SandBlast appliances can be deployed in the following modes:
C. Inline/prevent or detect
SandBlast appliances can be deployed in an inline mode where they actively inspect and prevent or detect malicious traffic. In this mode, the appliance sits in the network traffic path and can take actions to block or detect threats in real-time.
References: Check Point Certified Security Expert R81 Study Guide, Check Point documentation on SandBlast.
Questions 5
What is the benefit of “tw monitor” over “tcpdump”?
Options:
A.
“fw monitor” reveals Layer 2 information, while “tcpdump” acts at Layer 3.
B.
“fw monitor” is also available for 64-Bit operating systems.
C.
With “fw monitor”, you can see the inspection points, which cannot be seen in “tcpdump”
D.
“fw monitor” can be used from the CLI of the Management Server to collect information from multiple gateways.
The benefit of fw monitor over tcpdump is that with fw monitor, you can see the inspection points, which cannot be seen in tcpdump. Inspection points are the locations in the firewall kernel where packets are inspected by the security policy and other software blades. Fw monitor allows you to capture packets at different inspection points and see how they are processed by the firewall. Tcpdump, on the other hand, is a generic packet capture tool that only shows the packets as they enter or leave the network interface. References: Check Point Security Expert R81 Course, fw monitor, tcpdump
Questions 6
You are asked to check the status of several user-mode processes on the management server and gateway. Which of the following processes can only be seen on a Management Server?
User-mode processes are processes that run in the user space of the operating system, as opposed to kernel-mode processes that run in the kernel space. User-mode processes are usually less privileged and have less access to system resources than kernel-mode processes. Check Point products use both user-mode and kernel-mode processes to provide various functionalities and services.
The following are some of the user-mode processes that can be seen on the management server and gateway:
fwd: This process is responsible for policy installation, logging, and communication with other Check Point components. It runs on both the management server and gateway.
cpd: This process is responsible for licensing, certificate management, and communication with SmartConsole. It runs on both the management server and gateway.
cpwd: This process is responsible for monitoring and restarting other processes. It runs on both the management server and gateway.
The following is a user-mode process that can only be seen on the management server:
fwm: This process is responsible for managing the security policy database, compiling the security policy, and generating reports. It runs only on the management server.
Therefore, the correct answer is B.
References: Check Point Processes and Daemons, Check Point Processes Cheat Sheet, Check Point Firewall Security Solution
Questions 7
Which of the following links will take you to the SmartView web application?
The SmartView web application is a web-based interface that allows you to view and analyze logs and events from your Security Gateways and Management Servers1. To access the SmartView web application, you need to use the following link: https:// /smartview/. This link will prompt you to enter your credentials and then take you to the SmartView dashboard. The other options are not correct because:
A. The link https:///smartviewweb/ is missing a slash (/) between the host name and smartviewweb.
C. The link https://smartviewweb is missing a slash (/) after the host name and before smartviewweb.
D. The link https:///smartview is missing a slash (/) at the end.
