now he wants to verify that the installed tools on the new target security management machine are able to handle the R81.20 release.
Which of the following Check Point command is true?
Question189: Where you can see and search records of action done by R81 SmartConsole administrators?
Question190: Sieve is a Cyber Security Engineer working for Global Bank with a large scale deployment of Check Point Enterprise Appliances Steve's manager. Diana asks him to provide firewall connection table details from one of the firewalls for which he is responsible. Which of these commands may impact performance briefly and should not be used during heavy traffic times of day?
Question191: identity Awareness allows easy configuration for network access, and auditing based on what three items?
Question192: Which Remote Access Client does not provide an Office-Mode Address?
Question193: You want to store the GAIA configuration in a file for later reference. What command should you use?
Question194: How would you enable VMAC Mode in ClusterXL?
Question195: What is "Accelerated Policy Installation"?
Question196: Which Correction mechanisms are available with ClusterXL under R81.20?
Question197: If you needed the Multicast MAC address of a cluster, what command would you run?
Question198: Which of the following is NOT a component of Check Point Capsule?
Question199: You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n) _____ or _____ action for the file types.
Question200: What is UserCheck?
Question201: If there are two administration logged in at the same time to the SmartConsole, and there are objects locked for editing, what must be done to make them available or other administrators? (Choose the BEST answer.)
Question202: If a "ping"-packet is dropped by FW1 Policy -on how many inspection Points do you see this packet in "fw monitor"?
Question203: You are asked to check the status of several user-mode processes on the management server and gateway.
Which of the following processes can only be seen on a Management Server?
Question204: What command is used to manually failover a Multi-Version Cluster during the upgrade?
Question205: Check Point Management (cpm) is the main management process in that it provides the architecture for a consolidates management console. CPM allows the GUI client and management server to communicate via web services using ___________.
Question206: What is the default size of NAT table fwx_alloc?
Question207: What are the three SecureXL Templates available in R81.20?
Question208: Which of the following blades is NOT subscription-based and therefore does not have to be renewed on a regular basis?
Question209: John detected high load on sync interface. Which is most recommended solution?
Question210: What is the correct order of the default "fw monitor" inspection points?
Question211: Alice & Bob are concurrently logged In via SSH on the same Check Point Security Gateway as user "admin* however Bob was first logged in and acquired the lock Alice Is not aware that Bob is also togged in to the same Security Management Server as she is but she needs to perform very urgent configuration changes - which of the following GAlAclish command is true for overriding Bobs configuration database lock:
Question212: Which of the following is NOT a method used by identity Awareness for acquiring identity?
Question213: Which TCP-port does CPM process listen to?
Question214: By default, what type of rules in the Access Control rulebase allow the control connections?
Question215: In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?
Question216: What is the correct command to observe the Sync traffic in a VRRP environment?
Question217: Office mode means that:
Question218: What is the responsibility of SOLR process on R81.20 management server?
Question219: How many layers make up the TCP/IP model?
Question220: After having saved the Clish Configuration with the "save configuration config.txt" command, where can you find the config.txt file?
Question221: There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning.
FW_B was standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational.
When it re-joins the cluster, will it become active automatically?
Question222: What are the main stages of a policy installation?
Question223: In what way are SSL VPN and IPSec VPN different?
Question224: How do Capsule Connect and Capsule Workspace differ?
Question225: Fill in the blank: A ________ VPN deployment is used to provide remote users with secure access to internal corporate resources by authenticating the user through an internet browser.
Question226: Native Applications require a thin client under which circumstances?
Question227: Where do you create and modify the Mobile Access policy in R81?
Question228: In what way is Secure Network Distributor (SND) a relevant feature of the Security Gateway?
Question229: Which encryption algorithm is the least secured?
Question230: Which of the following commands shows the status of processes?
Question231: In ClusterXL Load Sharing Multicast Mode:
Question232: Is it possible to establish a VPN before the user login to the Endpoint Client?
Question233: What is the main difference between Threat Extraction and Threat Emulation?
Question234: Using Web Services to access the API, which Header Name-Value had to be in the HTTP Post request after the login?
Question235: Fill in the blank: The "fw monitor" tool can be best used to troubleshoot ____________________.
Question236: During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
Question237: Which of these is an implicit MEP option?
Question238: The "Hit count" feature allows tracking the number of connections that each rule matches. Will the Hit count feature work independently from logging and Track the hits if the Track option is set to "None"?
Question239: Which view is NOT a valid CPVIEW view?
Question240: When an encrypted packet is decrypted, where does this happen?
Question241: Which is the correct order of a log flow processed by SmartEvent components?
