1
SmartEvent Servers that are expected to receive logs from gateways managed by multiple domains should have ____________________
A domain object associated whit it a and SIC relationship established with the each
Domain Management Server
A host object associated with it and a SIC relationship established with each Domain
Log Server
A global object associated with it a and SIC relationship established with the Multi-Domain Management Server
Global object associated whit it a and SIC relationship established with the MultiDomain Log Server
2
What command is used to stop a specific domain server?
mdsstop_customer <Domain IP/name>
stop_domain <Domain IP/name>
mdsstop <Domain IP/name>
mdsstop <name/Domain IP>
3
Is it possible to have more than one Global Policy per Multi-Domain Server?
No, you can only configure one Global Policy per Multi-Domain Server. If this does
not comply with your needs, you must install another Mutli-Domain Server.
Yes, you could configure as many Global Policies as needed, however, you can only
assign one Global Policy to a Domain Management Server
No, you can only configure one Global per Multi-Domain Server and as far as you
have configured this Global Policy, it is mandatory that evey Domain Management
Server is associate this Policy
Yes, you could configure as many Global Policies as needed, and you can assign
multiple Global Policies to a Domain Management Server at any time
4
All Multi-Domain Server must contain at least one interface with a routable IP address and be able to query a DNS Server to resolve the IP address of other host machine names. What type of address or addresses can you use?
You can use IPV4 and IPV6 address. Both addresses must always be defined.
You can use only IPV4 address and it must always be defined
You can use IPV4 and/or IPV6 address. IPV4 address must always be defined.
You can use IPV4 and/or IPV6 address. One of the address (IPV4or IPV6) must
always e defined
5
Which of the following is not a predefined permission profile?
Multi-Domain Superuser
Domain Manager
Global Manager
Global Superuser
6
The Global Domain is a collection of rules, objects and settings shared with all Domains or with specific Domains. How is the Global Domain created?
It is created manually after the installation of Multi-Domain Management using the
mdsconfig utility
It is created manually after the installation of the Multi-Domain Management in
SmartConsole
It is created automatically when you create first domain in Multi-Domain Management
It is created automatically when you install Multi-Domain Management
7
What is the command to view the SIC status of the Domain Management Servers to their corresponding Virtual Systems?
mdsstat -vsx
vsxconfig ->show sic status
cp_conf show sic to vsx
vsx stat -v
8
Name the complete list of MDSM system processes and daemons.
CPM,FWM,FWD,CPHAMCSET,CPCA
CPM,FWM,FWD,CPD and CPCA
FWM,FWD,CPF CPHAMCSET,CPCA
CPM,FMW,FWD,CPD and CPHAMCSET
9
Which command needs to be executed for opening the MDSM Server configuration?
mdsconfig
ldsconfig
cpconfig
msconfig
10
What is the purpose of a Multi-Domain Log Server?
A Multi-Domain Log Server function as a container for Domain Log Servers
A Multi-Domain Log Server functions as the destination Log Server for each
particular Virtual System in a VSX environment
To comply with SOX, a Multi-Domain Log Server is a Log Server which servers as a
Log Server for multiple Multi-Domain Servers
A Multi-Domain Log Server is a Log server which has the capability to convert
to Check Point logs into the open LOGSEC format
11
Which type of synchronization is NOT supported?
Automatic Synchronization
Initial synchronization
Periodic Synchronization
Manual Synchronization
12
Which command is used to view status information about the MDSM Server and specific domain servers running on it?
mdsutil
mdsstat
mds
mdsconfig
13
Domain Servers Availability is a _____________________
Redundancy and load sharing solution
Redundancy solution only
Redundancy or load sharing solution
Load sharing solution only
14
Which of these is a predefined profile in the Multi-Domain Management?
