Firewall polices must be configured to accept VRRP packets on the GAiA platform if it Firewall software. The Multicast destination assigned by the internet Assigned Number Authority (IANA) for VRRP is:
Answer : A
The multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is 224.0.0.18. This is a reserved multicast address that is used by VRRP routers to communicate with each other and announce their priority and state. Firewall policies must be configured to accept VRRP packets on the Gaia platform if it runs Firewall software. Otherwise, VRRP packets will be dropped by default. Reference: [Configuring VRRP on Gaia]
How would you enable VMAC Mode in ClusterXL?
Answer : A
To enable VMAC Mode in ClusterXL, you need to go to Cluster Object -> Edit -> ClusterXL and VRRP -> Use Virtual MAC. VMAC Mode is a feature that allows ClusterXL to use a virtual MAC address for cluster interfaces instead of physical MAC addresses. This simplifies the cluster configuration and avoids issues with MAC address flapping or spoofing on switches. Reference: [VMAC Mode]
Using Threat Emulation technologies, what is the best way to block .exe and .bat file types?
Answer : A
The best way to block .exe and .bat file types using Threat Emulation technologies is toenable DLP and select .exe and .bat file type. DLP stands for Data Loss Prevention, and it is a feature that allows administrators to define rules and actions to protect sensitive data from unauthorized access or transfer. One of the DLP rule conditions is File Type, which can be used to block or alert on specific file types, such as .exe and .bat, that may contain malicious code or scripts. The other options are either not related to Threat Emulation technologies, or not effective in blocking .exe and .bat file types.
Topic 3, Exam Pool C
What state is the Management HA in when both members have different policies/databases?
Answer : D
The state of the Management HA when both members have different policies/databases is Collision. This state indicates that there is a conflict between the members and they need to be synchronized manually. The other states are not applicable in this scenario. The Synchronized state indicates that both members have identical policies/databases and are ready for failover. The Never been synchronized state indicates that the members have never been synchronized since they were configured as HA pair. The Lagging state indicates that one member has a newer policy/database than the other member and needs to be synchronized automatically. Reference: [Management High Availability]
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityManagement_WebAdminGuide/
html_frameset.htm?topic=documents/R77/CP_R77_SecurityManagement_WebAdminGuide/98838
What are the blades of Threat Prevention?
Answer : D
The blades of Threat Prevention in Check Point include:
Intrusion Prevention System (IPS)
AntiVirus
AntiBot
SandBlast Threat Emulation/Extraction
So, the correct answer is D, which includes all the mentioned blades.
Joey want to configure NTP on R81 Security Management Server. He decided to do this via WebUI. What is the correct address to access the Web UI for Gaia platform via browser?
Answer : A
The correct address to access the Web UI for Gaia platform via browser is https://<Device_IP_Adress>. This will open the Gaia Portal login page, where you can enter your username and password to access the Gaia configuration options. By default, the Web UI listens on port 443 for HTTPS connections, but you can change it using the CLISH commandset web ssl-port
Which is NOT a SmartEvent component?
Answer : C
Log Consolidatoris NOT a SmartEvent component. SmartEvent is a unified security event management solution that provides visibility, analysis, and reporting of security events across multiple Check Point products. SmartEvent consists of three main components: SmartEvent Server, Correlation Unit, and Log Server. SmartEvent Server is responsible for storing and displaying security events in SmartConsole and SmartEventWeb. Correlation Unit is responsible for collecting and correlating logs from various sources and generating security events based on predefined or custom scenarios. Log Server is responsible for receiving and indexing logs from Security Gateways and other Check Point modules. Log Consolidator is not a valid component or blade of SmartEvent.