156-115 Check Point Certified Security Master - Final Exam Set 2

The command indicates _____________, which are active in the firewall chain modules of the gateway.


Options are :

  • None
  • FW debug ctl
  • FW ctl chain (Correct)
  • FW stat
  • FW ctl multik stat

Answer : FW ctl chain

156-315.77 Check Point Certified Security Expert Exam Set 3

You are trying to figure out Security Gateway, which is trying to determine which chain is causing the problem. What command would you use to show all chains, through which the traffic has passed?


Options are :

  • None
  • [Expert @ HostName] FW # ctl zdebug all
  • [Expert @ HostName] FW # ctl chain
  • [Expert @ HostName] # FW debug ctl
  • [Expert @ HostName] # FW monitor -e "to accept;" -p all (Correct)

Answer : [Expert @ HostName] # FW monitor -e "to accept;" -p all

Which ticket option (s) should be used to dump the entire table friendly format, provided that not more than one hundred contacts to the table?


Options are :

  • FW tab connections to -t -f
  • FW tab -t connections -S
  • None
  • FW tab -t -f -u connection (Correct)
  • FW tab connections to -t -f

Answer : FW tab -t -f -u connection

True or false: Software Blades perform the inspection primarily in the core chain modules


Options are :

  • True. All software blades checked the IP settings for the chain module.
  • Wrong. Software Blades are through the chain modules.
  • None
  • True. Many software blades have its own core chain inspection module. (Correct)
  • True. Most software blades check the TCP streaming or passive Streaming chain module.

Answer : True. Many software blades have its own core chain inspection module.

Check Point Certified Security Expert Exam Set 3

How to set up Port Address Translation?


Options are :

  • Port Address Translation is not supported in Check Point environment
  • Since changes in the Hide NAT random high ports it is the definition of PAT (Port Address Translation).
  • Edit SmartDashboard service, click the NAT tab and set the port translated.
  • None
  • Create a manual NAT rule and specify the source and destination ports. (Correct)

Answer : Create a manual NAT rule and specify the source and destination ports.

You are trying to troubleshoot NAT problem online, and you use a kernel debug to check the connection correctly translated into its NAT address. What flags should be used to debug the kernel?


Options are :

  • FW CTL debug nat m + Conn drop FW xlate xltrc
  • FW CTL debug m + NAT NAT Conn drop xlate xltrc
  • FW CTL debug m + FW Conn drop LD
  • FW CTL debug m + FW Conn drop vm nat xlate xltrc (Correct)
  • None

Answer : FW CTL debug m + FW Conn drop vm nat xlate xltrc

When the command FW monitor what the command is to make sure to capture accurate?


Options are :

  • export TDERROR_ALL_ALL = 5
  • fwaccel site
  • None
  • FW Accel off
  • fwaccel off (Correct)

Answer : fwaccel off

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

The server automatically calls the static NAT, and also resides in the network, which is part of the automatic Hide NAT. As for the Address Translation, what happens when the server initiates an outgoing communication?


Options are :

  • This will cause a policy authentication error.
  • Static NAT is a priority. (Correct)
  • This is called a hairpin NAT, the traffic returns to the server.
  • Hide NAT priority.
  • None

Answer : Static NAT is a priority.

How to add a route entry Enforcement Point Gateway is a Management Server?


Options are :

  • The name of this VPN gateway community features.
  • Edit the file $ FWDIR / conf / vpn_route.conf new route entry. (Correct)
  • None
  • Edit peers WebUI to add a static route to the implementation of the designated point.
  • The update file $ FWDIR / conf / user.def point on each peer the route of access to the gateway implementation.

Answer : Edit the file $ FWDIR / conf / vpn_route.conf new route entry.

What command would you use for packet capture the absolute position of the TCP stream (out) 1ffffe0


Options are :

  • None
  • FW follow -PO -0x1ffffe0 -o monitor.out (Correct)
  • FW CTL chain -PO 1ffffe0 -o monitor.out
  • FW follow -e -o 0x1ffffe0 monitor.out
  • FW follow 1ffffe0 Pr o monitor.out

Answer : FW follow -PO -0x1ffffe0 -o monitor.out

Check Point Certified Security Expert Exam Set 7

If the machine is under stress, we do not want to leave because of the stress condition in a single measurement (which may be an exception), but expect a certain amount of time before changing condition. . ..describes which of the following Bypass less than Loada setting kernel parameters?


