1
SmartEvent Servers that are expected to receive logs from gateways managed by multiple domains should have ____________________
A global object associated with it a and SIC relationship established with the Multi-Domain Management Server
Global object associated whit it a and SIC relationship established with the MultiDomain Log Server
A host object associated with it and a SIC relationship established with each Domain
Log Server
A domain object associated whit it a and SIC relationship established with the each
Domain Management Server
2
What command is used to stop a specific domain server?
mdsstop <name/Domain IP>
mdsstop_customer <Domain IP/name>
stop_domain <Domain IP/name>
mdsstop <Domain IP/name>
3
Is it possible to have more than one Global Policy per Multi-Domain Server?
Yes, you could configure as many Global Policies as needed, and you can assign
multiple Global Policies to a Domain Management Server at any time
No, you can only configure one Global Policy per Multi-Domain Server. If this does
not comply with your needs, you must install another Mutli-Domain Server.
No, you can only configure one Global per Multi-Domain Server and as far as you
have configured this Global Policy, it is mandatory that evey Domain Management
Server is associate this Policy
Yes, you could configure as many Global Policies as needed, however, you can only
assign one Global Policy to a Domain Management Server
4
All Multi-Domain Server must contain at least one interface with a routable IP address and be able to query a DNS Server to resolve the IP address of other host machine names. What type of address or addresses can you use?
You can use IPV4 and IPV6 address. Both addresses must always be defined.
You can use IPV4 and/or IPV6 address. IPV4 address must always be defined.
You can use only IPV4 address and it must always be defined
You can use IPV4 and/or IPV6 address. One of the address (IPV4or IPV6) must
always e defined
5
Which of the following is not a predefined permission profile?
Multi-Domain Superuser
Domain Manager
Global Superuser
Global Manager
6
The Global Domain is a collection of rules, objects and settings shared with all Domains or with specific Domains. How is the Global Domain created?
It is created automatically when you install Multi-Domain Management
It is created automatically when you create first domain in Multi-Domain Management
It is created manually after the installation of the Multi-Domain Management in
SmartConsole
It is created manually after the installation of Multi-Domain Management using the
mdsconfig utility
7
What is the command to view the SIC status of the Domain Management Servers to their corresponding Virtual Systems?
vsx stat -v
cp_conf show sic to vsx
vsxconfig ->show sic status
mdsstat -vsx
8
Name the complete list of MDSM system processes and daemons.
FWM,FWD,CPF CPHAMCSET,CPCA
CPM,FWM,FWD,CPHAMCSET,CPCA
CPM,FWM,FWD,CPD and CPCA
CPM,FMW,FWD,CPD and CPHAMCSET
9
Which command needs to be executed for opening the MDSM Server configuration?
mdsconfig
msconfig
ldsconfig
cpconfig
10
What is the purpose of a Multi-Domain Log Server?
A Multi-Domain Log Server is a Log server which has the capability to convert
to Check Point logs into the open LOGSEC format
To comply with SOX, a Multi-Domain Log Server is a Log Server which servers as a
Log Server for multiple Multi-Domain Servers
A Multi-Domain Log Server functions as the destination Log Server for each
particular Virtual System in a VSX environment
A Multi-Domain Log Server function as a container for Domain Log Servers
11
Which type of synchronization is NOT supported?
Initial synchronization
Manual Synchronization
Periodic Synchronization
Automatic Synchronization
12
Which command is used to view status information about the MDSM Server and specific domain servers running on it?
mdsstat
mdsconfig
mdsutil
mds
13
Domain Servers Availability is a _____________________
Load sharing solution only
Redundancy and load sharing solution
Redundancy solution only
Redundancy or load sharing solution
14
Which of these is a predefined profile in the Multi-Domain Management?