Multi-Domain Log Manager
Multi-Domain Superuser
Global Superuser
Multi-Domain Manager
15
When VSX is managed with as MDSM, VSX gateways are managed by a Domain Management Server commonly referred to as the ___________________________
Secondary Security Management Server
Primary Domain Management Server
Main Domain Management Server
VSX Management Server
16
Which servers generate Audit Logs?
Domain Management Servers and Multi-Domain Management Servers
The administrator can configure this settings
Domain Management Servers, Multi-Domain Management Servers and MultiDomains Logs Servers
Only Domain Management Servers
17
For a Security Gateway to log a Domain Log Server, it must __________________________
Be configured to forward logs to the Domain Log Server
Be unable to contact the SmartEvent Server
Be in the same geographic location as the Domain Log Server
Be unable to contact the Domain Management Server
18
VSX (Virtual System Extension) technology is based on the following technology?
hypervisor based
container based
content based
context based
19
Primary Multi-Domain Server can host:
Primary or Secondary Domain Management Servers or Domain Log Servers
No Domain Servers, only MDSM database, administrators and permissions, and
audit logs
Primary Domain Management Servers only
Only primary or secondary Domain Management Servers, no Domain Log Servers
20
What kind of database is on the MDSM server?
MariaDB
QuintaDB
MySQL
PostgresSQL
21
Administrators with the Global Manager profile can perform which the following functions?
Manage all users for the Multi-Domain Server
Manager the Multi-Domain server
Manage all domain management servers in all domain
Manage global rules and assignments
22
Which of the following is one of the three main components of the Check Point MDSM environment?
Domain Web Server
Domain Name Server
Domain Log Server
Domain Smartcenter Server
23
Which of the following statements is about the Global Policy Management is correct/true?
The Global Domain is automatically created when a MDLS Server is installed
The Global Domain is automatically created when a MDSM Server is installed
The Global Domain is automatically deleted when a MDLS Server is installed
The Global System Domain is manually created when a MDSM Server is installed
24
What is the default settings for Domain Log Servers in an MDSM environment?
Each Domain has one Domain Log Server on a Multi-Domain Server
Each Domain keeps its Domain Log Servers on one or more Multi-Domain Log
Servers
Each setting must be configured by logging manually
Each Domain Security Gateway works as the Log Server for its own logs
25
How can a Domain Log Server be deployed?
It is mandatory to have a Domain Log Server in every MDS Server installation
Each Domain can have its own Domain Log Server
Each Domain can have multiple independent Domain Log Server, each one per
Software Blade
Multiple Domains can share one Domain Log Server
26
In an MDSM environment, a Domain Log Server can be hosted on:
A Domain Log Server is a part of Domain Management Server and it cannot be
hosted separately
A Domain Log Server can be hosted only an a Multi-Domain Server that hosts the
Primary Domain Management Server for that Domain
Primary/Secondary Multi-Domain Server or Multi-Domain Log Server
Only on a Multi-Domain Log Server
27
Which Servers can be housed in a Secondary MDS?
Secondary MDS replicate whatever servers are in a primary MDS
Only Secondary Domain Management Servers and Domain Log Servers
Primary or Secondary Domain Management Servers and Domain Log Servers
Only Secondary Domain Management Servers
28
The Global Domain contains a collection of:
Global rules, Global objects, Global configuration settings
Global rules, Domain objects, Global configuration settings
Domain rules, Domain objects, Domain configuration settings
Domain rules, Global objects, Domain configuration settings
29
Which component of MDSM solution is responsible for housing Domain Servers, Security Policies, system data and the Multi-Domain Management system software?
All the above
Domain Server
Domain Log Server
Multi-Domain Server
30
You need to debug a specific daemon on the Alpha-Domain-Server inside MultiDomain Server.What command will you use to achieve it?
