EMT Practice Test

1. Question Content...


Question List

Question1: Jack is using SmartEvent and does not see the identities of the users on the events. As an administrator with full access, what does he need to do to fix his issue?

Question2: Session unique identifiers are passed to the web api using which http header option?

Question3: Why would you not see a CoreXL configuration option in cpconfig?

Question4: In R80 spoofing is defined as a method of:

Question5: What is true about VRRP implementations?

Question6: The SmartEvent R80 Web application for real-time event monitoring is called:

Question7: What is the command to show SecureXL status?

Question8: GAiA Software update packages can be imported and installed offline in situation where:

Question9: To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was blocked, what would be the query syntax?

Question10: What is the difference between an event and a log?

Question11: What is true about the IPS-Blade?

Question12: In Gaia, if one is unsure about a possible command, what command lists all possible commands.

Question13: What CLI command compiles and installs a Security Policy on the target's Security Gateways?

Question14: If the first packet of an UDP session is rejected by a security policy, what does the firewall send to the client?

Question15: NAT rules are prioritized in which order?
1. Automatic Static NAT
2. Automatic Hide NAT
3. Manual/Pre-Automatic NAT
4. Post-Automatic/Manual NAT rules

Question16: What is the valid range for VRID value in VRRP configuration?

Question17: The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _______.

Question18: Which command will reset the kernel debug options to default settings?

Question19: When using Monitored circuit VRRP, what is a priority delta?

Question20: What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions?

Question21: Both ClusterXL and VRRP are fully supported by Gaia R80.10 and available to all Check Point appliances.
Which of the following command is NOT related to redundancy and functions?

Question22: Which is NOT a SmartEvent component?

Question23: Which is NOT an example of a Check Point API?

Question24: What are the methods of SandBlast Threat Emulation deployment?

Question25: What does the command vpn crl__zapdo?

Question26: R80.10 management server can manage gateways with which versions installed?

Question27: Events can be categorized and assigned to System Administrators to track their path through the workflow.
Which of the following is NOT an option?

Question28: In the Check Point Firewall Kernel Module, each Kernel is associated with a key, which specifies the type of traffic applicable to the chain module. For Stateful Mode configuration, chain modules marked with
___________ will not apply.

Question29: The "MAC magic" value must be modified under the following condition:

Question30: What's true about Troubleshooting option in the IPS profile properties?

Question31: Which one of the following is true about Threat Extraction?

Question32: What is considered Hybrid Emulation Mode?

Question33: You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?

Question34: What CLI command will reset the IPS pattern matcher statistics?

Question35: Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.

Question36: In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Question37: If the Active Security Management Server fails or if it becomes necessary to change the Active to Standby, the following steps must be taken to prevent data loss. Providing the Active Security Management Server is responsive, which of these steps should NOT be performed:

Question38: You need to change the MAC-address on eth2 interface of the gateway. What command and what mode will you use to achieve this goal?

Question39: Which command is used to display status information for various components?

Question40: What is the protocol and port used for Health Check and State Synchronization in ClusterXL?

Question41: What does the command vpn crl_zapdo?

Question42: You are investigating issues with two gateway cluster members that are not able to establish the first initial cluster synchronization. What service is used by the FWD daemon to do a Full Synchronization?

Question43: Which of the SecureXL templates are enabled by default on Security Gateway?

Question44: Which Check Point software blades could be enforced under Threat Prevention profile using Check Point R80.10 SmartConsole application?

Question45: Which statement is true regarding redundancy?

Question46: To ensure that VMAC mode is enabled, which CLI command you should run on all cluster members?

Question47: You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

Question48: What is the difference between an event and a log?

Question49: Where do you create and modify the Mobile Access policy in R80?

Question50: When deploying multiple clustered firewalls on the same subnet, what does the firewall administrator need to configure to prevent CCP broadcasts being sent to the wrong cluster?

Question51: Which command shows the current connections distributed by CoreXL FW instances?

Question52: When Dynamic Dispatcher is enabled, connections are assigned dynamically with the exception of

Question53: Please choose correct command syntax to add an "emailserver1" host with IP address 10.50.23.90 using GAiA management CLI?

Question54: Which of the following is NOT a type of Check Point API available in R80.10?

Question55: Which one of these is NOT a firewall chain?

Question56: Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi?

Question57: How many images are included with Check Point TE appliance in Recommended Mode?

Question58: What is the command to see cluster status in cli expert mode?

Question59: Advanced Security Checkups can be easily conducted within:

Question60: What is true of the API server on R80.10?

