Go back to CheckPoint
Who is best able to provide the justification for allowing access to some higher risk applications?
You want to view application traffic logs in real-time. Which tool would be BEST to use?
Which software blades are characteristic to a Secure Web Gateway?
Anti-Virus, Application Control, URL Filtering, Identity Awareness
What component allows the security administrator to discover the underlying reasons for accessing applications?
Application Control is centrally managed. What Application Control component allows you to view user online behavior?
After you enable Application Control, where can you see application-related logs? In:
SmartEvent, SmartView Tracker, and SmartLog.
For troubleshooting purposes, Shira needs to check the currently identified users on the gateway. Which CLI command shows all users/machines and all the activity records associated with them?
pdp monitor all
How can cached usernames and passwords be cleared from the memory of a security gateway?
By installing a security policy
Which parameters may be defined in an Access Role?
Networks, Users, Machines
When your Application Control license expires, what happens?
The Application Control Blade is disabled after a 90-day grace period
In setting up your first Application Control Policy for discovery, what is the BEST Rule Action to choose?
UserCheck is a way to improve security in the company and to raise the Awareness of the users. Which interaction modes can a firewall administrator choose when configuring UserCheck for a given rule?
Block, Ask, Inform
In setting up your first Application Control Policy for discovery. What is the best Rule Track to choose?
Your company needs to allow contractor access on the network, but for security reasons they need to be authenticated, before they can access the Internet. How would you configure Identity Awareness on the firewall to meet this requirement? Enable Identity Awareness, turn on:
browser-based authentication, and configure the captive portal to allow unregistered guest login.
What is the first step in implementing Application Control?
Using Event Viewer in SmartEvent, a Security Administrator discovers that the Application Blade has detected three applications: YouTube, Tor, and PC in IE. Of these three applications, which would be considered the most dangerous?
An Administrator would like to control access to applications and network widgets? What Check Point blades would be needed to address these requirements?
A Security Administrator has put a rule in place to block YouTube. What Application field tag blocks all media applications like YouTube in this rule?
Which of the following actions applies to a Risk Level of 5 Critical?
Can bypass security or hide identities
An Administrator would like to protect a network from Microsoft application vulnerability exploits. What Check Point blades would be needed to address this requirement?
During the Application Control Discovery process, what is the best source of information for decisions on blocking or not blocking an application?
Check Point Secure Web Gateway can perform SSL packet inspection?
True, but only for HTTPS traffic
A __________ is malicious software that invades your computer, taking control of it and connecting with criminal operations?
In what places can an access role be used?
In the security rule base and in the Application & URL Filtering rule base
Mafiawars is a game that can be accessed from the Facebook Website. Although the firewall administrator has set up a rule to block Facebook games, Bob is able to access Mafiawars from the internal network. Why?
The URL is facebook.mafiawars.com and can still be accessed.
If you wanted to chart all Application Control and URL Filtering traffic by the number of events, what tool would you use?
A user complains that he cannot access the Internet. You check the logs and find that he is not authenticated. Next, you check the firewall to see if the user is a known identity. What command would you use?
pdp monitor all
Which of these statements describes the Check Point URL Filtering software blade?
Controls access to web sites based on category
Which of the following phrases describes a Botnet?
A large group of infected machines that drive a spread of a Bot to as many other machines as possible.
Which of these statements describes the Check Point Application Control software blade?
Blocks or limits usage of web applications
To update both the Management Server and the Security Gateways with the latest Application Control data and applications, you must:
Manually update the Management Server, and run a scheduled update on the Security Gateway.
As an Administrator, you must enforce IP spoofing protection on your endpoints. What Identity Awareness solution allows packet tagging?
Identity Agent - full
An Administrator would like to control access to malware and phishing websites. Which Check Point blades would be needed to address these requirements?
Which of these mechanisms does a gateway configured with Identity Awareness and LDAP initially use to communicate with a Windows 2003 or 2008 server?
Consider the setting: "Local Network Widgets detection will consult with the Check Point Online Web Service." Which of these statements concerning this setting is TRUE?
If it is cleared, any unknown widget will be treated as Web Browsing traffic
Which of the following actions applies to a Risk Level of 4 High?
Can cause data leakage or malware infection without user knowledge
True or false, SmartEvent and SmartReporter can be installed together on the same machine.
True, SmartReporter provides reporting services for SmartEvent.
As a Security Administrator, if you wanted to make rules that apply to an access role as well as an application, what would need to be enabled on the Security Gateway?
What is the correct order for these Application Control implementation steps?
Discover, Consult, Control
A newly created Account Unit does not work as expected. What should you check first?
Under Global Properties > User Directory, check "use User Directory"
When the Application Control Blade discovers an application, it will provide information on that application's simple properties. Which is an example of a simple property?
Dangerous websites are offering encrypted connections using HTTPS. The Chief Information Officer in your company decided to start inspecting such traffic. What step needs to be done in order to avoid SSL error messages when accessing sites?
Deploy the outbound certificate in the company, thus the clients will trust the CA.
What are the possible options to configure the Identity Sources (user identification methods with Identity Awareness)?
Browser-Based Authentication, Active Directory Query, Identity Agents, Terminal Servers (Users have same source IP), RADIUS Accounting
Which explanation of an Account Unit is INCORRECT?
An Account Unit is a 3rd party product that stores an external user Database.
Which of the following statement is true regarding SmartEvent Intro? SmartEvent Intro:
only view events from one blade
When analyzing Application Control data with SmartEvent, using the predefined queries, how are the events grouped? In order of:
number of megabytes used
Which of these statements describes the Check Point ThreatCloud?
A worldwide collaborative security network
Which of the following is not a SmartEvent component?
What is the correct order that a log flows in order to be processed by SmartEvent components?
Firewall > logserver > correlation unit > SmartEvent server database > SmartEvent client
When the Application Control Blade discovers an application, it will provide information on that application's properties, simple and complex. Which is an example of a complex property?
Uses Stealth Techniques