EMT Practice Test

1. Question Content...


Question List

Question1: How do you configure the Security Policy to provide user access to the Captive Portal through an external (Internet) interface?

Question2: The Firewall Administrator is required to create 100 new host objects with different IP addresses. What API command can he use in the script to achieve the requirement?

Question3: After making modifications to the $CVPNDIR/conf/cvpnd.C file, how would you restart the daemon?

Question4: Where do you find the migrate tool for upgrading?

Question5: Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many administrators use the command backup. This creates a backup of the Check Point configuration as well as the system configuration.
An administrator has installed the latest HFA on the system for fixing traffic problem after creating a backup file. There is a mistake in the very complex static routing configuration. The Check Point configuration has not been changed. Can the administrator use a restore to fix the errors in static routing?

Question6: After verifying that API Server is not running, how can you start the API Server?

Question7: Where do you create and modify the Mobile Access policy in R80?

Question8: Which statements below are CORRECT regarding Threat Prevention profiles in SmartConsole?

Question9: What happen when IPS profile is set in Detect-Only Mode for troubleshooting?

Question10: MultiCorp is running Smartcenter R71 on an IPSO platform and wants to upgrade to a new Appliance with R80. Which migration tool is recommended?

Question11: What is mandatory for ClusterXL to work properly?

Question12: What command lists all interfaces using Multi-Queue?

Question13: What does the command vpn crl_zap do?

Question14: Which command will erase all CRL's?

Question15: The connection to the ClusterXL member 'A' breaks. The ClusterXL member 'A' status is now 'down'. Afterwards the switch admin set a port to ClusterXL member 'B' to 'down'. What will happen?

Question16: Check Point APIs allow system engineers and developers to make changes to their organization's security policy with CLI tools and Web Services for all of the following except?

Question17: Which of the following items should be configured for the Security Management Server to authenticate via LDAP?

Question18: You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original
"web_public_IP" is the node object that represents the new Web server's public IP address. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error "page cannot be displayed". Which of the following is NOT a possible reason?

Question19: Automatic affinity means that is SecureXL is running, the affinity for each interface is automatically reset every.

Question20: How many pre-defined exclusions are included by default in SmartEvent R80 as part of the product installation?

Question21: What has to be taken into consideration when configuring Management HA?

Question22: What is the responsibility of SOLR process on R80.10 management server?

Question23: You have a diskless appliance platform. How do you keep swap file wear to a minimum?

Question24: SmartEvent has several components that function together to track security threats. What is the function of the Correlation Unit as a component of this architecture?

Question25: Can you implement a complete IPv6 deployment without IPv4 addresses?

Question26: In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a member of the LDAP group, MSD_Group.

What happens when Eric tries to connect to a server on the Internet?

Question27: Your users are defined in a Windows 2008 R2 Active Directory server. You must add LDAP users to a Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in R80?

Question28: In Threat Prevention, you can create new or clone profiles but you CANNOT change the out-of-the-box profiles of:

Question29: In terms of Order Rule Enforcement, when a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom. Which of the following statements is correct?

Question30: SmartConsole R80 requires the following ports to be open for SmartEvent R80 management:

Question31: Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is

Question32: What is true about VRRP implementations?

Question33: A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

Question34: When installing a dedicated R80 SmartEvent server, what is the recommended size of the root partition?

Question35: GAiA Software update packages can be imported and installed offline in situation where:

Question36: SecureXL improves non-encrypted firewall traffic throughput and encrypted VPN traffic throughput.

Question37: Mobile Access supports all of the following methods of Link Translation EXCEPT:

Question38: A Threat Prevention profile is a set of configurations based on the following. (Choose all that apply.)

Question39: Fill in the blank.

In New Mode HA, the internal cluster IP VIP address is 10.4.8.3. An internal host 10.4.8.108 successfully pings its Cluster and receives replies. Review the ARP table from the internal Windows host 10.4.8.108. Based on this information, what is the active cluster member's IP address?

Question40: Aaron is a Cyber Security Engineer working for Global Law Firm with large scale deployment of Check Point Enterprise Appliances using GAiA/R80.10. Company's Network Security Developer Team is having issue testing new API with newly deployed R80.10 Security Management Server and blames Check Point Security Management Server as root cause. The ticket has been created and issue is at Aaron's desk for an investigation. What do you recommend as the best suggestion for Aaron to make sure API testing works as expected?

Question41: When an encrypted packet is decrypted, where does this happen?

Question42: Which command shows the connection table in human readable format?

Question43: Type the command and syntax to view critical devices on a cluster member in a ClusterXL environment.

Question44: CPM process stores objects, policies, users, administrators, licenses and management data in a database. This database is:

Question45: Session unique identifiers are passed to the web api using which http header option?

Question46: CoreXL is NOT supported when one of the following features is enabled:

Question47: You noticed that CPU cores on the Security Gateway are usually 100% utilized and many packets were dropped. You don't have a budget to perform a hardware upgrade at this time. To optimize drops you decide to use Priority Queues and fully enable Dynamic Dispatcher. How can you enable them?

Question48: Which Check Point tool allows you to open a debug file and see the VPN packet exchange details.

Question49: How could you compare the Fingerprint shown to the Fingerprint on the server? Run cpconfig and select:
Exhibit:

Question50: What utility would you use to configure route-based VPNs?

Question51: You want to establish a VPN, using certificates. Your VPN will exchange certificates with an external partner. Which of the following activities should you do first?

Question52: Which command gives us a perspective of the number of kernel tables?

Question53: As a valid Mobile Access Method, what feature provides Capsule Connect/VPN?

Question54: What are the different command sources that allow you to communicate with the API server?

Question55: When do modifications to the Event Policy take effect?

Question56: On R80.10 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

Question57: What Shell is required in Gaia to use WinSCP?

Question58: Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?

Question59: What is the syntax for uninstalling a package using newpkg?

Question60: Which Check Point address translation method allows an administrator to use fewer ISP-assigned IP addresses than the number of internal hosts requiring Internet connectivity?

Question61: Why would you not see a CoreXL configuration option in cpconfig?

Question62: Which process should you debug if SmartDashboard login fails?

Question63: You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway.

What is TRUE about the new package's NAT rules?

Question64: To bind a NIC to a single processor when using CoreXL on GAiA, you would use the command

Question65: In order to get info about assignment (FW, SND) of all CPUs in your SGW, what is the most accurate CLI command?

Question66: What CLI command compiles and installs a Security Policy on the target's Security Gateways?

Question67: What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

Question68: Your R80 primary Security Management Server is installed on GAiA.
You plan to schedule the Security Management Server to run fw logswitch automatically every 48 hours. How do you create this schedule?

Question69: The Regulatory Compliance pane shows compliance statistics for selected regulatory standards, based on the Security Best Practice scan. Which of the following does NOT show in this pane?

Question70: Automation and Orchestration differ in that:

Question71: What is the benefit of Manual NAT over Automatic NAT?

Question72: You want to gather data and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

Question73: The essential means by which state synchronization works to provide failover in the event an active member goes down, ___________ is used specifically for clustered environments to allow gateways to report their own state and learn about the states of other members in the cluster.

Question74: What is the proper CLISH syntax to configure a default route via 192.168.255.1 in Gaia?

Question75: The concept of layers was introduced in R80. What is the biggest benefit of layers?

Question76: To stop acceleration on a GAiA Security Gateway, enter command:________ .

Question77: Which web services protocol is used to communicate to the Check Point R80 identity Awareness Web APi?

Question78: In R80.10, how do you manage your Mobile Access Policy?

Question79: You have successfully backed up your Check Point configurations without the OS information. What command would you use to restore this backup?

Question80: You find that Gateway fw2 can NOT be added to the cluster object. What are possible reasons for that?
Exhibit:

1) fw2 is a member in a VPN community.
2) ClusterXL software blade is not enabled on fw2.
3) fw2 is a DAIP Gateway.

Question81: A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

Question82: Your main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. You also have a small network 10.10.20.0/24 behind the internal router. You want to configure the kernel to translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP, and FTP services. Which of the following configurations will allow this network to access the Internet?

Question83: What is the command to check the status of the SmartEvent Correlation Unit?

Question84: Which method below is NOT one of the ways to communicate using the Management API's?

Question85: Which of the following commands can provide the most complete restoration of a R80 configuration?

Question86: Which one of the following processes below would not start if there was a licensing issue.

Question87: If an administrator wants to add manual NAT for addresses not owned by the Check Point firewall, what else is necessary to be completed for it to function properly?

Question88: What is the primary benefit of using the command upgrade_export over either backup or snapshot?

Question89: Jack needs to configure CoreXL on his Red Security Gateway. What are the correct steps to enable CoreXL?

Question90: What command verifies that the API server is responding?

Question91: You want to verify if your management server is ready to upgrade to R80.10. What tool could you use in this process?

Question92: Fill in the blank. To save your OSPF configuration in GAiA, enter the command ___________ .

Question93: To fully enable Dynamic Dispatcher on a Security Gateway:

Question94: Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

Question95: When simulating a problem on CLusterXL cluster with cphaprob -d STOP -s problem -t 0 register, to initiate a failover on an active cluster member, what command allows you remove the problematic state?

Question96: What happens if the identity of a user is known?

Question97: The third-shift Administrator was updating Security Management Server access settings in Global Properties and testing. He managed to lock himself out of his account. How can you unlock this account?

Question98: What is the valid range for VRID value in VRRP configuration?

Question99: What is the difference between an event and a log?

Question100: Which statements about Management HA are correct?
1) Primary SmartCenter describes first installed SmartCenter
2) Active SmartCenter is always used to administrate with SmartConsole
3) Active SmartCenter describes first installed SmartCenter
4) Primary SmartCenter is always used to administrate with SmartConsole

Question101: You plan to automate creating new objects using new R80 Management API. You decide to use GAIA CLI for this task. What is the first step to run management API commands on GAIA's shell?

Question102: You want to implement Static Destination NAT in order to provide external, Internet users access to an internal Web Server that has a reserved (RFC 1918) IP address. You have an unused valid IP address on the network between your Security Gateway and ISP router. You control the router that sits between the firewall external interface and the Internet.
What is an alternative configuration if proxy ARP cannot be used on your Security Gateway?

Question103: Which Check Point ClusterXL mode is used to synchronize the physical interface IP and MAC addresses on all clustered interfaces?

Question104: To accelerate the rate of connection establishment, SecureXL groups all connection that match a particular service and whose sole differentiating element is the source port. The type of grouping enables even the very first packets of a TCP handshake to be accelerated. The first packets of the first connection on the same service will be forwarded to the Firewall kernel which will then create a template of the connection. Which of these IS NOT a SecureXL template?

Question105: Fill in the blank. To verify the SecureXL status, you would enter command _____________ .

Question106: You need to change the number of firewall instances used by CoreXL. How can you achieve this goal?

Question107: SandBlast has several functional components that work together to ensure that attacks are prevented in real-time. Which the following is NOT part of the SandBlast component?

Question108: What is a feature that enables VPN connections to successfully maintain a private and secure VPN session without employing Stateful Inspection?

Question109: UserCheck objects in the Application Control and URL Filtering rules allow the gateway to communicate with the users. Which action is not supported in UserCheck objects?

Question110: What is correct statement about Security Gateway and Security Management Server failover in Check Point R80.X in terms of Check Point Redundancy driven solutions?

Question111: Which file defines the fields for each object used in the file objects.C (color, num/string, default value...)?

Question112: When doing a Stand-Alone Installation, you would install the Security Management Server with which other Check Point architecture component?

Question113: In which formats can Threat Emulation forensics reports be viewed in?

Question114: Which is not a blade option when configuring SmartEvent?

Question115: The Security Gateway is installed on GAiA R80. The default port for the Web User Interface is _______.

Question116: John detected high load on sync interface. Which is most recommended solution?

Question117: Which of the following is NOT defined by an Access Role object?

Question118: You need to see which hotfixes are installed on your gateway, which command would you use?

Question119: What command with appropriate switches would you use to test Identity Awareness connectivity?

Question120: MegaCorp is running Smartcenter R70, some Gateways at R65 and some other Gateways with R60. Management wants to upgrade to the most comprehensive IPv6 support. What should the administrator do first?

Question121: When a packet is flowing through the security gateway, which one of the following is a valid inspection path?

Question122: Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.

Question123: Fill in the blank. To verify that a VPN Tunnel is properly established, use the command _________

Question124: Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot file stored to a TFTP server and backups of your Security Management Server. What is the correct procedure for rebuilding the Gateway quickly?

Question125: What are the minimum open server hardware requirements for a Security Management Server/Standalone in R80.10?

Question126: To qualify as an Identity Awareness enabled rule, which column MAY include an Access Role?

Question127: Which command is used to display status information for various components?

Question128: During inspection of your Threat Prevention logs you find four different computers having one event each with a Critical Severity. Which of those hosts should you try to remediate first?

Question129: Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?

Question130: You have three servers located in a DMZ, using private IP addresses. You want internal users from 10.10.10.x to access the DMZ servers by public IP addresses. Internal_net 10.10.10.x is configured for Hide NAT behind the Security Gateway's external interface.

What is the best configuration for 10.10.10.x users to access the DMZ servers, using the DMZ servers' public IP addresses?

Question131: What CLI command will reset the IPS pattern matcher statistics?

Question132: Which configuration file contains the structure of the Security Servers showing the port numbers, corresponding protocol name, and status?