Global Superuser
Multi-Domain Superuser
Multi-Domain Log Manager
Multi-Domain Manager
15
When VSX is managed with as MDSM, VSX gateways are managed by a Domain Management Server commonly referred to as the ___________________________
Secondary Security Management Server
Main Domain Management Server
Primary Domain Management Server
VSX Management Server
16
Which servers generate Audit Logs?
Only Domain Management Servers
Domain Management Servers and Multi-Domain Management Servers
The administrator can configure this settings
Domain Management Servers, Multi-Domain Management Servers and MultiDomains Logs Servers
17
For a Security Gateway to log a Domain Log Server, it must __________________________
Be unable to contact the SmartEvent Server
Be in the same geographic location as the Domain Log Server
Be unable to contact the Domain Management Server
Be configured to forward logs to the Domain Log Server
18
VSX (Virtual System Extension) technology is based on the following technology?
hypervisor based
container based
content based
context based
19
Primary Multi-Domain Server can host:
Primary or Secondary Domain Management Servers or Domain Log Servers
Only primary or secondary Domain Management Servers, no Domain Log Servers
No Domain Servers, only MDSM database, administrators and permissions, and
audit logs
Primary Domain Management Servers only
20
What kind of database is on the MDSM server?
MariaDB
QuintaDB
MySQL
PostgresSQL
21
Administrators with the Global Manager profile can perform which the following functions?
Manage global rules and assignments
Manage all domain management servers in all domain
Manager the Multi-Domain server
Manage all users for the Multi-Domain Server
22
Which of the following is one of the three main components of the Check Point MDSM environment?
Domain Log Server
Domain Name Server
Domain Web Server
Domain Smartcenter Server
23
Which of the following statements is about the Global Policy Management is correct/true?
The Global Domain is automatically created when a MDSM Server is installed
The Global Domain is automatically deleted when a MDLS Server is installed
The Global System Domain is manually created when a MDSM Server is installed
The Global Domain is automatically created when a MDLS Server is installed
24
What is the default settings for Domain Log Servers in an MDSM environment?
Each Domain has one Domain Log Server on a Multi-Domain Server
Each Domain Security Gateway works as the Log Server for its own logs
Each setting must be configured by logging manually
Each Domain keeps its Domain Log Servers on one or more Multi-Domain Log
Servers
25
How can a Domain Log Server be deployed?
Each Domain can have its own Domain Log Server
Each Domain can have multiple independent Domain Log Server, each one per
Software Blade
Multiple Domains can share one Domain Log Server
It is mandatory to have a Domain Log Server in every MDS Server installation
26
In an MDSM environment, a Domain Log Server can be hosted on:
Only on a Multi-Domain Log Server
Primary/Secondary Multi-Domain Server or Multi-Domain Log Server
A Domain Log Server can be hosted only an a Multi-Domain Server that hosts the
Primary Domain Management Server for that Domain
A Domain Log Server is a part of Domain Management Server and it cannot be
hosted separately
27
Which Servers can be housed in a Secondary MDS?
Primary or Secondary Domain Management Servers and Domain Log Servers
Only Secondary Domain Management Servers and Domain Log Servers
Only Secondary Domain Management Servers
Secondary MDS replicate whatever servers are in a primary MDS
28
The Global Domain contains a collection of:
Domain rules, Global objects, Domain configuration settings
Domain rules, Domain objects, Domain configuration settings
Global rules, Domain objects, Global configuration settings
Global rules, Global objects, Global configuration settings
29
Which component of MDSM solution is responsible for housing Domain Servers, Security Policies, system data and the Multi-Domain Management system software?
All the above
Domain Server
Domain Log Server
Multi-Domain Server
30
You need to debug a specific daemon on the Alpha-Domain-Server inside MultiDomain Server.What command will you use to achieve it?
