Which command shows detailed information about VPN tunnels?
Answer : B
The command vpn tu tlist shows detailed information about VPN tunnels, such as the peer IP address, encryption domain, IKE phase 1 and phase 2 status, encryption algorithm, and tunnel uptime. The command vpn tu is an interactive tool that allows users to list, delete, or reconnect VPN tunnels. The command cpview is a real-time performance monitoring tool that shows various statistics about the system and network. Reference: VPN Administration Guide, SK97638 - What is cpview Utility and How to Use it
Question 3
Please choose the path to monitor the compliance status of the Check Point R81.20 based management.
Answer : C
The path to monitor the compliance status of the Check Point R81.20 based management is Logs & Monitor > New Tab > Open compliance View. Compliance View is a feature that allows administrators to monitor and assess the compliance level of their Check Point products and security policies based on best practices and industry standards. Compliance View provides a dashboard that shows the overall compliance status, compliance score, compliance trends, compliance issues, compliance reports, and compliance blades for different security aspects, such as data protection, threat prevention, identity awareness, etc. To access Compliance View in R81.20 SmartConsole, administrators need to go to Logs & Monitor > New Tab > Open compliance View. The other options are either incorrect or not available in R81.20.
Question 4
What are the three SecureXL Templates available in R81.20?
Accept Templates are used to accelerate traffic that matches an Accept rule in the Security Policy. Accept Templates bypass most of the inspection stages and send packets directly to the network interface.
Drop Templates are used to accelerate traffic that matches a Drop rule in the Security Policy. Drop Templates drop packets without sending them to the firewall kernel for inspection.
NAT Templates are used to accelerate traffic that requires Network Address Translation (NAT). NAT Templates perform NAT operations without sending packets to the firewall kernel.
Therefore, the correct answer is B)
Question 5
What are the methods of SandBlast Threat Emulation deployment?
Answer : A
The methods of SandBlast Threat Emulation deployment are Cloud, Appliance, and Private. SandBlast Threat Emulation is a solution that detects and prevents zero-day attacks by emulating files in a sandbox environment and analyzing their behavior for malicious indicators. SandBlast Threat Emulation can be deployed in three different methods: Cloud, Appliance, and Private. Cloud method is when the files are sent to the Check Point cloud service for emulation and analysis. This method does not require any additional hardware or software on the customer's side, and provides the fastest updates and feeds from ThreatCloud. Appliance method is when the files are sent to a dedicated appliance on the customer's network for emulation and analysis. This method provides more control and privacy for the customer, and supports more file types and sizes. Private method is when the files are sent to a private cloud service on the customer's network for emulation and analysis. This method provides the highest level of control and privacy for the customer, and supports customizing the emulation environment and scenarios.
Question 6
What is the correct command to observe the Sync traffic in a VRRP environment?
Answer : D
The correct command to observe the Sync traffic in a VRRP environment isfw monitor --e ''accept dst=224.0.0.18;''. This command captures the packets that have the destination IP address of 224.0.0.18, which is the multicast address used by VRRP for synchronization. The other commands are either not valid or not specific to VRRP Sync traffic. Reference: [Check Point R81 ClusterXL Administration Guide], Check Point R81 Performance Tuning Administration Guide
All Official Question Types