Options are :

  • ids_timeout
  • ids_assume_stress (Correct)
  • ids_tolerance_stress
  • None
  • ide_tolerance_no_stress

Answer : ids_assume_stress

156-315.77 Check Point Certified Security Expert Exam Set 5

In the R77, Under what circumstances would bypass the IPS can be implemented?


Options are :

  • Average CPU over the high threshold, the average memory over high threshold
  • Average CPU over the high threshold, the average memory over low-threshold
  • None
  • One CoreXL FW, for example the increase in the use of a high threshold, the average memory more than a high threshold (Correct)
  • One CoreXL FW example, the use of more than the low threshold, the average memory more than a high threshold

Answer : One CoreXL FW, for example the increase in the use of a high threshold, the average memory more than a high threshold

You have created multiple profiles and the relevant deferred hedges. You can then decide that the Enterprise gateway should allow for instant messaging. using the current profile enterprise instant messaging gateway blocks. The profile of Enterprise Gateway is currently using Voyager gateway and gateway Bird of Prey. What is the best method for making this change only Enterprise gateway?


Options are :

  • Create an exception Enterprise Gateway (Correct)
  • Create a rule that permits the traffic and install it in the Enterprise Gateway
  • Edit an existing profile
  • None
  • Create a new profile, and apply the Enterprise Gateway

Answer : Create an exception Enterprise Gateway

The following, which is not related to the core parameters IPS Overtake load settings:


Options are :

  • ids_timeout
  • ids_tolerance_no_stress
  • None
  • ids_limit_stress (Correct)
  • ids_assume_stress

Answer : ids_limit_stress

Check Point Certified Security Expert Exam Set 3

How to execute a command get_ips_statistics.sh from?


Options are :

  • $ FWDIR / conf is the Management Server
  • $ FWDIR / manuscripts Management Server (Correct)
  • $ FWDIR / scripts gateway
  • None
  • $ FWDIR / conf gateway

Answer : $ FWDIR / manuscripts Management Server

You have entered a network IPS; you find yourself being overwhelmed by what you believe are false positives. You examine traffic to and confirmed they are false positives. What can you do to stop these IPS alerts?


Options are :

  • None
  • Right click the alarm and ignore
  • Removes IPS protects the network
  • Use the SAM rule to classify this traffic
  • Add an exception for the traffic below IPS protection (Correct)

Answer : Add an exception for the traffic below IPS protection

What can not be used the following source / destination network IPS exception?


Options are :

  • None
  • IP address
  • Network Group
  • Identity Awareness of tasks (Correct)
  • Any

Answer : Identity Awareness of tasks

156-115 Check Point Certified Security Master - Final Exam Set 7

What is required when changing the configuration of the number of employees CoreXL?


Options are :

  • None
  • restart (Correct)
  • Politics installation
  • cpstop / cpstart
  • evstop / evstart

Answer : restart

How does one use NSPECT defects if the suspects IPS false positives?


Options are :

  • None
  • Changes the checkbox Global Properties> Firewalls> Inspection.
  • WebUI
  • Start command FW CTL number of int enable_inspect_debug 1 from the command line.
  • Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation (Correct)

Answer : Set the following parameter to true using GuiDBedit: enable_inspect_debug_compilation

When using Geo Protections, there you will find the logs in a country which you believe to be incorrect. What type of file you check in and check which of the Geo protection should recognize the traffic?


Options are :

  • IpToCountry.csv (Correct)
  • asm.C
  • objects_5_0.C
  • objects.C
  • None

Answer : IpToCountry.csv

156-315.77 Check Point Certified Security Expert Exam Set 10

IPS what high reliability rating mean?


Options are :

  • This rating is the likelihood of this attack is to penetrate most systems
  • There is a high probability of false positives
  • This is a classification of how confident Check Point is closed with this attack
  • None
  • There is a low probability of false positives (Correct)

Answer : There is a low probability of false positives

You are an administrator and wish to configure Geo Protect port complies with the new corporate policy. What is your need to do this?


Options are :

  • Valid IPS software blade contractual and licensing (Correct)
  • DNS resolution on the gateway
  • None
  • The latest IPS update
  • Geo Protection is enabled by default

Answer : Valid IPS software blade contractual and licensing

What is considered a best practice which IPS protections you can safely remove their own environment?


Options are :

  • None
  • You should set all the protections to detect.
  • You should use tools to perform vulnerability assessment of your environment. (Correct)
  • You should not disable IPS protection.
  • Work through the twisting on both sides of the protection which the signatures to get alerts.

Answer : You should use tools to perform vulnerability assessment of your environment.

156-315.77 Check Point Certified Security Expert Exam Set 10

You've just taken a firewall administrator. The company has enabled Geo guards the gateway, but you want to make sure that the protections are up to date. How do you see when these were updated?


Options are :

  • IPS tree Protections> Click Check for updates.
  • Check asm_update_version_geo in GuiDBedit.
  • None
  • name of IPS timber protections> Geo Security check and a profile that is in mm / dd / yy.
  • Check the time stamp $ FWDIR / tmp / geo_location_tmp / updates / IpToCountry.csv. (Correct)

Answer : Check the time stamp $ FWDIR / tmp / geo_location_tmp / updates / IpToCountry.csv.

You add a new port to the network. You need to make sure that it is the latest Corporate accepted IPS profile. How do you get this information to the new gateway?


Options are :

  • IPS profiles manually configured on each gateway.
  • The command line, run: ips_export_import import f [p ]. (Correct)
  • SMART Dashboard tab, select IPS display IPS profiles and select a profile to get the gate
  • None
  • From the command line, run: ips_import f [p ].

Answer : The command line, run: ips_export_import import f [p ].

What FW output commands the CTL multik stat and stat fw6ctl multik look like?


Options are :

  • None
  • Which are the core of the core and SND bound hearts.
  • Number of cores firewall that is installed.
  • Details of each of the core, for example. Output displays status and the number of processing core in each case. (Correct)
  • Only the total number of connections is before all kernels are CoreXL enabled firewalls.

Answer : Details of each of the core, for example. Output displays status and the number of processing core in each case.

156-315.77 Check Point Certified Security Expert Exam Set 2

You've spent time by configuring the IPS profile of the primary gateway firewall. You want to make sure that this profile can be applied to any gateway firewalls in your environment. How can you share this information between firewalls?


Options are :

  • From the command line, run: ips_export_import export [-o ] [-p ]. (Correct)
  • None
  • From the command line, run: ips_export [-o ] [-p ].
  • SMART Dashboard IPS tab, the IPS export profiles and select a gateway to send this export.
  • IPS profiles manually configured on each gateway.

Answer : From the command line, run: ips_export_import export [-o ] [-p ].

You are the customer's premises, and when you run cphaprob stat you do not see the normal ClusterXL Health. What can you run a command to check the number of cores do not correspond to both members of the cluster?


Options are :

  • None
  • cphaprob stat
  • FW ctl multik stat (Correct)
  • #NAME?
  • cpconfig

Answer : FW ctl multik stat

You would like to bring Snort rules to comply with company policy, you need to test the conversion before importing. How can you do this?


Options are :

  • Under the tree IPS Security> By Protocol> IPS Software Blade> Application Intelligence> Snort Snort import and select the import option.
  • None
  • You must manually check every signature.
  • SnortConvertor upgrade -f -dry-run (Correct)
  • Checkpoint is not supported by the signatures of third parties.

Answer : SnortConvertor upgrade -f -dry-run

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

Tuning IPS protections suitable for the specific needs of the environment can be carried out all of the following EXCEPT:


Options are :

  • Focusing on the weak effect of hedges.
  • None
  • Focusing on serious protections.
  • Focusing on the high confidence level of protection.
  • Focusing on small capacity hedges. (Correct)

Answer : Focusing on small capacity hedges.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions