NEW QUESTION 1
Identify the API that is not supported by Check Point currently.

• A. R80 Management API-
• B. Identity Awareness Web Services API
• C. Open REST API
• D. OPSEC SDK

Answer: C

NEW QUESTION 2
What makes Anti-Bot unique compared to other Threat Prevention mechanisms, such as URL Filtering, Anti-Virus, IPS, and Threat Emulation?

• A. Anti-Bot is the only countermeasure against unknown malware
• B. Anti-Bot is the only protection mechanism which starts a counter-attack against known Command & Control Centers
• C. Anti-Bot is the only signature-based method of malware protection.
• D. Anti-Bot is a post-infection malware protection to prevent a host from establishing a connection to a Command & Control Center.

Answer: D

NEW QUESTION 3
What Factor preclude Secure XL Templating?

• A. Source Port Ranges/Encrypted Connections
• B. IPS
• C. ClusterXL in load sharing Mode
• D. CoreXL

Answer: A

NEW QUESTION 4
Check Point Support in many cases asks you for a configuration summary of your Check Point system. This is also called:

• A. cpexport
• B. sysinfo
• C. cpsizeme
• D. cpinfo

Answer: C

NEW QUESTION 5
When users connect to the Mobile Access portal they are unable to open File Shares. Which log file would you want to examine?

• A. cvpnd.elg
• B. httpd.elg
• C. vpnd.elg
• D. fw.elg

Answer: A

NEW QUESTION 6
What component of R80 Management is used for indexing?

• A. DBSync
• B. API Server
• C. fwm
• D. SOLR

Answer: D

NEW QUESTION 7
SmartEvent does NOT use which of the following procedures to identify events:

• A. Matching a log against each event definition
• B. Create an event candidate
• C. Matching a log against local exclusions
• D. Matching a log against global exclusions

Answer: C

Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
• Matching a Log Against Global Exclusions
• Matching a Log Against Each Event Definition
• Creating an Event Candidate
• When a Candidate Becomes an Event References:

NEW QUESTION 8
Which of the following technologies extracts detailed information from packets and stores that information in state tables?

• A. INSPECT Engine
• B. Stateful Inspection
• C. Packet Filtering
• D. Application Layer Firewall

Answer: A

NEW QUESTION 9
You have successfully backed up Check Point configurations without the OS information. What command would you use to restore this backup?

• A. restore_backup
• B. import backup
• C. cp_merge
• D. migrate import

Answer: D

NEW QUESTION 10
What is the command to check the status of the SmartEvent Correlation Unit?

• A. fw ctl get int cpsead_stat
• B. cpstat cpsead
• C. fw ctl stat cpsemd
• D. cp_conf get_stat cpsemd

Answer: B

NEW QUESTION 11
Customer’s R80 management server needs to be upgraded to R80.10. What is the best upgrade method when the management server is not connected to the Internet?

• A. Export R80 configuration, clean install R80.10 and import the configuration
• B. CPUSE offline upgrade
• C. CPUSE online upgrade
• D. SmartUpdate upgrade

Answer: C

NEW QUESTION 12
What SmartEvent component creates events?

• A. Consolidation Policy
• B. Correlation Unit
• C. SmartEvent Policy
• D. SmartEvent GUI

Answer: B

NEW QUESTION 13
What is the mechanism behind Threat Extraction?

• A. This a new mechanism which extracts malicious files from a document to use it as a counter-attack against its sender.
• B. This is a new mechanism which is able to collect malicious files out of any kind of file types to destroy it prior to sending it to the intended recipient.
• C. This is a new mechanism to identify the IP address of the sender of malicious codes and put it into the SAM database (Suspicious Activity Monitoring).
• D. Any active contents of a document, such as JavaScripts, macros and links will be removed from the document and forwarded to the intended recipient, which makes this solution very fast.

Answer: D

NEW QUESTION 14
The following command is used to verify the CPUSE version:

• A. HostName:0>show installer status build
• B. [Expert@HostName:0]#show installer status
• C. [Expert@HostName:0]#show installer status build
• D. HostName:0>show installer build

Answer: A

NEW QUESTION 15
What is considered Hybrid Emulation Mode?

• A. Manual configuration of file types on emulation location.
• B. Load sharing of emulation between an on premise appliance and the cloud.
• C. Load sharing between OS behavior and CPU Level emulation.
• D. High availability between the local SandBlast appliance and the cloud.

Answer: B

NEW QUESTION 16
What is the least amount of CPU cores required to enable CoreXL?

• A. 2
• B. 1
• C. 4
• D. 6

Answer: B

NEW QUESTION 17
......