Q1. Check Point APIs allow system engineers and developers to make changes to their organizationu2021s security policy with CLI tools and Web Services for all of the following except?

A. Create new dashboards to manage 3rd party task

B. Create products that use and enhance 3rd party solutions.

C. Execute automated scripts to perform common tasks.

D. Create products that use and enhance the Check Point Solution.

Q2. A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz?

A. Reboot the system and call the start menu. Select the option Snapshot Management, provide the Expert password and select [L] for a restore from a local file. Then, provide the correct file name.

B. As expert user, type the command snapshot -r MySnapshot.tgz.

C. As expert user, type the command revert --file MySnapshot.tgz.

D. As expert user, type the command snapshot - R to restore from a local file. Then, provide the correct file name.

Q3. John is configuring a new R80 Gateway cluster but he can not configure the cluster as Third Party IP Clustering because this option is not available in Gateway Cluster Properties.

Whatu2021s happening?

A. ClusterXL needs to be unselected to permit third party clustering configuration.

B. Third Party Clustering is not available for R80 Security Gateways.

C. John has an invalid ClusterXL license.

D. John is not using third party hardware as IP Clustering is part of Check Pointu2021s IP Appliance.

Q4. Which two processes are responsible on handling Identity Awareness?

A. pdp and lad

B. pdp and pdp-11

C. pep and lad

D. pdp and pep

Q5. Complete this statement from the options provided. Using Captive Portal, unidentified users may be either; blocked, allowed to enter required credentials, or required to download the .

A. Identity Awareness Agent

B. Full Endpoint Client

C. ICA Certificate

D. SecureClient

Q6. Which three of the following are ClusterXL member requirements?

1) same operating systems

2) same Check Point version

3) same appliance model

4) same policy

A. 1, 3, and 4

B. 1, 2, and 4

C. 2, 3, and 4

D. 1, 2, and 3

Q7. Fill in the blank. The command that typically generates the firewall application, operating system, and hardware specific drivers is .

Q8. Where do you verify that UserDirectory is enabled?

A. Verify that Security Gateway > General Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked

B. Verify that Global Properties > Authentication > Use UserDirectory (LDAP) for Security Gateways is checked

C. Verify that Security Gateway > General Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

D. Verify that Global Properties > UserDirectory (LDAP) > Use UserDirectory (LDAP) for Security Gateways is checked

Q9. You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:

Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original || Translated Destination: web_private_IP || Service: Original

u201cweb_public_IPu201d is the node object that represents the new Web serveru2021s public IP address. u201cweb_private_IPu201d is the node object that represents the new Web siteu2021s private IP address. You enable all settings from Global Properties > NAT.

When you try to browse the Web server from the Internet you see the error u201cpage cannot be displayedu201d. Which of the following is NOT a possible reason?

A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.

B. There is no ARP table entry for the protected Web serveru2021s public IP address.

C. There is no route defined on the Security Gateway for the public IP address to the Web serveru2021s private IP address.

D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.

Q10. Because of pre-existing design constraints, you set up manual NAT rules for your HTTP server. However, your FTP server and SMTP server are both using automatic NAT rules. All traffic from your FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped on rule 0 because of anti-spoofing settings. What is causing this?

A. Manual NAT rules are not configured correctly.

B. Allow bi-directional NAT is not checked in Global Properties.

C. Routing is not configured correctly.

D. Translate destination on client side is not checked in Global Properties under Manual NAT Rules.