Question61: Which of these options is an implicit MEP option?

Question62: When using Monitored circuit VRRP, what is a priority delta?

Question63: The concept of layers was introduced in R80. What is the biggest benefit of layers?

Question64: Check Point security components are divided into the following components:

Question65: Which command will allow you to see the interface status?

Question66: CPM process stores objects, policies, users, administrators, licenses and management data in a database.
This database is:

Question67: Which NAT rules are prioritized first?

Question68: Jack has finished building his new SMS server, Red, on new hardware. He used SCP to move over the Red-old.tgzexport of his old SMS server. What is the command he will use to import this into the new server?

Question69: Which is the correct order of a log flow processed by SmartEvent components:

Question70: UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

Question71: If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

Question72: What are the steps to configure the HTTPS Inspection Policy?

Question73: Vanessa is expecting a very important Security Report. The Document should be sent as an attachment via e-mail. An e-mail with Security_ report.pdf file was delivered to her e-mail inbox. When she opened the PDF file, she noticed that the file is basically empty and only few lines of text are in it. The report is missing some graphs, tables and links. Which component of SandBlast protection is her company using on a Gateway?

Question74: You are working with multiple Security Gateways enforcing an extensive number of rules. To simplify security administration, which action would you choose?

Question75: What is the limitation of employing Sticky Decision Function?

Question76: Joey is preparing a plan for Security management upgrade. He wants to upgrade management to R80.x.
What is the lowest supported version of the Security Management he can upgrade from?

Question77: Automatic affinity means that is SecureXL is running, the affinity for each interface is automatically reset every.

Question78: What are the main stages of a policy installation?

Question79: Fill in the blank: The R80 utility fw monitoris used to troubleshoot __________.

Question80: Which one of the following processes below would not start if there was a licensing issue.

Question81: Return oriented programming (ROP) exploits are detected by which security blade?

Question82: On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

Question83: What is the SOLR database for?

Question84: You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

Question85: CPD is a core Check Point process that does all of the following EXCEPT:

Question86: You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA's shell?

Question87: What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Question88: GAiA greatly increases operational efficiency by offering an advanced and intuitive software update agent, commonly referred to as the:

Question89: The Firewall kernel is replicated multiple times, therefore:

Question90: You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Question91: What command would show the API server status?

Question92: You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the down member but unfortunately the member continues to show down. What command do you run to determine the case?

Question93: On R80.10 the IPS Blade is managed by:

Question94: What is the least ideal Synchronization Status for Security Management Server High Availability deployment?

Question95: Which one of the following is true about Threat Emulation?

Question96: SandBlast agent extends 0 day prevention to what part of the network?

Question97: By default, the R80 web API uses which content-type in its response?

Question98: You want to verify if your management server is ready to upgrade to R80.10. What tool could you use in this process?

Question99: The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Question100: What Shell is required in Gaia to use WinSCP?

Question101: Which of the following statements is TRUE about R80 management plug-ins?

Question102: What is the SandBlast Agent designed to do?

Question103: Firewall policies must be configured to accept VRRP packets on the GAiA platform if it runs Firewall software. The Multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is:

Question104: Mobile Access supports all of the following methods of Link Translation EXCEPT:

Question105: When synchronizing clusters, which of the following statements is FALSE?

Question106: What Factors preclude Secure XL Templating?

Question107: How is the processing order for overall inspection and routing of packets?

Question108: As an administrator, you may be required to add the company logo to reports. To do this, you would save the logo as a PNG file with the name 'cover-company-logo.png' and then copy that image file to which directory on the SmartEvent server?

Question109: After successfully exporting a policy package, how would you import that package into another SMS database in R80.10?

Question110: Which command would you use to determine the current Cluster Global ID?

Question111: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question112: The following command is used to verify the CPUSE version:

Question113: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question114: What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Question115: SmartEvent does NOT use which of the following procedures to identify events?

Question116: In SmartEvent, what are the different types of automatic reactions that the administrator can configure?

Question117: Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company's Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security Management Server as root cause. The ticket has been created and issue is at Aaron's desk for an investigation. What do you recommend as the best suggestion for Aaron to make sure API testing works as expected?

Question118: Fill in the blank: The command _______________ provides the most complete restoration of a R80 configuration.

Question119: What is the main difference between Threat Extraction and Threat Emulation?

Question120: What is the purpose of Priority Delta in VRRP?

Question121: VPN Tunnel Sharing can be configured with any of the options below, EXCEPT One: