NEW QUESTION 1
Which Check Point software blade provides protection from zero-day and undiscovered threats?

• A. Firewall
• B. Threat Emulation
• C. Application Control
• D. Threat Extraction

Answer: D

Explanation: SandBlast Threat Emulation
As part of the Next Generation Threat Extraction software bundle (NGTX), the SandBlast Threat Emulation capability prevents infections from undiscovered exploits zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the network.

NEW QUESTION 2
What is the default method for destination NAT?

• A. Destination side
• B. Source side
• C. Server side
• D. Client side

Answer: D

NEW QUESTION 3
Which of the following describes how Threat Extraction functions?

• A. Detect threats and provides a detailed report of discovered threats
• B. Proactively detects threats
• C. Delivers file with original content
• D. Delivers PDF versions of original files with active content removed

Answer: B

NEW QUESTION 4
Fill in the blank: In Security Gateways R75 and above, SIC uses _____ for encryption.

• A. AES-128
• B. AES-256
• C. DES
• D. 3DES

Answer: A

NEW QUESTION 5
John Adams is an HR partner in the ACME organization. ACME IT wants to limit access to HR servers to designated IP addresses to minimize malware infection and unauthorized access risks. Thus, gateway policy permits access only from Join's desktop which is assigned an IP address 10.0.0.19 via DHCP.
John received a laptop and wants to access the HR Web Server from anywhere in the organization. The IT department gave the laptop a static IP address, but the limits him to operating it only from his desk. The current Rule Base contains a rule that lets John Adams access the HR Web Server from his laptop. He wants to move around the organization and continue to have access to the HR Web Server. To make this scenario work, the IT administrator:
1) Enables Identity Awareness on a gateway, selects AD Query as one of the Identity Sources.
2) Adds an access role object to the Firewall Rule Base that lets John Adams PC access the HR Web Server from any machine and from any location.
John plugged in his laptop to the network on a different network segment and he is not able to connect. How does he solve this problem?

• A. John should install the identity Awareness Agent
• B. The firewall admin should install the Security Policy
• C. John should lock and unlock the computer
• D. Investigate this as a network connectivity issue

Answer: C

NEW QUESTION 6
Where do we need to reset the SIC on a gateway object?

• A. SmartDashboard > Edit Gateway Object > General Properties > Communication
• B. SmartUpdate > Edit Security Management Server Object > SIC
• C. SmartUpdate > Edit Gateway Object > Communication
• D. SmartDashboard > Edit Security Management Server Object > SIC

Answer: A

NEW QUESTION 7
Choose the correct statement regarding Implicit Rules.

• A. To edit the Implicit rules you go to: Launch Button > Policy > Global Properties > Firewall.
• B. Implied rules are fixed rules that you cannot change.
• C. You can directly edit the Implicit rules by double-clicking on a specific Implicit rule.
• D. You can edit the Implicit rules but only if requested by Check Point support personnel.

Answer: A

NEW QUESTION 8
To enforce the Security Policy correctly, a Security Gateway requires:

• A. a routing table
• B. awareness of the network topology
• C. a Demilitarized Zone
• D. a Security Policy install

Answer: B

Explanation: The network topology represents the internal network (both the LAN and the DMZ) protected by the gateway. The gateway must be aware of the layout of the network topology to:
Correctly enforce the Security Policy.
Ensure the validity of IP addresses for inbound and outbound traffic.
Configure a special domain for Virtual Private Networks.

NEW QUESTION 9
Which policy type has its own Exceptions section?

• A. Thread Prevention
• B. Access Control
• C. Threat Emulation
• D. Desktop Security

Answer: A

Explanation: The Exceptions Groups pane lets you define exception groups. When necessary, you can create exception groups to use in the Rule Base. An exception group contains one or more defined exceptions. This option facilitates ease-of-use so you do not have to manually define exceptions in multiple rules for commonly required exceptions. You can choose to which rules you want to add exception groups. This means they can be added to some rules and not to others, depending on necessity.

NEW QUESTION 10
The ______ software blade package uses CPU-level and OS-level sandboxing in order to delect and block malware.

• A. Next Generation Threat Prevention
• B. Next Generation Threat Emulation
• C. Next Generation Threat Extraction
• D. Next Generation Firewall

Answer: B

NEW QUESTION 11
Which of the following is a new R80.10 Gateway feature that had not been available in R77.X and older?

• A. The rule base can be built of layers, each containing a set of the security rule
• B. Layers are inspected in the order in which they are defined, allowing control over the rule base flow and which security functionalities take precedence.
• C. Limits the upload and download throughput for streaming media in the company to 1 Gbps.
• D. Time object to a rule to make the rule active only during specified times.
• E. Sub Policies are sets of rules that can be created and attached to specific rule
• F. If the rule is matched, inspection will continue in the sub policy attached to it rather than in the next rule.

Answer: D

NEW QUESTION 12
Which Check Point software blade prevents malicious files from entering a network using virus signatures and anomaly-based protections from ThreatCloud?

• A. Firewall
• B. Application Control
• C. Anti-spam and Email Security
• D. Antivirus

Answer: D

Explanation: The enhanced Check Point Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from ThreatCloud™, the first collaborative network to fight cybercrime, to detect and block malware at the gateway before users are affected.

NEW QUESTION 13
Which authentication scheme requires a user to possess a token?

• A. TACACS
• B. SecurID
• C. Check Point password
• D. RADIUS

Answer: B

Explanation: SecurID
SecurID requires users to both possess a token authenticator and to supply a PIN or password References:

NEW QUESTION 14
Choose the SmartLog property that is TRUE.

• A. SmartLog has been an option since release R71.10.
• B. SmartLog is not a Check Point product.
• C. SmartLog and SmartView Tracker are mutually exclusive.
• D. SmartLog is a client of SmartConsole that enables enterprises to centrally track log records and security activity with Google-like search.

Answer: D

NEW QUESTION 15
Fill in the blank: With the User Directory Software Blade, you can create R80 user definitions on a(an) ______ Server.

• A. NT domain
• B. SMTP
• C. LDAP
• D. SecurID

Answer: C

NEW QUESTION 16
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After a while, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?

• A. Run fwm dbexport -1 filenam
• B. Restore the databas
• C. Then, run fwm dbimport -1 filename to import the users.
• D. Run fwm_dbexport to export the user databas
• E. Select restore the entire database in the Database Revision scree
• F. Then, run fwm_dbimport.
• G. Restore the entire database, except the user database, and then create the new user and user group.
• H. Restore the entire database, except the user database.

Answer: D

NEW QUESTION 17
Fill in the blank: The IPS policy for pre-R80 gateways is installed during the _____.

• A. Firewall policy install
• B. Threat Prevention policy install
• C. Anti-bot policy install
• D. Access Control policy install

Answer: B

Explanation: https://sc1.checkpoint.com/documents/R80/CP_R80BC_ThreatPrevention/html_frameset.htm?topic=documents

NEW QUESTION 18
Which of the following is TRUE regarding Gaia command line?

• A. Configuration changes should be done in mgmt_cli and use CLISH for monitoring, Expert mode is used only for OS level tasks.
• B. Configuration changes should be done in expert-mode and CLISH is used for monitoring.
• C. Configuration changes should be done in mgmt-cli and use expert-mode for OS-level tasks.
• D. All configuration changes should be made in CLISH and expert-mode should be used for OS-level tasks.

Answer: D