What does the command "vpn shell tunnels delete all ike" do?
A. Delete only outbound_SPI tables
B. Deletes all IKE and IPSEC SA's
C. Deletes all IKE configuration on the Gateway
D. Deletes all IKE SA's
Which of the following is NOT a special consideration while running fw monitor on production firewall?
A. While executing fw monitor, you need to specify an expression so that it captures the required traffic instead of all traffic
B. While running fw monitor on a busy firewall, the –ci
C. While running fw monitor, it resets all the debug flags
D. During a fw monitor, the firewall will have to process more packets because SecureXL acceleration should be disabled
In R80 spoofing is defined as a method of:
A. Disguising an illegal IP address behind an authorized IP address through Port Address Translation
B. Hiding your firewall from unauthorized users
C. Detecting people using false or wrong authentication logins D. Making packets appear as if they come an authorized IP address
Which one of the following does not belong to an initial status of a critical device?
A. restart
B. problem
C. init
D. ok
Fill in the blank: The R80 utility fw monitor is used to troubleshoot ___________________.
A. User data base corruption
B. LDAP conflicts
C. Traffic issues
D. Phase two key negotiation
To manually configure the number of CoreXL instances running on a gateway, what steps must be taken?
A. cpconfig – Configure Check Point CoreXL – Choose the number of firewall instances –exit - Reboot
B. cpstop – cpconfig – Configure Check Point CoreXL – Choose the number of firewall instances –exit cpstart
C. Uninstall license – cpconfig – Configure Check Point CoreXL – Choose the number of firewall instances – Install license – Exit
D. cpconfig – Configure Check Point CoreXL – Choose the number of firewall instances -exit
What does CMI stand for in relation to the Access Control Policy?
A. Content Matching Infrastructure
B. Content Management Interface
C. Context Management Infrastructure
D. Context Manipulation Interface
While using IPS, the network performance is being impacted on a load sharing cluster with asymmetric routes. What is most likely causing the degradation?
A. A failure in the sync network protocol
B. A static NAT has been configured and an IPS protection requires the connection be handled on the same cluster member
C. CoreXL has been disabled
D. SecureXL has been disabled
An organization has 3 sites; 1 Headquarters (HQ) site and 2 remote sites. The remote sites are connected to the HQ through site-to-site VPNs and phone communication is done using standard SIP. There is an issue with VOIP calls where one side cannot hear the other over the phone. As a test, they decide to disable protocol inspection for SIP. How can this be achieved?
A. Select the existing SIP Service, change the Protocol type to None
B. Create a new UDP 5060 service, change the protocol type to None
C. Create a new TCP 5060 service, change the protocol type to None
D. Select the existing SIP service, change the protocol to None in advance settings.
When troubleshooting static NAT, you would follow all the steps below, EXCEPT:
A. Verify NAT configuration
B. Debug NAT
C. Run "fw tab -t fwx_alloc"
D. Run "fw ctl arp" command