Use usual debug commands with -ds switch to specify Alpha-Domain-Server. For
example: fw debug fwd on -ds fwd -d Alpha-Domain-Server
Change context to domain server: mdsenv Alpha-Domain-Server. Then start
debugging asa usual
Use usual debug commands (for example: fw debug fwd on
TDERROR_ALL_ALL=5). Then use grep to search debug file for Alpha-DomainServer entries
Use mdsdebug with -d switch to specify Alpha-Domain-Server. For example:
mdsdebug fwd -d Alpha-Domain-Server
31
Global Policies are assigned in the following manner:
A Global Policy is installed on security gateway taken over by the global domain.
Once the takeover is done, the original domain cannot control the security gateway
Administrators can assign a Global Policy to specific domain and to specific policies
within domains
There is only one Global Policy which is automatically assigned to all the domains
and all policies within then. There is no option to remove this assignment
A Global Policy is automatically merged with all the policies in all domains. These
are disable by default and administrators of each domain have the option to enable
required rules.
32
How many virtual systems can be hosted on a single VSX Gateway machine?
256
254
250
252
33
Which of the statements is true regarding Global Access Control Policy?
The Global Access Control Policy contains collections of local rules that control
access to network resources globally. This includes Hide NAT, Port Address
Translation, Mobile Access, and Identity Awareness rules
The Global Access Control Policy contains global rules that control access to
network resources. This is includes Firewall, Application Control, URL Filtering and
IPSEC VPN rules
The Global Access Control Policy contains global rules that control access to
network resources. This is includes Global Properties, Mobile Access, NAT and IPSEC
VPN rules.
The Global Access Control Policy contains a collections of individual local rules that
control access to network resource globally. This is includes Identity Awareness, Threat
Emulation, Desktop Security, and IPSEC VPN rules
34
Which of the following is not part of the Multi-Domain Server database (mdsdb)?
Domain Server
Administrators and Permissions
Security Gateways and their installed applications
The Global Domain
35
Which is a difference between Periodic and Manual Synchronization in a MDSM HA environment?
Unplublished sessions are not synchronized
Clients are disconnected during synchronization
Changes are synchronized from the Active Domain Server to the Standby Domain
Management Server
They don't occur automatically when a new Secondary DMS is created
36
Which of the following is the correct Management HA feature of the MDSM solution?
Management HA is completely Active/Active at the Multi-Domain Server and
Domain Server leve
Multi-Domain Server HA is Active/Standby solution where there is one active MultiDomain Server that hosts all active Domain Server
Multi-Domain Server HA is Active/Active whereas in Domain Management Servers, one domain servers is active and the others are standby
HA is only available at the Domain Server level. For Multi-Domain Servers,
backup file can be used
37
When considering logs from a Security Gateway ____________________________
Each gateway automatically sends logs to any log servers in the domain
The Global Policy overrides the gateway log server configuration
Each gateway must be configured to send logs to a log server
Each gateway automatically sends logs to the Primary Domain Management Server
38
You are using the Single Site Deployment of MDSM solution. What is the recommended way to protect such a type of deployment from failures?
Use Management HA for each domain server in MDSM environment
Use a backup solution to save system databases and settings
Use the secondary Multi-Domain Server to synchronize system databases and
settings
Use Management HA for each domain in the MDSM environment
39
What are two different deployment types for MDSM?
Single-Site- Deployment and Multi-Site Deployment
Standalone Deployment and Distributed Deployment
Standalone Deployment and High-Availability Deployment for Failover clustering
the MDS Server
SmartEvent Deployment and SmartReporter Deployment in conjunction with
MDSM
40
Which type of server is a container that can host several individual virtual Log Servers inside of it?
Multi-Domain Server
Domain Server
Domain Log Server
Multi-Domain Log Server
41
Fill in the blank. Multi-Domain Management Server High Availability is an _____________________________ redundancy solution and Domain Management Server High Availability is an ___________________ redundancy solution.
Active/Standby and Active/Standby
Active/Active and Active/Active
Active/Standby and Active/Active
Active/Active and Active/Standby
42
Where are audit logs saved in a distributed environment with the multiple MDSM and MDLS
To the Primary MDSM
In the respective container
To the MDLS
To all servers in the environment
43
When a new Domain Log Server is configured and deployed, ______________________________
The Security Gateway will automatically start to send logs to it
It must be manually synchronized to a Domain Log Server
The Security Gateway must be configured to send its logs to the server
The Primary MDSM Server will automatically connect to the new server
44
The mdsstop -m commands is used to stop ________________
the Global Domain Management Server
everything on the Multi-Domain Security Management
everything except the Multi-Domain Security Management
Only the Multi-Domain Security Management
45
The difference between Multi-Domain Log Server and Domain Log Server is:
A Domain Log Servers received logs from the devices in the single domain. The
Multi-Domain Log Server is a container that hosts one or more such Domain Log
Servers
A Multi-Domain Log Server stores logs from all domains into a single repository and
it replaces the Domain Logs Server which us used for storing logs from a single domain
SMS
There is not difference, they are both the same
Domain Log Server is one that received logs from devices in a domain. A MultiDomain Log Server is one that receives logs only from Multi-Domain Servers (Primary
and Secondary)
46
The Check Point MDSM environment consists of which components?
The Multi-Domain Server, the global CA, the MDG license
The Multi-Domain GUI, the VSX Gateway and the CMAs
The Multi-Domain Server, the VSX Gateways, and the Virtual Systems
The Multi-Domain Server, Domain Servers, and Domain Log Servers
47
Multi-Domain Log Servers manage and house __________________________
Domain Logs Servers for each domain
Logs from all of the Gateways in a domain
Domain Management Servers and Domain Log Servers
SmartEvent Servers for each domain
48
What is a Domain Server?
It is a log server that holds log files generated by security gateways for a specific Domain
It is a log server that holds log files generated by security gateways for all the Domain
It is a log server that holds log files generated by the Windows and Linux Servers with installed SandBlast Agents for checking system-related events
It is a log server that holds log files generated by the Global security gateways for a Global Domain
49
Authentication requests sent from cpm to fwm of the MDSM and the Domain are established on which port?
9009
18191
19009
18190
50
You are migrating from a single server to MDSM solution. You successfully exported configuration. You also created a Domain Management Server. Now you need to import configuration to the newly created Domain Server. What command is used to import configuration?
migrate import
migrate_import
mdsstat
cma_import
51
Which process requires only one instance to handle all transactions with all Domain Servers?
fwm
cpm
cpca
cpd
52
Which component of MDSM solution receives status notifications and real-time monitoring data from its Security Gateways and, if requested, also receives logs from gateways?
Domain Server
Multi-Domain Log Server
Domain Log Server
Multi-Domain Server
53
Which of the following is not contained in the Global Domain?
Global Policy Push
Global Rules
Global Configuration Settings
Global Objects
54
Global Rules and global objects ___________________________
can be modified in the both the Global Access and Threat Prevention policies
can only be modified in the Global Domain
can be modified in the Domain Server level of SmartConsole
cannot be modified once configured
55
You want to change a leading interface on a Multi-Domain Server after installation. What command will you use?
ifconfig
ethtool
cpconfig
mdsconfig
56
What is considered as a 'Domain' in the Check Point Multi-Domain Security Management solution?
A domain is a distinct subset of the Internet with addresses sharing a common suffix or under the control of a particular organization or individual
The part of a URL that comes in between the protocol and the path of the resource
A domain is an identification string that defines a realm of administrative autonomy, authority or control within the Internet
A domain is a virtual object that defines a network or a collection of networks related to an entity, such as a company, branch location, or business unit
57
Which of the following is not one of the three types of synchronization which occur during normal operations?
Automatic Synchronization
Periodic Synchronization
Manual Synchronization
Initial Synchronization
58
Which of the following is one of the numerous benefits of Check Point MDSM?