Question133: Which is the lowest Gateway version manageable by SmartCenter R80?

Question134: You are running a R80 Security Gateway on GAiA.
In case of a hardware failure, you have a server with the exact same hardware and firewall version installed. What back up method could be used to quickly put the secondary firewall into production?

Question135: Which is NOT a SmartEvent component?

Question136: Charles requests a Website while using a computer not in the net_singapore network.

What is TRUE about his location restriction?

Question137: The fwd process on the Security Gateway send logs to the fwd process on the Management Server, where it is forwarded to _______ via ______.

Question138: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Question139: Fill in the blank. You can set Acceleration to ON or OFF using command syntax ___________ .

Question140: What is not a component of Check Point SandBlast?

Question141: Your company is running Security Management Server R80 on GAiA, which has been migrated through each version starting from Check Point 4.1. How do you add a new administrator account?

Question142: SmartReporter reports can be used to analyze data from a penetration-testing regimen in all of the following examples, EXCEPT:

Question143: Due to high CPU workload on the Security Gateway, the security administrator decided to purchase a new multicore CPU to replace the existing single core CPU. After installation, is the administrator required to perform any additional tasks?

Question144: The following command is used to verify the CPUSE version:

Question145: Customer's R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?

Question146: Which CLI tool helps on verifying proper ClusterXL sync?

Question147: Your company has the requirement that SmartEvent reports should show a detailed and accurate view of network activity but also performance should be guaranteed. Which actions should be taken to achieve that?
1) Use same hard drive for database directory, log files, and temporary directory.
2) Use Consolidation Rules.
3) Limit logging to blocked traffic only.
4) Use Multiple Database Tables.

Question148: Fill in the blanks. To view the number of concurrent connections going through your firewall, you would use the command and syntax __ ___ __ __________ __ .

Question149: How can you check whether IP forwarding is enabled on an IP Security Appliance?

Question150: Which command can you use to enable or disable multi-queue per interface?

Question151: From SecureXL perspective, what are the tree paths of traffic flow:

Question152: Which of the following is true regarding the Proxy ARP feature for Manual NAT in R80.10?

Question153: You find one of your cluster gateways showing "Down" when you run the "cphaprob stat" command. You then run the "clusterXL_admin up" on the down member but unfortunately the member continues to show down. What command do you run to determine the case?

Question154: Which one of these is NOT a firewall chain?

Question155: You run cphaprob -a if. When you review the output, you find the word DOWN. What does DOWN mean?

Question156: What is the most ideal Synchronization Status for Security Management Server High Availability deployment?

Question157: Access Role objects define users, machines, and network locations as:

Question158: You need to back up the routing, interface, and DNS configuration information from your R80 GAiA Security Gateway. Which backup-and-restore solution do you use?

Question159: You are the Security Administrator for MegaCorp. A Check Point firewall is installed and in use on a platform using GAiA.
You have trouble configuring the speed and duplex settings of your Ethernet interfaces.
Which of the following commands can be used in CLISH to configure the speed and duplex settings of an Ethernet interface and will survive a reboot? Give the BEST answer.

Question160: Which is the correct order of a log flow processed by SmartEvents components:

Question161: What is considered Hybrid Emulation Mode?

Question162: Fill in the blank: The R80 feature ________ permits blocking specific IP addresses for a specified time period.

Question163: What is the officially accepted diagnostic tool for IP Appliance Support?

Question164: Which is NOT an example of a Check Point API?

Question165: What is the port used for SmartConsole to connect to the Security Management Server:

Question166: Which of the following authentication methods can be configured in the Identity Awareness setup wizard?

Question167: To find records in the logs that shows log records from the Application & URL Filtering Software Blade where traffic was blocked, what would be the query syntax?

Question168: How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out through a rule or policy mis-configuration?

Question169: Check Point security components are divided into the following components:

Question170: Type the full fw command and syntax that allows you to disable only sync on a cluster firewall member.

Question171: What command would show the API server status?

Question172: When configuring numbered VPN Tunnel Interfaces (VTIs) in a clustered environment, what issues need to be considered?
1) Each member must have a unique source IP address.
2) Every interface on each member requires a unique IP address.
3) All VTI's going to the same remote peer must have the same name.
4) Cluster IP addresses are required.

Question173: You can select the file types that are sent for emulation for all the Threat Prevention profiles. Each profile defines a(n)_________ or ___________ action for the file types.

Question174: To provide full connectivity upgrade status, use command

Question175: What are types of Check Point APIs available currently as part of R80.10 code?