Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the _____________.

A. Identity Awareness Agent

B. Full Endpoint Client

C. ICA Certificate

D. SecureClient

Users with Identity Awareness Agent installed on their machines login with __________, so that when the user logs into the domain, that information is also used to meet Identity Awareness credential requests.

A. Key-logging

B. ICA Certificates

C. SecureClient

D. Single Sign-On

MicroCorp experienced a security appliance failure. (LEDs of all NICs are off.) The age of the unit required that the RMA-unit be a different model. Will a revert to an existing snapshot bring the new unit up and running?

A. There is no dynamic update at reboot.

B. No. The revert will most probably not match to hard disk.

C. Yes. Everything is dynamically updated at reboot.

D. No. At installation the necessary hardware support is selected. The snapshot saves this state.

You have selected the event Port Scan from Internal Network in SmartEvent, to detect an event when 30 port scans have occurred within 60 seconds. You also want to detect two port scans from a host within 10 seconds of each other. How would you accomplish this?

A. Define the two port-scan detections as an exception.

B. You cannot set SmartEvent to detect two port scans from a host within 10 seconds of each other.

C. Select the two port-scan detections as a sub-event.

D. Select the two port-scan detections as a new event.

After implementing Static Address Translation to allow Internet traffic to an internal Web Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti- spoofing protections. Which of the following is the MOST LIKELY cause?

A. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.

B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.

C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.

D. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.

Return oriented programming (ROP) exploits are detected by which security blade?

A. Check Point Anti-Virus / Threat Emulation

B. Intrusion Prevention Software

C. Application control

D. Data Loss Prevention

Which command would you use to determine the current Cluster Global ID?

A. fw ctl show global_cluster_id

B. fw ctl get int global_cluster_id

C. Expert -> cphaconf cluster_id get

D. Cish -> cphaconf cluster_id get

The concept of layers was introduced in R80. What is the biggest benefit of layers?

A. To break one policy into several virtual policies.

B. Policy Layers and Sub-Policies enable flexible control over the security policy.

C. To include Threat Prevention as a sub policy for the firewall policy

D. They improve the performance on OS kernel version 3.0

What is not a component of Check Point SandBlast?

A. Threat Emulation

B. Threat Simulation

C. Threat Extraction

D. Threat Cloud

Jack needs to configure CoreXL on his Red Security Gateway. What are the correct steps to enable CoreXL?

A. SSH to Red Security Gateway, run cpconfig> select Configure Check Point CoreXL > enable CoreXL > exit cpconfig> reboot the Security Gateway

B. SSH to Red Security Gateway, run cpconfig> select Configure Check Point CoreXL > exit cpconfig> reboot the Security Gateway

C. Open the SmartDashboard, Open the Red Check Point Object, select ClusterXL, check the CoreXL box, and push policy

D. Open the SmartDashboard, Open the Red Check Point Object, select Optimizations, check the CoreXL box, and push policy