HA configuration with different operating systems (Gaia&IPSO) within its
configuration
One global CA for all DMS
One IPSEC VPN configuration for all of the Management Domains based on a
placeholder object representing the individual gateway object
Separate Certificate Authority for each management domain
59
What is one of the benefits of Multi-Domain Security Management?
Centralized license management
Centralized certificate authority
Centralized security logging
Centralized complaince monitoring
60
Your customer asks you to create Global NAT rules for all his domain. Where can you do this?
Global Objects - Use NAT settings for required objects
Global Domain - Create NAT Rule Base
Global Access Control Policy - Create NAT Rule Base
You cannot define global NAT settings
61
The default log server for the Gateways in a Domain is the __________________
Primary Domain Management Server
Primary Domain Log Server
SmartEvent Server
Secondary Domain Management Server
62
What is the port used by the SmartConsole to connect to the CPM process of the Security Management Server?
19009/TCP
19009/UDP
18191/TCP
18190/TCP
63
Which of the following commands will instruct the system to stop the MDSM Server and allow the domain servers to continue to run as normal?
mdsstop -m
mdsstop_customer <domain server IP>
mdsstop
mdsstop <MDSM server IP>
64
When an Active Domain Management Server fails in a MSDM HA environment:
Administrators must manually changes a Standby Domain Server to the Active state
to make changes to objects and policy
The Secondary Domain Management Server automatically functions servers as the
Active Server
The system will automatically select a Standby Domain Server to be the Active
Domain Server
The Standby Domain Server automatically changes to Active state and
administrators must manually synchronize the policy
65
67-Which of the following are features of the Check Point MDSM solution: i) Multiple management domains ii) Centralized security management and monitoring iii) Global Security Policy functionality iv) Granular role-based administration v) Multi-Domain log server vi) Domain High Availability
All - i, ii, iii,iv,v,vi
Only - i and v
Only - i, ii, v and vi
Only - i, ii and vi
66
Which of the following is not included in Global Threat Prevention Policy?
Anti-Virus
Anti-Bot
IPS
Anti-Ransomware
67
When working with VSX on a Multi-Domain Server it is best to manage___________________
VSX Gateways and Virtual Systems in separate domains
All Gateways in the same domain
VSX Gateways and Virtual Systems in the same domain
VSX Gateways and Physical Gateways in the separate domain
68
How many domains can a Multi-Domain Management Server host?
up to 256
up to 250
up to 252
up to 254
69
The Global Domain is a permanent, automatically generated Domain on every MDSM that _________________________________
Manages Global objects and rules
Secures the Multi-Domain Server
Logs all traffic in the Multi-Domain Environment
Manages Global firewalls
70
How many Internal Certificate Authorities are used by a Domain in a MDSM System?
Each Domain has its own Internal Certificate Authority that is suborndinate to the
Primary MDS Certificate Authority
The Primary MDS Certificate Authority handles all certificate needs in the MDSM
system
Every Domain has an Internal Certificate Authority and an External Certificate
Authority for use with communication with the Multi-Domain server
The administrator can select whether to use the Primary MDS Certificate Authority
or individual internal Certificate Authorities
71
The Global Domain Database contains:
Rules, objects and settings which are shared with each domain or with specified
domains
All rules, objects and settings for all domains
Information about all Domain Servers and Domain Log Servers
Records of all domain administrators
72
Which of the following types is NOT used in a typical VSX configuration?
Hyperlinks
Physical interfaces
Warp links
Virtual (VLAN) Interface
73
When considering Global Assignments of Policies _______________________
A Global Access Policy can be assigned to all policies inside a domain or to a
specified domain policy
A Global Access Policy can only be assigned to one specific domain policy at a time
Global Access Policy are automatically assigned to all domain policies
A Global Access Policy is assigned to all policies inside a domain
74
Administrators can back-up Multi-Domain management servers using Snapshots, System Backups and ____________________
mdsstat
save configuration
migrate export
mds_backup
75
Which of the following Processes is not displayed in the mdsstat
fwm
cpm
fwd
cpd