Question242: Check Point recommends configuring Disk Space Management parameters to delete old log entries when available disk space is less than or equal to?
Question243: Which statement is NOT TRUE about Delta synchronization?
Question244: Which option, when applied to a rule, allows traffic to VPN gateways in specific VPN communities?
Question245: Using fw monitor you see the following inspection point notion E and i what does that mean?
Question246: Which of these statements describes the Check Point ThreatCloud?
Question247: Which command is used to obtain the configuration lock in Gaia?
Question248: There are 4 ways to use the Management API for creating host object with the Management API. Which one is NOT correct?
Question249: What is a best practice before starting to troubleshoot using the "fw monitor" tool?
Question250: When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions:
Question251: What are the two high availability modes?
Question252: In which VPN community is a satellite VPN gateway not allowed to create a VPN tunnel with another satellite VPN gateway?
Question253: Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:
Question254: Which blades and or features are not supported in R81?
Question255: Which tool provides a list of trusted files to the administrator so they can specify to the Threat Prevention blade that these files do not need to be scanned or analyzed?
Question256: Which command shows the current Security Gateway Firewall chain?
Question257: What is false regarding a Management HA environment?
Question258: Full synchronization between cluster members is handled by Firewall Kernel. Which port is used for this?
Question259: When setting up an externally managed log server, what is one item that will not be configured on the R81 Security Management Server?
Question260: What are the correct sleps upgrading a HA cluster (Ml is active. M2 is passive) using Multi-Version Cluster (MVC) Upgrade?
Question261: After verifying that API Server is not running, how can you start the API Server?
Question262: What is the mechanism behind Threat Extraction?
Question263: What a valid SecureXL paths in R81.20?
Question264: What is the purpose of extended master key extension/session hash?
Question265: Your manager asked you to check the status of SecureXL, and its enabled templates and features. What command will you use to provide such information to manager?
Question266: From SecureXL perspective, what are the three paths of traffic flow:
Question267: Why would an administrator see the message below?

Question268: What is the command to see cluster status in cli expert mode?
Question269: Which of the following is true regarding the Proxy ARP feature for Manual NAT?
Question270: Which tool is used to enable ClusterXL?
Question271: Which two Identity Awareness daemons are used to support identity sharing?
Question272: What is the difference between SSL VPN and IPSec VPN?
Question273: When users connect to the Mobile Access portal they are unable to open File Shares.
Which log file would you want to examine?
Question274: What is the command switch to specify the Gaia API context?
Question275: What are the two ClusterXL Deployment options?
Question276: The following command is used to verify the CPUSE version:
Question277: Which one is not a valid Package Option In the Web GUI for CPUSE?
Question278: CoreXL is supported when one of the following features is enabled:
Question279: In SmartConsole, where do you manage your Mobile Access Policy?
Question280: There are 4 ways to use the Management API for creating host object with R81 Management API. Which one is NOT correct?
Question281: Which of the completed statements is NOT true? The WebUI can be used to manage user accounts and:
Question282: Fill in the blank: __________ information is included in "Full Log" tracking option, but is not included in
"Log" tracking option?
Question283: One of major features in R81 SmartConsole is concurrent administration.
Which of the following is NOT possible considering that AdminA, AdminB and AdminC are editing the same Security Policy?
Question284: What are possible Automatic Reactions in SmartEvent?
Question285: The WebUI offers several methods for downloading hotfixes via CPUSE except:
Question286: The Correlation Unit performs all but the following actions:
Question287: What command lists all interfaces using Multi-Queue?
Question288: The Security Gateway is installed on GAIA R81. The default port for the Web User Interface is ______ .
Question289: Which VPN routing option uses VPN routing for every connection a satellite gateway handles?
Question290: The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?
Question291: To optimize Rule Base efficiency, the most hit rules should be where?
Question292: Which Check Point software blade provides protection from zero-day and undiscovered threats?
Question293: By default, how often does Threat Emulation update the engine on the Security Gateway?
Question294: To fully enable Dynamic Dispatcher with Firewall Priority Queues on a Security Gateway, run the following command in Expert mode then reboot:
Question295: Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all the following except:
Question296: The system administrator of a company is trying to find out why acceleration is not working for the traffic.
The traffic is allowed according to the rule base and checked for viruses. But it is not accelerated.
What is the most likely reason that the traffic is not accelerated?
Question297: The SmartEvent R81 Web application for real-time event monitoring is called:
Question298: What are the Threat Prevention software components available on the Check Point Security Gateway?
Question299: What CLI utility runs connectivity tests from a Security Gateway to an AD domain controller?
Question300: SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.
Question301: What solution is multi-queue intended to provide?
Question302: Fill in the blank: An identity server uses a __________ for user authentication.