Change context to domain server: mdsenv Alpha-Domain-Server. Then start
debugging asa usual
Use usual debug commands with -ds switch to specify Alpha-Domain-Server. For
example: fw debug fwd on -ds fwd -d Alpha-Domain-Server
Use mdsdebug with -d switch to specify Alpha-Domain-Server. For example:
mdsdebug fwd -d Alpha-Domain-Server
Use usual debug commands (for example: fw debug fwd on
TDERROR_ALL_ALL=5). Then use grep to search debug file for Alpha-DomainServer entries
31
Global Policies are assigned in the following manner:
There is only one Global Policy which is automatically assigned to all the domains
and all policies within then. There is no option to remove this assignment
A Global Policy is automatically merged with all the policies in all domains. These
are disable by default and administrators of each domain have the option to enable
required rules.
A Global Policy is installed on security gateway taken over by the global domain.
Once the takeover is done, the original domain cannot control the security gateway
Administrators can assign a Global Policy to specific domain and to specific policies
within domains
32
How many virtual systems can be hosted on a single VSX Gateway machine?
250
256
252
254
33
Which of the statements is true regarding Global Access Control Policy?
The Global Access Control Policy contains global rules that control access to
network resources. This is includes Firewall, Application Control, URL Filtering and
IPSEC VPN rules
The Global Access Control Policy contains collections of local rules that control
access to network resources globally. This includes Hide NAT, Port Address
Translation, Mobile Access, and Identity Awareness rules
The Global Access Control Policy contains global rules that control access to
network resources. This is includes Global Properties, Mobile Access, NAT and IPSEC
VPN rules.
The Global Access Control Policy contains a collections of individual local rules that
control access to network resource globally. This is includes Identity Awareness, Threat
Emulation, Desktop Security, and IPSEC VPN rules
34
Which of the following is not part of the Multi-Domain Server database (mdsdb)?
Administrators and Permissions
Domain Server
Security Gateways and their installed applications
The Global Domain
35
Which is a difference between Periodic and Manual Synchronization in a MDSM HA environment?
Changes are synchronized from the Active Domain Server to the Standby Domain
Management Server
They don't occur automatically when a new Secondary DMS is created
Unplublished sessions are not synchronized
Clients are disconnected during synchronization
36
Which of the following is the correct Management HA feature of the MDSM solution?
Multi-Domain Server HA is Active/Standby solution where there is one active MultiDomain Server that hosts all active Domain Server
HA is only available at the Domain Server level. For Multi-Domain Servers,
backup file can be used
Management HA is completely Active/Active at the Multi-Domain Server and
Domain Server leve
Multi-Domain Server HA is Active/Active whereas in Domain Management Servers, one domain servers is active and the others are standby
37
When considering logs from a Security Gateway ____________________________
Each gateway must be configured to send logs to a log server
Each gateway automatically sends logs to the Primary Domain Management Server
The Global Policy overrides the gateway log server configuration
Each gateway automatically sends logs to any log servers in the domain
38
You are using the Single Site Deployment of MDSM solution. What is the recommended way to protect such a type of deployment from failures?
Use Management HA for each domain in the MDSM environment
Use Management HA for each domain server in MDSM environment
Use a backup solution to save system databases and settings
Use the secondary Multi-Domain Server to synchronize system databases and
settings
39
What are two different deployment types for MDSM?
Standalone Deployment and High-Availability Deployment for Failover clustering
the MDS Server
SmartEvent Deployment and SmartReporter Deployment in conjunction with
MDSM
Standalone Deployment and Distributed Deployment
Single-Site- Deployment and Multi-Site Deployment
40
Which type of server is a container that can host several individual virtual Log Servers inside of it?
Domain Server
Domain Log Server
Multi-Domain Log Server
Multi-Domain Server
41
Fill in the blank. Multi-Domain Management Server High Availability is an _____________________________ redundancy solution and Domain Management Server High Availability is an ___________________ redundancy solution.
Active/Active and Active/Active
Active/Standby and Active/Standby
Active/Standby and Active/Active
Active/Active and Active/Standby
42
Where are audit logs saved in a distributed environment with the multiple MDSM and MDLS
To all servers in the environment
To the MDLS
In the respective container
To the Primary MDSM
43
When a new Domain Log Server is configured and deployed, ______________________________
The Security Gateway must be configured to send its logs to the server
The Security Gateway will automatically start to send logs to it
It must be manually synchronized to a Domain Log Server
The Primary MDSM Server will automatically connect to the new server
44
The mdsstop -m commands is used to stop ________________
everything except the Multi-Domain Security Management
everything on the Multi-Domain Security Management
the Global Domain Management Server
Only the Multi-Domain Security Management
45
The difference between Multi-Domain Log Server and Domain Log Server is:
A Multi-Domain Log Server stores logs from all domains into a single repository and
it replaces the Domain Logs Server which us used for storing logs from a single domain
SMS
There is not difference, they are both the same
Domain Log Server is one that received logs from devices in a domain. A MultiDomain Log Server is one that receives logs only from Multi-Domain Servers (Primary
and Secondary)
A Domain Log Servers received logs from the devices in the single domain. The
Multi-Domain Log Server is a container that hosts one or more such Domain Log
Servers
46
The Check Point MDSM environment consists of which components?
The Multi-Domain Server, Domain Servers, and Domain Log Servers
The Multi-Domain GUI, the VSX Gateway and the CMAs
The Multi-Domain Server, the VSX Gateways, and the Virtual Systems
The Multi-Domain Server, the global CA, the MDG license
47
Multi-Domain Log Servers manage and house __________________________
SmartEvent Servers for each domain
Domain Management Servers and Domain Log Servers
Logs from all of the Gateways in a domain
Domain Logs Servers for each domain
48
What is a Domain Server?
It is a log server that holds log files generated by the Windows and Linux Servers with installed SandBlast Agents for checking system-related events
It is a log server that holds log files generated by the Global security gateways for a Global Domain
It is a log server that holds log files generated by security gateways for all the Domain
It is a log server that holds log files generated by security gateways for a specific Domain
49
Authentication requests sent from cpm to fwm of the MDSM and the Domain are established on which port?
9009
18191
19009
18190
50
You are migrating from a single server to MDSM solution. You successfully exported configuration. You also created a Domain Management Server. Now you need to import configuration to the newly created Domain Server. What command is used to import configuration?
cma_import
migrate_import
migrate import
mdsstat
51
Which process requires only one instance to handle all transactions with all Domain Servers?
fwm
cpca
cpd
cpm
52
Which component of MDSM solution receives status notifications and real-time monitoring data from its Security Gateways and, if requested, also receives logs from gateways?
Multi-Domain Server
Multi-Domain Log Server
Domain Server
Domain Log Server
53
Which of the following is not contained in the Global Domain?
Global Objects
Global Policy Push
Global Rules
Global Configuration Settings
54
Global Rules and global objects ___________________________
cannot be modified once configured
can be modified in the Domain Server level of SmartConsole
can be modified in the both the Global Access and Threat Prevention policies
can only be modified in the Global Domain
55
You want to change a leading interface on a Multi-Domain Server after installation. What command will you use?
ifconfig
ethtool
mdsconfig
cpconfig
56
What is considered as a 'Domain' in the Check Point Multi-Domain Security Management solution?
The part of a URL that comes in between the protocol and the path of the resource
A domain is an identification string that defines a realm of administrative autonomy, authority or control within the Internet
A domain is a virtual object that defines a network or a collection of networks related to an entity, such as a company, branch location, or business unit
A domain is a distinct subset of the Internet with addresses sharing a common suffix or under the control of a particular organization or individual
57
Which of the following is not one of the three types of synchronization which occur during normal operations?
Periodic Synchronization
Automatic Synchronization
Initial Synchronization
Manual Synchronization
58
Which of the following is one of the numerous benefits of Check Point MDSM?
Separate Certificate Authority for each management domain
One global CA for all DMS
One IPSEC VPN configuration for all of the Management Domains based on a
placeholder object representing the individual gateway object
HA configuration with different operating systems (Gaia&IPSO) within its
configuration
59
What is one of the benefits of Multi-Domain Security Management?
Centralized license management
Centralized certificate authority
Centralized security logging
Centralized complaince monitoring
60
Your customer asks you to create Global NAT rules for all his domain. Where can you do this?
Global Access Control Policy - Create NAT Rule Base
Global Domain - Create NAT Rule Base
Global Objects - Use NAT settings for required objects
You cannot define global NAT settings
61
The default log server for the Gateways in a Domain is the __________________
Primary Domain Management Server
Primary Domain Log Server
SmartEvent Server
Secondary Domain Management Server
62
What is the port used by the SmartConsole to connect to the CPM process of the Security Management Server?
18190/TCP
19009/UDP
19009/TCP
18191/TCP
63
Which of the following commands will instruct the system to stop the MDSM Server and allow the domain servers to continue to run as normal?
mdsstop
mdsstop_customer <domain server IP>
mdsstop -m
mdsstop <MDSM server IP>
64
When an Active Domain Management Server fails in a MSDM HA environment:
Administrators must manually changes a Standby Domain Server to the Active state
to make changes to objects and policy
The Secondary Domain Management Server automatically functions servers as the
Active Server
The system will automatically select a Standby Domain Server to be the Active
Domain Server
The Standby Domain Server automatically changes to Active state and
administrators must manually synchronize the policy
65
67-Which of the following are features of the Check Point MDSM solution: i) Multiple management domains ii) Centralized security management and monitoring iii) Global Security Policy functionality iv) Granular role-based administration v) Multi-Domain log server vi) Domain High Availability
Only - i, ii and vi
Only - i and v
Only - i, ii, v and vi
All - i, ii, iii,iv,v,vi
66
Which of the following is not included in Global Threat Prevention Policy?
IPS
Anti-Ransomware
Anti-Virus
Anti-Bot
67
When working with VSX on a Multi-Domain Server it is best to manage___________________
VSX Gateways and Virtual Systems in the same domain
VSX Gateways and Physical Gateways in the separate domain
All Gateways in the same domain
VSX Gateways and Virtual Systems in separate domains
68
How many domains can a Multi-Domain Management Server host?
up to 250
up to 252
up to 254
up to 256
69
The Global Domain is a permanent, automatically generated Domain on every MDSM that _________________________________
Manages Global firewalls
Secures the Multi-Domain Server
Manages Global objects and rules
Logs all traffic in the Multi-Domain Environment
70
How many Internal Certificate Authorities are used by a Domain in a MDSM System?
The Primary MDS Certificate Authority handles all certificate needs in the MDSM
system
The administrator can select whether to use the Primary MDS Certificate Authority
or individual internal Certificate Authorities
Every Domain has an Internal Certificate Authority and an External Certificate
Authority for use with communication with the Multi-Domain server
Each Domain has its own Internal Certificate Authority that is suborndinate to the
Primary MDS Certificate Authority
71
The Global Domain Database contains:
Information about all Domain Servers and Domain Log Servers
All rules, objects and settings for all domains
Rules, objects and settings which are shared with each domain or with specified
domains
Records of all domain administrators
72
Which of the following types is NOT used in a typical VSX configuration?
Hyperlinks
Warp links
Physical interfaces
Virtual (VLAN) Interface
73
When considering Global Assignments of Policies _______________________
A Global Access Policy can be assigned to all policies inside a domain or to a
specified domain policy
Global Access Policy are automatically assigned to all domain policies
A Global Access Policy is assigned to all policies inside a domain
A Global Access Policy can only be assigned to one specific domain policy at a time
74
Administrators can back-up Multi-Domain management servers using Snapshots, System Backups and ____________________
migrate export
mdsstat
mds_backup
save configuration
75
Which of the following Processes is not displayed in the mdsstat
cpd
fwm
cpm
fwd